- 學位論文
利用動態識別號之驗證方法的研究
Research on Dynamic-ID-based Authentication Schemes
摘要
隨著電腦網路技術快速發展,有越來越多的人透過網路處理事務。為了確保使用者的安全性,通行碼驗證的技術已被廣泛的應用在遠端使用者驗證機制上,此方法是最簡單且方便的允許合法使用者登入遠端伺服器。之後隨著時代的進步,使用者漸漸注意到自己在網路上的隱私問題。在2004年,Das等人提出動態識別號驗證技術,其方法不但讓使用者可以具有匿名隱私的保護並且防護網路上所帶來的不法攻擊。然而,在2009年,Wang等人提出對Das等人的動態識別號驗證技術改進,並聲稱他們的方法是最有效和安全的。在仔細的分析下,我們發現Wang 等人的方法無法抵擋偽裝使用者攻擊且使用者的行為可以被追蹤以及密碼更改時沒有被驗證的問題。在本研究中,我們明確的對Wang等人的方法進行弱點分析並提出改進的方法達到真正匿名隱私的保護。
並列摘要
With rapid growth of network technologies, more and more people tend to handle tasks via networks. In order to ensure that users are legitimate, the Password authentications are widely applied on remote user authentication, the scheme is the simplest and the most convenient authentication mechanism that allows a legal user to login the remote system. With the age of advance, people gradually concern about their privacy problems in network. In 2004, Das et al. proposed a dynamic ID-based remote user authentication scheme. However, Wang et al. proposed a new dynamic ID-based remote user authentication scheme which is an improvement of Das et al.’s scheme. They claimed their scheme is efficient and secure. After thorough analyses, we find Wang et al.’s scheme suffers from masquerade attacks and traceability of users. In this thesis, we have demonstrated how to mount masquerade attacks on Wang et al.’s proposed scheme and proposed a secure dynamic-identity-based remote user authentication scheme to protect privacy.