Abstract: Concerning that the OSPA protocol is vulnerable to the replay attack and the denialofservice attack, in this paper, a USB-Key based strong password authentication scheme was proposed, which used USB-Key to verify the users password and store the security parameter. In this scheme, user's identity can be protected by using the temporary identity and the authentication parameters computation by Hash function. This scheme can achieve mutual authentication between user and server by transferring the authentication parameters. The security analysis of the scheme proves that the scheme is resistant to replay attack, impersonation attack and Denial of Service (DoS) attack, and it has high security, and it can be used by users with limited computation ability.

Key words: password authentication, USB-Key, Hash function, mutual authentication

摘要： 针对OSPA强口令认证方案无法抵抗重放攻击、拒绝服务攻击的不足，提出了一种基于USB-Key的口令认证方案。该方案使用USB-Key进行用户口令的验证并存储认证的安全参数，能够有效地保护安全参数不被窃取。认证方案在认证过程中对用户的身份信息进行了保护，使用Hash运算计算认证参数，通过用户端和服务器端之间的认证参数的传递实现双向认证。方案的安全性分析表明，它能够防止口令猜测攻击、重放攻击、假冒攻击、拒绝服务攻击，方案系统开销小，适用于运算能力有限的终端用户。

关键词: 口令认证, USB-Key, Hash函数, 双向认证