期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于形式化分析工具的认证协议安全性研究 被引量:5

Research on Authentication Protocol Security Based on Formal Verification Tool
下载PDF
导出
摘要 随着互联网业务的高速发展,计算机网络已成为信息交流的主要手段。在网络带来便利的同时,也带来了隐私信息泄露的问题。为保障信息安全,人们投入大量的人力物力,其中认证协议的安全性是重点研究的内容之一。形式化分析方法是辅助协议设计、弥补协议安全漏洞的有效手段,大致分成模型检测方法、定理证明方法和信仰逻辑方法。AVISPA工具融合了模型检测等形式化分析方法,而SPAN工具将AVISPA的功能形象化、本地化,表现为信息序列图表的形式。文章选用SPAN工具分析了SSL协议和Kerberos协议的安全性。分析表明,SSL协议易遭受证书伪造、篡改攻击,而Kerberos协议使用的对称密钥体系存在安全性不足的问题。根据分析结果,改进SSL协议,促使用户不完全信任SSL证书,且入侵者无法获取用于加密证书的公钥;改进Kerberos协议,用公钥密码体系取代对称密钥,这样能够在一个密钥被破解时保障其他密钥的安全。 With the rapid development of the Internet services, the computer network has been the main approach to interchange of information. The lnternet brings convenience to people, while also brings about privacy leakage and further more monetary loss. People devotes to themselves to protect information security in which authentication protocol is in major. Formal analysis assists protocol- design and covers the bug of protocol security. Formal analysis includes model checking, theorem proving and belief logic. AVISPA includes model checking and some else formal analysis, and also can be automatic. SPAN makes the function of AVISPA vivid and localization which is described as Message Sequence Charts. Choose SPAN to analyze SSL protocol and Kerberos protocol. It turns out that SSL protocol tends to suffer from falsify certification and the public key system isn't secure on Kerberos protocol. To improve SSL protocol, make users not believe in SSL certification and provide the intruder from fetching public-key for encrypting certification; to improve Kerberos protocol, public- key replacing symmetric-key keeps other keys safe even if the intruder crack one key.
作者 段然 徐乃阳 胡爱群
机构地区 东南大学信息科学与工程学院
出处 《信息网络安全》 2015年第7期71-76,共6页 Netinfo Security
基金 国家重点基础研究发展计划(973计划)[2013CB338003]
关键词 认证协议 安全性 SPAN SSL协议 KERBEROS协议 authentication protocol security SPAN SSL protocol Kerberos protocol
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, Niraj K. Jha. A Study of the Energy Consumption Characteristics of Crytographic Algorithms and Security Protocols[J]. IEEE Transactions on mobile computing, 2006,5(2): 128-143.
  • 2Luca Vigano. Automated Security Protocol Analysis With the AVISPA Tool[C]//Electronic Notes in Theoretical Computer Science. Zurich:Elsevier,2006: 61-86.
  • 3Stefanos Gritzalis, Diomidis Spinellis. A taxonomy of flaws and related protocol analysis tools[C]//The 16th International Conference on Computer Safety, Reliability and Security. London:Springer-Verlag, 1997:123-137.
  • 4Xu Wei, Ma Yan, Liu Nan, Wu Dong-ying. A Formal Method for Analyzing Fair Exchange Protocols[C]//2009 WASE International Conference on Information Engineering. Taiyuan:IEEE,2009:645-652.
  • 5Laifeng Lu, Jianfeng Ma. Formal Analysis Model of Security Protocol Based on PCL[C]//2010 International Conference on Computer Application and System Modeling. Taiyuan:IEEE,2010:658-660.
  • 6Takahiro Minamikawa, Tatsuhiro Tsuchiya, Tohru Kikuno. Towards Automated Verification of Distributed Consensus Protocols[C]//2009 16th Asia-Pacific Software Engineering Conference. Penang:IEEE, 2009:276- 291.
  • 7Peter Bokor, Johannes Kinder, Marco Serafini, Neeraj Suri, Efficient Model Checking of Fault-Tolerant Distributed Protocols[C]//2011 IEEE/ 1FIP 41st International Conference, Hong Kong:IEEE, 2011:63-72.
  • 8AVISPA Team. AVISPA V1.1 UserManual[N]. Information Society Technologies, 2014-1-20.
  • 9Wang Zhenzhong, Wang Yao. An Improvement SSL Protocol Application R.esearch[C]//2011 International Conference on Electronic & Mechanical Engineering and Information Technology. Heilongjiang:lEEE, 2011:4010-4013.
  • 10Abdelmajid N.T., Hossain M.A., Shepherd, Mahmoud. Improved Kerberos Security Protocol Evaluation using Modified BAN Logic[C]//2010 10th IEEE Internatioinal Conference on Computer and lnfomaation Technology. Bradford:IEEE, 2010:1610-1615.

同被引文献47

  • 1蒋雅兰,魏慧琴.基于CPK的分布式Mesh网络认证[J].计算机科学,2012,39(S2):65-68. 被引量:3
  • 2南相浩.CPK算法与标识认证[J].信息安全与通信保密,2006,28(9):12-16. 被引量:30
  • 3沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学(E辑),2007,37(2):129-150. 被引量:358
  • 4LI C, LEE C. A Novel User Authentication and Privacy Preserving Scheme with Smart Cards for Wireless Communications[J]. Mathematicaland Computer Modelling, 2012,55(1-2):35-44.
  • 5SOOD S K, SARJE A K,SINGH K. A Secure Dynamic Identity Based Authentication Protocol for Multi server Architecture[J]. Journal of Network and Computer Applications, 2011,34(2):609-618.
  • 6LEE C, LIN T,CHANG R. A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment Using Smart Cards[J]. Expert Systems with Applications, 2011,38(11):13863- 13870.
  • 7LIAO Y, WANG S. A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment[J]. Computer Standards & Interfaces, 2009,31(1):24-29.
  • 8TSAI J. Efficient Multi-server Authentication Scheme Based on One-way Hash Function without Verification Table[J]. Computers & Security, 2008,27(3-4):115-121.
  • 9RAMASAMY R, MUNIYANDI A. New Remote Mutual Authentication Scheme Using Smart Cards[J]. Transactions on Data Privacy, 2009,2(2):141-152.
  • 10KUMAR M. New Remote User Authentication Scheme Using Smart Cards[J]. IEEE Transaction on Consumer Electronics, 2004,50(2):597- 600.

引证文献5

二级引证文献12

信息网络安全
2015年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部