近年來，隨著智慧卡在身分敏感的登入認證系統之應用，有效率的互相認證與會議鑰匙產生協議皆是重要的安全議題。2010年，Li et al.研究提出了對JCL演算法的修正版，以滿足匿名性及不可追蹤性，加強了使用者身分的保護，但Li et al.及JCL方法中，在雙方通訊過程所伴隨的高溝通和運算成本，與智慧卡晶片處理器的處理限制不符。且為了達到不可追蹤性之安全水準，必須符合在Li et al.演算法認證資訊的設計條件下，降低了登入認證系統彈性，因此本論文針對Li et al.演算法加以改進，讓智慧卡登入認證系統在滿足不可追蹤性下，並具有更好的效能與系統彈性。
本論文提出一個以亂數方式產生動態密碼的演算法，結合了線性反饋位移暫存器(LFSR)的虛擬亂數(Pseudorandom)演算法之概念，將每回合產生具不可追蹤性之亂數作為認證資訊。在登入階段，以動態密碼作為互相認證的因子，通過互相認證協議出會議鑰匙減少了三分之一的通訊回合。
在效能評估上，透過認證過程所需消耗的溝通成本與運算成本，以及各階段實際執行時間進行比較。實驗結果顯示，本論文相較於Li et al.演算法，不僅同樣滿足匿名性和不可追蹤性，在登入階段減少了通訊回合數，降低溝通和運算成本，如此，可達到效率及效能兼具的智慧卡登入認證系統。

Mutual Authentication and session key agreement based smart card became a strong security way in remote login authentication system. In 2010, Li et al. remedy JCL scheme provides initiator untraceable property to strength the identity protection. Owing to Li et al. scheme accompany high computation and communication cost over the communication channel, this was a conflict with smart cards embedded processors capability. Furthermore, the proposed mechanism for untraceability property lack some sort of flexibility in authentication message configuration and encryption algorithms chosen. 
In this paper, we proposed an One Time Password (OTP) mechanism embedded on both the smart card and the login server. Linear Feedback Shift Register (LFSR) algorithm was used as an OTP generator to produce pseudo-randomness sequences. In each authentication session, activated by on the same initial seed, smart card/severs generate the corresponding one time password for mutual authentication usage.
Analysis results show that, when compared with Li et al. remedy JCL scheme, the number of communication session in the login phase decrease by one-third. And if both run under the same chosen functions, the overall computation cost in login phase decrease by two-thirds. Furthermore, we “remedy” the Li et al. scheme by changing the order of message not only achieved untraceability property but also increase the flexibility within the authentication system.

目錄
一、	緒論	1
1.1	研究背景	1
1.2	研究動機和目的	4
二、	文獻探討	6
2.1	JCL演算法	6
2.1.1	參數產生階段	7
2.1.2	註冊階段	8
2.1.3	前置運算階段	8
2.1.4	登入階段	9
2.1.5	密碼更換階段	9
2.2	Li et al.演算法	10
2.2.1	註冊階段	11
2.2.2	登入階段	12
2.2.3	密碼更換階段	13
2.3	線性反饋位移暫存器方程式	14
2.4	各相關文獻之探討	15
三、	系統架構	17
3.1	系統概述	17
3.2	參數產生階段	19
3.3	註冊階段	19
3.4	第i次登入階段(i從1開始)	20
3.5	動態密碼重置階段	21
四、	安全性分析	23
4.1	互相認證(Mutual Authentication)	23
4.2	會議鑰匙協議(Session Key Agreement)	23
4.3	匿名性(Anonymity)	24
4.4	不可追蹤性(Untraceability)	24
4.5	驗證阻斷服務攻擊 (Denial of Service)	26
4.6	防止離線密碼猜測攻擊(Off-Line Password-Guessing Attack)	27
4.7	防止重送攻擊(Replay Attack)	28
4.8	防止內部攻擊(Inside Attack)	28
4.9	成本因素	28
五、	研究結果	31
5.1	溝通及儲存成本	31
5.2	計算成本	33
5.3	執行時間	36
六、	結論	39
參考文獻	40
圖目錄
圖2-1:JCL在智慧卡下密碼認證鑰匙協議之各階段流程圖	7
圖2-2:Li et al.在智慧卡下密碼認證鑰匙協議之各階段流程圖	11
圖2-3:16位元線性反饋位移暫存器方程式	14
圖3-1:本論文註冊階段流程圖	20
圖3-2:本論文第i次登入階段(i從1開始)流程圖	21
圖3-3:本論文動態密碼重置階段流程圖	22
表目錄
表4-1:本論文及相關演算法登入認證系統安全性比較表	30
表5-1:本論文及相關演算法登入認證系統溝通成本及儲存成本比較表	33
表5-2:本論文及相關演算法登入認證系統計算成本比較表	35
表5-3:本論文及相關演算法登入認證系統單位執行時間比較表	37
表5-4:本論文及相關演算法登入認證系統各階段執行時間比較表	38

