本論文提出一行動網路漫遊狀態下之使用者鑑別機制。隨著網際網路和無線通訊的蓬勃發展，使用者能透過行動裝置取得無線網路服務;又由於人類具有行動性之特質,因此產生在客網域需透過無線或行動裝置存取網路之需求，亦即所謂的漫遊。客網域鑑別使用者為其他合作網域合法使用者便成為維護行動網路安全和有效管理之非常重要議題。本論文有效運用智慧卡之低運算成本與方便可攜的特性，提出一個結合通行碼和智慧卡適用於客網域的身份鑑別機制。使用者可以匿名地在客網域登錄且同使用者不同次的登錄,其他人無法辨別,深層地確保個人隱私。此外,本論文的方法除了能夠達到在行動網路下的安全需求，也提供高效率的使用者通行碼驗證和離線更改通行碼功能，並且抵擋在行動網路環境下可能的攻擊。本論文方法相較於其他學者的方法在計算效能上也略勝一籌。

This research proposes an authentication mechanism for roaming users of mobile networks. Thanks to the rapid development of Internet and wireless communications, users can access to wireless Internet services through mobile devices. Since humans are mobile by nature, they may access Internet with their wireless or mobile devices via a foreign agent. This phenomenon is called roaming. Allowing foreign agents to identify legal users among other cooperating networks is thus an essential issue to keep mobile network security with effective management reachable. This research adopts smartcards due to their low computing costs and easy portability. In combination with passwords, a mechanism suitable for user authentication in foreign agents is established so that users may log into foreign agents anonymously. The same user may anonymously log in numerous times, and other parties are blocked from spying the user and thereby individual privacy is ensured. In addition, the method proposed in this research meets security requirements of mobile networks and provides functions such as highly efficient user password authentication and offline password changing. These features block possible security attacks that may occur in mobile networks. In comparison with methods presented by other researchers, the computational performance of the proposed method is superior.

第一章 緒論	1
1.1 研究動機與目的	1
1.2 安全需求	2
1.3 論文架構	4
第二章 相關研究	5
2.1 He等人的方法	5
2.1.1 He等人的方法介紹	5
2.1.2 He等人的方法安全分析	8
2.2 Xu等人的方法	9
2.2.1 Xu等人的方法介紹	9
2.2.2 Xu等人的方法安全分析	12
第三章 方法介紹	13
3.1 註冊階段	14
3.2 主網域登入鑑別階段	15
3.3 登入階段	17
3.4 鑑別階段	18
3.5 後續登入鑑別階段	22
3.6 通行碼更正階段	24
第四章 安全與效能分析	25
4.1 安全分析	25
4.1.1 使用者匿名(User Anonymity)	25
4.1.2 不可連結(Unlinkability)	25
4.1.3 雙向鑑別(Mutual Authentication)	26
4.1.4 公平的產生會談金鑰(Fairness in key agreement)	28
4.1.5 任意且安全的變更通行碼(Update password securely and freely)	28
4.1.6 高效率的身份碼認證(High efficiency in password authentication)	 28
4.1.7 完美前向安全(Perfect forward secrecy)	29
4.1.8 完美後向安全(Perfect backward secrecy)	29
4.1.9 雙因素安全(Two – factor security)	30
4.1.10 重送攻擊(Replay attack)	30
4.1.11 離線通行碼猜測攻擊(Off – line password guessing attack)	31
4.2 安全功能比較	31
4.3 計算效能比較	32
第五章 結論與未來研究方向	34
參考文獻	35
附錄:英文論文	38
 
圖目錄
圖一、He的註冊階段 6
圖二、He的登入階段 6
圖三、He的鑑別階段 7
圖四、He的會談金鑰更新階段 7
圖五、He的通行碼更正階段 8
圖六、Xu的註冊階段 10
圖七、Xu的鑑別階段 11
圖八、Xu的會談金鑰更新階段 11
圖九、註冊階段 14
圖十、主網域登入鑑別階段 15
圖十一、登入階段 17
圖十二、鑑別階段 19
圖十三、後續登入鑑別階段 22

表目錄
表一、He方法的參數符號表	5
表二、Xu方法的參數符號表	10
表三、本方法的參數符號表	13
表四、安全需求功能比較	        32
表五、計算效能比較	        33

[1] C.S. Park, “Authentication protocol providing user anonymity and untraceability  in wireless mobile communication systems,” Computer Networks, Vol. 44, Issue 2, 2004, pp. 267-273. 
[2] J. Zhu, J. Ma, “ A new authentication scheme with anonymity for wireless environments,” IEEE Transactions Consumer Electronics, Vol. 50, Issue 1, 2004, pp. 231-235.
[3] C.C. Lee, M.S. Hwang, I.En. Liao “Security enhancement on a new authentication scheme with anonymity for wireless environments,” IEEE Transactions on Industrial Electronics, Vol. 53, Issue 5, 2006, pp. 1683-1687.
[4] C.C. Wu, W.B. Lee, W.J. Tsaur, “A secure authentication scheme with anonymity for wireless communications,” IEEE Communication, Vol. 12, Issue 10, January 2008, pp. 722-723.
[5] Y.P. Liao and S.S. Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, Vol. 31, Issue 1, January 2009, pp. 24-29.
[6] H.C. Hsiang and W.K. Shih, “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, Vol. 31, Issue 6, November 2009, pp. 1118-1123.
[7] X. Li, W. Qiu, D. Zheng, K. Chen, J. Li, “Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Transactions on Industrial Electronics, Vol. 57 , Issue 2, 2010, pp. 793 - 800.
[8]J.S. Lee, J.H. Chang, D.H. Lee, “Security flaw of authentication scheme with anonymity for wireless communications,” IEEE Communication, Vol. 13, Issue 5, 2009, pp. 292-293.
[9] P. Zeng, Z. Cao, K.K.R. Choo, S. Wang, “On the anonymity of some Authentication schemes for wireless communications,” IEEE Communications, Volume 13, Issue 3, 2009, pp. 170-171.
[10] Jing Xu, Dengguo Feng, “Security flaws in authentication protocols with anonymity for wireless communications, ” ETRI Journal 31 , 2009, pp. 460-462.
[11] D. He, M. Ma, Y. Zhang, C. Chen, J. Bu, “A strong user authentication scheme with smart cards for wireless communications,” Computer Communications, Vol. 34, Issue 3, 15 March 2011, pp. 367-374.
[12] J. Xu, W.T. Zhu, D.G. Feng, “An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks,” Computer Communications, Vol. 34, Issue 3, 15 March 2011, pp. 319-325.
[13] C.T. Li, C.C. Lee, “A novel user authentication and privacy preserving scheme with smart cards for wireless communications,” Mathematical and Computer Modelling, Available online 14 January 2011.