以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：72

、訪客IP：18.217.106.26

姓名	施錫彰(Hsi-Chang Shih)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	兩個通行碼鑑定系統之分析研究 (Cryptanalysis on Two Password Authentication Schemes)
相關論文	★ 多種數位代理簽章之設計 ★ 小額電子支付系統之研究 ★ 實體密碼攻擊法之研究 ★ 商業性金鑰恢復與金鑰託管機制之研究 ★ AES資料加密標準之實體密碼分析研究 ★ 電子競標系統之研究 ★ 針對堆疊滿溢攻擊之動態程式區段保護機制 ★ 通用型數域篩選因數分解法之參數探討 ★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器 ★ 以非確定式軟體與遮罩分割對策 防禦能量攻擊之研究 ★ 遮罩保護機制防禦差分能量攻擊之研究 ★ AES資料加密標準之能量密碼分析研究 ★ 小額電子付費系統之設計與密碼分析 ★ 公平電子現金系統之研究 ★ RSA公開金鑰系統之實體密碼分析研究 ★ 保護行動代理人所收集資料之研究
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	在動態通行碼(dynamic password)鑑定系統中，使用者每次登入所使用的通行碼是動態改變的。在2006年，Wu等人提出了一個「公平的動態通行碼鑑定系統」(WLC scheme)。Wu等人宣稱他們的方法在使用者登入鑑定失敗時，系統可以偵測與判斷鑑定失敗的原因是因為使用者是非法的，或者是因為系統的驗證表格遭到竄改所引起的。然而，我們發現WLC scheme在安全性上有缺失，它沒辦法達到如作者所宣稱的功能。攻擊者可以竄改系統的驗證表格以偽裝成合法使用者的身分，而系統無法偵測出此狀況。另外，攻擊者可以藉由WLC scheme所提供的線上更新通行碼功能更換使用者的通行碼，進而獲得該使用者帳號往後的使用權限。 在同一年，Liou等人提出了一個「具動態身分(dynamic identity)的鑑定系統」(LLW scheme)，具動態身分的鑑定系統是為了防止使用者傳送的鑑定訊息洩露使用者的部分資訊而被提出來，Liou等人並宣稱他們的方法可以達到雙向鑑定(mutual authentication)的功能。然而，我們發現LLW scheme會遭受到偽造身分攻擊(impersonation attack)；在系統註冊過的使用者可以偽裝成系統的身分與其他使用者進行通訊。並且，在系統註冊過的使用者也可以對其他使用者的通行碼採取離線猜測攻擊(off-line guessing attack)。
摘要(英)	In the dynamic password authentication schemes, user’’s login password is dynamically changed in each user login. In 2006, Wu et al. proposed a fair and dynamic password authentication scheme (WLC scheme). The authors claimed that the server in their scheme can detect the reason when a user fails to login. We find that WLC scheme fails to preserve the fairness as the authors’’ claims. Adversaries can modify the verification table without being detected by server. Moreover, the on-line password change process is not secure. Adversaries can change users’’ passwords to arbitrary ones by exploiting the password change process. In the same year, Liou et al. proposed a new dynamic ID-based authentication scheme using smart cards (LLW scheme). The dynamic ID-based authentication schemes are proposed to prevent partial information leakage from users’’ authentication messages. Liou et al. claimed their scheme can achieve mutual authentication. However, we find that LLW scheme is vulnerable to impersonation attacks, a malicious user can impersonate server to communication with other users and apply the off-line guessing attack on other users.
關鍵字(中)	★ 通行碼身分鑑定系統 ★ 動態通行碼 ★ 動態身分	關鍵字(英)	★ Password authentication schemes ★ Dynamic password ★ Dynamic identity
論文目次	1 Introduction 1 1.1 Backgrounds of Password Authentication Schemes . . . . . . . . . . . 1 1.2 The Attacks on Password Authentication Schemes . . . . . . . . . . . 3 1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 4 2 Review of Dynamic Password Authentication Schemes 7 2.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Review of Lamport's Scheme . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1 Lamport's scheme . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Review of Harn's Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.1 Preliminary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.2 Harn's scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3 Security Analyses on WLC Scheme 13 3.1 Review of WLC Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.1 WLC scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2 Our Analyses on WLC Scheme . . . . . . . . . . . . . . . . . . . . . 16 3.3 Comments on Dynamic Password Authentication Schemes . . . . . . 18 3.4 The Different Approaches of the Research . . . . . . . . . . . . . . . 19 4 Review of Dynamic ID-Based Authentication Schemes 21 4.1 Motivation and History of the Research . . . . . . . . . . . . . . . . . 21 4.2 Review of DSG Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.2.1 DSG scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.2.2 Analyses on DSG scheme . . . . . . . . . . . . . . . . . . . . . 24 4.3 Review of LLH Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.3.1 LLH scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.3.2 Analyses on LLH scheme . . . . . . . . . . . . . . . . . . . . . 28 5 Security Analyses on LLW Scheme 31 5.1 Review of LLW Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5.2 Our Analyses on LLW Scheme . . . . . . . . . . . . . . . . . . . . . . 32 5.2.1 Failure in mutual authentication . . . . . . . . . . . . . . . . . 33 5.2.2 Off-line guessing attack . . . . . . . . . . . . . . . . . . . . . . 34 5.2.3 Other drawbacks . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.3 Comments on Dynamic ID-Based Authentication Schemes . . . . . . 36 6 Conclusions 38 6.1 Review of Main Contributions . . . . . . . . . . . . . . . . . . . . . . 38 6.2 Future Research Directions . . . . . . . . . . . . . . . . . . . . . . . . 39 Bibliography 41
