通信学报 ›› 2021, Vol. 42 ›› Issue (8): 103-110.doi: 10.11959/j.issn.1000-436x.2021154

• 学术论文 • 上一篇    下一篇

基于密钥协商的防范DHCP中间人攻击方案

姚志强1,2, 竺智荣1,2, 叶帼华1,2   

  1. 1 福建师范大学计算机与网络空间安全学院,福建 福州 350108
    2 福建省公共服务大数据挖掘与应用工程技术研究中心,福建 福州 350108
  • 修回日期:2021-06-21 出版日期:2021-08-25 发布日期:2021-08-01
  • 作者简介:姚志强(1967- ),男,福建莆田人,博士,福建师范大学教授、博士生导师,主要研究方向为大数据安全与隐私保护、多媒体安全、应用安全
    竺智荣(1993- ),男,浙江宁波人,福建师范大学硕士生,主要研究方向为大数据安全与隐私保护
    叶帼华(1976- ),女,福建霞浦人,福建师范大学副教授,主要研究方向为大数据安全与隐私保护、信息安全
  • 基金资助:
    国家自然科学基金资助项目(61872090);国家自然科学基金资助项目(61972096);国家自然科学基金资助项目(61872088);福建省引导性科技项目计划基金资助项目(2019H0010)

Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement

Zhiqiang YAO1,2, Zhirong ZHU1,2, Guohua YE1,2   

  1. 1 College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350108, China
    2 Fujian Engineering Research Center of Public Service Big Data Mining and Application, Fuzhou 350108, China
  • Revised:2021-06-21 Online:2021-08-25 Published:2021-08-01
  • Supported by:
    The National Natural Science Foundation of China(61872090);The National Natural Science Foundation of China(61972096);The National Natural Science Foundation of China(61872088);The Guiding Science and Technology Planning Project of Fujian(2019H0010)

摘要:

为应对动态主机设置协议在使用过程中遇到的中间人攻击问题,提出一种轻量的解决方案。引入公钥密码技术,设计新的密钥协商算法并产生相关密钥,以减轻密钥存储负担;基于该算法提出安全方案,通过参与方的双向认证防范攻击行为,构造符合协议规范的数字签名确保消息来源。安全分析表明,该算法可有效抵御中间人攻击以及其他常见攻击类型;实验结果表明,所提方案较同类方案具有更好的性能表现,且可同时兼容DHCPv4与DHCPv6。

关键词: 动态主机设置协议, 中间人攻击, 密钥协商, 消息认证

Abstract:

In order to deal with the issue of the man-in-the-middle attack in the process of using dynamic host configuration protocol, a lightweight scheme was proposed.A new key agreement algorithm was developed based on public key cryptography to generate relevant keys, reducing the key storage burden.On the basis, a secure scheme was proposed, where two-way authentication of participants was designed to prevent the man-in-the-middle attack and digital signatures conforming to protocol specifications was constructed to ensure the legitimacy of the message source.By security analysis, the proposed scheme was demonstrated to be secure and valid against the man-in-the-middle attack and other common attacks.Experimental results show that the proposed scheme has the better performance compared with the related schemes, and can be compatible with both DHCPv4 and DHCPv6.

Key words: dynamic host configuration protocol, man-in-the-middle attack, key agreement, message authentication

中图分类号: 

No Suggested Reading articles found!