在2006年,Peyravian和Jeffries提出了一個在不安全網路下的安全使用者存取方法。他們基於Diffie-Hellman(DH)的使用者認證協定中,原先的方法強調可以抵擋離線猜測密碼的攻擊,但是卻在隨後被提出無法對抗離線密碼猜測攻擊;同樣的,在密碼更改協定之中也是無法抵抗服務阻斷的攻擊(Denial-of-Service attack),因此本論文將提出一些改善技術使得他們的方法更加的安全。我們在原本傳送的值加入一個互斥或的運算,使得原來曝露的值無法讓攻擊者知道,藉此來改善原本的方法,而使得系統不會受到上述的兩個攻擊,因此可以增加系統的安全,達到增進系統安全的目的。
In 2006, Peyravian and Jeffries presented secure remote user access over insecure network. There exists a problem which isn’t resistant against off-line password-guessing attack in Diffie-Hellman Peyravian-Jeffries (DH-PJ) scheme of their paper. Similarly, password change protocol isn’t resistant against Denial-of-Service attack. Therefore, we shall present schemes to overcome above two attacks. We deliver original value with exclusion-or operation, and make originally exposed value unable to let the assailant know, improved the original method. In this thesis, the proposed technique can increase the system’s security and achieve the goal of promoting the system safely.