一种适于受限资源环境的远程用户认证方案的分析与改进

doi:10.3724/SP.J.1146.2012.00376

摘要
图/表
参考文献
相关文章 (5)

全文: PDF (251 KB)
输出: BibTeX | EndNote (RIS)

摘要该文讨论了Fang等人(2011)新近提出的一个安全高效的基于智能卡的远程用户口令认证方案，指出原方案无法实现所声称的抗离线口令猜测攻击，对平行会话攻击和已知密钥攻击是脆弱的，并且存在用户口令更新友好性差问题。给出一个改进方案，对其进行了安全性和效率分析。分析结果表明，改进方案弥补了原方案的安全缺陷，保持了较高的效率，适用于安全需求较高的资源受限应用环境。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	汪定
	马春光
	翁臣
	贾春福

关键词 ：身份认证, 智能卡, 离线口令猜测攻击, 平行会话攻击

Abstract：Recently Fang et al. (2011) proposed a password-based remote user authentication scheme using smart cards for resource-constrained environment, and claimed that their scheme was secure and practical. However, it is found that their scheme can not achieve the claimed security, it is vulnerable to offline password guessing attack, parallel session attack and known key attack. In addition, the password change phase of their scheme is not user-friendly and practical. Consequently, an improved scheme is presented and analyzed, the analysis shows that new scheme eliminates the defects of Fang et al.’s scheme while keeping the merit of high performance, suitable for resource-constrained and security-concerned application scenarios.

Key words： Authentication Smart card Offline password guessing attack Parallel session attack

收稿日期: 2012-04-05

PACS:

TP309

基金资助:

国家自然科学基金(61073042, 61170241)，博士后科研人员落户黑龙江科研启动基金(LBH-Q10141)和北京邮电大学网络与交换技术国家重点实验室基金(SKLNST-2009-1-10)资助课题

通讯作者: 汪定 E-mail: wangdingg@mail.nankai.edu.cn

引用本文:

汪定, 马春光, 翁臣, 贾春福. 一种适于受限资源环境的远程用户认证方案的分析与改进[J]. 电子与信息学报, 2012, 34(10): 2520-2526. Wang Ding, Ma Chun-Guang, Weng Chen, Jia Chun-Fu. Cryptanalysis and Improvement of a Remote User Authentication Scheme for Resource-limited Environment. , 2012, 34(10): 2520-2526.

链接本文:

http://jeit.ie.ac.cn/CN/10.3724/SP.J.1146.2012.00376 或 http://jeit.ie.ac.cn/CN/Y2012/V34/I10/2520