检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:张利华[1]
机构地区:[1]北京航空航天大学
出 处:《微电子学与计算机》2007年第6期80-83,共4页Microelectronics & Computer
基 金:国家自然科学基金项目(60271012)
摘 要:分析了一个低开销的基于随机数的远程身份认证方案的安全性,指出了该方案的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证方案(NHRA方案)。该方案使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该方案允许用户自主选择和更改口令,实现了双向认证,有更小的计算开销;能够抵御假冒远程主机攻击、抵御假冒合法用户攻击;能够迅速检测口令输入错误及正确判断认证失败原因;具备强安全修复性。The security of a new proposed remote user authentication scheme is analyzed. Whereby it uses nonce ran- dom and has very low computational costs. However, this scheme still has many secure faults. The weakness of the scheme is demonstrated. NHRA, a novel nonce and Hash based remote user authentication scheme using smart cards is also presented. In order to avoid the risk of message replay attack, the scheme uses nonce random instead of using time stamps. NHRA has many merits: it let users freely choose and change password at their own will; it provides mutual authentication between two entities; it has more lower computational costs; it resists masquerading remote system or legitimate user attack; in addition, it can detect fast when user inputs wrong password and give the correct indication of the reason; Furthermore, it has strong security reparability.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.216.130.198
