由於資訊與通訊科技的快速成長,使用智慧卡結合密碼來進行認證,是一有效率且廣泛運用於網路的認證機制。然而,來自外部或惡意的各種安全攻擊,使得網路應用系統出現離線猜弱密碼、偽冒、資料竄改、重送等安全弱點。例如,Islam於2014年及V. Odelu、A. K. Das及A. Goswami於2015年,所提出之智慧卡認證機制,不但運算成本過高且無法抵抗智慧卡失竊/離線猜弱密碼攻擊。
本研究將以密碼學之安全雜湊函數、Diffie–Hellman金鑰交換等方法,改良上述智慧卡認證機制的安全缺陷,使其具有可對抗離線猜弱密碼,使用者與伺服器之間可交互認證,並提供會期金鑰與會期金鑰前推私密性。
Due to the rapid growth of information and communication technologies, remote authentication based on password and smart card is an efficient authentication mechanism and widely used on the Internet. However, various known security attacks from the malicious users or outsiders make the internet application systems vulnerable, such as password guessing attack, forgery / modification attack, and replay attack. Islam and Odelu et al. proposed a password authentication scheme using smart card In 2014 and 2015 respectively. These schemes are not only dsigned with high computation costs but also vulnerable to smart card stolen/ off-line password guessing attack.
By using secure hash function and Diffie-Hellman key exchange algorithm, this study proposes an improved authentication protocol to prevent the weakness of above authentication mechanisms using smart card. The improved scheme can resist the off-line password guessing and provide mutual authentication and session key perfect forward secrecy.