[1]Alfke,P.,“Efficient Shift Registers,LFSR Counters,and Long Pseudo-Random Sequence Generators,” Xilinx Application Note,Jul.1996.
[2]Das, M.L., “Two-Factor User Authentication in Wireless Sensor Networks,” IEEE, Trans. On. Wire. Commun.,vol.15,no.3,pp.1086- 1090, Mar.2009.
[3]Fan,C., Y.Chan, and Zhang, Z., “ Robust remote authentication scheme with smart cards,” Comput.Secur., vol.24,no.8,pp.618-628, Nov.2005.
[4]He, D. and Chan,S., “A Secure and Light weight User Authentication Scheme with Anonymity for the Global Mobility Network,” IEEE, 13th International Conference on Network-Based Information Systems,2010.
[5]Huang,H., Liu, S., and Chen, H., “Designing a new mutual authentication scheme based on nonce and smart cards,” IEEE, Computer Social, International Symposium on Parallel and Distributed Processing with Applications, Sep. 2010.
[6]Hughes,D. and Shmatikov ,V., “Information hiding, anonymity and privacy: A modular approach,” J. Comput. Secur., vol. 12, no. 1, pp. 3–36, Jan. 2004.
[7]Juang, W., Chen, S., and Liaw,H., “Robust and efficient password-authenticated key agreement using smart cards,”IEEE, Trans.Ind. Electron., vol.15,no.6, pp.2551-2556,Jun.2008.
[8]Li, B., Hu,S., and Liu, Y. , “A Practical One-Time Password Authentication Implement on Internet,” IEEE International Conference on Wireless, Mobile and Multimedia Networks, 2006.
[9]Lauter,K., “The advantages of elliptic curve cryptography for wireless security,” Wireless Commun., vol.11,no.1, pp.62-67, Feb.2004.
[10]Luo,S., Hu,J., and Chen,Z., “An Identity- Based One-Time Password Scheme with Anonymous Authentication,” IEEE International Conference on Networks Security, Wireless Communications and Trusted Computing,2009.
[11]Liang, W. and Jing, L. “A Cryptographic Algorithm Based on Linear Feedback Shift Register,”IEEE International Conference on Computer Application and System Modeling, pp.526-529, 2010.
[12]Li, X., Qiu, W., Zheng,D., Chen, K., and Li, J., “Anonymity Enhancement on Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards,” IEEE, Trans. Ind. Electron., Vol.57, no.2, pp.793-800, Feb. 2010.
[13]Pasalic, E.,“On Guess and Determine Cryptanalysis of LFSR-Based Stream Ciphers” IEEE Trans. on. Infor. Theo., vol.55, no.7, Jul. 2009. 
[14]Pu, Q., “An Improved Two-factor Authentication Protocol,” Second International Conference on MultiMedia and Information Technology.2010.
[15]WIKIPEDIA., Pseudorandom number generator. http://en.wikipedia.org/wiki/Pseudorandom_ number_generator, accessed 2011/2/1.