CN1787515A - Strong command bidirectional identification protocol based on safety hash function - Google Patents
Strong command bidirectional identification protocol based on safety hash function Download PDFInfo
- Publication number
- CN1787515A CN1787515A CN 200410096890 CN200410096890A CN1787515A CN 1787515 A CN1787515 A CN 1787515A CN 200410096890 CN200410096890 CN 200410096890 CN 200410096890 A CN200410096890 A CN 200410096890A CN 1787515 A CN1787515 A CN 1787515A
- Authority
- CN
- China
- Prior art keywords
- authentication
- password
- client
- server end
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
This invention relates to a strong password two-way certification protocol based on a hashing function, which does not use any public key technologies but only the safety hashing function and XOR light operations to guarantee the security of the password certification process and asks users to use passwords in high information mean content as the certificates of the user end to beat the attack of on-line code guess. This invention can guard against the attacks of service, replay, imitation and other attacks resulted in the releasing of information library of validation at the server end.
Description
One. technical field
The invention belongs to computer security and cryptographic technique field, be a kind of bidirectional identification protocol that adopts hash function as cryptographic means, be applicable to that various lightweight terminal uses carry out the application scenarios of bidirectional identity authentication with server on common signal channel based on strong password.
Two. background technology
In the computer nowadays network, the most common and the simplest access control method is by the coupling of password being confirmed user's legitimacy.But, there are a lot of problems based on the authenticating user identification of traditional static password, such as avoiding attack patterns such as network monitoring, playback, dictionary exhaustive attack, fail safe is very weak.Design one safe and efficient and need not the Password Authentication Protocol of hardware supports, have great important for the safety of network and computer system.Though a lot of safe authentication that can resist the off-line dictionary attack and key agreement protocols are arranged at present, such as DH-EKE, SPEKE, SRP, AMP etc., they all are based on the big public key algorithm of amount of calculation, can't be applied to as PDA the subscriber terminal equipment that computing capabilitys such as mobile phone are weak.Along with the increasingly extensive use of mobile device, also strengthen gradually for the demand based on the authentication protocol of password of safety, light weight.
A kind of agreement of desirable suitable lightweight terminal user identity authentication should satisfy following requirement: 1) alleviate the requirement for user's amount of calculation and running space under the premise that security is guaranteed as far as possible; 2) provide the two-way authentication ability; 3) user need not to use any hardware device, only needs the password of the enough comentropies of memory.
Three. invention is concise and to the point
The present invention is a kind of bidirectional identification protocol of strong password efficiently based on secure hash function, and this agreement is not used any public-key technology, has only used the fail safe of the arithmetic operation assurance password authentication process of light weights such as hash function and step-by-step XOR.This agreement can resisting abnegation service aggression, and Replay Attack is pretended to be attack, other attack that causes after divulging a secret in server end authorization information storehouse.This agreement can be applied to the authentification of user scene of carrying out two-way authentication on common signal channel with server of various use lightweight client.
Four. summary of the invention
We will divide two parts to introduce this agreement, and we introduce the running of this agreement at 4.1 joints, introduce its fail safe at 4.2 joints.
4.1 agreement introduction
Use A to represent the user that need authenticate in our introduction below, use S to represent certificate server, P represents user's password, N
iRepresent the random number that the i time authentication produces, the collisionless hash function of h () expression safety, represents the step-by-step XOR, || the attended operation of expression character string, k represents the safe key of server end, U
1=>U
2: mesg represents U
1Send to U by escape way
2Information mesg, U
1→ U
2: mesg represents U
1Send to U by public passage
2Information mesg.
For more effectively resisting the off-line dictionary attack but the technology that do not use public-key, we require the user to select to use the strong password authentication in the agreement of design.So-called strong password, the user password word that is not easy to guess that refers to have higher comentropy.The formation that does not have general standard code strong password at present, but Microsoft has specified the judging basis of a cover strong password to can be used as the reference that the user selects password, as: (1) has the length of 7 characters at least; (2) do not comprise user name, user name or organization; (3) do not comprise the word that has in the dictionary; (4) different with previously used password; (5) must comprise symbol in capital and small letter, numeral and the keyboard.
The operation of this agreement was made of two stages, user's registration phase and two-way authentication stage.
At user's registration phase, user A registers to server S by escape way, selects first random number N by S
1, the user calculates V
1=h
2(S||P||N
1), in addition, server selects the safe key k of server end to be used to strengthen the fail safe of server end password proof factor, and with the place that k is kept at a safety, calculates SV then
1=V
1 K
A, K wherein
A=H (A ‖ k), last S preserves { ID
A, SV
1, N
1In the password authentication storehouse.
In the two-way authentication stage, when the i time login of A, A produces a random number N
A, and with itself and ID
ASend to S together with logging request.As shown in Figure 1.
After S receives the authentication request of A, from the password authentication storehouse, read the SV of this user's correspondence
i, by calculating SV
i H (A ‖ k) obtains h
2(S ‖ P ‖ N
i), produce a random number N then
I+1And send second the step information.
