计算机科学 ›› 2012, Vol. 39 ›› Issue (6): 72-76.
• 计算机网络与信息安全 • 上一篇 下一篇
汪定,马春光,张启明,谷德丽
出版日期:
发布日期:
Online:
Published:
摘要: 讨论了于江等新近提出的一个简单高效的基于USI3-Key的强口令认证方案(USPA),指出该方案无法实现所声称的抵抗DoS攻击、重放攻击、Stolen-Verifier攻击和服务器仿冒攻击。给出一个改进方案,并对其安全性和效率进行了详细的分析。结果表明,改进方案弥补了USPA的安全缺陷,并且保持了较高的效率,适用于安全需求较高的移动应用环境。
关键词: 强口令,认证,攻击,USB-Key
Abstract: Recently Yu Jiang et al. proposed a USB-Key based strong-password authentication scheme (USPA),and claimed that their scheme was resistant to DoS attack, replay attack, stolen-verifier attack and server impersonation attack. However,we found USPA can't achive these purposes. An improved scheme was advanced and analyzed. The analysis shows that our new scheme precludes the defects of USPA, keeps the merit of high performance, and is suitable for mobile application scenarios where resource is constrained and security is concerned.
Key words: Strong-password, Authentication, Attack, USB-Key
汪定,马春光,张启明,谷德丽. 一个强口令认证方案的攻击与改进[J]. 计算机科学, 2012, 39(6): 72-76. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2012/V39/I6/72
Cited