學術產出-學位論文
文章檢視/開啟
書目匯出
-
題名 基於智慧卡之使用者身分辨識之設計與應用
The Design and Applications of User Authentication Based on Smart Cards作者 劉怡萱 貢獻者 左瑞麟
劉怡萱關鍵詞 匿名性
身份辨識
混沌對應(chaotic maps)
多重伺服器日期 2013 上傳時間 29-七月-2014 16:11:35 (UTC+8) 摘要 隨著網際網路的普及化,使用者在遠端即可存取系統資料或是使用系統所提供之資源,為了防止非法入侵電腦系統以及保護系統的安全,所以身份驗證是一件很重要的工作。近來,隨著目前科技進步,IC 智慧卡已是一個攜帶方便且具備安全性及計算能力的儲存載具, 其應用範圍相當廣泛,因此,透過IC智慧卡作為身分辨識的通行驗證的協定技術,以確保個人存取資料之安全,也是現今許多學者愈來愈重要之考量。然而目前大部份已被提出之智慧卡作為身分辨識之安全通行協定,系統與使用者端都須事先建立公開金鑰系統 這可能對智慧卡造成計算量與記憶體之負擔。於2013,Guo 和Chang學者基於混沌對應( chaotic maps)之原理,且不須使用公開金鑰系統,提出一個適用於智慧卡且具使用者匿名(user anonymity) 性質的身分辨識,防止被追蹤與保護使用者的資訊安全。但是,我們發現他們所提之方法並不具有匿名(user anonymity) 性質,且無法提供使用者自行可任意更改其密碼,需透過遠端系統之運算才行。因此,本研究提出了一個身分辨識驗證的改進方式,適用於智慧卡且具匿名(user anonymity) 性質,即使當智慧卡內之儲存內容遭讀取時,我們之協定仍然能確保使用者與遠端系統的安全性,且所提之研究方法更適於智慧卡與行動裝置之使用者。另一方面,由於科技之進步,讓社會大眾得以透過網路於各個不同之伺服器端來存取資源,使得遠端使用者身份辨識於多重伺服器存取資源的安全越來越重要。然而,目前被提出的單一註冊之遠端身份辨識於多重伺服器存取的安全協定,大部份易遭受非法攻擊,例如:內部攻擊,密碼猜測攻擊,與偽造攻擊等。因此,本研究基於混沌對應( chaotic maps)亦提出一個新的認證協定於多重伺服器存取安全之研究,以利不同環境之使用,所提之方法除了能提高驗證階段的效率且能符合各種不同之安全性質,以確保使用者與遠端系統之安全。
User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. Recently, the smart card based password authentication scheme became more and more important and functional. There are many mutual authentication protocols with user anonymity proposed in literature for preventing unauthorized parties from accessing resources through insecure environment. However, most of them are based on smart cards have to establish public key cryptosystems in advance. To solve the problem, in 2013, based on chaotic maps, Guo and Chang proposed an efficient mutual authentication protocol with user anonymity for the smart card. Unfortunately, this study will demonstrate their scheme could not achieve the user anonymity property, and do not allow changing password freely for the user. Then, we proposed a new method to remedy the weaknesses. The proposed method is secure even if the secret information stored in the smart card is compromised. Only one-way hash function and simple polynomial computations are involved in our protocol. It is more suitable for practice implementation. In addition, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Single registration and user authentication are important issues for multi-server environments. However, most of them are still vulnerable to various security problems. In this study, based on the Chebyshev chaotic maps, we will propose a new user authentication protocol for multi-server networks. Our protocol not only could withstand various attacks but also provide much better performance when compared to other related protocols.參考文獻 [1] L. Lamport, “Password authentication with insecure communication,” Communication of ACM, Vol. 24, pp. 770-772, 1981.[2] H. M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, pp. 958-961, 2000.[3] H. Y. Chien, J. K. Jan, and Y. M. Tseng, “An efficient and practical solution to remote authentication: Smart Card,” Computer & Security, Vol. 21, pp. 372-375, 2002.[4] J. Y. Liu, A. M. Zhou, and M. X. Gao, “A new mutual authentication scheme based on nonce and smart cards,” Computer Communications, Vol. 31, pp. 2205–2209, June 2008.[5] S. W. Lee, H. S. Kim, and K. Y. Yoo, “Improvement of Chien et al.’s remote user authentication scheme using smart cards,” Computer standards & Interfaces, Vol. 27, No. 2, pp. 181-183, 2005. [6] C. C. Yang and R. C. Wang, “Cryptanalysis of a user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 23, pp. 425-427, 2004.