本文選題：可證明安全 + 通用可組合��； 參考：《計(jì)算機(jī)學(xué)報(bào)》2017年05期

【摘要】：網(wǎng)關(guān)口令認(rèn)證密鑰交換(GPAKE)協(xié)議是一類特殊的三方協(xié)議,其中客戶和認(rèn)證服務(wù)器共享有低熵口令,客戶和網(wǎng)關(guān)在服務(wù)器的協(xié)助下生成高熵的會(huì)話密鑰.由于通信架構(gòu)更貼近實(shí)際,GPAKE協(xié)議研究近年來受到了較多的關(guān)注.然而,已有GPAKE協(xié)議都是在傳統(tǒng)"孤立"的安全模型中進(jìn)行分析和設(shè)計(jì)的,沒有考慮協(xié)議的可組合安全,也沒有考慮用戶將相關(guān)口令用于不同協(xié)議時(shí)的影響.為了保證GPAKE協(xié)議在更接近實(shí)際應(yīng)用的復(fù)雜環(huán)境下的安全性,該文在通用可組合(UC)框架下研究GPAKE協(xié)議的安全性定義,給出了GPAKE的理想功能,對(duì)會(huì)話密鑰安全、防止惡意網(wǎng)關(guān)猜測(cè)客戶口令以及保持會(huì)話密鑰相對(duì)于服務(wù)器的私密性等安全目標(biāo)進(jìn)行了刻畫,保證了協(xié)議在復(fù)雜應(yīng)用環(huán)境中的可組合安全性,還考慮了用戶將服從任意分布的、甚至是與其他協(xié)議相關(guān)的口令用于GPAKE協(xié)議的情況.另外,利用UC安全兩方PAKE協(xié)議、消息認(rèn)證碼為組件,給出了GPAKE協(xié)議的一個(gè)通用構(gòu)造,使其能夠被實(shí)例化得到多個(gè)具體的協(xié)議,并證明了該通用構(gòu)造是UC安全的,即能夠UC安全實(shí)現(xiàn)GPAKE理想功能.
[Abstract]:Gateway password Authentication key Exchange (GPAKE) protocol is a special tripartite protocol in which the client and the authentication server share a low entropy password and the client and gateway generate a high-entropy session key with the help of the server. The research of GPAKE protocol has been paid more attention in recent years because the communication architecture is closer to the reality. However, the existing GPAKE protocols are all analyzed and designed in the traditional "isolated" security model, without considering the combinable security of the protocols and the influence of the user when using the relevant passwords for different protocols. In order to ensure the security of the GPAKE protocol in the complex environment which is closer to the practical application, this paper studies the security definition of the GPAKE protocol under the framework of universal assemblage UC, and gives the ideal function of GPAKE and the security of the session key. The security targets such as preventing malicious gateway from guessing the client password and keeping the session key private relative to the server are described, which ensures the combinable security of the protocol in the complex application environment. Even passwords associated with other protocols are used for GPAKE protocols. In addition, using UC secure two-party PAKE protocol and message authentication code as components, a general structure of GPAKE protocol is given, which can be instantiated to obtain several concrete protocols, and it is proved that the universal structure is UC secure. That is, UC can safely realize the ideal function of GPAKE.
【作者單位】： 中國(guó)人民解放軍信息工程大學(xué);中國(guó)科學(xué)院軟件研究所可信計(jì)算與信息保障實(shí)驗(yàn)室;信息保障技術(shù)重點(diǎn)實(shí)驗(yàn)室;
【基金】：國(guó)家“九七三”重點(diǎn)基礎(chǔ)研究發(fā)展規(guī)劃項(xiàng)目基金(2013CB338003,2012CB315905) 國(guó)家自然科學(xué)基金(61502527,U1536205,61379150,61572485) 中國(guó)博士后科學(xué)基金(2014M552524) 信息保障技術(shù)重點(diǎn)實(shí)驗(yàn)室開放基金(KJ-14-004)資助~~
【分類號(hào)】：TN918.4

【相似文獻(xiàn)】

相關(guān)期刊論文 前4條

1 劉洪民;印幫輝;;MD5算法在用戶口令認(rèn)證中的應(yīng)用[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2014年05期

2 鄧淼磊;王玉磊;周利華;;通用可組合的三方口令認(rèn)證密鑰交換協(xié)議[J];電子與信息學(xué)報(bào);2010年08期

3 王金波;熊玲;張文政;曾兵;;基于智能卡的輕量級(jí)非平衡型口令認(rèn)證方案[J];通信技術(shù);2014年08期

4 ;[J];;年期

相關(guān)碩士學(xué)位論文 前4條

1 李一然;口令認(rèn)證密鑰協(xié)商協(xié)議的分析與改進(jìn)[D];昆明理工大學(xué);2015年

2 張瑤;基于可視密碼的身份認(rèn)證研究[D];西安電子科技大學(xué);2014年

3 廖衛(wèi)民;口令認(rèn)證密鑰交換新協(xié)議[D];廣州大學(xué);2006年

4 林淑強(qiáng);Mac OS X口令認(rèn)證機(jī)制的安全性分析[D];廈門大學(xué);2014年

，

本文編號(hào)：1959163