1. NCCU Academic Hub
  2. 學術產出
  3. College of Informatics
  4. Theses
  5. Item

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

  • No doi shows Citation Infomation
題名 多伺服器環境中基於智慧卡的身分認證機制之研究
A Study on Smart Card Based User Authentication Mechanism for Multi-Server Environments
作者 張詠詠
Chang, Yung Yung
貢獻者 左瑞麟
Tso, Ray Lin
張詠詠
Chang, Yung Yung
關鍵詞 智慧卡
身分驗證機制
Diffie-Hellman密鑰交換
Smart card
Authentication mechanism
Diffie-Hellman key exchange
日期 2014
上傳時間 3-Nov-2014 10:11:55 (UTC+8)
摘要 隨著科技的進步,智慧卡的種類漸增,功能也愈趨完善,生活中需要使用到智慧卡的時機也愈來愈頻繁,與之相對的,其安全性也愈加受到重視,尤其在卡片遺失的情形下,必須做到卡片中留存的資料就算被有心人士竊取,也無法從中得出使用者密碼(password),藉以偽冒成合法使用者,如此才能確保卡片使用者的安全。為了達到此一目的,許多學者在智慧卡的安全機制上做了許多的研究,如:2012年學者Cheng等人提出了一個基於智慧卡的遠端使用者登錄認證機制。同一時期,學者Li等人也提出了多伺服器網路中,基於密碼驗證的智慧卡認證機制。本研究中,我們發現Cheng等人及Li等人所自訂之智慧卡認證協議,在智慧卡遺失的情況下,並未提供完整的保密環境,導致其使用者與伺服器雙方所建立的秘鑰與會議金鑰可能被破解而無法得知。因此,我們提出了改良版的基於邏輯運算的智慧卡身分驗證機制,加入Diffie-Hellman密鑰交換,以達到更具安全性的目標。
With advances in technology, different types and functions of smart cards have become more popular and perfect in recent years. We use smart cards in daily life more and more frequent, so smart card security has become a very important issue, especially in the case of smart-card-loss. We have to ensure that if our card is lost and someone steals the sensitive data in our card, he/she cannot use it to guess or get user’s password. To achieve the goal, many researchers have done a lot of work in smart card security. In 2012 Cheng et al. proposed a smart card based authentication scheme for remote user login and verification. During the same period, Li et al. proposed a password and smart card based user authentication mechanism for multi-server environments. In this thesis, we first pointed out the security flaws of Cheng et al.’s and Li et al.’s mechanism. We found that Cheng et al.’s and Li et al.’s mechanism cannot be secure under offline-dictionary attack in the smart-card-loss case. This enables adversaries to guess user’s password and session keys. Secondly, we introduced an improved version of smart card based authentication mechanism using Diffie-Hellman key exchange to overcome the above mentioned problems
參考文獻 [1] C. Chang, T. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative
     Computing, Information and Control, Vol. 7, No. 8, pp. 4589–4602, 2011.
     
     [2] T. Chen, H. Hsiang and W. Shih, “Security enhancement on an improvement on two remote user authentication schemes using smart cards,” Future Generation Computer Systems, Vol. 27, No. 4, pp. 377-380, 2011.
     
     [3] Z. Cheng, Y. Liu, C. Chang, S. Chang, “A smart card based authentication scheme for remote user login and verification,” International Journal of Innovative Computing, Information and Control, Vol. 8, No. 8, pp. 5499-5511, 2012.
     
     [4] W. Diffie, and M. Hellmen, “New Directions in Cryptography,” IEEE Transactions on information Theory, Vol. 22, No. 6, pp. 644-654, 1976.
     
     [5] C. Guo, C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, pp. 1433-1440, 2013.
     
     [6] M. Hendry, “Multi-application smart cards ─ Technology and applications,” Cambridge University Press, 2007.
     
