摘要
身份认证是网络安全技术的一个重要组成部分。分析了挑战/应答认证机制和数字签名技术的原理,针对现有的基于数字签名的动态身份认证系统的缺陷,提出了一种基于数字签名的优化动态身份认证系统。该系统将挑战/应答认证机制的挑战方向逆转,挑战发起动作由客户端实施。分析结果表明,该系统可以减少认证过程中双方的通信次数,同时可以抵御网络重放攻击,暴力攻击和防止网络窃听,支持双向的身份认证。
User Authentication is one of the important parts in networking security. The principles of challenge/response scheme and digital signature technology are analyzed. For the existing defects among dynamic authentication based on digital signature, an improved dynamic authentication mechanism based on digital signature is put forward. The direction of challenge in the challenge/response scheme is reversed, which means the action of challenge is initiated by clients. Analysis shows that the mechanism can reduce the frequency of communication of both sides in authentication process. Meanwhile, the new mechanism can also defense network playback attacks, violent attacks, network Sniffers, and can support bidirectional authentication as well.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第15期3511-3513,共3页
Computer Engineering and Design
关键词
动态身份认证
挑战/应答认证机制
数字签名
数字证书
网络安全
dynamic authentication
challenge/response scheme
digital signature
digital certificate
network security
