Basic Search / Detailed Display

Author: 方俊斌
Chun-pin Fang
Thesis Title: 基於一次性動態密碼及行動裝置進行身分驗證
A New Identity Authentication System Based On OTP Using Mobile Device
Advisor: 洪西進
Shi-Jinn Horng
Committee: 古鴻炎
Hung-yan Gu
蔡鴻旭
Hung-Hsu Tsai
江季翰
Ji-Han Jiang
Degree: 碩士
Master
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2012
Graduation Academic Year: 100
Language: 中文
Pages: 57
Keywords (in Chinese): 一次性動態密碼身分驗證Challenge/ResponseRSA演算法
Keywords (in other languages): One Time Password, Identity Authentication, Challenge/Response, RSA Algorithm
Reference times: Clicks: 228Downloads: 18
Share:
School Collection Retrieve National Library Collection Retrieve Error Report
  • 隨著電子商務[1]快速成長,電子商務(如線上銀行、購物、交易)最常要求使用者輸入帳號(Username)與密碼(Password)來登入系統,進行身分驗證。由於每位使用者可能同時使用多個電子商務系統,所以,要記憶多組帳號與密碼極有可能造成他們的困擾。另外,在這開放的網路世界,合法使用者的帳號與密碼遭有心人士盜取使用的新聞時有所聞。再則,近年來電子商務系統常使用透過簡訊來傳送一次性動態密碼[2] OTP (One Time Password),來保護使用者的身分驗證。使用者收到簡訊後,再次輸入其OTP,才能登入系統。
    基於許多電子商務使用者習慣攜帶其行動裝置,本論文主要討論使用者登入電子商務時,在其行動裝置安裝OTP產生器的方便與優點,並從OTP產生器取得OTP,且這組OTP只能使用一次。通過使用OTP登錄到不同的電子商務系統,使用者可免於混淆他們的使用者帳號和密碼,來確保他們登錄系統的安全性。


    With the fast growth of e-commerce [1] systems, more and more people rely on them to finish their tasks, such as using an online banking, shopping, or trading. The users of the systems are usually required to type in their username and password to log into the system to verify their identity. However, these users may find it difficult to memorize all of the usernames and passwords for different systems if a number of systems are used. In addition, it is often heard that a user’s username and password for a system are phished in cyberspace. Therefore, in order to protect users’ authentication, e-commerce systems now more frequently send a one time password (OTP) through a text to their users. The users can use their OTP they receive to log onto the e-commerce system.
    Many e-commerce users are used to carrying a mobile device with them. The thesis will mainly discuss the convenience and advantages of using a mobile device to log into a system with an OTP. Users use an OTP generator in their mobile device to gain an OTP. This OTP can be used just once. By using the OTP to log onto an e-commerce system, users may not confuse their usernames and passwords for different websites as well as ensure their safety when logging into systems.

    中文摘要 III Abstract IV 致謝 V 目錄 VI 表目錄 IX 圖目錄 X 第一章 導論 1 1.1 研究背景與動機 1 1.2 貢獻 2 第二章 相關工作 4 2.1 一次性動態密碼 (One Time Password) 4 2.1.1 硬體式OTP 載具(Token) 6 2.1.2 簡訊OTP 6 2.1.3 查表式OTP 7 2.1.4 軟體式行動裝置OTP 8 2.2 現今網路身分驗證的機制 9 2.2.1 帳號與密碼 9 2.2.2 IP鎖 10 2.2.3 電腦憑證 10 2.2.4 OTP動態密碼鎖 11 2.2.5 防盜密碼信用卡 12 2.2.6 簡訊安全鎖 12 2.2.7 電話鎖 13 2.2.8 IC晶片卡 13 2.2.9 雙重/多重因素認證 14 第三章 動態密碼與密碼演算法之技術研究 16 3.1 密碼學演算法 16 3.2 對稱性密碼 18 3.3 非對稱性密碼 19 3.4 混合型密碼 21 3.5 亂數 22 第四章 系統架構及安全效能分析 24 4.1 One Time Password Via SMS系統架構 24 4.2 系統運作架構 26 4.3 系統架構之流程機制 28 4.4 實作成果 33 4.4.1 實作環境 33 4.4.2 實作步驟說明 34 4.5 系統安全效能分析 39 4.5.1 安全評估分析 39 4.5.2 優缺點分析 40 4.5.3 效能評估分析 40 第五章 結論及未來展望 41 5.1 結論 41 5.2 未來展望 41 參考文獻 43