     [7] X. Huang, X. Chen, J. Yang, L. Xu, “Further observations on smart-card-based password-authenticated key agreement in distributed systems,” IEEE Transactions on Parallel and Distributed Systems, 09 Sept. 2013. Doi:http://dx.doi.org/10.1109/TPDS.2013.230
     
     [8] W. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No.1, pp. 251-255, 2004.
     
     [9] J. Lee, D. Lee, “Efficient and secure remote authenticated key agreement scheme for multi-server using mobile equipment,” the 26th International Conference on Consumer Electronics, pp.1–2, 2008.
     
     [10] C. Li, “A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card,” Institution of Engineering and Technology, Vol. 7, Issue. 1, pp. 3-10, 2012.
     
     [11] C. Li, C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Advanced Theory and Practice for Cryptography and Future Security, pp. 35–44, 2012.
     
     [12] C. Li, C. Lee, H. Mei, C. Yang, “A password and smart card based user authentication mechanism for multi-server environments,” the 6th International Conference on Information Security and Assurance (ISA 2012), pp. 28-30, 2012.
     
     [13] I. Lin, M. Hwang, L. Li, “A new remote user authentication scheme for multi-server
     architecture,” Future Generation Computer Systems, Vol.19, No.1, pp. 13-22, 2003.
     
     [14] R.S. Pippal, R. Ahirwar, S.S. Kushwah, P. Yadav, “A secure SCAM (Smart Card based Authentication Mechanism),” International Journal of Computer Applications May 2013, Vol.72, No.5, pp. 26-31, 2013.
     
     [15] K. Shin, “A study on analysis of a Hsiang et al.’s authentication scheme,” SoftTech 2013, ASTL Vol. 19, pp. 53-56, 2013.
     
     [16] S. Sood, “An improved and secure smart card based dynamic identity authentication protocol,” International Journal of Network Security, Vol. 14, No. 1, pp. 39-46, 2012.
     
     [17] X. Wang, W. Zhang, J. Zhang and M. K. Khan, “Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards,” Computer Standard & Interfaces, Vol. 29, No. 5, pp. 507-512, 2007.
     
