摘要
身份认证是确保信息安全的重要手段,混沌映射身份认证协议因其高效性而成为近期研究的热点。2015年,Zhu提出了一个改进的混沌映射协议,声称其可以抵抗冒充攻击、字典攻击,并且提供用户匿名性;然而,Tong等指出Zhu的协议存在离线字典攻击、冒充攻击等问题且无法确保用户匿名性,并提出了一个新的改进协议(简称TC协议)。针对Zhu和TC协议方案,文中指出了其不能确保前向安全性以及容易遭受拒绝服务攻击等安全性缺陷,并提出了一个新的基于智能卡的混沌映射协议方案。安全性分析及同其他相关方案的比较结果表明了所提协议的高安全性和实用性。
Identity authentication is an important means to ensure information security.Chaos mapping indentity authentication scheme has become a hot research topic recently because of its high efficieny.In 2015,Zhu proposed an improved chaotic mapping protocol,and claimed that it can oppose impersonation attack and dictionary attack,and it also can provide user anonymity.However,Tong et al.pointed out Zhu’s protocol has the problems of offline dictionary attack,impersonation attack and can’t guarantee user’s anonymity,and proposed a new improvement protocol(short for TC scheme).Aiming at Zhu and TC protocol schemes,this paper pointed out their security defects,for example,the forward security can’t be guaranteed and they are easy suffering from denial of service attack.Meanwhile,this paper proposed a new protocol scheme using smart card.The security analysis and the comparison results with other related protocols indicate the high security and practicability of the porposed protocol.
作者
王松伟
陈建华
WANG Song-wei;CHEN Jian-hua(School of Mathematics and Statics,Wuhan University,Wuhan 430072,China)
出处
《计算机科学》
CSCD
北大核心
2019年第1期175-181,共7页
Computer Science
关键词
混沌映射
异步
动态身份
认证
密钥协商
Chaotic mapping
Asynchronous
Dynamic identity
Authentication
Key agreement
