关键词: 智能卡, ElGamal, 鉴别, 服务器伪装攻击

Abstract: In 2005, Zhang et al. proposed a dynamic password authentication based on smart card and fingerprint. This paper found that Zhang et al.'s authentication scheme was vulnerable to a server spoofing attack. Any adversary can masquerade as a legal server by sending two fixed parameters. Therefore, an improved scheme was proposed. This proposed scheme encrypted individual information and protected a parameter sent from the server by using one-way hash function. It also protected the random number sent from the server by using the shared information.

Key words: smart card, ElGamal, authentication, server spoofing attack