基于动态身份的远程用户认证方案

A secure dynamic identity-based remote user authentication scheme

对基于智能卡的具有匿名性的远程用户认证方案进行分析研究,发现该方案存在无法抵抗离线口令猜测攻击、内部人员攻击、冒充用户攻击和冒充服务器攻击等问题。针对这些安全漏洞,基于哈希函数和随机数给出了一个动态身份的远程用户认证方案。分析结果表明,改进的方案不仅弥补了原方案安全漏洞,而且用户可自由更新口令,适于实际应用。

A remote user authentication scheme with user anonymity based on a smart card were analyzed, it was found that the scheme was insecure to against offiine password guessing attack, insider attack, user impersonation attack and server spoofing attack. In order to overcome these pitfalls, a dynamic identity remote user authentication scheme based on hash function and random number is proposed. The results show that the new scheme not only removes the aforementioned drawbacks, but also makes user free to update the password. So, the improved scheme is more suitable for practical application.