摘要
动态口令身份认证机制是目前身份认证技术发展的一个重要方向。但是在很多动态口令机制中,用户的认证数据通常利用在服务器储存的验证因子进行掩码传输,如果验证因子被盗,攻击者就可以伪造验证数据,因此动态口令认证机制易遭受盗窃攻击。最近提出了一种新的抗盗窃攻击的动态口令认证方案2GR,但是2GR不能抵抗拒绝服务攻击,也没有提供用户和服务器的双向认证。将在2GR方案的基础上提出一个基于智能卡的改进方案,该方案能解决上述问题。
The dynamic password authentication mechanism is an important development direction of authentication. But in many dynamic password authentication schemes, user's authentication data are transferred masking with the verifiers stored in the server. Once the verifier is stolen, the attacker can forge authentication data. Therefore, those schemes are vulnerable to theft attacks. Recently a new scheme named 2GR is proposed and showes that it can resist stolen-verifier attack. But the 2GR can't provide protection against denial of service attack, and doesn't provide mutual authentication. This paper proposes a revised scheme using smart cards, which eliminates such problems.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第24期172-174,共3页
Computer Engineering
关键词
身份认证
强口令
动态口令
智能卡
Authentication
Strong password
Dynamic password
Smart card
