The Research of Remote Authentication and Key Exchange Techniques

• Main Authors: Mo-Che Chan, 詹謨澤
• Other Authors: Chun-Li Lin
• Format: Others
• Language: zh-TW
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/73625664190128921776

碩士 === 樹德科技大學 === 資訊工程學系 === 93 === Recently, Internet and communication medium has been deleoped so fast and we prefer its low cost. More and more applications are developed with Internet. More and more people accomplish their jobs by Internet. But we must take notice of security argument for the information transmitting on the public networks. An adversary can cause the insecurity --- eavesdropping, interruption, modification and masquerade because the information must go through many mistrusted media from the source to the destination. Cryptography was used in order to avoid above threats. The use of authentication technique is avoiding masquerade and encrypting the message by the agreement of session key can be avoiding eavesdropping and modification. In this thesis, we will point out the weakness of previous related authentication protocols, and propose our solution. The first, we focus on the password-authenticated key exchange protocols that the server keeps a private/public key pair. All of the security are based on server's private key in the previous schemes. An adversary can get some advantage when the server's private key has been compromised, even the server's verifier does not compromised yet. We will propose a solution in this thesis. In our solution, an adversary can not cause threats as long as he does not get both the server's private key and the verifier simultaneously. The second, we focus on the token-based (smart card) authentication protocols. We will illustrate the problem of the authentication protocols which they do not need any password and verification table. The problem of previous schemes is that the server can not revoke any specific client or specific member. Our improvement will revoke the exclusive clients by a revocation list that does not cause a security effects when the revocation list was compromised. The confidentiality of the revocation list does not need. We can only keep its integrality. Thus this scheme reduces the risk to maintain those data.