以可攜式裝置達成的安全登入系統

Abstract

在這篇論文中，我們考慮在可攜式安全裝置的協助下，密碼驗證金鑰交換系統的表現。可攜式安全裝置可以是智慧型手機或個人行動助理等可安全存放資料及和個人電腦溝通的裝置。使用者攜帶其所有的可攜式安全裝置至公開電腦，便可自動且安全的進行身分驗證級金鑰交換的動作。 除了在一般密碼驗證金鑰交換系統所討論的安全性需求，好比身分驗證，金鑰的語意安全以及向前性安全。我們額外的考量了密碼保護以限制一個不完全信賴的公共電腦，在金鑰交換以及身分驗證的過程中得知使用者金鑰的可能性。 在實務上，使用者只需記憶自己的帳號和密碼。在沒有可攜式安全裝置的場合，使用者亦可在可信賴的電腦上，輸入帳號和密碼，來進行身分驗證以及金鑰交換。

We consider the password-based authenticated key exchange with help of the secure portable device. The secure portable device may be a smartphone or PDA which can store authentication information securely and communicate with computers. A user can bring his own secure portable device to some public computer and perform authentication and key exchange automatically and securely with his device. Beside the security requirements one usually consider in the password-based authenticated key exchange, such as the authentication, the semantic security of session keys and forward security of session keys, we additionally consider the password protection to against semi-trusted public computers from learning user's password. Users only need to have their password in hand and may perform a password authentication by inputing identities and passwords on computers. Our results hold in the random oracle model.