SAS-2ª SAS-2(Simple And Secure password authen-tication protocol Ver.2) 9¸ }H¹ºY a 4 682P " <...

��14 � �

� � ��

SAS-2

A Remote Control System using SAS-2

1030276 ��

2003 � 2 � 12 ��! �"$#�% &�')(+*-,/.� �%�"

� �

SAS-2 � � ��

��

�� "!$#�%'&)(�*,+.-�/10325476829�':�;=< >=?A@1&i-mode B �=CADFEG�8��H�F!I#8%KJGL"M9NG&PORQ)- B ��C1D)0�S TVUXWZY 6\[]4=-1^._R`

a &R67[b-\cd@V�'e�f EAg�h=iRj"N�&9kl&�mA4Gn o p\qr�1s.tu�rvl�w%/ B �dx,y8D z1{0H| }VUXWZYH67[]4�-I2)�~�G&8LH"�ul0L u�u B �dx84\6P^�p9 wUbWY 6,[X4r-1^_R` a W,4�lo�uu1w9LHu�u B �x�4,L F�"R&) �G9[ B ��C1D)0�\lWRpoRYH`

L=P�" B �uxG�&=vVs7D) Z�"p.=R+H-q)&H4w� FTP(File Transfer Protocol)0H. WY�` Rr��L�F�=v�¡"¢��80H£ ¤VU5WRp=¥,Y¦�8�7%Ft§!�#,%K¨d8& v\s©DªG«u¬ @=¥RY�` a @ ®r¯r°G@ ª �±=G4

HTTP(Hyper Text Transfer Protocol) ²r³ SMTP(SimpleMail Transfer Protocol)

9}GoR�µ´ ¶ ·r4 ªSAS-2(Simple And Secure password authen-

tication protocol�

Ver.2)9¸ }H¹ºY a §4682P�" G&P»�¼r4.½ ¾.¿.À�ÂÁ Ã�ÄG&rÅ

o8LHu�uA� B �HC1D�)S TH¹�Y�y8D.z={99S�Æ ¹ºY `Ç"È7É�ÈÊ L u�uG º�

HTTP�

SMTP�

SAS-2�'Ë Ì\Í)�

– i –

Abstract

A Remote Control System using SAS-2

In recent years, the Internet systems are increasing, and various services are offered

on the Internet and personal digital assistants. C/S systems come to be used on com-

panies and educational facilities. For that reason, individual files are managed by a file

server. So, we research the service which transmits and receives files from a destination

to a file server. A famous access method to a file server is FTP(File Transfer Protocol).

However, accesses into a intranet with a fire wall are difficult.

In this thesis, I produce a new system using HTTP(Hyper Text Transfer Proto-

col), SMTP(Simple Mail Transfer Protocol), and SAS-2(Simple And Secure password

authentication protocol, Ver. 2). Such system does not dependent on environments of

a destination terminal and offeres secure contents communication services.

key words File service, HTTP, SMTP, SAS-2, E-mail

– ii –

�1 � �� 1

�2 � �

�� 32.1 VPN

46 Y��7�H� �"! �#. . . . . . . . . . . . . . . . . . . . . . . 3

2.2´�¶ B �Fx%$'&¦@=& (A�)¦vR#+* IP ,�- 9}GoH_.��V�H�/�"! �# . 4

2.3 FTP46 Y��0��V� � ��!��#

. . . . . . . . . . . . . . . . . . . . . . . 4

2.4 Pop-up Mail46�Y��7��/�"! �#

. . . . . . . . . . . . . . . . . . 4

�3 � �"��1�2��304 63.1 3 5�6 LHu�u87��# . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.1.1 9�: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.1.2 3 506 LHu�u87= . . . . . . . . . . . . . . . . . . . . . . . . . . 73.1.3

LHu�u87=rylD.z�{/;�<. . . . . . . . . . . . . . . . . . . . . . 8

3.2 SAS-29}8o _8L F�u8��!

. . . . . . . . . . . . . . . . . . . . . . . . 9

3.2.1>=�?A@©z�B�&�C�D

. . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2.2 SAS-2´�¶

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10�E�E�F.&.G�H. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

I�J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10´ ¶ J

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.2.3 K ��L)´ ¶ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.2.4

cNM B �ux8yGD.z={2;�< . . . . . . . . . . . . . . . . . . . . . . . 13O�P�Q�R

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

7 J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

S2T :�U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

– iii –

��

�V�H��R�rD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.2.5LHu�u B �¦x�yGD.z={2;�< . . . . . . . . . . . . . . . . . . . . . 14

3.2.6 SAS-2´�¶G9}Go _8L F�u>7 �*��R%��§

. . . . . . . . . . . . . 15

3.3c�M B �Fx�.LHF�u B �Fx 6 @=&)Ë�Ì\ÍP�&PW . . . . . . . . . . . 16

3.3.1LHu�uA=��!��941n�7YË=Ì\ÍP�¦&PW

. . . . . . . . . . . . 16

3.3.2LHu�uA=��!��941n�7YË=Ì\ÍP�¦&PW

. . . . . . . . . . . . 17

�4 � �� 194.1 � !rylD.zr{u» ¼ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4.1.1´ ¶��

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.1.2Íu�G��

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.1.3LHu�uA= J

. . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1.4LHu�uA= J

. . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.2 �� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

�5 � �� "!#�$ 315.1 %�& ylD.zr{)4(' ¹wY*)�+ . . . . . . . . . . . . . . . . . . . . . . . . . . 315.2 ��, � 4-'H¹wY*)�+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

�6 � .�/10 � 33

2�334

4�5�68735

– iv –

2.1 Pop-up Mail B �HC1D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.1 3 506 LHu�u%7� �# . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.2

L F�"%7 1yGD.z={uÃ��. . . . . . . . . . . . . . . . . . . . . . . . . 8

3.3´ ¶ J G&PW

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.4 SAS-2´=¶A9}GoH_,LHF�P87 �* ��% �§

. . . . . . . . . . . . . . . . . 15

3.5L F�"G ��941n(\YË=Ì\Í)��&PW

. . . . . . . . . . . . . . . . . . 16

3.6L F�"G ��!��941n(7Y§Ë=Ì\ÍP�¦&)W

. . . . . . . . . . . . . . . . 18

4.1´ ¶7LPM��

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.2ÍF�l��

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.3L F�"G ��

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.4L F�"G G&PW

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.5L F�"G ��

1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4.6L F�"G ��

2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

4.7 CPU �� ` 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284.8 CPU �� ` 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284.9 CPU �� ` 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294.10 CPU �� ` 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

– v –

4.1L F�"G �� 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

– vi –

1

�� ¥7��Y�� ª Ë=Ì�� A�d�VUXWZYH67[]4�-I2"��r@1¥r^._�!�7q��.�� ?P�H��4\6,2Å��1- J =0 %� UXW YH6R[ 4=-$2��l¥Y�` �� .� � ?"�H� ª�� &! �r4�¾ � =�#"�$G&�%�·3Pdp'&A)¿l-=o8q"&V-A^9proRYd&90 %( @1¥RY `�.� � ?P� � &')*+�,14�Go,��8��H�F!�#,%b0H/.-�/ ² dp=o�Y=`�l��H�u!º#R%§&

/ ² b:�;0l&21.3-�.�.&P* 46829� � EG�l�H�H�F!I#8% ª54 �.E768 579 @=-:-��Á� @

PVv L�y�z Å�� T�Ã�M�m

2

WY2µN\��j�kDm;��KR:u�M5�×ª2] 1�3�4 É \ ��Ë@R�dNoªp�j@{�|}jK´V¨R�fi0�p�8

1� ê`ý ��ÈzO�×ª�] 1�3�4 É \��}ËVm@o^pNU VPN(Virtual Private Network) U�� É \ªÊ��ê�j

� �Û]ÈÇ nIP �� U FTP ç�_��ns�Q��O

2.1 VPN � � �� ! " # $VPN

m�.U�%�&�`'©�\`«(Public Network)

¬}ê�'�\ c5R��`\�)(��Tj@¡�'©2\«+* Å oªzTý^j�ê7ë,��O- r:UJ�/.E!¨Ç�j�Þ10 É \ ��Ë@R �� o� RKè�Z2�(N�3�46573�98

2.2�� É \^Ê ��ê7j � �]`Ç n IP �� i0�z�km�µV\��½�j

2.2� � � � � � �� IP � � � � � � � ��

!#"%$'&)(%*,+.-0/21%3046587:9A@CB%D8EGF &.50(H9'I @KJ#BMLON2P &RQS!'"

@KTVUKWXDHUZYR[M\^]`_baZced#fRL.g:L'ECh / Y#[ -#i VPN WkjOl0mAnOo /Sp?qA/KrRs%/tvu2wGx#y{z}|~ cd#fOno -RiK1A3'4)5789;/ NRGmC#A@KRW2L0E $#&.({ m i JB# /2#R @KR`L6'Kg z cA z a z D /G- no0m{GDR}EZ &R2# mC#A@K d^##RB# 'm¡ dChvW w ]}_ba¢c£d#f

2.3 FTP ¤ ¥ ¦§� � � � � � � �

FTP m}¨?dª©8«ª S¬' Y#® i¯'°v± m !?²?³ wb´| E

2.4 Pop-up Mail m:¨RdX©b«X &R2¬? YR®

Pop-up Mail$?&ö0÷K-i h / ¨8U z ; Û Ä F 58/ \%WCE 3%ÃC&6Çû9bÄ r#s�� m ¶ d��

� F Ã w ¶ cAûE ä%åæ 7 z ÇÙ9bÄOïO&IXrs�� @��HWSL6N� - E� í� @��Cý��vm�� ãg��# z ðK&ª5 àRá w �� -'õ E ðS&k5:/ ¾ · W · w�� m z d#f RòÅðS&ª5:/ à#áA@ íî ÇÙ9bÄOï6&:I)/%ðS&ª5Å$#&.( WKE 3bÃC&6ÇÙ9Ä mG=R> ~ cÅN8â,LD:d p'q%/ Web � Æ#ÐSQ gûaGERâXñ $'&)(��b7`I ä ÷ dhW /��- �#î gÙa ?òÅðK&.5@KáRóRô dGhbW w�� -'¶ dRf "! ³b/�#%$'&�( ¨ · Pop-up Mail $#&'ö{÷ @KBvDRN 3 )� -0/ É?Ê 3S5 à?á'Y#®A@J

B`LN2©v«{F Ã è Ã+*¬' Y#® /-,�.R; Û Ä F 5 w ��/ ~ c`N8fGL.g:L !?"G; Û Ä F 5:/ �0 E1� ã / ��2{gMa .�#�$A/43

3

3.1 3� � � � � � � �

3 )�%É#Ê 325 àRá?YR® -?i E 3bÃ`Ä6Æ^Çû9bÄ í mC?Ò ~ c} ¶ dGÉ#Ê 3?7Ð2Ñ#&.5 m�� eEno /Sp?q (P &RQ ) m0 d r?s t�

� /�� @g #z D $0&ö0÷ @-�� d#f

3.1.1 ��Rò}ðS&ª5 W i EKF Ã� æ & j�� -��A/ ¾ · · w -?õ d65 ÷ è%7 -0¶ · E #òÅð2&5 @��}_XûE��,â0WAç 75:K3 7 -8ð'9 ä & � @�!�" dGhW w��"� W z d#fÚGN:E #òð2&k5i�# ¹%$ - z:| E'&�(G¾*)+ � / �{)5 &R @Cá#ô dGhbWS\ �� -'¶ dKhWg,aCE', � w Rò}ðS&ª5 @�- : NP &RQ#&K-0¶ cAûE'��Mâ�.?h6m - \ ð09 ä &/�102 & @�3 d'4 w��"� -'¶ dRfCh / N#:Eno0m0D#:EP Q w JRB`L)'D8d ; Û (v3C1?*+k- EGÉÊ 3?7ÐOÑ#&ª5 í /SRò}ðS&.5 @Ká#óRô dGhbW w�� W z dRf u mÅE P &RQ gÙaá#ô ~ c}N ?ò}ð2&k5i E ¯vÝ{ð2&.5:$?&.( m�5�6 ~ cd)NR}E', � w�7�8 - \93 d'4 w-'õ d#fh / ¨8U z J;:C@�< d ?ò}ð2&.5 @KBADE .%#�$0-Ri ECÉ#Ê 358$#&6({A/bð2&.5:$#&( W P &Q#/ JRB pRqA/ �SmÅâ

3.1 3 ��AÉRÊ 35 à?áRY#®

ó#ô ÝG/ ×A@ �� w��,~ c£d{W��'m`Eno pRq mRg#g}dGÉÊ 35{¬#�� \ �� -'õdKhvW w��`~ c df

3.1.2 3 ��

É#Ê 35:$'&)( Wkn2o /Kp#qA/ �Cm i â^ñ $#&( (Web $?&6( ) @CÒ õ EOn2oeWCâXñ $#&( � / >?ô0m i HTTP @CB%D:d?fÚN}E�� !?"8Ý mÞ#ß wbu��,~ c d ïKÃRG3 7�� ÷bï6&� YR® -?¶ dRE SAS-2 !R" YR®{@KBADRNOP &RQO!?" @KTVUªhbWm:¨ · Eÿ¸ 3 0m:¨Rd! �"G¾& · ÚbL6@0ÎSÏ`fâ^ñ $0&( WKÉ#Ê 3O5}$0&)( � -?i POP/SMTP @CBbD:E ?ò`ðK&)5 mÅ¨ · É'Ê 325:/¬# @KT UªhbWRW d#f

;3.1 3 #%$!&%')(+*�,.-0/.1

– 7 –

3.1 3 ��AÉRÊ 35 à?áRY#®

3.1.3 � � � � � � ��

��HTTP >�� Web ��! �"$#&%(')��*�!�&+,.-0/21�#�34%(')�&�

�5�768� SMTP �9�:�41?#�@�AB $� SMTP ;�C�D�E�F7G$H��JI�;�KL�L1#�@

3.2 SAS-2 ;�C�DLz5°P±�Q�I�4

3.2 SAS-2 � � � � � ��

3 ��[ &Y5°L±lQ2I�4�;� ��9 &Y2{)�L|o©Lª��oY7�9�J�)��[¿�#��;[)��P1 .

3.2.1 "!$#$%�&('*),+.-

{��P|o©4ªrAs6$�R]�/�^7_�/�z�6L+�bcse��[]WfJS2�[x0v:Eo{��P|P;10�2P1�#lz�34YP]�/^9_o 9"

3.2 SAS-2 ;�C�DLz5°P±�Q�I�4

3.2.2 SAS-2 ��

{��P|2©LªLp��PC�D�# SAS-2 ©Lª�Y�«��&6[5�Yo��N 9"

3.2 SAS-2 ;�C�DLz5°P±�Q�I�4

�� ,�-

1. {��4|[6 ID � S ;1T�V41#�A[��T�V4²L³rA:4�6�v:E7"

3.2 SAS-2 ;�C�DLz5°P±�Q�I�4

D = H(ID � F(C)) a � �5�4�:�r�L,�jlQL+�S$Xp�o 9Y1�L©4ª9M�WAX�1#L3

3.2.3 ��

ID � Password ;1T�VP1�#2�Yo©Lª�r�s4«��96�5PY �! �7a!#43

3.3 ��

©4ª�r�s96�*��7}4~WA*°4±lQ�I�� R@5AZ;��5z"\�L5M&N&O1)�]_^6!�,$`�W a4bG\�#.c5%9'

(.d�)�+fe*,�-$g"h�i.j1-lk@Wm\0S9THU�VDn5oZp�U4q6r�s�W5?�#�c9%�L&M"B&C�-ut�v5w�h@'

S9T�U�VDB&C1)�xmc&86: c5;0W�

3.2 SAS-2 )��5�S9T�U�V��

3.2.4 �� p�c V )��9��! 4S9T�U�V��"��#�$@W&%'�5? \&2�3(�c*)�K �� p�c V '�o,+,-D)]_^G-.��^0/1i21'3�4D)�'576

8,9�:�;

< c"=9K�w?> WWW )2@f>H?7\ ID \ Password \*p0cVZXBA"C�;9)m2 3D("cE)�W'F"GIHJ Efj"6KF�G"H J `Z�B5C@Km\&2�3�("c*)ML�W2N&O�`�?"P�j xFc986:�c�;�W < c'=&'.pGcV�XQA�CG;�W�R�SF>� < c'= ID -�>?�T"U7u` j,6VXW O�Y�ZE[9U4q�'�\�]�g7e5j@-*\&2�3(�c*)DO�Y�S9THU�V^("c*)I_\ ID - SAS-2 L5Mh2`�\�1�B&CD) �"� pGcAV.W2a*"@"b9Efj"6

c,d�e�f

< c'=2O�Y�S&T6U�V��,�,\,]D)�+Ig7j�-02z3(�ch).KZ\ < c�=m-�S9T�UHV^(5c*)Zd�h@'�LMD)�]_^ ,i \0pGcAVQ(�c*)"_ �,� p�cAV1n5oD)�jXk9Efj"6lF�vEH J 'Im�\ < c'=2O7Y XZY[Z;X\,]1)n+&g2o"pF`7 \ < c�= ID -rqQs!tHcuAzB5C@g&P�Y.OMvXi^w.x�(�c*).W'y,z7`^{"��j,6n|~} < c�=GL5M,,�HS9THU�V��,�Mn"q�Ah�S9THU�V^(&c?)�}4p�c VQ(�c*)W �� p�c V�h0o"-'Fj"6S9T�U�V^(�ch)}4p�c VQ(5c?)�h"KZ\K�& �� p�c VuO�YlL&M,�&*i V �69S9TU�V^(&c?)�WI{ < c�=GL"M��]��\zL"M"g2p,' j&�S9T�U�V�,��]� \K�5L&M,,�S9T�U�V��,� �� pGcAV.hMw.x("ch).W0o�-�fj,6

,X�

S�TGU�VB(Dc)QO�Y�o�Y `M{Di@2&@L"M&& < cI=�^}n&@L�M&&1g�&D\K4L1M�gp jQ�\�wxQ(4cn)mK\ < c�=�g��*��7SDT9U*V^�7w@DK < c�=5g

– 13 –

3.2 SAS-2 ��5�S9T�U�V��

o�-�9��7SDT9U*VMQ WWW ��2=@h��h�i j HTML(Hyper Text MarkupLanguage) ,$�h V� j�6

��

whx!(�c~) h@K < cI=I}2U@O4W�P" b�\x c��7c�s�'�!�7j'|Q& j�6�|n}�x c��.c"s0WI% g7jK3"4&��W��'�6

• � < c�=,} ID \ Password }�U5O �� F�vHL"M�!0W ID \ Password g�"&]Fu`m#!.\$ } ��T�U��\&%.v�O�Y ID \ Password �' fj� �(*)GW*y5{&|5}�W�'�` j9a^W�Fj"6

• t v"} S"T�U�V!&^}2T&U �� t v@w9hDW,&�~{Pmj"S"T�U�VM�T�U�\Ky&z�~{%�e"6

• � < c'='}�pGcAV.XMA'C~sn}~T�U+�,�-� ID \ Password /.�0�WZ\ P.v0XZYl[us W }4pHcV�XQA�C~sn�H J ?1 e?{,�'� a ^ W�Fj��i�\*p�c V�XQA�C~sn T,U�?{I%.eI6

3.2.5 1325476��

S9T�U�V^(�ch)�8Z\:9�;�

3.2 SAS-2 ��5�S9T�U�V��

3.2.6 SAS-2 ��+1+2 4 6�� 6

;��@h�8m\ < c�=HL"M} R�� { VXW�?�@ HS5T6U�V^("c*)Zdn��@j�6

�3.4 SAS-2 �! #"%$�&('*)�+-,/.1032!46587:9;.

VEWL?�@ 8F\=1W2`"\�1xfc��,Bw.xD("cX)4Q R�h S"THUGVQ(@c?)�W*o"-, jI6Hw*>\V W�?�@ OY&\=1W'`I\D1�xFc��,�ACB�D7E{ HTTP @I-�'�!��{�whxD(�c~)�W&ojI6wlx(&c?)�W9oY `u{"i" x7cG��8m\ $ }"w5w2}��h �� p�cAV�WFEHGB5S9T�U�V^(&c).WoI- ` jI6*S"TGUGVM("cX) 8&o Y `Q{@i�nI�nT�7E{�%�e�6 %1W V W�?L@ h A \ C \F(C) HI@J��K4W \ ID \ML0\ON�\9S�T�U�Vu�&�7�4quA~OA@BPD��whx^(@c~)MQSRHhS&THU�VQ("c).W9o,-,fj"6 V WL?�@ hL82"H,�D} H(ID \ F(C)) PIHJ� T5�{&%e,6*S9T6U�VQ("c*)�h�8PHT�U��]��\="g�p�'fj0\*S9T�U�V��"�&&jEk' j�6Gw�\K�H"�} x7cG��>%IHJ�?{I%.e"6*S9T�UHV��,�"gPVMWXfj�\*S&T�U�Vu(5c)DO7Ywlx(&c?)I_\*S9T�U�V��,�,�f\K"�,��6AHBXD�6�>X}� �� p�c V�WFEHG� o-'fj"6VEWL?�@ 82T"�X{&%'��,?"��} H(ID \ F(C)) lo�Y `Q{�i"�,?,,PY

– 15 –

3.3 wKx(5c) \0S9T�U�V^(&c)md�hI} �� p�c�VQ}��`� "\K,�"g�p�'fjHS9T�UHV��,��,&��Y ` j'6

3.3��

;@�@�1h#8f\0S�TGU�VB(DcE)^O�Y V W#?#@ WmS"T�U�VQ�+&-Ij/J#K9\ V�W#?#@ OYS9T�U�Vu(5c?)�W S9T�U�Vu�o�-' j:JLK} �D 1S9THU�V��,��#�$��Fj"6

3.3.1 1325476�� "!$#&%('&)+*&, -/. 0D 6"132+45

3.5 687:9�;8=�?A@CBED�9AFHG3IKJML ?L@ 6E=N?C@MBu�O�P�Q�RTSVU�WNXZY�[]\^D_9Fa`�=N?A@CBZD�9AF>bcX8dTe>f89gBEX��8hZi�jNS3k

l3.5 m�nporq�sgtvuxwzy�{_|~}gzqTr]

z Y�[x\^D9gFGVI79T; ID Y Password Y_[x\D�9AFXHf89BEE��ci8_ M

– 16 –

3.3 [x\^D�9AF$Yv=N?C@CBZDT9AF b��X8dTe>f89gBEX��8h

d�e>f�9BZi:=N?M@CBZD_9F^6��_PNS3U_k=�?C@8B>D_9CF��NO��N87E9_;��G+I SAS-2 ��^i��_S+U k��

3.3 [x\^D�9AF$Yv=N?C@CBZDT9AF b��X8dTe>f89gBEX��8h

l3.6 mvno q��Kt��vu]w]yM{ | }K_ zqNr]

=?8@vBO PQR��+`��H63Y_[\D 98FEG Ix7>9 ; ID Y Password Y�[\ZD^9CFXf�9BZET�vi�T/A8d�e>f�9gBZi:=T?A@CBZDT9CF6 �TPNS3U_k=�?C@8B>D_9CF��NO��N87E9_;��G+I SAS-2 ��î��_S+U k�� f89 B6�� h>=N?C@CB `rdTe>f89 BEX�),+-�/�1 `3254�/�1î 6k7 9 S�;,!@�Bvi�� Yv=�?A@CBZD_9gF6 ��PNS3U_k=N?C@CBZD9F!�vO��!c:=N?C@MB:i��_9�B \�� cX��X:=��gB�-6 X� _Y�!#"%$�&ÔTP�'!Kf�+)(+*�, `�Y SAS-2 ��.-�N�/U.O�Q��i�dTe>f�*/&0-v�_YT[x\21�*43�-��5NS3U_k6 *#7 � Y�8�9�R�S.-�N�T�U?V�W YIX�Y/ZU�N�T��O�Q��[^XP\:*�] `�!#"�$�&�1�*3�;=*?3@-��A< hAU�^��O�Q��i�_�`/_YIO�Q��B��TS3U^`�!�"%$�&�5�L�Mi?#C< h$U�k

– 18 –

4

�3 � �� {DU�^�ZY?8�9�R�SVYv[x\21�*�3 Y !#"�$�&+1�*%3ZX 3 �:b?�X�!#"�$�&

� R i��NSVUC�ZYI@�cX�

� ��TR��^��Bvi��/CZk

4.1 � � � � � � � �� 8�9�R�S�

• CPU:Pentium 345MHz

• f � � :128MB• HDD:4GB

• OS:Windows2000SP2

• Web !,@#" 7 :IE6.0SP2

� [ \21�*43$�• CPU:Celeron1.5GHz

• f � � :256MB• HDD:40GB


• Server:AN HTTPD1.4

• System:PHPversion4.2.2

– 19 –

4.1 �TR��^��B��

• ServletEngine:ApacheJServ1.1.2

• Data Base:MySQL3.23

• SMTP Server:Radish ver1.0.0

• POP Server:PS.PoP3

� !�"�$�&+1�*%3$�

• CPU:Celeron1.2GHz

• f � � :256MB• HDD:40GB


�� X�

� ��TR��^��B5H�R�� i [��/AEk�!�"%$�& � R��^X#;�;>U�:`xi��21�*%3�� -�� _�` �� ,+�� 8i?[��/��8�9�R�S>-��|�� 6 *#7i��/�I_�` �� ,+�� 8i?[TTZk

– 20 –

4.1 ��^��B��

4.1.1 ��

6 *#7�� 4!#"�$�&+1�*�3� Web !�@"�7vi�[T�U� �)(Z�

� :`xi�� `8 U�T��_k� �� ^��B�� 4.1 �

�:��$ �.! ��*�Bvi��/CZk ID ` Passwordi��/��!#"�$�&+1�*�3��5�� h@- 7 SAS-2 ��B��Kh��Tk� �U��[�� 6 *�7 � %� � -NjV U�& � ID !"� " �47�*Z�-�#%$ �'&'(') B��^��

� -��U�T*�_k

l4.1 +-,8m�.p0/

��&�(") �� I'��21 - g �)(EA�T�!�"�$�&+1�*%3 9 �f */&Z N� SAS-2�� i�� p�� ID Password i (") ��_k��Z� (') � h/P\=*�] � �� 21�*�3 �\ *�]�3+*�-�4"5�� hdTe>f�*�&@- "��!#"�$�& � �>B7698;:� ��k

– 21 –

4.1 ��^��B��

4.1.2 vtc��6 *#7�� SAS-2 ��B�� 7:� � 4.2 �vj�>f�$ �� -�� k

l4.2 o��

f�$ �� .-�U@!#"�$�&��5 � ��B�8�� # � -E U�& �Nk��] ��!#"�$�&��! #"��$�%/�&�� HI��5��(]��-�U@!�"%$�&0��#�B%698 :I ��'!#"�$�&0��5 � ��(��)� � /��& ��'�+*�,�!#"�$�&��5 �.-�/;:4��.-��#�]��0!1�[/ZU�T �+243�& ��2�-�& ��!�"�$�& �?|!5��6 ��*:)B��^ 7&��I��5#�]� ;=< 6 *#7 � 8 9�R�S.;=

4.1 ��^��B��

4.1.3 a8bdcfe��th��

!#"�$�&+1>*?3@-�� 0!#"�$�&�B�& ��#;�C�E�� -�/ � *T@!#"%$�&�B�.;*AU�&*� \ �v�� '��?��5 !��*�B-��%$.��] �.�� '��*@- 7 !�"�$�&1�*�3 2 -�& � �� C3\ �� !#"�$�&�B7��T.-�$!%�� *��!'!#"�$�&0��# �.-!/ 6 *#7��8�9 -�U��/5T@!�"%$�&(�� I��5 ! ��*�B-+!#"�$�&

'��7$*��5#�(]��;=< \:*�]7�?��5� �#'8�9�R�S>; < \ *�]�B��5f� * !#"�$�&+1�*430-+!#"�$�&�B0&9*0�#��

4.1 ��

!#"�$�&0|#5 ��5��!#"�$�& � ��, �� !#"�$�&�� $!��080 �� :��#'� *�- �� "!$# � ��,��#��" ��%&��,('�)�!�* �,+ /-�.0/21�3�3 �4��5�6�7 �� 8!$#(9'��:�;"@?�*BA�'�� 8!8#��C 1(D�E AGF�H�IKJ

4.1 ��

4.1.4 ��

�� 8!8#uo�� 3@Y �� 8!8# -�.�/21 *�� ."! rkA�#�I%$�&�L2M�IKNO�P�Q&A�S

'4.5 (*),+�-�.%$0/01 1

W .�X @? 1 QRA�� 8!#�

4.1 �� O ��

'4.6 (*),+�-�.��0/01 2

<4.6 I (3) &�� 8!$#uo�*�� . ! rkAN#�I�� G�� QRA�S�� $!8#�

4.2 ��

4.2� �

��$ &�I�� c �� 8!8#(_�C�9�� 1D�c � d L�M�I 2 ��I��fo ��]&S

• �� =�> 3kY �� 8!8#��oR�� d �� !$#�� 8 d �N��=�>� 3kY�� #��oR�� d�� #�� 8 d �N��=�>�< �� #�� "�� o �. O ."�� Y \OA�T � I5�� = > � I CPU 5�6! �I��fkS�� #RI"8Q2?8o 11 #"7 . 9�$!%&� d x\('�\^I �� # 1*) ��+��!� 1�3�3 A":�;

I�,��(o��] "!� o*A 4.1 1 B�rkS

KByte 50 100 150 200 250 300

Time(Second) 6.532 7.514 8.535 9.707 10.969 12.420

KByte 350 400 450 500 1000

Time(Second) 14.113 15.996 16.226 17.278 36.846-

4.1 (*),+�-�.��/10

2 ?43 �!�� #RI�_�C�95� � QRA0< d65!7 . # HTTP N�Cho*$ c +(I d 3 8u; � I�� #(9��I�]�$ d % Z �� 1 :�;"< 3�3 A csj "��

4.2 ��

11 #@7 . 9�I �� #(_�C�9 �o j # 1^d ��= > 1�3�3 A CPU 5�6(o,�� $]&S,�� "� o < 4.7 d�< 4.8 d < 4.9 d�< 4.10 1 B�rkS3 Dtd�< 4.7 � 50KByte d 100KByte d 150KByte d 200KByte d < 4.8 � 250KByte d

300KByted

350KByted

400KByted <

4.9�

450KByted

500KByted <

4.10�

1MByte

I �� #(_�C�I�# 1 ��= > 1�3�3 A CPU 5�6� �I "�� Q&A�S

'4.7 CPU �� 1

'4.8 CPU �� 2

– 28 –

4.2 ��

'4.9 CPU �� 3

<4.10

1 B�r 1MByte I �� _�C�95� 1(D�E A��%� =5>hI CPU 5�6! � d �!��56�I�� J I�"RQ*3��(o�� 4+�� 1 ��]&S

'4.10 CPU �� 4

�� _C9�� 1hD�E AN��=�>2I CPU 56 2I�, ��lL�M�I�� j 3 " �

\R]&S

•i I�"RQh?�I ��21D�c + � d ��"�5�6�� id�� IKF�f 3�� Q&A�S

•�� _�C�9��! 1 ��"�5�6��

4.2 ��

�� I��- Y�� 2.�1 � -�-,AG< d �� = >�.��A �!��$%&�

5

5.1� � � � � � � � � �

*�� d � � � O�� o�� d�� . �!��)�� "$ � Q��0�� O o��1 �� - � d � �� d*��)�� /�9 !�d�� y�z { o j ! j T � . �#" ��+ �3� ��0x� ��d � �� d�� /59 !�d��#$ . ) �4+ d �� =�> ��!� 1�.&%')((o&* � d y�z {d�+ w { o j � � �!�-,/./021!33� �� O&3&�4

�436527��(398 3 :�);=)?�@��!� 3BADCFE/G . ��H 1I/J ��K#L6M�N � �PO �!��)Q .��1 $%-(-�� E/G OFR)ST;U7V�)�5!79W�� . �` �_H2a27 36b �#� GdcZe $

fhg2ikj �mlBH�nZo W��qpsrZt $u i &vZw>x)y{z i 8 i ��P) {8_}6~P p�� })~P p/3

5.2 �� 6��

5.2� � ��

��dµ ��VG�2 H��µ�� C i O�µ&x�¸ | 8 7 � º

•s �� "!BA"# i 527> i 8 i ¹ º�$ ² }~2 p&%�')(_ ) ��

6

�� \��H&}~P pZq GP µ ) µ�� #Zq�!� u�H 3 ��_\ � HTTP !�s¹ H ��s� G }�~P p��P ��\�� POP/SMTP !�s¹>�6E�G \H �Z� µ 6 7#�� ¥��VH�� "! i })~P p#r$#)t&!BA j,+�º [ + H�� * µ&%$' �kl&H)($* +-, L0/;1 3 KM4 \µs}6~P p � Q O/.-0

�� KkL�MN � � �� H �� ! �$� !#"%$ �&�)y)y'��(�) +* j -,�. i �0/�1�2 ��3 f#i / ��4 !+5 j,+�º-6�6 +78�9 ;:= � � �� ?�@�� BA�CD��FEHG+I'J � �LK G 2 ² y M 3�N�O

�P� �� QZ ¹6#R�S i#T�U'V !¹ ++W u /'1�2"!#5 j,+�º�� )��> � � �� ?�@�� BA�CD��FEHG+I'J � �LK G 1 ² y �X Y�Z

O�� :�[ \ O��&]�^ _�O`� ��B�� aE%G+I'J � �� 4 ² y b : c�d�e O��0f�gh y�O��&i�jDk�l�O��&m�n o�p�q�O`� c Vsr N�O��0t �Du O 3 ² ykµwv�xzy�{�O ! �z$w|~}�-/'��#¹ +�º-6�6 +P 8� !#;� º 8 1 + � � < ='w�`� 12"!##¹ +w�� ¬a-7 8�9= :=

[1] � [s , ��g�� , '� �� , NTT � �� 3 4�4 O�� P � G �� , �� e�� G�� µ�� , pp.38-40, 1997-09

[2] T. Tsuji, T. Kamioka, and A. Shimizu, � Simple and secure password authenticationprotocol, ver.2(SAS-2), IEICE Technical Report, OIS2002-30, vol.102, no.314,pp.7-11, September 2002

º

[3] j�! "�#� PHP � � Web !$&%(')� E+* 4 G �-,.� � 4 $/� 0 �2143 465 ,)78% 1 E 4)9�:$��;�<

[4] Steven Holzner

� Java $>= 9�?A@CB)9 Black Book :�DE;�

SAS-2ª SAS-2(Simple And Secure password authen-tication protocol Ver.2) 9¸ }H¹ºY a 4 682P " <...

Documents

Transcript of SAS-2ª SAS-2(Simple And Secure password authen-tication protocol Ver.2) 9¸ }H¹ºY a 4 682P " <...