计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (10): 101-105.

• 网络、通信、安全 • 上一篇    下一篇

两个三方口令密钥交换协议的安全性分析

邓少锋,邓 帆,李益发   

  1. 信息工程大学 信息工程学院,郑州 450002
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-04-01 发布日期:2011-04-01

Security analysis of two password-authenticated key exchange protocol for three-party

DENG Shaofeng,DENG Fan,LI Yifa   

  1. Institute of Information Engineering,Information Engineering University,Zhengzhou 450002,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-04-01 Published:2011-04-01

PDF

摘要: 首先对两个基于验证元的三方口令密钥交换协议进行了安全性分析,指出它们都是不安全的。其中,LZC协议不能抵抗服务器泄露攻击、未知密钥共享攻击、内部人攻击和不可发现字典攻击;LWZ协议不能抵抗未知密钥攻击、内部人攻击和重放攻击。对LWZ协议进行了改进,以弥补原LWZ协议的安全漏洞。最后,在DDH假设下,给出了改进协议(NLWZ协议)的安全性证明。与已有协议相比,NLWZ协议降低了计算和通信开销,其潜在的实用性更强。

关键词: 三方密钥交换, 基于口令验证, 基于验证元, 双线性对

Abstract: This paper first presents the security analysis of two verifier-based password-authenticated key exchange protocols for three-party and points out that they are both insecure.Thereinto,the LZC protocol can not resist server compromise attack,unknown key-share attack,insider attack and undetectable on-line dictionary attack;the LWZ protocol can not resist unknown key-share attack,insider attack and replay attack.Then,this paper gives an improvement of the LWZ protocol to gain a new protocol—NLWZ protocol.Lastly,under the DDH assumption,the detailed security proof of NLWZ protocol is presented.Compared with previous protocols,NLWZ protocol has lower communication and computation,so it can have higher potential application.

Key words: key exchange for three-party, password-based authentication, verifier-based, bilinear pairs

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数