Computer Engineering and Applications ›› 2014, Vol. 50 ›› Issue (22): 126-129.

Previous Articles     Next Articles

Analysis and improvements of dynamic identity-based remote user authentication scheme

QU Juan1, ZOU Limin1, TAN Xiaoling2   

  1. 1.School of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing 404000, China
    2.School of Electronic and Information Engineering, Chongqing Three Gorges University, Chongqing 404000, China
  • Online:2014-11-15 Published:2014-11-13

基于动态ID的远程认证方案的分析和改进

屈  娟1,邹黎敏1,谭晓玲2   

  1. 1.重庆三峡学院 数学与统计学院,重庆 404000
    2.重庆三峡学院 电子与信息工程学院,重庆 404000

Abstract: In this paper, Duan et al.’s scheme is analyzed. It is showed that this scheme is insecure against offline-guessing attack, replay attack, forgery attack and a session key doesn’t be provided after mutual authentication. An improved scheme is proposed that overcomes the above-mentioned security flaws with not affecting the merits of the original scheme. The proposed scheme not only allows the users to choose and change their passwords freely, but also generates a session key agreed by the user and the server.

Key words: user authentication, smart card, offline password guessing attack, mutual authentication

摘要: 分析了段晓毅等人提出的动态ID的远程认证方案,发现该方案不能抵御离线密码字猜测攻击,重放攻击,冒充服务器攻击,且在相互认证后不能提供会话密钥。提出了一个改进方案,改进后的方案克服了以上的安全缺陷,且用户可自由选择登录系统的密码,相互认证后用户和服务器共享一个会话密钥。

关键词: 用户认证, 智能卡, 离线密码字猜测攻击, 相互认证