摘要
Kerberos认证协议容易遭受口令攻击和重放攻击,且需要2次双线性对运算、2次指数运算和1次椭圆曲线上的点乘运算,计算量大。为此,利用高效的无证书密钥协商对Kerberos协议进行改进。用户与认证服务器之间通过使用无证书签密技术抵抗伪造攻击。分析结果证明,改进协议符合密钥协商的6个基本安全要求,满足已知密钥安全性、完美前向安全性、抗未知密钥共享安全性、密钥不可控性、已知会话临时信息安全性,能抵抗口令攻击、重放攻击、中间人攻击及密钥泄漏伪装攻击,并且仅需3次点乘运算,具有较高的效率。
Kerberos authentication protocol is apt to suffer password attack and replay attack,and it needs double bilinear logarithmic operations,double exponent arithmetic and one dot multiplication on elliptic curve.Aiming at vulnerability and large amount of computation of Kerberos authentication protocol,this paper improves it with the help of high-efficient certificateless key agreement.In order to resist masquerade attacks,the certificateless signcryption technology is used between a user and authentication service.Analysis result proves that the improved protocol meets six basic security demands of key agreement.That’s to say,it can satisfy with the requirements of known key security,perfect forward security,resisting unknown key sharing security,keys’ uncontrollability and temporal known session information security.It can resist password attack,replay attack,intermediary attack and key exposure impersonation attack,and has higher efficiency with only three dot multiplications.
出处
《计算机工程》
CAS
CSCD
2012年第23期127-130,136,共5页
Computer Engineering
基金
国家"863"计划基金资助项目(2009AA010307)
国家自然科学基金资助项目(61100034
61170043)
安徽省高等学校自然科学研究基金资助项目(KJ2011B108
KJ2012Z273)
关键词
KERBEROS协议
无证书公钥密码学
密钥协商
身份认证
Kerberos protocol
Certificateless Public Key Cryptography(CL-PKC)
key agreement
identity authentication
