在本篇論文中,我們根據行動裝置以及網路的發達,研究了如何使用通行碼 在行動裝置上簽署數位簽章,而且當行動裝置遭惡意攻擊者竊取時,攻擊者無法 找出通行碼也無法偽造出合法的數位簽章,為了要達到這樣的目的,我們利用網 路發達的優勢,將行動裝置的秘密資訊,以及客戶的可記憶通行碼與服務者的秘 密資訊結合在一起來產生一個數位簽章。由於我們希望正確的使用者擁有其行動 裝置才能產生數位簽章,因此在產生數位簽章之前必須要對客戶與服務者的身份 進行驗證,驗證通過才產生出數位簽章,而在身份驗證的過程中可能會遭遇到許 多的問題,例如:利用字典攻擊法來猜測出通行碼。此外我們還對我們的數位簽
章給予了一個正規化的證明,包括了利用 PAK 所提出的證明模式對我們協定中
身份認證的部分做了一個正規化的證明、傳遞訊息時所需要的ElGamal 加密系統
的安全性,以及我們的PS 協定所產生的數位簽章的安全性證明。
在未來的工作方向上,希望能對簽章的性質做一些變化,例如前進式安全
(Forward Secure)或者是將我們簽章用的秘密資訊以及通行碼改造成金鑰獨立 式(Key Isolated)的模式,以更符合實際上安全性的要求,並且能對這樣的協定 提出一個更完整的證明模式來證明協定的安全性。
48
-第六章 參考文獻
[1] S. Bellovin and M. Merritt,“Encrypted key exchange:password-based authenticated key exchange,"Proceedings of the IEEE Symposium on Security and Privacy, pp.72-84 1992.
[2] S. Bellovin and M. Merritt,“Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password-file compromise,"Proceedings of the 1st ACM Conference on Computer and Communications Security, pp.244-250, 1993.
[3] M. Boyarsky,“Public-key cryptography and password protocols:the multi-user case,"Proceedings of the 6th ACM Conference on Computer and Communications Security, pp63-72 1999.
[4] V. Boyko, P. MacKenzie and S. Patel,“Provable secure password authenticated key exchange using Diffie-Hellman,"EUROCRYPT’00, LCNS1807, pp.156-171, 2000.
[5] D. Jablon,“Strong password-only authenticated key exchange,"ACM SIGCOMM Computer Communication Review, vol.26, no.5, pp.5-26, 1996.
[6] T. Kwon and J. Song, “ Authentication and key agreement via memorable passwords,"ISOC Network and Distributed System Security Symposium, 2001.
[7] M. Lomas, L. Gong, J. Saltzer and R. Needham,“Reducing risks from poorly chosen keys,"Proceedings of the twelfth ACM symposium on Operating systems principles, pp.14-18, 1989.
49
-[8] S. Lucks,“Open key exchange:how to defeat dictionary attacks without encrypting public keys,"Proceedings of the 5th International Workshop on Security Protocols, pp.79-90, 1997.
[9] P. MacKenzie and R. Swaminathan,“Secure network authentication with password identification,"manuscript.
[10] M. Steiner, G. Tsukil and M. Waidner,“Refinement and extension of encrypted key exchange"ACM SIGOPS Operating System Review, vol.29, no.3, pp.22-30, 1995.
[11] Y. Ding and P. Hoster, “ Undetectable on-line password guessing attacks, " ACM SIGOPS Operating Systems Review, vol.29, no.4, pp.77-86,1995.
[12] P. MacKenzie, T. Shrimpton, and M. Jakobsson, “ Threshold Password-Authenticated Key Exchange,"Proceedings of CRYPTO’02, LNCS2442, pp.385-400, 2002.
[13] J. Kats, R. Ostrovsky and M. Yung“Efficient password-authenticated key exchange using human-memorable passwords,"EUROCRYPT’01, LNCS2045, pp.475, 2001.
[14] Goldreich and Y. Lindell, “ Session key generation using human password only,"CRYPTO’01, LNCS2139, pp.408-432, 2001.
[15] R. Gennaro and Y. Lindell, “ A framework for password-based authenticated key exchange"EUROCRYPT’03, LNCS2656, pp.524-543, 2003.
[16] S. Patel,“Number theoretic attacks on secure password schemes,"
Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp.236-248, 1997.
50
-[17] O. Goldreich,“Foundations of cryptography:basic tools,"Cambridge University Press, 2001.
[18] U. Feige, A. Fiat and A. Shamir,“Zero knowledge proofs of identity"
Journal of Cryptology, vol.1,no.2, pp.77-94, 1988.
[19] D. Denning and G. Sacco,“Timestamps in key distribution protocols,"
Communications of the ACM, vol.24, no.8, pp.533-536, 1981.
[20] W. Diffie and M. Hellman,“New directions in cryptograpy"IEEE Transactions on Information Theory, vol.22, no.6, pp.644-654, 1976.
[21] R. Rivest, A. Shamir, and L. Adleman,“A method for obtaining digital signature and public key cryptosystems"Communications of the ACM, vol.21, no.2, pp.120-126, 1978.
[22] T. ElGamal,“A public key cryptosystem and a signature scheme based on discrete logarithms"Crypto’84, LNCS196, pp.10-18, 1984.
[23] C. Guillou and J. Quisquater,“A paradoxical identity-based signature scheme resulting from zero-knowledge " Advances in Cryptology - CRYPTO'88: Proceedings, LNCS 403, pp.216-231, 1988.
[24] M. Mambo, K. Usuda, and E. Okamoto, “ Proxy signatures for delegating signing operation,"Proceedings of the 3rd ACM conference on Computer and communications security, pp.48-57, 1996.
[25] S. Kim, S, Park and D. Won, “ Proxy signatures, revisited, " Proceedings of International Conference on Information and Communication Security, LNCS1334, pp.223-232, 1997.
[26] A. De Santis, Y. Desmedt, Y. Frankel and M. Yung,“Who to share a function securely, " Proceeding of the Twenty-Sixth Annual ACM Symposium on Theory of Computing, pp.522-533, 1994.
51
-[27] V. Shoup,“Practical threshold signature,"Proceedings of Advances in Cryptology-EuroCrypt’00, LNCS1807, pp.207-220, 2000.
[28] G. Atniese, J. Camenisch, M. Joye, and G. Tsudik,“A practical and provably secure coalition0resistant group signature scheme, " Proceedings of Advances in Cryptology-CRYPTO’00, LNCS1880, pp.255-270, 2000.
[29] J. Camenisch, “ Efficient and generalized group signatures, " Proceedings of Advances in Cryptology-EUROCRYPT’97, LNCS233, pp.465-479, 1997.