摘要
WTLS握手协议不满足前向安全性,非匿名验证模式下不满足用户匿名性,完全匿名模式下易遭受中间人攻击。DH-EKE协议具有认证的密钥协商功能,将改进的DH-EKE集成到WTLS握手协议中,只需使用可记忆的用户口令,不需使用鉴权证书及数字签名。该方案适用于完全匿名的验证模式,可抵御中间人攻击和字典式攻击,且在服务器中不直接存储口令,攻击者即使攻破服务器获得口令文件也无法冒充用户,能够在WTLS握手协议中实现简单身份认证和安全密钥交换。
WTLS handshake protocol doesn't provide forward seeurity, and lacks of user anonymity when not in the anonymous mode. It is vulnerable to man-in-the-middle attacks in completely anonymous mode. DH-EKE provides key establishment with authentication. Integrating the modified DH-EKE into WTLS handshake protocol needs only the human memorable password and does not need to use certificates and digital signature. This new scheme is used for the completely anonymous validating mode, and it can resist man-in-the- middle and off-line dictionary attacks. Besides, it is secure against an adversary who captured a host's password file, sinee user passwords are stored in a verifier form. So it can implement simple authentication and secure key agreement in the WTLS handshake protocol.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第8期1801-1803,共3页
Computer Engineering and Design