| 具有完美前向机密性的鲁棒电子邮件协议的改进 |
| |
| 引用本文: | 蒋睿,胡爱群,杨晓辉.具有完美前向机密性的鲁棒电子邮件协议的改进[J].东南大学学报,2008,24(2). |
| |
| 作者姓名: | 蒋睿 胡爱群 杨晓辉 |
| |
| 作者单位: | 东南大学信息科学与工程学院,南京210096 |
| |
| 摘 要: | 针对2个具有完美前向机密性的鲁棒电子邮件协议所存在的安全缺陷,分析了2个协议所面临的协议攻击,并得出了相应的改进方案.首先,通过对2个电子邮件协议的分析,提出了相应的中间人攻击方法,其中攻击者在协议的接收阶段通过伪造信息来欺骗通信双方,并使通信双方与其共享错误的会话密钥.由此中间人攻击使得2个电子邮件协议的完美前向机密性得不到保证.其次,通过在2个协议的接收阶段加入相应的签名信息,提出了对2个协议的改进方案,以确保改进协议能够克服中间人攻击并且提供协议的完美前向机密性.此外,经改进的协议仍然能够保持原协议的所有优点.
|
| 关 键 词: | 中间人攻击 电子邮件 网络安全 完美前向机密性 |
Improvements on robust email protocols with perfect forward secrecy |
| |
| Jiang Rui,Hu Aiqun,Yang Xiaohui.Improvements on robust email protocols with perfect forward secrecy[J].Journal of Southeast University(English Edition),2008,24(2). |
| |
| Authors: | Jiang Rui Hu Aiqun Yang Xiaohui |
| |
| Abstract: | According to the security shortages of two robust practical email protocols with perfect forward secrecy,attacks on the two protocols are analyzed and corresponding improvements on the two protocols are proposed.First,by analyzing the two email protocols,the corresponding man-in-the-middle attacks are proposed,where the adversary forges the messages in the receiving phase to cheat the two communication participants and makes them share the wrong session keys with him.Consequently,the man-in-the-middle attacks can make the two protocols fail to provide perfect forward secrecy.Secondly,by adding corresponding signatures in the receiving phases of the two protocols,two corresponding improvements on the protocols are proposed to overcome the man-in-the-middle attacks on the two protocols and make them provide perfect forward secrecy.Moreover,the two improved protocols can retain all the merits of the former protocols. |
| |
| Keywords: | man-in-the-middle attack email network security perfect forward secrecy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
