驗證系統允許使用者在證明其會員資格後,獲取他所提出的服務需求,然而 使用者與驗證伺服器互動的過程中,可能洩漏過多資訊以至於危害到使用者的個 人隱私。因此匿名是一個保護使用者隱私的好方法,但這也產生了無法撤銷非法 使用者的隱憂。為了保護使用者隱私,現今有許多的匿名驗證系統被提出並且廣 泛的使用於網際網路。然而,有一類的匿名驗證系統是使用假名的方法來達成匿 名,可是這樣的方法將造成假名可以被連結。部分匿名驗證系統甚至無法抵禦重 送攻擊或是偽冒攻擊。 在本論文中,我們提出了一個匿名且不可連結的會員驗證系統。我們所提出 的系統,允許使用者與單一或多個不同的驗證伺服器進行多次會員身分驗證,並 且保證所有驗證訊息彼此之間都不會被連結,也不會連結到使用者。我們分析了 現有相關的匿名驗證系統之優缺點,並且與我們所提出的方法進行比較。分析結 果顯示,我們的系統不僅同時兼顧高效率與安全性,同時還可以抵禦重送攻擊以 及偽冒攻擊。;The authentication schemes allow users to apply server’s services by presenting a valid membership. But the information provided by users during the interaction with the service providers may damage the privacy of users. Anonymity is an effect method to protect user privacy, but it may be misused such that the membership of a malicious user cannot be revoked. In order to achieve anonymity without revealing users’ privacy several anonymous authentication schemes were proposed and are still widely incorporated in Internet servers till present. Certain anonymous authentication schemes use a pseudonym to achieve anonymity, but the pseudonym is linkable and the scheme is vulnerable to replay attack or impersonation attack. Some previous related schemes will be reviewed and analyzed on their strength and weakness. Comparison between our proposed scheme and these related ones will be provided. In this thesis, we proposed a new anonymous and unlinkable membership authentication scheme. The proposed scheme allows a valid user to prove his or her membership multiple times to a same or different application servers while all the authentication messages cannot be linked. Furthermore, our proposed scheme is computational efficiency and can preserve user’s privacy, and most importantly it can withstand replay attack and impersonation attack.
