CAJ | 학술논문

为防止服务器泄露攻击和口令猜测攻击,提出了一种基于验证值的三方密钥交换协议.该协议用于实现2个客户通过与第三方服务器间的交互协商出会话密钥的过程.协议中客户只需要记住自己的口令,而服务器端则存储与口令对应的验证值,客户与服务器之间的身份认证通过验证值来完成.对协议的安全分析结果表明,该协议能抵御很多已知的攻击,包括服务器泄漏攻击、口令猜测攻击、中间人攻击以及Denning-Sacco攻击等.对协议的效率评估表明该协议是高效的.
위방지복무기설로공격화구령시측공격,제출료일충기우험증치적삼방밀약교환협의.해협의용우실현2개객호통과여제삼방복무기간적교호협상출회화밀약적과정.협의중객호지수요기주자기적구령,이복무기단칙존저여구령대응적험증치,객호여복무기지간적신빈인증통과험증치래완성.대협의적안전분석결과표명,해협의능저어흔다이지적공격,포괄복무기설루공격、구령시측공격、중간인공격이급Denning-Sacco공격등.대협의적효솔평고표명해협의시고효적.
To prevent server compromise attack and password guessing attacks, an improved and efficient verifier-based key exchange protocol for three-party is proposed, which enables two clients to agree on a common session key with the help of the server. In this protocol, the client stores a plaintext version of the password, while the server stores a verifier for the password. And the protocol uses verifiers to authenticate between clients and the server. The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks, server compromise attacks, man-in-the-middle attacks and Denning-Sacco attacks, and it is more efficient.