透過您的圖書館登入
IP:52.55.55.239
  • 學位論文

一個有效率的三方金鑰交換協定

An Efficient Three-Party Key Exchange Protocol

指導教授 : 楊伏夷
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


網際網路時代的來臨,電腦系統與網路連結造就病毒與駭客在安全性上威脅。三方通訊中,最大優點就是能夠降低一個會議中,所有使用者所需儲存的金鑰數。 近年來,在三方通訊研究方面,都是針對使用者雙方利用驗證伺服器公鑰加密,加以保護資訊安全,作為後續接收與驗證伺服器所傳送訊息,然而這樣作法,容易遭受到假冒與密碼猜測攻擊。因此,接著陸續有學者提出不需要使用到驗證伺服器公鑰交換協定,來改善上述問題。架構設計上,主要是讓使用者雙方透過可信賴第三方協助金鑰交換動作,在通訊過程中,驗證伺服器可驗證使用者雙方身分與密碼,並且產生暫時金鑰分送給使用者雙方,讓使用者雙方產生出事後所要協商交談金鑰,而且此協定必需具備防止各類攻擊與提高整體效率,才能符合現今網路中的使用。 在本篇論文中,我們將設計一個有效率的三方認證金鑰交換協定,在我們設計的協定中,通訊雙方必須事先與憑證中心註冊,並且分享個人自選密碼。待雙方通訊時,在雙方公鑰計算中,分別加入另一方身分,讓使用者雙方能夠知道另一方是否為真實通訊對象,防止所謂中間者攻擊。 計算量方面,驗證伺服器分別傳送給雙方不同的暫時金鑰中,去除使用者雙方密碼,不只降低計算量,且仍然保有協定安全性,防止所謂辭典猜測攻擊。與其他學者協定相較下,我們的協定不只降低計算量,同時也達到相同安全性需求,能夠在現今網際網路環境內使用。

並列摘要


The introduction of the Internet era also means the dawn of mass threats of e-virus and hackers. Thus, the most appealing element of three-party communication would be the minimizing need of the session key in each user. All recent studies about the three party communications have been concentrating on the safety reliance of public key cryptosystem on the authentication server between each two parties. Yet, this method is prone to forgery identity and password guessing attacks. Therefore, some claimed that the bypassing of public key exchange protocol on authentication server would be necessary to prevent the abovementioned safety issue. I.e. the users can obtain and exchange the session key from a trusted third party. During the session, the authentic server approves the users’ identities and passwords, and generates a temporary session key for each participant, and which session key would be highly secure against all sorts of modern-day attacks effectively and efficiently. In this paper, we design an efficient three party session key exchange authentication protocol that is based on pre-registered identity and password on one authentication server. During the session, the public key would be encrypted with the identity of another participant, thereby reassuring its counterpart’s identity and prevent the session from unknown party’s potential threats. In such a calculation for the temporary session keys which are sent separately to each participant, passwords are removed. For the reasons not only to reduce the required calculation capacity, but also to keep the security of the protocol, namely the dictionary guessing attacks. Thus, in comparisons to others’ protocols, our protocol not only does reduce the required calculation capacity, but also safeguard the communications in today’s Internet environment.

參考文獻


[6] C. L. Lin, H. M. Sun and T. Hwang. “Three party-encrypted key exchanges: attacks and a solution,” ACM Operating Systems Review 2000, 34(4):12-20.
[2] D. R. Stinson. “Cryptography: Theory and Practice,” CRC Press, 1995.
[3] S. M. Bellovin and M. Merrit. “Encrypted key exchange: password based protocols secure against dictionary attacks,” In: Proceedings of IEEE symposium on research in security and privacy. IEEE Computer Society Press, May 1992. pp. 72-84.
[4] M. Steiner, G. Tsudik and M. Waidner. “Refinement and extension of encrypted key exchange,” ACM Operating Systems Review 1995, 29(3):22¬-30.
[5] Y. Ding and P. Horster. “Undetectable on-line password guessing attacks,” ACM Operating Systems Review 1995, 29(4):77-86.

被引用紀錄


林德政(2011)。安全即時通訊系統之設計與實作〔碩士論文,國立交通大學〕。華藝線上圖書館。https://doi.org/10.6842%2fNCTU.2011.00217

延伸閱讀