After A receives the second step information, enter password P and calculate h of A
2(S ‖ P ‖ N
i), and obtain the N that server end produces thus
I+1If N
i≠ N
I+1Set up, then A send d according to following formula calculating and sending
1, d
2, d
3:
d
1=h
2(S‖P‖N
i)h(S‖P‖N
i)
d
2=h(S‖P‖N
i)h
2(S‖P‖N
i+1)
d
3=h(h
2(S‖P‖N
i+1)‖N
i‖N
i+1)
After receiving the 3rd step information, S calculates y
1=d
1 h
2(S ‖ P ‖ N
i) and verify h (y
1)=h
2(S ‖ P ‖ N
i) whether set up, if set up, then S thinks that this user is a validated user, server continues to calculate y then
2=d
2 y
1, y
3=h (y
2‖ N
i‖ N
I+1), and checking y
3=d
3Whether set up, if set up, then server end is with original record { ID
A, SV
i, N
iReplace to { ID
A, SV
I+1, N
I+1, wherein, SV
I+1=h (A ‖ K) y
2, send h (N then
A‖ N
I+1) and authenticate whether successful result finishes the authentication of server to the user to A.
After the 3rd step information that receives the server end transmission, A verifies whether this value is correct in to guarantee that the attack that does not have the assailant to palm off server exists.
4.2 the fail safe of agreement
Because we require client must select strong password to resist the off-line dictionary attack, therefore the scheme of our design off-line dictionary attack that can defeat the assailant, in addition, because online guessing attack is all inevitable for all password authentications, we adopted login failure number of times that the authentication mode of server end after the first clearly client guarantees that server end can recording user with this as whether having the authority of online guessing attack so that take to deal with the measure of attack; In addition, this agreement can resist Replay Attack, Denial of Service attack, and server end checking storehouse is by the attack pattern that causes after attacking, and can obtain the two-way authentication of user and server end, make a concrete analysis of as follows:
● Replay Attack
Suppose that the assailant monitors all authentication informations before the authentication the i time, and the information before resetting, because d
1, d
2, d
3The calculating of these three authentication informations has comprised the random value that server end is selected, and we require random value enough big, guarantees that random value in the past is different from the random value of authentication this time, and thus, d simply resets
1, d
2, d
3A new authentification failure will be made.If the assailant selected by former d
1, d
2, d
3Value is revised the new once part authentication value of authentication, and is same, because d
1, d
2, d
3Value interrelated, revise any one and all can cause authentification failure.So the assailant can't realize Replay Attack.
● other attack that server end checking storehouse is caused after attacking
In this agreement, we store SV at server end
iAs proof factor, by SV
iCalculate actual validation value h
2(p i) need possess the safe key k of server end, and we require the k of server end safety to preserve, so this agreement has been protected the fail safe of proof factor to a certain extent.But, if k and password authentication storehouse all victim obtain, and this assailant can listen to the authentication information of validated user next time, and send new authentication information after blocking this authentication information correct, then the assailant can realize pretending to be validated user to login and repel the target of attack of the normal login of validated user.
● Denial of Service attack
Suppose that the assailant attempts by changing d
2Reach denial of service purpose, then this time authentication will be failed, and reason is that server end will pass through d
3Verify d
2Integrality, and the assailant revises d
2After can't draw corresponding d
3Therefore value can't realize authentication, and server just can not revised authorization information corresponding in the corresponding password authentication storehouse yet.In addition, d
1, d
2, d
3The each authentication of related random value is all different, and the assailant can't obtain the new effective d of once authentication by the value of calculating in the past
1, d
2, d
3Value.Therefore, this agreement can be resisted Denial of Service attack.
● user and server impersonation attack
When the assailant wants to pretend to be the validated user login system, as top analysis as can be known, the assailant both cannot come access authentication by the former authentication information of resetting, also can't come by authentication by the bag that modification authentication this time listens to, main cause is that we have used the dynamic authentication codes technology, the employed authentication information of each authentication all is different from former authentication information, so the assailant can't pretend to be validated user to obtain system authentication.If there is the assailant to attempt to pretend to be server to obtain some secret informations of validated user, this assailant attempts second step and the 4th step information by listening to before resetting, but the assailant can't be by the server authentication of the 4th step information, because the 4th step information h (N
A‖ N
I+1) in comprise the random value N that client produces
A, this is worth each authentication all can be different, finish the final step authentication so the assailant can't palm off server.
Five. description of drawings
Accompanying drawing 1 is based on the i time verification process of the strong password bidirectional identification protocol of secure hash function
Claims (5)
1. strong password mutual authentication schemes based on secure hash function, client only need be remembered the user name and password, and server end is preserved the password authentication factor of client, and the cryptographic calculation of the related information of agreement is based on the collisionless hash function of safety.