[7] N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Computer Standards & Interfaces, Vol. 27, pp. 177-180, 2005.[8] J. Xu, W. T. Zhu, and D. G. Feng, “ An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 177-180, 2009.[9] M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004. [10] Y. Wang, J. Liu , F. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009. [11] D, J. He, M. Ma, Y. Zhang, C. Chen, and J. J. Bu, “ A strong user authentication scheme with smart cards for wireless communications,” Computer Communication,Vol. 34, pp. 367–374, 2011.[12] W. S. Juang, S. T. Chen, and H. T. Liaw, “ Robust and efficient password-authenticated key agreement using smart card,” IEEE Transactions on Industrial Electronics, Vol. 5, pp. 2551–2556, 2008.[13] D. Z. Sun, J. P. Huai, J. Z. Sun, J. X. Li, J. W. Zhang, and Z. Y. Feng, “Improvements of Juang et al’.s password-authenticated key agreement scheme using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 56, pp. 2284–2291, 2009.[14] M. S. Hwang, S, K. Chong, and T. Y. Chen, “DoS resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, pp.163–172, 2010.[15] D. Xiao, X. F. Liao, and S. J. Deng, “A novel key agreement protocol based on chaotic maps,” Information Science, Vol. 177, pp. 1136–1142, 2007.[16] X. X.Li , W. D. Qiu, D. Zheng, K. F. Chen, and J. H. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 57, pp. 780–793, 2010.[17] R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, Vol. 32, pp. 321–325, 2010. [18] E. J. Yoon , and I. S. Jeon, “An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, Vol. 16, pp. 2383–2389, 2011.[19] L. H. Zhang, “Cryptanalysis of the public key encryption based on multiple chaotic systems,” Chaos Solitons Fract, Vol.37, pp. 669–674, 2008.[20] C. Guo and C. C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, Vol. 18, pp. 1433-1440, 2013.[21] H. C. Hsiang and W. K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol.31, No. 6, pp. 1118–1123, 2009.[22] C. K. Chan and L. M. Cheng, “Cryptanalysis of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 1, pp. 74–76, 2002.[23] J. J. Shen, C. W. Lin, and M. S. Hwang, “Security enhancement for the timestamp-based password authentication scheme using smart cards,” Computers and Security, Vol. 22, No. 7, pp. 591–595, 2003. [24] E. J. Yoon , E. K. Ryu, and K.Y. Yoo, “Attacks on the Shen et al.’s timestamp-based password authentication scheme using smart cards,” IEICE Transactions on Fundamentals, Vol. E88-A, No. 1, pp. 319–321, 2005. [25] L. Fan, J. H. Li, and H. W. Zhu, “An enhancement of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 7, pp. 665–667, 2002.[26] M. Wang, J. Z. Lu, and X. F. Li, “Remote password authentication scheme based on smart card,” Computer Applications, Vol. 25, No. 10, pp. 2289–2290, 2005.[27] X. Li, Y. Xiong, J. Ma, and W. Wang, “An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart card,” Journal of Network and Computer Applications, Vol. 35, pp. 763–769, 2012.[28] J. L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table,” Computers and Security, Vol. 27, pp. 115-121, 2008.[29] C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” Proceedings of the 2004 IEEE international conference on cyberworlds, pp. 417–422, 2004. [30] W. S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transaction on Consumer Electronics, Vol. 50, No.1, pp. 251–255, 2004.[31] C. C. Lee, T. H. Lin, and R. X. Chang, “A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards,” Expert Systems with Applications, Vol.38, pp. 13863-13870, 2011.