东北大学学报(自然科学版)

东北大学学报(自然科学版) ›› 2009, Vol. 30 ›› Issue (1): 42-45.DOI: -

• 论著 • 上一篇    下一篇

一种改进的跨域口令密钥交换协议

刘广伟;周恩光;闫虹;周福才;   

  1. 东北大学信息科学与工程学院;
  • 收稿日期:2013-06-22 修回日期:2013-06-22 出版日期:2009-01-15 发布日期:2013-06-22
  • 通讯作者: Liu, G.-W.
  • 作者简介:-
  • 基金资助:
    国家自然科学基金资助项目(60773218);;

An improved cross-realm client-to-client password-authenticated key exchange protocol

Liu, Guang-Wei (1); Zhou, En-Guang (1); Yan, Hong (1); Zhou, Fu-Cai (1)   

  1. (1) School of Information Science and Engineering, Northeastern University, Shenyang 110004, China
  • Received:2013-06-22 Revised:2013-06-22 Online:2009-01-15 Published:2013-06-22
  • Contact: Liu, G.-W.
  • About author:-
  • Supported by:
    -

RichHTML

0

PDF (PC)

801

摘要: 跨域的端到端的口令认证密钥交换(C2C-PAKE)协议,可实现不同区域的两个客户通过不同的口令协商出共享的会话密钥.首先对Byun2007的C2C-PAKE协议进行了描述,并针对其安全性进行了分析,发现该协议易遭受口令泄露伪造攻击的安全漏洞,提出了一种高效的改进的跨域口令认证密钥交换协议.该协议引入公钥密码体制能够有效抵抗口令泄露伪造攻击和不可检测在线字典攻击,且只需要6步通信.安全性分析表明该协议是安全有效的.

关键词: 安全协议, 跨域, 口令认证密钥交换, 口令泄露伪造攻击, 敌手

Abstract: The client-to-client password-authenticated key exchange (C2C-PAKE) protocol enables two clients from different realms to agree on a shared common session key. Describing the C2C-PAKE protocol of Byun2007, its security is analyzed and it is found that the protocol is easy to suffer the attacks due to password-compromised impersonation and undetected on-line dictionary. An improved C2C-PAKE protocol is therefore proposed to introduce the public key mechanism into system security to resist those attacks effectively, especially only six operational steps are needed in relevant communication. As shown in security analysis, the protocol proposed is available to meet the security requirements.

中图分类号: