基于动态ID的远程用户交互认证方案被引量：2

Remote User Mutual Authentication Scheme Based on Dynamic ID

下载PDF

导出

摘要讨论了文献[13]提出的一个基于身份加密的智能卡认证方案,指出其不能抵抗智能卡丢失攻击、内部攻击和冒充攻击等,且不具备用户匿名性和前向安全性,在临时会话密钥协商和智能卡撤销操作上也存在缺陷。通过引入椭圆曲线公钥密码技术和注册随机因子,提出了一个基于动态ID的远程用户交互认证方案并对其进行分析。结果表明,新方案弥补了原方案的不足,且具有较高的效率。 A smart card-based authentication scheme using user identity cryptography was recently proposed by Chang et al. The scheme is found to be vulnerable to smart card loss attack, insider attack, impersonation attack, etc. It also has problems in session key agreement phase and smart card revocation phase. In addition, the scheme cannot achieve user anonymity and forward secrecy. This paper presents a dynamic ID-based remote user mutual authentication scheme by introducing the elliptic-curve public-key cryptography and registration random factor. Security and efficiency analysis shows that the new scheme eliminates the defects of Chang et al. ＇ s scheme while keeping the high performance.

作者昝亚洲刘文芬蒋峰云

机构地区数学工程与先进计算国家重点实验室 [

出处《信息工程大学学报》 2014年第3期262-269,共8页 Journal of Information Engineering University

基金国家973计划资助项目(2012CB315905 2012CB315901)

关键词身份认证动态ID 智能卡椭圆曲线密码体制 authentication dynamic identity smart card elliptic curve cryptography

分类号 TN918.1 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献20

1Lamport L. Password authentication with insecure communication [ J ]. Communications of ACM, 1981, 24 (11 ) : 770-772.
2Das M L, Saxena A, Gulati V P. A dynamic ID-based remote user authentication scheme[ J]. IEEE Transactions on Consumer Electronics, 2004, 50 (2): 629-631.
3Awasthi A K. Comment on a dynamic ID-based remote user authentication scheme [ J]. Transaction on Cryptology, 2004, 1 (2) :15-16.
4Zhang X, Feng Q, Li M. A modified dynamic ID-based remote user authentication scheme[ C ]//Proceedings of the 2006 In- ternational Conference on Communications, Circuits and Systems. 2006: 1602-1604.
5Liao I E, Lee C C, Hwang M S. Security enhancement for a dynamic ID-based remote user authentication scheme[ C]//Pro- ceedings of the International Conference on the Next Generation Web Services Practices. 2005 : 22-26.
6Misbahuddin M, Bindu C S. Cryptanalysis of Liao-Lee-Hwang' s dynamic ID Scheme[ J]. International Journal of Network Se- curity, 2008, 6(2): 211-213.
7Wang Y Y, Liu J Y, Xiao F X, et al. A more efficient and secure dynamic ID-based remote user authentication scheme[ J]. Computer Communications, 2009, 32(4): 583-585.
8Ahmed M A, Lakshmi D R, Sattar S A. Cryptanalysis of a more efficient and secure dynamic ID-based remote user authentica- tion scheme[ J]. International Journal of Network Security & Its Applications, 2009, 1 (3) : 32-37.
9Yeh K H, Su C H, Lo N W,et al. Two robust remote user authentication protocols using smart cards[ J]. The Journal of Sys- tems and Software, 2010, 83( 12): 2556-2565.
10Khan M K, Kim S K, Alghathbar K. Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme [ J ]. Computer Communications, 2011, 34 ( 3 ) : 305-309.

二级参考文献31

1冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学（E辑）,2007,37(2):223-237. 被引量：14
2A Shimizu,T Horioka, H lnagaki. A password authentication method for contents communication on the intemet [ J ]. IEICE Trans Commun,1998, E81-B(8) : 1666 - 1673.
3M Sandirigama, A Shimizu, M T Noda. Simple and secure password authentication protocol (SAS) [J]. IEICE Trans. Commun, 2000, E83-B(6): 1363 - 1365.
4C L Lin,H M Sun,T Hwang. Attacks and solutions an strong-password authentication [J]. IEICE Trans. Commun, 2001, E84-B (9) : 2622 -2627.
5A Shimizu. A dynamic password authentication method by one-way function [J]. IEICE Trans, 1990,J73-D-I(7) :630 - 636.
6N Haller.The S/KEY(TM) one-time password system [A]. Proc Internet Society Symposium on Network and Distributed System Security[C] .San Diego, USA: ISSNDSS, 1994.151 - 158.
7A J Menezes, P C van Oorschot, S A Vanstone. Handbook of Applied Cayptography [ M]. Boca Raton, USA : CRC Press, 1997,385 - 424.
8Tsai C S, Lee C C, and Hwang M S. Password authentication schemes: current status and key issues[J]. International Journal of Network Security, 2006, 3(2): 101-115.
9Chang C C and Wu T C. Remote password authentication with smart cards[J]. IEE Proceedings-E Computers and Digital Techniques, 1993, 138(3): 165-168.
10Ku W C and Chen S M. Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2004, 50(1): 204-207.

