跳到主要內容

臺灣博碩士論文加值系統

(18.204.48.64) 您好!臺灣時間:2021/08/01 09:28
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:黃純慧
研究生(外文):Chun-hui Huang
論文名稱:運用智慧卡建立多伺服器認證的通訊協定
論文名稱(外文):A novel multi-server authentication protocol
指導教授:周志賢
指導教授(外文):Jue-sam Chou
學位類別:碩士
校院名稱:南華大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:英文
論文頁數:58
中文關鍵詞:多伺服器智慧卡密碼認證協定金鑰協議密碼變更
外文關鍵詞:password changesmart cardpassword authentication protocolkey agreementmulti-server
相關次數:
  • 被引用被引用:0
  • 點閱點閱:287
  • 評分評分:
  • 下載下載:39
  • 收藏至我的研究室書目清單書目收藏:0
  最近,Tsai和 Hsiang等人分別提出運用智慧卡建立多伺服器認證的通訊協定。他們宣稱,他們的通訊協定是安全並且可阻擋各種攻擊。然而,我們發現他們的通訊協定中存在著安全漏洞。在本文中,我們先說明這兩個機制中的安全漏洞,然後提出新的通訊協定。經過安全性分析後,這個新機制是運用智慧卡建立多伺服器認證的通訊協定中最安全且有效率的。
  Recently, Tsai and Hsiang et al. each proposed a multi-server authentication protocol. They claimed that their protocols are secure and can withstand various attacks. However, after analysis, we found that some security loopholes existing in their protocols. In this paper, we will first show the security loopholes in their protocols then present our new scheme. After security analysis, we conclude that our scheme is the most secure and efficient one regarding secure multi-server environments among all of the proposed protocols.
書名頁.......................................... i
論文口試合格証明............................... ii
著作財產權同意書.............................. iii
論文指導教授推荐書............................. iv
中文摘要........................................ v
英文摘要....................................... vi
目錄.......................................... vii
表目錄........................................ ix
圖目錄......................................... x
  
Chapter 1 Introduction ......................... 1
  
Chapter 2 Review of Tsai’s and Hsiang-Shih’s protocols.................................... 3
2.1 Review of Tsai’s protocol.................. 4
2.2 Review of Hsiang-Shih’s protocol .......... 9
  
Chapter 3 Security loopholes in Tsai’s and Hsiang-Shih’s protocols....................... 14
3.1 Server spoofing attack by an insider server on Tsai’s protocol ....................... 14
3.2 Attack on Hsiang-Shih’s protocol................................... 18
  
Chapter 4 Our protocol......................... 21
  
Chapter 5 Security analysis of our protocol.... 31
5.1 Mutual authentication...................... 31
5.2 Session key agreement...................... 33
5.3 Perfect forward and backward secrecy ...... 33
5.4 Changing password freely and securely ..... 34
5.5 Preventing the stolen-verifier attack...... 34
5.6 Preventing the insider-server spoofing attack............................ 34
5.7 Preventing insider-user impersonating attack ............................ 36
5.8 Preventing off-line and on-line password guessing attack........................ 37
5.9 Preventing replay attack ............................... 38
5.10 Preventing parallel session (Man-in-the-Middle) attack .................. 38
5.11 Preventing smart-card-lost attack............................ 40
  
Chapter 6 Discussion ....................... 43
6.1 Single registration........................ 43
6.2 Low communication cost .................... 43
6.3 Increasing servers freely/ Low card-issue cost.............................. 44
6.4 Why we don’t adopt dynamic ID ................... 44
6.5 RC-off-line authentication ............................. 47
6.6 Comparisons ............................. 47
  
Chapter 7 Conclusion.......................... 49
  
References......................... 50
Appendix A.................................. 53
 [1] C.C. Chang, and J.Y. Kuo, “An efficient multi-server password authenticated key agreement scheme using smart cards with access control”, Proceedings of International Conference on Advanced Information Networking and Applications, Vol. 2, No. 28-30, pp. 257-260, March 2005.
 
 [2] C.C. Chang, and J.S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards”, Proceedings of International Conference on Cyberworlds, No. 18-20, pp. 417-422, November 2004.
 
 [3] H.C. Hsiang, and W.K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment”, Computer Standards & Interfaces, In Press, Available online December 2008.
 
 [4] I.C. Lin, M.S. Hwang, and L.H. Li, “A new remote user authentication scheme for multi-server architecture”, Future Generation Computer Systems, Vol. 19, No. 1, pp. 13-22, January 2003.
 
 [5] J. H. Lee, and D. H. Lee, “Efficient and Secure Remote Authenticated Key Agreement Scheme for Multi-server Using Mobile Equipment”, Proceedings of International Conference on Consumer Electronics, pp. 1-2, January 2008.
 
 [6] J.L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table”, Computers & Security, Vol. 27, No. 3-4, pp. 115-121, May-June 2008.
 
 [7] L. Hu, X. Niu, and Y. Yang, “An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards”, Proceedings of International Conference on Multimedia and Ubiquitous Engineering, pp. 903-907, April 2007.
 
 [8] R.J. Hwang, and S.H. Shiau, “Password authenticated key agreement protocol for multi-servers architecture”, Proceedings of International Conference on Wireless Networks, Vol. 1, No. 13-16, pp. 279-284, June 2005.
 
 [9] W.J. Tsaur, C.C. Wu, and W.B. Lee, “An enhanced user authentication scheme for multi-server Internet services”, Applied Mathematics and Computation, Vol. 170, No. 1-1, pp. 258-266, November 2005.
 
 [10] W.J. Tsaur, C.C. Wu, and W.B. Lee, “A smart card-based remote scheme for password authentication in multi-server Internet services”, Computer Standards & Interfaces, Vol. 27, No. 1, pp. 39-51, November 2004.
 
 [11] W.S. Juang, “Efficient multi-server password authenticated key agreement using smart cards”, IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 251-255, February 2004.
 
 [12] X. Cao, and S. Zhong, “Breaking a remote user authentication scheme for multi- server architecture”, IEEE Communications Letters, Vol. 10, No. 8, pp. 580-581, August 2006.
 
 [13] Y. Chen, C.H. Huang, and J.S. Chou, “Comments on two multi-server authentication protocols”, http://eprint.iacr.org/2008/544, December 2008.
 
 [14] Y.P. Liao, and S.S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment”, Computer Standards & Interfaces, Vol. 31, No. 1, pp. 24-29, January 2009.
 
 [15] Z.F. Cao, and D.Z. Sun, “Cryptanalysis and Improvement of User Authentication Scheme using Smart Cards for Multi-Server Environments”, Proceedings of International Conference on Machine Learning and Cybernetics, pp. 2818-2822, August 2006.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