一种基于智能卡的远程口令认证方案

2005年,Lu-Cao指出Hwang-Li远程用户认证方案易遭受身份假冒攻击,并提出了使用智能卡的远程用户认证方案来修补这种安全缺陷。论文分析指出Lu-Cao远程用户认证方案仍存在某些安全缺陷,并介绍了一种改进的远程用户认证方案。     

一种改进的基于动态身份远程用户认证方案

基于动态身份远程用户认证可有效防止用户关键信息泄露,保证已认证用户通过授权获取网络服务.针对Wen-Li提出的基于动态身份远程用户认证与密钥协商方案进行安全性分析,指出该方案存在安全缺陷,可能导致泄露用户部分关键信息,进而遭受网络攻击.在保留Wen-Li方案优点的基础上提出一种改进的远程用户认证方案,重新设计了认证过程中的会话密钥和密钥确认消息.与Wen-Li方案相比,改进方案能够抵御中间人攻击以及盗窃智能卡攻击,并增强了方案的前向安全性.     

基于生物特征的匿名远程用户认证方案

分析基于生物特征与二次剩余的远程用户认证方案,指出其存在不能抵抗冒充用户攻击、假冒服务器攻击、会话密钥泄露攻击和拒绝服务攻击等安全缺陷,基于此提出一个基于生物特征、口令与智能卡的匿名远程用户认证方案,主要包含注册、登录、认证和口令更新4个阶段。分析结果表明,该方案不仅克服了远程用户认证方案的安全缺陷,而且还可以抵抗智能卡丢失攻击、重放攻击,并实现了用户匿名性。     

基于智能卡的远程认证体制

介绍了2006年 Manik 提出的远程认证体制,对其存在安全缺陷进行了详细分析.在此基础上,提出一种改进的远程认证体制.该体制使用用户智能卡生成一个立即数并使用两种杂凑运算,以改进整个认证体制的安全性能和计算性能.与现有的其它远程认证体制相比,提出的远程认证体制还实现了用户和远程服务器之间的双向认证.     

基于ECC的密钥协商及双向认证方案

针对当前移动通信系统中认证和密钥协商协议存在的安全缺陷,提出一种基于椭圆曲线密码体制的双向认证和密钥协商方案,用于移动网络中任意用户之间,或用户与网络之间进行双向认证和会话密钥的安全协商.该方案采用ECC技术,能够在更小的密钥量下提供更大的安全性,减少对带宽的需求,降低移动终端的计算负担和存储要求.     

基于双线性对和Nonce的智能卡远程用户认证方案*

远程用户认证方案是远程服务器通过不安全的网络认证远程用户身份的一种机制。根据椭圆曲线上的双线性对的优良性质,2006年,Das等人提出了基于双线性对的远程用户认证方案。2009年, Goriparthi等人指出该方案易遭受伪造攻击和重放攻击并给出了一个改进方案。然而发现Goriparthi等人的改进方案易遭受内部人员攻击、拒绝服务攻击和服务器哄骗攻击以及存在时钟同步问题。为了克服这些缺点,提出了基于双线性对和Nonce的智能卡远程用户认证方案。安全分析表明,该方案不但增强了认证系统的安全性,而且可安全地完     

动态ID多因素远程用户身份认证方案的改进

基于动态身份信息ID的远程用户身份认证方案,在保证远程用户身份匿名性及不可追踪性的前提下,可实现远程用户与服务器端的双向身份认证。对Yang提出的基于动态ID的远程用户身份认证方案进行了安全分析,指出Yang方案无法抵御重放攻击、服务器伪装攻击、用户伪装攻击,且不能提供双向认证。针对这些缺陷,提出了一种多因素远程用户身份认证方案的改进,并进行了安全性和效率分析,分析结果表明,改进的方案弥补了Yang方案的不足,且具有较高的安全性能。     

一种改进的远程用户身份认证方法

本文针对Yoon-Yoo远程用户身份认证方法隐藏的伪装用户攻击、伪装服务器攻击和窃取校验机攻击的安全缺陷,利用随机数多次哈希运算提出一种改进的远程用户身份认证方法.本算法能够解决Yoon-Yoo方法的安全缺陷,同时又能保持其优点.因此,该方法具有更稳定的安全性,为电子商务等领域提供了远程用户身份认证的有效解决方案.     

Ku-Chien远程身份认证方案的安全性分析

Ku－Chien远程身份认证方案是一种使用智能卡、低开销、实用的口令认证方案。本文分析了Ku－Chien方案的安全性，指出了Ku－Chien方案的安全缺陷：不能抵御并行会话攻击和伪造主机攻击。分析了产生安全缺陷的原因：登陆阶段用户计算出的秘密信息和认证阶段远程主机计算出的秘密信息具有类似的结构。最后，利用口令更改计数器，给出了一种改进的口令认证方案。该方案允许用户自主选择并更改口令，实现了双向认证；能够抵御重放攻击、内部攻击，具备强安全修复性；能够抵御并行会话攻击和伪造远程主机攻击。     

