- 學位論文
適用於多伺服系統的高效率具鑑別性共同密鑰產生技術之研究
The Study of Efficient Password Authenticated Key Agreement Protocol for Multi-servers
摘要
由於網路相關應用的增長,網路安全成為一重要之議題。對於終端使用者來說,在網路中其最重要且最廣泛的應用即是經由公開網路取得伺服器所提供的服務。伺服器只能提供服務給合法的使用者,並能防止任何非法的存取。因此,在公開網路環境中,身分鑑別與訊息機密性為兩大重要之安全服務。具鑑別性共同密鑰產生技術在此提供一良好的解決方案。我們在本論文中提出兩種適用於多伺服系統具鑑別性共同密鑰產生技術。在我們所提出的方法中,一合法的使用者只需利用一通行碼與一張智慧卡即可安全的存取多台伺服器。在每次使用者登入伺服器時,他們會互相鑑別對方的身分,並且產生一共同密鑰。我們分別利用隨機智者模型(random oracle model)與邏輯分析(logic analysis)來證明方法的安全性與鑑別性。我們所提出的方法能夠抵擋重送攻擊(replay attack)、假冒攻擊(impersonation attack)、已知金鑰攻擊(known key attack)、未知金鑰分享攻擊(unknown key share attack)、密碼驗證檔失竊攻擊(stolen verifier attack)及內部攻擊(insider attack)。每一合法使用者能在不連結伺服器的情況下,執行方法中之更改通行碼步驟來變更自己的通行碼。此外,我們所提出的方法植基於幾何直線問題、雜湊函數及互斥或運算。和之前所提出的方法比較之下,我們的方法只需較少的運算量與通訊量,具有較好的效率。
並列摘要
Network security is an important issue since the rising network application. For an end user, the most important and wide application is to obtain services from servers via open networks. A server has to provide services only to its legal users and prevent any illegal access. Therefore, identity authentication and message confidentiality are two primary security services in an open network environment. An authenticated key agreement protocol is a good solution for providing identity authentication and message confidentiality security services. We propose two password authenticated key agreement protocols for multi-servers. In these two protocols, a valid user can access multi-servers securely by keeping one weak password and one smart card only. The user and server will authenticate each other and generate a common session key in each login process. The security and authentication of two proposed protocols is demonstrated by random oracle model and logic analysis separately. Both proposed protocols resist the replay attack, the impersonation attack, the known key attack, the unknown key share attack, the stolen verifier attack and the insider attack. Each legal user can change his password without connecting to any server by performing the password change phase of each proposed protocol. Furthermore, both proposed protocols are based on straight line of geometry, hash function and Exclusive OR operation. They do not use any overload cryptographic operations and require less computational and communicational costs than previous results.
參考文獻
延伸閱讀
- Guan, M. H. (2014). 無線人體區域網路高效能密鑰協商協定之設計 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-2912201413551521
- 劉育宏(2021)。同調單向量子密鑰分發系統之架設與測試〔碩士論文,國立清華大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0016-2412202116194148
- 盧堯、林東岱(2015)。格構造優化技術及在公開金鑰密碼分析中的應用。資訊安全通訊,21(1),100-108。https://www.airitilibrary.com/Article/Detail?DocID=a0000270-201501-201503120019-201503120019-100-108
- Wu, M., Chen, J., & Wang, R. (2017). An Enhanced Anonymous Password-based Authenticated Key Agreement Scheme with Formal Proof. International Journal of Network Security, 19(5), 785-793. https://doi.org/10.6633/IJNS.201709.19(5).16
- Yeh, H. T., Sun, H. M., & Hwang, T. (2003). Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks. Journal of Information Science and Engineering, 19(6), 1059-1070. https://doi.org/10.6688/JISE.2003.19.6.6