隨著網路與資訊科技的演變,智慧卡這項科技時代下的產物,使人們的生活更加的便利。其中用戶與遠端伺服器,常倚賴智慧卡進行認證。為了保護用戶的隱私,使得利用智慧卡遠端用戶認證機制的安全性越來越重要。在2015 年Chaudhry 等人認為Kumari 的密碼認證方案有安全漏洞,並提出一套新的機制,可防止相關攻擊等特性。但本研究發現Chaudhry 等人提出的機制仍有許多安全疏失,例如無法阻止離線猜弱密碼,偽裝攻擊及阻絕服務等。Shi 等人同樣提出Kumari 等人的另一個認證機制存有智慧卡失竊攻擊、偽冒使用者與伺服器攻擊以及不具有匿名性等等的安全漏洞,並提出一套新的改進機制。但在本研究發現Shi 等人的機制仍有安全漏洞。本文將對Chaudhry 等人及Shi 等人的機制提出安全性分析,並詳細說明其弱點。在發現這些安全漏洞後,本研究提出一個增強Chaudhry 等人的智慧卡遠端認證機制,提供使用者匿名及抵抗相關攻擊,使我們所提的機制更具安全性。我們並說明改善機制的安全性分析及與其他機制進行安全性比較及效能分析,以說明新機制可適用於真實環境中。
With the evolution of Network and Information technology, the smart card makes
us more convenience in daily life. The remote user and server are often using smart cards for authentication. In order to protect the privacy of users, the security of using smart card are becoming more and more important. In 2015, Chaudhry et al. proposed that Kumari et al.’s scheme has weaknesses, and proposed an improved scheme. They indicate their scheme can against many attack. However, we find that the Chaudhry et al.’s scheme is still with security problem. In 2015, Shi et al. also proposed that Kumari et al.’s other authentication scheme had many security problems, and proposed an improved scheme, but we find that scheme was still insecure. In this paper, we will analyze that weaknesses of Chaudhry et al.’s and Shi et al’s scheme, and improve Chaudhry et al.’s scheme to avoid their security problems. We also apply the security analysis and security comparison and efficiency analysis with other schemes that prove our scheme is secure and can apply it in everyday life.
