Author: 蔡佳倫
Jia-Lun Tsai
Thesis Title: 基於智慧卡之匿名式身分鑑別機制
Smart Card-based Anonymous Authentication Mechanisms
Advisor: 吳宗成
Tzong-Chen Wu
Nai-Wei Lo
Committee: 雷欽隆
Chin-Laung Lei
Chuan-Kai Yang
Wei-Hua He
Degree: 博士
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2013
Graduation Academic Year: 101
Language: 英文
Pages: 97
Keywords (in Chinese): 智慧卡身分鑑別機制分散式伺服器環境匿名性
Keywords (in other languages): Smart card, Authentication mechanism, Distributed server environment, Anonymity
With the rapid development of Internet, people can easily share information with each other through the network. In consequence, more and more companies and government agencies provide on-line network services to their customers and citizens. It has become more convenient and efficient for users to access Internet due to wide deployment of wireless networks and popularity of handheld mobile devices. However, massive amount of system attacks have come along with Internet and network usage. How to defend against malicious attacks on system environments has become a critical and important research topic. Authentication mechanism is one of the basic and essential defense mechanisms to secure systems in a network or Internet, which may identify service-requesting users and avoid illegal system access from attackers through properly designed authentication schemes. Therefore, how to design sound, secure and efficient authentication mechanisms is a very critical and essential matter for system security.
Single-server authentication mechanism is commonly used by systems deployed on Internet environment or local area network. Along with the variety of network environments, deployment of wireless networks and introduction of mobile devices, usage pattern of users to network resources has become increasingly diverse. It’s obvious that single-server access pattern has not been able to meet the business needs and usage behaviors for people in modern societies. As a result, to provide multi-server authentication schemes for network users has become necessary and crucial.
There exists difficulty to design proper authentication mechanisms for mobile handheld devices with limited computing resources to meet he requirements of security and efficiency under single-server or multi-server environments. A well-designed authentication mechanism should only require minimal computing operations at user side. In addition, user anonymity is also an important security factor to be considered for authentication mechanism. In wireless network environment, communicating messages which transmitted through electromagnetic waves may be eavesdropped and tracked by malicious attackers. Therefore, under integrated heterogeneous network environments a well-designed authentication mechanism should provide initiator anonymity and user untraceability to achieve more robust security requirements.
In this dissertation, we propose a single-server authentication scheme based on elliptic curve cryptosystem (ECC) in Chapter 3. Compared with other existing authentication schemes, the proposed scheme not only achieves initiator anonymity and initiator untraceability but also requires less computing cost for the mobile device at the user side, which is very suitable for users with limited computing-resource mobile devices. In Chapter 4, we propose an anonymous authentication scheme for mobile device users under distributed system environment. Security strength of this proposed scheme is based on elliptic curve cryptosystem (ECC) and bilinear pairings. The advantage of this scheme is that a user can access system server without the help of the smart card producing generator (SCPC) during user authentication process. Compared with other related works, our scheme requires less computation cost at both client and server sides. Batch verification on the server side is also invented and added in our scheme, which allows the server simultaneously verifies a group of user login requests to further reduce the computation cost on the server side. Finally, we conclude our academic contributions and provide some possible directions for future research on authentication mechanisms in Chapter 5.

中文摘要 I ABSTRACT III 誌謝 VI TABLE OF CONTENTS VII LIST OF FIGURES VIII LIST OF TABLES IX Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation and Objectives 8 1.3 Related Work 8 1.4 Dissertation Organization 12 Chapter 2 Preliminaries 15 2.1 Elliptic Curve Cryptosystem 15 2.2 Bilinear Pairings 17 2.3 Mathematical Assumptions 20 2.4 ECC-based ElGamal Cryptosystem 20 2.5 Identity-based Cryptosystem 21 2.5.1 Identity-based Encryption Scheme of Sakai and Kasahara 22 2.5.2 Identity-based Signature Scheme of Galindo and Garcia 24 Chapter 3 Anonymous Authentication Scheme for Single Server Environment 26 3.1 Proposed Scheme for Single Server Environment 26 3.2 Security Analysis 34 3.3 Comparison on Performance and Security Feature 42 Chapter 4 Anonymous Authentication Scheme for Distributed Server Environment 47 4.1 Proposed Scheme for Distributed Server Environment 47 4.2 Security Analysis 59 4.3 Comparison on Performance and Security Feature 75 Chapter 5 Conclusions and Future Work 79 Bibliogrphy 81 Publications 92

