摘要
针对现有口令认证密钥交换协议易受各种网络攻击,影响用户私密信息安全的问题,提出一种基于移动端协助的硬口令认证密钥交换协议,在移动端的辅助下,允许用户使用单一口令建立与服务器之间的安全会话。协议中,用户无须记忆任何复杂的私钥信息,即使移动设备丢失、被盗或遭受恶意软件侵袭,也不会损害用户信息。安全性和性能分析表明,协议明显降低了服务器的计算消耗,大大提高了用户私密信息的安全性,可以抵御字典攻击、中间人攻击等的影响,减轻用户记忆负担,缓解存储压力,易于部署。
Aiming at the vulnerability to various network attacks and effect on the security of user’s private information in the exciting password-authenticated key exchange protocols,this paper proposed a hardened password-authenticated key exchange protocol based on mobile phone assistance,which allowed a user to use a single password to establish a secure session to the server with the help of mobile phone.The users don’t need to memorize any complex private key in the protocol.Even when the mobile device is lost or stolen,even attacked by malware,no damage to the user’s information will be induced.The analysis of security and performance show that the proposed protocol significantly reduces the computation cost of the server and greatly improves the security of the user’s secret information.Meanwhile,the proposed protocol can resist dictionary attacks,man-in-themiddle attacks etc.while lightening burden of the user’s memory,reducing the storage pressure along with easy deployment.
作者
徐渊
Xu Yuan(Dept.of Laboratory Management,Xi’an University of Finance&Economics,Xi’an 710100,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第7期2108-2111,共4页
Application Research of Computers
基金
国家重点研发计划(原“973”计划)资助项目(2017YFGX110123)
国家自然科学基金—面上项目(61672415)
111基地专项基金资助项目(B16037)。
关键词
认证密钥交换
口令
移动
恶意软件
authenticated key exchange protocol
password
mobile
malware