在現實環境中，總會有一些惡意的人士想去竊取不屬於他們的私密資料，因此便有了安全性的問題產生。為了防範各種破壞的行為，一般而言都需要某些機制來驗證使用者的合法性，而最常用的機制就是個人認證碼(password authentication)。它提供了使用者最基本的安全性和驗證性，由於它的簡單與方便，因此長久以來廣受人們的歡迎，但是安全性不高，一直是此方法的致命傷。
近年來由於工業技術的進展迅速，使得智慧卡(smart card)的功能日益強大，因此利用智慧卡的功能結合個人認證機制，已被大量地應用於商業交易方面上。例如：個人身份驗證卡, 銀行提款卡, 信用卡等等。本論文中，我們將以智慧卡為基礎的密碼認證架構為重點，因此利用智慧卡的可攜性、安全性和便利性，提出一系列的相關研究及改進，使得改進及提出的架構均能適用於現今的環境中。

In the real world environment, there are always some malicious persons wanting to steal others’ secret information. Thus, the security problems will occur. In order to against any kind of possible malicious depredations, several mechanisms are employed to verify the legality of the users, one such case, is the mechanism of personal password authentication code. The password authentication scheme provides the basic security and verification applications for users and has been particularly popular for a long time because of it’s simplicity and convenience. However, the weak security is always the main drawback of this method.
Due to the recent, rapid progress of industrialized techniques, the capability of the smart card has become ever more powerful. Hence, to utilize the function of smart card combining with password authentication scheme is largely applied to the aspects of business transactions, such as personal identity-authentication card, cash card, credit card and so on. In this thesis, we focus on the password authentication scheme based on smart cards. Thus, by utilizing the portability, security, and convenience of the smart card, we further propose a series of related researches and improvements about password authentication scheme, and then make all improved and proposed schemes to suit for the real world environment.

Chapter 1 Introduction ................................1
1.1 Background and Motivation .........................1
1.2 Thesis Organization ...............................4
Chapter 2 Password Authentication Scheme with Smart Cards
.......................................................5
2.1 Password Authentication Scheme and Smart Card .....5
2.2 Practical Password Authentication Scheme ..........7
2.2.1 Motivation ......................................7
2.2.2 Basic Requirements ..............................8
2.3 Enhancement for Password Authentication Schemes with Smart Cards .................................................9
2.3.1 Review of the Yang-Shieh Schemes ...............10
2.3.2 Proposed Scheme ................................13
2.3.3 Security and Efficiency Discussion .............14
2.4 Improvement for Efficient Remote Authentication Scheme Using Smart Cards ....................................15
2.4.1 Review of the Sun’s Scheme ....................16
2.4.2 Improved Scheme ................................17
2.4.3 Security and Efficiency Discussion .............19
2.5 Remarks ..........................................20
Chapter 3 Application of Password for Key Authentication Scheme ...............................................23
3.1 Review of the Horng-Yang Scheme and Zhan et al.’s Scheme ...............................................23
3.2 Improved Key Authentication Scheme ...............27
3.3 Security Discussion ..............................28
3.4 Efficiency Evaluation ............................29
3.5 Remarks ..........................................30
Chapter 4 Conclusions and Future Researches ..........32
References ...........................................34
誌謝 .................................................37
Vita .................................................38

