跳到主要內容

臺灣博碩士論文加值系統

(44.211.24.175) 您好!臺灣時間:2024/11/13 06:26
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:洪清波
研究生(外文):Ching Po Hung
論文名稱:以單向雜湊函數為基礎之認證機制
論文名稱(外文):Authentication Protocols Using One Way Hash Function
指導教授:林峻立林峻立引用關係
指導教授(外文):Chun-Li Lin
學位類別:碩士
校院名稱:樹德科技大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:58
中文關鍵詞: 認證 密碼學 一次通行碼
外文關鍵詞:AuthenticationCryptographyOne-time password.
相關次數:
  • 被引用被引用:6
  • 點閱點閱:297
  • 評分評分:
  • 下載下載:45
  • 收藏至我的研究室書目清單書目收藏:0
目前愈來愈多系統,其使用者利用行動裝置,經由網際網路,存取遠端伺服器,或查詢個人資料、管理金錢,或執行商業交易等。由於行動裝置本身的硬體與電力限制,本論文以低運算量及安全為主旨,專門蒐集以單向雜湊函數為基礎之遠端認證機制,並將這些機制分成盤查-回應(challenge-response)、狀態同步(state-synchronization)、獨立式(user-independenet server)三大類。本論文針對每大類最近發表的機制,分析其安全缺點,並予以改善。說明如下:

1. 針對盤查-回應,本論文指出西元2005年Lee與Chen協定易遭偽冒攻擊,並且改善Lee與Chen協定。
2. 對於狀態同步,本論文描述西元2004年發表的2GR無法抵抗偽冒攻擊;本論文改善ROSI協定,避免西元2005年Chien、Wang與Yang提出對ROSI的DOS攻擊。
3. 針對獨立式:伺服器沒有儲存驗證表與使用者祕密資料的協定,本論文說明西元2005年發表採臨時亂數(nonce)之Chien-Wang-Yang協定沒forward secrecy與沒效率,因此以採用時戳(timestamp)的協定為重點。本論文指出西元2002年提出的Chien-Jan-Tseng協定容易遭受猜測攻擊,並且加以改善。
Recently, more and more applications for personal information, managing money or business trading are developed. The user uses mobile unit to access remote server via the Internet. For the mobile unit limited with hardware and battery power, the gists of this thesis are low computation and security. Specially, this thesis collects those authentication protocols using one way hash function, further classifies into three broad categories: challenged-response-based、state-synchronization-based and user-independent-server-based techniques. For nearest proposed authentication protocols belonging to each of three broad categories, this thesis describes their security weaknesses and proposes improvements to avoid the flaws as follows:

1. Aiming at challenged-response-based group, in this paper, we point out Lee and Chen’s protocol, presented in 2005, which is vulnerable to a masquerade attack and recommend an improvement on Lee and Chen’s protocol.
Chien-Wang-Yang’s protocol is lack of forward secrecy and efficiency. So,
2. For state-synchronization-based group, we show that 2GR, proposed in 2004, cannot resist against the impersonation attack. Additionally, in 2005, Chien, Wang and Yang performed the DOS attack to ROSI. In this paper, we make a small change to ROSI for avoiding this DOS attack.

3. To user-independent-server-based class, the secret data of user and verifier do not store at the server, we note that nonce-based our keynote is timestamp-based protocol. We illustrate and improve the Chien-Jan-Tseng protocol, presented in 2002, which suffers from the guessing attack.
中文摘要……………………………………………………………………… i
英文摘要……………………………………………………………………… ii
誌謝…………………………………………………………………………… iii
目錄…………………………………………………………………………… iv
表目錄………………………………………………………………………… vi
圖目錄………………………………………………………………………… vii
符號說明……………………………………………………………………… viii
一、緒論……………………………………………………………………… 1
1.1 研究背景…………………………………………………………… 1
1.2 研究動機…………………………………………………………… 2
1.3 研究目的及貢獻…………………………………………………… 3
1.4 論文架構…………………………………………………………… 3
二、認證、攻擊與單向雜湊函數…………………………………………… 4
2.1 身份認證(Authentication)…………………………………… 4
2.2 認證的功能………………………………………………………… 4
2.2.1 訊息加密(Message encryption)…………………… 4
2.2.2 訊息確認碼(Message authentication code)…… 6
2.2.3 雜湊函數…………………………………………………… 9
2.3 單向雜湊函數……………………………………………………… 13
2.3.1 單向雜湊函數需求………………………………………… 13
2.3.2 雜湊演算法架構…………………………………………… 14
2.3.3 採用單向雜湊函數的動機………………………………… 14
2.4 攻擊……………………………………………………………………14
三、具Challenge-Response之One-Time Password認證協定………………17
3.1 簡介…………………………………………………………………………17
3.2 相關研究……………………………………………………………………18
3.2.1 Yeh-Shen-Hwang 協定…………………………………………18
3.2.2 對Yeh-Shen-Hwang 協定的攻擊………………………………19
3.2.3 Lee 與 Chen的改善協定…………………………………………22
3.3 本論文對 Lee 與 Chen 協定的攻擊……………………………………23
3.4 本論文改善Lee 與 Chen協定……………………………………………24
3.5 安全分析與比較表…………………………………………………………25
四、具State-Synchronization之One-Time Password認證協定…………27
4.1 簡介…………………………………………………………………………27
4.2 相關研究……………………………………………………………………27
4.2.1 SAS-2協定……………………………………………………… 27
4.2.2 ROSI協定…………………………………………………………28
4.2.3 對SAS-2之偷竊攻擊…………………………………………… 29
4.2.4 對ROSI之偷竊攻擊………………………………………………29
4.2.5 2GR協定……………………………………………………………31
4.2.6 對ROSI 之DOS攻擊………………………………………………33
4.3 本論文對2GR之攻擊………………………………………………………34
4.4 本論文改善ROSI 防止DOS攻擊………………………………………… 35
4.5 安全與效率分析比較表……………………………………………………37
五、具User-independent Server之認證協定……………………………… 38
5.1 簡介…………………………………………………………………………38
5.2 相關研究……………………………………………………………………38
5.2.1 採nonce之Chien-Wang-Yang協定……………………………38
5.2.2 採timestamp與單向認證之Lee-Hwang-Yang協定………… 39
5.2.3 Lee-Hwang-Yang協定之安全缺點…………………………… 40
5.2.4 採timestamp與相互認證之Chien-Jan-Tseng協定…………41
5.2.5 Ku與Chen對Chien-Jan-Tseng協定之反射攻擊與改善…… 41
5.2.6 Yeh對Chien-Jan-Tseng協定之偽造攻擊與改善…………… 42
5.3 本論文對Chien-Wang-Yang協定之forward secrecy與效率分析…42
5.4 本論文對Chien-Jan-Tseng協定之猜測攻擊………………………… 43
5.5 本論文對Chien-Jan-Tseng協定之改善……………………………… 44
5.6 安全與功能分析比較表……………………………………………………45
六、結論………………………………………………………………………………46
6.1 本論文的主要貢獻…………………………………………………………46
6.2 未來展望……………………………………………………………………46
參考文獻………………………………………………………………………………47
簡歷……………………………………………………………………………………50
1. X. Wang and H. Yu, “How to Break MD5 and Other Hash Functions,” available at http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf .
2. S. William,“Cryptography and Network Security Principles and Practice,”Prentice Hall, Third Edition 2002.
3. T.C. Yeh, H.Y. Shen, and J.J. Hwang,“A secure one-time password authentication scheme using smart cards,”IEICE Trans. Commun., vol.E85-B, no.11, pp.2515-2518, Nov. 2002.
4. T. Tsuji and A. Shimizu, “Cryptanalysis on one-time password authentication scheme using counter value,” IEICE Trans. Commun., vol.E87-B, no.6, pp.2756-2759, June. 2004.
5. W.C. Ku, H.C. Tsai and M.J. Tsaur, “Stolen-verifier attack on an efficient smartcard-based one-time password authentication scheme,” IEICE Trans. Commun., vol.E87-B, no.8, pp.2374-2376, Aug. 2004.
6. I.S. You and K. Cho, “Cryptanalysis of Yeh-Shen-Hwang’s one-time password authentication scheme*,” IEICE Trans. Commun., vol.E88-B, no.2, pp.751-753, Feb. 2005.
7. D.H. Yum and P.J. Lee, “Comments on Yeh-Shen-Hwang’s one-time password authentication scheme,” IEICE Trans. Commun., vol.E88-B, no.4, pp.1647-1648, Apr. 2005.
8. N.Y. Lee and J.C. Chen, “Improvement of One-Time Password Authentication Scheme Using Smart Cards,” IEICE Trans. Commun., vol.E88-B, no.9, pp.3765-3767, Sep. 2005.
