摘要: 微软Office2007及其后续版本采用ECMA-376的文件加密格式,其安全性主要通过用户认证和文件加密实现,而密钥导出算法是整个安全机制的核心。为此,研究ECMA-376密钥导出算法的安全性,利用Game-Playing技术计算该密钥导出算法与随机函数的不可区分优势的上限。通过该理论和攻击实例对Office安全性进行分析,结果表明,当用户口令字符长度大于6时,Office具有一定的安全性。
关键词:
消息认证码,
密钥导出函数,
可证明安全性,
ECMA-376文件加密格式,
随机预言机模型
Abstract: Microsoft Office2007 and later version adopt ECMA-376 document encryption format. In this format, the file security is mainly protected by user authentication and files encryption, and Password Based Key Derivation Function(PBKDF) is the core of the Office security mechanism. In order to analyze the security of the PBKDF in ECMA-376 format, this paper proves the upper bound of the adversary’s advantage between the Key Derivation Function(KDF) and ideal random function through the Game-Playing technology, and discusses the safety of the Office encrypted files based on that theoretical result and the actual attack experiment. Based on the analysis results, it obtains that Office is with a certain degree of security while the user password is longer than 6 characters.
Key words:
Message Authentication Code(MAC),
Key Derivation Function(KDF),
provable security,
ECMA-376 document encryption format,
random oracle model
中图分类号:
邹梅, 吴鸿伟, 周君, 李晓潮, 郭东辉. Office认证机制中密钥导出函数安全性分析[J]. 计算机工程, 2012, 38(08): 101-104.
JU Mei, TUN Hong-Wei, ZHOU Jun, LI Xiao-Chao, GUO Dong-Hui. Security Analysis of Key Derivation Function in Office Authentication Mechanism[J]. Computer Engineering, 2012, 38(08): 101-104.