隨著網際網路(Internet)與全球資訊網(WWW)的發展，越來越多人使用網路存取資訊、使用服務及進行交易等。然而，隨之產生的資安事件也越來越多，諸如：網路詐欺、交易資料外洩及個人隱私資料曝露。因此，使用者鑑別機制實乃發展電子化交易之重要碁石。
在1981年，Lamport首先提出一個遠端鑑別之機制，此機制利用密碼表進行使用者鑑別。然而，在2000年，Hwang與Li指出Lamport所提出之機制會遭受竊取驗證表攻擊，當密碼表被攻擊者竊取後，則攻擊者能進一步偽冒使用者。爾後，許多學者提出相關研究，以滿足不同的安全需求。在2009年，Wang等人提出一個基於動態識別符之遠端使用者鑑別機制，此機制提供使用者匿名性，並抵抗竊取驗證表與阻斷服務攻擊。隨後，Khan等人指出在Wang等人所提出之機制中並不能達到使用者匿名性，更進一步提出改善機制，其機制能提供使用者匿名性、相互鑑別機制與交談金鑰建置。然而，本研究發現Khan等人所提出之機制也不安全，因為遠端伺服器需維護驗證表以鑑別使用者，易遭受竊取驗證表攻擊(stolen verifier attack)與阻斷服務攻擊(Denial of Service attack，簡稱DoS攻擊)。本研究首先提出一個遠端鑑別機制，此機制能補足Wang等人與Khan等人機制中不足之處，可達到使用者匿名性、相互鑑別與交談金鑰建置，並抵抗重送攻擊(replay attack)、阻斷服務攻擊與竊取驗證表攻擊。然而，隨著電子化服務之多樣性，使用者可以僅在單一帳號管理中心註冊，進而使用不同服務。本研究亦提出一個適用於單一登入之遠端鑑別機制，使用者需向金鑰分配中心註冊，待審核通過後，金鑰分配中心核發存有鑑別符記(authentication token)等相關資訊之智慧卡(smart card)。爾後，使用者便能使用獲得之智慧卡登入遠端伺服器，存取所需之服務或資源。本研究所提出之適用於單一登入之遠端鑑別機制能達到使用者匿名性、相互鑑別與交談金鑰建置，並提供使用者單一登入機制且抵抗重送攻擊、阻斷服務攻擊與竊取驗證表攻擊。

With the development of Internet and World Wide Web, more and more people access digital information, use services and finish business transaction via Internet. However, there are more and more security information issues, such as Internet fraud, transaction data leakage and private information exposure. Therefore, user authentication mechanism indeed is the keystone for developing electronic transaction.
In 1981, Lamport first proposed a remote user authentication mechanism with a password table and claimed that the proposed mechanism is still secure even though an attacker intercepts the communications between a user and a remote system. In 2009, Wang et al. proposed a dynamic ID-based remote user authentication scheme without any verification table which provides user anonymity and resists stolen-verifier and DOS attacks. However, Khan et al. pointed out that Wang et al.’s scheme cannot achieve user anonymity. Further, Khan et al. proposed an improved scheme to overcome the mentioned weakness. However, we find that Khan et al’s scheme is insecure, because the remote server needs to maintain a verifier table for authenticating users. It results in stolen verifier and denial of service attacks. In this paper, we first propose a remote authentication mechanism that can improve Wang et al’s and Khan et al’s mechanism. The proposed mechanism achieves user anonymity, mutual authentication, and session key establishment and provides resistance to a replay attack, a denial of service attack, and a stolen verifier attack. Due to variety of electronic services, a user can only register with single account management center, and then the user can access different services. In this paper, we also propose a remote authentication mechanism for single sign-on. In the proposed mechanism, a user needs to register with a key distribution center. After verification for the user, the key distribution center will issue a smart card to the user, in which the smart card contains some information, such as authentication token. After that, the user can use the smart card to login to the remote server for accessing services or resources. The proposed mechanism can achieve user anonymity, mutual authentication, and session key establishment. It also supplies user single sign-on and resistance to a replay attack, a denial of service attack, and a stolen verifier attack.

[ACDG02] M.L. Akkar, N.T. Courtois, R. Duteuil, and L. Goubin, “A Fast and Secure Implementation of Sflash,” Public Key Cryptography, Lecture Notes in Computer Science, Vol. 2567, pp. 267-278, 2002.

[Awa04] A.K Awasthi, “Comment on A Dynamic ID-Based Remote User Authentication Scheme,” Transaction on Cryptology, Vol. 1, No 02, pp. 15-16, 2004.

[CC05] H.Y. Chien and C.H. Chen, “A Remote Authentication Scheme preserving User Anonymity,” Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA'05), Vol. 2, pp. 245-248, Taipei, Taiwan, 2005.

[CL04] C.C. Chang and J.S. Lee, “An Efficient and Secure Multi-Server Password Authentication Scheme Using Smart Cards,” Third International Conference on Cyberworlds(CW’04), Tokyo, Japan, No. 18-20, pp. 417-422, 2004.

[DJJ10] H. Debiao, C. Jianhua, and H. Jin, “Weaknesses of A Dynamic ID-Based Remote User Authentication Scheme,” International Journal of Electronic Security and Digital Forensics, Vol. 3, No 4, pp. 355-362, 2010.

