要建立安全的分散式系統,遠端身分鑑別機制扮演著相當重要的角色。Lee和Chiu兩位學者提出他們改良的運用智慧卡之遠端身分鑑別機制,以求解決Wu和Chieu兩位學者所提出植基於離散對數運算數學難題之遠端身分鑑別機制所存在的安全弱點。很不幸的,我們發現該遠端身分鑑別機制仍會遭受偽造攻擊(forgery attack)及阻斷服務攻擊(denial of service attack),為了克服這兩項安全上缺陷,我們亦以Lee和Chiu的遠端身分鑑別機制為基礎提出一個新的遠端身分鑑別機制。由於離散對數運算較耗費運算資源,因此有學者提出以雜湊函數為核心之遠端身分鑑別機制,提升身分鑑別機制運算效率,其中Sun於2000年提出一植基於雜湊函數運算之遠端身分鑑別機制,但是Sun所提出的身分鑑別機制僅針對使用者進行身分鑑別,並沒有達到使用者端與伺服器端雙向鑑別功能,而且使用者也無法自行選擇通行碼(passwords),有鑑於此,Chien等學者於2002年亦提出一植基於雜湊函數運算之改良機制,以彌補Sun之身分鑑別機制所存在的問題,但是Chien等學者之身分鑑別機制仍會遭受到Hsu學者提出之parallel session attack此種攻擊法的攻擊,因此我們也提出一個更完善且具效率性之遠端身分鑑別機制。此外本論文所提出之二種遠端身分鑑別機制均允許使用者不需透過伺服器即可自行更改通行碼。而且,本論文亦提出邏輯分析來證明這二種遠端身分鑑別機制均確實達到使用者端與伺服器端雙向鑑別的目的。 Remote authentication schemes play an important role to create a secure distributed computer environment. In 2005, Lee and Chiu proposed their remote authentication scheme based on discrete logarithm computation to overcome some security problems in previous remote authentication schemes. Unfortunately, some attacks are proposed to show that Lee and Chiu’s scheme is vulnerable under the forgery attack and the denial of service att ack. To conquer these security problems, our improved scheme is also proposed. So our scheme is more secure than Lee and Chiu’s scheme. On the other hand, Sun proposed an efficient remote authentication scheme only adopting one-way hash functions in 2000. However, Sun’s scheme only achieve one-sided user authentication. In addition, users cannot freely choose their own passwords. To conquer these problems, in 2002, Chien et al. proposed their improved remote authentication scheme with mutual authentication. Unfortunately, Hsu pointed out that Chien et al.’s scheme suffers from the parallel session attack. To conquer the parallel session attack and other proposed attacks, a practical remote authentication scheme with mutual authentication is proposed. In addition, both our two schemes allow users freely changing their passwords without the server’s help. Besides, the logical analysis is proposed to make sure our new schemes to actually achieve the purpose of mutual authentication.
