Abstract: An improved remote user authentication scheme with smart cards using bilinear pairings is proposed, by analyzing the remote user authentication scheme with smart cards using bilinear pairings. It is found the scheme is still vulnerable to masquerade attack and server disguise attack. By encrypting and decrypting with the server’s public key, and inducting sequence number so that there is a bidirectional authentication between user and server, the improved scheme not only inherits the security of original one, but also can resist masquerade attack and server disguise attack with stronger security.

Key words: bilinear pairings, smart card, password authentication, masquerade attack, server disguise attack

摘要： 通过对一种使用双线性对构造的智能卡口令认证方案的分析，发现该方案不能抵抗冒充攻击和服务器伪装攻击。针对该问题，提出一种改进的基于双线性对的智能卡口令认证方案，即利用服务器公钥进行加解密操作，通过引入序列号使用户与系统间进行了双向认证，不仅保持了原有方案的安全性，而且能有效地抵御冒充攻击和服务器伪装攻击，安全性更高。

关键词: 双线性对, 智能卡, 口令认证, 冒充攻击, 服务器伪装攻击

CLC Number: 

• TP309