检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京邮电大学网络与交换技术国家重点实验室,北京100876
出 处:《北京邮电大学学报》2010年第6期64-67,80,共5页Journal of Beijing University of Posts and Telecommunications
基 金:国家自然科学基金项目(60873191;60903152;61003286;60821001)
摘 要:在移动商务环境下为了解决全自动区分计算机和人类的公开图灵测试(CAPTCHA)技术易被攻击而失效的问题,提出了适用于该环境的口令认证密钥交换协议.将认证密钥交换过程与CAPTCHA挑战/应答过程巧妙融合,在不增加协议通信轮数的条件下,通过对称加密方案保护CAPTCHA问题实例;采用适于移动终端的椭圆曲线公钥系统,基于智能卡的安全特性,提高了协议的效率和安全性;在随机预言机模型下,给出了安全性证明.与同类协议相比,新协议仅需3轮通信就能使CAPTCHA问题实例免受攻击,无须存储口令验证表,具备前向安全性.For mobile-commerce environments, a novel password-based authenticated key exchange protocol is proposed to solve that the technology to effectively prevent legitimate users' abuse, named as completely automatic public Turing test to tell computer and human apart (CAPTCHA) , is vulnerable to analytical attacks. The protocol elaborately combines the CAPTCHA challenge/response progress with the authenticated key exchange interaction. It introduces symmetric eneryption scheme to make CAPTCHA secure without additional communication rounds. And it is based on smart-cards to obtain stronger securi- ty and adopts elliptic curve cryptosystem which is suitable for the environments. In random oracle model it is provably secure. Compared with the other related protocols, it requires only three communication rounds, protects CAPTCHA against analytical attacks, needs no validation tables storing on the server and provides perfect forward secrecy.
关 键 词:口令认证密钥交换 全自动区分计算机和人类的公开图灵测试 椭圆曲线公钥系统 智能卡
分 类 号:TN929.53[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.219