政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/67901
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113393/144380 (79%)
造访人次 : 51240425      在线人数 : 908
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/67901


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/67901


    题名: 基於智慧卡之使用者身分辨識之設計與應用
    The Design and Applications of User Authentication Based on Smart Cards
    作者: 劉怡萱
    贡献者: 左瑞麟
    劉怡萱
    关键词: 匿名性
    身份辨識
    混沌對應(chaotic maps)
    多重伺服器
    日期: 2013
    上传时间: 2014-07-29 16:11:35 (UTC+8)
    摘要: 隨著網際網路的普及化,使用者在遠端即可存取系統資料或是使用系統所提供之資源,為了防止非法入侵電腦系統以及保護系統的安全,所以身份驗證是一件很重要的工作。近來,隨著目前科技進步,IC 智慧卡已是一個攜帶方便且具備安全性及計算能力的儲存載具, 其應用範圍相當廣泛,因此,透過IC智慧卡作為身分辨識的通行驗證的協定技術,以確保個人存取資料之安全,也是現今許多學者愈來愈重要之考量。然而目前大部份已被提出之智慧卡作為身分辨識之安全通行協定,系統與使用者端都須事先建立公開金鑰系統 這可能對智慧卡造成計算量與記憶體之負擔。於2013,Guo 和Chang學者基於混沌對應( chaotic maps)之原理,且不須使用公開金鑰系統,提出一個適用於智慧卡且具使用者匿名(user anonymity) 性質的身分辨識,防止被追蹤與保護使用者的資訊安全。但是,我們發現他們所提之方法並不具有匿名(user anonymity) 性質,且無法提供使用者自行可任意更改其密碼,需透過遠端系統之運算才行。因此,本研究提出了一個身分辨識驗證的改進方式,適用於智慧卡且具匿名(user anonymity) 性質,即使當智慧卡內之儲存內容遭讀取時,我們之協定仍然能確保使用者與遠端系統的安全性,且所提之研究方法更適於智慧卡與行動裝置之使用者。
    另一方面,由於科技之進步,讓社會大眾得以透過網路於各個不同之伺服器端來存取資源,使得遠端使用者身份辨識於多重伺服器存取資源的安全越來越重要。然而,目前被提出的單一註冊之遠端身份辨識於多重伺服器存取的安全協定,大部份易遭受非法攻擊,例如:內部攻擊,密碼猜測攻擊,與偽造攻擊等。因此,本研究基於混沌對應( chaotic maps)亦提出一個新的認證協定於多重伺服器存取安全之研究,以利不同環境之使用,所提之方法除了能提高驗證階段的效率且能符合各種不同之安全性質,以確保使用者與遠端系統之安全。
    User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. Recently, the smart card based password authentication scheme became more and more important and functional. There are many mutual authentication protocols with user anonymity proposed in literature for preventing unauthorized parties from accessing resources through insecure environment. However, most of them are based on smart cards have to establish public key cryptosystems in advance. To solve the problem, in 2013, based on chaotic maps, Guo and Chang proposed an efficient mutual authentication protocol with user anonymity for the smart card. Unfortunately, this study will demonstrate their scheme could not achieve the user anonymity property, and do not allow changing password freely for the user. Then, we proposed a new method to remedy the weaknesses. The proposed method is secure even if the secret information stored in the smart card is compromised. Only one-way hash function and simple polynomial computations are involved in our protocol. It is more suitable for practice implementation.
    In addition, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Single registration and user authentication are important issues for multi-server environments. However, most of them are still vulnerable to various security problems. In this study, based on the Chebyshev chaotic maps, we will propose a new user authentication protocol for multi-server networks. Our protocol not only could withstand various attacks but also provide much better performance when compared to other related protocols.
    參考文獻: [1] L. Lamport, “Password authentication with insecure communication,” Communication of ACM, Vol. 24, pp. 770-772, 1981.
    [2] H. M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, pp. 958-961, 2000.
    [3] H. Y. Chien, J. K. Jan, and Y. M. Tseng, “An efficient and practical solution to remote authentication: Smart Card,” Computer & Security, Vol. 21, pp. 372-375, 2002.
    [4] J. Y. Liu, A. M. Zhou, and M. X. Gao, “A new mutual authentication scheme based on nonce and smart cards,” Computer Communications, Vol. 31, pp. 2205–2209, June 2008.
    [5] S. W. Lee, H. S. Kim, and K. Y. Yoo, “Improvement of Chien et al.’s remote user authentication scheme using smart cards,” Computer standards & Interfaces, Vol. 27, No. 2, pp. 181-183, 2005.
    [6] C. C. Yang and R. C. Wang, “Cryptanalysis of a user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 23, pp. 425-427, 2004.
