期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于口令的远程身份认证及密钥协商协议 被引量:10

Password-based remote user authentication and key agreement protocol
下载PDF
导出
摘要 基于口令的身份认证协议是研究的热点。分析了一个低开销的基于随机数的远程身份认证协议的安全性,指出了该协议的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证和密钥协商协议:PUAKP协议。该协议使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该协议允许用户自主选择和更改口令,实现了双向认证,有较小的计算开销;能够抵御中间人攻击;具有口令错误敏感性、口令的主机非透明性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。 Password-based remote user authentication is a hotspot in authentication protocol research. The security of a proposed remote user authentication scheme was analyzed. Whereby it used nonce random and had very low computational costs. However, this scheme still has many security faults. The weakness of the scheme was demonstrated. Password-based remote user authentication and key agreement protocol ( PUAKP), a novel nonce and hash-based remote user authentication scheme and key agreement using smart cards were also presented. In order to avoid the risk of message replay attack, the scheme uses nonce random instead of using time stamps. PUAKP has many merits: it lets users freely choose and change password at their own will; it provides mutual authentication between two entities; it has more lower computational costs; it resists man-in-the-middle attack; in addition, it has wrong password sensitivity; and it has password nontransparency to system and strong security reparability. Furthermore, the session key has freshness, confidentiality, known-key security and forward security.
作者 张利华 章丽萍 张有光 吕善伟
机构地区 北京航空航天大学电子信息工程学院 华东交通大学电气与电子学院
出处 《计算机应用》 CSCD 北大核心 2009年第4期924-927,共4页 journal of Computer Applications
基金 国家自然科学基金资助项目(90306008)
关键词 身份认证 口令 随机数 安全分析 authentication password nonce random cryptanalysis
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1FAN C I, CHAN Y C, ZHANG Z K. Robust remote authentication scheme with smart cards[J]. Computers and Security, 2005, 24 (8): 619-628.
  • 2CHEN Y C, YEH L Y. An efficient nonce-based authentication seheme with key agreement[ J]. Applied Mathematics and Computation, 2005, 169 (2): 982-994.
  • 3AWASTHI A K, LAL S. A remote user authentication scheme using smart cards with forward secrecy[ J]. IEEE Transactions on Consumer Electronics, 2003, 49(4) : 1246 - 1248.
  • 4HWANG M S, LI L H. A new remote authentication scheme using smart cards[ J]. IEEE Transactions on Consumer Electronics, 2000, 46(1): 28-30.
  • 5LEUNG K C, CHENG L M, FONG A S, et al. Cryptanalysis of a modified remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2003, 49(4): 1243 -1245.
  • 6SUN H M. An efficient remote user authentication scheme using smart cards[ J]. IEEE Transactions on Consumer Electronics, 2000, 46(.4) : 958 -961.
  • 7CHIEN H Y, WANG R C, YANG C C. Note on robust and simple authentication protocol[J]. The Computer Journal, 2005, 48(1) : 27 -29.
  • 8JUANG W S. Efficient password authenticated key agreement using smart cards[J]. Computers and Security, 2004, 23(2) : 167 - 173.
  • 9GONG L. A security risk of depending on synchronized clocks[ J]. ACM SIGOPS Operating Systems Review, 1992, 26(1) : 49 -53.
  • 10YANG C C, WANG R C, CHANG T Y. An improvement of the Yang-Shieh password authentication schemes[ J]. Applied Mathematics and Computation, 2005, 162 (3): 1391-1396.

同被引文献85

引证文献10

二级引证文献16

计算机应用
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部