期刊文献+

适用于移动云计算的抗中间人攻击的SSP方案 被引量:8

Hash-Based Secure Simple Pairing for Preventing Man-in-the-Middle Attacks in Mobile Cloud Computing
下载PDF
导出
摘要 低功率蓝牙(BLE)专为资源受限的设备设计,但现有的研究已经指出其安全简单配对方案(SSP)存在中间人攻击(MITM)漏洞.文章指出造成MITM漏洞的根本原因是:配对信息被篡改以及JW模式自身的漏洞.为此文章中提出了两个适用于移动云计算(MCC)中BLE设备的SSP改进方案,所提出的方案基于哈希函数并利用MCC技术提高SSP的安全性.方案1适用于支持PE或者OOB模式的BLE设备,其利用哈希函数确保配对信息的真实性、可靠性.方案2通过哈希序列来解决仅支持JW模式的BLE设备的MITM攻击漏洞.文章分别从安全角度和性能角度对所提出的方案进行分析,以表明方案在不同级别敌手的攻击下可以提供MITM攻击防护能力. Bluetooth low energy (BLE)is designed for the devices with computational and power limitations.But it has been confirmed that Secure Simple Pairing (SSP)is vulnerable to the MITM attack.We identify the root causes of the problem:the pairing messages being tampered,and the vulnerability of the JW model.In this paper,we propose two hash-based SSP schemes for the devices in Mobile Cloud Computing (MCC).The proposed schemes enhance the SSP security with the help of MCC.Scheme I is applied into the devices which support the PE or OOB model.It uses the hash function to ensure the authenticity and integrity of the pairing messages.Scheme II is suitable for the devices which only support the JW model.It improves the security of the JW model through using the hash array.At the end of this paper,we examine the per-formance for the proposed schemes,and perform the security analysis to show that they can provide the MITM protection a-gainst the adversaries with different levels of power.
出处 《电子学报》 EI CAS CSCD 北大核心 2016年第8期1806-1813,共8页 Acta Electronica Sinica
基金 中国科学院先导专项子课题(No.XDA06010701) 信息安全国家重点实验室科研仪器设备专项(No.Y4D0031302)
关键词 蓝牙低功率 安全简单配对方案 中间人攻击 移动云计算 bluetooth low energy secure simple pairing man-in-the-middle attacks mobile cloud computing
  • 相关文献

参考文献2

二级参考文献25

  • 1BluetoothTM SIG.The Bluetooth Specification Version1.0[S].1999.
  • 2HERMELIN M,NYBERG K.Correlation properties of bluetooth combiner generator[A].SONG J.The 2^th International Conference on Information Security and Cryptology (ICISC'99)[C].LNCS1787.Berlin:Springer-Verlag,2000.17-29.
  • 3EKDAHL K,JOHANSSON T.Some Results on Correlations in the Bluetooth Stream Cipher[EB/OL].http://www.it.lth.se/patrik /papers/bluetooth.ps,2004-11-7.
  • 4GOLIC J DJ,BAGINI V,MORGARI G.Linear cryptanalysis of bluetooth stream cipher[A].KNUDSEN L.EUROCRYPT 2002[C].LNCS 2332.Berlin:Springer-Verlag,2002.238-255.
  • 5FLUHRER S R,LUCKS S.Analysis of the E0 encryption system[A].SERGE V.Selected Areas in Cryptography-SAC2001[C].LNCS 2259.Berlin:Springer-Verlag,2001.38-41.
  • 6CANNIERE C D,JOHANSSON T,PRENEEL B.Cryptanalysis of the Bluetooth Stream Cipher [EB/OL].http://www.cosic.esat.kuleuven.ac.be/publications/article-22.pdf,2004-11-7.
  • 7JONSSON F.Some Results on Fast Correlation Attacks[D].Lund Sweden:Department of Information Technology,Lund University,2002.
  • 8张卫明 李世取.带记忆组合生成器的相关免疫性[A]..密码学进展-Chinacrypt''2002[C].北京: 电子工业出版社,2002.21-30.
  • 9Bluetooth SIG specification of the bluetooth system:Core package version 4.0[EB/OL].(2009-12-17)[2013-3-2].http://www.bluetooth.org.
  • 10Pandikirupa G,Nisha K,Vidhya V,et al.Advanced system for accessing electronic health records of patients using Android mobile and sensors[J].International Journal of Engineering Research&Technology,2013,4(2):639-643.

共引文献2

同被引文献50

引证文献8

二级引证文献17

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部