摘要: Rhee H S等人(Computer Standards & Interfaces, 2009, No.1)提出的协议使用移动设备代替智能卡记忆数据降低风险和成本,但该协议仍存在一些不足。针对该问题,基于Chan-Cheng攻击案例,指出该协议难以抵抗假冒攻击和离线口令猜测攻击,为克服这些缺陷,给出一种改进方案,通过实验证明了该方案可以有效抵抗上述2种攻击,并能保证其口令的秘密性及身份认证的安全性。
关键词:
口令认证,
智能卡,
假冒攻击,
离线口令猜测攻击
Abstract: Thel protocol proposed by Rhee H S et al(Computer Standards & Interfaces, 2009, No.1) uses mobile equipment to replace smart card to reduce risk and cost, but it exists some demerits. Aiming at this problem, based on Chan-Cheng attack case, it points out that the protocol can not resist impersonation attack and off-line password guessing attack. In order to overcome these drawbacks, it gives the improved scheme. Experimental results show this scheme is strongly resistant to both of these attacks, which keeps the password secret and authenticating ID.
Key words:
password authentication,
smart card,
impersonation attack,
off-line password guessing attack
中图分类号:
柯芳芳;唐西林;章启恒. 对一个口令认证协议的可攻击性分析及改进[J]. 计算机工程, 2010, 36(7): 142-143,.
KE Fang-fang; TANG Xi-lin; ZHANG Qi-heng. Attack Analysis and Improvement of Password Authentication Protocol[J]. Computer Engineering, 2010, 36(7): 142-143,.