- 學位論文
高效率與安全的遠端使用者驗證之設計與應用
The Design and Applications of Efficient and Secure Remote User Authentication
摘要
近年來,由於網際網路的發達,在電子商務、行動商務環境中,遠端使用者認證是一項重要的技術,保證只有合法使用者可以存取遠端服務,並且合法使用者存取資源之安全性及運算傳輸效率,皆須並重。 在三方密鑰交換協議中,允許使用者端與伺服器共享一個人們容易記住的密碼,讓任兩個客戶端利用伺服器端協商一個交談密鑰來進行秘密通訊。本研究將提出一個基於橢圓曲線加密(Elliptic curve cryptography,ECC)的三方密鑰交換協定。此協定不僅降低了計算成本,而且比之前的學者所提出之協定更有效率。而這個方式非常適合的應用於硬體資源效能較差之環境,例如手機用戶或智慧卡。 另一方面,為了保護使用者之認證資料被有心人士追蹤及收集,近年來,有些學者提出了一種新的動態ID為基礎的認證協定,以實現使用者的匿名性。但是這些學者的方法並不能相互認證及使用者之認證資料無法真正達成匿名性。於是,我們提出一個改進的方法,修正他們的安全缺失,以達成真正的匿名,來保護使用者的資訊。 整體而言,本研究將探討一些更有效率之遠端使用者驗證技術適用於用戶端設備較差之環境。相信我們的研究,將更有助於如手機用戶或智慧卡之傳輸的安全。
並列摘要
User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. In three-party password based key exchange protocol, a client is allowed to share a human-memorable password with a trusted server such that two clients can negotiate a session key to communicate with each other secretly. Based on elliptic curve cryptography (ECC), this dissertation will propose a new three-party password based authenticated key exchange scheme. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than previously proposed schemes. It is very suitable for hardware-limited users such as mobile units or smart cards. To protect user from tracing, recently, new efficient dynamic ID-based authentication schemes were proposed to achieve user anonymity. However, these previously proposed schemes cannot provide mutual authentication and user anonymity properties. Then, an improved method is proposed to remedy their security weakness. Overall, this research is to investigate more efficient techniques in hardware-limited users. We hope the result of proposed method will be more suitable for secure electronic communications.