摘要
计算机网络是一个开放的系统,也正是由于其开放性导致计算机网络中存在相当多的安全漏洞和安全威胁,网络中的各类资源很容易被人非法访问和复制.因此对网络资源访问者的合法身份进行认证就显得非常重要.1981年,Lamport提出了一种基于密码表的用户认证方案.此方案可以抵抗重传攻击,然而,当存储在主机的口令一旦遭到攻击者的攻击,方案将无任何安全可言.智能卡可以作为一种更有效的用以认证身份的个人持有物,许多基于智能卡的认证方案被提出.首先对Das的双线性对身份认证方案进行了详细分析,针对其存在时钟同步问题,易遭受伪造攻击等安全隐患,提出了一种基于双线性对并利用智能卡完成的交互认证方案.为防止在认证过程中被伪造攻击,提出双私钥双随机数的方法,增强了认证系统的安全性,可安全地完成用户和远程系统间的交互认证.
The computer network is an open system, and it leads to considerable security vulnerabilities and security threats in computer network. The network resources can easily be visited and illegally copied. So the identity authentication of the Web source visitor has become very important. In 1981, Lamport proposed an authentication scheme based on keywords table. This scheme can resist the replay attack, but will be not in security when the password stored in the host is attacked. Smart card can be more available to identity authentication. Many authentication schemes based on smart card are proposed for improving authentication efficiency and security. Firstly, Manik Lal Das's authentication scheme is analyzed detailedly in this paper. It has time synchronization problem and vulnerable forgery attack. So, mutual authentication scheme based on bilinear pairings which is using smart card is proposed. A novel technique of using double secret keys and double random numbers for preventing forgery attack in authentication process is proposed. It enhances the security of the authentication system and accomplishes mutual authentication safely between the user and the remote system. Finally, the scheme finishes the correctness attestation, and security and computation complexity analysis.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2008年第5期779-785,共7页
Journal of Computer Research and Development
基金
河北省教育厅自然科学基金重点项目(Zh2006006)
河北省教育厅自然科学基金项目(2005214
Z2007442)
河北大学自然科学基金项目(2006Q05)~~
关键词
认证
智能卡
双私钥双随机数
双线性对
nonce
authentication
smart card
double secret keys and double random numbers
bilinear pairings
nonce
