| Summary: | 碩士 === 國立成功大學 === 資訊及電子工程研究所 === 83 === The security of a system often depends on identifying
correctly the person at a terminal. There are many
authentication mechanisms which support the security problem
for computer systems. Among them, password authentication
schemes are the most popular and inexpensive mechanisms used in
many systems. In password authentication scheme, each
user owns his/her identity and password. When he/she wants
to login the computer system, he/she keys in his/her
identity and password by himself/herself. This method,
however, suffers both the peeping attacks where an intruder
stands behind the login user to peep the typed password and the
replay attacks where the intruder intercepts the password from
the network and then impersonates the same user by
replaying the intercepted password. A challenge-response type
human identification scheme, withstands both the peeping and
replay attacks, was proposed by Matsumoto and Imai in 1991.
Each user and the host are assumed to share a common key.
Knowing the common key shared with the user, the host can
decide whether an answer replied from the user is correct or
not. In their scheme, what the user has to do are simply to
memorize a short secret and perform very simple operation
based on the secret. In this thesis, three types of attacks,
referred to here as the chosen challenge attack, the chosen
response attack and the chosen challenge-response attack,
on the human identification schemes are proposed. By
these attacks, a malicious user first impersonates the host
to send a forged challenge to the login user or impersonates
the login user to send a modify response to the host, and then
performs the intercepting or peeping attack to reveal the
login user's secret password.
|
|---|
