摘要
针对Lee-Yang-Won提出的双因子认证协议,发现原协议存在离线字典攻击,用户假冒攻击且缺少密钥协商,因此对原协议进行了改进,并在形式化模型下证明了新协议的安全性.证明结果显示,新协议克服了原协议存在的安全漏洞,保留了原方案的安全特性.
The authors find the password authentication protocol using smart card proposed by Lee et al. suffers from off-line dictionary attack, user impersonation attack and lacks of key exchange. To solve these problems, an improved scheme is put forward and the security of the novel protocol is proved using the formal security model. The result shows that the novel protocol can not only conquer the security problem of the original protocol but also retain all security characteristics of the original protocol.
出处
《江苏科技大学学报(自然科学版)》
CAS
2012年第3期282-287,共6页
Journal of Jiangsu University of Science and Technology:Natural Science Edition
基金
江苏省2011年度普通高校研究生科研创新计划基金资助项目(CXZZ11_0295)
信息安全国家重点实验室开放基金资助项目
关键词
离线字典攻击
用户假冒攻击
双因子安全
双向认证
off-line dictionary attack
user impersonation attack
two-factor security
mutual authentication