9. L. Lamport, “Password authentication with insecure communication,” Commun. ACM, vol.24, no.11, pp.770-772, Nov. 1981.
10. N.M. Haller, “On internet authentication,” RFC 1704, Oct 1994.
11. N.M. Haller, “The S/KEY one-time password system,” RFC 1760, Feb. 1995.
12. C.J. Mitchell and L. Chen, “Comments on the S/KEY user authentication scheme,” ACM Operating Systems Review, vol.30, no.4, pp.12-16, Oct. 1996.
13. S.M. Yen and K.H. Liao, “Shared authentication token secure against replay and weak key attacks,” Information Processing Letters, vol.62, pp.77-80, 1997.
14. T. Tsuji and A. Shimizu, “One-time password authentication protocol against theft attacks,” IEICE Trans. Commun., vol.E87-B, no.3, pp.523-529, March 2004.
15. H.Y. Chien, R.C. Wang and C.C. Yang, “Note on robust and simple authentication protocol,” The Computer Journal vol.48, no.1, pp.27-29, Jan. 2005.
16. A. Shimizu, “A dynamic password authentication method by one-way function,” IEICE Trans. Int. & Syst. (Japanese Edition), vol.J73-D-I, no.7, pp.630-636, July 1990.
17. A. Shimizu, “A dynamic password authentication method by one-way function,” Syst. Comput. Jpn., vol.22, pp.32-40, July 1991.
18. A. Shimizu, T. Horioka and H. Inagaki “A password authentication method for contents communication on the Internet,” IEICE Trans. Commun., vol.E81-B, no.8, pp.1666-1673, Aug. 1998.
19. M. Sandirigama, A. Shimizu and M.-T. Noda, “Simple and secure password authentication protocol (SAS),” IEICE Trans. Commun., vol.E83-B, no.6, pp.1363-1365, June 2000.
20. C. Lin, H. Sun and T. Hwang, “Attacks and solutions on strong-password authentication,” IEICE Trans. Commun., vol.E84-B, no.9, pp.2622-2627, Sept. 2001.
21. T. Kamioka and A. Shimizu, “The examination of the security of SAS one-time password authentication,” IEICE Technical Report, OFS2001-48, Nov. 2001.
22. C.-M. Chen and W.-C. Ku, “Stolen-verifier attack on two new strong-password authentication protocols,” IEICE Trans. Commun., vol.E85-B, no.11, pp.2519-2521, Nov. 2002.
23. H.Y. Chien, J.K. Jan, “Robust and simple authentication protocol,” The Computer Journal vol.46, no.2, pp.193-201, Feb. 2003.
24. T. Tsuji and A. Shimizu, “An impersonation attack on one-time password authentication protocol OSPA,” IEICE Trans. Commun., vol.E86-B, no.7, pp.2182-2185, July 2003.
25. T. Tsuji, T. Kamioka and A. Shimizu, “Simple and secure password authentication protocol, ver.2 (SAS-2),” IEICE Technical Report, OIS2002-30, Sept. 2002.
26. T. Tsuji and A. Shimizu, “Algorithm variations of SAS-2,” IEICE Technical Report, IN2002-149, Dec. 2002.
27. W.H. Yang and S.P. Shieh, “Password authentication schemes with smart cards,” Computers & Security, vol.18, no.8, pp.727-733, 1999.
28. W.C. Ku and S.M. Chen, “Cryptanalysis of a flexible remote user authentication scheme using smart cards,” ACM SIGOPS Operating Systems Review, vol.39, issue 1, pp.90-96, Jan. 2005.
29. W.C. Ku and S.M. Chen, “Weakness and improvement of an efficient password based remote user authentication scheme using smart cards,” IEEE Trans. on Consumer Electronics, vol.50, no.1, pp.204-207, Feb. 2004.
30. H.T. Yeh, “Improvement of an efficient and practical solution to remote authentication: smart card,” IEICE Trans. Commun., vol.E89-B, no.1, pp.210-211, Jan. 2006.
31. H.M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Trans. on Consumer Electronics, vol.46, no.4, pp.958-961, Nov. 2000.
32. H.Y. Chien, J.K. Jan and Y.M. Tseng, “An efficient and practical solution to remote authentication: smart card,” Comput. Secur., vol.21, no.4, pp.372-375, 2002.
33. C.C. Lee, M.S. Hwang and W.P. Yang, “A flexible remote user authentication scheme using smart cards,” ACM Operating Systems Review, vol.36, no.3, pp.46-52, July 2002.
34. 賴溪松,韓亮,張真誠,2003,近代密碼學及其運用,旗標出版股份有限公司。
35. C.C. Chang, J.Y. Kuo and J.S. Lee, “Time-bound based password authentication scheme,” cw, pp.117-122, 2005 International Conference on Cyberworlds(CW’05), 2005.
36. 巫坤品、王青青譯,2006,密碼學與網路安全原理與實務,碁峯資訊股份有限公司。
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top