隨著網際網路科技的快速發展,各種網際網路的服務已經與我們的日常生活相結合,因此如何達成使用者與服務伺服器的相互認證與資料保護是一個重要的課題。針對此種目標所設計的協定或方案稱為認證金鑰交換 (AKE),其中密碼認證金鑰交換 (PAKE) 是最適合的機制因為它具有簡便、高適應性、高行動性及低硬體需求的優點。由於使用者選擇的密碼經常局限於易於搜尋的空間使得密碼認證金鑰交換容易遭受安全攻擊。 在最近的十年,具有安全性與隱密性的智慧卡提供一個e化商務與其他的網際網路活動最佳解決方案。在本論文中我們研究各種密碼機制搭配智慧卡來設計安全的密碼認證金鑰。我們的方案適合各種應用環境,包括單伺服器環境、多伺服器環境與VoIP環境。此外,因為智慧卡的成本與讀卡機的可用性所造成的限制,因此我們提出以身分基底且不須智慧卡的遠端使用者驗證方案。藉由安全與效能的分析來證明我們所提出的方案具有安全性與可用性。
Following the rapid growth of Internet technology, various kinds of services offered on the Internet have been incorporated into our daily life. It is an important issue how to achieve mutual authentication and protect sensitive information between the user and the service server. Such a protocol or scheme designed for this goal is referred to as authenticated key exchange (AKE). Password authenticated key exchange (PAKE) is the most suitable mechanism due to the advantage as simplicity, convenience, adaptability, mobility, and less hardware requirement. However, it is vulnerable to specific security attacks since user-selected passwords are often confined to an easily searchable space. During the last decade, smart cards with security and confidentiality provide a perfect solution for e-commerce transactions and other Internet connection activity. In this dissertation, we investigate various cryptographic techniques to design some secure PAKE schemes using smart cards. Our schemes are suitable for various environments, including single-server network, multi-server network, and Voice over Internet Protocol (VoIP) network. Moreover, in light of the restrictions on high cost of the cards and the availability of card readers, we first propose an ID-based remote user authentication scheme without using smart cards for multi-server environment. By security and performance analysis we prove the security and feasibility of the proposed schemes.