| Summary: | 碩士 === 樹德科技大學 === 資訊工程學系 === 93 === Recently, Internet and communication medium has been deleoped so fast
and we prefer its low cost.
More and more applications are developed with Internet.
More and more people accomplish their jobs by Internet.
But we must take notice of security argument for
the information transmitting on the public networks.
An adversary can cause the insecurity ---
eavesdropping, interruption, modification and masquerade because
the information must go through many mistrusted media
from the source to the destination.
Cryptography was used in order to avoid above threats.
The use of authentication technique is avoiding masquerade and
encrypting the message by the agreement of session key can be
avoiding eavesdropping and modification.
In this thesis, we will point out the weakness of previous related authentication
protocols, and propose our solution.
The first, we focus on the password-authenticated key exchange protocols
that the server keeps a private/public key pair.
All of the security are based on server's private key in the previous schemes.
An adversary can get some advantage when the server's private key has been
compromised, even the server's verifier does not compromised yet.
We will propose a solution in this thesis.
In our solution, an adversary can not cause threats as long as he does not get
both the server's private key and the verifier simultaneously.
The second, we focus on the token-based (smart card) authentication protocols.
We will illustrate the problem of the authentication protocols
which they do not need any password and verification table.
The problem of previous schemes is that the server can not revoke
any specific client or specific member.
Our improvement will revoke the exclusive clients by a revocation list
that does not cause a security effects when the revocation list was compromised.
The confidentiality of the revocation list does not need.
We can only keep its integrality.
Thus this scheme reduces the risk to maintain those data.
|
|---|
