共查询到20条相似文献,搜索用时 15 毫秒
1.
A multi-server authentication scheme enables a remote user to access the services provided by multiple servers after registering with the registration center. Recently, Pippal et al. (Wirel Pers Commun 2013, doi:10.1007/s11277-013-1039-6) introduced a robust smart card authentication scheme for multi-server architecture. They also illustrated that their scheme could be free from potential network attacks, and validated the scheme by using BAN logic. In this paper, by presenting concrete attacks, we demonstrate that Pippal et al.’s scheme can not withstand off-line password guessing attacks, impersonation attacks and privileged insider attacks. Furthermore, to overcome these attacks, we propose an improved authentication scheme for multi-server architecture using smart card and password. Security and efficiency analysis indicates that our scheme not only actually achieves intended security goals (e.g., two-factor authentication, perfect forward secrecy etc.), but also is efficient enough to be implemented for practical applications. 相似文献
2.
Recently, Wang and Ma (Wireless Pers Commun, 2012. doi:10.1007/s11277-011-0456-7) proposed a smart card based authentication scheme for multi-server environment. They also demonstrated that their scheme could overcome various attacks. In this paper, the security of Wang et al.’s scheme is evaluated. Our analysis shows their scheme is vulnerable to the server spoofing attack, the impersonation attack, the privileged insider attack and the off-line password guessing attack. 相似文献
3.
Sudhakar T. Natarajan V. Gopinath M. Saranyadevi J. 《Wireless Personal Communications》2020,115(4):2779-2803
Wireless Personal Communications - In the past two decades, numerous two-factor authentication protocols have been proposed for the multi-server environment using a smart card and password. Sahoo... 相似文献
4.
Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme had many advantages compared to the previous schemes, such as security, reliability, etc. In this paper, we reanalyze the security of their scheme and demonstrate that their scheme is vulnerable to impersonation attack even if the adversary doesn’t know the information stored in the user’s smart card. Moreover, the adversary can proceed off-line password guessing attack if the user’s smart card is compromised. In order to eliminate those shortcomings, we propose an improved multi-server authentication scheme which can preserve user anonymity. We demonstrate the completeness of the proposed scheme through the BAN logic. Compared with other related protocols, the security analysis and performance evaluation show that our proposed scheme can provide stronger security. 相似文献
5.
A multi-server authentication scheme is a useful authentication mechanism in which a remote user can access the services of multiple servers after registering with the registration center (RC). This study shows that the password-based multi-server authentication scheme proposed by Yeh and Lo is vulnerable to undetectable password-guessing attack and offline password-guessing attack. This study proposes a new password-based multi-server authentication scheme to overcome these vulnerabilities. The proposed protocol introduces a new mechanism for protecting user password. The RC sends an alternative key to help the server verify the legitimacy of user instead of the user’s password. The values of these keys are changed with a random large nonce in each session. Therefore, the password-guessing attack cannot work successfully on the proposed scheme. 相似文献
6.
Kuo-Hui Yeh 《Wireless Personal Communications》2014,79(3):1621-1634
With the rapid growth of electronic commerce and demand on variants of Internet based applications, the system providing resources and business services often consists of many servers around the world. So far, a variety of authentication schemes have been published to achieve remote user authentication on multi-server communication environment. Recently, Pippal et al. proposed a multi-server based authentication protocol to pursue the system security and computation efficiency. Nevertheless, based on our analysis, the proposed scheme is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this study, we first demonstrate how these malicious attacks can be invoked by an adversary. Then, a security enhanced authentication protocol is developed to eliminate all identified weaknesses. Meanwhile, the proposed protocol can achieve the same order of computation complexity as Pippal et al.’s protocol does. 相似文献
7.
