系統識別號 | U0002-1607200710302500 |
---|---|
DOI | 10.6846/TKU.2007.00442 |
論文名稱(中文) | 適用於多伺服系統的高效率具鑑別性共同密鑰產生技術之研究 |
論文名稱(英文) | The Study of Efficient Password Authenticated Key Agreement Protocol for Multi-servers |
第三語言論文名稱 | |
校院名稱 | 淡江大學 |
系所名稱(中文) | 資訊工程學系博士班 |
系所名稱(英文) | Department of Computer Science and Information Engineering |
外國學位學校名稱 | |
外國學位學院名稱 | |
外國學位研究所名稱 | |
學年度 | 95 |
學期 | 2 |
出版年 | 96 |
研究生(中文) | 蕭勝華 |
研究生(英文) | Sheng-Hua Shiau |
學號 | 891190067 |
學位類別 | 博士 |
語言別 | 英文 |
第二語言別 | |
口試日期 | 2007-06-21 |
論文頁數 | 73頁 |
口試委員 |
指導教授
-
黃仁俊(junhwang@ms35.hinet.net)
委員 - 王旭正(sjwang@mail.cpu.edu.tw) 委員 - 莊文勝(wsjuang@cc.shu.edu.tw) 委員 - 葛煥昭(keh@cs.tku.edu.tw) 委員 - 黃心嘉(sjhwang@mail.tku.edu.tw) |
關鍵字(中) |
通行碼鑑別 金鑰協同 多伺服系統 隨機智者模型 邏輯分析 |
關鍵字(英) |
password authentication key agreement multi-server random oracle model logic analysis |
第三語言關鍵字 | |
學科別分類 | |
中文摘要 |
由於網路相關應用的增長,網路安全成為一重要之議題。對於終端使用者來說,在網路中其最重要且最廣泛的應用即是經由公開網路取得伺服器所提供的服務。伺服器只能提供服務給合法的使用者,並能防止任何非法的存取。因此,在公開網路環境中,身分鑑別與訊息機密性為兩大重要之安全服務。具鑑別性共同密鑰產生技術在此提供一良好的解決方案。我們在本論文中提出兩種適用於多伺服系統具鑑別性共同密鑰產生技術。在我們所提出的方法中,一合法的使用者只需利用一通行碼與一張智慧卡即可安全的存取多台伺服器。在每次使用者登入伺服器時,他們會互相鑑別對方的身分,並且產生一共同密鑰。我們分別利用隨機智者模型(random oracle model)與邏輯分析(logic analysis)來證明方法的安全性與鑑別性。我們所提出的方法能夠抵擋重送攻擊(replay attack)、假冒攻擊(impersonation attack)、已知金鑰攻擊(known key attack)、未知金鑰分享攻擊(unknown key share attack)、密碼驗證檔失竊攻擊(stolen verifier attack)及內部攻擊(insider attack)。每一合法使用者能在不連結伺服器的情況下,執行方法中之更改通行碼步驟來變更自己的通行碼。此外,我們所提出的方法植基於幾何直線問題、雜湊函數及互斥或運算。和之前所提出的方法比較之下,我們的方法只需較少的運算量與通訊量,具有較好的效率。 |
英文摘要 |
Network security is an important issue since the rising network application. For an end user, the most important and wide application is to obtain services from servers via open networks. A server has to provide services only to its legal users and prevent any illegal access. Therefore, identity authentication and message confidentiality are two primary security services in an open network environment. An authenticated key agreement protocol is a good solution for providing identity authentication and message confidentiality security services. We propose two password authenticated key agreement protocols for multi-servers. In these two protocols, a valid user can access multi-servers securely by keeping one weak password and one smart card only. The user and server will authenticate each other and generate a common session key in each login process. The security and authentication of two proposed protocols is demonstrated by random oracle model and logic analysis separately. Both proposed protocols resist the replay attack, the impersonation attack, the known key attack, the unknown key share attack, the stolen verifier attack and the insider attack. Each legal user can change his password without connecting to any server by performing the password change phase of each proposed protocol. Furthermore, both proposed protocols are based on straight line of geometry, hash function and Exclusive OR operation. They do not use any overload cryptographic operations and require less computational and communicational costs than previous results. |
第三語言摘要 | |
論文目次 |
Contents I List of Figures III List of Tables IV Chapter 1 Introduction 1 1.1 Research motivation 1 1.2 Objectives of the research 2 1.3 Organization 3 Chapter 2 Related works 5 Chapter 3 The type I protocol 8 3.1 Preliminaries 8 3.2 The proposed protocol 10 3.2.1 The registration phase 11 3.2.2 The login phase 12 3.2.3 The password change phase 15 3.3 Security analysis 16 3.3.1 Random oracle model 16 3.3.1.1 The modified Bellare-Rogaway model 17 3.3.1.2 Security proof of the proposed protocol 22 3.3.2 Logic analysis 26 3.3.2.1 Notation and synthetic rules 26 3.3.2.2 Proof of the proposed protocol 27 3.3.3 Unknown key share attack 31 3.3.4 Stolen verifier attack 33 3.3.5 Insider attack 33 3.4 Comparison 34 3.4.1 Security properties 34 3.4.2 Computational costs 36 3.4.3 Communicational costs 37 Chapter 4 The type II protocol 40 4.1 Preliminaries 40 4.2 The proposed protocol 42 4.2.1 The registration phase 43 4.2.2 The login phase 44 4.2.3 The password change phase 47 4.3 Security analysis 47 4.3.1 Random oracle model 48 4.3.2 Logic analysis 53 4.3.3 Unknown key share attack 58 4.3.4 Stolen verifier attack 59 4.3.5 Insider attack 60 4.4 Comparison 60 4.4.1 Security properties 60 4.4.2 Computational costs 62 4.4.3 Communicational costs 63 Chapter 5 Conclusions and future works 66 5.1 Conclusions 66 5.2 Future works 67 References 68 List of Figures Figure 1. The login phase of the type I protocol ...................................14 Figure 2. The login phase of the type II protocol ..................................45 List of Tables Table 1. The security properties comparison of the type I protocol......35 Table 2. The comparison of the computational cost in the type I protocol ....................................................................................37 Table 3. The comparison of the communicational cost in the type I protocol ....................................................................................38 Table 4. The security properties comparison of the type II protocol.....61 Table 5. The comparison of the computational cost in the type II protocol ....................................................................................62 Table 6. The comparison of the communicational cost in the type II protocol ....................................................................................64 |
參考文獻 |
[1] M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” Advances in Cryptology - EUROCRYPT 2000: International Conference on the Theory and Application of Cryptographic Techniques, LNCS 1807, 2000, pp. 122--138. [2] M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols,” Proceedings of the First ACM Conference on Computer and Communications Security (CCS'93), 1993, pp. 62-73. [3] M. Bellare and P. Rogaway, “Provably secure session key distribution: the three party case,” Proceedings of 27th ACM Symposium on Theory of Computing (STOC 95), 1995, pp. 57-66. [4] S. Black-Wilson, D. Johnson and A. Menezes, “Key agreement protocols and their security analysis,” Proceedings of 6th IMA International Conference on Crypotography and Coding, LNCS 1355, 1997, pp. 30-45. [5] M. Burrows, M. Abadi and R. Needham, “A logic of authentication,” ACM Transactions on Computer Systems(TOCS), Vol. 8, No. 1, 1990, pp. 18-36. [6] L. Buttyán, S. Staamann and U. Wilhelm, “A simple logic for authentication protocol design,” Proceedings of 11th IEEE Computer Security Foundations Workshop, 1998, pp. 153-162. [7] C.C. Chang, S.J. Hwang, “Using smart cards to authenticate remote passwords,” Computers and Mathematics with Applications, Vol.26, No. 7, 1993, pp. 19-27. [8] C.C. Chang, R.J. Hwang, J.B. Daniel, “Using smart cards to authenticate passwords,” Proceedings of the IEEE International Carnahan Conference on Security Technology, 1993, pp. 154-156. [9] C.C. Chang