由於低計算成本與方便的可攜性，在遠端身份認證系統中，智慧卡已經普遍被採用來儲存個人秘密資料。雖然，許多使用智慧卡的身份認證機制在一些文獻中已經廣泛地被討論，但是他們仍然遭受到一些可能的攻擊或是沒有良好的計算效率。在本篇論文中，我們將歸納遠端身份認證機制的各項準則，進而提出一個符合這些準則的全新遠端身份認證機制。這個機制不僅能滿足智慧卡低計算量的要求，而且還可以抵擋重送攻擊和離線字典攻擊。此外我們的方法不需要像傳統方法在系統端存放密碼表格以供驗證，也不用在系統和使用者間進行時間同步化的動作，同時還可以達到雙向驗證與確保有效卡的唯一性。

Due to low computation cost and convenient portability, smart cards are usually adopted to store the personal secret information of users for remote authentication. Although many remote authentication schemes using smart cards have been introduced in the literatures, they still suffer from some possible attacks or cannot guarantee the quality of performance for smart cards. In this thesis, we classify the security criteria of remote authentication and propose a new remote login scheme using smart cards to satisfy all of these criteria. Not only does the proposed scheme achieve the low computation requirement for smart cards, but it can withstand the replay and the off-line dictionary attacks as well. Moreover, our scheme requires neither any password table for verification nor clock synchronization between each user and the server while providing both mutual authentication and the uniqueness of valid cards.

CHAPTER 1 INTRODUCTION 1
1.1 MOTIVATION 1
1.2 THE CRITERIA OF REMOTE AUTHENTICATION 3
1.3 TOPICS TO BE STUDIED 4
CHAPTER 2 RELATED WORKS 5
2.1 CHANG-WU SCHEME 5
2.2 WU SCHEME 6
2.3 WANG-CHANG SCHEME 8
2.4 YANG-SHIEH SCHEME 10
2.5 TAN-ZHU SCHEME 13
2.6 HWANG-LI SCHEME 16
2.7 SUN SCHEME 17
2.8 CHIEN-JAN-TSENG SCHEME 18
2.9 LEE-HWANG-YANG SCHEME 20
2.10 WANG SCHEME 21
2.11 LIN-SHEN-HWANG SCHEME 24
2.12 WU-CHIEU SCHEME 25
2.13 JUANG SCHEME 27
CHAPTER 3 BASIC IDEAS 28
CHAPTER 4 THE PROPOSED PROTOCOLS 30
4.1 THE REGISTRATION PROTOCOL 30
4.2 THE LOGIN PROTOCOL 32
CHAPTER 5 ANALYSIS AND DISCUSSIONS 35
5.1 PROPERTY ANALYSIS 35
5.2 PERFORMANCE ANALYSIS 41
CHAPTER 6 CONCLUSIONS AND FUTURE WORKS 44
REFERENCE 45
APPENDIX 47
A.1 THE ACCEPTED LETTER 47
A.2 THE FIRST PAGE OF THE PUBLISHED PAPER 49
A.3 THE IMPLEMENTATION OF OUR PROPOSED PROTOCOL 50
A.4 THE KEY PART OF SOURCE CODES 57

