检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京航空航天大学电子信息工程学院,北京100191
出 处:《计算机研究与发展》2012年第12期2611-2618,共8页Journal of Computer Research and Development
基 金:国家"八六三"高技术研究发展计划基金项目(2009AA01Z418);中央高校基本科研业务费专项基金项目(1002009);中国博士后科学基金项目(20090460192)
摘 要:依据HTOP认证架构,结合密钥生成算法、EHMAC算法和动态截短函数设计了一种改进的动态口令生成算法EOTP,并利用该算法设计了能够满足身份认证系统基本要求的认证协议.此外,为了解决失步问题,提出基于窗口机制的重同步方案,将其分为窗口内和窗口外两种同步方式.最后,对所提算法和协议的性能及安全性进行了分析,该算法和协议执行速度快,易于通过令牌或智能卡硬件实现,能够有效抵抗蛮力攻击、口令窃取和截获/重放消息等攻击方式,具有很高的安全性.According to HOTP authentication framework, an enhanced dynamic password generation algorithm EOTP is designed, combined with key generation algorithm, EHMAC algorithm and dynamic truncated function. At the same time, a detailed authentication protocol based on EOTP algorithm is proposed to meet the basic requirements of authentication system. Besides, in order to solve the problem of stepping out, a resynchronization scheme based on window mechanism is designed to provide inside window resynchronization and outside window resynchronization. Finally, the security and performance of the proposed algorithm and protocol are analyzed. Results show that the algorithm has fast computing speed and high security, and it is easy to be implemented by using token or smart card hardware. The protocol can resist attacks such as brute-force attack, password theft, dictionary attack and interception/replay attack effectively, and has very high security.
分 类 号:TP393.09[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.116.67.226