摘要
用户身份认证作为网络安全和信息安全的第一道屏障,有着非常重要的作用。口令与智能卡相结合的认证方式可以克服传统口令认证方式的诸多弊端,能够提高网络和信息系统整体的安全性。对基于动态ID的远程用户身份认证方案进行了分析,指出了该方案在入侵者持有用户智能卡的情况下,即使不知道用户口令也能够伪装成合法用户通过远程系统的身份验证,获取系统的网络资源。提出了一种改进方案,能有效抵御重放攻击、伪造攻击、口令猜测攻击、内部攻击和伪装攻击。
As the primacy safeguard of network security and information security, user authentication is very important, The authentication methods that combine user passwords with smart cards are used to avoid flaws caused by conventional password authentication methods, enhancing the security of network system and information system. A dynamic ID-based remote user authentication scheme is analyzed and its security vulnerability is also pointed out. Once the adversary obtains a user's smart card, the adversary can masquerade as the legal user to login remote servers even without the user's password in primary scheme. Further more, an enhanced scheme is presented. The modified scheme resist replay attack, forgery attack, guessing attack, insider attack and masquerade attack.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第3期545-546,557,共3页
Computer Engineering and Design
