计算机应用 ›› 2011, Vol. 31 ›› Issue (04): 996-998.DOI: 10.3724/SP.J.1087.2011.00996
• 信息安全 • 上一篇 下一篇
何冰
收稿日期:
修回日期:
发布日期:
出版日期:
通讯作者:
作者简介:
基金资助:
Bing HE
Received:
Revised:
Online:
Published:
Contact:
摘要: 分析了传统S/KEY一次性口令(OTP)认证方案及现有的改进方案存在的缺陷与不足,提出了一种新的S/KEY认证改进方案。该方案以用户口令PW哈希值作为验证因子实现了双向认证,通过增加消息的完整性保护防止关键消息被伪造,并具备原有方案简单易行的特性,能有效抵御重放攻击、小数攻击和冒充攻击。
关键词: 一次性口令, 身份认证, S/KEY认证
Abstract: The author analyzed some defects of the traditional S/KEY One-Time Password (OTP) authorization scheme and recent improvements, and proposed a new S/KEY improvement scheme. The new scheme provided mutual authorization with Hash values of user password as an authentication factor. It can effectively prevent key message from being forged by adding message integrity protection. The new scheme is as simple and easy to be implemented as traditional S/KEY scheme. Additionally, it can effectively avoid replay attack, small integer attack and impersonating attack.
Key words: One-Time Password (OTP), identity authorization, S/KEY authorization
中图分类号:
TP393.08
何冰. 简单易行的S/KEY认证改进方案[J]. 计算机应用, 2011, 31(04): 996-998.
Bing HE. Simple improvement for S/KEY authorization scheme[J]. Journal of Computer Applications, 2011, 31(04): 996-998.
0 / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.joca.cn/CN/10.3724/SP.J.1087.2011.00996
http://www.joca.cn/CN/Y2011/V31/I04/996