遠端使用者身份驗證之研究

Abstract

隨著網路攻擊事件的日益增多，網路安全的重要性日益增加。為了能有效的管理使用者的存取行為，如何驗證遠端的使用者變得十分的重要。在分散式的網路環境之中，許多系統都是利用傳統的帳號密碼驗證機制來驗證遠端的使用者，這樣的驗證機制比較容易實作，但是卻也造成了許多安全上的問題。因此，在本研究中我們利用智慧卡卡來強化系統的安全性以及改進使用者使用上的問題。 本論文包含四個研究。這四個研究都是以單向雜湊函數為基礎，而且它們都不用存放任何的驗證表。在前面的三個研究，我們指出有些已經發表的驗證方法有著安全性問題與缺失，為了改善這些安全性問題與缺失，我們也提出了改進的驗證機制去避免這些安全性問題與缺失。而第四個研究主要是以第三個研究為基礎，進而提出一個多伺服器的無驗證表驗證機制，這個驗證方法主要是利用一個驗證中心(Registreation Center)來提供伺服器與使用者互相驗證，使用者僅需要在註冊中心註冊一次，便可以使用這些伺服器所提供的服務，而且伺服器與註冊中心都不需要存放任何的驗證表。

Because the network attack is increasing, the network security becomes more and more important. In order to manage the remote users’s accesses, it is very important to authenticate the remote users. In the distributed network environment, there are many systems which use the basic authentication scheme to authenticate the remote users. It is easy to implement, but it also has many network security problems. In this study, we use smart card to strengthen the security of the system and improve the using problems of the remote users. This paper includes four researches. They are all based on one way hash function, and they do not need to store any verification table. In the previous three researches, we demonstrate that some proposed authentication schemes have the security problems and flaws. In order to improve these security problems and flaws, we also propose improved authentication scheme to overcome the security problems and flaws in these proposed authentication scheme. In the fourth research, we propose a multi-server authentication scheme without verification table according to the third research. This authentication scheme helps the servers and the users to authenticate each other by using a registration center. The users only need to register once, and they can get the services provided by the servers. In this multi-server authentication scheme, the servers and the registration center do not need to store any verification table.