摘要: 口令认证的两方密钥交换协议无法抵御口令字典攻击和服务器泄漏伪装攻击。为此,提出一种改进的PAKA-X协议,用户保存自己的口令明文,服务器存储用户口令明文的验证值,由此弥补原协议的安全漏洞。理论分析结果表明,改进协议具有完美前向安全性,能抵抗Denning-Sacco攻击、服务器泄漏攻击、在线和离线字典攻击以及中间人攻击,并且仅需9次指数运算、6次哈希运算和6次异或运算,运行效率较高。
关键词:
口令认证密钥交换协议,
服务器泄漏攻击,
字典攻击,
Denning-Sacco攻击,
前向安全
Abstract: Password-authenticated key exchange protocol can not resist dictionary attack and server compromising attack, so this paper proposes an improved PAKA-X protocol. A user stores his password, while the server stores a verifier for user’s password. Analysis result shows that the proposed protocol has perfect forward secrecy, can resist the Denning-Sacco attack, server compromising attack, on-line dictionary attack, off-line dictionary attack and man-in-the-middle attack. And it has only 9 exponentiation computations, 6 hash-function computations and 6 exclusive-or computations, so it has reliable efficiency.
Key words:
password-authenticated key exchange protocol,
server compromising attack,
dictionary attack,
Denning-Sacco attack,
forward secure
中图分类号:
项顺伯, 彭志平, 柯文德. 一种可证安全的两方口令认证密钥交换协议[J]. 计算机工程, 2013, 39(1): 164-167.
XIANG Shun-Ba, BANG Zhi-Beng, KE Wen-De. A Provably Secure Two-party Password-authenticated Key Exchange Protocol[J]. Computer Engineering, 2013, 39(1): 164-167.