2. as the scheme as described in the above-mentioned claim 1, client needs to register to server end before authentication, server end need be preserved client password proof factor, and this password authentication factor is a secret value that is derived by client password and the secret key of preserving of service device end.
3. as the scheme as described in the above-mentioned claim 1, in verification process, require the client and server end all to send random value to avoid Replay Attack.
4. as the scheme as described in the above-mentioned claim 1, client sends next time proof factor and carries out integrity protection when transmitting authentication information.
5. as the scheme as described in the above-mentioned claim 1, server end send hashed value that the series connection that next time authenticates required random value that the random value that produced by client authentication this time and server produce obtains as the authentication code of this authentication to avoid the server end Replay Attack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410096890 CN1787515A (en) | 2004-12-10 | 2004-12-10 | Strong command bidirectional identification protocol based on safety hash function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410096890 CN1787515A (en) | 2004-12-10 | 2004-12-10 | Strong command bidirectional identification protocol based on safety hash function |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1787515A true CN1787515A (en) | 2006-06-14 |
Family
ID=36784818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410096890 Pending CN1787515A (en) | 2004-12-10 | 2004-12-10 | Strong command bidirectional identification protocol based on safety hash function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1787515A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008010003A1 (en) * | 2006-07-14 | 2008-01-24 | Abb Research Ltd. | Secure password-based authentication and key distribution protocol with robust availability properties |
| CN101145911B (en) * | 2007-10-30 | 2010-05-19 | 江汉大学 | Identity authentication method with privacy protection and password retrieval function |
| CN101471770B (en) * | 2007-12-24 | 2011-08-03 | 毛华 | Method for determining inquiry answer type bidirectional identification and business |
| CN101877850B (en) * | 2009-04-29 | 2014-01-01 | 华为技术有限公司 | Access authentication method and device |
| CN109639407A (en) * | 2018-12-28 | 2019-04-16 | 浙江神州量子通信技术有限公司 | A method of information is encrypted and decrypted based on quantum network |
-
2004
- 2004-12-10 CN CN 200410096890 patent/CN1787515A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008010003A1 (en) * | 2006-07-14 | 2008-01-24 | Abb Research Ltd. | Secure password-based authentication and key distribution protocol with robust availability properties |
| CN101145911B (en) * | 2007-10-30 | 2010-05-19 | 江汉大学 | Identity authentication method with privacy protection and password retrieval function |
| CN101471770B (en) * | 2007-12-24 | 2011-08-03 | 毛华 | Method for determining inquiry answer type bidirectional identification and business |
| CN101877850B (en) * | 2009-04-29 | 2014-01-01 | 华为技术有限公司 | Access authentication method and device |
| CN109639407A (en) * | 2018-12-28 | 2019-04-16 | 浙江神州量子通信技术有限公司 | A method of information is encrypted and decrypted based on quantum network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5451785B2 (en) | System and method for providing contactless authentication | |
| Li et al. | A remote password authentication scheme for multiserver architecture using neural networks | |
| EP1999609B1 (en) | Client side attack resistant phishing detection | |
| US8171287B2 (en) | Access control system for information services based on a hardware and software signature of a requesting device | |
| Yoon et al. | Improving the dynamic ID-based remote mutual authentication scheme | |
| Kumar | A New Secure Remote User Authentication Scheme with Smart Cards. | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| WO2000002132A1 (en) | Method and apparatus for integrity verification, authentication, and secure linkage of software modules | |
| CN104601602B (en) | A kind of terminal device network security enhancing access and authentication method | |
| US20010048359A1 (en) | Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium | |
| CN112863017A (en) | Smart community building intercom system dynamic password unlocking device, method, equipment and storage medium | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| CN112084472A (en) | Real-time dynamic authentication method for multi-user secure storage | |
| CN110943840A (en) | Signature verification method and system | |
| Akhmatovich et al. | Improvement of a security enhanced one-time mutual authentication and key agreement scheme | |
| CN101764788B (en) | Safe access method based on extended 802.1x authentication system | |
| CN111641651B (en) | Access verification method and device based on Hash chain | |
| CN1787515A (en) | Strong command bidirectional identification protocol based on safety hash function | |
| CN110460609B (en) | Bidirectional authentication method and system for terminal application and security authentication platform | |
| He et al. | User Authentication with Provable Security against Online Dictionary Attacks. | |
| CN111563274B (en) | Security guarantee system based on government affair big data | |
| Isawa et al. | One-time password authentication scheme to solve stolen verifier problem | |
| CN111859362A (en) | Multi-stage identity authentication method in mobile environment and electronic device | |
| Hari et al. | Enhancing security of one time passwords in online banking systems | |
| Subari et al. | Implementation of Password Guessing Resistant Protocol (PGRP) in improving user login security on Academic Information System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Yu Shuyao Document name: Notice of application for publication of patent for invention and entry into the substantive examination procedure |
|
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Yu Shuyao Document name: Deemed as a notice of withdrawal (Trial) |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |