Please wait a minute...
FITEE
Front. Inform. Technol. Electron. Eng.  2015, Vol. 16 Issue (4): 259-271    DOI: 10.1631/FITEE.1400232
    
一套具备使用者不可追踪性的轻量化身分鉴别机制
Kuo-Hui Yeh
Department of Information Management, National Dong Hwa University, Taiwan 974, Hualien
A lightweight authentication scheme with user untraceability
Kuo-Hui Yeh
Department of Information Management, National Dong Hwa University, Taiwan 974, Hualien
 全文: PDF 
摘要: 目的:随着电子商务应用的蓬勃发展,如何安全且有效率地提供足够的网路资源或线上服务给远端使用者逐渐成为一门研究显学。鉴于此,本论文主要针对目前商务网路环境设计使用者身分鉴别机制。
创新点:本研究所提出的鉴别机制主要利用杂凑函数(Hash function)作为机制内的资讯保护技术,并以一套新设计的讯息传递逻辑成功完成多个体间的相互身分鉴别,如此将可同时达到计算安全与轻量化效能两大效益。
方法:藉由使用者注册(Registration)、登入与鉴别(Login and authentication)、密码变更(Password change)等三大阶段来完成并良好管理使用者身分鉴别与讯息传输安全。
结论:本论文主要针对现有网路环境下的商务架构,进行使用者身分鉴别机制设计。在协定安全度方面,根据传输逻辑分析与安全正式化分析结果,所提方法的安全可行性已被成功证实。在效能方面,本研究比近期所提出的几份相关机制(Tsai et al., 2013;Chang et al., 2014;Kumari and Khan, 2014)皆更为有效率(表2、3)。
关键词: 身分鉴别隐私安全智慧卡不可追踪性    
Abstract: With the rapid growth of electronic commerce and associated demands on variants of Internet based applications, application systems providing network resources and business services are in high demand around the world. To guarantee robust security and computational efficiency for service retrieval, a variety of authentication schemes have been proposed. However, most of these schemes have been found to be lacking when subject to a formal security analysis. Recently, Chang et al. (2014) introduced a formally provable secure authentication protocol with the property of user-untraceability. Unfortunately, based on our analysis, the proposed scheme fails to provide the property of user-untraceability as claimed, and is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this paper, we demonstrate the details of these malicious attacks. A security enhanced authentication scheme is proposed to eliminate all identified weaknesses.
Key words: Authentication    Privacy    Security    Smart card    Untraceability
收稿日期: 2014-07-03 出版日期: 2015-04-03
CLC:  TP309  
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  
Kuo-Hui Yeh

引用本文:

Kuo-Hui Yeh. A lightweight authentication scheme with user untraceability. Front. Inform. Technol. Electron. Eng., 2015, 16(4): 259-271.

链接本文:

http://www.zjujournals.com/xueshu/fitee/CN/10.1631/FITEE.1400232        http://www.zjujournals.com/xueshu/fitee/CN/Y2015/V16/I4/259

[1] Gaurav Bansod, Narayan Pisharoty, Abhijit Patil. BORON:面向普适计算的超轻量低功耗加密设计[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18(3): 332-345.
[2] Huan-zhao Wang, Peng Zhang, Lei Xiong, Xin Liu, Cheng-chen Hu. 一种安全、高性能的软件定义网络多控制器体系结构[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(7): 634-646.
[3] Gao-qi He, Yi Jin, Qi Chen, Zhen Liu, Wen-hui Yue, Xing-jian Lu. 基于影子障碍物模型的真实感人群转弯行为模拟[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(3): 200-211.
[4] Gui-lin CAI, Bao-sheng WANG, Wei HU, Tian-zuo WANG. 移动目标防御:现状及特征[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(11): 1122-1153.
[5] Hong-jiang Lei, Imran Shafique Ansari, Chao Gao, Yong-cai Guo, Gao-feng Pan, Khalid A. Qaraqe. 基于generalized-K信道的SIMO的物理层安全性能分析[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1074-1084.
[6] Guang-jia Song, Zhen-zhou Ji. 匿名地址解析模型[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(10): 1044-1055.
[7] Kok-Seng Wong, Myung Ho Kim. 面向优选应答的k-匿名模型[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(9): 720-731.
[8] Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. ImgFS:一种利用用户空间文件系统的图片存储透明加密技术[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(1): 28-42.
[9] Shuang Tan, Yan Jia. NaEPASC:一种新颖且高效的云数据公开审计机制[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(9): 794-804.
[10] Ahmad Karim, Rosli Bin Salleh, Muhammad Shiraz, Syed Adeel Ali Shah, Irfan Awan, Nor Badrul Anuar. 僵尸网络探测技术:回顾、发展趋势及存在的问题[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(11): 943-983.