CAJ | 학술논문

针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题,引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进.在随机预言机模型下证明了新协议的强安全性,分析了改进后Kerberos单点登录协议的优势.引入的密钥协商协议仅需3次点乘运算和2次哈希运算,计算开销较低.采用隐式认证方式,避免了原Kerberos中第三方对信息的无举证窃听,有效克服了中间人攻击.
침대Kerberos단점등록협의존재적구령공격、중방공격、밀약수요탁관화효솔불고등문제,인입일충무대수운산적무증서은식인증여밀약협상협의대기진행료개진.재수궤예언궤모형하증명료신협의적강안전성,분석료개진후Kerberos단점등록협의적우세.인입적밀약협상협의부수3차점승운산화2차합희운산,계산개소교저.채용은식인증방식,피면료원Kerberos중제삼방대신식적무거증절은,유효극복료중간인공격.
In order to solve the problems, such as password-based attack, replay attack, the key escrow, and low efficiency, existing in Kerberos single sign-on protocol, this paper introduces certificateless implicit authentication without logarithmic operation and key agreement protocol to improve it. Meanwhile, robust security of the new protocol can be proved in the random oracle model, and the advantages of the improved Kerberos single sign-on protocol can also be showed. Because the introduced key agreement protocol only needs triple dot multiplications and double hash operations, the computational overhead is lower. More-over, some problems in the original Kerberos protocol can be solved by adopting implicit authentication. For example, the third party’s interception without solid evidence can be avoided and the attacks of man-in-the-middle can also be overcome efficiently.