[32] Y. P. Liao and S. S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol. 31, No. 1, pp. 24–29, 2009.[33] I. C. Lin, M. S. Hwang, and L. H. Li, “A new remote user authentication scheme for multi-server architecture,” Future Generation Computer Systems, Vol. 1, No. 19, pp. 13–22, 2003.[34] T. S. Wu and C. L. Hsu, ”Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks,” Computers & Security, Vol. 23, pp.120–125. 2004. [35] C. C. Chang and T. F. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative Computing Information and Control, Vol. 7, pp. 4589-4602, 2011. [36] C. T. Li, C. C., Lee, H. Mei, and C. H., Yang, “A password and smart card based user authentication mechanism for multi-server environments,” International Journal of Future Generation Communication and Networking, Vol. 5, No. 4, pp. 153-163, 2012. 描述 碩士
國立政治大學
資訊科學學系
101753031
102資料來源 http://thesis.lib.nccu.edu.tw/record/#G0101753031 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.author (作者) 劉怡萱 zh_TW dc.creator (作者) 劉怡萱 zh_TW dc.date (日期) 2013 en_US dc.date.accessioned 29-七月-2014 16:11:35 (UTC+8) - dc.date.available 29-七月-2014 16:11:35 (UTC+8) - dc.date.issued (上傳時間) 29-七月-2014 16:11:35 (UTC+8) - dc.identifier (其他 識別碼) G0101753031 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/67901 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學學系 zh_TW dc.description (描述) 101753031 zh_TW dc.description (描述) 102 zh_TW dc.description.abstract (摘要) 隨著網際網路的普及化,使用者在遠端即可存取系統資料或是使用系統所提供之資源,為了防止非法入侵電腦系統以及保護系統的安全,所以身份驗證是一件很重要的工作。近來,隨著目前科技進步,IC 智慧卡已是一個攜帶方便且具備安全性及計算能力的儲存載具, 其應用範圍相當廣泛,因此,透過IC智慧卡作為身分辨識的通行驗證的協定技術,以確保個人存取資料之安全,也是現今許多學者愈來愈重要之考量。然而目前大部份已被提出之智慧卡作為身分辨識之安全通行協定,系統與使用者端都須事先建立公開金鑰系統 這可能對智慧卡造成計算量與記憶體之負擔。於2013,Guo 和Chang學者基於混沌對應( chaotic maps)之原理,且不須使用公開金鑰系統,提出一個適用於智慧卡且具使用者匿名(user anonymity) 性質的身分辨識,防止被追蹤與保護使用者的資訊安全。但是,我們發現他們所提之方法並不具有匿名(user anonymity) 性質,且無法提供使用者自行可任意更改其密碼,需透過遠端系統之運算才行。因此,本研究提出了一個身分辨識驗證的改進方式,適用於智慧卡且具匿名(user anonymity) 性質,即使當智慧卡內之儲存內容遭讀取時,我們之協定仍然能確保使用者與遠端系統的安全性,且所提之研究方法更適於智慧卡與行動裝置之使用者。另一方面,由於科技之進步,讓社會大眾得以透過網路於各個不同之伺服器端來存取資源,使得遠端使用者身份辨識於多重伺服器存取資源的安全越來越重要。然而,目前被提出的單一註冊之遠端身份辨識於多重伺服器存取的安全協定,大部份易遭受非法攻擊,例如:內部攻擊,密碼猜測攻擊,與偽造攻擊等。因此,本研究基於混沌對應( chaotic maps)亦提出一個新的認證協定於多重伺服器存取安全之研究,以利不同環境之使用,所提之方法除了能提高驗證階段的效率且能符合各種不同之安全性質,以確保使用者與遠端系統之安全。 zh_TW dc.description.abstract (摘要) User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. Recently, the smart card based password authentication scheme became more and more important and functional. There are many mutual authentication protocols with user anonymity proposed in literature for preventing unauthorized parties from accessing resources through insecure environment. However, most of them are based on smart cards have to establish public key cryptosystems in advance. To solve the problem, in 2013, based on chaotic maps, Guo and Chang proposed an efficient mutual authentication protocol with user anonymity for the smart card. Unfortunately, this study will demonstrate their scheme could not achieve the user anonymity property, and do not allow changing password freely for the user. Then, we proposed a new method to remedy the weaknesses. The proposed method is secure even if the secret information stored in the smart card is compromised. Only one-way hash function and simple polynomial computations are involved in our protocol. It is more suitable for practice implementation. In addition, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Single registration and user