关键词: 口令认证, USB-Key, Hash函数, 双向认证

Abstract: Concerning that the OSPA protocol is vulnerable to the replay attack and the denialofservice attack, in this paper, a USB-Key based strong password authentication scheme was proposed, which used USB-Key to verify the users password and store the security parameter. In this scheme, user's identity can be protected by using the temporary identity and the authentication parameters computation by Hash function. This scheme can achieve mutual authentication between user and server by transferring the authentication parameters. The security analysis of the scheme proves that the scheme is resistant to replay attack, impersonation attack and Denial of Service (DoS) attack, and it has high security, and it can be used by users with limited computation ability.

Key words: password authentication, USB-Key, Hash function, mutual authentication