期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

电子商务安全协议的一种形式化分析方法 被引量:2

A Method for Formal Analysis of E-Commerce Security Protocol
在线阅读 下载PDF
导出
摘要 随着网络技术的飞速发展,电子商务已成为大众广泛接受的一种商贸模式,越来越多的密码技术被广泛应用到电子商务安全协议中,形式化方法是一种行之有效的电子商务安全协议分析方法。针对原始串空间模型无法对密码学中一些复杂的操作作出描述和分析,通过扩展串空间模型,并在此基础上又相应扩展了认证测试方法,包括输入测试、输出测试以及自发测试的扩展,提出了一种基于丰富密码学的认证测试方法的扩展;最后分析了电子商务安全协议中的TLS1.0握手协议,验证了协议的认证属性。 With the rapid development of network technologies, e-commerce has become a widely accepted business model. Therefore, a growing number of cryptographic techniques are widely used in e-commerce security protocol, among which the formal method is an effective way of security protocol analysis. However, the original strand space model cannot make analyses and description of the more complex operations in cryptography primitives. By expanding it, we correspondingly expand the authentication test method, including incoming test, outgoing test and unsolicited test, and put forward a way to expand the authentication test method that is based on the rich cryptographic primitives. At last, we analyzes TLS 1. 0 handshaking protocol of e-commerce security protocols, and validate the authentication properties of the protocol.
作者 王亮
机构地区 苏州大学计算机科学与技术学院
出处 《苏州大学学报(工科版)》 CAS 2010年第4期60-65,共6页 Journal of Soochow University Engineering Science Edition (Bimonthly)
关键词 电子商务 安全协议 形式化方法 串空间模型 认证测试方法 e-commerce security protocol formal method strand space model authentication test method
分类号 TP919 [自动化与计算机技术]
  • 相关文献

参考文献2

二级参考文献25

  • 1Fabrega FJT, Herzog JC, Guttman JD. Strand spaces: Why is a security protocol correct? In: Proc. of the 1998 IEEE Symp, on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1998, 160-171, http://ieeexplore.ieee.org/ie14/5528/14832/00674832.pdf? tp=&arnumber=674832&isnumber=14832.
  • 2Fitbrega FJT, Herzog JC, Guttman JD. Strand spaces: Proving security protocols corect. Journal of Computer Security, 1999,7(2-3):191-230.
  • 3Paulson LC. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 1998,6(1):85-128.
  • 4Guttman JD, F/ibrcga FJT. Authentication tests. In: Proc. of the 2000 IEEE Syrup. on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 2000. 96-109. http://ieeexplore.ieee.org/ie15/6864/18435/00848448.pdf?.tp=&arnumber=848448&isnumber=18435.
  • 5Guttman JD, F/ibrega FJT. Authentication tests and the structure of bundles. Theoretical Computer Science, 2002,283(2):333-380.
  • 6Guttman JD. Security protocol design via authentication tests, In: Proc. of the 2002 IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 2002.92-103. http://ieeexplore.ieee.org/ie15/7957/21985/01021809.pdf?tp=&arnumber- 1021809&isnumbet=21985.
  • 7Woo TYC, Lam SS. A semantic model for authentication protocols, In: Proe. of the 1993 IEEE Computer Society Symp. on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1993. 178-194. http://ieeexplore.ieee.org/iel2/902/7168/00287633.pdf?tp=&arnumber=287633&isnumber=7168.
  • 8Song DXD. Athena: A new efficient automatic checker for security protocol analysis. In: Proc. of the 12th IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1999. 192-202. http://ieeexplore.ieee,org/ie15/6332/16921/00779773.pdf?tp=&arnumber=779773&isnumber= 16921.
  • 9Song D, Berezin S, Pcrrig A. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 2001,9( 1):47-74.
  • 10Syverson P. Towards a strand semantics for authentication logic, Electronic Notes in Theoretical Computer Science, 1999,20:143-157. http://citeseer.ist.psu.edu/syverson99towards.html.

共引文献30

同被引文献8

引证文献2

二级引证文献6

苏州大学学报(工科版)
2010年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部