[DSG04] M.L. Das, A. Saxena, and V.P. Gulati, “A Dynamic ID-Based Remote User Authentication Scheme,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, pp. 629-631, 2004.

[HL00] M.S. Hwang and L.H. Li, “A New Remote User Authentication Scheme using Smart Cards,” IEEE Transaction on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000.

[HPS98] J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: A ring based public key cryptosystem. Algorithmic Number Theory (ANTS III), Lecture Notes in Computer Science, Vol.1423, pages 267–288, Portland, OR, 1998.

[Jua04] W.S. Juang, “Efficient Multi-Server Password Authenticated Key Agreement Using Smart Cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 251-255, 2004.

[KKA11] M.K. Khan, S.K. Kim, and K. Alghathbar, “Cryptanalysis and Security Enhancement of a more Efficient & Secure Dynamic ID-Based Remote User Authentication Scheme,” Computer Communications, Vol. 34, pp. 305-309, 2011.

[Kob87] Koblitz N., “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol. 48, No. 177, pp. 203-209, 1987.

[Lam81] L. Lamport, “Password Authentication with Insecure Communication,” Communications of ACM, New York, U.S., Vol. 24, No. 11, pp. 770-772, 1981.

[LW09] Y.P. Liao and S.S. Wang, “A Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment,” Computer Standards & Interfaces, Vol. 31, No 1, pp. 24-29, 2009.

[Nie86] H. Niederreiter, “Knapsack-Type Cryptosystems and Algebraic Coding Theory,” Problems of Control and Information Theory, Vol. 15, No. 2, pp. 157-166, 1986.

[NIST01] National Institute of Standards and Technology, “Announcing the Advanced Encryption Standard (AES),” Federal Information Processing Standards Publication 197, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, 2001.

[NIST02] National Institute of Standards and Technology, “Digital Signature Standard (DSS),” Federal Information Processing Standards Publication 186-3, http://csrc.nist.gov /publications/fips/fips186-3/fips_186-3.pdf, 2009.

[NIST03] National Institute of Standards and Technology, “Recommendation for Key Management – Part 1: General(Revised),” NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf, 2006.

[NIST04] National Institute of Standards and Technology, “Secure Hash Standard,” Federal Information Processing Standards Publications 180-2, http://csrc.nist.gov/publications/fips/fips 180-2/fips180-2.pdf, 2002.

[McE78] McEliece, R.J, ”A Public-Key Cryptosystem based on Algebraic Coding Theory,” Technical report, DSN Progress report 42-44, pp. 114-116, Jet Propulsion Laboratory, Pasadena,Californila,1978.

[Mer89] R.C. Merkle. “A Certified Digital Signature,” Advances in Cryptology : CRYPTO’89, Lecture Notes in Computer Science, Vol. 435, pp. 218-238, 1989.

[Mil85] Miller V., “Uses of Elliptic Curves in Cryptography,” Advances in Cryptology : CRYPTO’85, Santa Barbara, U.S. , pp. 417-426, 1985.

[Pat96] J. Patarin, “Hidden Fields Equations (HFE) and Isomorphisms of Polynomials(IP): Two New Families of Asymmetric Algorithms,” Advances in Cryptology : EUROCRYPT ’96 , Lecture Notes in Computer Science, Vol.1070, pp. 33-48, 1996, Extended version: http://www.minrank.org/hfe.pdf.

[RFC01] Internet Engineering Task Force, “Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation,” Request for Comments 5639 , http://www.rfc-editor.org/rfc/pdfrfc/rfc5639.txt.pdf, 2010.

[RFC02] Internet Engineering Task Force,” The MD5 Message-Digest Algorithm,” Request for Comments 1321 , http://tools.ietf.org/pdf/ rfc1321.pdf, 1992.

[RVEK10] A.M. Rossudowski, H.S. Venter, J.H.P. Eloff and D.G. Kourie, “A Security Privacy Aware Architecture and Protocol for a Single Smart Card used for Multiple Services,” Computers & Security, Vol. 29, No. 4, pp. 393-409, 2010.

[SSS11] S.K. Sood, A.K. Sarje and K. Singh, “A Secure Dynamic Identity Based Authentication Protocol for Multi-Server Architecture,” Journal of Network and Computer Applications,” Vol. 34, No. 2, pp. 609-618, 2011.

[Tsa08] J.L. Tsai, “Efficient Multi-Server Authentication Scheme based on One-way Hash Function without Verification Table,” Computers & Security, Vol. 27, No. 3-4, pp. 115-121, 2008.

[TWL04] W.J. Tsaur, C.C. Wu and W.B. Lee, “A Smart Card-based Remote Scheme for Password Authentication in Multi-Server Internet Services,” Computer Standards & Interfaces, Vol. 27, No. 1, pp. 39-51, 2004.

[WJL09] R.C. Wang, W.S. Juang, and C.L. Lei, “User Authentication Scheme with Privacy-Preservation for Multi-Server Environment,” IEEE Communications Letters, Vol. 13, No. 2, pp. 157-159, 2009.

[WLXD09] Y.Y. Wang, J.Y. Liu, F.X. Xia, and J. Dan, “A more Efficient and Secure Dynamic ID-Based Remote User Authentication Scheme,” Computer Communications, Vol. 32, No. 4, pp. 583-585, 2009.