研究生: |
陳聖凱 Sheng-Kai Chen |
---|---|
論文名稱: |
行動裝置上基於生物特徵的遠端相互認證方法 Biometric-based Remote Mutual Authentication Scheme for Mobile Device |
指導教授: |
呂政修
Jenq-Shiou Leu |
口試委員: |
周承復
Cheng-Fu Chou 阮聖彰 Shanq-Jang Ruan 吳晉賢 Chin-Hsien Wu 陳維美 Wei-Mei Chen |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 電子工程系 Department of Electronic and Computer Engineering |
論文出版年: | 2016 |
畢業學年度: | 104 |
語文別: | 中文 |
論文頁數: | 39 |
中文關鍵詞: | 相互認證 、生物特徵 、遠端認證方法 |
外文關鍵詞: | Mutual Authentication, Biometric, Remote Authentication scheme |
相關次數: | 點閱:198 下載:3 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
遠端使用者認證方法提供了一個系統去判定遠端使用者的認證要求的合法性,尤其是透過非安全性通道傳輸時的遠端使用者認證,在過去之中,許多利用密碼與智能卡(smart cards)的認證方法被提出,然而密碼可能會被洩露或遺忘,而智能卡可能被分享、遺失或被偷竊,而利用生物特徵卻可以克服以上這些密碼與智能卡的弱點,而生物特徵像是人臉、指紋或瞳孔等等,也因為生物特徵擁有許多優點,所以在近幾年來生物特徵被加入認證方法之中,與密碼和智能卡的認證方法結合,產生出許多基於智能卡與生物特徵的遠端認證方法,而隨著人們對於行動裝置的依賴度越來越高,也造就了行動支付的發展與普及,而目前行動支付最常採用的方式為信用卡卡號或虛擬貨幣這兩種方式,但不管是哪種方式,這些資訊的安全性是有疑慮且對使用者是較不便利的,所以在近兩年來,開始出現了一些行動支付系統使用生物特徵辨識來進行支付的認證,但仍然都處在測試階段中,所以在本篇論文之中,我們提出了一個行動裝置上基於生物特徵的遠端認證方法,藉由綁定行動裝置來取代以往的密碼或智能卡認證,這種方法比起以往的方法更加的便利與適合應用在行動支付的環境之中,且綁定行動裝置也能確保認證來源的正確性與安全性。
Remote user authentication schemes can verify the legitimacy of remote users’ over an insecure communication channel. In recent years, many authentication schemes using password and smart card have been proposed. However, password might be revealed or forgotten and smart card might be shared, lost or stolen. In contrast, the biometrics, such as face, fingerprint or iris, have no those weaknesses. With the trend of mobile payment, more and more applications for mobile payment use biometrics to replace password and smart card. In this paper, we propose a biometric-based remote authentication scheme using biometrics and mobile device bounded by user for password and smart card. This scheme is more convenient, suitable and securer than the onces using smart cards in the mobile payment environment.
[1] L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol. 24, pp. 770-772, 1981.
[2] N. Haller, The S/KEY One-Time Password System: RFC Editor, 1995.
[3] G. Horng, "Password authentication without using a password table," Inf. Process. Lett., vol. 55, pp. 247-250, 1995.
[4] M.-S. Hwang and L.-H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, pp. 28-30, 2000.
[5] C.-T. Li, C.-C. Lee, C.-J. Liu, and C.-W. Lee, "A Robust Remote User Authentication Scheme against Smart Card Security Breach," in Data and Applications Security and Privacy XXV: 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Richmond, VA, USA, July 11-13, 2011. Proceedings, Y. Li, Ed., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 231-238.
[6] S. Kumari and M. K. Khan, "Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme’," International Journal of Communication Systems, vol. 27, pp. 3939-3955, 2014.
[7] C.-T. Li and M.-S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards," Journal of Network and Computer Applications, vol. 33, pp. 1-5, 1// 2010.
[8] A. K. Das, "Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards," IET Information Security, vol. 5, pp. 145-151, 2011.
[9] Y. An, "Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards," Journal of Biomedicine and Biotechnology, vol. 2012, p. 6, 2012.
[10] M. K. Khan and S. Kumari, "An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity," BioMed Research International, vol. 2013, p. 9, 2013.
[11] D. Mishra, A. K. Das, and S. Mukhopadhyay, "A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards," Expert Systems with Applications, vol. 41, pp. 8129-8143, 12/15/ 2014.
[12] D. He and D. Wang, "Robust Biometrics-Based Authentication Scheme for Multiserver Environment," IEEE Systems Journal, vol. 9, pp. 816-823, 2015.
[13] N.-F. Standard, "Announcing the advanced encryption standard (AES)," Federal Information Processing Standards Publication, vol. 197, pp. 1-51, 2001.
[14] J. Daemen and V. Rijmen, "AES proposal: Rijndael," 1999.
[15] P. FIPS, "180-1. Secure hash standard," National Institute of Standards and Technology, vol. 17, p. 45, 1995.
[16] D. Eastlake 3rd and P. Jones, "US secure hash algorithm 1 (SHA1)," 2070-1721, 2001.
[17] N. FIPS, "180-4–Secure Hash Standard, March 2012," ed.
[18] M. J. Dworkin, "SHA-3 standard: Permutation-based hash and extendableoutput functions," Federal Inf. Process. Stds.(NIST FIPS)-202 (August 2015).
[19] R. Belguechi, C. Rosenberger, and S. Ait-Aoudia, "Biohashing for Securing Minutiae Template," in Pattern Recognition (ICPR), 2010 20th International Conference on, 2010, pp. 1168-1171.
[20] Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," in International Conference on the Theory and Applications of Cryptographic Techniques, 2004, pp. 523-540.
[21] M. Len. (2014). MagicCrypt. Available: https://magiclen.org/aes/
[22] J. C. Klontz, B. F. Klare, S. Klum, A. K. Jain, and M. J. Burge, "Open source biometric recognition," in Biometrics: Theory, Applications and Systems (BTAS), 2013 IEEE Sixth International Conference on, 2013, pp. 1-8.