[1] W. W. Adams and L. J. Goldstein, Introduction to Number Theory, Englewood Cliffs, N.J.: Prentice-Hall, 1976.
[2] S. Bellovin and M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks,” Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 72-84, May 1992.
[3] C. K. Chan and L. M. Cheng, “Remarks on Wang-Chang’s password authentication scheme,” IEE Electronics Letters, Vol. 37, No. 1, Jan. 2001.
[4] C. C. Chang and S. J. Hwang, “Using smart cards to authenticate remote passwords,” Computers and Mathematical Applications, Vol. 26, No. 7, pp. 19-27, 1993.
[5] C. C. Chang and T. C. Wu, “Remote password authentication with smart cards,” IEE Proceeding-E, Vol. 138, No. 3, pp. 165-168, 1991.
[6] A. Jr Evans, W. Kantrowitz and E. Weiss, “A user authentication system not requiring secrecy in the computer,” Communications of the ACM, Vol. 17, pp. 437-442, 1974.
[7] G. Horng and C. S. Yang, “Key authentication scheme for cryptosystems based on discrete logarithm,” Computer Communications 19, 848-850, 1996.
[8] M. S. Hwang, “A remote password authentication scheme based on the digital signature method,” International journal of Computer Mathematics, Vol. 70, pp. 657-666, 1999.
[9] M. S. Hwang, “Cryptanalysis of a remote login authentication scheme,” Computer Communication, Vol. 22, No. 8, pp. 742-744, 1999.
[10] M. S. Hwang and L. H. Li, “A new remote user authentication scheme using smart cards,’’ IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, Feb. 2000.
[11] T. Hwang, Y. Chan and C. S. Laih, “Non-interactive password authentications without password tables,” IEEE Region 10 Conference on Computer and Communication Systems, IEEE Computer Society, 1990, pp. 429-431.
[12] D. Jablon, “Strong password-only authenticated key exchange,” ACM Computer Communications Review, Vol. 20, No. 5, pp. 5-26, October 1996.
[13] A. Kehne, J. Schonwalder and H. Langendorfer, “A nonce-based protocol for multiple authentication,” ACM Operating Systems Review, Vol. 26, No. 4, pp. 84-89, Oct. 1992.
[14] J. Kohl and C. Neuman, “The Kerberos network authentication service (V5),” Internet RFC 1510, Sep. 1993.
[15] T. Kwon and J. Song, “Efficient key exchange and authentication protocols protecting weak secrets,” IEICE Trans. Fundamentals, Vol. E81-A, No. 1, pp. 156-163, Jan. 1998.
[16] L. Lamport, “Password authentication with insecure communication,” Communications of ACM, Vol. 24, pp. 28-30, 1981.
[17] R. E. Lennon, S. M. Matyas and C. H. Meyer, “Cryptographic authentication of time-invariant quantities,” IEEE Transactions on Communications, COM-29, No. 6, pp. 773-777, 1981.
[18] G. Li, M. A. Lomas, R. M. Needham and J. H. Saltzer, “Protecting poorly chosen secrets from guessing attacks,” IEEE Journal on Selected Areas in Communications 11 (5) (1993).
[19] E. Okamoto and K. Tanaka, “Identity-based information security management system for personal computer networks,” IEEE Journal on Selected Areas in Communications, Vol. 7, No. 2, pp. 290-294, Feb. 1989.
[20] P. Peyret, G. Lisimaque and T. Y. Chua, “Smart cards provide very high security and flexibility in subscribers management,” IEEE Transactions on Consumer Electronics, Vol. 36, No. 3, pp. 744-753, 1990.
[21] R. L. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital signature and public-key cryptosystem,” Communications of the ACM, Vol. 21, No. 2, pp. 120-126, 1978.
[22] M. Sandirigama, A. Shimizu and M. T. Noda, “Simple and secure password authentication protocol,” IEICE Trans. Commun., Vol.E83-B, No. 6, June. 2000.
[23] A. Shamir, “Identity-based cryptosystems and signature schemes,” Proceedings CRYPTO’84, pp. 47-53, Springer, Berlin, 1985.
[24] S. P. Shieh and W. H. Yang, “An authentication and key distribution system for open network system,” ACM Operating Systems Review, Vol. 30, No. 2, pp. 32-41, 1996.
[25] S. P. Shieh, W. H. Yang and H. M. Sun, “An authentication protocol without trusted third party,” IEEE Communications Letters, Vol. 1, No. 3, May. 1997.
[26] H. M. Sun, “An efficient remote use authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, November, 2000, pp. 28-30.
[27] S. J. Wang and J. F. Chang, “Smart card based secure password authentication scheme,” Computers and Security, Vol. 15, No. 3, pp. 231-237, 1996.
[28] T. C. Wu, “Remote login authentication scheme based on a geometric approach,” Computer Communications, Vol. 18, No. 12, pp. 959-963, 1995.
[29] W. H. Yang and S. P. Shieh, “Password Authentication Schemes with Smart Cards,” Computers & Security, Vol.18, No8, pp.727-733, 1999.
[30] B. Zhan, Z. Li, Y. Yang and Z. Hu, “On the security of HY-key authentication scheme,” Computer Communication 22 (1999) 739-741.