    [1] 電子商務-Wikipedia.,
    http://zh.wikipedia.org/zh-tw/%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1.
    [2] 一次性密碼(One Time Password) – Wikipedia., http://zh.wikipedia.org/zh-hk/%E4%B8%80%E6%AC%A1%E6%80%A7%E5%AF%86%E7%A2%BC.
    [3] 什麼是鍵盤側錄程式?,
    http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=10&Cat=&Cat1=&id=66706.
    [4] Backdoor-Wikipedia.,
    http://en.wikipedia.org/wiki/Backdoor_(computing).
    [5] 波仕特線上市調網, http://www.pollster.com.tw.
    [6] Li Yinxiang; Sun Xinxin; Li Xiaoping; Qiong Xu, “The application of one-time password technology in the security of electronic accounting system”, Publication Year: 2010, Page(s): 169 – 171.
    [7] 密碼卡, http://ez.lager.com.tw/card/card.shtml.
    [8] Yahoo奇摩登入帳號畫面, https://login.yahoo.com/config/login?.intl=tw&.src=fpctx&.done=http://tw.yahoo.com.
    [9] Yahoo奇摩安全憑證, http://www.wretch.cc/blog/ycorpblog/11812826.
    [10] 亂數-Wikipedia., http://zh.wikipedia.org/zh-tw/%E9%9A%8F%E6%9C%BA%E6%95%B0.
    [11] 動態密碼鎖, http://otp.hinet.net/html/AP/OTP/intro_otp.html.
    [12] VISA新卡-密碼保障, http://forums.perak.org/cn/read-htm-tid-113412-page-e.html.
    [13] Facebook – Wikipedia., http://zh.wikipedia.org/zh-tw/Facebook.
    [14] Facebook推一次性密碼服務 安全重心轉移至手機,
    http://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=5925.
    [15] 台北富邦轉帳登入系統畫面, https://ebank.taipeifubon.com.tw/ibank/servlet/HttpDispatcher/ATMLogin/prompt?newTxRequest=true.
    [16] Do van Thanh; Jorstad, I.; Jonvik, T.; Do van Thuan, “Strong authentication with mobile phone as security token”, IEEE 6th International Conference on 2009 , Page(s): 777 – 782.
    [17] IMEI-Wikipedia., http://zh.wikipedia.org/wiki/IMEI.
    [18] IMSI-Wikipedia., http://zh.wikipedia.org/wiki/IMSI.
    [19] Abdulaziz S. Almazyad and Yasir Ahmad, “A New Approach in T-FA Authentication with OTP Using Mobile Phone”, SecTech 2009, Page(s): 9-17.
    [20] Zitmo現身 簡訊驗證機制小心破功,
    http://www.isecutech.com.tw/article/article_detail.aspx?c1id=4&c3id=40&tv=21&aid=5912.
    [21] Qian Tang; Junwei Zou; Chunxiao Fan; Xiaoying Zhang, “A Mobile Identity Authentication Scheme of E-Commerce Based on Java-SIM Card”, Publication Year: 2010 , Page(s): V2-114 - V2-118.
    [22] Yin Xue; Zou Junwei; Fan ChunXiao; Zhou Peng, “An Improved Dynamic Identity Authentication Scheme Based on PKI-SIM Card”, Publication Year: 2009 , Page(s): 1 – 4.
    [23] Fan Yu Tao; Su Gui Ping, “Design of Two-Way One-Time-Password Authentication Scheme Based On True Random Numbers”, Publication Year: 2009 , Page(s): 11 – 14.
    [24] Li TongLiang; Jin ZhiGang, “A New Low Cost One Time ID and Password Authentication Protocol Using Popular Removable Storage Devices”, Publication Year: 2009 , Page(s): 213 – 216.
    [25] Wang Liang; Zhang Runtong, “An Security-enhanced Authentication System Based on OTP System in E-Commerce”, Publication Year: 2010, Page(s): 1 – 4.
    [26] Li Yinxiang; Sun Xinxin; Li Xiaoping; Qiong Xu, “The application of one-time password technology in the security of electronic accounting system”, Publication Year: 2010, Page(s): 169 – 171.
    [27] Wen-Chung Kuo; Yung-Cheng Lee, “ Attack and Improvement on the One-Time Password Authentication Protocol Against Theft Attacks“, Publication Year: 2007 , Page(s): 1918 – 1922.
    [28] Li Yinxiang; Xiaoping Li; Lizhi Zhong; Yuhuan Jing, “Research on the S_KEY One-Time Password Authentication System and its Application in Banking And Financial Systems”, Publication Year: 2010 , Page(s): 172 – 175.

    QR CODE