系统工程理论与实践
繫統工程理論與實踐
계통공정이론여실천
Systems Engineering—Theory & Practice
2015年
1期
191~204
,共null页
汪定 王平 李增鹏 马春光
汪定 王平 李增鵬 馬春光
왕정 왕평 리증붕 마춘광
认证协议 RSA 随机预言机模型 重放攻击 智能卡
認證協議 RSA 隨機預言機模型 重放攻擊 智能卡
인증협의 RSA 수궤예언궤모형 중방공격 지능잡
authentication protocol; RSA; random oracle model; replay attack; smart card
身份认证是确保信息系统安全的基本手段,基于RSA的认证协议由于实用性较强而成为近期研究热点.讨论了Xie等提出的一个基于RSA的双因子远程用户认证协议,指出该协议不能抵抗重放攻击和密钥泄露仿冒攻击,无法实现所声称的安全性,并且存在用户隐私泄露和可修复性差问题,不适于实际应用.给出一个改进方案,在随机预言机模型下,基于RSA假设证明了改进方案的安全性.与现有的基于RSA的同类协议相比,改进协议在保持较高效率的同时,首次实现了可证明安全性,适用于安全需求较高的移动应用环境.
身份認證是確保信息繫統安全的基本手段,基于RSA的認證協議由于實用性較彊而成為近期研究熱點.討論瞭Xie等提齣的一箇基于RSA的雙因子遠程用戶認證協議,指齣該協議不能牴抗重放攻擊和密鑰洩露倣冒攻擊,無法實現所聲稱的安全性,併且存在用戶隱私洩露和可脩複性差問題,不適于實際應用.給齣一箇改進方案,在隨機預言機模型下,基于RSA假設證明瞭改進方案的安全性.與現有的基于RSA的同類協議相比,改進協議在保持較高效率的同時,首次實現瞭可證明安全性,適用于安全需求較高的移動應用環境.
신빈인증시학보신식계통안전적기본수단,기우RSA적인증협의유우실용성교강이성위근기연구열점.토론료Xie등제출적일개기우RSA적쌍인자원정용호인증협의,지출해협의불능저항중방공격화밀약설로방모공격,무법실현소성칭적안전성,병차존재용호은사설로화가수복성차문제,불괄우실제응용.급출일개개진방안,재수궤예언궤모형하,기우RSA가설증명료개진방안적안전성.여현유적기우RSA적동류협의상비,개진협의재보지교고효솔적동시,수차실현료가증명안전성,괄용우안전수구교고적이동응용배경.
With identity authentication becoming an essential mechanism to ensure robust system security in information systems, RSA-based authentication protocols have been studied intensively for their great practicality. This paper points out that a recent RSA-based remote user two-factor authentication protocol proposed by Xie et al. cannot achieve the claimed security and reports its following flaws: (1) It is vulnerable to replay attack and key compromise impersonation attack; (2) It suffers from the problem of user privacy violation and poor repairability. As our main contribution, an improved scheme is put forward and formally proved secure under the RSA assumption in the random oracle model. As compared with other related schemes, our scheme is the first one that can achieve provable security while keeping the merit of high performance. Consequently, our scheme is more well-suited for mobile application scenarios where resource is severely constrained and security is particularly concerned.