摘要
Wu提出的基于几何方法的程登录认证方案无法抵制假冒攻击.为此,Chien等人给出了一个改进方案,但这种改进方案存在安全缺陷,极易受到猜测攻击.一旦用户的口令被猜测到,攻击者就可利用该口令在任意时间成功地进行远程登录认证.为了克服这个缺陷,在智能卡中存储了一个随机数,从而得到一种新的改进方案.在新的改进方案中,攻击者无法离线检验所猜测的口令是否正确,因而可以避免猜测攻击.
Wus remote login authentication scheme could not resist the impersonation attack. That scheme is based on simple geometric properties on the Euclidean plane. Chien proposed a modified scheme to improve Wus scheme. In this paper,a cyrptanalysis of Chiens scheme shows that the improved scheme is also vulnerable to the guessing attack. An attacker can obtain a users password by guessing, and then succeed in remote login authentication using this password. In our improved scheme, to overcome this disadvantage, a random number is selected and stored in a smart card. Therefore, it is impossible for an attacker to verify the guessed password offline.
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2003年第3期378-380,402,共4页
Journal of Xidian University
基金
国家自然科学基金重大计划资助项目(90204012)
国家863计划(2002AA143021)
2003年教育部科学技术研究重点项目
教育部优秀青年教师资助计划