保護使用者的通行碼是智慧卡通行碼登入系統 (password authenticated key exchange with smart card: PAKE-CARD) 一項很重要的研究議題。本論文首先回顧相關研究文獻,並整理出五項對使用者通行碼具威脅性的密碼攻擊,包含了:通行碼猜測攻擊 (password guessing attack),竊取驗證碼攻擊 (stolen verifier attack),智慧卡入侵攻擊 (smart card compromise),伺服器入侵攻擊 (server compromise) 以及間諜軟體攻擊 (spy-ware attack)。但是現有已提出之智慧卡通行碼登入系統 (PAKE-CARD) 尚無法同時抵禦上述所提之攻擊,因此使用者的通行碼仍然備受威脅。為了確實保護使用者的通行碼,本篇論文分析現有的智慧卡通行碼登入系統如何抵禦上述五項攻擊之後,提出一個新的智慧卡通行碼登入系統。所提出的系統不僅可以同時抵擋上述五項通行碼攻擊,並且在同樣的環境之下比現有的系統更有效率。 How to protect user's password is a critical issue for any password authenticated key exchange with smart card (PAKE-CARD). Five primary attacks against PAKE-CARD schemes have been discussed in the literature, including: password guessing attack; stolen veriffier attack; smart card compromise; server compromise, and spy-ware attack. However, no existing PAKE-CARD scheme can resist all these attacks, and user's password is still vulnerable. In this thesis, we frst survey the existing PAKE-CARD schemes and analyze how the password can be protected under different environments. Then, we design a new PAKE-CARD scheme that can resist all the above mentioned attacks. Finally, we show that the proposed PAKE-CARD scheme is more efficient than previous ones under the same environment.
