关键词: 口令认证密钥交换, 全自动区分计算机和人类的公开图灵测试, 椭圆曲线公钥系统, 智能卡

Abstract:

For mobilecommerce environments, a novel passwordbased authenticated key exchange protocol is proposed to solve that the technology to effectively prevent legitimate users’ abuse, named as completely automatic public Turing test to tell computer and human apart (CAPTCHA), is vulnerable to analytical attacks. The protocol elaborately combines the CAPTCHA challenge/response progress with the authenticated key exchange interaction. It introduces symmetric encryption scheme to make CAPTCHA secure without additional communication rounds. And it is based on smartcards to obtain stronger security and adopts elliptic curve cryptosystem which is suitable for the environments. In random oracle model it is provably secure. Compared with the other related protocols, it requires only three communication rounds, protects CAPTCHA against analytical attacks, needs no validation tables storing on the server and provides perfect forward secrecy.

Key words: passwordbased authenticated key exchange, completely automatic public Turing test to tell computer and human apart, elliptic curve cryptosystem, smart card