摘要: 研究近期提出的2个远程用户认证方案,对其进行伪造攻击。利用基于身份的签名思想提出一个基于身份的远程用户认证方案,在实现动态认证的同时无须用户与远程服务器端交互,通信量小,远端服务器无须保存或维护任何口令或验证表,存储代价低,可以避免口令攻击、重放攻击、伪造攻击、中间人攻击等,安全性高。
关键词:
认证,
双线性对,
智能卡,
口令,
时戳
Abstract: Two remote user authentication schemes proposed recently are studied, they are both vulnerable to forgery attacks. Identity-based remote user authentication scheme using identity-based signature system is presented. It obtains low communicational cost and dynamic authentication service without interaction between the user and the remote server, achieves little storage in the remote server because it does not need reserve or maintain any password or any table for verification. Its security is high for the reason that it can avoid some familiar attacks such that password attacks, replay attacks, forgery attacks, man-in-the-middle attacks and so on.
Key words:
authentication,
bilinear parings,
smart card,
password,
timestamp
中图分类号:
张少武;李 毅;曾立君;韩继红. 基于身份的远程用户认证方案[J]. 计算机工程, 2008, 34(12): 149-151.
ZHANG Shao-wu; LI Yi; ZENG Li-jun; HAN Ji-hong. Identity-based Remote User Authentication Schemes[J]. Computer Engineering, 2008, 34(12): 149-151.