authentication are important issues for multi-server environments. However, most of them are still vulnerable to various security problems. In this study, based on the Chebyshev chaotic maps, we will propose a new user authentication protocol for multi-server networks. Our protocol not only could withstand various attacks but also provide much better performance when compared to other related protocols. en_US dc.description.tableofcontents 摘要 1Abstract 2Chapter 1 Introduction 61.1 Research Motivation and Background 61.2 Dissertation Organization 8Chapter 2 Related Works 102.1 Preliminary 102.2 Review of Guo and Chang’s Scheme 112.3 Security analysis of Guo and Chang’s Scheme 14Chapter 3 A Secure and Efficient Password Authentication with Smart Card Based on Chaotic Maps 163.1 The Proposed Scheme 163.2 Discussions 193.2.1 Security Analysis 193.2.2 Performance 233.3 Summary 24Chapter 4 An Efficient User Authentication with Smart Card for Multi-Server Networks 264.1 Preliminary 274.1.1 Review of Li et al.’s Protocol 274.1.2 Security analysis of Li et al.’s Protocol 304.2 The Proposed Scheme 324.3 Discussions 364.3.1 Security Analysis 364.3.2 Performance 394.4 Summary 41Chapter 5 Conclusions and Future Researches 42Reference 44 zh_TW dc.format.extent 761807 bytes - dc.format.mimetype application/pdf - dc.language.iso en_US - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0101753031 en_US dc.subject (關鍵詞) 匿名性 zh_TW dc.subject (關鍵詞) 身份辨識 zh_TW dc.subject (關鍵詞) 混沌對應(chaotic maps) zh_TW dc.subject (關鍵詞) 多重伺服器 zh_TW dc.title (題名) 基於智慧卡之使用者身分辨識之設計與應用 zh_TW dc.title (題名) The Design and Applications of User Authentication Based on Smart Cards en_US dc.type (資料類型) thesis en dc.relation.reference (參考文獻) [1] L. Lamport, “Password authentication with insecure communication,” Communication of ACM, Vol. 24, pp. 770-772, 1981.[2] H. M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, pp. 958-961, 2000.[3] H. Y. Chien, J. K. Jan, and Y. M. Tseng, “An efficient and practical solution to remote authentication: Smart Card,” Computer & Security, Vol. 21, pp. 372-375, 2002.[4] J. Y. Liu, A. M. Zhou, and M. X. Gao, “A new mutual authentication scheme based on nonce and smart cards,” Computer Communications, Vol. 31, pp. 2205–2209, June 2008.[5] S. W. Lee, H. S. Kim, and K. Y. Yoo, “Improvement of Chien et al.’s remote user authentication scheme using smart cards,” Computer standards & Interfaces, Vol. 27, No. 2, pp. 181-183, 2005. [6] C. C. Yang and R. C. Wang, “Cryptanalysis of a user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 23, pp. 425-427, 2004.[7] N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Computer Standards & Interfaces, Vol. 27, pp. 177-180, 2005.[8] J. Xu, W. T. Zhu, and D. G. Feng, “ An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 177-180, 2009.[9] M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004. [10] Y. Wang, J. Liu , F. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009. [11] D, J. He, M. Ma, Y. Zhang, C. Chen, and J. J. Bu, “ A strong user authentication scheme with smart cards for wireless communications,” Computer Communication,Vol. 34, pp. 367–374, 2011.[12] W. S. Juang, S. T. Chen, and H. T. Liaw, “ Robust and efficient password-authenticated key agreement using smart card,” IEEE Transactions on Industrial Electronics, Vol. 5, pp. 2551–2556, 2008.[13] D. Z. Sun, J. P. Huai, J. Z. Sun, J. X. Li, J. W. Zhang, and Z. Y. Feng, “Improvements of Juang et al’.s password-authenticated key agreement scheme using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 56, pp. 2284–2291, 2009.