English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113822/144841 (79%)
Visitors : 51832976      Online Users : 547
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/67901
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/67901


    Title: 基於智慧卡之使用者身分辨識之設計與應用
    The Design and Applications of User Authentication Based on Smart Cards
    Authors: 劉怡萱
    Contributors: 左瑞麟
    劉怡萱
    Keywords: 匿名性
    身份辨識
    混沌對應(chaotic maps)
    多重伺服器
    Date: 2013
    Issue Date: 2014-07-29 16:11:35 (UTC+8)
    Abstract: 隨著網際網路的普及化,使用者在遠端即可存取系統資料或是使用系統所提供之資源,為了防止非法入侵電腦系統以及保護系統的安全,所以身份驗證是一件很重要的工作。近來,隨著目前科技進步,IC 智慧卡已是一個攜帶方便且具備安全性及計算能力的儲存載具, 其應用範圍相當廣泛,因此,透過IC智慧卡作為身分辨識的通行驗證的協定技術,以確保個人存取資料之安全,也是現今許多學者愈來愈重要之考量。然而目前大部份已被提出之智慧卡作為身分辨識之安全通行協定,系統與使用者端都須事先建立公開金鑰系統 這可能對智慧卡造成計算量與記憶體之負擔。於2013,Guo 和Chang學者基於混沌對應( chaotic maps)之原理,且不須使用公開金鑰系統,提出一個適用於智慧卡且具使用者匿名(user anonymity) 性質的身分辨識,防止被追蹤與保護使用者的資訊安全。但是,我們發現他們所提之方法並不具有匿名(user anonymity) 性質,且無法提供使用者自行可任意更改其密碼,需透過遠端系統之運算才行。因此,本研究提出了一個身分辨識驗證的改進方式,適用於智慧卡且具匿名(user anonymity) 性質,即使當智慧卡內之儲存內容遭讀取時,我們之協定仍然能確保使用者與遠端系統的安全性,且所提之研究方法更適於智慧卡與行動裝置之使用者。
    另一方面,由於科技之進步,讓社會大眾得以透過網路於各個不同之伺服器端來存取資源,使得遠端使用者身份辨識於多重伺服器存取資源的安全越來越重要。然而,目前被提出的單一註冊之遠端身份辨識於多重伺服器存取的安全協定,大部份易遭受非法攻擊,例如:內部攻擊,密碼猜測攻擊,與偽造攻擊等。因此,本研究基於混沌對應( chaotic maps)亦提出一個新的認證協定於多重伺服器存取安全之研究,以利不同環境之使用,所提之方法除了能提高驗證階段的效率且能符合各種不同之安全性質,以確保使用者與遠端系統之安全。
    User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. Recently, the smart card based password authentication scheme became more and more important and functional. There are many mutual authentication protocols with user anonymity proposed in literature for preventing unauthorized parties from accessing resources through insecure environment. However, most of them are based on smart cards have to establish public key cryptosystems in advance. To solve the problem, in 2013, based on chaotic maps, Guo and Chang proposed an efficient mutual authentication protocol with user anonymity for the smart card. Unfortunately, this study will demonstrate their scheme could not achieve the user anonymity property, and do not allow changing password freely for the user. Then, we proposed a new method to remedy the weaknesses. The proposed method is secure even if the secret information stored in the smart card is compromised. Only one-way hash function and simple polynomial computations are involved in our protocol. It is more suitable for practice implementation.
    In addition, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Single registration and user authentication are important issues for multi-server environments. However, most of them are still vulnerable to various security problems. In this study, based on the Chebyshev chaotic maps, we will propose a new user authentication protocol for multi-server networks. Our protocol not only could withstand various attacks but also provide much better performance when compared to other related protocols.
    Reference: [1] L. Lamport, “Password authentication with insecure communication,” Communication of ACM, Vol. 24, pp. 770-772, 1981.
    [2] H. M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, pp. 958-961, 2000.
    [3] H. Y. Chien, J. K. Jan, and Y. M. Tseng, “An efficient and practical solution to remote authentication: Smart Card,” Computer & Security, Vol. 21, pp. 372-375, 2002.
    [4] J. Y. Liu, A. M. Zhou, and M. X. Gao, “A new mutual authentication scheme based on nonce and smart cards,” Computer Communications, Vol. 31, pp. 2205–2209, June 2008.
    [5] S. W. Lee, H. S. Kim, and K. Y. Yoo, “Improvement of Chien et al.’s remote user authentication scheme using smart cards,” Computer standards & Interfaces, Vol. 27, No. 2, pp. 181-183, 2005.
    [6] C. C. Yang and R. C. Wang, “Cryptanalysis of a user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 23, pp. 425-427, 2004.
    [7] N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Computer Standards & Interfaces, Vol. 27, pp. 177-180, 2005.
    [8] J. Xu, W. T. Zhu, and D. G. Feng, “ An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, Vol. 31, No. 4, pp. 177-180, 2009.
    [9] M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004.
    [10] Y. Wang, J. Liu , F. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009.
    [11] D, J. He, M. Ma, Y. Zhang, C. Chen, and J. J. Bu, “ A strong user authentication scheme with smart cards for wireless communications,” Computer Communication,Vol. 34, pp. 367–374, 2011.
