臺灣博碩士論文加值系統

本論文提出了兩個適用於開放式網路上的身份確認協定(authentication
protocol)，在第一部份，我們提出了一個只需要極少次的訊息傳遞動作
，即可完成身份確認的協定。雖然這個協定使用較少次的訊息傳遞動作，
但是比起其他的協定(如 kerberos, NS 及 Permuted 協定等等)仍具有更
高的安全性(security)及可靠性(reliability)。根據這個協定，我們實
際在 UNIX 系統上製作出一套採用主僕式(Master/Slave)架構的安全身份
確認系統。在第二部份，我們提出了一個適用於無線網路(wireless
networks)系統的身份確認協定。在這個協定中，身份確認的動作只需在
欲溝通之兩者間完成，不需要借助第三者(trusted third party)的幫忙
，而且訊息傳遞的次數只需要兩次。此外，我們不僅減少了指數運算(
exponential computation)所需的次數，也解決了在 Okamoto and
Tanaka's ID-based scheme 中會產生的 安全問題。

In this thesis, two new authentication protocols are proposed.
In the first part, we present a four-message protocol for
initial authentication that supports subsequent authentication
in two messages without contacting the authentication server or
using synchronized clocks. This protocol has the property of
using fewer messages to provide better security than Kerberos
and better reliability and security than the NS and Permuted
protocols. Based on the protocol, a secure authentication
system is built, which uses the master-slave scheme. In the
second part, we propose a secure authentication protocol which
supports both the privacy of messages and the authenticity of
communicating parties in wireless networks. The trusted third
party (key information center) is not needed once the secure
network system is set up. Mutual authentication and key
distribution can be achieve with two messages merely between
two parties involved. With lower computation overhead, this
protocol resolves the problems, appeared in the Okamoto and
Tanaka's ID-based scheme, that user identities may be forged
and user secret information may be discolsed. It can also
protect user communication from replay attacks even if system
clocks are not synchronized.