计算机应用 ›› 2011, Vol. 31 ›› Issue (11): 2994-2996.DOI: 10.3724/SP.J.1087.2011.02994

• 信息安全 • 上一篇    下一篇

一种新的双方认证密钥协商协议的安全性分析

周四方   

  1. 永州职业技术学院 计算机系,湖南 永州 425000
  • 收稿日期:2011-04-08 修回日期:2011-06-22 发布日期:2011-11-16 出版日期:2011-11-01
  • 通讯作者: 周四方
  • 作者简介:周四方(1974-),男,湖南永州人,讲师,主要研究方向:数据库、计算机网络安全。

Analysis and improvement on a new three-party password-based authenticated key agreement protocol

ZHOU Si-fang   

  1. Computer Department, Yongzhou Vocational Technology College, Yongzhou Hunan 425000, China
  • Received:2011-04-08 Revised:2011-06-22 Online:2011-11-16 Published:2011-11-01
  • Contact: ZHOU Si-fang

PDF

摘要: 2010年,Mohammad等人提出了一种新的双方认证密钥协商协议(MOHAMMAD Z, CHEN Y, HSU C, et al. Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols. IETE Technical Review, 2010,27(3):252-65)。新协议以较高的运算效率实现了参与者双方的身份认证和密钥协商。对该协议的单轮版本进行了安全性分析,通过模拟协议中某些信息丢失后协议双方的通信过程,发现如果协议中的一些秘密信息丢失,敌手可以发起信息泄露伪装攻击、密钥泄露伪装攻击和一般定义下的伪装攻击,也无法抵抗中间人攻击。这些攻击都可以使得敌手冒充合法参与者发起或回应会话。

关键词: 信息安全, 密钥协商, 伪装攻击, 认证机制

Abstract: In 2010, Z. Mohammad proposed a new two-party authenticated key agreement protocol (MOHAMMAD Z, CHEN Y, HSU C, et al. Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols. IETE Technical Review, 2010,27(3):252-65). This protocol realizes the key agreement with higher computation efficiency. However, the one-round version of this protocol cannot resist on the loss of information impersonation attack, key compromise impersonation attack and general impersonation attack, this protocol is also vulnerable to man-in-the-middle attack if some security information is lost. These security problems allow the adversary can initiate or reply the protocol with legal participants.

Key words: information security, key agreement, impersonation attack, authentication mechanism

版权所有 © 2021 四川计算机应用杂志社有限公司
蜀ICP备 05010208 号-3 新出网证(川)字026号
技术支持:北京玛格泰克科技发展有限公司
访问总数:
今日访问: