| With the coming of the information age, the importance of Internet is self-evident.The Internet infrastructure can be seen in so many ?elds like defense, ?nancial, education, transportation,medical, and communication. However, the security issues brought by network are also prominent. A variety of ?nancial fraud problems in online games and online shopping have made network users to be very careful. How to guarantee the authenticity and integrity of information on the network has become a problem with almost everyone’s concern.The technology of cryptography and authentication alleviates the problem of network information security to some extent. Network’s openness and virtuality makes authenticating the network communication entities’ identity an urgent mission. Traditional static password-based identity authentication schemes have been phased out and replaced by schemes combining high intelligent products and cryptography because of their security ?aws.This paper summarizes the mainstream authentication methods, and studies some representative smart card-based identity authentication protocols. Firstly we review Hwang et al., Das et al.’s schemes and some other scholars’ studies about them. We also analyse Hwang et al. and Das et al.’s schemes and propose our attacks. We point out that althought their schemes can realize user authentication, they can’t protect users’ anonymity. There exists information statistical attack. Besides, we also do research on Shen et al., Awasthi et al. et al ’s improved schemes. In there schemes, with the help of one’s identity ID, an attacker can forge a new password PW to login in a server successfully. Furthermore, in all these schemes, only users’ validity is authenticated. Finally, we propose a new smart card-based authentication scheme with the help of public key cryptography and its security is based on the di?culty of inversing a hash function and computing the discrete logarithm problem on a ?nite ?eld. The new scheme realizes bidirectional authentication between server and users, guarantees users’ anonymity, permits users’ to change their password freely, and can resist the replay attack, main-in-the-middle attack, server masquerade attack and information statistic attack etc.. At last we give the e?ciency analysis of our scheme. |
PDF Full Text Request