     [18] M. Hendry著、陸建偉、黃榮林、陳智明譯,《多功能智慧卡--科技及應用》,財團法人台灣金融研訓院,2007。
     
     [19] 林祝興、張明信,《資訊安全導論》,旗標出版社,2009。
     
     [20] 結城浩著、左瑞麟譯,《密碼學與網路安全應用》,旗標出版社,2011。
     
     [21] 謝文恭、涂承澔,〈以多項式為基礎的智慧卡認證協議之安全缺漏〉,「2013資訊安全技術創新應用研討會論文集」, 頁35-38,2013。
     
     [22] 梁伶君,〈智慧卡簡介與校園應用趨勢〉, 《NCKU 圖書館館勘第四期》,1999。
     
     [23] ISO7816, http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx
描述 碩士
國立政治大學
資訊科學學系
100971019
103
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0100971019
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray Linen_US
dc.contributor.author (Authors) 張詠詠zh_TW
dc.contributor.author (Authors) Chang, Yung Yungen_US
dc.creator (作者) 張詠詠zh_TW
dc.creator (作者) Chang, Yung Yungen_US
dc.date (日期) 2014en_US
dc.date.accessioned 3-Nov-2014 10:11:55 (UTC+8)-
dc.date.available 3-Nov-2014 10:11:55 (UTC+8)-
dc.date.issued (上傳時間) 3-Nov-2014 10:11:55 (UTC+8)-
dc.identifier (Other Identifiers) G0100971019en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/70997-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學學系zh_TW
dc.description (描述) 100971019zh_TW
dc.description (描述) 103zh_TW
dc.description.abstract (摘要) 隨著科技的進步,智慧卡的種類漸增,功能也愈趨完善,生活中需要使用到智慧卡的時機也愈來愈頻繁,與之相對的,其安全性也愈加受到重視,尤其在卡片遺失的情形下,必須做到卡片中留存的資料就算被有心人士竊取,也無法從中得出使用者密碼(password),藉以偽冒成合法使用者,如此才能確保卡片使用者的安全。為了達到此一目的,許多學者在智慧卡的安全機制上做了許多的研究,如:2012年學者Cheng等人提出了一個基於智慧卡的遠端使用者登錄認證機制。同一時期,學者Li等人也提出了多伺服器網路中,基於密碼驗證的智慧卡認證機制。本研究中,我們發現Cheng等人及Li等人所自訂之智慧卡認證協議,在智慧卡遺失的情況下,並未提供完整的保密環境,導致其使用者與伺服器雙方所建立的秘鑰與會議金鑰可能被破解而無法得知。因此,我們提出了改良版的基於邏輯運算的智慧卡身分驗證機制,加入Diffie-Hellman密鑰交換,以達到更具安全性的目標。zh_TW
dc.description.abstract (摘要) With advances in technology, different types and functions of smart cards have become more popular and perfect in recent years. We use smart cards in daily life more and more frequent, so smart card security has become a very important issue, especially in the case of smart-card-loss. We have to ensure that if our card is lost and someone steals the sensitive data in our card, he/she cannot use it to guess or get user’s password. To achieve the goal, many researchers have done a lot of work in smart card security. In 2012 Cheng et al. proposed a smart card based authentication scheme for remote user login and verification. During the same period, Li et al. proposed a password and smart card based user authentication mechanism for multi-server environments. In this thesis, we first pointed out the security flaws of Cheng et al.’s and Li et al.’s mechanism. We found that Cheng et al.’s and Li et al.’s mechanism cannot be secure under offline-dictionary attack in the smart-card-loss case. This enables adversaries to guess user’s password and session keys. Secondly, we introduced an improved version of smart card based authentication mechanism using Diffie-Hellman key exchange to overcome the above mentioned problemsen_US
dc.description.tableofcontents 摘要 i
     Abstract ii
     目次 iii
     圖目錄 v
     表目錄 vi
     第一章 緖論 1
     1.1 研究背景 1
     1.2 研究動機 4
     1.3 論文架構 5
     第二章 背景介绍 6
     2.1 智慧卡的種類 6
     2.2 智慧卡的安全機制 8
     2.3 智慧卡的攻擊 9
     2.4 Diffie-Hellman的密鑰交換機制 11
     2.5 攻擊手法及安全機制 13
     第三章 文獻探討 15
     3.1 單伺服器與多伺服器架構 15
     3.2 單伺服器認證方案介紹 17
     3.2.1 註冊階段 18
     3.2.2 登錄階段 20
     3.2.3 認證階段 21
     3.2.4 密碼修改階段 23
     3.3 多伺服器認證方案介紹 24
     3.3.1 註冊階段 26
     3.3.2 登錄階段 28
     3.3.3 認證和密鑰協商階段 30
     3.3.4 密碼修改階段 33
     3.3.5 智慧卡註銷階段 33
     3.4 Li等人與Cheng等人方案的安全性分析 34
     第四章 改良方案 35
     4.1 註冊階段 37
     4.2 登錄階段 39
     4.3 認證和密鑰協商階段 41
     4.4 密碼修改階段 44
     4.5 智慧卡註銷階段 44
     第五章 改良方案的安全性分析 45
     第六章 結論 50
     參考文獻 51		zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0100971019en_US
dc.subject (關鍵詞) 智慧卡zh_TW
dc.subject (關鍵詞) 身分驗證機制zh_TW
dc.subject (關鍵詞) Diffie-Hellman密鑰交換zh_TW
dc.subject (關鍵詞) Smart carden_US
dc.subject (關鍵詞) Authentication mechanismen_US
dc.subject (關鍵詞) Diffie-Hellman key exchangeen_US
dc.title (題名) 多伺服器環境中基於智慧卡的身分認證機制之研究zh_TW
dc.title (題名) A Study on Smart Card Based User Authentication Mechanism for Multi-Server Environmentsen_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) [1] C. Chang, T. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative
     Computing, Information and Control, Vol. 7, No. 8, pp. 4589–4602, 2011.
     
