【摘要】 分析基于生物特征与二次剩余的远程用户认证方案,指出其存在不能抵抗冒充用户攻击、假冒服务器攻击、会话密钥泄露攻击和拒绝服务攻击等安全缺陷,基于此提出一个基于生物特征、口令与智能卡的匿名远程用户认证方案,主要包含注册、登录、认证和口令更新4个阶段。分析结果表明,该方案不仅克服了远程用户认证方案的安全缺陷,而且还可以抵抗智能卡丢失攻击、重放攻击,并实现了用户匿名性。更多还原

【Abstract】 This paper analyzes a remote user authentication scheme based on biological features and quadratic residues,points out that the scheme is vulnerable to impersonation attack,server spoofing attack,session key disclosure attack and denial of service attack. To overcome these security flaws,the paper proposes a biological features based anonymous remote user authentication scheme with smart card,the scheme mainly includes register,login,authentication and password update. Analysis result shows that the proposed scheme not only solves the existing problems of previous scheme,but also can resist smart card lost attack,replay attack,and it implements user anonymity.更多还原