臺灣博碩士論文加值系統

網際網路時代的來臨，電腦系統與網路連結造就病毒與駭客在安全性上威脅。三方通訊中，最大優點就是能夠降低一個會議中，所有使用者所需儲存的金鑰數。
近年來，在三方通訊研究方面，都是針對使用者雙方利用驗證伺服器公鑰加密，加以保護資訊安全，作為後續接收與驗證伺服器所傳送訊息，然而這樣作法，容易遭受到假冒與密碼猜測攻擊。因此，接著陸續有學者提出不需要使用到驗證伺服器公鑰交換協定，來改善上述問題。架構設計上，主要是讓使用者雙方透過可信賴第三方協助金鑰交換動作，在通訊過程中，驗證伺服器可驗證使用者雙方身分與密碼，並且產生暫時金鑰分送給使用者雙方，讓使用者雙方產生出事後所要協商交談金鑰，而且此協定必需具備防止各類攻擊與提高整體效率，才能符合現今網路中的使用。
在本篇論文中，我們將設計一個有效率的三方認證金鑰交換協定，在我們設計的協定中，通訊雙方必須事先與憑證中心註冊，並且分享個人自選密碼。待雙方通訊時，在雙方公鑰計算中，分別加入另一方身分，讓使用者雙方能夠知道另一方是否為真實通訊對象，防止所謂中間者攻擊。
計算量方面，驗證伺服器分別傳送給雙方不同的暫時金鑰中，去除使用者雙方密碼，不只降低計算量，且仍然保有協定安全性，防止所謂辭典猜測攻擊。與其他學者協定相較下，我們的協定不只降低計算量，同時也達到相同安全性需求，能夠在現今網際網路環境內使用。

The introduction of the Internet era also means the dawn of mass threats of e-virus and hackers. Thus, the most appealing element of three-party communication would be the minimizing need of the session key in each user.
All recent studies about the three party communications have been concentrating on the safety reliance of public key cryptosystem on the authentication server between each two parties. Yet, this method is prone to forgery identity and password guessing attacks. Therefore, some claimed that the bypassing of public key exchange protocol on authentication server would be necessary to prevent the abovementioned safety issue. I.e. the users can obtain and exchange the session key from a trusted third party. During the session, the authentic server approves the users’ identities and passwords, and generates a temporary session key for each participant, and which session key would be highly secure against all sorts of modern-day attacks effectively and efficiently.
In this paper, we design an efficient three party session key exchange authentication protocol that is based on pre-registered identity and password on one authentication server. During the session, the public key would be encrypted with the identity of another participant, thereby reassuring its counterpart’s identity and prevent the session from unknown party’s potential threats.
In such a calculation for the temporary session keys which are sent separately to each participant, passwords are removed. For the reasons not only to reduce the required calculation capacity, but also to keep the security of the protocol, namely the dictionary guessing attacks. Thus, in comparisons to others’ protocols, our protocol not only does reduce the required calculation capacity, but also safeguard the communications in today’s Internet environment.

目 錄
中 文 摘 要 I
ABSTRACT III
誌 謝 V
目 錄 VI
表 目 錄 VIII
第一章 緒論 1
1.1 前言 1
1.2 研究背景 2
1.3 研究動機 5
1.4 研究目的 7
第二章 相關知識與文獻探討 9
2.1 密碼驗證 9
2.2 相關密碼學理論與技術 12
2.2.1 Diffie-Hellman 金鑰交換系統 12
2.2.2 無碰撞單向雜湊函數 (Collision-Free One Way Hash Function) 13
2.2.3 對稱式密碼系統 (Symmetric Cryptosystem) 15
2.2.4 非對稱式密碼系統 (Asymmetric Cryptosystem) 15
第三章 增強簡單三方金鑰交換認證協定 18
3.1 前言 18
3.2 文獻回顧 18
3.2.1 2007-Lu和Cao協定 18
3.2.2 2008-Guo等人協定 21
3.3 我們設計的協定 27
3.4 安全性與效能分析 30
3.4.1 安全性分析 30
3.4.2 效能分析 32
第四章 結論 35
參考文獻 36
附錄 38
附錄A：作者簡介 38
附錄B：口試委員意見修正 39






表 目 錄
表 1 我們的協定與相關協定的效能分析 34
表2 口試委員意見及勘誤修正表 39


圖 目 錄
圖 1 Diffie-Hellman 金鑰交換方法 13
圖 2 對稱式密碼系統 15
圖 3 非對稱式密碼系統 17
圖 4 簡單三方金鑰交換認證協定(S-3PAKE) 21
圖 5 簡單三方金鑰交換認證協定-中間者攻擊 24
圖 6 Guo等人的改善協定 26
圖 7 我們設計的協定 30

[1]W. Diffie and M. Hellman. “New Directions In Cryptography,” IEEE Transaction on Information Theory, IT-22(6): 644-645, November, 1976.
[2]D. R. Stinson. “Cryptography: Theory and Practice,” CRC Press, 1995.
[3]S. M. Bellovin and M. Merrit. “Encrypted key exchange: password based protocols secure against dictionary attacks,” In: Proceedings of IEEE symposium on research in security and privacy. IEEE Computer Society Press, May 1992. pp. 72-84.
[4]M. Steiner, G. Tsudik and M. Waidner. “Refinement and extension of encrypted key exchange,” ACM Operating Systems Review 1995, 29(3):22¬-30.
[5]Y. Ding and P. Horster. “Undetectable on-line password guessing attacks,” ACM Operating Systems Review 1995, 29(4):77-86.
[6]C. L. Lin, H. M. Sun and T. Hwang. “Three party-encrypted key exchanges: attacks and a solution,” ACM Operating Systems Review 2000, 34(4):12-20.
[7]C. L. Lin, H. M. Sun, M. Steiner and T. Hwang. “Three-party encrypted key exchange without server public-keys,” IEEE Communication Letters 2001, 5(12):497-9.
[8]L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone. “An efficient protocol for authenticated key agreement,” Designs, Codes and Cryptography March 2003, 28(2):119-34.
[9]C. C. Chang and Y. F. Chang. “A novel three-party encrypted key exchange protocol,” Computer Standards and Interfaces 2004, 26(5):471-6.
[10]T. F. Lee, T. Hwang and C. L. Lin. “Enhanced three-party encrypted key exchange without server public keys,” Computers & Security 2004, 23(7):571-7.
[11]S. W. Lee, H. S. Kim and K. Y. Yoo. “Efficient verifier-based key agreement protocol for three parties without server’s public key,” Applied Mathematics and Computation 2005, Vol 167, pp. 996-1003.
[12]M. Abdalla and D. Pointcheval. “Simple password-based encrypted key exchange protocols,” Topics in cryptology – CT-RSA 2005, In: LNCS, Springer-Verlag; 2005, pp. 191-208.
[13]R. Lu and Z. Cao. “Simple Three-party Key Exchange Protocol,” Computers & Security 2007, Vol. 26, pp. 94-97.
[14]H. Guo, Z. Li, Y. Mu and X. Zhang. “Cryptanalysis of Simple Three-Party Key Exchange Protocol,” Computers & Security 2008, doi: 10.1016/j.cose.2008.03.001.
[15]Y. Ding and P. Horster. “Undetectable on-line password guessing attacks,” ACM Operating System Review 1995, Vol. 29, pp. 77-86.
[16]IEEE 2002, Standard specifications for public key cryptography, IEEE 1363.