检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]重庆通信学院研究生管理大队,重庆400035 [2]重庆通信学院机动作战通信系,重庆400035
出 处:《计算机应用》2011年第5期1265-1270,共6页journal of Computer Applications
摘 要:IEEE 802.1X标准存在一些设计缺陷,为消除拒绝服务攻击(DoS)、重放攻击、会话劫持、中间人攻击等安全威胁,从状态机运行角度对协议进行了分析,指出产生这些问题的根源在于协议状态机的不平等和不完备,缺乏对消息完整性和源真实性的保护。提出并实现了一种双向挑战握手及下线验证的改进方案,并用一种改进的BAN逻辑对其进行了形式化分析。经验证,该方案能有效抵御上述安全威胁。It has been proved in many researches that there are some design flaws in IEEE 802.1X standard.In order to eliminate the Denial of Service(DoS) attack,replay attack,session hijack,Man-In-the-Middle(MIM) attack and other security threats,the protocol was analyzed in view of the state machines.It is pointed out that the origin of these problems is the inequality and incompleteness of state machines as well as the lack of integrity protection and source authenticity on messages.However,an improvement proposal called Dual-way Challenge Handshake and Logoff Authentication was proposed,and a formal analysis was done on it with an improved BAN logic.It is proved that the proposal can effectively resist the security threats mentioned above.
关 键 词:网络访问控制 IEEE 802.1X标准 可扩展认证协议 状态机 形式化分析 BAN逻辑
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.148.179.141
