系统工程理论与实践
繫統工程理論與實踐
계통공정이론여실천
Systems Engineering—Theory & Practice
2010年
10期
1877~1882
,共null页
智能卡 远程用户认证 双向认证 离线口令猜测攻击
智能卡 遠程用戶認證 雙嚮認證 離線口令猜測攻擊
지능잡 원정용호인증 쌍향인증 리선구령시측공격
smart card; remote user authentication; mutual authentication; off-line password guessing attack
2009年Park等提出了一个高效远程用户认证协议,并宣称这是第一个能抵抗离线口令猜测攻击的基于智能卡的口令认证方案,具有不需要存储口令表、没有时间戳、传输和计算量小等优点.然而,本文指出了他们的方案无法抵抗离线口令猜测攻击和伪造攻击.为克服其安全性缺陷,提出了不影响原方案功能的、基于随机数和基于时间戳的两个认证协议.技术分析表明提出的改进方案是安全、高效和实用的.
2009年Park等提齣瞭一箇高效遠程用戶認證協議,併宣稱這是第一箇能牴抗離線口令猜測攻擊的基于智能卡的口令認證方案,具有不需要存儲口令錶、沒有時間戳、傳輸和計算量小等優點.然而,本文指齣瞭他們的方案無法牴抗離線口令猜測攻擊和偽造攻擊.為剋服其安全性缺陷,提齣瞭不影響原方案功能的、基于隨機數和基于時間戳的兩箇認證協議.技術分析錶明提齣的改進方案是安全、高效和實用的.
2009년Park등제출료일개고효원정용호인증협의,병선칭저시제일개능저항리선구령시측공격적기우지능잡적구령인증방안,구유불수요존저구령표、몰유시간착、전수화계산량소등우점.연이,본문지출료타문적방안무법저항리선구령시측공격화위조공격.위극복기안전성결함,제출료불영향원방안공능적、기우수궤수화기우시간착적량개인증협의.기술분석표명제출적개진방안시안전、고효화실용적.
In 2009,Park,et al.proposed an efficient remote user authentication protocol.They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack,and had many advantages over existing solutions such as no password tables and timestamp,low communication and computational costs.However,this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack.To overcome the security weaknesses,two improved schemes based on either nonce or timestamp without affecting the merits of the Park,et al.scheme are proposed.Technical discussions are provided to show that the improved protocol is secure,efficient and practical.
