作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于生物特征的匿名远程用户认证方案

屈 娟  1a,彭 扬  1a,谭晓玲  1b ,张建中 2   

  1. (1. 重庆三峡学院a. 数学与统计学院; b. 电子与信息工程学院,重庆404100;2. 陕西师范大学数学与信息科学学院,西安710062)
  • 收稿日期:2014-08-21 出版日期:2015-06-15 发布日期:2015-06-15
  • 作者简介:屈 娟(1984 - ),女,讲师、硕士,主研方向:信息安全,密码学;彭 扬,助教、硕士;谭晓玲,副教授;张建中,教授、博士。
  • 基金资助:

    国家自然科学基金资助项目(61173190);重庆市教委科学技术研究基金资助项目(KJ1401009)。

Anonymous Remote User Authentication Scheme Based on Biological Features

QU Juan 1a ,PENG Yang 1a ,TAN Xiaoling 1b ,ZHANG Jianzhong 2   

  1. (1a. College of Mathematics and Statistics;1b. College of Electronic and Information Engineering, Chongqing Three Gorges University,Chongqing 404100,China; 2. College of Mathematics and Information Science,Shaanxi Normal University,Xi’an 710062,China)
  • Received:2014-08-21 Online:2015-06-15 Published:2015-06-15

摘要:

分析基于生物特征与二次剩余的远程用户认证方案,指出其存在不能抵抗冒充用户攻击、假冒服务器攻击、会话密钥泄露攻击和拒绝服务攻击等安全缺陷,基于此提出一个基于生物特征、口令与智能卡的匿名远程用户认证方案,主要包含注册、登录、认证和口令更新4 个阶段。分析结果表明,该方案不仅克服了远程用户认证方案的安全缺陷,而且还可以抵抗智能卡丢失攻击、重放攻击,并实现了用户匿名性。

关键词: 认证, 智能卡, 生物特征, 口令, 匿名性

Abstract:

This paper analyzes a remote user authentication scheme based on biological features and quadratic residues, points out that the scheme is vulnerable to impersonation attack,server spoofing attack,session key disclosure attack and denial of service attack. To overcome these security flaws,the paper proposes a biological features based anonymous remote user authentication scheme with smart card, the scheme mainly includes register, login, authentication and password update. Analysis result shows that the proposed scheme not only solves the existing problems of previous scheme,but also can resist smart card lost attack,replay attack,and it implements user anonymity.

Key words: authentication, smart card, biological feature, password, anonymity

中图分类号: