期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Park等远程用户认证协议的分析与改进 被引量:1

Cryptanalysis and improvement of Park et al.'s remote user authentication protocol
原文传递
导出
摘要 2009年Park等提出了一个高效远程用户认证协议,并宣称这是第一个能抵抗离线口令猜测攻击的基于智能卡的口令认证方案,具有不需要存储口令表、没有时间戳、传输和计算量小等优点.然而,本文指出了他们的方案无法抵抗离线口令猜测攻击和伪造攻击.为克服其安全性缺陷,提出了不影响原方案功能的、基于随机数和基于时间戳的两个认证协议.技术分析表明提出的改进方案是安全、高效和实用的. In 2009,Park,et al.proposed an efficient remote user authentication protocol.They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack,and had many advantages over existing solutions such as no password tables and timestamp,low communication and computational costs.However,this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack.To overcome the security weaknesses,two improved schemes based on either nonce or timestamp without affecting the merits of the Park,et al.scheme are proposed.Technical discussions are provided to show that the improved protocol is secure,efficient and practical.
作者 谢琪 陈德人 于秀源
机构地区 浙江大学计算机学院 杭州师范大学信息科学与工程学院 杭州师范大学理学院
出处 《系统工程理论与实践》 EI CSSCI CSCD 北大核心 2010年第10期1877-1882,共6页 Systems Engineering-Theory & Practice
基金 国家重点基础研究发展计划(973计划)(2006CB303100) 国家博士后科学基金(20080440200) 国家自然科学基金(10671051 61070153) 浙江省自然科学基金(Y1080831)
关键词 智能卡 远程用户认证 双向认证 离线口令猜测攻击 smart card remote user authentication mutual authentication off-line password guessing attack
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1Chen T H,Lee W B.A new method for using hash functions to solve remote user authentication. Computers and Electrical Engineering . 2008
  • 2Yang G M,Wong D S,Wang H X,et al.Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Science . 2008
  • 3Kim S K,Chung M G.More secure remote user authentication scheme. Computer Communications . 2009
  • 4Park J K,Lee J S,Chang J H.An efficient remote user authentication scheme secure against the off-line password guessing attack by power analysis. 1 1th International Conference on Advanced Communication Technology, IEEE . 2009
  • 5SUN Da-zhi,HUAI Jin-peng,SUN Ji-zhou,et al.Cryptanalysis of amutual authentication scheme based on nonce and smartcards. Computer Communications . 2009
  • 6LI L H,LINI C,HWANG M S.A remote pass-word authentication scheme for multi-server architec-ture using neural networks. IEEE Transactions on Neural Networks . 2001
  • 7Messerges T S,Dabbish E A,Sloan R H.Examining smartcard se-curity under the threat of power analysis attacks. IEEE Trans-actions on Computers . 2002
  • 8Sun H M.An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics . 2000
  • 9Schneier B.Applied cryptography-protocols, algorithms, and source code in C. . 1996
  • 10Shen J J,Lin C W,Hwang M S.A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics . 2003

同被引文献37

  • 1冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学(E辑),2007,37(2):223-237. 被引量:14
  • 2Chen T H, Hsiang H C, Shih W K. Security enhancement on an improvement on two remote user authentication schemes using smart cards[J]. Future Generation Computer Systems, 2011, 27(4): 377-380.
  • 3Das M L. Two-factor user authentication in wireless sensor networks[J]. IEEE Transactions on Wireless Com- munications, 2009, 8(3): 1086-1090.
  • 4Wang Y Y, Liu J Y, Xiao F X, et al. A more e:cient and secure dynamic ID-based remote user authentication scheme[J]. Computer Communications, 2009, 32(4): 583 585. Yoon E J, Yoo K Y, Ha K S. A user friendly authentication scheme with anonymity for wireless communications[J]. Computers & Electrical Engineering, 2011, 37(3): 356 364.
  • 5Messerges T S, Dabbish E A, Sloan R H. Examining smart card security under the threat of power analysis attacks[J]. IEEE Transactions on Computers, 2002, 51(5): 541 552.
  • 6Markantonakis K, Tunstall M, Hancke F, et al. Attacking smart card systems: Theory and practice[J]. Informa- tion Security Technical Report, 2009, 14(2): 46-56.
  • 7Kim T H, Kim C, Park I. Side channel analysis attacks using am demodulation on commercial smart cards with seed[J]. Journal of Systems and Software, 2012, 85(12): 2899 2908.
  • 8Khan M K, Kim S K, Alghathbar K. Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme[J]. Computer Communications, 2011, 34(3): 305-309.
  • 9Sood S K. Secure dynamic identity-based authentication scheme using smart cards[J]. Information Security Journal: A Global Perspective, 2011, 20(2): 67 77.
  • 10Wen F, Li X. An improved dynamic ID-based remote user authentication with key agreement scheme[J]. Com- puters & Electrical Engineering, 2012, 38(2): 381 387.

引证文献1

二级引证文献5

系统工程理论与实践
2010年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部