作　　者： ; ; ; (汪定）;

机构地区： 哈尔滨工程大学计算机科学与技术学院

出　　处： 《电子与信息学报》 2012年第10期2520-2526,共7页

摘　　要： 该文讨论了Fang等人(2011)新近提出的一个安全高效的基于智能卡的远程用户口令认证方案,指出原方案无法实现所声称的抗离线口令猜测攻击,对平行会话攻击和已知密钥攻击是脆弱的,并且存在用户口令更新友好性差问题。给出一个改进方案,对其进行了安全性和效率分析。分析结果表明,改进方案弥补了原方案的安全缺陷,保持了较高的效率,适用于安全需求较高的资源受限应用环境。 Recently Fang et al. （2011） proposed a password-based remote user authentication scheme using smart cards for resource-constrained environment, and claimed that their scheme was secure and practical. However, it is found that their scheme can not achieve the claimed security, it is vulnerable to offline password guessing attack, parallel session attack and known key attack. In addition, the password change phase of their scheme is not user-friendly and practical. Consequently, an improved scheme is presented and analyzed, the analysis shows that new scheme eliminates the defects of Fang et al.＇s scheme while keeping the merit of high performance, suitable for resource-constrained and security-concerned application scenarios.

关 键 词： 身份认证 智能卡 离线口令猜测攻击 平行会话攻击

领　　域： [自动化与计算机技术] [自动化与计算机技术]