对两个基于智能卡的口令认证方案的安全性进行分析. 发现除了薛锋等人针对这两个方案指出的安全性缺陷外,其中一认证方案在口令更改阶段也存在设计缺陷. 同时,两个方案都不能抵御劫取连接攻击. 在以上基础上,分别对两个方案进行了改进,改进后的方案分别采取散列函数和双线性对计算来抵御劫取连接攻击,同时克服了协议中存在的安全性问题. 通过理论分析证明可以有效地抵御DoS攻击、DDoS攻击、内部攻击和离线猜测攻击. 提高了原方案的安全性.%We analyse the security of two smartcard-based password authentication schemes.Apart from the security defect pointed out by Xue Feng et al.on them two, we root out that one of the authentication schemes also has the design defect in password change phase. Moreover, both schemes cannot resist the attacks of jacking connection.On the basis of the above, we improve them separately, the improved schemes use the hash function computation and the bilinear pairing computation respectively to withstand the jacking connection attack, and at the same time they also overcome the security problem in protocols.It is proved through theoretical analysis that the effective resistance on DoS attack, DDoS attack, insider attack and off-line guessing attack can be achieved.The security of original schemes is improved as well.
展开▼