透過您的圖書館登入 IP:3.141.152.173
透過您的圖書館登入
IP:3.141.152.173
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

智慧卡於使用者身分辨識之設計與應用

The Design and Applications of User Authentication with Smart Card

張宏偉(Hong-Wei Chang)
指導教授 : 黃慧鳳
國立臺中科技大學/資訊與流通學院/資訊工程系碩士班/碩士(2013年)
https://doi.org/10.6826/NUTC.2013.00113
全文下載

摘要

近幾年,隨著網際網路服務的快速發展,智慧卡被廣泛的應用於日常生活中。因此;使用智慧卡作為身份辨識的安全性也更加重要。而本研究首先會提出一個安全的身份辨識機制,已改善Awasthi等人所提方法的缺失。另一方面,由於利用結合IC智慧卡作為身份辨識的通行協定之技術時,IC卡內一般都會儲存紀錄與系統或個人有關之秘密資訊,目前已被提出之通行安全協定,都會事先假設IC卡可以抵禦儲存內容遭竄改或讀取(tampered resistant)之功能,但科技之進步已使得這樣的假設已經面臨挑戰,所以,目前又有一些新的研究探討,當IC卡內之內容可能遭讀取時,則透過IC智慧卡作為身份辨識的通行協定的設計技術是否仍然安全,是另一個的考量要點。又通常身份驗證之個人辨識碼(ID)在網路上傳送時是固定不變,因此個人之行蹤容易遭受惡意者追蹤。為了保護使用者之認證資料被有心人士追蹤及收集,本研究提出了一種新的動態ID為基礎的認證協定,以實現使用者的真正匿名信(user anonymity)之性質,防止被追蹤與保護使用者的資訊安全。 由於本研究利用二次剩餘的加密系統方式,因此,降低了智慧卡的運算量並且提高了認證階段的效率。另一方面,在本研究裡,不需假設智慧卡的內容不可被讀出,即使智慧卡內部資料被讀取,仍然能保證我們的研究是安全的 。我們提出的方法不但擁有低運算量並且符合安全需求。

關鍵字

智慧卡 使用者隱私

並列摘要

Recently, due to the rising and flourishing of the computer networks development, smart card is applied widely to networks, and it brings about the security threats of using smart card. However, the researches at present still can not resist most of the attacks (e.g. denial-of-service attack, replay attack, impersonate attack), therefore, the security of using smart card is more important. How to reduce the computation of the smart card and to retain certified security has become an important issue. Password based authentication has been the essential security mechanism for the remote access control systems. However most existing smart card based password authentication scheme are vulnerable to physical or internal attacks. In addition, the compromise of user’s identity would lead to the tracing of previous network communications for the same user. To protect user from being traced, we proposed a new strong smart card based password authentication protocol which can achieve user anonymity and the assumption of tamper resistance for smart cards in not essential. Based on the quadratic residue (QR), the proposed protocol is more suitable for mobile clients and smart card users.

並列關鍵字

Smart Card User Anonymity

參考文獻

[1]L. Lamport, “Password authentication with insecure communication,” Communication of ACM, Vol. 24, pp. 770-772, 1981.
[2]X. Zhang, Q. Feng, M. Li, "A Modified Dynamic ID-based Remote User Authentication Scheme", 2006 International Conference on Communications, Circuits and Systems Proceedings, Vol. 3, pp. 1602-1604, 2006.
[3]N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Computer Standards & Interfaces, Vol. 27, pp. 177-180, 2005.
[4]S. W. Lee, H. S. Kim, and K. Y. Yoo, “Improvement of Chien et al.’s remote user authentication scheme using smart cards,” Computer standards & Interfaces, Vol. 27, No. 2, pp. 181-183, 2005.
[5]R. Song, L. Korba, G. Yee, Analysis of smart card-based remote user authentication schemes, Proceedings of the 2007 International Conference on Security and Management, 2007, pp. 323–329.

延伸閱讀

全文下載