CN109039607A - A kind of Safety Analysis Method of code key agreement protocol - Google Patents
A kind of Safety Analysis Method of code key agreement protocol Download PDFInfo
- Publication number
- CN109039607A CN109039607A CN201810969683.XA CN201810969683A CN109039607A CN 109039607 A CN109039607 A CN 109039607A CN 201810969683 A CN201810969683 A CN 201810969683A CN 109039607 A CN109039607 A CN 109039607A
- Authority
- CN
- China
- Prior art keywords
- cert
- agreement protocol
- key agreement
- safety analysis
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
It is disclosed by the invention to belong to field of information security technology, specially a kind of Safety Analysis Method of code key agreement protocol, the Safety Analysis Method of the code key agreement protocol includes the following steps: S1: choosing an attacker E, is realized using attacker E and implement unknown key-share attack to key agreement protocol;S2:A verifies the digital signature of E, and checks 1 < gyWhether < q is true;S3:A randomly selects a secret valueAnd with the public key PK of EBEncryption;S4:B SKBDecryptionAnd ENC is decrypted with xx(α, Cert (A)), obtains α and verifying Cert (A), and B verifies Cert (A);S5:B calculates β=h1((gα)y), and be compared with α;S6:B calculates h2(gx), and it is sent to A as confirmation message, A calculates h2(gx), and message h is sent with E2(gx) be compared, key agreement protocol can be analyzed in the safety by known various attacks, the safety analysis to passive attack and go-between's forgery attack is realized, substantially increase the safety of key agreement protocol.
Description
Technical field
The present invention relates to field of information security technology, specially a kind of Safety Analysis Method of code key agreement protocol.
Background technique
Key agreement protocol is that the parameter that session key is generated respectively by each agreement participant is calculated by certain
Out.Key Establishing Protocol refers to that two or more participants establish the mistake of interim secret session key on disclosed network
Journey, the session key obtained using this agreement, participants can establish safe lane in open network, to guarantee
The safety of information is transmitted, Key Establishing Protocol is the basic module of cryptography, and safety is established on unsafe network
The most basic demand of channel.Not only there is complicated calculating for existing key agreement protocol, and there is also insecurity,
So needing to carry out safety analysis to key agreement protocol, existing analysis method complex steps, analytic angle is single, thus
Comprehensively key agreement protocol can not be analyzed.For this purpose, it is proposed that a kind of safety analysis side of code key agreement protocol
Method.
Summary of the invention
The purpose of the present invention is to provide a kind of Safety Analysis Methods of code key agreement protocol, to solve above-mentioned background skill
The problem of being proposed in art.
To achieve the above object, the invention provides the following technical scheme: a kind of safety analysis side of code key agreement protocol
The Safety Analysis Method of method, the code key agreement protocol includes the following steps:
S1: choosing an attacker E, is realized using attacker E and implements unknown key-share attack to key agreement protocol,
Randomly select a secret valueCalculate gyAnd X=gyModp, B are using the private key of oneself to gy, Cert (B) does number
Sign { gy,Cert(B)sigB, B is gy, Cert (B), { gy,Cert(B)sigBIt is sent to A;
S2:A verifies the digital signature of E, and checks 1 < gyWhether < q is true, if so, it authenticates successfully, if not,
Authentification failure;
S3:A randomly selects a secret valueAnd with the public key PK of EBEncryption, and α and Cert (A), A are encrypted with x
?ENCx(Cert (A)) is sent to E;
S4:B SKBDecryptionAnd ENC is decrypted with xx(α, Cert (A)) obtains α and verifying Cert (A), B verifying
Cert (A), if it fails, authentification failure, if success, authenticates successfully;
S5:B calculates β=h1((gα)y), and be compared with α, if two differences, authentification failure, if they are the same, certification at
Function;
S6:B calculates h2(gx), and it is sent to A as confirmation message, A calculates h2(gx), and message h is sent with E2
(gx) be compared, if two differences, authentification failure authenticate successfully if they are the same.
Preferably, in the step S1, attacker E needs to generate the long-term private of oneself, and applies for the certificate of oneself
Cert(E)。
Preferably, in the step S1 private key of B calculation method be using based on Lagrange Polynomial interpolating method into
Row private key calculates.
Compared with prior art, the beneficial effects of the present invention are: a kind of safety for code key agreement protocol that the invention proposes
Property analysis method, key agreement protocol can be analyzed in the safety by known various attacks, realize to passive attack and
The safety analysis of go-between's forgery attack substantially increases the safety of key agreement protocol.
Specific embodiment
The technical scheme in the embodiments of the invention will be clearly and completely described below, it is clear that described implementation
Example is only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, this field is common
Technical staff's every other embodiment obtained without making creative work belongs to the model that the present invention protects
It encloses.
The present invention provides a kind of technical solution: a kind of Safety Analysis Method of code key agreement protocol, which negotiates association
The Safety Analysis Method of view includes the following steps:
S1: choosing an attacker E, is realized using attacker E and implements unknown key-share attack to key agreement protocol,
Randomly select a secret valueCalculate gyAnd X=gyModp, B are using the private key of oneself to gy, Cert (B) does number
Sign { gy,Cert(B)sigB, B is gy, Cert (B), { gy,Cert(B)sigBIt is sent to A;
S2:A verifies the digital signature of E, and checks 1 < gyWhether < q is true, if so, it authenticates successfully, if not,
Authentification failure;
S3:A randomly selects a secret valueAnd with the public key PK of EBEncryption, and α and Cert (A), A are encrypted with x
?ENCx(Cert (A)) is sent to E;
S4:B SKBDecryptionAnd ENC is decrypted with xx(α, Cert (A)) obtains α and verifying Cert (A), B verifying
Cert (A), if it fails, authentification failure, if success, authenticates successfully;
S5:B calculates β=h1((gα)y), and be compared with α, if two differences, authentification failure, if they are the same, certification at
Function;
S6:B calculates h2(gx), and it is sent to A as confirmation message, A calculates h2(gx), and message h is sent with E2
(gx) be compared, if two differences, authentification failure authenticate successfully if they are the same.
Wherein, in the step S1, attacker E needs to generate the long-term private of oneself, and applies for the certificate Cert of oneself
(E), the calculation method of the private key of B is to carry out private key calculating using based on Lagrange Polynomial interpolating method in the step S1.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (3)
1. a kind of Safety Analysis Method of code key agreement protocol, it is characterised in that: the safety analysis of the code key agreement protocol
Method includes the following steps:
S1: choosing an attacker E, is realized using attacker E and implements unknown key-share attack to key agreement protocol, at random
Choose a secret valueCalculate gyAnd X=gyModp, B are using the private key of oneself to gy, Cert (B) does digital signature
{gy,Cert(B)sigB, B is gy, Cert (B), { gy,Cert(B)sigBIt is sent to A;
S2:A verifies the digital signature of E, and checks 1 < gyWhether < q is true, if so, it authenticates successfully, if not, certification is lost
It loses;
S3:A randomly selects a secret valueAnd with the public key PK of EBEncryption, and α and Cert (A), A handle are encrypted with xIt is sent to E;
S4:B SKBDecryptionAnd ENC is decrypted with xx(α, Cert (A)), obtains α and verifying Cert (A), and B verifies Cert
(A), if it fails, authentification failure authenticates successfully if successful;
S5:B calculates β=h1((gα)y), and be compared with α, if two differences, authentification failure authenticate successfully if they are the same;
S6:B calculates h2(gx), and it is sent to A as confirmation message, A calculates h2(gx), and message h is sent with E2(gx)
It is compared, if two differences, authentification failure authenticate successfully if they are the same.
2. a kind of Safety Analysis Method of code key agreement protocol according to claim 1, it is characterised in that: the step
In S1, attacker E needs to generate the long-term private of oneself, and applies for the certificate Cert (E) of oneself.