    [12] W. S. Juang, S. T. Chen, and H. T. Liaw, “ Robust and efficient password-authenticated key agreement using smart card,” IEEE Transactions on Industrial Electronics, Vol. 5, pp. 2551–2556, 2008.
    [13] D. Z. Sun, J. P. Huai, J. Z. Sun, J. X. Li, J. W. Zhang, and Z. Y. Feng, “Improvements of Juang et al’.s password-authenticated key agreement scheme using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 56, pp. 2284–2291, 2009.
    [14] M. S. Hwang, S, K. Chong, and T. Y. Chen, “DoS resistant ID-based password authentication scheme using smart cards,” Journal of Systems and Software, Vol. 83, pp.163–172, 2010.
    [15] D. Xiao, X. F. Liao, and S. J. Deng, “A novel key agreement protocol based on chaotic maps,” Information Science, Vol. 177, pp. 1136–1142, 2007.
    [16] X. X.Li , W. D. Qiu, D. Zheng, K. F. Chen, and J. H. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Transactions on Industrial Electronics, Vol. 57, pp. 780–793, 2010.
    [17] R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, Vol. 32, pp. 321–325, 2010.
    [18] E. J. Yoon , and I. S. Jeon, “An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, Vol. 16, pp. 2383–2389, 2011.
    [19] L. H. Zhang, “Cryptanalysis of the public key encryption based on multiple chaotic systems,” Chaos Solitons Fract, Vol.37, pp. 669–674, 2008.
    [20] C. Guo and C. C. Chang, “Chaotic maps-based password-authenticated key agreement using smart cards,” Communications in Nonlinear Science and Numerical Simulation, Vol. 18, pp. 1433-1440, 2013.
    [21] H. C. Hsiang and W. K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol.31, No. 6, pp. 1118–1123, 2009.
    [22] C. K. Chan and L. M. Cheng, “Cryptanalysis of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 1, pp. 74–76, 2002.
    [23] J. J. Shen, C. W. Lin, and M. S. Hwang, “Security enhancement for the timestamp-based password authentication scheme using smart cards,” Computers and Security, Vol. 22, No. 7, pp. 591–595, 2003.
    [24] E. J. Yoon , E. K. Ryu, and K.Y. Yoo, “Attacks on the Shen et al.’s timestamp-based password authentication scheme using smart cards,” IEICE Transactions on Fundamentals, Vol. E88-A, No. 1, pp. 319–321, 2005.
    [25] L. Fan, J. H. Li, and H. W. Zhu, “An enhancement of timestamp-based password authentication scheme,” Computers and Security, Vol. 21, No. 7, pp. 665–667, 2002.
    [26] M. Wang, J. Z. Lu, and X. F. Li, “Remote password authentication scheme based on smart card,” Computer Applications, Vol. 25, No. 10, pp. 2289–2290, 2005.
    [27] X. Li, Y. Xiong, J. Ma, and W. Wang, “An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart card,” Journal of Network and Computer Applications, Vol. 35, pp. 763–769, 2012.
    [28] J. L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table,” Computers and Security, Vol. 27, pp. 115-121, 2008.
    [29] C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” Proceedings of the 2004 IEEE international conference on cyberworlds, pp. 417–422, 2004.
    [30] W. S. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transaction on Consumer Electronics, Vol. 50, No.1, pp. 251–255, 2004.
    [31] C. C. Lee, T. H. Lin, and R. X. Chang, “A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards,” Expert Systems with Applications, Vol.38, pp. 13863-13870, 2011.
    [32] Y. P. Liao and S. S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standard & Interfaces, Vol. 31, No. 1, pp. 24–29, 2009.
    [33] I. C. Lin, M. S. Hwang, and L. H. Li, “A new remote user authentication scheme for multi-server architecture,” Future Generation Computer Systems, Vol. 1, No. 19, pp. 13–22, 2003.
    [34] T. S. Wu and C. L. Hsu, ”Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks,” Computers & Security, Vol. 23, pp.120–125. 2004.
    [35] C. C. Chang and T. F. Cheng, “A robust and efficient smart card based remote login mechanism for multi-server architecture,” International Journal of Innovative Computing Information and Control, Vol. 7, pp. 4589-4602, 2011.
    [36] C. T. Li, C. C., Lee, H. Mei, and C. H., Yang, “A password and smart card based user authentication mechanism for multi-server environments,” International Journal of Future Generation Communication and Networking, Vol. 5, No. 4, pp. 153-163, 2012.
    Description: 碩士
    國立政治大學
    資訊科學學系
    101753031
    102
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0101753031
    Data Type: thesis
    Appears in Collections:[資訊科學系] 學位論文

    Files in This Item:

    File Description SizeFormat
    303101.pdf743KbAdobe PDF2437View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback