期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

通用可组合安全的Internet密钥交换协议 被引量:3

Universally composable secure Internet key exchange protocol
下载PDF
导出
摘要 通过对新一代Internet密钥交换协议(IKEv2)进行分析,指出了其初始交换过程中存在发起者身份暴露和认证失败问题.而在无线接入网络环境下,对发起者身份等敏感信息进行主动保护是十分必要的.提出了一种适用于无线网络环境下的Internet密钥交换协议,该协议让响应者显式地证明自己的真实身份,实现了对发起者主动身份保护.并通过重新构造认证载荷,有效防止了认证失败问题.在通用可组合安全模型下,证明了该协议达到了通用可组合安全.性能分析和仿真实验表明,该协议具有较少的计算量和通信量. The new Internet key exchange protocol (IKEv2) is analyzed, and it is found that the protocol can not achieve active identity protection to the initiator and has the security flaw of authentication failure in its initial exchange. However, it is necessary to protect the identity information to the initiator under the environment of a wireless access network. In this paper, a novel key exchange protocol for the wireless network based on IKEv2 initial exchange is proposed, which realizes active identity protection to the initiator by the responder explicitly proving his true identity, and achieves successful authentication by reconstructing the authentication payload. With the Universally Composable (UC) security model, this new protocol is analyzed in detail, with the analytical results showing that it affords provably UC security. Performance analysis and simulation results show that the proposed protocol has less computation and communication overhead.
作者 彭清泉 裴庆祺 杨超 马建峰
机构地区 西安电子科技大学计算机网络与信息安全教育部重点实验室
出处 《西安电子科技大学学报》 EI CAS CSCD 北大核心 2009年第4期714-720,共7页 Journal of Xidian University
基金 国家自然科学基金资助(60633020 60573036 60803150)
关键词 Internet协议安全 密钥交换 INTERNET密钥交换协议 可证安全 通用可组合 Internet protocol security key exchange Internet key exchange protocol provably secure universally composable
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1Harkins D, Carrel D. Internet Key Exchange[EB/OL].[1998-11-11]. http://tools, ietf. org/rfc/rfc2409, txt.
  • 2Kaufman C. Internet Key Exchange (IKEv2) Protocol[EB/OL]. [2005-12-25]. http://tools.ietf. org/rfc/rfc4.306, txt.
  • 3Krawczyk H. SIGMA: the 'SIGn-and-Mac' Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols [C]//Advanees in Cryptology-CRYPTO'2003 LNCS 2729. Berlin: Springer-Verlag, 2003: 400-425.
  • 4Boyd C, Mao W, Paterson K. Deniable Authentication for Internet Protocols[C]//Proceedings of IWSP'03 LNCS 3364. Berlin: Springer-Verlag, 2003.. 137-150.
  • 5Tschofenig H, Kroeselberg D, Pashalidis A, et al. EAP IKEv2 Method[EB/OL]. [2007-09-27]. http://tools, ietf. org/id/draft-tschofenig-eap-ikev2-15, txt.
  • 6Bellare M, Rogaway P. Entity Authentication and Key Distribution[C]//Advances in Cryptology-Crypto'93 LNCS 773. Berlin: Springer-Verlag, 1994: 232-249.
  • 7Canetti R, Krawczyk H. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels[C]// Advances in Cryptology-Eurocrypt'01 LNCS 2045. Berlin: Springer-Verlag, 2001: 453-474.
  • 8Canetti R. Universally Composable Security: a New Paradigm for Cryptographic Protocols[EB/OL]. [2005-12-14]. http://eprint, iacr. org/2000/067, ps.
  • 9Canetti R, Dodis Y, Pass R, et al. Universally Composable Security with Pre-Existing Setup[C]//Proceedings of the 4th Theory of Cryptology Conference (TCC) LNCS 4392. Berlin: Springer-Verlag, 2007: 61-85.
  • 10杨超,曹春杰,马建峰.通用可组合安全的Mesh网络认证协议[J].西安电子科技大学学报,2007,34(5):814-817. 被引量:10

二级参考文献6

  • 1段宁,马建峰.基于IEEE802.11b网卡的WPA与WAPI集成接入方法[J].西安电子科技大学学报,2006,33(5):804-808. 被引量:3
  • 2Aboba B, Simon D. On the Security of Public Key Protocols[J]. IEEE Trans on Information Theory, 1983, 29(2): 198-208.
  • 3Canetti R. Universally Composable Security: a New Paradigm for Cryptographic Protocols[C]//Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS). New York: IEEE Press, 2001: 136-145.
  • 4Bellare M, Canetti R, Krawczyk H. A Modular Approach to the Design and Analysis of Authentication and Key-exchange Protocols[C]//Proc of the 30th Annual Symp. on the Theory of Computing. New York: ACM Press, 1998: 419-428.
  • 5Canetti R, Krawczyk H. Security Analysis of IKE's Signature-based Key-exchange Protocol[C]//LNCS2442. Berlin: Springer-Verlag, 2002: 143-161.
  • 6Goldwasser S, Micali S, Rivest R. A Digital Signature Scheme Secure Against Adaptive Chosen-message Attacks[J]. SIAM Journal on Computing, 1998, 17(2): 281-308.

共引文献9

同被引文献24

  • 1BBN Corporation. Security Architecture for the Internet Protocol[S]. RFC 1825, 1995.
  • 2Kaufman C, Perlman R. Key Exchange in IPSec: Analysis of IKE[J]. IEEE Trans. on Network Computing, 2000, 4(6): 50-56.
  • 3Aiello W, Bellovin S M, Blaze M, et al. Just Fast Keying: Key Agreement in a Hostile Internet[J]. ACM Trans. on Information Security, 2004, 7(2): 1-30.
  • 4Canetti R. Universally Composable Security: A New Paradigm for Cryptographic Protocols[EB/OL]. (2005-12-14). http://eprint.iacr. org/2000/067.ps.
  • 5Kuo C, Luk M, Negi R, et al. Message-in-a-bottle: User-friendly and Security Key Deployment for Sensor Nodes[C]// International Conference on Embedded Networked Sensor Systems-Sensys. New York: ACM, 2007: 233-246.
  • 6Canetti R. Universally Composable Security: a New Paradigm for Cryptographic Protocols [C] //Proceedings of the 42nd IEEE Symposium on the FOCS. New York: IEEE Computer Society Press, 2001 : 136-145.
  • 7Canetti R, Herzog J. Universally Composable Symbolic Security Analysis[J]. Journal of Cryptology, 2011, 24(1) : 83- 147.
  • 8Pappu R S. Physical One-Way Functions[D]. Massachusetts: Massachusetts Institute of Technology, 2001.
  • 9Dodis Y, Ostrovsky R, Reyzin L, et al. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data[J]. SIAM Journal of Computing, 2008, 38(1) : 97-139.
  • 10Duan Xiaoyi, Li Xiuying. Security of a New Password Authentication Scheme Using Fuzzy Extractor with Smart Card [C]//IEEE 3rd International Conference on Communication Software and Networks. Piscataway: IEEE, 2011: 282-284.

引证文献3

二级引证文献5

西安电子科技大学学报
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部