摘要
研究近期提出的2个远程用户认证方案,对其进行伪造攻击。利用基于身份的签名思想提出一个基于身份的远程用户认证方案,在实现动态认证的同时无须用户与远程服务器端交互,通信量小,远端服务器无须保存或维护任何口令或验证表,存储代价低,可以避免口令攻击、重放攻击、伪造攻击、中间人攻击等,安全性高。
Two remote user authentication schemes proposed recently are studied,they are both vulnerable to forgery attacks.Identity-based remote user authentication scheme using identity-based signature system is presented.It obtains low communicational cost and dynamic authentication service without interaction between the user and the remote server,achieves little storage in the remote server because it does not need reserve or maintain any password or any table for verification.Its security is high for the reason that it can avoid some familiar attacks such that password attacks,replay attacks,forgery attacks,man-in-the-middle attacks and so on.
出处
《计算机工程》
CAS
CSCD
北大核心
2008年第12期149-151,共3页
Computer Engineering
基金
现代通信国家重点实验室基金资助项目(51436020405JB5205)
关键词
认证
双线性对
智能卡
口令
时戳
authentication
bilinear parings
smart card
password
timestamp