Analysis And Design Of The Password Authentication Scheme Based On Smart Card

With the rapid development of the computer network, identity authentication has became a necessary point of network security. The traditional authentication scheme are mostly based on static password. Once the password leak, a legitimate user can be impersonated, so it's not safe.Because of the safety flaws of the traditional static password authentication scheme, people gradually began to develop dynamic password authentication technology. Compared with the static password authentication, dynamic password authentication technology generate dynamic information by increasing uncertainty factors in the login process,so the security of system has been greatly improved.The dynamic password authentication scheme using smart cards is a double-factors authentication form with dynamic password authentication and smart cards. So it has been widely used.There are analysis of password authentication scheme using smart cards and some improved password authentication schemes on the paper.Frist, Symmetric crypto system and asymmetric crypto system are introduced briefly,then a brief introduction about one-way hash function, EIGamal public crypto system, ECC crypto system and so on. In the end of this part, basic model and process about password authentication are outlined.Second, classification of some password authentication scheme based on smart cards are done.Some flaws in these scheme are pionted out and a new request of the protocol is proposed.Then, offensive analysis of H.S.Rhee scheme is proposed. H.S.Rhee scheme was vulnerble to inside forgery attack and stolen-verification attack.So a new password authentication scheme using smart cards based on the previous schemes was proposed on the paper.Final, a password authentication scheme based on ECC using smart cards is constructed to make up for the deficiency of CHAP protocol.It requires no verification table, very few computations, speedy communications.In the end of this paper, several angles for next research is advised and future prospect of password authentication scheme is depicted.