基于双重验证的抗重放攻击方案

发布时间：2018-03-13 04:07

本文选题：重放攻击　切入点：存储空间　出处：《计算机工程》2017年05期 　论文类型：期刊论文

【摘要】：当前Web应用采用的HTTPS协议为客户端与服务器端之间的消息请求提供良好的加密机制,但HTTPS协议无法对应用层消息进行选择性处理,因而在消息请求交互的过程中并未全过程加密,使Web应用无法避免重放攻击。为此,提出一种基于动态校验子与计数器双重验证的抗重放攻击方案。利用服务器端的当前时间作为动态校验子,以该动态校验子作为消息请求的新鲜性,结合计数器机制反馈客户端数据丢包情况,以此防止重放攻击。实验结果表明,该方案与基于单一序列号机制的方案相比,能降低对服务器端数据库存储空间的开销,与基于单一时间戳机制的方案相比,解决了时钟同步问题,并可反馈客户端数据丢包情况。
[Abstract]:The HTTPS protocol used in the current Web application provides a good encryption mechanism for message requests between the client and the server, but the HTTPS protocol cannot selectively process the messages in the application layer. Therefore, in the process of message request interaction, the whole process is not encrypted, so that the Web application can not avoid the replay attack. This paper presents a replay attack protection scheme based on dual verification of dynamic checkout and counter. The current time of the server is used as the dynamic checkout, and the dynamic checkout is used as the freshness of the message request. In order to prevent the replay attack, the counter mechanism is used to feedback the client data packet loss. The experimental results show that compared with the scheme based on single sequence number mechanism, the proposed scheme can reduce the overhead of the storage space of the server database. Compared with the scheme based on the single timestamp mechanism, the clock synchronization problem is solved, and the client data packet loss can be feedback.
【作者单位】：暨南大学信息科学技术学院;长沙师范学院信息工程系;
【基金】：广东省科技计划项目(2014A010106014) 广东省教育部产学研结合项目(2012B091000111) 湖南省自然科学基金项目(2016JJ4002) 中央高校基本科研业务费专项资金项目(21612412)
【分类号】：TP393.08

【相似文献】