期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

运用DH-EKE增强WTLS握手协议的安全性

Employing DH-EKE scheme to enhance WTLS security
下载PDF
导出
摘要 WTLS握手协议不满足前向安全性,非匿名验证模式下不满足用户匿名性,完全匿名模式下易遭受中间人攻击。DH-EKE协议具有认证的密钥协商功能,将改进的DH-EKE集成到WTLS握手协议中,只需使用可记忆的用户口令,不需使用鉴权证书及数字签名。该方案适用于完全匿名的验证模式,可抵御中间人攻击和字典式攻击,且在服务器中不直接存储口令,攻击者即使攻破服务器获得口令文件也无法冒充用户,能够在WTLS握手协议中实现简单身份认证和安全密钥交换。 WTLS handshake protocol doesn't provide forward seeurity, and lacks of user anonymity when not in the anonymous mode. It is vulnerable to man-in-the-middle attacks in completely anonymous mode. DH-EKE provides key establishment with authentication. Integrating the modified DH-EKE into WTLS handshake protocol needs only the human memorable password and does not need to use certificates and digital signature. This new scheme is used for the completely anonymous validating mode, and it can resist man-in-the- middle and off-line dictionary attacks. Besides, it is secure against an adversary who captured a host's password file, sinee user passwords are stored in a verifier form. So it can implement simple authentication and secure key agreement in the WTLS handshake protocol.
作者 赵跃华 王琴
机构地区 江苏大学计算机科学与通信工程学院
出处 《计算机工程与设计》 CSCD 北大核心 2007年第8期1801-1803,共3页 Computer Engineering and Design
关键词 信息安全 无线传输层安全 认证 密钥交换 用户口今 information seeurity WTLS authentication key exehange password
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Wireless Application Protocol Forum Ltd.WAP无线应用协议[M].北京:机械工业出版社,2000.
  • 2WAP Forum.Wireless application protocol wireless transport layer security specification[EB/OL].2001.http://www.wapforum.org.
  • 3赵文,戴宗坤.WPKI应用体系架构研究[J].四川大学学报(自然科学版),2005,42(4):725-730. 被引量:15
  • 4董小燕,许勇,吴国新,翟明玉.基于用户口令的认证密钥交换技术[J].数据通信,2001(3):35-39. 被引量:1
  • 5Bellare M,Pointcheval D,Rogaway P.Authenticated key exchange secure against dictionary attacks[C].Brugge,Belgium:Proceeding of EUROCRYPT,2000.138-155.
  • 6Dong Jin Kwak,Jae Cheol Ha,Hoon Jae Lee,et al.A WTLS handshake protocol with user anonymity and forward secrecy[C].Springer Berlin/Heidelberg Volume 2524,2003.219-230.
  • 7Giuseppe Ateniese,Michael Steiner,Gene Tsudik.New multiparty authentication services and key sgreement protocols[J].Selected Areas in Communications,IEEE Journal,2000,18(4):628-639.

二级参考文献10

  • 1WAP Forum. WAP 2.0 Technical White Paper[DB/OL]. http://www.wapforum, org, 2002 - 01.
  • 2WAP Forum. WAP public key infrastructure definition[DB/OL].http://www.wapforum, org, 2001.
  • 3WAP Forum. WAP certificate and CRL profiles[DB/OL]. http://www. wapforum, org, 2001.
  • 4WAP Forum. Wireless Transport Layer Security Specification[DB/OL]. http://www. wapforum, org, 1999.
  • 5Trask N T, Jaweed S A. Adapting public key infrastructures to the mobile environment[DB/OL]. http://www. soi. city.ac. uk/-kam/trask, 2001.
  • 6S Bellovin, M Merrit. Encypted Key Exchange : password-Based ProtocolsSecure Against Dictionary Attacks. Proceedings of the I. E. E. E symposium on Research in Security and Privacy,Oakland, May 1992
  • 7M Steiner,G Tsudik,M Waidner. Refifnerment and Extension of encypted Key exchange. ACM Operating Systems Review, July 1995,29(3)
  • 8Thomas Wu. The Secure Remote Password Protocol. Computer Science department, Stanford University,July 21,1997
  • 9D jablon. Strong Password-Only Authenticated Key Exchange.ACM Computer Communications Review,October 1996
  • 10Bellare, Jablon, Krawczyk, MacKenzie, RogaWay, Swaminathan & Wu. Proposal for P1363 Study Group on Password-Based Authenticated-Key-Exchanged Methods. February 27,2000

共引文献15

计算机工程与设计
2007年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部