| 基于智能卡的双向身份鉴别方案分析与改进 |
| |
| 引用本文: | 刘嘉勇,刘月琴,方勇.基于智能卡的双向身份鉴别方案分析与改进[J].四川大学学报(工程科学版),2006,38(6):104-107. |
| |
| 作者姓名: | 刘嘉勇 刘月琴 方勇 |
| |
| 作者单位: | 四川大学,信息安全研究所,四川,成都,610064 |
| |
| 摘 要: | 2003年,Shen、Lin和Hwang提出利用一种基于时间戳的智能卡远程身份鉴别方案,此方案允许用户更改口令,远程服务器不需要存储用户的口令或验证表,可提供基于时间戳的双向身份鉴别以对抗假冒登录攻击及假冒服务器攻击。但已有研究表明该方案不能有效对抗假冒登录攻击,攻击者至少可以通过两种方式伪装成一个合法用户成功地登录到远程服务器。为此,通过改进鉴别方案的安全策略和身份鉴别信息,提出可有效对抗假冒登录攻击的改进方案,安全性分析表明,改进后的方案保持了非存储数据型鉴别方案特点,且没有增加智能卡计算代价,具有更好的安全性和实用性。
|
| 关 键 词: | 鉴别 安全性改进 假冒攻击 智能卡 |
| 文章编号: | 1009-3087(2006)06-0104-04 |
| 收稿时间: | 02 16 2006 12:00AM |
| 修稿时间: | 2006-02-16 |
Analysis and Improvement of Mutual Authentication Scheme with Smart Card |
| |
| LIU Jia-yong,LIU Yue-qin,FANG Yong,GAO Min-xu.Analysis and Improvement of Mutual Authentication Scheme with Smart Card[J].Journal of Sichuan University (Engineering Science Edition),2006,38(6):104-107. |
| |
| Authors: | LIU Jia-yong LIU Yue-qin FANG Yong GAO Min-xu |
| |
| Affiliation: | Inst. of Info. Security, Sichuan Univ. ,Chengdu 610064,China;Inst. of Info. Security, Sichuan Univ. ,Chengdu 610064,China;Inst. of Info. Security, Sichuan Univ. ,Chengdu 610064,China |
| |
| Abstract: | The present authentication scheme has been found to be vulnerable to forged login attack; an intruder could still impersonate legitimate users to login and accesses the remote server in two ways at least. To solve this problem, an improved scheme will be proposed, which can withstand the existing forged attacks by means of improwing the security policy and authentication information. The security analysis showed that the improved scheme still keeps the features of the non-storage data model authentication scheme and will not add the additional computation cost to the smart card, and will perform better in security and practical operations. |
| |
| Keywords: | authentication security improvement personate attack smart card |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息 |
|
点击此处可从《四川大学学报(工程科学版)》下载全文 |
