Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency.
相似文献 |
|||||||
|
|||||||
|
共查询到14条相似文献,搜索用时 125 毫秒
1.
由于网络安全的需要,利用智能卡的双因子身份鉴别方案越来越受到重视。首先分析了Wang Yan-yan等人提出的基于动态ID的远程用户身份认证方案的安全性,指出其方案的安全缺陷是不能抵抗离线的口令猜测攻击;随后提出了一种改进的方案,改进之后的方案能有效抵抗重放攻击、离线口令猜测攻击、假冒服务器/用户攻击。经过安全分析,新的方案在保留了原方案优点的同时,具有了更高的安全性。 相似文献
2.
3.
4.
2009年,Liao—Wang提出了一种基于智能卡的典型远程用户身份鉴别方案,经分析证明该方案存在安全脆弱性,容易受到离线口令猜测攻击,攻击者伪装成服务器的攻击,域内合法用户伪装成域内其他用户的攻击。之后提出了一种安全改进方案,解决了上述脆弱性问题,具有可靠的安全性。 相似文献
5.
6.
针对目前一次性口令的不足,借鉴质询/响应方案的思想设计了一种基于Diffie-Hellman的一次性口令认证方案.与传统方案相比,该方案不仅能够提供通信双方的相互认证,而且能够抵抗重放攻击、离线口令猜测攻击和假冒攻击,极大地增强了应用系统的安全性. 相似文献
7.
8.
基于电子钥匙的双向身份鉴别方案 总被引:1,自引:0,他引:1
通过改进鉴别方案的安全策略和身份鉴别信息,提出了一种基于USB Key的可有效对抗离线口令猜测攻击和内部攻击的改进方案。安全性分析表明,改进后的方案保持了非存储数据型鉴别方案特点,且没有增加计算代价,具有更好的安全性和实用性。 相似文献
9.
张利华 《微电子学与计算机》2007,24(6):80-83
分析了一个低开销的基于随机数的远程身份认证方案的安全性,指出了该方案的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证方案(NHRA方案)。该方案使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该方案允许用户自主选择和更改口令,实现了双向认证,有更小的计算开销;能够抵御假冒远程主机攻击、抵御假冒合法用户攻击;能够迅速检测口令输入错误及正确判断认证失败原因;具备强安全修复性。 相似文献
10.
11.
12.
Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes. 相似文献
13.
Chun‐Guang Ma Ding Wang Sen‐Dong Zhao 《International Journal of Communication Systems》2014,27(10):2215-2227
Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In this paper, we analyze two recent proposals in the area of password‐based remote user authentication using smart cards. First, we point out that the scheme of Chen et al. cannot achieve all the claimed security goals and report its following flaws: (i) it is vulnerable to offline password guessing attack under their nontamper resistance assumption of the smart cards; and (ii) it fails to provide forward secrecy. Then, we analyze an efficient dynamic ID‐based scheme without public‐key operations introduced by Wen and Li in 2012. This proposal attempts to overcome many of the well‐known security and efficiency shortcomings of previous schemes and supports more functionalities than its counterparts. Nevertheless, Wen–Li's protocol is vulnerable to offline password guessing attack and denial of service attack, and fails to provide forward secrecy and to preserve user anonymity. Furthermore, with the security analysis of these two schemes and our previous protocol design experience, we put forward three general principles that are vital for designing secure smart‐card‐based password authentication schemes: (i) public‐key techniques are indispensable to resist against offline password guessing attack and to preserve user anonymity under the nontamper resistance assumption of the smart card; (ii) there is an unavoidable trade‐off when fulfilling the goals of local password update and resistance to smart card loss attack; and (iii) at least two exponentiation (respectively elliptic curve point multiplication) operations conducted on the server side are necessary for achieving forward secrecy. The cryptanalysis results discourage any practical use of the two investigated schemes and are important for security engineers to make their choices correctly, whereas the proposed three principles are valuable to protocol designers for advancing more robust schemes. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
14.
Neng-Wen Wang Han-Chieh Chao Ing-Yi Chen Yueh-Min Huang 《Telecommunication Systems》2010,44(3-4):181-190
Due to the explosive growth of the Internet and the pervasion of multimedia, protection of intellectual property (IP) rights of digital content in transactions induces people’s concerns. Current security requirements and copyright protection mechanisms especially need to work in real-time and on-line for communication and networking. For media service systems in the Internet, user’s authentication is most essential in association with the access control of the media system. The authentication scheme is a trivial but crucial issue for maintaining user’s information. Up to now, many one-time password-based authentication schemes have been proposed. However, none is secure enough. The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources. Traditionally static passwords can more easily be obtained by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. These schemes are specially fit for media services in the Internet since they will frustrate the attacker’s attempt. Lin, Shen and Hwang proposed a strong-password authentication scheme in association with one-time password by using smart cards, and claimed their scheme can resist guess attack, replay attack, impersonation attack and stolen attack. Later, Ku, Tsai, and Chen showed that Lin-Shen-Hwang’s scheme suffers from a replay attack and a denial-of-service attack. Furthermore, Ku proposed a hash-based strong-password authentication scheme to enhance the security. In this paper, we show the weaknesses and devise some attacks against Ku’s scheme. Then, we revise Ku’s scheme and propose a novel user’s authentication scheme in pervasive on-line media services for current communication and networking. 相似文献
|
| 设为首页 | 免责声明 | 关于勤云 | 加入收藏 |
|
Copyright©北京勤云科技发展有限公司 京ICP备09084417号 |