臺灣博碩士論文加值系統

由於資通訊技術發展，行動使用者可以使用其個人行動裝置存取各式各樣服務或資源。為避免未取得合法授權的使用者存取服務或資源，尤其是漫遊服務，發展安全的鑑別機制乃是其中關鍵技術。本論文提一個適用於全球行動網路之可防制DoS攻擊的漫遊匿名鑑別機制，所設計的機制可以達到使用者匿名 (user anonymity)、相互鑑別 (mutual authentication)、會議金鑰安全 (session-key security)、完美前推安全 (perfect forward secrecy)、抵抗重送攻擊 (replay-attack resistance)、抵抗中間者攻擊 (man-in-middle-attack resistance)、抵抗假冒攻擊(impersonation-attack resistance)、抵抗內部者攻擊 (insider-attack resistance)及抵抗阻斷式服務攻擊 (denial-of-service-attack resistance)。

Due to the development of information and communication technology, a mobile user can access various services or resources by using his/her mobile device. It is the key technique to design a secure authentication scheme that prevents services or resources from be illegal accessed by an unauthorized user, especially roaming. This thesis proposes a roaming anonymous authentication scheme with DoS-attack resistance for global mobility networks. The proposed scheme can provides user anonymity, mutual authentication, session-key security, perfect forward secrecy, replay-attack resistance, man-in-middle-attack resistance, impersonation-attack resistance, insider-attack resistance, and denial-of-service-attack resistance.

第一章緒論 1
1.1研究背景與動機 1
1.2 研究目的 3
第二章 數學假設與用戶端難題 6
2.1 困難度假設 6
2.2 用戶端難題 7
第三章 所提出的方法 8
3.1 系統角色與階段 8
第四章 安全證明 19
第五章 結論與未來研究方向 23

余浩宇、吳宗成、蔡國裕 (2014，5月)。基於用戶端難題之漫遊鑑別機制，第二十四屆全國資訊安全會議，政治大學。
Aura, T., Nikander, P., and Leiwo, J. (2001). DoS-resistant authentication with client puzzles. The 8th International Workshop on Security Protocols, 2133, 170-177.
Bocan, V. (2004). Threshold puzzles: the evolution of DoS-resistant authentication. Transaction on Automatic Control and Computer Science, 49 (63).
Chang, C.C., and Wu, T.C. (1991). Remote password authentication with smart cards. IEE Proceedings-Computers and Digital Techniques 138(3), 165-168.
Chang, C.C., Lee, C.Y., and Chiu, Y.C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611-618.
Chen, Y.L., Chou, J.S., and Huang, C.H. (2009). Improvements on two password-based authentication protocols. Cryptology ePrint Archive, Report 2009/561, http://eprint.iacr.org/2009/561.pdf.
Chen, C., He, D., Chan, S., Bu, J., Gao, Y., and Fan, R. (2011) Lightweight and provably secure user authentication with anonymity for the global mobility network. International Journal of Communication Systems, 24, 347-362.
Chen, T., Hsiang, H., and Shih, W. (2011). Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems 27(4), 377-380.
Chen, C.L., Lu, M.S., and Guo, Z.M. (2012). A non-repudiated and traceable authorization system based on electronic health insurance cards. Journal of Medical Systems 36(4), 2359-2370.
He, D., Ma, M., Zhang, Y., Chen, C., and Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communication, 34, 367-374.
He, D., Kumar, N. Khan, M., and Lee, J.H. (2013). Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Transactions on Consumer Electronics, 59(4), 811 - 817.
Hsiang, H.C. and Shih, W.K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118-1123.
Juels, A., and Brainard, J. (1999). Client puzzles: a cryptographic countermeasure against connection depletion attacks. Networks and Distributed Security Systems, 151–165.
Khan, M., Kim, S., and Alghathbar, K. (2011). Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Computer Communications 34(3), 305-309.
Laurens, V., Saddik, A.E., and Nayak, A. (2006) Requirements for client puzzles to defeat the denial of service and the distributed denial of
service attacks. The International Arab Journal of Information Technology, 3(4).
Lee, C.C., Hwang, M.S., and Liao, I.E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683-1687.
Li, C.T., and Lee, C.C. (2011). A robust remote user authentication scheme using smart card. Information Technology and Control, 40(3), 236–245.
Li, C.T., Lee, C.C., Liu, C.J., and Lee, C.W. (2011). A robust remote user authentication scheme against smart card security breach. The 25th Annual IFIP Conference on Data and Applications Security and Privacy, 231-238.
Li, K., Xiu, A., He, F., and Lee, D.H. (2011). Anonymous authentication with unlinkability for wireless environments. IEICE Electronics Express, 8(8), 536-541.
Liao, Y.P. and Wang, S.S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24-29.
Ma, C.G., Wang, D., and Zhang, Q.M. (2012). Cryptanalysis and improvement of Sood et al.’s dynamic ID-based authentication scheme. The 8th International Conference on Distributed Computing and Internet Technology, 7154, 141-152.
Mun, H., Han, K., Lee, Y.S., Yeun, C.Y., and Choi, H.H. (2012). Enhanced secure anonymous authentication scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 55(1-2), 214-222.
Price, G. (2003). A general attack model on hash-based client puzzles. The 9th IMA International Conference on Cryptography and Coding, 319-331.
Princeton, N.J., and Bedford, M.A. (2004). New client puzzle outsourcing techniques for DoS resistance. The 11th ACM Conference on Computer and Communications Security, 246-256.
Sood, S.K. (2011). Secure dynamic identity-based authentication scheme using smart cards, Information Security Journal: A Global Perspective. 20(2), 67-77.
Wang, R.C., Juang, W.S., and Lei, C.L. (2007). A simple and efficient key exchange scheme against the smart card loss problem. The IFIP International Conference on Emerging Directions in Embedded and Ubiquitous Computing, 728-744.
Wang, Y., Liu, J., Xiao, F., and Dan, J. (2009). A more efficient and secure dynamic id-based remote user authentication scheme. Computer communications, 32(4), 583-585.
Wang, Y.G. (2012). Password protected smart card and memory stick authentication against off-line dictionary attacks. The 27th IFIP TC 11 Information Security and Privacy Conference, 376, 489-500.
Wu, C.C., Lee, W.B., and Tsaur, W.J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722-723.
Wu, K.Y., Tsai, K.Y., and Wu, T.C. (2011). Robust anonymous authentication scheme without verification table for roaming service in global mobility networks. The 6th Joint Workshop on Information Security (JWIS 2011).
Wu, S.H., Zhu, Y.F., and Pu, Q. (2012). Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks, 5(2), 236-248.
Xie, Q., Bao, M., Dong, N., Hu, B., Wong, D.S. (2013). Secure mobile user authentication and key agreement protocol with privacy protection in global mobility networks. 2013 International Symposium on Biometrics and Security Technologies (ISBAST), 124-129.
Xu, J. and Feng, D. (2009). Security flaws in authentication protocols with anonymity for wireless environments. ETRI Journal, 31(4), 460-462.
Yang, G.M., Wong, D.S., Wang, H.X., and Deng, X.T. (2006). Formal analysis and systematic construction of two-factor authentication scheme. The 8th International Conference on Information and Communications Security, LNCS, 4307, 82-91.
Yeh, C.K. and Lee, W.B. (2009). An overall cost-effective authentication technique for the global mobility network. International Journal of Network Security, 9(3), 227-232.
Zhu, J., and Ma, J. (2004). A new authentication scheme with anonymity for wireless environments. IEEE Transactions on Consumer Electronics, 50 (1), 231-235.