共引文献28

1刘波,王海涛,陈晖,刘军.S/KEY一次性口令协议分析及改进方案设计[J].保密科学技术,2012(12):59-64.
2韩旭,柳克俊,祖先锋.基于ThinClient/Server的三因素身份认证方案[J].计算机工程,2006,32(24):126-128. 被引量：1
3姜增良,王晋东,郑学军.一种动态多因子认证系统的设计与实现[J].微计算机信息,2007(02X):58-60. 被引量：1
4程英,高庆德.一个强口令认证协议的漏洞研究[J].计算机科学,2009,36(10):106-107. 被引量：2
5汪定,马春光,张启明,谷德丽.一个强口令认证方案的攻击与改进[J].计算机科学,2012,39(6):72-76. 被引量：6
6薛锋,汪定,王立萍,马春光.对两个基于智能卡的口令认证协议的安全性分析[J].计算机应用,2012,32(7):2007-2009. 被引量：7
7王勇,岑荣伟,郭红,李新友.国家电子政务外网电子认证系统SM2国密算法升级改造方案研究[J].信息网络安全,2012(10):83-85. 被引量：12
8汪定,薛锋,王立萍,马春光.改进的具有PFS特性的口令认证密钥协商方案[J].山东大学学报（理学版）,2012,47(9):19-25. 被引量：2
9汪定,马春光,翁臣,贾春福.一种适于受限资源环境的远程用户认证方案的分析与改进[J].电子与信息学报,2012,34(10):2520-2526. 被引量：14
10黄益彬,吕洋,杨维永.智能终端网络安全防护设计[J].计算机与现代化,2012(12):106-109. 被引量：2

同被引文献19

1WANG D, WANG P. On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solu- tions [J]. Computer Networks, 2014, 73:41-57.
2BONNEAU J. The science of guessing: analyzing an anonymized corpus of 70 million passwords [ C]//Proceedings of the 2012 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2012:538 -552.
3DAS M. Two-factor user authentication in wireless sensor networks [ J]. IEEE Transactions on Wireless Communications, 2009, 8(3) : 1086 - 1090.
4HE D, GAO Y, CHAN S, et al. An enhanced two-factor user au- thentication scheme in wireless sensor networks [ J]. Ad Hoc Sensor & Wireless Networks, 2010, 10(4): 361-371.
5XUE K, MA C, HONG P, et al. A temporal-credential-based mutu- al authentication and key agreement scheme for wireless sensor net- works [ J]. Journal of Network and Computer Applications, 2012, 36(1): 316-323.
6MESSERGES T S, DABBISH E A, SLOAN R H. Examining smart- card security under the threat of power analysis attacks [ J]. IEEE Transactions on Computers, 2002, 51(5): 541-552.
7KIM T H, KIM C, PARK I. Side channel analysis attacks using AM demodulation on commercial smart cards with seed [ J]. Journal of Systems and Software, 2012, 85( 12): 2899 -2908.
8WANG D, WANG P. Offline dictionary attack on password authen- tication schemes using smart cards [ C]// Proceedings of the 16th Information Security Conference. Berlin: Springer, 2014: 1- 16.
9MA C, WANG D, ZHAO S. Security flaws in two improved remote user authentication schemes using smart cards [ J]. International Journal of Communication Systems, 2014, 27(10) : 2215 -2227.
10NEWELL A, YAO H, RYKER A. Node-capture resilient key estab- lishment in sensor networks: design space and new protocols [ J]. ACM Computing Surveys, 2014, 47(2) : 1 -24.

引证文献2

1薛锋,汪定,曹品军,李勇.对两个无线传感器网络中匿名身份认证协议的安全性分析[J].计算机应用,2015,35(12):3424-3428. 被引量：1
2余红芳,艾琼.一种安全性增强的三因子远程用户身份认证方案研究[J].软件导刊,2017,16(12):188-193.

二级引证文献1

1周嘉懿.浅议无线网络中身份认证协议选择方法[J].网络安全技术与应用,2016(2):75-75.

1昝亚洲,刘文芬,魏江宏,王君.适用于无线传感器网络的动态ID认证方案[J].密码学报,2014,1(5):422-436. 被引量：3
2昝亚洲,刘文芬,魏江宏.基于动态ID的多服务器认证密钥协商方案[J].信息工程大学学报,2014,15(6):654-663. 被引量：1
3黄强.密码体制与消息认证技术[J].电子技术参考,1997(2):1-11.
4崔媛媛 ,周永彬 ,丁金扣 ,温巧燕 .一种具有用户匿名性和前向安全性的WTLS握手协议的安全性分析及其改进[J].高技术通讯,2005,15(4):6-10. 被引量：3
5张新林.CMOS电路内结点桥接故障的动态IDDQ可测性研究[J].宝鸡文理学院学报（自然科学版）,2000,20(1):56-58. 被引量：2
6段晓毅,张其善,刘建伟.基于动态ID的远程认证方案的改进[J].北京航空航天大学学报,2007,33(5):565-567. 被引量：2
7李兴莹.公钥密码体制在移动通信网络中的运用[J].网络安全技术与应用,2008(12):91-92.
8罗少贤.对移动通信网中的安全问题的探讨[J].中山大学研究生学刊（自然科学与医学版）,2004,25(3):63-74. 被引量：2
9屈娟,邹黎敏,王永峰.具有匿名性的无线漫游认证协议的分析与改进[J].西北师范大学学报（自然科学版）,2013,49(6):55-58. 被引量：1
10于继东.移动通信网络中公钥密码技术的应用[J].黑龙江科技信息,2016(29):169-169.

信息工程大学学报

2014年第3期

浏览历史

内容加载中请稍等...

基于动态ID的远程用户交互认证方案被引量：2

参考文献20

二级参考文献31

共引文献28

同被引文献19

引证文献2

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于动态ID的远程用户交互认证方案 被引量：2

参考文献20

二级参考文献31

共引文献28

同被引文献19

引证文献2

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于动态ID的远程用户交互认证方案被引量：2