一种基于智能卡的双向身份认证方案 总被引:1,自引:0,他引:1
计算机网络的普及使更多的资源和应用可以利用网络远程获得,所以身份认证问题成为网络安全研究中的重要课题。当前主要的身份认证方法有以下几种:基于口令的身份认证;基于生物特征的身份认证;基于智能卡的身份认证以及几种方式的混合认证。结合密码学和智能卡技术的身份认证方案也被多次提出,许多专家和学者还提出了多种改进的方案。但是,这些方案均会出现一些不可避免的漏洞。针对多种方案的漏洞,该文提出了一种在智能卡中引入公钥密码算法的认证方案,并对其安全性进行了分析,该方案的安全性和优越性也在文中得到体现。 相似文献
8.
9.
Increasing popularity of the multi-server architecture has propelled the research on the multi-server authentication schemes. Current dominating authentication schemes are smartcard based, verification table free schemes with passwords. Although these schemes have developed to be robust against most of the popular malicious attacks, they still have security weaknesses and their efficiency is generally low. In this paper, we analyze and formulate security issues in previously proposed schemes. And based on the formulation, an enhanced efficient and secure scheme is proposed. In the proposal, a novel “redundant key protection” is proposed to utilize. The proposed scheme is validated and verified by Colored Petri Nets. 相似文献
10.
提出了一种基于智能卡的有效远程双向身份鉴别方案。用户可自由地选择和改变登录口令,无需维护口令目录表或验证表。此外,该方案不仅能够提供通信双方的相互鉴别,而且引入质询随机数代替时间戳,既可保证每次身份鉴别信息的随机性,有效防止重放攻击,又避免了复杂的时间同步问题,极大地增强了应用系统的安全性和实用性。 相似文献
11.
In this digital era, two entities can exchange the messages over internet even through the physical distance between them is much far. Before exchange they require to authenticate each other via authentication scheme. Biometric is one of the unique feature for each entity and can be accustomed to identify the authenticity of the entity. Motivated by this, many researchers had proposed the various schemes based on biometric feature for authentication using smart card. As smart card is not a temper resistance consummately, various attacks have been identified by the researchers in the biometric based authentication schemes. In this paper we review Wen et al.’s scheme and we find that Wen et al.’s scheme is vulnerable to insider attack, denial of service attack and user anonymity cannot achieve by them. Then we propose new remote user authentication algorithm where our algorithm is secure. 相似文献
12.
13.
针对无线传感器网络(WSN)用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。 相似文献
14.
基于RSA算法的安全性和求解离散对数问题的困难性 ,给出一种将密钥交换和身份认证有效结合的会话密钥管理方案 ,并对其安全性进行了分析。智能卡管理中心 (SMC)用于智能卡的分发和管理 ,系统所有用户均使用SMC的一个公开密钥 ,由通信双方独立实现共享密钥交换和身份认证 ,而无需智能卡管理中心的参与或预先获取对方的公开密钥证书 相似文献
15.
16.
Wireless Personal Communications - Due to the open environment in which hierarchical wireless sensor networks (HWSNs) are typically deployed, it is important to authenticate transmitted data. In... 相似文献
17.
Wireless Personal Communications - For providing strong mutual authentication in a multi-server environment many algorithms have been proposed. Most of the algorithms provide mutual authentication... 相似文献
18.
为实现智能电网数据的安全汇总和访问控制的有效结合,在同态加密的基础上,结合陷门秘密分享技术,提出一种基于多方认证的智能电网访问控制方案。通过对智能电表中数据密文进行同态加密处理,保证数据从智能电表到变电站传输过程的安全,同时对汇总的密文数据进行属性化,可实现对数据访问者的多方认证访问控制。实验数据结果表明,该方案具有可行性和实用性。 相似文献
19.
20.
一种基于智能卡的远程双向身份鉴别方案 总被引:1,自引:2,他引:1
分析了Hu等人提出的基于智能卡的远程身份鉴别方案,发现该方案易遭受重放攻击和口令猜测攻击;提出了一种基于质询/响应和用户通行密语的改进方案,改进方案能抵抗重放攻击、口令猜测攻击、假冒服务攻击,同时具有较好的可修复性,最后对Hu方案和改进方案的效率进行了比较。改进方案保留了原方案中使用智能卡的优点,且具有更高的安全性。 相似文献