and J.Y. Kuo, “An efficient multiserver password authenticated key agreement scheme using smart cards with access control,” Proceedings of 19th IEEE Internal Conference on Advanced Information Networking and Applications (AINA 2005), Vol. 2, 2005, pp. 257-260. [10] C.C. Chang, C.S. Laih, “Comment on remote password authentication with smart cards,” IEE Proceedings, Vol. 139, No.4, 1992, pp. 372. [11] C.C. Chang, T.C. Wu, “Remote password authentication with smart cards,” IEE Proceedings - Computers and Digital Techniques, Vol. 138, No.3, 1991, pp. 165-168. [12] C.M. Chen and W.C. Ku, “Stolen-verifier attack on two new strong-password authentication protocols,” IEICE Transactions on Communications, Vol. E85-B, No. 11, 2002, pp. 2519-2521. [13] H. Chien, J. Jan and Y. Tseng, “An Efficient and Practical Solution to Remote Authentication: Smart Card,” Computers and Security, Vol. 21, No. 4, 2002, pp. 372-375. [14] W. Diffie, M.E. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory, Vol.22, 1976, pp. 644-654. [15] S.M. Ghanem and H.A. Wahab, “A simple XOR-based technique for distributing group key in secure multicasting,” Proceedings of Fifth IEEE Symposium on Computers and Communications (ISCC 2000), 2000, pp. 166-171. [16] M.-S. Hwang, “Cryptanalysis of remote login authentication scheme,” Computer Communications, Vol. 22, No.8, 1999, pp. 742-744. [17] M.-S. Hwang, C.-C. Lee and Y.-L. Tang, “A simple remote user authentication scheme,” Mathematical and Computer Modelling, Vol. 36, No. 1-2, 2002, pp. 103-107. [18] M. Hwang and L. Li, “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28-30. [19] T. Hwang, Y. Chen, C.S. Laih, “Non-interactive password authentications without password tables,” Proceedings of the IEEE Region 10th Conference on Computer and Communication Systems, 1990, pp. 429-431. [20] IEEE std 1363-2000, IEEE standard specifications for public-key cryptography. The Institute of Electrical and Electronics Engineers, New York, USA, 2000. [21] J.K. Jan, Y.Y. Chen, “ ‘Paramita wisdom’ password authentication scheme without verification tables,” Journal of Systems and Software, Vol.42, No. 1, 1998, pp. 45-57. [22] W. Juang, “Efficient Password Authenticated Key Agreement Using Smart Cards,” Computers and Security, Vol. 23, No. 2, 2004, pp. 167-173. [23] W. Juang, “Efficient multi-server password authenticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, 2004, pp. 251-255. [24] W.S. Juang, C.L. Lei, C.Y. Chang, “Anonymous channel and authentication in wireless communications,” Computer Communications, Vol. 22, No. 15-16, 1999, pp. 1502-1511. [25] T. Kobayashi and H. Morita, “Fast modular inversion algorithm to match any operation unit,” IEICE Transactions on Fundamentals, Vol. E82-A, No. 5, 1999, pp. 733-740. [26] W.C. Ku, “Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture,” IEEE Transactions on Neural Networks, Vol. 16, No.4, 2005, pp. 1002-1005. [27] W.C. Ku, S.T. Chang, M.H. Chiang, “Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture,” IEICE Transactions on Communications, Vol. E88-B, No. 8, 2005, pp. 3451-3454. [28] W.C. Ku, C.M. Chen and H.L. Lee, “Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme,” IEICE Transactions on Communications, Vol. E86-B, No. 5, 2003, pp. 1682-1684. [29] C. Kudla and K.G. Paterson, “Modular security proofs for key agreement protocols,” Advances in Cryptology - ASIACRYPT 2005: 11th International Conference on the Theory and