| 一种改进的基于验证值的三方密钥交换协议 |
| |
| 引用本文: | 柳秀梅,周福才,常桂然.一种改进的基于验证值的三方密钥交换协议[J].东南大学学报,2008,24(3). |
| |
| 作者姓名: | 柳秀梅 周福才 常桂然 |
| |
| 作者单位: | [1]东北大学计算中心,沈阳110004 [2]东北大学信息科学与工程学院,沈阳110004 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划),辽宁省自然科学基金 |
| |
| 摘 要: | 为防止服务器泄露攻击和口令猜测攻击,提出了一种基于验证值的三方密钥交换协议.该协议用于实现2个客户通过与第三方服务器间的交互协商出会话密钥的过程.协议中客户只需要记住自己的口令,而服务器端则存储与口令对应的验证值,客户与服务器之间的身份认证通过验证值来完成.对协议的安全分析结果表明,该协议能抵御很多已知的攻击,包括服务器泄漏攻击、口令猜测攻击、中间人攻击以及Denning-Sacco攻击等.对协议的效率评估表明该协议是高效的.
|
| 关 键 词: | 三方密钥交换 基于口令认证 验证值 |
Improved key exchange protocol for three-party based on verifier authentication |
| |
| Liu Xiumei,Zhou Fucai,Chang Guiran.Improved key exchange protocol for three-party based on verifier authentication[J].Journal of Southeast University(English Edition),2008,24(3). |
| |
| Authors: | Liu Xiumei Zhou Fucai Chang Guiran |
| |
| Abstract: | To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient. |
| |
| Keywords: | key exchange for three-party password-based authentication verifier |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