基于动态口令的远程双向认证方案

针对基于口令的远程用户鉴别方案在时间戳和用户ID以及挑战/应答机制中的单相认证的上存在的脆弱性,该方案能进行双向认证,可抵抗重放攻击和假冒攻击,也体现了认证的公平性,比较发现该方案是一种更安全、实用、简单、便捷的基于动态口令的远程双向认证方案。     

An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most remote user authentication schemes on ECC are based on public-key cryptosystem, in which the public key in the system requires the associated certificate to prove its validity. Thus, the user needs to perform additional computations to verify the certificate in these schemes. In addition, we find these schemes do not provide mutual authentication or a session key agreement between the user and the remote server. Therefore, we propose an ID-based remote mutual authentication with key agreement scheme on ECC in this paper. Based upon the ID-based concept, the proposed scheme does not require public keys for users such that the additional computations for certificates can be reduced. Moreover, the proposed scheme not only provides mutual authentication but also supports a session key agreement between the user and the server. Compared with the related works, the proposed scheme is more efficient and practical for mobile devices.     

基于口令的远程身份认证及密钥协商协议

基于口令的身份认证协议是研究的热点。分析了一个低开销的基于随机数的远程身份认证协议的安全性,指出了该协议的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证和密钥协商协议：PUAKP协议。该协议使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该协议允许用户自主选择和更改口令,实现了双向认证,有较小的计算开销;能够抵御中间人攻击;具有口令错误敏感性、口令的主机非透明性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。     

More secure remote user authentication scheme

Recently, Yoon and Yoo proposed a remote user authentication scheme which is an improvement on Lee–Kim–Yoo’s method. However, we find out that Yoon–Yoo’s scheme easily reveals a user’s password and is vulnerable to both masquerading user attack and masquerading server attack. Yoon–Yoo’s scheme is also exposed to stolen verifier attack, because it has to maintain a user database in a remote server. This paper proposes a new remote user authentication scheme that resolves all aforementioned problems, while keeping the merits of Yoon–Yoo’s scheme.     

Improving the security of ‘a flexible biometrics remote user authentication scheme’

Recently, Lin–Lai proposed ‘a flexible biometrics remote user authentication scheme,’ which is based on El Gamal's cryptosystem and fingerprint verification, and does not need to maintain verification tables on the server. They claimed that their scheme is secured from attacks and suitable for high security applications; however, we point out that their scheme is vulnerable and can easily be cryptanalyzed. We demonstrate that their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their scheme is susceptible to the server spoofing attack. To fill this security gap, we present an improvement which overcomes the weakness of Lin–Lai's scheme. As a result, our improved security patch establishes trust between client and remote system in the form of mutual authentication. Moreover, some standards for biometric-based authentication are also discussed, which should be followed during the development of biometric systems.     

一个基于共享抛物线的安全远程登录认证方案

文章提出了一个基于共享抛物线的安全远程登录方案。该方案克服了Wu的基于共享直线方案[1]的缺点,而且可以抵制Hwang的攻击方法[2]。该方案的主要优点是用户可以随意选择或修改他们自己的口令,并且远程系统不需要为认证远程登录请求而事先存储认证表。     

Improvement of Chien et al.'s remote user authentication scheme using smart cards

In 2000, Sun proposed an efficient remote user authentication scheme using smart cards. Later, Chien et al. pointed out that Sun's scheme does not provide the mutual authentication between the user and the server and allow users to freely choose password themselves. Chien et al. further proposed a new efficient and practical solution to solve the problems. However, Hsu showed that Chien et al.'s scheme is vulnerable to the parallel session attack. This paper proposes an improved scheme to overcome the weakness while maintaining the advantages of Chien et al.'s scheme.     

对两个基于智能卡的多服务器身份认证方案的密码学分析与改进

身份认证是用户访问网络资源时的一个重要安全问题。近来,Xu等(XU C, JIA Z, WEN F, et al. Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards [J]. Journal of Computational Information Systems, 2013, 9(14): 5513-5520)提出了一个基于智能卡的动态身份用户认证方案。分析指出其方案不能抵抗中间人攻击和会话密钥泄露攻击,且无法实现会话密钥前向安全性。此外,指出Choi等(CHOI Y, NAM J, LEE D, et al. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics [J]. The Scientific World Journal, 2014, 2014: 281305)提出的基于智能卡和生物特征的匿名多服务器身份认证方案(简称CNL方案)易遭受智能卡丢失攻击、服务器模仿攻击,且不能提保护用户的匿名性。最后,基于生物特征和扩展混沌映射,提出了一个安全的多服务器认证方案,安全分析结果表明,新方案消除了Xu方案和CNL方案的安全漏洞。     

A remote password authentication scheme for multiserverarchitecture using neural networks

Conventional remote password authentication schemes allow a serviceable server to authenticate the legitimacy of a remote login user. However, these schemes are not used for multiserver architecture environments. We present a remote password authentication scheme for multiserver environments. The password authentication system is a pattern classification system based on an artificial neural network. In this scheme, the users only remember user identity and password numbers to log in to various servers. Users can freely choose their password. Furthermore, the system is not required to maintain a verification table and can withstand the replay attack.