隨著科技的日新月異及資訊科技蓬勃發展,使得資訊安全成為重要的研究議題,其中智慧卡的應用範圍日益廣泛,成為人們日常生活不可或缺的一部分,同時使得智慧卡遠端的認證需求也大幅的提升,需不斷的加強與改良,以增加其安全性。
在2016年,Jung等人指出Singhal等人之認證機制具有一些弱點,無法有效阻擋攻擊,並提出改善機制。但本研究發現Jung等人之機制,仍存有安全漏洞。同時,在2016年Liu等人指出Li等人之認證機制有許多缺失,但本研究亦發現Liu等人之機制仍有許多安全漏洞。
在本研究中,除針對Jung等人及Liu等人機制進行安全性分析,說明其弱點。並針對Liu等人機制進行改良,提供動態識別特性以達成使用者匿名性,並於註冊階段檢驗已註冊帳號的程序,避免Liu等人機制中因重複註冊所導致的安全漏洞。本研究亦提出新機制的安全性分析,並與其他現有機制進行安全性及效能比較,比較結果顯示雖增加部分成本,但可增加部分安全性,亦可證明本研究所提新機制可提供更具安全性的認證機制。
Nowadays, within the popularity and rapid development of imformation technology, information security becomes an urgent issue. One of them is smart card. The smart card could be applied in many fields that the requirement of the remote authentication scheme is increasing and need to make scheme more secure against attacks by hackers.
In 2016, Jung et al. pointed out Singhal et al.’s scheme with some weak and proposed a new authentication scheme. In the same year, Liu et al. identified the secure flaws of Li et al.'s scheme and also proposed an improved authentication scheme. However, we find that some secure flaws in both schemes, such as man in the middle attack, off-line password guessing attack, and the weak of perfect forward secrecy etc. Therefore, we propose a new improved authentication scheme from Liu et al.’s scheme that adds dynamic identity to achieve anonymity and checks with the existed registered account during registration stage to avoid the attack from duplicate registration. We also provide the security analysis of new scheme and compare to other existing schemes. The result shows that the new authentication scheme will increase some costs, but it also proves that our scheme is more secure than others.
