臺灣博碩士論文加值系統

資訊科技蓬勃發展，網際網路提供的服務不勝枚舉，傳統的實體交易受時間、空間限制，無法滿足消費者需求，而網路的特性打破這些限制，消費者可以透過網路進行交易，取代傳統的消費模式。在開放的網路環境下，任何人很容易竊取網路上的資訊，加以破壞，達到非法目的。各種資訊安全的攻擊接踵而至，對於個人秘密資訊安全性與私密性倍感威脅。當使用者透過遠端電腦，對伺服器提出進行存取電腦資源的需求，確認溝通雙方的身分與存取控制，成為網路安全考量議題之一。要如何判定上線使用者為合法註冊，是服務提供者應具備的，系統可以透過認證機制來驗證使用者的合法性。本研究應用智慧卡 (smart card) 儲存使用者資訊及微量運算的功能，提出通行碼認證 (password authentication) 與金鑰交換 (key exchange) 的方法，安全性是建構在單向雜湊函數 (one-way hash function) 與亂數基底 (nonce-based) 上，並使用智慧卡來保護認證上所需的私密資訊，可達到使用者與伺服器之間雙向認證 (mutual authentication)，產生互相通訊的交談金鑰 (session key)，並做有效期限的控制 (lifetime control)。歸納具有以下特性：伺服器不需要儲存認證資料、使用者可自行選擇通行碼、達到雙向認證、產生交談金鑰、可控制使用期限、運算成本低且效率佳。

Internet provides various services enabling the convenience of human life. However, it accompanies a variety of information security attacks. Before having access to the computer resources in remote site, it is one of the important issues in network security considerations to have a mutual authentication of the communicating entities. We proposed a new method of password authentication and key exchange protocol with smart card in this paper. The proposed scheme has the following characteristics: (1) it is not required for the server to store any authentication data for users; (2) users can freely choose their own passwords; (3) it provides mutual authentication; (4) the communicating parties can exchange one common session key; (5) it enables the control of expiration; (6) the computation complexities of the login phase is lower than those of the previously proposed schemes.

摘 要
ABSTRACT
目 錄
圖 目 錄
表 目 錄

第一章 緒論
1.1 研究背景與動機
1.2 研究目的
1.3 論文架構
第二章 文獻探討
2.1 背景知識
2.1.1 對稱式加密
2.1.2 非對稱式加密
2.1.3 單向雜湊函數
2.1.4 相關攻擊法
2.2 相關研究
2.2.1 Juang 認證機制
2.2.1.1 介紹 Juang 認證機制
2.2.1.2 本文提出改進 Juang 認證機制
2.2.2 Chen-Yeh 認證機制
2.2.3 Liaw 等人認證機制
第三章 本文方法
第四章 安全分析
第五章 效能分析
5.1 功能比較
5.2 效率分析比較
5.3 儲存與通訊成本比較
第六章 結論
參考文獻
附錄A

[1]Chan C.K. and Cheng L.M., Cryptanalysis of timestamp-based password authentication scheme, Computers & Security, Vol. 21, No. 1, 2001, pp. 74-76.
[2]Chang C.C. and Lee J.S., An efficient and secure multi-server password authentication scheme using smart cards, International Conference on Cyberworlds, 2004, pp. 417-422.
[3]Chang C.C. and Kuo J.Y., An efficient multi-server password authenticated key agreement scheme using smart cards with access control, Proceedings of The First International Workshop on Information Networking and Applications, Vol. 2, 2005, pp. 257-260.
[4]Chang C.C. and Lee J.S., An efficient and secure remote authentication scheme using smart cards, Information & Security, Vol. 18, 2006, pp. 122-133.
[5]Chang C.C. and Wu T.C., Remote password authentication with smart card, IEE Proceedings-E, Vol. 138, No. 3, 1993, pp. 165-168.
[6]Chaum D. and Pedersen T.P., Transferred cash grows in size, Advances in Cryptology - EUROCRYPT’92, 1992, pp. 390-407.
[7]Chen T.S., A specifiable verifier group-oriented threshold signature scheme based on the elliptic curve cryptosystem, Computer Standards & Interfaces, Vol. 27, No. 1, 2004, pp. 33-38.
[8]Chen Y.C. and Yeh L.Y., An efficient none-based authentication scheme with key agreement, Applied Mathematics and Computation, Vol. 169, No. 2, 2005, pp. 982-994.
[9]Chen Y.C. and Yeh L.Y., An efficient authentication and access control scheme using smart cards, Proceedings of the 11th International Conference on Parallel and Distributed Systems - Workshops (ICPADS’05), Vol. 2, 2005, pp.78-82.
[10]Chien H.Y. and Jan J.K., Robust and simple authentication protocol, The Computer Journal, Vol. 46, No. 2, 2003, pp. 193-201.
[11]Chien H.Y., Jan J.K. and Tseng Y.M., An efficient and practical solution to remote authentication: smart card, Computers & Security, Vol. 21, No. 4, 2002, pp. 372-375.
[12]Chor B., Goldwasser S., Micali S. and Awerbuch B., Verifiable secret sharing and achieving simultaneity in the presence of faults, Proceedings of the 26th IEEE Symposium on Foundations of Computer Science, 1985, pp. 251-260.
[13]Diffie W. and Hellman M., New directions in cryptography, IEEE Transactions on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644-654.
[14]Gong L., Optimal authentication protocols resistant to password guessing attacks, Proceedings of the 8th IEEE Computer Security Foundation Workshop, 1995, pp. 24-29.
[15]Gouda M.G., Liu A.X., Leung L.M. and Alam A.M., SPP: An anti-phishing single password protocol, Computer Networks, Vol. 51, No. 13, 2007, pp. 3715-3726.
[16]Hsu C.L., Security of Chien et al.’s remote user authentication scheme using smart card, Computer Standards & Interfaces, Vol. 26, No. 3, 2004, pp. 167-169.
[17]Hsu C.L., A user friendly remote authentication scheme with smart cards against impersonation attacks, Applied Mathematics and Computation, Vol. 170, No. 1, 2005, pp. 135-143.
[18]Hwang M.S. and Li L.H., A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30.
[19]Jan J.K. and Chen Y.Y., Paramita-wisdom password authentication scheme without verification tables, The Journal of Systems and Software, Vol. 42, No. 1, 1998, pp. 45-57.
[20]Juang W.S., Efficient password authenticated key agreement using smart cards, Computers & Security, Vol. 23, No. 2, 2004, pp. 167-173.
[21]Juang W.S., Efficient multi-server password authenticated key agreement using smart cards, IEEE Transactions on Consumer Electronics, Vol. 50, No.1, 2004, pp. 251-255.
[22]Juang W.S., Efficient three-party key exchange using smart cards, IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, 2004, pp. 619-624.
[23]Juang W.S., Lei C.L. and Chang C.Y., Anonymous channel and authentication in wireless communications, Computer Communications, Vol. 22, No. 15-16, 1999, pp. 1502-1511.
[24]Lamport L., Password authentication with insecure communication, Communications of the ACM, Vol. 24, No. 11, 1981, pp. 770-772.
[25]Liao I.E., Lee C.C. and Hwang M.S., A password authentication scheme over insecure networks, Journal of Computer and System Sciences, Vol. 72, No. 4, 2006, pp. 727-740.
[26]Liaw H.T., Zhang W.F. and Wu C.W., An efficient and complete remote user authentication scheme using smart card, Mathematical and Computer Modelling, Vol. 44, No. 1-2, 2006, pp. 223-228.
[27]Lu R. and Cao Z., Efficient remote user authentication scheme using smart card, Computer Networks, Vol. 49, No. 6, 2005, pp.535-540.
[28]Shamir A., Identity-based cryptosystems and signature schemes, Advances in Cryptology - CRYPTO’84, 1984, pp. 47-53.
[29]Shen J.J., Lin C.W. and Hwang M.S., A modified remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, 2003, pp. 414-416.
[30]Shieh W.G. and Wang J.M., Efficient remote mutual authentication and key agreement, Computers & Security, Vol. 25, No. 1, 2006, pp.72-77.
[31]Shim K., Off-line password-guessing attacks on the generalized key agreement and password authentication protocol, Applied Mathematics and Computation, Vol. 169, No. 1, 2005, pp. 511-515.
[32]Sun H.M., An efficient remote use authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, 2000, pp. 958-961.
[33]Tseng Y.M., Efficient authenticated key agreement protocols resistant to a denial-of-service attack, International Journal of Network Management, Vol. 15, No. 3, 2005, pp. 193-202.
[34]Wang X.M., Zhang W.F., Zhang J.S. and Khan M.K., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards, Computer Standards & Interfaces, Vol. 29, No. 5, 2007, pp. 507-512.
[35]Wu S.T. and Chieu B.C., A user friendly remote authentication scheme with smart cards, Computers & Security, Vol. 22, No. 6, 2003, pp. 547-550.
[36]Yang C.C. and Wang R.C., Cryptanalysis of a user friendly remote authentication scheme with smart cards, Computers & Security, Vol. 23, No. 5, 2004, pp. 425-427.
[37]Yang W.H. and Shieh S.P., Password authentication schemes with smart cards, Computers & Security, Vol. 18, No. 8, 1999, pp.727-733.
[38]Yeh H.T. and Sun H.M., Password authenticated key exchange protocols among diverse network domains, Computers and Electrical Engineering, Vol. 31, No. 3, 2005, pp.175-189.