摘要: 研究Yahalom协议及其变体,发现该系列协议存在的时序缺陷,给出一种利用此缺陷攻击Yahalom协议及其变体的方法。尽管Yahalom协议历经几次修改,且被证明不存在密钥泄露问题,但Yahalom协议及其变体仍然存在以前没有被关注过的时序缺陷。该文从时序角度对Yahalom-Paulson协议进行改进。改进后的协议保持了原协议的安全性,同时能抵御原来因时序缺陷所引起的攻击。
关键词:
安全协议,
Yahalom协议,
协议时序,
时序缺陷,
安全攻击
Abstract: This paper researches the Yahalom protocol and its variants, finds a sequence flaw existing in them and provides a kind of method to attack them by using the flaw. The Yahalom protocol has been revised several times, and no key-compromise problem is proved in the final Yahalom-Paulson protocol, but the Yahalom protocol and its variants still have the sequence flaw which has never been paid attention before. The Yahalom-Paulson protocol is improved from the angle of sequence. The improved Yahalom-Paulson protocol preserves the security of the original protocol, and can resist the attack caused by the sequence flaw.
Key words:
security protocol,
Yahalom protocol,
protocol sequence,
sequence flaw,
security attack
中图分类号:
陶宏才;何大可. Yahalom协议及其变体的时序缺陷分析与改进[J]. 计算机工程, 2008, 34(17): 176-177.
TAO Hong-cai; HE Da-ke. Analysis and Improvement of Sequence Flaw for Yahalom Protocol and Its Variants[J]. Computer Engineering, 2008, 34(17): 176-177.