摘要
为解决Kerberos身份认证协议易遭受口令猜测攻击和重放攻击等局限和不足,提出一种基于物理不可克隆函数(physical unclonable function,PUF)的Kerberos改进协议。该协议的优势在于利用物理不可克隆函数生成的激励响应对代替原协议中的密钥,降低密钥存储开销和密钥泄露的风险;使用随机数与用户口令相结合生成会话密钥,用于抵抗口令猜测攻击;在抗重放攻击方面,采用随机数代替时间戳的方式减少同步需求。使用Scyther形式化分析工具分析该协议的安全性,验证了该协议可以抵抗口令攻击、重放攻击等威胁。
To solve the limitations and shortcomings of Kerberos authentication protocol,which is vulnerable to password gues-sing attack and replay attack,an improved Kerberos protocol based on physical unclonable function(PUF)was proposed.The advantage of this protocol was that the incentive response pair generated by PUF was used to replace the key in the original protocol,which reduced the key storage overhead and the risk of key leakage.Random numbers were combined with user passwords to generate session keys to resist password guessing attacks.In the aspect of anti-replay attack,random numbers were used instead of time stamps to reduce the need for synchronization.Using Scyther formal analysis tool to analyze the security of the protocol,it is verified that the protocol can resist password attacks,replay attacks and other threats.
作者
冯志华
张宇轩
卢文涛
罗重
FENG Zhi-hua;ZHANG Yu-xuan;LU Wen-tao;LUO Chong(Institute 706,Second Academy of China Aerospace Science and Industry Corporation,Beijing 100854,China)
出处
《计算机工程与设计》
北大核心
2022年第11期3045-3050,共6页
Computer Engineering and Design
基金
国家重点研发计划基金项目(2018YFB220030)。
