基于BAN逻辑的SIP网络认证协议安全性研究  被引量:2

Research on authentication protocol security for SIP networks based on BAN logic

在线阅读下载全文

作  者:张兆心[1] 杜跃进[1] 方滨兴[1] 张宏莉[1] 

机构地区:[1]哈尔滨工业大学国家计算机网络与信息安全重点实验室,哈尔滨150001

出  处:《高技术通讯》2010年第11期1108-1114,共7页Chinese High Technology Letters

基  金:863计划(2006AA01Z451;2007AA010503)资助项目

摘  要:利用BAN逻辑对会话初始化协议(SIP)网络采用的超文本传输协议(HTTP)摘要认证协议进行了形式化分析和推导。通过严格的逻辑推导,证明HTTP摘要认证协议存在不足,以及由此产生的伪装攻击。通过对逻辑推理结果和推导过程的分析,针对BAN逻辑提出增加消息抗否认性规则和消息新鲜性传递规则,增强了BAN逻辑的逻辑推理能力;针对HTTP摘要认证协议提出增加数字签名、公私钥机制、双向认证和密钥协商,提高了HTTP摘要认证协议的安全性。The formalized amalysis and deduction of the HTFP digest authentication protocol used in session initiation protocol (SIP) networks were conducted by using the BAN logic. The limitations in the HTTP digest authentication protocol and the impersonation attacks caused by the limitations were verified through the strict logic ratiocination. Based on the result of the logic ratiocination and the analysis of the ratiocination process, the message identity validating rule and the message novelty transfer rule were added to the BAN logic, and the ability for logic deduction of the BAN logic was improved. The measures of digital signature, public and private key, two-way authentication, and key negotiation were added to the HTTP Digest authentication protocol, and the security of the protocol was enhanced.

关 键 词:BAN逻辑 SIP HTTP摘要认证协议 双向认证 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象