关键词: 认证密钥协商, 口令认证, 完备前向安全性, 离线口令猜测攻击

Abstract: In a distributed network environment, password-authenticated key agreement schemes are fundamental security mechanisms. A security analysis of Chen et al.s scheme ［Chen T H, Hsiang H C, Shih W K. Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, 2011, 27(4): 337-380］ was presented. It was found that Chen et al.s scheme cannot resist offline password guessing attacks, and does not have perfect forward secrecy. A security enhanced password-authenticated key agreement scheme was thus proposed. The proposed scheme maintains the good properties of Chen et al.s scheme, is resistant to offline password guessing attack and provides perfect forward secrecy. A security analysis of the proposed scheme demonstrated that it is capable of strong security. It is suitable for providing mutual authentication and key agreement between the user and the server in a distributed environment.

Key words: authenticated key agreement, password authentication, perfect forward secrecy, offline password guessing attack