本文已被:浏览 1480次 下载 1778次
Received:January 18, 2016 Revised:March 08, 2016
Received:January 18, 2016 Revised:March 08, 2016
中文摘要: 攻击者获取某主体(actor)的长期私钥后,利用该私钥伪装成其他主体欺骗actor或获取保密信息的行为被称为AKC(Actor Key Compromise)攻击.除密钥交换协议外,AKC攻击在其他类型的协议研究中较少受关注.本文强调了AKC攻击问题的重要性,并对其攻击方式和应对策略进行系统研究.通过实验总结出4类AKC攻击方式,并对应提出3类抵制AKC攻击的协议模型和设计原则.在此基础上,给出了将一般协议转换为AKCS协议(在AKC攻击下保持安全性质的协议)的启发式算法.在实例分析中,将算法应用在Email、SET、Kerberos等协议上.实验表明,上述协议受AKC攻击,但在算法的转换下,协议不再受AKC攻击影响.
Abstract:After the fact that an adversary obtains an actor's long-term secret key, the adversary may impersonate other actors or obtain secrete information with the key. This kind of attack is called AKC (Actor Key Compromise) attack. Except for key exchange protocols, not much attention has been paid on other types of security protocols in the research of AKC attacks. In this paper, we consider this AKC problem and provide systematic analysis of AKC attacks, its attack patterns and countermeasures. Based on experimental analysis, this paper classifies four AKC attack patterns, and three corresponding protocol models and design principles to protect against AKC attacks. Based on these models and principles, it proposes a heuristic algorithm that transforms a protocol into an AKCS one (that keeps security property under AKC attacks). As case studies, it apply the algorithm on protocols including Email, SET and Kerberos. The results show that these protocols are vulnerable to AKC attacks, but after the transformation by the algorithm, they are no longer vulnerable to such attacks.
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(61272135)
引用文本:
麻婧,张文辉.AKC攻击研究:攻击方式、转换算法和实例分析.计算机系统应用,2016,25(10):18-26
MA Jing,ZHANG Wen-Hui.Research on AKC Attack: Attack Pattern, Transformation Algorithm and Case Study.COMPUTER SYSTEMS APPLICATIONS,2016,25(10):18-26
麻婧,张文辉.AKC攻击研究:攻击方式、转换算法和实例分析.计算机系统应用,2016,25(10):18-26
MA Jing,ZHANG Wen-Hui.Research on AKC Attack: Attack Pattern, Transformation Algorithm and Case Study.COMPUTER SYSTEMS APPLICATIONS,2016,25(10):18-26
