对两个基于智能卡的多服务器身份认证方案的密码学分析与改进  被引量：6

作　　者：屈娟[1] 李艳平[2] 伍习丽[1] 

机构地区：[1]重庆三峡学院数学与统计学院,重庆404000 [2]陕西师范大学数学与信息科学学院,西安710062

出　　处：《计算机应用》2015年第8期2199-2204,共6页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61402275);陕西省自然科学基金计划研究项目(2012JQ8023);重庆三峡学院项目(14QN29)

摘　　要：身份认证是用户访问网络资源时的一个重要安全问题。近来,Xu等(XU C,JIA Z,WEN F,et al.Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards[J].Journal of Computational Information Systems,2013,9(14):5513-5520)提出了一个基于智能卡的动态身份用户认证方案。分析指出其方案不能抵抗中间人攻击和会话密钥泄露攻击,且无法实现会话密钥前向安全性。此外,指出Choi等(CHOI Y,NAM J,LEE D,et al.Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics[J].The Scientific World Journal,2014,2014:281305)提出的基于智能卡和生物特征的匿名多服务器身份认证方案(简称CNL方案)易遭受智能卡丢失攻击、服务器模仿攻击,且不能提保护用户的匿名性。最后,基于生物特征和扩展混沌映射,提出了一个安全的多服务器认证方案,安全分析结果表明,新方案消除了Xu方案和CNL方案的安全漏洞。User authentication is an important security issue when user access resources from network. Recently, Xu et al. （XU C, JIA Z, WEN F, et al. Cryptanalysis and improvement of a dynamic ID based remote user authentication scheme using smart cards [J]. Journal of Computational Information Systems, 2013, 9（ 14）： 5513 -5520） proposed a dynamic ID based remote user authentication scheme using smart cards. Though the rigorous security analysis, it was found that Xu scheme could not resist man in-the-middle attack and session key disclosure attack, and could not provide perfect forward secrecy for session key. Additionally, it was also demonstrated that the scheme proposed by Choi et al. （ CHOI Y, NAM J, LEE D, et al. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics [ J]. The Scientific World Journal, 2014, 2014： 281305）was vulnerable to smart card loss attack, server spoofing attack, and could not provide user anonymity. Therefore, these two schemes could not be suitable for practical applications. At last, an improved scheme was proposed based on biometrics and extended chaotic maps to overcome the lack of Xu scheme and CNL scheme.

关 键 词：多服务器 认证 中间人攻击 前向安全 匿名 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]