| 基于动态ID的远程认证方案的分析和改进 |
| |
| 引用本文: | 屈娟,邹黎敏,谭晓玲.基于动态ID的远程认证方案的分析和改进[J].计算机工程与应用,2014,50(22):126-129. |
| |
| 作者姓名: | 屈娟 邹黎敏 谭晓玲 |
| |
| 作者单位: | 1.重庆三峡学院 数学与统计学院,重庆 404000
2.重庆三峡学院 电子与信息工程学院,重庆 404000 |
| |
| 基金项目: | 重庆市教育技术委员会项目(No.KJ121103);重庆三峡学院科研项目(No.11ZD-15)。 |
| |
| 摘 要: | 分析了段晓毅等人提出的动态ID的远程认证方案,发现该方案不能抵御离线密码字猜测攻击,重放攻击,冒充服务器攻击,且在相互认证后不能提供会话密钥。提出了一个改进方案,改进后的方案克服了以上的安全缺陷,且用户可自由选择登录系统的密码,相互认证后用户和服务器共享一个会话密钥。
|
| 关 键 词: | 用户认证 智能卡 离线密码字猜测攻击 相互认证 |
Analysis and improvements of dynamic identity-based remote user authenti-cation scheme |
| |
| QU Juan,ZOU Limin,TAN Xiaoling.Analysis and improvements of dynamic identity-based remote user authenti-cation scheme[J].Computer Engineering and Applications,2014,50(22):126-129. |
| |
| Authors: | QU Juan ZOU Limin TAN Xiaoling |
| |
| Affiliation: | 1.School of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing 404000, China
2.School of Electronic and Information Engineering, Chongqing Three Gorges University, Chongqing 404000, China |
| |
| Abstract: | In this paper, Duan et al.’s scheme is analyzed. It is showed that this scheme is insecure against offline-guessing attack, replay attack, forgery attack and a session key doesn’t be provided after mutual authentication. An improved scheme is proposed that overcomes the above-mentioned security flaws with not affecting the merits of the original scheme. The proposed scheme not only allows the users to choose and change their passwords freely, but also generates a session key agreed by the user and the server. |
| |
| Keywords: | user authentication smart card offline password guessing attack mutual authentication |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
