Enhancement of a timestamp-based password authentication scheme
-
摘要: 对Yang和Shieh提出的一种基于时戳的口令鉴别的方案进行了安全性分析,指出其方案存在初始化阶段需要把用户口令交给KIC(Key Information Center)和用户不能验证KIC身份的缺点。在此基础上提出的新方案对注册、登录、验证和口令修改过程都做了改造,用户在注册阶段提交基于口令的单向运算值而不是口令本身,并且用户和KIC之间共享秘密信息,从而成功克服了原有方案的缺陷。用户提交口令单向运算值在验证效果上和提交口令本身是相同的,而且避免了口令泄露;用户和KIC之间共享的秘密信息可以使用户验证KIC的身份。新方案可以有效抵抗伪造攻击,即使服务器被攻破或内部人泄露信息也不会造成用户私人信息的泄露,具有比原方案更高的安全性。Abstract: Yang and Shieh have proposed a timestamp-based password authentication scheme using smart card. The weakness of Yang and Shieh-s scheme is submitting password in plaintext and not authenticating key information center(KIC)by user. The new scheme improved the process of registration, login, authentication and update password. The user submitted the password-s hash value instead of the password-s plaintext, and shared the secret information with the KIC. Submitting the password-s hash value is the same as password in authentication, and avoiding the password-s exposure. With the secret information, the user can authenticate the KIC. The new scheme can overcome all of the above vulnerabilities, can resist the forged login attack and never revel the privacy of user even if the server is attacked.
-
Key words:
- smart card /
- authentication /
- timestamp-based /
- forged login attack
-
[1] Yang W H, Shieh S P. Password authentication schemes with smart cards[J]. Computers & Security, 1999, 18(8):727-733 [2] Chan C K, Cheng L M. Cryptanalysis of a timestamp-based password authentication scheme[J].Computer & Security, 2002, 21(1):74-76 [3] Fan L, Li J H, Zhu H W. An enhancement of timestamp-based password authentication scheme[J]. Computer & Security, 2002, 21(7):655-667 [4] Wang Y J, Li J H. Security improvement on a timestamp-based password authentication scheme[J]. IEEE Transaction on Consumer Electronics, 2004, 50(2):580-582 [5] Ku W C, Chen S M. Weaknesses and improvements of an efficient password based user authentication scheme using smart cards[J]. IEEE Transaction on Consumer Electronics, 2004, 50(1):204-207 [6] Yoon E J, Ryu E K, Yoo K Y. Further improvement of an efficient password based remote user authentication scheme using smart cards[J]. IEEE Transaction on Consumer Electronics, 2004, 50(2):612-614 [7] Shieh W G, Wang J M. Efficient remote mutual authentication and key agreement[J]. Computers & Security, 2006,25(1):72-77
点击查看大图
计量
- 文章访问数: 4198
- HTML全文浏览量: 38
- PDF下载量: 706
- 被引次数: 0