    [7] N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Computer Standards & Interfaces, Vol. 27, pp. 177-180, 2005.
    [8] J. Xu, W. T. Zhu, and D. G. Feng, “ An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 177-180, 2009.
    [9] M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004.
    [10] Y. Wang, J. Liu , F. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009.
    [11] D, J. He, M. Ma, Y. Zhang, C. Chen, and J. J. Bu, “ A strong user authentication scheme with smart cards for wireless communications,” Computer Communication,Vol. 34, pp. 367–374, 2011.
    [12] W. S. Juang, S. T. Chen, and H. T. Liaw, “ Robust and efficient password-authenticated key agreement using smart card,” IEEE Transactions on Industrial Electronics, Vol. 5, pp. 2551–2556, 2008.
    [13] D. Z. Sun, J. P. Huai, J. Z. Sun, J. X. Li, J. W. Zhang, and Z. Y. Feng, “Improvements of Juang et al’.s password-authenticated key agreement scheme using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 56, pp. 2284–2291, 2009.
    [14] M. S. Hwang, S, K. Chong, and T. Y. Chen, “DoS resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, pp.163–172, 2010.
    [15] D. Xiao, X. F. Liao, and S. J. Deng, “A novel key agreement protocol based on chaotic maps,” Information Science, Vol. 177, pp. 1136–1142, 2007.
    [16] X. X.Li , W. D. Qiu, D. Zheng, K. F. Chen, and J. H. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 57, pp. 780–793, 2010.
    [17] R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, Vol. 32, pp. 321–325, 2010.
    [18] E. J. Yoon , and I. S. Jeon, “An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, Vol. 16, pp. 2383–2389, 2011.
    [19] L. H. Zhang, “Cryptanalysis of the public key encryption based on multiple chaotic systems,” Chaos Solitons Fract, Vol.37, pp. 669–674, 2008.
    [20] C. Guo and C. C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, Vol. 18, pp. 1433-1440, 2013.
    [21] H. C. Hsiang and W. K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol.31, No. 6, pp. 1118–1123, 2009.
    [22] C. K. Chan and L. M. Cheng, “Cryptanalysis of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 1, pp. 74–76, 2002.
    [23] J. J. Shen, C. W. Lin, and M. S. Hwang, “Security enhancement for the timestamp-based password authentication scheme using smart cards,” Computers and Security, Vol. 22, No. 7, pp. 591–595, 2003.
    [24] E. J. Yoon , E. K. Ryu, and K.Y. Yoo, “Attacks on the Shen et al.’s timestamp-based password authentication scheme using smart cards,” IEICE Transactions on Fundamentals, Vol. E88-A, No. 1, pp. 319–321, 2005.
    [25] L. Fan, J. H. Li, and H. W. Zhu, “An enhancement of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 7, pp. 665–667, 2002.
    [26] M. Wang, J. Z. Lu, and X. F. Li, “Remote password authentication scheme based on smart card,” Computer Applications, Vol. 25, No. 10, pp. 2289–2290, 2005.
    [27] X. Li, Y. Xiong, J. Ma, and W. Wang, “An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart card,” Journal of Network and Computer Applications, Vol. 35, pp. 763–769, 2012.
    [28] J. L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table,” Computers and Security, Vol. 27, pp. 115-121, 2008.
    [29] C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” Proceedings of the 2004 IEEE international conference on cyberworlds, pp. 417–422, 2004.
    [30] W. S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transaction on Consumer Electronics, Vol. 50, No.1, pp. 251–255, 2004.
    [31] C. C. Lee, T. H. Lin, and R. X. Chang, “A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards,” Expert Systems with Applications, Vol.38, pp. 13863-13870, 2011.
    [32] Y. P. Liao and S. S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol. 31, No. 1, pp. 24–29, 2009.
    [33] I. C. Lin, M. S. Hwang, and L. H. Li, “A new remote user authentication scheme for multi-server architecture,” Future Generation Computer Systems, Vol. 1, No. 19, pp. 13–22, 2003.
    [34] T. S. Wu and C. L. Hsu, ”Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks,” Computers & Security, Vol. 23, pp.120–125. 2004.
    [35] C. C. Chang and T. F. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative Computing Information and Control, Vol. 7, pp. 4589-4602, 2011.
    [36] C. T. Li, C. C., Lee, H. Mei, and C. H., Yang, “A password and smart card based user authentication mechanism for multi-server environments,” International Journal of Future Generation Communication and Networking, Vol. 5, No. 4, pp. 153-163, 2012.
    描述: 碩士
    國立政治大學
    資訊科學學系
    101753031
    102
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0101753031
    数据类型: thesis
    显示于类别:[資訊科學系] 學位論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    303101.pdf743KbAdobe PDF2437检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