计算机工程 ›› 2012, Vol. 38 ›› Issue (08): 101-104.doi: 10.3969/j.issn.1000-3428.2012.08.033

• 安全技术 • 上一篇    下一篇

Office认证机制中密钥导出函数安全性分析

邹 梅,吴鸿伟,周 君,李晓潮,郭东辉   

  1. (厦门大学电子工程系,福建 厦门 361005)
  • 出版日期:2012-04-20 发布日期:2012-04-20
  • 作者简介:邹 梅(1987-),女,硕士研究生,主研方向:嵌入式系统设计,信息安全;吴鸿伟,博士研究生;周 君,硕士研究生;李晓潮,副教授、博士后;郭东辉,教授
  • 基金项目:
    福建省高校产学合作科技基金资助重大项目(2010H 6026);厦门市科技计划基金资助项目(3502Z20093002)

Security Analysis of Key Derivation Function in Office Authentication Mechanism

ZOU Mei, WU Hong-wei, ZHOU Jun, LI Xiao-chao, GUO Dong-hui   

  1. (Department of Electronic Engineering, Xiamen University, Xiamen 361005, China)
  • Online:2012-04-20 Published:2012-04-20

摘要: 微软Office2007及其后续版本采用ECMA-376的文件加密格式,其安全性主要通过用户认证和文件加密实现,而密钥导出算法是整个安全机制的核心。为此,研究ECMA-376密钥导出算法的安全性,利用Game-Playing技术计算该密钥导出算法与随机函数的不可区分优势的上限。通过该理论和攻击实例对Office安全性进行分析,结果表明,当用户口令字符长度大于6时,Office具有一定的安全性。

关键词: 消息认证码, 密钥导出函数, 可证明安全性, ECMA-376文件加密格式, 随机预言机模型

Abstract: Microsoft Office2007 and later version adopt ECMA-376 document encryption format. In this format, the file security is mainly protected by user authentication and files encryption, and Password Based Key Derivation Function(PBKDF) is the core of the Office security mechanism. In order to analyze the security of the PBKDF in ECMA-376 format, this paper proves the upper bound of the adversary’s advantage between the Key Derivation Function(KDF) and ideal random function through the Game-Playing technology, and discusses the safety of the Office encrypted files based on that theoretical result and the actual attack experiment. Based on the analysis results, it obtains that Office is with a certain degree of security while the user password is longer than 6 characters.

Key words: Message Authentication Code(MAC), Key Derivation Function(KDF), provable security, ECMA-376 document encryption format, random oracle model

中图分类号: