在結合生物資訊及智慧卡的技術以應用於遠端使用者的認證架構方面,Lee 等人於 2002年提出一個以指紋辨識為基礎的架構。他們的系統傑出的將指紋辨識引入了用智慧卡辨識遠端使用者的架構中。但儘管如此,他們所提出的架構仍舊存在著安全上的弱點,以致於無法抵擋偽裝攻擊。 在本篇論文中,我們將分析Lee等人的架構,指出其安全上的瑕疵,並且提出一個改進的架構來強化Lee等人的系統。克服了Lee 等人所提出的架構在安全上的弱點,我們所提出來的架構可以確保只有被授權的使用者能夠存取系統上的資源。 另外,在考慮使用者的習慣及需求下,我們進一步的提出一個更具有彈性的架構。這個架構不但可以讓使用者選擇密碼,並由使用者在需要時亦可以不必再透過註冊中心,而自行修改密碼。 本論文中所提出的二個架構,在安全上都可以抵擋重送攻擊(Repaly Attack)與偽裝攻擊(Impersonation Attack). In 2002, Lee, Ryu and Yoo proposed a fingerprint-based remote user authentication scheme by using smart cards and biometrics. Their scheme is novel by introducing a fingerprint-based verification into authentication scheme using smart cards. However, their scheme is vulnerable to masquerade attack. In this thesis, we point out a cryptanalysis of Lee-Ryu-Yoo scheme and propose an improved scheme to enhance the security of their scheme in order to overcome the vulnerability. Our scheme which protects the host system can only be accessed by authorized users. Furthermore, considering the user’s habits and requirements, we propose a more flexible scheme, so that the users can conveniently choose and change their passwords. Both of the proposed schemes can withstand replay attack and masquerade attack.
