| 移动应用中OTP认证机制的安全性分析 |
| |
| 引用本文: | 王秦,敖静海.移动应用中OTP认证机制的安全性分析[J].计算机安全,2011(8):16-19. |
| |
| 作者姓名: | 王秦 敖静海 |
| |
| 作者单位: | 北京联合大学,北京,100101 |
| |
| 基金项目: | 北京联合大学自然科学基金资助项目(ZK201014X) |
| |
| 摘 要: | 一次性口令(简称OTP)认证机制可以实现一次一密,具备更高的安全性,同时,其实现简单、成本低、无需第三方公证,中分适合于受限的移动应用,但难以抵御小数攻击以及没有实现双向认证,其安全隐患主要在于参与一次性口令生成的随机数以及口令认证信息均以明文方式传送,因此,可以采用椭圆曲线密码体制ECC对随机数及认证信息进行加密.
|
| 关 键 词: | 移动应用 安全性 一次性口令 椭圆曲线密码体制 |
Security Analysis of One Time Password Authentication Mechanism in Mobile Application |
| |
| WANG Qin,AO Jing-hai.Security Analysis of One Time Password Authentication Mechanism in Mobile Application[J].Network & Computer Security,2011(8):16-19. |
| |
| Authors: | WANG Qin AO Jing-hai |
| |
| Affiliation: | WANG Qin,AO Jing-hai(Beijing Union University,Beijing 100101,China) |
| |
| Abstract: | One-Time Password(OTP) authentication mechanism has higher security by one time padding.It is implemented simply,cost less and needed no third-party notarization,and so it is more suitable for limited mobile commerce environment,but it couldn't resist decimal attack and realize bidirectional authentication.The main reason is that random number generated one-time password and authentication information are transmitted by plaintext,so Elliptic Curve Cryptosystem(ECC) is used to encrypting random number and au... |
| |
| Keywords: | Mobile application Security OTP ECC |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