Application of Cryptology and Information Security, LNCS 3788, 2005, pp. 549-565. [30] Y.P. Lai and C.C. Chang, “An efficient multi-exponentiation scheme based on modified booth’s method,” International Journal of Electronics, Vol. 90, No. 3, 2003, pp. 221-233. [31] L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, Vol. 24, No.11, 1981, pp. 770-772. [32] L. Li, I. Lin and M. Hwang, “A Remote Password Authentication Scheme for Multi-server Architecture Using Neural Networks,” IEEE Transactions on Neural Networks, Vol. 12, No. 6, 2001, pp. 1498-1504. [33] I.-E. Liao, C.-C. Lee and M.-S. Hwang, “A password authentication scheme over insecure networks,” Journal of Computer and System Sciences, Vol. 72, No. 4, 2006, pp. 727-740. [34] H.T. Liaw, J.F. Lin and W.C. Wu, “An efficient and complete remote user authentication scheme using smart cards,” Mathematical and Computer Modelling, Vol. 44, No. 1-2, 2006, pp. 223-228. [35] I. Lin, M. Hwang and L. Li, “A New Remote User Authentication Scheme for Multi-server Architecture,” Future Generation Computer Systems, Vol. 19, 2003, pp. 13-22. [36] B. Menkus, “Understanding the use of passwords,” Computers and Security, Vol. 7, 1988, pp. 132-136. [37] NIST FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, 2001. [38] NIST FIPS PUB 180-2, Secure Hash Standard, National Institute of Standards and Technology, U.S. Department of Commerce, 2002. [39] R.L. Rivest, A. Shamir, L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, Vol.21, 1978, pp. 120-126. [40] A. Shamir, “Identity based on cryptosystems and signature schemes,” Advances in Cryptology, CRYPTO’84, 1984, pp. 47-53. [41] K. Singh, “On improvements to password security,” Operating System Review, Vol. 19, 1985, pp. 53-60. [42] N. Smart, Cryptography, McGraw-Hill Education, UK, 2002. [43] H. Sun, “An Efficient Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, 2000, pp. 958-961. [44] K. Tan and H. Zhu, “Remote Password Authentication Scheme with Smart Cards,” Computer Communications, Vol. 18, 1999, pp. 390-393. [45] W.J. Tsaur, C.C. Wu and W.B. Lee, “A smart card-based remote scheme for password authentication in multi-server Internet services,” Computer Standards & Interfaces, Vol. 27, No. 1, 2004, pp. 39-51. [46] W.J. Tsaur, C.C. Wu and W.B. Lee, “An enhanced user authentication scheme for multiserver Internet services,” Applied Mathematics and Computation, Vol. 170, No. 1, 2005, pp. 258-266. [47] P. Urien, “Internet card, a smart card as a true Internet node,” Computer Communications, Vol. 23, No. 17, 2000, pp. 1655-1666. [48] X.G. Wang and Z.C. Chai, “Two secure remote user authentication schemes using smart cards,” Proceedings of IEEE Internal Conference on Machine Learning and Cybernetics, 2006, pp. 2653-2658. [49] S.J. Wang, J.F. Chang, “Smart card based secure password authentication scheme,” Computers and Security, Vol. 15, No. 3, 1996, pp. 231-237. [50] H.-A. Wen, T.-F. Lee and T. Hwang, “Provably secure three-party password-based authenticated key exchange protocol using Weil pairing,” IEE Proceedings - Communications, Vol. 152, No. 2, 2005, pp. 138-143. [51] T.C. Wu, “Remote login authentication scheme based on a geometric approach,” Computer Communications, Vol.18, No.12, 1995, pp. 959-963. [52] W. Yang and S. Shieh, “Password Authentication Schemes with Smart Cards,” Computers and Security, Vol. 18, No. 8, 1999, pp. 727-733. |
論文全文使用權限 |
如有問題,歡迎洽詢!
圖書館數位資訊組 (02)2621-5656 轉 2487 或 來信