一种适合远程访问场景的认证和密钥交换方案

An Efficient Asymmetric Authentication and Key Exchange Scheme

提出了一种基于基本ECMQV协议的非对称式认证和密钥交换方案AEAS,可实现对客户端的口令认证和对服务端的公钥认证;AEAS中的客户端口令认证具有零知识安全属性,允许用户使用弱口令,并能抵御各种字典攻击和重放攻击;与同类非对称认证和密钥交换方案相比,AEAS具有最少的公钥计算开销。AEAS协议能集成到现有WTLS协议框架中,从而实现一种高安全性和低计算开销的WTLS扩展,它完全可满足无线终端在企业远程访问场景下的高安全性要求。

An ECMQV-based asymmetric authentication scheme is proposed, which enables client authentication with memorable passwords and server authentication with conventional certificates; the client password authentication possesses zero-knowledge-proof security property, which allows using weak passwords; implicit authentication is used to validate server-side entity, which greatly cuts down client computation overhead. AEAS can be integrated into current WTLS framework, resulting in a WTLS extension with higher security and lower computation overhead, which mets wireless terminals＇ high-security requirements under enterprise remote access scenario.