中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9483
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41650363      Online Users : 1395
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9483


    Title: 兩個通行碼鑑定系統之分析研究;Cryptanalysis on Two Password Authentication Schemes
    Authors: 施錫彰;Hsi-Chang Shih
    Contributors: 資訊工程研究所
    Keywords: 通行碼身分鑑定系統;動態通行碼;動態身分;Password authentication schemes;Dynamic password;Dynamic identity
    Date: 2008-06-24
    Issue Date: 2009-09-22 11:48:46 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 在動態通行碼(dynamic password)鑑定系統中,使用者每次登入所使用的通行碼是動態改變的。在2006年,Wu等人提出了一個「公平的動態通行碼鑑定系統」(WLC scheme)。Wu等人宣稱他們的方法在使用者登入鑑定失敗時,系統可以偵測與判斷鑑定失敗的原因是因為使用者是非法的,或者是因為系統的驗證表格遭到竄改所引起的。然而,我們發現WLC scheme在安全性上有缺失,它沒辦法達到如作者所宣稱的功能。攻擊者可以竄改系統的驗證表格以偽裝成合法使用者的身分,而系統無法偵測出此狀況。另外,攻擊者可以藉由WLC scheme所提供的線上更新通行碼功能更換使用者的通行碼,進而獲得該使用者帳號往後的使用權限。 在同一年,Liou等人提出了一個「具動態身分(dynamic identity)的鑑定系統」(LLW scheme),具動態身分的鑑定系統是為了防止使用者傳送的鑑定訊息洩露使用者的部分資訊而被提出來,Liou等人並宣稱他們的方法可以達到雙向鑑定(mutual authentication)的功能。然而,我們發現LLW scheme會遭受到偽造身分攻擊(impersonation attack);在系統註冊過的使用者可以偽裝成系統的身分與其他使用者進行通訊。並且,在系統註冊過的使用者也可以對其他使用者的通行碼採取離線猜測攻擊(off-line guessing attack)。 In the dynamic password authentication schemes, user's login password is dynamically changed in each user login. In 2006, Wu et al. proposed a fair and dynamic password authentication scheme (WLC scheme). The authors claimed that the server in their scheme can detect the reason when a user fails to login. We find that WLC scheme fails to preserve the fairness as the authors' claims. Adversaries can modify the verification table without being detected by server. Moreover, the on-line password change process is not secure. Adversaries can change users' passwords to arbitrary ones by exploiting the password change process. In the same year, Liou et al. proposed a new dynamic ID-based authentication scheme using smart cards (LLW scheme). The dynamic ID-based authentication schemes are proposed to prevent partial information leakage from users' authentication messages. Liou et al. claimed their scheme can achieve mutual authentication. However, we find that LLW scheme is vulnerable to impersonation attacks, a malicious user can impersonate server to communication with other users and apply the off-line guessing attack on other users.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明