摘要： 分析指出Liaw等人的远程用户认证方案(Mathematical and Computer Modelling, 2006, No. 1/2)容易受到重放攻击和中间人攻击，并且密码修改阶段和注册阶段存在安全漏洞，在此基础上提出一个基于D-H密钥交换协议的远程用户认证方案。理论分析结果表明，该方案可以抵抗假冒攻击、重放攻击、中间人攻击，安全地实现相互认证及会话密钥生成。

关键词: 用户认证, D-H密钥交换协议, 智能卡, 会话密钥, 哈希函数, 中间人攻击

Abstract: Analysis indicates that Liaw et al’s remote user authentication scheme is vulnerable to replay attack, man-in-the-middle attack, and there are obvious security vulnerabilities in the password changing phase and registration phase. A remote user authentication scheme based on Diffie-Hellman(D-H) key exchange protocol is proposed. Theoretical analysis shows that the scheme can resist impersonation attack, replay attack, man-in-the-middle attack, and it can implement mutual authentication and session key generation securely.

Key words: user authentication, Diffie-Hellman(D-H) key exchange protocol, smart card, session key, hash function, man-in-the-middle attack

中图分类号: 

• TP309.2