| 基于USB-Key的强口令认证方案设计与分析 |
| |
| 引用本文: | 于江,苏锦海,张永福.基于USB-Key的强口令认证方案设计与分析[J].计算机应用,2011,31(2):511-513. |
| |
| 作者姓名: | 于江 苏锦海 张永福 |
| |
| 作者单位: | 信息工程大学电子技术学院 |
| |
| 摘 要: | 针对OSPA强口令认证方案无法抵抗重放攻击、拒绝服务攻击的不足,提出了一种基于USB-Key的口令认证方案。该方案使用USB-Key进行用户口令的验证并存储认证的安全参数,能够有效地保护安全参数不被窃取。认证方案在认证过程中对用户的身份信息进行了保护,使用Hash运算计算认证参数,通过用户端和服务器端之间的认证参数的传递实现双向认证。方案的安全性分析表明,它能够防止口令猜测攻击、重放攻击、假冒攻击、拒绝服务攻击,方案系统开销小,适用于运算能力有限的终端用户。
|
| 关 键 词: | 口令认证 USB-Key Hash函数 双向认证 |
| 收稿时间: | 2010-07-29 |
| 修稿时间: | 2010-09-14 |
Design and analysis of USB-Key based strong password authentication scheme |
| |
| YU Jiang,SU Jin-hai,ZHANG Yong-fu.Design and analysis of USB-Key based strong password authentication scheme[J].journal of Computer Applications,2011,31(2):511-513. |
| |
| Authors: | YU Jiang SU Jin-hai ZHANG Yong-fu |
| |
| Affiliation: | (Institute of Electronic Technology,Information Engineering University,Zhengzhou Henan 450004,China) |
| |
| Abstract: | Concerning that the OSPA protocol is vulnerable to the replay attack and the denial of service attack, in this paper, a USB-Key based strong password authentication scheme was proposed, which used USB-Key to verify the users password and store the security parameter. In this scheme, user's identity can be protected by using the temporary identity and the authentication parameters computation by Hash function. This scheme can achieve mutual authentication between user and server by transferring the authentication parameters. The security analysis of the scheme proves that the scheme is resistant to replay attack, impersonation attack and Denial of Service (DoS) attack, and it has high security, and it can be used by users with limited computation ability. |
| |
| Keywords: | USB-Key |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
