摘要
传统的密钥交换协议一般只考虑到通信过程的安全性,忽略了服务器端的安全性。一旦服务器被攻陷,则所有用户的口令信息都将被窃取,攻击者就可以冒充合法用户登录系统。目前有一些协议运用零知识证明的方法来解决该问题,但都需要较大的计算量。一种基于动态口令验证因子认证的密钥交换协议(DV-AKE)被提出,其服务器的口令验证因子是动态变化的,使用了轻量的散列函数来实现零知识证明,尤其适合于轻量的客户端和有大量用户同时连接服务器的应用场景。
Traditional design of authenticated key exchange protocol considers communication security, but seldom takes into accouot the security threat of server compromises. Whenever an authentication server is captured, the intruder can immediately masquerade as legitimate users to successfully log into the system. Although some zero-knowledge-pruner methods were designed to relieve this threat, their computation is relatively high due to computationally heavy modular exponentiations employed. A dynamic-verifier based authenticated key exchange protocol is proposed, where the server stores a dynamically changing password-verifier and no password leakage would occur even when the server's verifier database is stolen, DV-AKE is especially useful for applications where lightweight client is required or lower server computational load is preferred.
出处
《计算机工程》
CAS
CSCD
北大核心
2006年第10期145-146,209,共3页
Computer Engineering
基金
国家科技基础条件平台门户应用系统(2003DKA5G015)
