| Summary: | 碩士 === 國立屏東科技大學 === 資訊管理系所 === 98 === Since the number of server providing the facilities for users is usually more than one, remote user authentication schemes used for multi-server architectures, rather than single server circumstance, is considered. Most of password authentication schemes for multi-server environment are based on static ID, so the servers can use this information to trace and analyze the user's login habit. Therefore, the user's privacy is not completely protected.
In 2009, Hsiang and Shih proposed an authentication scheme to improve Liao and Wang’s scheme. However, when servers use the same secret value to authenticate user, it will cause impersonation attack in their schemes. We analyze their protocol and demonstrate that cannot achieve true anonymity and resist impersonation attack.
Therefore, we further propose the improvements to avoid those security problems. We proposed two novel and efficiency dynamic ID-based remote user authentication scheme for multi-server environment schemes. Due to internal anonymity, we provided two access control schemes, that is, ”bit” and “Lagrange interpolating polynomial” to facilitate use authorizeation managrment for application srevers. Moreover, in our scheme, the server can get static information through register center to track malicious user, and the server can use this static information to check login message and reject malicious user.
|
|---|
