| 基于随机数和Hash函数的认证方案 |
| |
| 引用本文: | 张利华.基于随机数和Hash函数的认证方案[J].微电子学与计算机,2007,24(6):80-83. |
| |
| 作者姓名: | 张利华 |
| |
| 作者单位: | 北京航空航天大学,北京,100083;华东交通大学,江西,南昌,330013 |
| |
| 摘 要: | 分析了一个低开销的基于随机数的远程身份认证方案的安全性,指出了该方案的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证方案(NHRA方案)。该方案使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该方案允许用户自主选择和更改口令,实现了双向认证,有更小的计算开销;能够抵御假冒远程主机攻击、抵御假冒合法用户攻击;能够迅速检测口令输入错误及正确判断认证失败原因;具备强安全修复性。
|
| 关 键 词: | 身份认证 口令 随机数 智能卡 安全分析 |
| 文章编号: | 1000-7180(2007)06-0080-04 |
| 修稿时间: | 2005-11-23 |
Nonce and Hash Based Authentication Scheme |
| |
| ZHANG Li-hua.Nonce and Hash Based Authentication Scheme[J].Microelectronics & Computer,2007,24(6):80-83. |
| |
| Authors: | ZHANG Li-hua |
| |
| Affiliation: | 1 Beijing University of Aeronautics and Astronautics, Beijing 10083, China; 2 East China Jiaotong University, Nanchang 330013, China |
| |
| Abstract: | The security of a new proposed remote user authentication scheme is analyzed. Whereby it uses nonce random and has very low computational costs. However, this scheme still has many secure faults. The weakness of the scheme is demonstrated. NHRA, a novel nonce and Hash based remote user authentication scheme using smart cards is also presented. In order to avoid the risk of message replay attack, the scheme uses nonce random instead of using time stamps. NHRA has many merits: it let users freely choose and change password at their own will; it provides mutual authentication between two entities; it has more lower computational costs; it resists masquerading remote system or legitimate user attack; in addition, it can detect fast when user inputs wrong password and give the correct indication of the reason; Furthermore, it has strong security reparability. |
| |
| Keywords: | authentication password smart cards nonce random cryptanalysis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