參考文獻	[1] A.K. Awasthi, "Comment on a dynamic ID-based remote user authentication scheme," Transaction on Cryptology, vol.01, issue 02, pp.15-16, 2004. [2] C.C. Chang, T.C. Wu, "Remote password authentication scheme with smart cards," IEE Proceedings-Computers and Digital Techniques, vol.138, issue 3, pp.165-168, 1991. [3] H.Y. Chien and C.H.Chen, "A remote authentication scheme preserving user anonymity," Advanced Information Networking and Applications-AINA 2005, vol.2, pp.245-248, March 2005. [4] H.Y. Chien, J.K. Jan, and Y.M. Tseng, "An efficient and practical solution to remote authentication: smart card," Computers and Security, vol.21, no.4, pp.372-375, 2002. [5] M.L. Das, A. Saxena, and V.P. Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Transactions on Consumer Electronics, vol.50, no.2, pp.629-631, May 2004. [6] N.M. Haller, "The S/KEY one-time password system," Proceedings of the Internet Society Symposium on Network and Distributed System Security, pp.151-158, 1994. [7] L. Harn, "A public-key based dynamic password scheme," Proceedings of the Symposium on Applied Computing, pp.430-435, 1991. [8] M.S. Hwang and L.H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol.46, no.1, Feb. 2000. [9] T. Hwang, Y. Chen, and C.S. Laih, "Non-interactive password authentications without password tables," IEEE Region 10 Conference on Computer and Communication Systems, IEEE Computer Society, pp.429-431, 1990. [10] W.C. Ku and S.T. Chang, "Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards," IEICE Transactions on Communications, vol.E88-B, no.5, pp.2165-2167, 2005. [11] I.E. Liao, C.C. Lee, and M.S. Hwang, "Security enhancement for a dynamic ID-based remote user authentication scheme," Conference on Next Generation Web Services Practices-NWeSP'05, pp.437-440, 2005. [12] C.L. Lin, H.M. Sun, and T. Hwang, "Attacks and solutions on strong password authentication," IEICE Transactions on Communications, vol.E84-B, no.9, pp.2622-2627, Step. 2001. [13] Y.P. Liou, J. Lin, and S.S. Wang, "An new dynamic ID-based remote user authentication scheme using smart cards," 16th Information Security Conference, ISC 2006, Taiwan, pp.198-205, 2006. [14] W. Mao, Modern Cryptography: Theory and Practice, Prentice Hall PTR, 2004. [15] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of applied cryptography, CRC Press, 1997. [16] L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol.24, no.11, pp.770-772, Nov. 1981. [17] R.L. Rivest, "The MD5 message digest algorithm," RFC 1321, Apr. 1992. [18] R.L. Rivest and A. Shamir, "PayWord and MicroMint: Two simple micropayment schemes," Proc. of Security Protocols Workshop, LNCS 1189, pp.69-87, Springer-Verlag, 1997. [19] M. Sandirigama , A. Shimizu, and M. T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Transactions on Communications, vol.E83-b no.6, pp.1363-1365, June 2000. [20] A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transactions on Communications, vol.J73-D-I, no.7, pp.630-636, July 1990. [21] A. Shimizu, "A dynamic password authentication method by one-way function," System Comput. Jpn., vol.22 no.7, pp.32-40, July 1991. [22] T. Tsuji and A. Shimizu, "An impersonation attack on one-time password authentication protocol OSPA," IEICE Transactions on Communications, vol.E86-B, no.7, pp.2182-2185, July 2003. [23] T. Tsuji and A. Shimizu, "One-time password authentication protocol against theft attacks," IEICE Transactions on Communications, vol.E87-B, no.3, pp.523-529, 2004. [24] Y.C. Wu, H.F. Lin, and C.Y. Chen, "A fair and dynamic password authentication system," 16th Information Security Conference, ISC 2006, Taiwan, pp.222-228, 2006. [25] E.J. Yoon and K.Y. Yoo, "Improving the dynamic ID-based remote mutual authentication scheme," OTM Workshops 2006, LNCS 4277, pp.499-507, Springer-Verlag, 2006. [26] FIPS 180-1, "Secure hash standard," NIST, US Department of Commerce, Washington D.C., Apr. 1995.
指導教授	顏嵩銘(Sung-Ming Yen)	審核日期	2008-7-22
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare