基于双序列函数的重放攻击防御方案

doi:10.19678/j.issn.1000-3428.0055661

摘要/Abstract

摘要： 针对Web应用服务端易受重放攻击的问题，提出一种基于双序列函数的Web服务端防御方案。分别利用序列函数和周期函数生成身份校验阶段和会话阶段的加密校验参数，并通过双端定义相同结构的序列函数进行双向认证，以序列值递进的方式进行参数更新，从而过滤重放攻击报文，保证请求的可靠性与新鲜性。分析结果表明，该方案可以避免网络延迟影响，具有良好的抗重放攻击能力。

关键词: 重放攻击, 服务器, 权限框架, 序列函数, 会话保持

Abstract: To address the problem that Web application servers are vulnerable to replay attacks,this paper proposes a defense scheme based on double sequence function for Web servers.The sequence function and periodic function are used to generate the encryption verification parameters in the identity verification stage and the session stage respectively,and the bidirectional authentication is carried out through the sequence functions with the same structure defined on both sides.The parameters are updated in the progressive way of sequence value,so as to filter messages of replay attacks and ensure the reliability and freshness of the request.Analysis results show that the scheme can avoid the influence of network delay and has good ability to resist replay attacks.

Key words: replay attack, server, authority framework, sequence function, session persistence

中图分类号:

TP309

赵梁, 李磊, 李向丽. 基于双序列函数的重放攻击防御方案[J]. 计算机工程, 2020, 46(9): 143-148.

ZHAO Liang, LI Lei, LI Xiangli. Replay Attack Defense Scheme Based on Double Sequence Function[J]. Computer Engineering, 2020, 46(9): 143-148.

http://www.ecice06.com/CN/Y2020/V46/I9/143

图/表 3

参考文献

[1] HAN Chongyan,ZHANG Hongqi,ZHANG Bin,et al.Web service authentication protocol of anti-replay attack[J].Computer Engineering,2011,37(21):91-93.(in Chinese)韩崇砚,张红旗,张斌,等.一种抗重放攻击的Web服务认证协议[J].计算机工程,2011,37(21):91-93.
[2] KANG J J,FAHD K,VENKATRAMAN S.Trusted time-based verification model for automatic man-in-the-middle attack detection in cybersecurity[EB/OL].[2019-07-05].https://www.researchgate.net/profile/James_Jin_Kang/publication/329428140_Trusted_Time-Based_Verification_Model_for_Automatic_Man-in-the-Middle_Attack_Detection_in_Cybersecurity/links/5c082ac792851c39ebd6120f/Trusted-Time-Based-Verification-Model-for-Automatic-Man-in-the-Middle-Attack-Detection-in-Cybersecurity.pdf.
[3] ZHANG Zhiming,LI Ping,XIONG Xiaoyong.Efficient false data filtering scheme for wireless sensor networks[J].Computer Engineering and Applications,2015,51(24):78-85.(in Chinese)章志明,李萍,熊小勇.一种有效的无线传感器网络虚假数据过滤方案[J].计算机工程与应用,2015,51(24):78-85.
[4] LI Lei,CHEN Jing,ZHANG Zhihong.Analysis and improvement of remote bitstream update protocol preventing replay attacks on FPGA[J].Computer Science,2013,40(8):149-150.(in Chinese)李磊,陈静,张志鸿.一种FPGA上防重放攻击的远程比特流更新协议的分析改进[J].计算机科学,2013,40(8):149-150.
[5] XIAO Binbin,XU Yuming.Scheme of anti-replay attacks based on two-factor authentication[J].Computer Engineering,2017,43(5):115-120.(in Chinese)肖斌斌,徐雨明.基于双重验证的抗重放攻击方案[J].计算机工程,2017,43(5):115-120.
[6] SAMAD R,NASOUR B,MEHDI H,et al.An authenticated encryption based grouping proof protocol for RFID systems[J].Security and Communication Networks,2016,9:5581-5590.
[7] ZHU Tingwei,FENG Dan,WANG Fang,et al.Efficient anonymous communication in SDN-based data center networks[J].IEEE/ACM Transactions on Networking,2017,25(6):3767-3780.
[8] NARESH V S,SIVARANJANI R,MURTHY N V E S.Provable secure lightweight hyper elliptic curve-based communication system for wireless sensor networks[J].International Journal of Communication Systems,2018,31(15):1-13.
[9] SMITH D F,WILIEM A,LOVELL B C.Face recognition on consumer devices:reflectionson replay attacks[J].IEEE Transactions on Information Forensics and Security,2015,10(4):736-745.
[10] CHEN B,HO D W C,HU G Q,et al.Secure fusion estimation for bandwidth constrained cyber-physical systems under replay attacks[J].IEEE Transactions on Cybernetics,2018,48(6):1862-1876.
[11] WANG Xiaowu,LIU Ying.Direction-based replay attack defense mechanism[J].Communications Technology,2019,52(6):1500-1503.(in Chinese)王效武,刘英.基于方向的重放攻击防御机制[J].通信技术,2019,52(6):1500-1503.
[12] THANGAVEL M,VARALAKSHMI P,MURRALI M,et al.An enhanced and secured RSA key generation scheme (ESRKGS)[J].Journal of Information Security and Applications,2015,20:3-10.
[13] ZHU Minghui,MARTINEZ S.On the Performance analysis of resilient networked control systems under replay attacks[J].IEEE Transactions on Automatic Control,2014,59(3):804-808.
[14] QI Mingping,CHEN Jianhua.An efficient two-party authentication key exchange protocol for mobile environment[J].International Journal of Communication Systems,2017,30(16):1-10.
[15] ISLAM S K H,BISWAS G P.Design of improved password authentication and update scheme based on elliptic curve cryptography[J].Mathematical and Computer Modelling,2013,57(11/12):2703-2717.
[16] ADHIKARI S,RAY S,BISWAS G P,et al.Efficient and secure business model for content centric network using elliptic curve cryptography[J].International Journal of Communication Systems,2019,32(1):1-27.
[17] SHEN Jian,CHANG Shaohua,SHEN Jun,et al.A lightweight multi-layer authentication protocol for wireless body area networks[J].Future Generation Computer Systems,2018,78(3):956-963.
[18] ZAWAIDEH F,SALAMAH M.An efficient weighted trust-based malicious node detection scheme for wireless sensor networks[J].International Journal of Communication Systems,2019,32(2):1-18.
[19] CAO Shouqi,SUN Qing,CAO Liling.An improved identity authentication scheme of dynamic ID multi-factor remote users[J].Computer Engineering and Science,2019,41(4):633-640.(in Chinese)曹守启,孙青,曹莉凌.动态ID多因素远程用户身份认证方案的改进[J].计算机工程与科学,2019,41(4):633-640.
[20] XIONG L,NIU J W,KUMARI S,et al.A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments[J].Journal of Network and Computer Applications,2018,103(1):194-204.

选择文件类型/文献管理软件名称

选择包含的内容