首页 | 官方网站   微博 | 高级检索  
     

MS-CHAP鉴别协议安全性分析
引用本文:李焕洲,林宏刚,戴宗坤,陈麟.MS-CHAP鉴别协议安全性分析[J].四川大学学报(工程科学版),2005,37(6):135-138.
作者姓名:李焕洲  林宏刚  戴宗坤  陈麟
作者单位:四川大学,信息安全研究所,四川,成都,610064
摘    要:微软质询-握手鉴别协议(MS-CHAP)通常被嵌入到其他协议中,通过"三次握手"对参与通信的实体进行身份鉴别.利用一种基于攻击者协议验证方法对MS-CHAP协议的安全性进行了形式化分析,发现该协议存在使攻击者无需破解口令即可通过身份鉴别的安全漏洞,并给出了相应的攻击剧本.研究表明MS-CHAP协议存在致命安全缺陷,不能达到预期的安全目标.

关 键 词:身份鉴别  鉴别协议  MS-CHAP  形式化分析
文章编号:1009-3087(2005)06-0135-04
收稿时间:03 2 2005 12:00AM
修稿时间:2005-03-02

Analysis on the Security of MS-CHAP
LI Huan-zhou, LIN Hong-gang, DAI Zong-kun.Analysis on the Security of MS-CHAP[J].Journal of Sichuan University (Engineering Science Edition),2005,37(6):135-138.
Authors:LI Huan-zhou  LIN Hong-gang  DAI Zong-kun
Affiliation:Inst. of Info. Security, Sichuan Univ., Chengdu 610064, China
Abstract:MS-CHAP is usually embedded in other protocols,and used to verify the peer's identity in a three-way-handshake.The security of MS-CHAP was formally analyzed by a protocol-verifying way from the attacker's point of view.The result showed that the MS-CHAP protocol has vulnerabilities by which the attacker can pass the authentication without cracking the password and the corresponding attacking scenario was given.The MS-CHAP protocol has some deadly security flaw and can't achieve the desired security goal.
Keywords:identity verify  authentication protocol  MS-CHAP  formal analysis
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司    京ICP备09084417号-23

京公网安备 11010802026262号