您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2017, Vol. 52 ›› Issue (1): 37-42.doi: 10.6040/j.issn.1671-9352.2.2015.289

• • 上一篇    下一篇

基于动态身份的远程用户认证方案

屈娟1,李艳平2   

  1. 1.重庆三峡学院数学与统计学院, 重庆 万州 404000;2. 陕西师范大学数学与信息科学学院, 陕西 西安 710062
  • 收稿日期:2015-05-31 出版日期:2017-01-20 发布日期:2017-01-16
  • 作者简介:屈娟(1984— ),女,硕士,讲师,主要研究方向为认证理论.E-mail: qulujuan@163.com
  • 基金资助:
    国家自然科学基金资助项目(61402275);重庆市教委科学技术研究基金资助项目(KJ1501019);重庆三峡学院项目(14QN29)

A secure dynamic identity-based remote user authentication scheme

QU Juan1, LI Yan-ping2   

  1. 1. School of Mathematics and Statistics, Chongqing Three Gorges University, Wanzhou 404000, Chongqing, China;
    2. College of Mathematics and Information Science, Shaanxi Normal University, Xian 710062, Shaanxi, China
  • Received:2015-05-31 Online:2017-01-20 Published:2017-01-16

摘要: 对基于智能卡的具有匿名性的远程用户认证方案进行分析研究,发现该方案存在无法抵抗离线口令猜测攻击、内部人员攻击、冒充用户攻击和冒充服务器攻击等问题。针对这些安全漏洞,基于哈希函数和随机数给出了一个动态身份的远程用户认证方案。分析结果表明,改进的方案不仅弥补了原方案安全漏洞,而且用户可自由更新口令,适于实际应用。

关键词: 智能卡, 密钥协商, 动态身份, 认证

Abstract: A remote user authentication scheme with user anonymity based on a smart card were analyzed, it was found that the scheme was insecure to against offline password guessing attack, insider attack, user impersonation attack and server spoofing attack. In order to overcome these pitfalls, a dynamic identity remote user authentication scheme based on hash function and random number is proposed. The results show that the new scheme not only removes the aforementioned drawbacks, but also makes user free to update the password. So, the improved scheme is more suitable for practical application.

Key words: smart card, authentication, key agreement, dynamic identity

中图分类号: 

  • TP309
[1] LAMPORT L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11):770-772.
[2] HWANG M S, LI L H. A new remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2000, 46(1):28-30.
[3] LIN C H, LAI Y Y. A flexible biometrics remote user authentication scheme[J]. Computer Standards & Interfaces, 2004, 27(1):19-23.
[4] KHAN M K, ZHANG J. Improving the security of a flexible biometrics remote user authentication scheme[J]. Computer Standards & Interfaces, 2007, 29(1): 82-85.
[5] TSAI J L. Efficient multi-server authentication scheme based on one-way hash function without verification table[J]. Computers & Security, 2008, 27(3): 115-121.
[6] TSENG H R, JAN R H, YANG W. A bilateral remote user authentication scheme that preserves user anonymity[J]. Security and Communication Networks, 2008,1(4): 301-308.
[7] ZHU H F, HAO X, ZHANG Y F, et al. A biometrics-based multi-server key agreement scheme on chaotic maps cryptosystem[J]. Journal of Information Hiding and Multimedia Signal Processing, 2015, 6(2): 211-224.
[8] TSAI C S, LEE C C, HWANG M S. Password Authentication Schemes: current status and key issues[J]. Internatonal Journal of Network Security, 2006, 3(2): 101-115.
[9] DAS M L, SAXEAN A, GULATI V P. A dynamic ID-based remote user authentication scheme[J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 629-631.
[10] KU W C, CHANG S T. Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards[J]. IEICE Transactions on Communications, 2005, 88(5):2165-2167.
[11] WANG Y, LIU J, XIAO F, et al. A more efficient and secure dynamic ID-based remote user authentication scheme[J]. Computer Communications, 2009, 32(4): 583-585.
[12] LIAO C H, CHEN H C, WANG C T. An exquisite mutual authentication scheme with key agreement using smart card[J]. Informatica, 2009, 33(2): 117-124.
[13] SHIN S, KIM K, KIM K H, et al. A remote user authentication scheme with anonymity for mobile devices[J]. International Journal of Advanced Robotic Systems, 2012, 9(13): 1-7.
[14] LEE Y C. Weakness and Improvement of the Smart Card Based Remote User Authentication Scheme with Anonymity [J]. Journal of Information Science and Engineering, 2013, 29(6): 1121-1134.
[1] 朱智强,马可欣,孙磊. 一种基于零知识证明的远程桌面认证协议[J]. 山东大学学报(理学版), 2016, 51(9): 47-52.
[2] 查明明,王伟. FlowMonitor: Android隐私数据流向监控防护系统[J]. 山东大学学报(理学版), 2016, 51(9): 59-67.
[3] 苏彬庭,许力,方禾,王峰. 基于Diffie-Hellman的无线Mesh网络快速认证机制[J]. 山东大学学报(理学版), 2016, 51(9): 101-105.
[4] 万智萍. 一种混合Das协议的无线传感器网络身份验证协议[J]. 山东大学学报(理学版), 2015, 50(05): 12-17.
[5] 王旭宇, 景凤宣, 王雨晴. 一种基于Hash函数的RFID认证改进协议[J]. 山东大学学报(理学版), 2014, 49(09): 154-159.
[6] 倪亮1,2,3,陈恭亮3,李建华3. eCK模型的安全性分析[J]. J4, 2013, 48(7): 46-50.
[7] 汪定1,2,薛锋1,王立萍1,马春光2. 改进的具有PFS特性的口令认证密钥协商方案[J]. J4, 2012, 47(9): 19-25.
[8] 王鹃1,2,何琪1,严飞1,2,蒋万伟1,杨明1,王妍1. 一种以用户为中心的移动互联网身份管理及认证系统[J]. J4, 2012, 47(11): 12-17.
[9] 潘晓中1,2,罗鹏1,刘方明1,雷雨1. 基于FPGA的数字认证相机设计[J]. J4, 2012, 47(11): 59-66.
[10] 陈权1,2,项世军2*. 基于intDCT和扩展嵌入的可逆脆弱认证水印研究[J]. J4, 2012, 47(11): 24-30.
[11] 石润华,仲红. 一种新型匿名门限秘密共享方案[J]. J4, 2012, 47(11): 31-39.
[12] 郑世慧,王少辉,张国艳 . 一个动态的安全有效的群密钥协商协议[J]. J4, 2006, 41(2): 89-93 .
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!