摘要
通过对已有智能卡远程用户认证协议进行分析,指出该身份验证协议无法抵御离线密码猜测攻击,且不能提供用户匿名性,并提出一种轻量级的身份验证协议。所有发送的信息均不包含密码信息,通过设置服务器私人密钥的方式抵御离线密码猜测攻击。为实现用户匿名性,使攻击者无法对用户的行为进行跟踪,在每个会话中采用掩码用户身份标识。BAN逻辑证明了所提协议的正确性。与其它协议相比,所提协议在身份验证安全性方面更优,执行时间适中,适用于真实环境。
After analyzing the remote user authentication protocol based on smart card,it was pointed out that the authentication protocol can not resist off-line password guessing attack,and that it also can not provide user anonymity.Meanwhile,a lightweight authentication protocol was proposed.All the sending messages did not contain password information,and by setting up the server private key,the protocol protected against offline password guessing attacks.To realize user anonymity and to make the attacker unable to track the user’s behavior,masked user identity was used in each session.The BAN logic proves the correctness of the proposed protocol.Compared with other protocols,the proposed protocol is better in authentication and security.And the execution time is moderate,which is more suitable for real applications.
作者
李祉岐
孙磊
闻凯
LI Zhi-qi;SUN Lei;WEN Kai(Beijing Telecom Network Technology Limited Company,Beijing 100070,China;College of Automation,Nanjing University of Aeronautics and Astronautics,Nanjing 210016,China)
出处
《计算机工程与设计》
北大核心
2018年第11期3374-3379,共6页
Computer Engineering and Design
