[1] Jiang Rui, Hu Aiqun, Yang Xiaohui,. Improvements on robust email protocols with perfect forward secrecy [J]. Journal of Southeast University (English Edition), 2008, 24 (2): 139-142. [doi:10.3969/j.issn.1003-7985.2008.02.003]
Copy
Improvements on robust email protocols with perfect forward secrecy(
)
具有完美前向机密性的鲁棒电子邮件协议的改进
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 24
- Issue:
- 2008 2
- Page:
- 139-142
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2008-06-03
Info
- Title:
- Improvements on robust email protocols with perfect forward secrecy
- 具有完美前向机密性的鲁棒电子邮件协议的改进
- Author(s):
- Jiang Rui; Hu Aiqun; Yang Xiaohui
- School of Information Science and Engineering, Southeast University, Nanjing 210096, China
- PACS:
- TP393
- DOI:
- 10.3969/j.issn.1003-7985.2008.02.003
- Abstract:
- According to the security shortages of two robust practical email protocols with perfect forward secrecy, attacks on the two protocols are analyzed and corresponding improvements on the two protocols are proposed.First, by analyzing the two email protocols, the corresponding man-in-the-middle attacks are proposed, where the adversary forges the messages in the receiving phase to cheat the two communication participants and makes them share the wrong session keys with him.Consequently, the man-in-the-middle attacks can make the two protocols fail to provide perfect forward secrecy.Secondly, by adding corresponding signatures in the receiving phases of the two protocols, two corresponding improvements on the protocols are proposed to overcome the man-in-the-middle attacks on the two protocols and make them provide perfect forward secrecy.Moreover, the two improved protocols can retain all the merits of the former protocols.
- 针对2个具有完美前向机密性的鲁棒电子邮件协议所存在的安全缺陷, 分析了2个协议所面临的协议攻击, 并得出了相应的改进方案.首先, 通过对2个电子邮件协议的分析, 提出了相应的中间人攻击方法, 其中攻击者在协议的接收阶段通过伪造信息来欺骗通信双方, 并使通信双方与其共享错误的会话密钥.由此中间人攻击使得2个电子邮件协议的完美前向机密性得不到保证.其次, 通过在2个协议的接收阶段加入相应的签名信息, 提出了对2个协议的改进方案, 以确保改进协议能够克服中间人攻击并且提供协议的完美前向机密性.此外, 经改进的协议仍然能够保持原协议的所有优点.
References:
[1] Schneier B.Applied cryptography[M].2nd ed.New York:John Wiley & Sons, Inc., 1995:56-120.
[2] ElGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms [J].IEEE Trans Inform Theory, 1985, 31(4):469-472.
[3] Schneier B. Email security:how to keep your electronic mail private [M].New York:John Wiley & Sons, Inc., 1995:81-156.
[4] Bacard A.The computer privacy handbook:a practical guide to email encryption, data protection, and PGP privacy software [M].Peachpit Press, 1995:18-126.
[5] Kim B, Koo J, Lee D.Robust email protocols with perfect forward secrecy [J].IEEE Communications Letters, 2006, 10(6):510-512.
[6] Sun H, Hsieh B, Hwang H.Secure email protocols providing perfect forward secrecy [J].IEEE Communications Letters, 2005, 9(1):58-60.
[7] Dent A W.Flaws in an email protocol of Sun, Hsieh, and Hwang [J].IEEE Communications Letters, 2005, 9(8):718-719.
[8] Diffie W, Hellman M E.New directions in cryptography [J].IEEE Transactions on Information Theory, 1976, 22(5):644-654.
[9] Zheng Y.Digital signcryption or how to achieve cost(signature and encryption)[C]//CRYPTO’ 97.Santa Barbara, California, USA, 1997:165-179.
Memo
- Memo:
-
Biography: Jiang Rui(1968—), male, doctor, associate professor, R.Jiang@seu.edu.cn.
Foundation item: The Natural Science Foundation of Jiangsu Province(No.BK2006108).
Citation: Jiang Rui, Hu Aiqun, Yang Xiaohui.Improvements on robust email protocols with perfect forward secrecy[J].Journal of Southeast University(English Edition), 2008, 24(2):139-142.