摘要
动态口令是目前常用于替代静态口令的一种强身份鉴别技术,基于短信的动态口令又是动态口令系统中的一种低成本、易管理的实现模式。远程接入系统认证时常使用短信动态口令来加强对账号安全的保障,目前广泛使用的远程接入短信动态口令系统中,由于动态口令的触发产生机制简单无保护,易于形成阻塞攻击,论文详细分析了短信动态口令的触发机制,并提出一种改进方法,用于降低阻塞攻击对远程访问系统带来的风险。
Dynamic Password is an authentication technology substitutive for the usual static password authentication Mobilepass is one of dynamic password with low cost and easy management Mobilepass is widely used in remote access system to improve the account security. Because of the simple mechanism for creating dynamic password in remote access system, denial-of-ervice attack is often found. This paper describes in detail the mechanism for creating mobilpass and finally proposes the corresponding security reinforcements to reduce the risk of denial of service attack.
出处
《信息安全与通信保密》
2008年第12期103-106,共4页
Information Security and Communications Privacy
关键词
动态口令
身份认证
短信口令
远程接入
阻寒攻击
dynamic password
authentication
mobilepass
remote access
denial-of-service attack