计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2010年
7期
142-143,146
,共3页
口令认证%智能卡%假冒攻击%离线口令猜测攻击
口令認證%智能卡%假冒攻擊%離線口令猜測攻擊
구령인증%지능잡%가모공격%리선구령시측공격
password authentication%smart card%impersonation attack%off-line password guessing attack
Rhee H S等人(Computer Standards & Interfaces, 2009, No.1)提出的协议使用移动设备代替智能卡记忆数据降低风险和成本,但该协议仍存在一些不足.针对该问题,基于Chan-Cheng攻击案例,指出该协议难以抵抗假冒攻击和离线口令猜测攻击,为克服这些缺陷,给出一种改进方案,通过实验证明了该方案可以有效抵抗上述2种攻击,并能保证其口令的秘密性及身份认证的安全性.
Rhee H S等人(Computer Standards & Interfaces, 2009, No.1)提齣的協議使用移動設備代替智能卡記憶數據降低風險和成本,但該協議仍存在一些不足.針對該問題,基于Chan-Cheng攻擊案例,指齣該協議難以牴抗假冒攻擊和離線口令猜測攻擊,為剋服這些缺陷,給齣一種改進方案,通過實驗證明瞭該方案可以有效牴抗上述2種攻擊,併能保證其口令的祕密性及身份認證的安全性.
Rhee H S등인(Computer Standards & Interfaces, 2009, No.1)제출적협의사용이동설비대체지능잡기억수거강저풍험화성본,단해협의잉존재일사불족.침대해문제,기우Chan-Cheng공격안례,지출해협의난이저항가모공격화리선구령시측공격,위극복저사결함,급출일충개진방안,통과실험증명료해방안가이유효저항상술2충공격,병능보증기구령적비밀성급신빈인증적안전성.
Thel protocol proposed by Rhee H S et al(Computer Standards & Interfaces, 2009, No.1) uses mobile equipment to replace smart card to reduce risk and cost, but it exists some demerits. Aiming at this problem, based on Chan-Cheng attack case, it points out that the protocol can not resist impersonation attack and off-line password guessing attack. In order to overcome these drawbacks, it gives the improved scheme. Experimental results show this scheme is strongly resistant to both of these attacks, which keeps the password secret and authenticating ID.