Improved security enhancement for a dynamic ID-based remote user authentication scheme
-
摘要: 智能卡由于具有低功耗、安全计算和便携性的特点,常常被用做身份认证终端.基于静态口令的认证方案不能由用户选择密钥并且需要在服务器保存一个密钥表,而基于动态ID的方案能解决这些问题.提出了新的方案,指出Liao-Lee-Hwang方案中不能抗偷窃攻击的缺点,并在其基础上做了改进.新的改进方案不仅继承了原方案中抗猜测攻击、实现共同认证、服务器不会泄露用户密钥的的优点,同时也避免了窃取攻击;并且新的改进方案在计算量上也小于Liao-Lee-Hwang的方案.Abstract: Smart cards are secure, compact and intelligent data carriers, which can offers strong authentication and guaranteed non- repudiation. With the traditional authentication solution, the static password is rarely altered and maintained in the verifier table on the server. This is bringing forth the important attacks of replay attacks, guessing attacks, modication attacks, and stolen-verier attacks. However, the dynamic ID-based authentication solution can solve the problem. I-En Liao et al proposed a dynamic ID-based user authentication scheme using smart cards. The scheme has a lot of advantages, such as avoiding a variety of attacks, mutual authentication and no verifier table, but it can′t resist to stolen attack. A improved scheme was presented to remedy their weaknesses. Compare with Liao-Lee-Hwang′s scheme, the improved scheme not only avoid stolen attacks but also reduce the computational costs.
-
Key words:
- authentication /
- smart cards /
- password /
- stolen attack
-
[1] Lamport L. Password authentication with insecure communication [J]. Communication of ACM, 1981, 24:770-772 [2] Hwang M S, Li L H. A new remote user authentication scheme using smart cards[J]. IEEE Transactions on Consumer Electronics, 2000, 46(1):28-30 [3] Ku W C, Chen S M. Weakness and improvements of an efficient password based user authentication scheme using smart cards [J]. IEEE Trans Consumer Electronic, 2004, 50(1):204-207 [4] Yoon E J, Ryu E K,Yoo K Y. Further improvement of an efficient password based remote user authentication scheme using smart cards [J].IEEE Trans Consumer Electronic, 2004, 50(2):612-614 [5] Manik Lal Das, Ashutosh Saxena, Ved P Gulati. A dynamic ID-based remote user authentication scheme [J]. IEEE Transactions on Consumer Electronics, 2004, 50(2):629-631 [6] Liao I-En, Lee Cheng-Chi, Hwang Min-Shiang. Security enhancement for a dynamic ID-based remote user authentication scheme Next Generation Web Services Pracitces. Seoul, KOREA:IEEE, 2005
点击查看大图
计量
- 文章访问数: 2469
- HTML全文浏览量: 24
- PDF下载量: 869
- 被引次数: 0