摘要： 传统用于保护用户密钥隐私的相互认证方案不能有效抵抗重放攻击与DOS攻击。为此，将安全单向哈希函数和椭圆曲线上的离散对数难问题相结合，提出一种基于智能卡的相互认证方案。该方案通过引入时间戳及时延限制，能有效抵抗重放攻击，并减轻DOS攻击。相比于其他同类方案，该方案的移动用户端减少2次点的加法运算，提高用户端的计算效率。分析结果表明，该方案是安全有效的。

关键词: 相互认证, 密钥协商, 智能卡, 时间戳

Abstract: An authentication and key agreement scheme, which suffers from the replay attacks and dos attacks, preserving the privacy of secret key is proposed. For improving their scheme to ensure robust security for the mutual authentication process, it proposes an efficient authentication scheme using smart cards, which is based on elliptic curve discrete logarithm problem and a secure one-way hash function. It defends replay attack and mitigates do attack that could be launched against other related previous schemes because it is timestamp-based, and requires less computational cost. The analysis result shows this scheme is secure and efficient.

Key words: mutual authentication, key agreement, smart card, timestamp

中图分类号: 

• TP311