為了達到「讓使用者方便維護一組簡易且好記的密碼」的特性，歷年在安全通訊領域中，已廣泛地研究了以密碼為基礎的遠端認證方法。而大部份所發表的方法都建立在靜態身份的基礎上，亦即使用者的身份被直接以明文的方式傳輸於不安全的網路環境中。然而，此舉恐造成使用者交易行為及個人隱私的外洩。在隱私問題日益受到重視的情況下，2004年Das等學者提出以動態身份為基礎的認證方法，藉以防止身份竊取攻擊及個人隱私的洩漏。不幸地，一些研究指出Das的方法並不安全，易遭受許多不同類型的攻擊。同時，也有多篇研究被發表出來，他們針對Das方法中安全性的缺失進行強化。最近，Wang等學者提出一套更有效且更強健的動態身份認證機制，在所提的方法中，只使用到輕量型的計算模組，如單向雜湊涵數及互斥或運算。初探時，Wang的方法似乎是安全的，然而，並非沒有任何缺失。根據我們的分析，我們發現Wang的方法無法抵抗重送攻擊、使用者假冒攻擊、伺服器偽裝攻擊、中間人攻擊及密碼猜測攻擊等。在本篇研究中，我們分析Wang方法的弱點，並提出一套新的認證機制，我們的方法不僅能解決Wang方法的缺失，同時也更有效率。

Due to the simplicity of only requiring to maintain a simple and human-memorable password at client side, password based remote authentication method has been extensively investigated by research community and scholars in the history of secure communcation area. Nevertheless, most of previously published schemes are static ID-based in which user’s identity is transmitted in plaintext under an insecure network environment. This may expose user’s transaction behaviors and personal preference. As the customer privacy disclosure had been concerned by organizaiton and individual, in 2004, Das et al. [10] were motivated to propose a dynamic ID-based remote user authentication scheme for preventing ID-theft attack and individual-privacy exposing. Unfortunately, several studies had been done to point out that Das et al.’s mechanism is insecure against various malicious attacks. Meanwhile, many security enhanced remedies are also developed to eliminate the identified security vulnerabilites. Recently, a more effieicn and robust dynamic ID-based authentication scheme [19] is introduced by Wang et al. to possess security criteria and system efficiency at the same time, where only lightweight computation modules such as one-way hash function and bit exclusive-or operation are required in their scheme. At first glance, the proposed protocol seems to be secure. However, Wang et al.’s scheme is not without its flaws. According to our analysis, we find that Wang et al.’s scheme is vulnerable to replay attack, user impersonation attack, server counterfeit attack, man-in-the-middle attack and password guessing attack. In this article, we first introduce these security weaknesses on Wang et al.’s scheme. A modified remote authentication scheme is then developed to overcom the identified authentication flaws with better system efficiency.

中文摘要I
AbstractII
誌　謝IV
ContentsV
List of FiguresVII
List of TablesVIII
Chapter 1 Introduction1
1.1 Background and motivation1
1.2 Thesis organization4
Chapter 2 Literature review5
Chapter 3 Review of Wang et al.’s scheme8
3.1 Registration phase9
3.2 Login phase9
3.3Authentication phase10
3.4 Password change phase10
Chapter 4 Cryptanalysis of Wang et al.’s scheme11
4.1 ID-theft attack12
4.2 User impersonation attack12
4.3 Server counterfeit attack14
4.4 Man-in-the-middle attack14
4.5 Undetectable on-line password guessing attack16
4.6 Off-line password guessing attack19
Chapter 5 Proposed authentication protocol20
5.1 Registration phase21
5.2 Authentication phase22
5.3 Password change phase23
Chapter 6 Security and performance analysis24
6.1 Security analysis24
6.2 Performance analysis28
Chapter 7 Conclusion and future work29
Reference30

