| Summary: | 碩士 === 國立臺灣師範大學 === 工業教育研究所 === 86 === Traditional methods of user authenticatior systems suffer from an important weakness which degree of randomness in secrets that human being can identification. Even though weak secrets (passwords and Personal Identification Number, PIN) are typically not exposed in the clear over the communication lines, they can be discovered with off-line brute force attacks based on exhaustive trials. Since such secrets are chosen from a relatively small key space, a determined adversary can try all possible values until a match is found between the trial values and the message recorded from a genuine authentication session. Authentication devices like smardcards offer an attractive solution by providing a user with a cryptographically strong key for authentication. In contrast to passwords and PINs, the device's key can be chosen from a much larger key space thus making a brute force attack computationally infeasible or, at least difficult.
First, this paper provides information of application on miscellaneous information security analysis on authentication to contemporary computer users and system service operators in business, bank and government. These security protocols include Kerberos, KryptoKnight, SESAME, Key Administration Standard of IBM computer security, Pretty Good Privacy(PGP), Privacy- Enhanced Mail(PEM), and Universal Electronic Payment System(UEPS). It is crucial to select an appropriate protocol since different protocol will affect system performance.
Second, in this paper we present an authentication method whereby the authentication device (a token card) is used solely to provide a secure channel between a human user and an authentication server (AS). Since the communication channel is secured by the card, the user can still utilize weak secrets for authentication purposes, without any risk of exposure. Furthermore, the card's and the user's secrets are mutually independent, i.e., the card is not associated with any particular user. Since the card is impersonal, it can be freely shared by several users. This eliminates the high cost of administration which is typical of existing designs requiring fixed user-device relationship. Moreover, our method does not require any coupling between the token card and the workstation which would be difficult to implement on a global scale and retrofit onto existing equipment.
|
|---|
