A remote security certification scheme of smart card based on ECC (elliptic curve cryptography) is analyzed, which was proposed by Muniyandi in 2011,but it is found that the scheme lacks the key agreement mechanism,and can not ef⁃fectively resist the impersonation attack,authentication table theft attack,off⁃line guessing attack and loss of smart card. An im⁃proved scheme,integrating the mutual authentication with the key agreement mechanism,is proposed in this paper,with which the above defects can be overcomed,the confidentiality of the forward and backward is ensured,the users can freely modify their password,and anonymity protection for users’information is executed. Compared with the existing schemes,the improved scheme has advantages of higher security and less computational overhead.%分析2011年Muniyandi等人提出的一种基于椭圆曲线密码(ECC)体制的智能卡进行远程认证方案,发现该方案缺乏密钥协商机制,不能有效抵抗伪装攻击、认证表盗窃攻击、离线猜测攻击和智能卡丢失等攻击。提出一种改进方案,融入相互认证和密钥协商机制来克服以上缺陷,确保前向和后向保密性,且用户能够自由修改密码,同时对用户信息进行匿名保护。与现有智能卡认证方案相比,该方案具有较高的安全性能,且具有较小的计算开销。
展开▼
