近年來隨著電腦科技的蓬勃發展,網際網路技術快速的興起,帶動了智慧卡在網路上應用的普及,使得使用者對智慧卡使用的安全性也更加重視。因此,需要一個安全的身份驗證機制來確認通訊雙方之身份。 在先前多位學者所提出的方法,都設定智慧卡具有防篡改的功能。然而,目前許多研究指出,秘密訊息存放在智慧卡是有可能被取出的。本研究將計畫提出一個植基於亂數和智慧卡的相互驗證機制,在本研究裡,智慧卡不須具有防篡改的特性,因為即使智慧卡內的資料被取出來,要破解系統安全也是非常困難的,且本機制具有低成本運算、安全有效率,更適合實際應用的環境。 另一方面,為了保護使用者之認證資料不被有心人士追蹤及收集,本研究計畫將提出一個基於橢圓曲線加密(Elliptic curve cryptography,ECC)之動態ID遠端使用者驗證機制。本機制可以抵擋幾個常見的攻擊,例如偽造攻擊、重送攻擊與密碼猜測攻擊等等,並且滿足幾個重要的功能,包括使用者匿名、不需要儲存個人之密碼表、低運算量及會議金鑰的協調產生等特性。 整體而言,本研究將探討一些更有效率且具有低成本運算與低資訊傳輸量的技術應用於使用者端設備較差之環境。相信我們的研究,將更有益於如智慧卡或手機用戶之傳輸的安全。
In recent years, the computer technology has developed rapidly, the application of smart card is becoming more and more universality and functionality. Hence, the remote user authentication scheme over an insecure channel has become a major interest. Therefore, the user authentication protocol is the essential security mechanism to create the trust relationship over networks. For the previously proposed schemes based on smart cards which have the tampered resistance assumption for the smart card. However, many researches have shown that the secrets stored in a smart card can be breaches by analyzing the leaked information or monitoring the power consumption. The proposed scheme will propose a new mutual authentication scheme based on nonce and smart cards. In the proposed scheme, the assumption of tampered resistance for smart cards is not essential. The low-computation cost, security, and efficiency of the proposed method are well suited to the practical applications environment. To protect user from tracing, our study will propose a new dynamic-ID remote user authentication based on elliptic curve cryptosystem (ECC). The new schemes can prevent several common attacks such as forgery attack, replay attack and password guessing attack. Overall, this thesis is to investigate more efficient and low communications in hardware-limited users. We want the result of proposed schemes will be more attractive to many electronic transactions.