强壮的基于服务器支持的签名认证的电子邮件系统的安全性分析
On the Security of a Robust Certified Email System Based on Server-Supported Signature
通过认证的电子邮件是标准的电子邮件系统中的增值服务, 它允许发送方以公平的方式将消息传递给接受方。在这个意义上,或者发送方从接收器收到收据与接收器访问电子邮件的内容同步,或者任何一方都不能取得预期的结果。在ICICS 2003, Yang等提出一个可认证的邮件系统,它由服务器支持的签名方案缓解了移动设备的计算开销与有限的计算能力。作者声称他们的方案是错误容忍和强壮的,且抵制移动敌手和阴谋攻击。本文分析了他们的方案,即成功地呈现出几个安全缺陷。我们指出他们的方案当发送方和授权者合谋时,不能抵制合谋攻击。
ertified E-mail is a value-added service for standard e-mail systems, which allows a sender to deliver a message to a receiver in a fair way in the sense that either the sender gets a receipt from the receiver and the receiver accesses the content of the e-mail simultaneously, or neither party obtains the expected item. In ICICS'03, Yang et al. proposed a new certified e-mail system which alleviates computational overhead of mobile devices with limited computing power by server-supported signatures scheme. They claimed their scheme is fault-tolerant and robust against mobile adversary and conspiracy attacks. In this paper, we analyze their scheme and successfully identify several security flaws. Their scheme is vulnerable to conspiracy attacks by the sender colluding with a delegate.
郭丽峰
通信
认证的邮件系统公平交易密钥共享合谋攻击
certified e-mailfair exchangemail securitysecret sharing.
郭丽峰.强壮的基于服务器支持的签名认证的电子邮件系统的安全性分析[EB/OL].(2013-12-23)[2025-08-18].http://www.paper.edu.cn/releasepaper/content/201312-682.点此复制
评论