透過您的圖書館登入 IP:3.147.103.202
透過您的圖書館登入
IP:3.147.103.202
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

雙因動態身份為基礎的使用者鑑別機制

A new two-factor dynamic ID-based remote user authentication scheme

陳揚毅(Yang-Yi Chen)
指導教授 : 黃仁俊
淡江大學/工學院/資訊工程學系碩士班/碩士(2010年)
https://doi.org/10.6846/TKU.2010.00560
全文下載

摘要

以通行碼為基礎的鑑別方式一直是最廣泛運用在驗證使用者身份上。如何讓合法的使用者能夠正常的使用服務並有效的防範非法使用者的登錄一直是伺服器要達到的重要目的。許多的使用者鑑別方式都是以靜態身份碼為基礎,當攻擊者想要追蹤使用者的身份碼和分析其行為都可以輕易的達成,此問題對使用者來說是很嚴重的。為了讓使用者能夠更無憂的使用服務,本論文提出了一個雙因動態身份為基礎的使用者鑑別機制,雙因安全性可以確保使用者通行碼或智慧卡兩者其中一個被偷取仍然不會被攻擊者偽冒,方法中使用了單向雜湊函數和互斥運算,提供良好的效能運算,且能夠達到雙向鑑別、使用者匿名、完美的向後安全性,並抵擋重送攻擊、通行碼猜測攻擊、通行碼驗證資訊偷竊攻擊、使用者偽裝攻擊和伺服器偽裝攻擊。

關鍵字

動態身份碼 使用者鑑別機制 智慧卡 通行碼

並列摘要

Password authentication has been adopted as one of the most popular solutions in network environment to protect resources from unauthorized access. Most of password authentication schemes are based on static ID, the adversary can use this information to trace and to identify the user?s requests. It is unfavorable for many applications. This paper proposes a new two-factor dynamic ID-based remote user authentication scheme. The proposed scheme guarantees two-factor security when either the user?s password or his smart card is compromised, but not both. This work only uses simple operations, for instance, one-way hash function and exclusive-OR operation. The proposed scheme provides mutual authentication, user anonymity, perfect forward secrecy and perfect backward secrecy, and resists replay attack, password guessing attack, stolen-verifier attack, spoofing server attack and impersonation user attack.

並列關鍵字

Dynamic ID User authentication Smart card Password

參考文獻

[12] G. Yang, D.S. Wong, H. Wang and X. Deng, “Two-factor Mutual Authentication based on Smart Cards and Passwords,” Journal of Computer and System Sciences, Vol. 74, No. 7, pp. 1160-1172, 2008.
[1] L. Lamport, “Password authentication with insecure communication,” Communications of ACM, Vol. 24, No. 11, pp. 770-772, 1981.
[2] M.S. Hwang and L.H. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000.
[3] C.M. Chen and W.C. Ku, “Stolen-verifier attack on two new strong-password authentication protocol,” IEICE Transactions on Communications, Vol. E85-B, No. 11, pp. 2519-2521, 2002.
[4] C.I. Fan, Y.C. Chan and Z.K. Zhang, “Robust remote authentication scheme with smart cards,” Computers & Security, Vol. 24, No. 8, pp. 619-628, Nov. 2005.

延伸閱讀

全文下載