臺灣博碩士論文加值系統

隨著網路和資訊科技的發展，許多商業交易便轉移到網際網路上。而伴隨著智慧卡的開發與革新，部份電子商務便搭配智慧卡來執行身份識別與驗證。所以Wang等人便在2004年提出一個利用智慧卡來進行遠端通行碼認證的方法，它不需要在遠端系統中儲存任何通行碼表或是驗證檔案來進行身份認證。然而不幸的是，我們發現他們的方法並無法抵擋偽造攻擊，所以我們設計一個新的植基於智慧卡的遠端登入機制來防止偽造攻擊。我們的方法的安全性是建立在公開的單向雜湊函數上；此外我們加入了伺服器端和使用者之間雙方認證的機制，並且套用時間郵戳來保護侵入者可能重送先前攔截的登入請求之訊息來存取遠端伺服器的一個重送攻擊。另一方面，Chen等人在2005年提出了第一個網路代理人彩券兌換系統。然而，我們發現他們的方法考慮得並不完全，而且無法抵抗拒絕服務和模仿攻擊。我們因此提出一個新的可以抵抗這類攻擊的彩券兌換系統，它的安全性是建立在對稱與非對稱式的密碼系統。最重要的是，我們所提出的方法的計算量比Chen等人的方法要來的少。進一步地，根據我們前面提出的機制，我們另外提出了一個利用智慧卡來進行的t-out-of-n電子投票機制。由於採用了智慧卡的機制，因此可以有效地提高認證性能。此外，我們所提出的電子投票系統不僅滿足一般電子投票系統的所有需求，並且能抵擋一些可能的攻擊。

In 2004, Wang et al. presented a remote password authentication scheme using IC cards. In their scheme, it is unnecessary for the remote system to store any password files or verification tables for authentication. Unfortunately, we discover that their scheme is unable to withstand the forgery attack. We consequently propose a novel version which can resist the forgery attack. The security of the proposed scheme is based on the public one-way hash function. Furthermore, the novel mechanism can provide mutual authentication between a remote server and login users. On the other hand, Chen et al. presented a proxy raffle scheme implemented on the Internet in 2005. Unfortunately, we discover that their scheme is unable to withstand the Denial of Service (DoS) attack and the impersonation attack. We consequently propose a novel version, in this thesis, which can resist these malicious attacks. The security of our proposed raffle scheme is based on the asymmetric/symmetric cryptosystems. Specifically, the whole communication loads of our scheme are less than that of Chen et al.’s. Further, based on the proposed mechanisms, we propose a t-out-of-n electronic voting system using IC cards. By adopting IC cards, the authentication performance can be effectively promoted. Besides, the proposed e-voting system can not only satisfy the essentials of general electronic voting schemes but also prevent potential malicious attacks.

Acknowledgement i
摘要 ii
Abstract iii
List of Figures vi
List of Tables vii
Chapter 1 Introduction 1
1.1 Research Motivation 1
1.2 Features of the IC Card 2
1.3 Thesis Organization 2
Chapter 2 Related Works 3
2.1 Wang et al.’s Password Authentication Scheme Using IC Card 3
2.2 Security Analyses of Wang et al.’s Authentication Scheme 5
2.3 Chen et al.’s Proxy Raffle Protocol on the Internet 7
2.4 Security Analyses of Chen et al.’s Raffle Scheme 11
Chapter 3 A Secure IC-Card-Based Remote Login Mechanism 14
3.1 Introduction 14
3.2 The Proposed Scheme 15
3.3 Security Analyses 19
3.4 More Discussions 21
3.5 Summaries 23
Chapter 4 An Electronic Proxy Raffle Protocol over the Internet 25
4.1 Introduction 25
4.2 The Proposed Scheme 27
4.3 Security Analyses 31
4.4 Requirements Analyses and More Discussions 34
4.5 Summaries 38
Chapter 5 A t-out-of-n Electronic Voting System Using IC Cards 39
5.1 Introduction 39
5.2 The Proposed Scheme 42
5.3 Requirements Analyses 48
5.4 Security Analyses and Comparisons 50
5.5 Summaries 54
Chapter 6 Conclusions and Future Works 55
References 57
Biographical Notes 63

[1] Benaloh, J., “Verifiable Secret-Ballot Elections,” Ph.D. dissertation, Yale University, Department of Computer Science, YALEU/CDS/TR-561, Dec. 1987.
[2] Chang, C. C. and Hwang, S. J., “Using Smart Cards to Authenticate Remote Passwords,” Computers and Mathematics with Applications, Vol. 26, No. 7, pp. 19-27, 1993.
[3] Chang, C. C. and Lee, J. S., “An Anonymous and Flexible t-out-of-n Electronic Voting scheme,” Journal of Discrete Mathematical Sciences & Cryptography, Vol. 9, No. 1, pp. 133-151, Apr. 2006.
[4] Chang, C. C. and Lee, J. S., “An Anonymous Voting Mechanism Based on the Key Exchange Protocol,” Computers & Security, Vol. 25, pp. 307-314, Feb. 2006.
