摘要
数据报传输层安全(Datagram Transport Layer Security,DTLS)协议基于用户数据报(User Datagram Protocol,UDP)协议套接字(socket),在传输层和应用层之间构建了一个端到端的安全通道,保证了传输数据的机密性。DTLS提供了基于椭圆曲线迪菲-赫尔曼(Elliptic Curve Diffie-Hellman,ECDH)和预共享密钥(Pre-Shared Key,PSK)两种密钥交换协议,前者安全性好但耗时长开销大,后者效率高但安全级别低。因此,在ECDH和PSK基础上,提出了一种增强的密钥交换协议,该协议在不改变密钥交换流程且不增加网络传输开销的前提下,通过PSK存储于密钥池以及使用时动态选取和使用后滚动更新的方式,有效地抵御了前向和后向安全攻击,并避免了数据被窃听或篡改。
Based on UDP(User Datagram Protocol)socket,the DTLS(Datagram Transport Layer Security)protocol constructs an end-to-end secure channel between transport layer and application layer to ensure the encryption of transmitted data.DTLS provides two key exchange protocols based on ECDH(Elliptic Curve Diffie-Hellman)and PSK(Pre-Shared Key).The former has good security but long time-consuming and high overhead,and the latter has high efficiency but low security level.Therefore,based on ECDH and PSK,an enhanced key exchange protocol is proposed.Without changing the key exchange process and increasing the network transmission overhead,the protocol effectively resists eavesdropping,tampering,forward and backward security attacks by storing PSK keys in the key pool,dynamically selecting them during use and rolling up grade them after use.
作者
黄劲松
代霞
HUANG Jinsong;DAI Xia(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2022年第2期229-235,共7页
Communications Technology
关键词
数据报传输层安全
椭圆曲线迪菲-赫尔曼
预共享密钥
密钥交换
安全攻击
DTLS(Datagram Transport Layer Security)
ECDH(Elliptic Curve Diffie-Hellman)
PSK(Pre-Shared Key)
key exchange
security attack
