检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京航空航天大学电子信息工程学院,北京100191
出 处:《北京航空航天大学学报》2008年第9期1037-1040,共4页Journal of Beijing University of Aeronautics and Astronautics
基 金:国家自然科学基金资助项目(60672102)
摘 要:口令认证是远程身份认证中重要的方法.分析了一种基于hash函数强图形口令远程认证方案,指出该方案不能抵抗校验值丢失攻击:攻击者利用口令校验值可以假冒服务器,欺骗合法用户发送认证信息,生成登录信息假冒用户登录,并通过认证获得授权,而不用知道用户口令.引入了智能卡的应用,提出一种改进方案.智能卡用来存储服务器认证信息,实现了用户和服务器的双向认证,攻击者不能冒充服务器和用户的任何一方,并且攻击者从截获的信息中不能获得有用的用户认证信息.改进方案保留了原方案抵抗重放、拒绝服务、口令猜测、伪造、口令文件丢失以及内部攻击的特点,并能够抵抗校验值丢失和智能卡丢失攻击,具有更好的安全性.Password authentication scheme is a promising and practical solution to remote user authentication. The security of an authentication scheme using strong graphical passwords basing on hash function was analyzed. The scheme can not resist to stolen-verifier attack. The adversary can pretend to be a server to cheat a legal user to send him authentication message, and then it masquerades as a legal user by creating a valid login message, passes the authentication phase and gains the authority of a legitimate user without knowing user password. An enhanced scheme was proposed in which smart card is used for storing server authentication message. The server and user can authenticate each other. The adversary can personate neither server nor user and can not get useful login message from eavesdropped communication. The enhanced scheme can withstand replay attack, denial-of-service attack, password-guessing attack, forgery attack, password-file compromise attack and inside attack as the former scheme. It can also withstand stolen-verifier attack and smart card loss attack.
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229