摘要
采用HMAC SHA-1杂凑函数和动态截短函数设计了一次性口令算法HOTP-C.该算法具有计算速度快、安全性高的特点,易于采用令牌或IC卡硬件实现.因此,该算法适用于HTOP认证架构.此外,提出了基于令牌的认证协议应具备的3个基本条件,并设计了一种基于计数器同步的认证协议.该协议通过在服务器端设置最大认证尝试次数来防止蛮力攻击,并设置前顾参数来实现计数器重同步.分析表明,该协议能够有效抵抗蛮力攻击和截获/重放消息等常见攻击,具有很高的安全性.
A one time password algorithm HTOP.C is proposed based on HMAC SHA-1 and a dynamic truncating function. The algorithm has a fast computing speed and high security, and it is easy to implement by using Token or IC card hardware. Therefore, the algorithm is suitable for the HTOP authentication framework. Besides, three basic conditions are proposed for the token-based authentication protocol, and an authentication protocol based on counter synchronization is designed. At the server side, the protocol sets up a maximum trying number to prevent the brute-force attack, and a look-ahead parameter to realize counter resynchronization. Finally, the security of the protocol is analyzed. Results show that the protocol can resist normal attacks, such as brute-force attack and interception/replay attack effectively, and is highly secure.
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2006年第4期650-654,共5页
Journal of Xidian University
基金
国家自然科学基金资助项目(60173056)
关键词
一次性口令
杂凑函数
认证协议
one time password
hash function
authentication protocol