3. a kind of Safety Analysis Method of code key agreement protocol according to claim 1, it is characterised in that: the step
The calculation method of the private key of B is to carry out private key calculating using based on Lagrange Polynomial interpolating method in S1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810969683.XA CN109039607A (en) | 2018-08-23 | 2018-08-23 | A kind of Safety Analysis Method of code key agreement protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810969683.XA CN109039607A (en) | 2018-08-23 | 2018-08-23 | A kind of Safety Analysis Method of code key agreement protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109039607A true CN109039607A (en) | 2018-12-18 |
Family
ID=64627215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810969683.XA Pending CN109039607A (en) | 2018-08-23 | 2018-08-23 | A kind of Safety Analysis Method of code key agreement protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109039607A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835516A (en) * | 2020-06-14 | 2020-10-27 | 西安电子科技大学 | Public key repudiatable encryption method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
CN102833748A (en) * | 2012-09-20 | 2012-12-19 | 北京邮电大学 | Wireless network lightweight class authentication key negotiation protocol based on digital certificate |
CN103634104A (en) * | 2013-11-26 | 2014-03-12 | 常州大学 | Three-party authentication key agreement protocol generating method based on certificates |
-
2018
- 2018-08-23 CN CN201810969683.XA patent/CN109039607A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
CN102833748A (en) * | 2012-09-20 | 2012-12-19 | 北京邮电大学 | Wireless network lightweight class authentication key negotiation protocol based on digital certificate |
CN103634104A (en) * | 2013-11-26 | 2014-03-12 | 常州大学 | Three-party authentication key agreement protocol generating method based on certificates |
Non-Patent Citations (1)
Title |
---|
周永彬等: ""一种认证密钥协商协议的安全分析及改进"", 《软件学报》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111835516A (en) * | 2020-06-14 | 2020-10-27 | 西安电子科技大学 | Public key repudiatable encryption method and system |
CN111835516B (en) * | 2020-06-14 | 2021-11-23 | 西安电子科技大学 | Public key repudiatable encryption method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4842831B2 (en) | Certificate-protected dynamic provisioning | |
US10142297B2 (en) | Secure communication method and apparatus | |
US9819666B2 (en) | Pass-thru for client authentication | |
US20210367753A1 (en) | Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption | |
US8533482B2 (en) | Method for generating a key pair and transmitting a public key or request file of a certificate in security | |
CA2590989C (en) | Protocol and method for client-server mutual authentication using event-based otp | |
CN103095696B (en) | A kind of authentication and cryptographic key negotiation method being applicable to power information acquisition system | |
JP2007511167A5 (en) | ||
KR100966071B1 (en) | Method for multi-party-key agreement using bilinear map and system therefor | |
US20100185860A1 (en) | Method for authenticating a communication channel between a client and a server | |
CN103780618A (en) | Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket | |
CN101119196A (en) | Bidirectional identification method and system | |
JP2013017197A5 (en) | ||
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
WO2014069985A1 (en) | System and method for identity-based entity authentication for client-server communications | |
CN112235108B (en) | 802.1X-based EAP-TLS authentication system | |
US11722466B2 (en) | Methods for communicating data utilizing sessionless dynamic encryption | |
CN110351272A (en) | A kind of general anti-quantum two-way authentication cryptographic key negotiation method (LAKA) | |
CN103414559A (en) | Identity authentication method based on IBE-like system in cloud computing environment | |
CN101277186B (en) | Method for implementing exterior authentication using asymmetry key algorithm | |
CN105245338B (en) | A kind of authentication method and apparatus system | |
CZ2013373A3 (en) | Authentication method of safe data channel | |
CN106992866A (en) | It is a kind of based on wireless network access methods of the NFC without certificate verification | |
CN109039607A (en) | A kind of Safety Analysis Method of code key agreement protocol | |
CN102098397A (en) | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |
|
RJ01 | Rejection of invention patent application after publication |