[1]L. Lamport, Password authentication with insecure communication, ACM Communications, vol.24 (1981)
[2]T. Hwang, Y. Chen and C.S. Laih, Non-interactive password authentication without password tables, IEEE Region 10 Conference on Computer and Communication Systems, pp.429-431 (1990)
[3]A. Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84, LNCS 7, pp.47-53 (1984)
[4]M.S. Hwang and L.H. Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.46, no.1, pp.28-30 (2000)
[5]H.M. Sun, An Efficient remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.46, no.4, pp.958-961 (2000)
[6]C.C. Lee, M.S. Hwang and W.P. Yang, A flexible remote user authentication scheme using smart cards, ACM Operating Systems Review, vol.36, no.3, pp.46-52 (2002)
[7]C.C. Lee, L.H. Li and M.S. Hwang, A remote user authentication scheme using hash functions, ACM Operating Systems Review, vol.36, no.4, pp.23-29 (2002)
[8]J.J. Shen, C.W. Lin and M.S. Hwang, A modified remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.49, no.2, pp.414-416 (2003)
[9]A.K. Awasthi and S. Lal, A remote user authentication scheme using smart cards with forward secrecy, IEEE Transactions on Consumer Electronics, vol.49, no.4, pp.1246-1248 (2003)
[10]M.L. Das, A. Saxena and V.P. Gulati, A dynamic ID-based remote user authentication scheme, IEEE Transactions on Consumer Electronics, vol.50, no.2, pp.629-631 (2004)
[11]AK. Awasthi and S. Lal, Security analysis of a dynamic ID-based remote user authentication scheme, http://eprint.iacr. org/ 2004/238.pdf.
[12]H.Y. Chien and C.H. Chen, A remote authentication scheme preserving user anonimity, Proceedings of the 19th International Conference on Advanced Informatiion Networking and Applications, pp.245-248 (2005)
[13]P.G. Argyroudis, R. Verma, H. Tewari and D. O’Mahony, Performance analysis of cryptographic protocols on handheld devices, Proceedings of the 3rd International Symposium on Network Computing and Applications, pp.169-174 (2004)
[14]M. Passing and F. Dressler, Experimental performance evaluation of cryptographic algorithms on sensor nodes, Proceedings of the 3rd International Conference on Mobile Adhoc and Sensor Systems, pp.882-887 (2006)
[15]I.E. Liao, C.C. Lee and M.S. Hwang, Security enhancement for a dynamic ID-based remote user authentication scheme, IEEE. Proceedings of International Conference on Next Generation Web Services Practices, pp.437-440 (2005)
[16]M. Misbahuddin, M.A. Ahmed and M.H. Shastri, A simple and efficient solution to remote user authentication using smart cards, Innovations in Information Technology, pp.1-5 (2006)
[17]X. Zhang, Q.Y Feng and M. Li, A modified dynamic ID-based remote user authentication scheme, Proceedings of International Conference on Communications, Circuits and Systems, pp.1602-1604 (2006)
[18]Z.X. Gao and Y.Q. Tu, An improvement of dynamic ID-based remote user authentication scheme with smart cards, Proceedings of the 7th World Congress on Intelligent Control and Automation, pp.4562-4567 (2008)
[19]Y.Y Wang, J.Y Liu, F.X Xiao, J. Dan, A more efficient and secure dynamic ID-based remote user authentication scheme, Computer Communications, vol.32, pp.583-585 (2009)
[20]P. Kocher, J. Jaffe and B. Jun, Differential power analysis, Advances in Cryptology: Proceedings of CRYPTO 99, LNCS 1666, pp.388-397 (1999)
[21]T.S. Messergers, E.A. Dabbish and R.H. Sloan, Examining smart card security under the threat of power analysis attacks, IEEE Transactions on Computers, vol.51, no.5, pp.541-552 (2002)
[22]L. Gong, A security risk of depending on synchronized clocks, ACM Operating System Review, vol.26, no.1, pp.49-53 (1992)
[23]Y. Ding and P. Horster, Undetectable on-line password guessing attacks, ACM SIGOPS Operating Systems Review, vol.29, no.4, pp.77-86 (1995)
[24]W.C. Ku and S.T. Chang, Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards, IEICE Transactions on Communications E88–B, no.5, pp.2165-2167 (2005)
[25]R.C. Merkle, One way hash functions and DES, Advances in Cryptology: Proceedings of CRYPTO 89, LNCS 435, pp.428-446 (1989)
[26]Smart Cards, http://www.ewh.ieee.org/r10/bombay/news5/SmartCards.htm
[27]William Stallings，巫坤品、王青青 譯，「密碼學與網路安全－原理與實務 第三版」，碁峰資訊股份有限公司 (2006)。
[28]賴溪松，「資訊安全入門」，全華圖書公司 (2006)。
[29]賴溪松、韓亮、張真誠，「近代密碼學及其應用」，松崗電腦圖書資料股份有限公司 (2004)。