计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2013年
10期
105-108
,共4页
单点登录%Kerberos协议%无证书密码学%隐式认证%密钥协商
單點登錄%Kerberos協議%無證書密碼學%隱式認證%密鑰協商
단점등록%Kerberos협의%무증서밀마학%은식인증%밀약협상
single sign-on%Kerberos protocol%certificateless cryptography%implicit authentication%key agreement
针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题,引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进.在随机预言机模型下证明了新协议的强安全性,分析了改进后Kerberos单点登录协议的优势.引入的密钥协商协议仅需3次点乘运算和2次哈希运算,计算开销较低.采用隐式认证方式,避免了原Kerberos中第三方对信息的无举证窃听,有效克服了中间人攻击.
針對Kerberos單點登錄協議存在的口令攻擊、重放攻擊、密鑰需要託管和效率不高等問題,引入一種無對數運算的無證書隱式認證與密鑰協商協議對其進行瞭改進.在隨機預言機模型下證明瞭新協議的彊安全性,分析瞭改進後Kerberos單點登錄協議的優勢.引入的密鑰協商協議僅需3次點乘運算和2次哈希運算,計算開銷較低.採用隱式認證方式,避免瞭原Kerberos中第三方對信息的無舉證竊聽,有效剋服瞭中間人攻擊.
침대Kerberos단점등록협의존재적구령공격、중방공격、밀약수요탁관화효솔불고등문제,인입일충무대수운산적무증서은식인증여밀약협상협의대기진행료개진.재수궤예언궤모형하증명료신협의적강안전성,분석료개진후Kerberos단점등록협의적우세.인입적밀약협상협의부수3차점승운산화2차합희운산,계산개소교저.채용은식인증방식,피면료원Kerberos중제삼방대신식적무거증절은,유효극복료중간인공격.
In order to solve the problems, such as password-based attack, replay attack, the key escrow, and low efficiency, existing in Kerberos single sign-on protocol, this paper introduces certificateless implicit authentication without logarithmic operation and key agreement protocol to improve it. Meanwhile, robust security of the new protocol can be proved in the random oracle model, and the advantages of the improved Kerberos single sign-on protocol can also be showed. Because the introduced key agreement protocol only needs triple dot multiplications and double hash operations, the computational overhead is lower. More-over, some problems in the original Kerberos protocol can be solved by adopting implicit authentication. For example, the third party’s interception without solid evidence can be avoided and the attacks of man-in-the-middle can also be overcome efficiently.