隨著科技的日新月異,新興的科技不斷地影響我們的生活,例如智慧卡廣泛的應用於各種通訊機制中。然而智慧卡的認證機制之中,仍存在許多惡意的攻擊,如猜密碼攻擊、偽裝攻擊、重送攻擊以及阻斷服務攻擊等。為了防止諸多攻擊, Mishra等人於2015年針對Jiang以及Li等人的機制提出弱點分析及分別改進機制,但其中仍存在有弱點使其遭受阻斷服務、離線猜密碼等攻擊。
本研究首先介紹Mishra等人所提出基於密碼認證與金鑰協商認證機制中,仍存在的安全性問題,如內部攻擊及換卡機制等問題。接著再介紹Mishra等人另一個基於密碼與生物特徵的雙因子認證機制,本研究發現該機制雖然能改善Li等人所提的機制,但仍有無匿名性以及換卡機制弱點等安全性問題。本研究利用探討Mishra等人兩項機制的安全性分析,說明現有機制的問題。以改善問題為基礎,提出新的改良機制及安全性分析,並與其他機制進行安全性及效能分析,證明本研究所提出新的機制具有更佳的安全性。
With the rapid development of science and technology, it has gradually changed our life. For example, the smart card has been widely used and becomes an essential item in daily life. However, there are many malicious attacks, such as password guessing, impersonation, replay and denial of service. Therefore, the secure authentication schemes become very important and there are many researcher proposed their schemes. In 2015, Mishra et al. proposed an authentication scheme to improve the weaknesses of Li et al.’s scheme, but there are still with some weaknesses and vulnerabilities like guessing and denial of service attack.
In this study, we firstly introduce Mishra et al.’s scheme based on the password authentication and key agreement, and security problems, such as insider attacks and the weaknesses of smart card revocation phase. Secondly, we introduce another Mishra et al.’s scheme two-factor authentication mechanism based on password and biometrics identification. Although this scheme can improve the scheme of Li et al. and Jiang et al., there are still with some security problems such as the weaknesses of smart card revocation phase and user anonymity. Finally based on indicated we propose a new improved authentication scheme with security and performance analysis that proved the new scheme has better security.
