网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (12): 22-30.doi: 10.11959/j.issn.2096-109x.2017.00224

• 学术论文 • 上一篇    下一篇

增强TLS 1.3中Early data安全性的协议

张兴隆1,程庆丰1,2(),马建峰2   

  1. 1 信息工程大学,河南 郑州 450004
    2 西安电子科技大学计算机学院,陕西 西安 710071
  • 修回日期:2017-11-28 出版日期:2017-12-01 发布日期:2018-01-12
  • 作者简介:张兴隆(1994-),安徽滁州人,信息工程大学硕士生,主要研究方向为密码学和信息安全。|程庆丰(1979-),辽宁朝阳人,博士,信息工程大学副教授,主要研究方向为密码学和信息安全。|马建峰(1963-),男,陕西西安人,西安电子科技大学教授、博士生导师,主要研究方向为密码学、无线和移动安全。
  • 基金资助:
    国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016007);密码科学技术国家重点实验室开放课题基金资助项目(MMKFKT201514)

Protocol to enhance the security of Early data in TLS 1.3

Xing-long ZHANG1,Qing-feng CHENG1,2(),Jian-feng MA2   

  1. 1 Information Engineering University,Zhengzhou 450004,China
    2 College of Computer Science,Xidian University,Xi’an 710071,China
  • Revised:2017-11-28 Online:2017-12-01 Published:2018-01-12
  • Supported by:
    The National High Technology Research and Development Program (863 Program)(2015AA016007);The National Key Laboratory Foundation of Cryptography(MMKFKT201514)

摘要:

将新型0-RTT密钥交换协议思想借鉴到TLS 1.3会话重用阶段,构建rFSOPKE协议,改进了Early data的加密和传输过程。rFSOPKE协议可以在Ticket有效期内保护Early data的前向安全性并使其抵抗重放攻击。与改进前Early data的发送过程相比,本协议大幅增强了Early data的安全性。在实现效率方面,由于在发送Early data时增加了本协议的计算和传输开销,所以实现效率有所降低。但是本协议可以根据应用场景的不同嵌入适合的算法,所以可以选择更加高效的算法提高协议实现速度。

关键词: 0-RTT, Earlydata, 前向安全, 重放攻击, rFSOPKE

Abstract:

The new 0-RTT Internet key exchange was drawn on the TLS 1.3 session resumption phase,the rFSOPKE protocol was constructed,and the Early data encryption and transmission process were improved.The rFSOPKE protocol can protect the forward security of Early data and protect it from replay attacks during the validity period of the Ticket.Compared with the previous Early data transmission process,rFSOPKE greatly enhanced the security of Early data.Due to the increase in the calculation and transmission overhead of this protocol when sending Early data,the efficiency of the protocol is reduced.However,rFSOPKE can embed the appropriate algorithm according to the different application environment,so more efficient algorithms should be chosen to improve the protocol implementation speed.

Key words: 0-RTT, Early data, forward security, replay attack, rFSOPKE

中图分类号: 

No Suggested Reading articles found!