| 摘要: | 近年來,網路科技的快速發展,人們在日常生活中已習慣透過網路取得各項工作及生活的資訊,在進行網路服務時,為了保護使用者的資訊,使用者經常需要與伺服器相互驗證,使得遠端驗證的安全機制變得相當重要,亦使許多學者不斷的提出多種加強及改良的機制,以增加使用者遠端認證的安全性。
Quan, Jung, Kim, Sun, Lee, and Won (2017)指出An (2015)所提出的機制有許多的安全缺失,並提出基於帳號、密碼和生物特徵的三因子遠端用戶認證改善機制。但本研究發現,Quan et al. (2017)的機制仍存在許多安全漏洞,如離線猜密碼攻擊、不具匿名性及偽裝攻擊等問題。另外,Ali and Pal (2017)改善Guo and Wen (2014)所提出在多個伺服器環境中基於帳號、密碼和生物特徵的三因子遠端認證機制。但本研究發現Ali and Pal (2017)在機制上仍因設計缺失而存在安全漏洞,如會議金鑰的前向私密性等問題。
本研究將透過對Quan et al. (2017)及Ali and Pal (2017)的機制進行安全性分析,探討現有機制具有的安全漏洞,藉此提出一個新的遠端認證機制,除安全性分析外,並與現有機制進行安全性及效能的比較,以證明其可用性,並提出未來可能增強及改進的方向。
Recently, with the rapid development of the network, people have accustomed to getting information through the Internet in their daily lives. People often need to use servers to access and protect the private data that mutual verification of the secure remote authentication scheme is very significant. Many scholars have proposed many improvement schemes to enhance the security of remote authentication.
In 2017, Quan et al. pointed out that there are many weaknesses in Ans scheme and introduced an improvement remote user authentication scheme based on identity, passwords, and biometrics three-factor. However, we found that their scheme still has many weaknesses. Such as off-line password guessing attack, no user anonymity, and impersonation attack. In the same year, Ali-Pal improved Guo-Wens three factors, multiple server remote user authentication scheme. However, we also found that there have design flaws of Ali-Pals scheme, such as the session key attack.
Based on the security analysis to explore the weaknesses of Quan et al.s and Ali-Pals schemes. In this study, we propose an improvement three-factor remote authentication scheme and prove its usability from comparing the security and effectiveness with other schemes. We also suggest enhanced and improved directions in the future. |
