To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key w...To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.展开更多
In key escrow field it is important to solve the problem thatuser's secret key completely depends on the trusted escrow agency. In 1995, some methods of solving the problem were presented. But these methods are no...In key escrow field it is important to solve the problem thatuser's secret key completely depends on the trusted escrow agency. In 1995, some methods of solving the problem were presented. But these methods are no better than that of directly using threshold cryptography. In this paper, we present a common pattern of threshold key escrow scheme based on public key cryptosystem, and a detailed design based on the improved RSA algorithm is given. The above problem is solved by this scheme.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2001AA115300)the Natural Science Foundation of Liaoning Province(No.20031018,20062023)
文摘To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.
基金This work was supported by the National Natural Science Foundation of China (Grant Nos. 69772037, 60072018).
文摘In key escrow field it is important to solve the problem thatuser's secret key completely depends on the trusted escrow agency. In 1995, some methods of solving the problem were presented. But these methods are no better than that of directly using threshold cryptography. In this paper, we present a common pattern of threshold key escrow scheme based on public key cryptosystem, and a detailed design based on the improved RSA algorithm is given. The above problem is solved by this scheme.
