一种增强的DTLS密钥交换协议  被引量:2

An Enhanced DTLS Key Exchange Protocol

在线阅读下载全文

作  者:黄劲松 代霞[1] HUANG Jinsong;DAI Xia(No.30 Institute of CETC,Chengdu Sichuan 610041,China)

机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041

出  处:《通信技术》2022年第2期229-235,共7页Communications Technology

摘  要:数据报传输层安全(Datagram Transport Layer Security,DTLS)协议基于用户数据报(User Datagram Protocol,UDP)协议套接字(socket),在传输层和应用层之间构建了一个端到端的安全通道,保证了传输数据的机密性。DTLS提供了基于椭圆曲线迪菲-赫尔曼(Elliptic Curve Diffie-Hellman,ECDH)和预共享密钥(Pre-Shared Key,PSK)两种密钥交换协议,前者安全性好但耗时长开销大,后者效率高但安全级别低。因此,在ECDH和PSK基础上,提出了一种增强的密钥交换协议,该协议在不改变密钥交换流程且不增加网络传输开销的前提下,通过PSK存储于密钥池以及使用时动态选取和使用后滚动更新的方式,有效地抵御了前向和后向安全攻击,并避免了数据被窃听或篡改。Based on UDP(User Datagram Protocol)socket,the DTLS(Datagram Transport Layer Security)protocol constructs an end-to-end secure channel between transport layer and application layer to ensure the encryption of transmitted data.DTLS provides two key exchange protocols based on ECDH(Elliptic Curve Diffie-Hellman)and PSK(Pre-Shared Key).The former has good security but long time-consuming and high overhead,and the latter has high efficiency but low security level.Therefore,based on ECDH and PSK,an enhanced key exchange protocol is proposed.Without changing the key exchange process and increasing the network transmission overhead,the protocol effectively resists eavesdropping,tampering,forward and backward security attacks by storing PSK keys in the key pool,dynamically selecting them during use and rolling up grade them after use.

关 键 词:数据报传输层安全 椭圆曲线迪菲-赫尔曼 预共享密钥 密钥交换 安全攻击 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象