摘要: 从攻击者的角度出发,总结系统攻击的2个特性,设计一个协议漏洞自动检测系统。通过目标查找算法、可利用资源查找算法及协议漏洞查找算法,找到多种攻击认证协议的途径,由此发现协议存在的漏洞。对Needham-Schroeder、Neuman-Stubblebine和Otway-Rees协议的测试结果表明,该系统可正确检测协议漏洞,模拟攻击方式。
关键词:
认证协议,
漏洞查找,
自动检测,
可利用资源查找,
目标查找
Abstract: From the attacker’s point of view, this paper sums up two features of attack on system and designs an automatic detection system for authentication protocol loophole. By target lookup algorithm, available resource lookup algorithm and protocol vulnerabilities searching algorithm, it finds a variety of ways to attack the authentication protocol to discover loopholes in the protocol. Needham-Schroeder, Neuman-Stubblebine and Otway-Rees protocol are used to do tests, whose results show that the system can correctly detect the vulnerability of the protocol, and simulate the attack methods.
Key words:
authentication protocol,
loophole lookup,
automatic detection,
available resource lookup,
object lookup
中图分类号:
林丽, 关德君, 徐剑, 钟月. 认证协议漏洞自动检测系统设计与实现[J]. 计算机工程, 2012, 38(9): 134-137.
LIN Li, GUAN De-Jun, XU Jian, ZHONG Ru. Design and Implementation of Automatic Detection System for Authentication Protocol Loophole[J]. Computer Engineering, 2012, 38(9): 134-137.