     [2] T. Chen, H. Hsiang and W. Shih, “Security enhancement on an improvement on two remote user authentication schemes using smart cards,” Future Generation Computer Systems, Vol. 27, No. 4, pp. 377-380, 2011.
     
     [3] Z. Cheng, Y. Liu, C. Chang, S. Chang, “A smart card based authentication scheme for remote user login and verification,” International Journal of Innovative Computing, Information and Control, Vol. 8, No. 8, pp. 5499-5511, 2012.
     
     [4] W. Diffie, and M. Hellmen, “New Directions in Cryptography,” IEEE Transactions on information Theory, Vol. 22, No. 6, pp. 644-654, 1976.
     
     [5] C. Guo, C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, pp. 1433-1440, 2013.
     
     [6] M. Hendry, “Multi-application smart cards ─ Technology and applications,” Cambridge University Press, 2007.
     
     [7] X. Huang, X. Chen, J. Yang, L. Xu, “Further observations on smart-card-based password-authenticated key agreement in distributed systems,” IEEE Transactions on Parallel and Distributed Systems, 09 Sept. 2013. Doi:http://dx.doi.org/10.1109/TPDS.2013.230
     
     [8] W. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No.1, pp. 251-255, 2004.
     
     [9] J. Lee, D. Lee, “Efficient and secure remote authenticated key agreement scheme for multi-server using mobile equipment,” the 26th International Conference on Consumer Electronics, pp.1–2, 2008.
     
     [10] C. Li, “A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card,” Institution of Engineering and Technology, Vol. 7, Issue. 1, pp. 3-10, 2012.
     
     [11] C. Li, C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Advanced Theory and Practice for Cryptography and Future Security, pp. 35–44, 2012.
     
     [12] C. Li, C. Lee, H. Mei, C. Yang, “A password and smart card based user authentication mechanism for multi-server environments,” the 6th International Conference on Information Security and Assurance (ISA 2012), pp. 28-30, 2012.
     
     [13] I. Lin, M. Hwang, L. Li, “A new remote user authentication scheme for multi-server
     architecture,” Future Generation Computer Systems, Vol.19, No.1, pp. 13-22, 2003.
     
     [14] R.S. Pippal, R. Ahirwar, S.S. Kushwah, P. Yadav, “A secure SCAM (Smart Card based Authentication Mechanism),” International Journal of Computer Applications May 2013, Vol.72, No.5, pp. 26-31, 2013.
     
     [15] K. Shin, “A study on analysis of a Hsiang et al.’s authentication scheme,” SoftTech 2013, ASTL Vol. 19, pp. 53-56, 2013.
     
     [16] S. Sood, “An improved and secure smart card based dynamic identity authentication protocol,” International Journal of Network Security, Vol. 14, No. 1, pp. 39-46, 2012.
     
     [17] X. Wang, W. Zhang, J. Zhang and M. K. Khan, “Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards,” Computer Standard & Interfaces, Vol. 29, No. 5, pp. 507-512, 2007.
     
     [18] M. Hendry著、陸建偉、黃榮林、陳智明譯,《多功能智慧卡--科技及應用》,財團法人台灣金融研訓院,2007。
     
     [19] 林祝興、張明信,《資訊安全導論》,旗標出版社,2009。
     
     [20] 結城浩著、左瑞麟譯,《密碼學與網路安全應用》,旗標出版社,2011。
     
     [21] 謝文恭、涂承澔,〈以多項式為基礎的智慧卡認證協議之安全缺漏〉,「2013資訊安全技術創新應用研討會論文集」, 頁35-38,2013。
     
     [22] 梁伶君,〈智慧卡簡介與校園應用趨勢〉, 《NCKU 圖書館館勘第四期》,1999。
     
     [23] ISO7816, http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx		zh_TW