基于椭圆曲线密码体制的口令认证系统研究

The Study of Password Authentication System Based on Elliptic Curve Cryptosystem

针对现有口令认证系统中存在的安全问题,本文在研究椭圆曲线密码体制ECC基本原理的基础上,设计了一种新的基于ECC的口令认证方案,给出了该方案的详细实现过程,最后对方案进行了安全性分析。本方案的特点是用户口令在系统存储和传输过程中难以被破解;认证信息保持动态性,能有效防止重放攻击;用户还可以及时发现秘密使用其口令的非法用户,杜绝了信息泄漏或资源盗用。整个方案安全有效,易于实现,有着良好的应用前景。

Aiming at the the security problems of the password authentication systems in existence, this paper studiesthe elliptic curvecryptosystem basic principle, and then proposes a new password authentication scheme based on theelliptic curve cryptosystem. The particular implementation of this scheme is presented. And the security is analyzedfinally. In this scheme, user's passwords are difficult to be explained in the process of storage and transmission. Authen-tication information keep dynamic,so replay attack can be prevented effectively. In addition,veritable users can detectthe illegal uses who misappropriate the passwordsso information divulges or resources embezzlement can be refrained.This scheme is secure, effective ,easy to implement and hopeful for application.