[5] Chang, C. C. and Liao, W. Y., “A Remote Password Authentication Scheme Based upon ElGamal’s Signature Scheme,” Computers & Security, Vol. 13, No. 2, pp. 137-144, 1994.
[6] Chang, C. C. and Wu, L. H., “A Password Authentication Scheme Based upon Rabin’s Public-Key Cryptosystem,” Proceedings of International Conference on Systems Management ’90, Hong Kong, pp. 425-429, Jun. 1990.
[7] Chang, C. C. and Wu, T. C., “Remote Password Authentication with Smart Cards,” IEE Proceedings on Computers and Digital Techniques, Vol. 138, No. 3, pp. 165-168, May 1991.
[8] Chaum, D., “Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms,” Communications of the ACM, Vol. 24, No. 2, pp. 84-88, 1981.
[9] Chaum, D., “Blind Signature for Untraceable Payments,” Advances in Cryptology: Proceedings of Crypto’82, New York, U.S.A., pp. 199-203, 1983.
[10] Chaum, D., “Blinding for Unanticipated Signatures,” Advances in Cryptology: Proceedings of EUROCRYPT’87, Amsterdam, Netherlands, pp. 227-233, Apr. 1987.
[11] Chaum, D., “Elections with Unconditional-Secret Ballots and Disruption Equivalent to Breaking RSA,” Advances in Cryptology: Proceedings of EUROCRYPT’87, Davos, Switzerland, pp. 177-182, 1988.
[12] Chen, Y. Y., Jan, J. K. and Chen, C. L., “The Design of a Secure Anonymous Internet Voting System,” Computers & Security, Vol. 23, No. 4, pp. 330-337, Jun. 2004.
[13] Chen, Y. Y., Jan, J. K. and Chen, C. L., “Design of a Fair Proxy Raffle Protocol on the Internet,” Computer Standards & Interfaces, Vol. 27, No. 4, pp. 415-422, Apr. 2005.
[14] Chien, H. Y., Jan, J. K. and Tseng, Y. M., “A Modified Remote Login Authentication Scheme Based on Geometric Approach,” Journal of Systems and Software, Vol. 55, No. 3, pp. 287-290, Jan. 2001.
[15] Cramer, R., Gennaro, R. and Schoenmakers, B., “A Secure and Optimal Efficient Multi-Authority Election Scheme,” Advances in Cryptology: Proceedings of EUROCRYPT’97, Konstanz, Germany, Vol. 1233, pp. 103-118, May 1997.
[16] Cranor, L. and Cytron, R., “Sensus: a Security-Conscious Electronic Polling System for the Internet,” Proceedings of the Thirtieth Hawaii International Conference on System Sciences, Wailea, HI, U.S.A., Vol. 3, pp. 561-570, 1997.
[17] Damgard, I., Groth, J. and Salomonsen, G., “The Theory and Implementation of an Electronic Voting System,” Advances in Information Security, Vol. 7, pp. 77-100, 2003.
[18] Damgard, I. and Jurik, M., “A Generalization, a Simplification and Some Applications of Pailliers Probabilistic Public-Key System,” Proceedings of Public Key Cryptography, Vol. 1992 of LNCS, pp. 119-136, 2001.
[19] Davies, G. I. and Price, W. L., Security for Computer Network: Wiley-Interscience Publication, John Wiley and Sons, Ltd., Chichester, New York, Brisbane, Toronto, 1984.
[20] Denning, D. E., Cryptography and Data Security, Addison-Wesley, Mass., U.S.A., 1982.
[21] Diffie, W. and Hellman, M. E., “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644-654, Nov. 1976.
[22] Dini, G., “A Secure and Available Electronic Voting Service for a Large-Scale Distribution System,” Future Generation Computer Systems, Vol. 19, pp. 69-85, 2003.
[23] Elgamal, T., “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, Vol. IT-31, No. 4, pp. 469-472, 1985.
[24] Evans, A. J., Kantrowitz, W. and Weiss, E., “A User Authentication Scheme not Requiring Secrecy in the Computer,” Communications of the. ACM, Vol. 17, No. 8, pp. 437-442, Aug. 1974.
[25] Freier, A. O., Karlton, P. and Kocher, P. C., “The SSL Protocol Version 3.0,” Internet Draft, http://wp.netscape.com/eng/ssl3/ssl-toc.html, Nov. 1996.
[26] Fujioka, A., Okamoto, T. and Ohta, K., “A Practical Secret Voting Scheme for Large Scale Elections,” Advances in Cryptology: Proceedings of ASIA CRYPT’92, Gold Coast, Queensland, Australia, pp. 244-251, 1992.
[27] Hwang, T. Y., “Password Authentication Using Public-Key Encryption,” Proceedings of International Carnahan Conference on Security Technology, Zurich, Switzerland, pp. 35-38, 1983.
[28] Hwang, J. J., “A Conventional Approach to Secret Balloting in Computer Networks,” Computers & Security, Vol. 15, No. 3, pp. 249-262, 1996.
[29] Hwang, M. S. and Li, L. H., “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, Feb. 2000.
[30] Jan, J. K. and Chen, Y. Y., “Paramita Wisdom: Password Authentication Scheme without Verification Tables,” Journal of Systems and Software, Vol. 42, No. 1, pp. 45-57, Jul. 1998.
[31] Jan, J. K., Chen, Y. Y. and Lin, Y., “The Design of Protocol for e-Voting on the Internet,” Proceedings of IEEE International Carnahan Conference on Security Technology, London, England, pp. 180-189, Oct. 2001.
[32] Jan, J. K. and Lin, R. H., “A Secure Anonymous Voting by Employing Diffie-Hellman PKD Concept,” Proceedings of IEEE International Carnahan Conference on Security Technology, Surrey, England, pp. 252-258, Oct. 1995.
[33] Jan, J. K. and Tai, C. C., “A Secure Electronic Voting Protocol with IC Cards,” Journal of Systems and Software, Vol. 39, pp. 93-101, Dec. 1997.
[34] Juang, W. S., “Efficient Password Authenticated Key Agreement Using Smart Cards,” Computers & Security, Vol. 23, No. 2, pp. 167-173, Mar. 2004.
[35] Juang, W. S. and Lei, C. L., “A Collision-Free Secret Ballot Protocol for Computerized General Elections,” Computers & Security, Vol. 15, No. 4, pp. 339-348, 1996.
[36] Juang, W. S. and Lei, C. L., “A Secure and Practical Electronic Voting Scheme for Real World Environments,” IEICE Transactions on Fundamentals on Communications, Electronics, Information and Systems, Vol. E80-A, No. 1, pp. 64-71, 1997.
[37] Lain, C. S., Harn, L. and Huang, D., “Password Authentication Using Quadratic Residues,” Proceedings of International Computer Symposium, Taipei, Taiwan, pp. 1484-1489, Dec. 1988.
[38] Lamport, L., “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770-772, Nov. 1981.
[39] Liaw, H. T., “A Secure Electronic Voting Protocol for General Elections,” Computers& Security, Vol. 23, pp. 107-119, 2004.
[40] Liaw, H. T., Lin, J. F. and Wu, W. C., “An Efficient and Complete Remote User Authentication Scheme Using Smart Cards,” Mathematical and Computer Modeling, Vol. 44, No. 1-2, pp. 223-228, Jul. 2006.
[41] Lin, C. H. and Chang, C. C., “A Server-Aided Computation Protocol for RSA Enciphering Algorithm,” International Journal of Computer Mathematics, Vol. 53, pp. 149-155, 1994.
[42] Lin, I. C., Hwang, M. S. and Chang, C. C., “Security Enhancement for Anonymous Secure e-Voting over a Network,” Computer Standards & Interfaces, Vol. 25, No. 2, pp. 131-139, 2003.
[43] Park, C., Itoh, K. and Kurosawa, K., “Efficient Anonymous Channel and All/Nothing Election Scheme,” Advances in Cryptology: Proceedings of EUROCRYPT’93, Lofthus, Norway, Vol. 765 of LNCS, pp. 248-259, 1994.
[44] Rankl, W. and Effing, W., Smart Card Handbook, John Wiley and Sons, 2nd Edition, 2000.
[45] Rivest, R. L., Shamir, A. and Adleman, L., “A Method for Obtaining Digital Signatures and Public-key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120-126, Feb. 1978.
[46] Sako, K. and Killian, J., “Receipt-Free Mix-Type Voting Scheme – a Practical Solution to the Implementation of a Voting Booth,” Advances in Cryptology: Proceedings of EUROCRYPT’95, Berlin, Germany, Vol. 921 of LNCS, pp. 393-403, 1995.
[47] Schneier, B., Applied Cryptography, 2nd Edition, John Wiley and Sons, New York, U.S.A., 1996.
[48] Schneier, Bruce, Applied Cryptography, Protocols, Algorithms, and Source Code in C, John Wiley and Sons Inc., 2nd Edition, New York, U.S.A., pp. 15, 1996.
[49] Sun, H. M., “An Efficient Remote Use Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000.
[50] Wang, C. T., Chang, C. C. and Lin, C. H., “Using IC Cards to Remotely Login Passwords without Verification Tables,” Proceedings of the 18th International Conference on Advanced Information Networking and Applications, Fukuoka, Japan, Vol. 1, pp. 321-326, 2004.
[51] Wagner, D. and Schneier, B., “Analysis of the SSL 3.0 Protocol,” Proceedings of the 2nd USENIX Workshop on Electronic Commerce, Oakland, California, U.S.A., pp.29-40, Nov. 1996.
[52] Wu, T. C., “Remote Login Authentication Scheme Based on a Geometric Approach,” Computer Communications, Vol. 18, No. 12, pp. 959-963, 1995.
[53] Zhou, J. and Tan, C., “Playing Lottery on the Internet,” Proceedings of the 3rd International Conference on Information and Communications Security, Xian, China, Vol. 2229, pp. 189-201, Nov. 2001.
[54] Zwierko, A. and Kotulski, Z., “A Light-Weight e-Voting System with Distributed Trust,” Electronic Notes in Theoretical Computer Science, Vol. 168, pp. 109-126, Feb. 2007.