[1] C.C. Chang and T.C. Wu, “Remote password authentication with smart cards,” IEE Proceedings - Computers and Digital Techniques, Vol. 138, No. 3, pp. 165-168, 1991.
[2] K.F. Chen and S. Zhong, “Attacks on the (enhanced) Yang-Shieh authentication,” Computers & Security, Vol. 22, No. 8, pp. 725-727, 2003.
[3] H.Y. Chien, J.K. Jan, and Y.M. Tseng, “An efficient and practical solution to remote authentication: smart card,” Computers & Security, Vol. 21, No. 4, pp. 372-375, 2002.
[4] A.J. Evan, W. Kantrowitz, and E. Weiss, “A user authentication system not requiring secrecy in the computer,” Communications of ACM, Vol. 17, pp. 437-442, 1974.
[5] C.L. Hsu, “Security of two remote authentication schemes using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 4, pp. 1196-1198, 2003.
[6] M.S. Hwang and L.H. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, pp. 28-30, 2000.
[7] M.S. Hwang, C.C. Lee, and Y.L. Tang, “A simple remote user authentication scheme,” Mathematical and Computer Modelling, Vol. 36, No. 1-2, pp. 103-107, 2002.
[8] W.S. Juang “Efficient password authenticated key agreement using smart cards,” Computers & Security, Vol. 23, No. 2, pp. 167-173, 2004.
[9] A. Kehne, J. Schonwalder, and H. Langenorfer, “A nonce-based protocol for multiple authentication,” ACM Operating Systems Review, Vol. 26, No. 4, pp. 84-89, 1992.
[10] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Proc. Advances in Cryptology (CRYPTO’ 99), pp. 388-397, 1999.
[11] W.C Ku and S.H. Chen, “Weakness and improvements of an efficient password based remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, pp. 204-207, 2004.
[12] L. Lamport, “Password authentication with insecure communication,” Communications of ACM, Vol. 24, pp. 28-30, 1981.
[13] C.C. Lee, M.S. Hwang, and W.P. Yang, “A flexible remote user authentication scheme using smart cards,” ACM Operating systems review, Vol. 36, No. 4, pp. 23-29, 2002.
[14] R.E. Lennon, S.M. Matyas, and C.H. Meyer, “Cryptographic authentication of time invariant quantities,” IEEE Transactions on Communications, Vol. 29, No. 6, pp. 773-777, 1981.
[15] C.W. Lin, J.J. Shen, and M. S. Hwang, “Security enhancement for optimal strong-password authentication protocol,” ACM Operating Systems Review, Vol. 37, No. 3, pp. 12-16, 2003.
[16] A. Menezes, P. van Oorschot, S. Vanstone, Handbook of applied cryptography, CRC Press LLC, Boca Raton, 1997.
[17] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining smart card security under the threat of power analysis attacks,” IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002.
[18] R.M. Needham and M.D. Schroeder, "Using Encryption for Authentication in Large Networks of Computers", Communications of the ACM, Vol.21, No.12, pp.993-999, 1978.
[19] B.C. Neuman and S.G. Stubblebine, “A note on the use of timestamps as nonces,” ACM Operating Systems Review, Vol. 27, No. 2, pp. 10-14, 1993.
[20] R.C. Peralta, “A simple and fast probabilistic algorithm for computing square roots modulo a prime number,” IEEE Transactions on Information Theory, Vol. 32, No. 6, pp. 846-847,1986.
[21] M.O. Rabin, “Digitalized signatures and public-key functions as intractable as factorizations,” Technical Report, MIT/LCS/TR212, MIT Lab., Computer Science, Cambridge, Mass. Jan. 1979.
[22] S.P. Shieh and W.H. Yang, “An authentication protocol and Key distribution system for open network system,” ACM Operating Systems Review, Vol. 30, No. 2, pp. 32-41, 1996.
[23] H.M. Sun, “An efficient remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 4, pp. 958-961, 2000.
[24] K. Tan and H. Zhu, “Remote password authentication scheme based on cross-product,” Computer Communications, Vol. 22, No. 4, pp. 390-393, 1999.
[25] S.J. Wang and J.F. Chang, “Smart card based secure password authentication scheme,” Computers & Security, Vol. 15, No. 3, pp. 231-237, 1996.
[26] S.J. Wang, “Yet another log-in authentication using N-dimensional construction based on circle property,” IEEE Transactions on Consumer Electronics, Vol. 49, No. 2, pp. 337-341, 2003.
[27] T.C. Wu, “Remote login authentication scheme based on a geometric,” Computer Communications, Vol. 18, No. 12, pp. 959-963, 1995.
[28] S.T. Wu and B.C. Chieu, “A user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 22, No. 6, pp. 547-550, 2003.
[29] W.H. Yang and S.P. Shieh, “Password authentication schemes with smart cards,” Computers & Security, Vol. 18, No. 8, pp. 727-733, 1999.
[30] C.C. Yang and R.C. Wang, “Cryptanalysis of a user friendly remote authentication scheme with smart cards,” Computers & Security, Vol. 23, No. 5, pp. 425-427, 2004.
[31] H.T. Yeh, H.M. Sun, and T. Hwang, “Security analysis of the generalized key agreement and password authentication protocol,” IEEE Communications Letters, Vol. 5, No. 11, pp. 462-463, 2001.
[32] S.M. Yen, and K.H. Liao, “Shared authentication token secure against replay and weak key attacks,” Information Processing Letters, Vol. 62, No. 2, pp. 78-80, 1997.