[14] M. S. Hwang, S, K. Chong, and T. Y. Chen, “DoS resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, pp.163–172, 2010.[15] D. Xiao, X. F. Liao, and S. J. Deng, “A novel key agreement protocol based on chaotic maps,” Information Science, Vol. 177, pp. 1136–1142, 2007.[16] X. X.Li , W. D. Qiu, D. Zheng, K. F. Chen, and J. H. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 57, pp. 780–793, 2010.[17] R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, Vol. 32, pp. 321–325, 2010. [18] E. J. Yoon , and I. S. Jeon, “An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, Vol. 16, pp. 2383–2389, 2011.[19] L. H. Zhang, “Cryptanalysis of the public key encryption based on multiple chaotic systems,” Chaos Solitons Fract, Vol.37, pp. 669–674, 2008.[20] C. Guo and C. C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, Vol. 18, pp. 1433-1440, 2013.[21] H. C. Hsiang and W. K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol.31, No. 6, pp. 1118–1123, 2009.[22] C. K. Chan and L. M. Cheng, “Cryptanalysis of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 1, pp. 74–76, 2002.[23] J. J. Shen, C. W. Lin, and M. S. Hwang, “Security enhancement for the timestamp-based password authentication scheme using smart cards,” Computers and Security, Vol. 22, No. 7, pp. 591–595, 2003. [24] E. J. Yoon , E. K. Ryu, and K.Y. Yoo, “Attacks on the Shen et al.’s timestamp-based password authentication scheme using smart cards,” IEICE Transactions on Fundamentals, Vol. E88-A, No. 1, pp. 319–321, 2005. [25] L. Fan, J. H. Li, and H. W. Zhu, “An enhancement of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 7, pp. 665–667, 2002.[26] M. Wang, J. Z. Lu, and X. F. Li, “Remote password authentication scheme based on smart card,” Computer Applications, Vol. 25, No. 10, pp. 2289–2290, 2005.[27] X. Li, Y. Xiong, J. Ma, and W. Wang, “An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart card,” Journal of Network and Computer Applications, Vol. 35, pp. 763–769, 2012.[28] J. L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table,” Computers and Security, Vol. 27, pp. 115-121, 2008.[29] C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” Proceedings of the 2004 IEEE international conference on cyberworlds, pp. 417–422, 2004. [30] W. S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transaction on Consumer Electronics, Vol. 50, No.1, pp. 251–255, 2004.[31] C. C. Lee, T. H. Lin, and R. X. Chang, “A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards,” Expert Systems with Applications, Vol.38, pp. 13863-13870, 2011.[32] Y. P. Liao and S. S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol. 31, No. 1, pp. 24–29, 2009.[33] I. C. Lin, M. S. Hwang, and L. H. Li, “A new remote user authentication scheme for multi-server architecture,” Future Generation Computer Systems, Vol. 1, No. 19, pp. 13–22, 2003.[34] T. S. Wu and C. L. Hsu, ”Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks,” Computers & Security, Vol. 23, pp.120–125. 2004. [35] C. C. Chang and T. F. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative Computing Information and Control, Vol. 7, pp. 4589-4602, 2011. [36] C. T. Li, C. C., Lee, H. Mei, and C. H., Yang, “A password and smart card based user authentication mechanism for multi-server environments,” International Journal of Future Generation Communication and Networking, Vol. 5, No. 4, pp. 153-163, 2012. zh_TW