分布式网络环境下密码协议形式模型和安全性

Formal Model and Security Analysis for Cryptographic Protocols in the Distributed Network Environment

下载PDF

导出

摘要随着互联网的应用和发展,各种类型的安全协议,包括具有多个角色、多种密码运算的复杂密码协议,已广泛应用于分布式系统中解决各种安全需求.在大规模分布式网络环境下,参与协议运行的主体是大数量的甚至是动态的,密码协议运行环境极为复杂,这使得密码协议的安全性描述和分析变得非常复杂.引入了一个新的代数系统刻画具有多种密码运算的消息代数,并提出了一个新的密码协议模型,描述了无边界网络中的攻击模式,通过建立形式语言规范了无边界网络环境下密码协议的运行环境和安全性质该协议模型描述了一种“协同攻击”模式,并讨论了密码协议的安全性分析约简技术,给出一个新的安全自动分析过程的简要描述. Due to the rapid growth of the Internet applications, varied cryptographic protocols, including thses complex protocols with many roles and many cryptographic primitives, have been widely used to achieved various secure requirements in the distributed system. In the large distributed network environment, due to the maximum number of participants involved and the complexcity of run conditions of the protocol, the security characterzation and analysis for protocols is very difficult and complicated. In this paper, we introduce a new algebra system called Cryptographic Protocol Algebra(CPA) that characterizes the algebraic properties of messages involved in the protocol with multiple cryptographic operations. Based on CPA, we propose a new formal model for general cryptographic protocols. And we specify run conditions and security properties of cryptographic protocols in the unbounded network environment by building a formal language. Based on our model, we characterize a coordinated attack mode to protocols, and discuss reduction techniques for the protocol security analysis. Finally we briefly describe a new automatic analysis process for cryptographic protocols.

作者李先贤怀进鹏

机构地区北京航空航天大学计算机科学与工程系

出处《中国科学院研究生院学报》 CAS CSCD 2002年第3期311-323,共13页 Journal of the Graduate School of the Chinese Academy of Sciences

基金国家自然科学基金国家863计划基金资助

关键词分布式网络密码协议形式模型安全性形式化方法信息安全代数系统网络安全攻击模式 cryptographic protocol, formal method, information security, algebra system

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献11

1[1]D Dolev, A Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 1983,29(2):198～208
2[2]Steve Schneider. Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering, 1998,24(9):741～758
3[3]C Meadows. A Model of Computation for the NRL Protocol Analyzer. In: Proceedings of the 1994 Computer Security Foundations Workshop. Franconia, NH, USA, 1994, 84～89
4[4]L C Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 1998(6): 85～128
5[5]F Javier Thayer F,abrega, Jonathan C Herzog, Joshua D Guttman. Strand Spaces: Proving Security Protocols Correct. Journal of Computer Security, 1999, 191～230
6[6]F Javier Thayer F,abrega, Jonathan C Herzog, Joshua D Guttman. Strand Spaces: Why is a Security Protocol Correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy. IEEE Computer Press, 1998, 160～171
7[7]Dawn Song, Sergey Beresin, Adrian Perrig. Athena: a Novel Approach to Efficient Automatic Security Protocol Analysis, 2001
8[8]Gavin Lowe. Towards a Completeness Result for Model Checking of Security Protocols, In: Proceedings of 11th IEEE Computer Security Foundation Workshop (CSFW'98). Rockport Massachusetts USA, 1998
9[9]S Burris, H P Sankappanavar. A Course in Universal Algebra. New York: Springer-Verlag, 1981
10[10]J Baeten, W P Weijland. Process Algebra UK: Cambridge University Press, 1990

1袁志祥,蒋昌俊.基于Petri网的安全电子交易协议描述与分析[J].计算机工程,2003,29(10):56-59. 被引量：3
2高启胜.浅谈变电站的自动化系统[J].科技创业家,2013(23).
3思科虚拟化与视频技术打造协作新体验[J].中国建设信息,2011(2):4-4.
4达实.思科:虚拟化与视频技术打造协作新体验[J].通讯世界,2011(1):64-64.
5思科发布无边界网络新品[J].华南金融电脑,2010(11):7-7.
6思科虚拟化与视频技术打造协作新体验[J].计算机安全,2011(1):20-20.
7思科发布无边界网络与数据中心架构[J].微型计算机,2010(33):124-124.
8吴桔,胡克瑾.无边界网络系统结构及其应用[J].中国信息导报,2003(11):45-47.
9赵宇,袁霖,王亚弟,韩继红.一种改进的Woo-Lam密码协议模型[J].计算机应用,2006,26(9):2116-2120. 被引量：1
10杨治安.基于共管锁的密码协议模型[J].计算机应用,2009,29(B06):72-73.

中国科学院研究生院学报

2002年第3期

浏览历史

内容加载中请稍等...

分布式网络环境下密码协议形式模型和安全性

参考文献11

相关作者

相关机构

相关主题

浏览历史