| 基于无证书签名的抗DNS中间人攻击方案 |
| |
| 引用本文: | 胡杨,韩增杰,叶帼华,姚志强. 基于无证书签名的抗DNS中间人攻击方案[J]. 网络与信息安全学报, 2021, 7(6): 167-177. DOI: 10.11959/j.issn.2096-109x.2021093 |
| |
| 作者姓名: | 胡杨 韩增杰 叶帼华 姚志强 |
| |
| 作者单位: | 1. 福建师范大学计算机与网络空间安全学院,福建 福州 350117;2. 福建省公共服务大数据挖掘与应用工程技术研究中心,福建 福州 350108;3. 非遗数字化与多源信息融合福建省高校工程研究中心,福建 福清 350300 |
| |
| 基金项目: | 国家自然科学基金(61872090);国家自然科学基金(61972096);福建省引导性科技项目计划(2019H0010);非遗数字化与多源信息融合福建省高校工程研究中心开放课题(FJ-ICH201901) |
| |
| 摘 要: | 为应对域名系统协议中存在的中间人攻击问题,提出一种轻量化的解决方案.该方案在DNSSEC的基础上引入无证书签名技术构建新的签名算法,去除难以部署的信任链以提高消息认证的效率和安全性;同时通过使用对称加密技术确保消息的机密性,加大敌手的攻击难度.理论分析证明了所提方案能够抵抗常见的中间人攻击类型,实验对比结果显示所提方案...
|
| 关 键 词: | 域名系统 中间人攻击 无证书签名 |
Preventing man-in-the-middle attacks in DNS through certificate less signature |
| |
| Yang HU,Zengjie HAN,Guohua YE,Zhiqiang YAO. Preventing man-in-the-middle attacks in DNS through certificate less signature[J]. Chinese Journal of Network and Information Security, 2021, 7(6): 167-177. DOI: 10.11959/j.issn.2096-109x.2021093 |
| |
| Authors: | Yang HU Zengjie HAN Guohua YE Zhiqiang YAO |
| |
| Affiliation: | 1. College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China;2. Fujian Engineering Research Center of Public Service Big Data Mining and Application, Fuzhou 350108, China;3. Engineering Research Center for ICH Digitalization and Multi-Source Information Fusion, Fuqing 350300, China |
| |
| Abstract: | Aiming at resisting the man-in-the-middle attacks in the domain name system protocol, a lightweight solution was proposed.The scheme introduced certificate less signature algorithm, removed the difficult-to-deploy trust chain to improve the efficiency and security of authentication.By using symmetric encryption technology, the proposed solution ensured the confidentiality of the message and increase the attack difficulty.The theoretical analysis proved the proposed scheme can resist common man-in-the-middle attacks.Experimental comparison results show the scheme has better performance than similar schemes. |
| |
| Keywords: | domain name system man-in-the-middle attacks certificate less signature |
|
| 点击此处可从《网络与信息安全学报》浏览原始摘要信息 |
|
点击此处可从《网络与信息安全学报》下载免费的PDF全文 |
