摘要
针对李、贾的两个无证书三方协议,分别构造具体攻击算法证明方案均有安全缺陷,进一步提出了新的三方认证密钥协商协议并进行分析;由于该协议计算效率的局限性,同时在考虑内部人攻击的情况下采用Schnnor签名提出第二个协议。与同类协议相比,两协议均具有安全性优势,满足完美前向安全、已知会话密钥安全、抗密钥泄露伪装安全和抗临时密钥泄露安全等属性,避免了证书管理和密钥托管的缺陷;协议1与2相比,前者通信成本较低并实现了可证安全,后者计算效率更高且抗内部人攻击,均适用于电子商务、手机漫游或电子会议三方交互应用场景。
For Li and Jia’s two certificateless tripartite protocols,this paper constructed the specific attack algorithms to prove that the protocols had security flaws.Further it proposed and analyzed a novel authenticated tripartite key agreement protocol.Because of the weakness of computation cost,it proposed the second protocol based on Schnnor signature meanwhile conside-ring the insider attack.Compared with similar protocols,both protocols have security advantages and meet perfect forward secrecy,known key security,resistance to key-compromise impersonation attacks and ephemeral key leakage attacks,etc.,avoided the drawbacks of certificate management and key escrow.The result of the comparison each other is that,the former has provable security and less communication consumption,the latter is more efficient and resists insider attack.They are both applicable to three-party interactive application scenarios such as e-commerce,mobile roaming or e-conference.
作者
许盛伟
任雄鹏
Xu Shengwei;Ren Xiongpeng(Beijing Electronic Science&Technology Institute,Beijing 100070,China;School of Telecommunications Engineering,Xidian University,Xi’an 710071,China)
出处
《计算机应用研究》
CSCD
北大核心
2021年第4期1165-1170,共6页
Application Research of Computers
基金
国家重点研发计划课题资助项目(2018YFB1004101,2018YFB0803600)。
关键词
三方协议
无证书
密钥协商
可证安全
内部人攻击
tripartite protocol
certificateless
key agreement
provable security
insider attack
