Title: | 基于口令的认证:协议和应用 |
Author: | 陈开渠
|
Issued Date: | 2001
|
Major: | 计算机应用技术
|
Degree Grantor: | 中国科学院软件研究所
|
Place of Degree Grantor: | 中国科学院软件研究所
|
Degree Level: | 博士
|
Keyword: | 口令
; 认证协议
; Diffie-Hellman问题
; 猜测攻击
|
Abstract: | 口令是一种常用的认证机制,为了提高安全性,人们基于口令设计了大量的认证机制,但现有的基于口令的认证机制大都存在猜测攻击的隐患。本文旨在Diffie-Hellman密钥交换协议的基础上设计一个基于口令的认证机制,其特点是能够防止猜测攻击。根据用户-用户和客户端-服务器这两种不同的认证环境,本文提出了对称的SymPassword协议和非对称的AsyPassword协议,分别适应于这两种环境。AsyPassword在服务器被攻破的情况下,仍然具有一定的安全性,但是复杂度比SymPassword要高一点。在随机预言机安全通信模型上,本文证明了SymPassword和AsyPassword是符合要求的基于口令的认证密钥交换协议。本文在IPSec的密钥交换协议IKE中引入了基于SymPassword和AsyPassword的两种认证方式,在TLS中引入了基于AsyPassword的认证方式。 |
English Abstract: | Password is widely used as an authentication mechanism. But nowadays most password-based authentication protocol are not secure against Guessing Attack. For this reason, we modify the famous Diffie-Hellman Key Exchange to provide password-based authenticated key exchange against Guessing Attack. We design two protocol: SymPassword and AsyPassword. They suit for symmetric user-user authentication and asymmetric client/server authentication, respectively. The AsyPassword protocol can provide some security against server compromise, but is more complex than SymPassword. On the Random Oracle Model which focuses on distributed security communication, we prove that SymPassword and AsyPassword are both secure password-based authenticated key exchange protocol. At last, we modify the IKE protocol to add two authentication methods which are based on SymPassword and AsyPassword respectively, and modify TLS protocol to add an authentication method which is based on AsyPassword. |
Language: | 中文
|
Content Type: | 学位论文
|
URI: | http://ir.iscas.ac.cn/handle/311060/7666
|
Appears in Collections: | 中科院软件所
|
File Name/ File Size |
Content Type |
Version |
Access |
License |
|
LW004444.pdf(832KB) | -- | -- | 限制开放 | -- | 联系获取全文 |
|
Recommended Citation: |
陈开渠. 基于口令的认证:协议和应用[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2001-01-01.
|
|
|