CAJ | 학술논문

提出一个适合远程用户的口令认证和密钥交换协议,该协议在不信任网络中运行,无需认证表和交换密钥.新的协议可抵抗被动或主动入侵,甚至内部攻击者的字典攻击,即使弱的口令也可以安全地使用.协议还满足完备的前向安全性,在当前口令泄露后不影响以前会话的安全性.在所提协议中,用户口令并不是以明文的形式储存,因此当攻击者获取智能卡后,并不能直接登录到主机.文中协议高效且安全,可广泛应用于需要口令认证的环境.同以往工作相比,所提协议对分布式或便携式设备更加有效.
제출일개괄합원정용호적구령인증화밀약교환협의,해협의재불신임망락중운행,무수인증표화교환밀약.신적협의가저항피동혹주동입침,심지내부공격자적자전공격,즉사약적구령야가이안전지사용.협의환만족완비적전향안전성,재당전구령설로후불영향이전회화적안전성.재소제협의중,용호구령병불시이명문적형식저존,인차당공격자획취지능잡후,병불능직접등록도주궤.문중협의고효차안전,가엄범응용우수요구령인증적배경.동이왕공작상비,소제협의대분포식혹편휴식설비경가유효.
The paper presents a new password authentication and key-exchange protocol suitable for remote users without verification table and exchanging keys over an untrusted network.The new protocol can resist dictionary attacks by either passive or active network intruders. Against an insider attacker,even weak password phrases can also be used safely.It also offers perfect forward secrecy,which protects past sessions and passwords against future compromises.Since the user passwords are stored in a form that is not plaintextequivalent to the password itself,an attacker with a smart card cannot use it directly to compromise security and immediately access the host.The proposed protocol is secure,simple,and fast,making it ideal for a wide range of applications in which secure password authentication is required.Compared with the related works,the proposed scheme is more efficient and practical for distributed or portable devices.