无须重注册的单向通信动态口令认证

doi:10.11959/j.issn.2096-109x.2020038

网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (3): 99-107.doi: 10.11959/j.issn.2096-109x.2020038

无须重注册的单向通信动态口令认证

鲁迁迁(),朱友文,蒋炎

南京航空航天大学计算机科学与技术学院，江苏南京 211100

修回日期:2020-05-11 出版日期:2020-06-01 发布日期:2020-07-01
作者简介:鲁迁迁（1993- ），女，江苏徐州人，南京航空航天大学硕士生，主要研究方向为信息安全|朱友文（1986- ），男，安徽阜南人，南京航空航天大学副教授，主要研究方向为信息安全|蒋炎（1992- ），男，湖北仙桃人，南京航空航天大学博士生，主要研究方向为信息安全
基金资助:
国家重点研发计划(2017YFB0802300)

One-time password authentication for one-way communication without re-registration

Qianqian LU(),Youwen ZHU,Yan JIANG

School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China

Revised:2020-05-11 Online:2020-06-01 Published:2020-07-01
Supported by:
The National Key R ＆ D Program(2017YFB0802300)

摘要/Abstract

摘要：

动态口令是在系统中或设备上仅对一次会话有效的口令。目前存在的无须重注册的动态口令方案虽然不受认证次数的限制，但仅支持在线认证，不能离线认证。针对以上问题，提出一种无须重注册的单向通信动态口令认证方案。该方案基于无须重注册的方式结合基于时间动态口令方案，在实现离线认证的同时满足认证次数无限和口令有时效，最后证明该方案的安全性。

关键词: 动态口令, 无须重注册, 口令有时效, 支持离线认证

Abstract:

One-time password is a password that is valid for only one session on a system or device.The existing one-time password scheme without re-registration which is not limited by the number of authentication only supports online authentication,but can not support offline authentication.To solve the above problems,a one-time password authentication scheme for one-way communication without re-registration was proposed.The scheme combined the time-based one-time password scheme with the way of no re-registration.It can realize the offline authentication while satisfying the infinite authentication times and the password time-effective.Finally,the security of the scheme is proved.

Key words: one-time password, no re-registration, timeliness password, offline authentication

中图分类号:

TP301.6

鲁迁迁,朱友文,蒋炎. 无须重注册的单向通信动态口令认证[J]. 网络与信息安全学报, 2020, 6(3): 99-107.

Qianqian LU,Youwen ZHU,Yan JIANG. One-time password authentication for one-way communication without re-registration[J]. Chinese Journal of Network and Information Security, 2020, 6(3): 99-107.

图/表 10

图1

图2

图3

图4

图5

图6

图7

图8

图9

表1

参考文献 16

[1]	M’RAIHI D , MACHANI S , PEI M ,et al. TOTP:time-based one-time password algorithm[R]. 2011.
[2]	HALLER N , . The s/key one-time password system[C]// Proceedings of the Internet Society Symposium on Network and Distributed Systems. 1995: 151-157.
[3]	ZHOU Z C , LI L X , GUO S . Biometric and password two-factor cross domain authentication scheme based on blockchain technology[J]. Journal of Computer Applications, 2018,(6).
[4]	PRAKASH S , NITESH S . Listening watch:wearable two-factor authentication using speech signals resilient to near-far attacks[R]. 2018.
[5]	RAIHI D M , BELLARE M , HOORNAERT F ,et al. HOTP:an HMAC-based one-time password algorithm[S]. 2005.
[6]	刘知贵, 臧爱军, 陆荣杰 ,等. 基于事件同步及异步的动态口令身份认证技术研究[J]. 计算机应用研究, 2006,23(6): 133-134.
	LIU Z G , ZANG A J , LU R J ,et al. Dynamic password authentication based on event-synchronous and challenge/response technology[J]. Application Research of Computers, 2006,23(6): 133-134.
[7]	AWASTHI A K . Comment on a dynamic d-based remote user authentication scheme[J]. Transaction on Cryptology, 2004,1(2): 15-16.
[8]	DAS M L , SAXENA A , GULATI V P . A dynamic ID-based remote user authentication scheme[J]. IEEE Transactions on Consumer Electronics, 2004,50(2): 629-631.
[9]	GOYAL V , ABRAHAM A , SANYAL S ,et al. The N/R one time password system[C]// International Conference on Information Technology:Coding and Computing. 2005: 733-738.
[10]	GONG L , PAN J , LIU B ,et al. A novel one-time password mutual authentication scheme on sharing renewed finite random subpasswords[J]. Journal of Computer and System Sciences, 2013,79(1): 122-130.
[11]	PARK C S . One-time password based on hash chain without shared secret and re-registration[J]. Computers ＆ Security, 2018,75.
[12]	KOGAN D , MANOHAR N , DAN B . T/Key:second-factor authentication from secure Hash chains[R]. 2017.
[13]	HWANG , SHEN H Y , HWANG J J . A secure one-time password authentication scheme using smart cards[J]. IEICE Trans Commun, 2002,85(11): 2515-2518.
[14]	CHEFRANOV A G . One-time password authentication with infinite Hash chains[M]. Berlin: Springer NetherlandsPress, 2008.
[15]	LAMPORT L . Password authentication with insecure communication[J]. Communications of the ACM, 1981,24(24): 770-772.
[16]	MEYER C , SCHWENK J . Lessons learned from previous SSL/TLS attacks-a brief chronology of attacks and weaknesses[J]. IACR Cryptology ePrint Archive, 2013

方案	单向通信	无须重注册	口令具有时效性
Lamport	2	2	2
Chefranov	2	9	2
本文方案	9	9	9

无须重注册的单向通信动态口令认证

One-time password authentication for one-way communication without re-registration

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 16

相关文章 4

Metrics

推荐阅读 0

[1]	赵学磊,季新生,刘树新,赵宇. 基于广义共同邻居的有向网络链路预测方法[J]. 网络与信息安全学报, 2020, 6(5): 89-100.
[2]	何康,祝跃飞,刘龙,芦斌,刘彬. 敌对攻击环境下基于移动目标防御的算法稳健性增强方法[J]. 网络与信息安全学报, 2020, 6(4): 67-76.
[3]	陈舒荻,朱友文. 抗肩窥攻击的安全口令输入方法[J]. 网络与信息安全学报, 2019, 5(1): 87-93.
[4]	王宇龙,刘开元. 基于面部特征点运动的活体识别方法[J]. 网络与信息安全学报, 2018, 4(6): 36-44.