以資訊隱藏之圖片進行使用者身分驗證之研究

Abstract

隨著網際網路的日益蓬勃，各項服務陸續發展，便伴隨著網路攻擊威脅的與日俱增。因此，如何在複雜的網路環境之中驗證遠端使用者的身分，對於服務的提供者及使用者就成了一個非常重要的問題。 目前最常見驗證遠端使用者的方法，都是藉著使用者的帳號和密碼來進行驗證。這種方法的安全性，最重要便是依靠密碼的強度，只要密碼足夠長且具有亂數特性，則使用者帳號與密碼的安全性便會越高。但要使用者將此類型的密碼熟記，是非常困難的。因為大多數人通常都傾向於使用有意義或和個人資料有關的密碼，雖然這樣的密碼易於記憶，卻也容易遭到不懷好意的駭客破解。 因此在本研究中，提出一個利用圖形檔案及資訊隱藏學的方法來進行使用者驗證，讓使用者無需記憶複雜又無意義的長密碼，並同時增加驗證的安全性，也降低使用者帳號和密碼被竊取的風險。

With the ever expanding internet, there comes the availability of all manner of goods and services. What accompanies these conveniences is the increasing threat of Cyber attacks. How a server authenticates a remote user then becomes a critically important issue for both the servers and the users. The most common way to authenticate a remote user is through the clients account and password. The most important part of this method typically relies on the strength of the password. As long as the password length is sufficient with random numbers, the security of user account and password will be maximized. However, it is difficult for most users to memorize a password of this type. The most common type of password is usually meaningful or related to the user and thus is easy to be predicted. Unfortu¬nately a password that is easy to remember is also easily hacked by people with bad intentions. Therefore, in our research, we proposed a preferred method of utilizing graphics and steganography for user authentication. With this method, the user can still have secured Internet services without memorizing long and meaningless passwords. This also re¬duces the risk of the user account and password being compromised.