Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/17451
標題: 各種網路環境下的認證機制之研究
A Study of Authentication Schemes for Various Communication Environments
作者: 簡宏宇
Chien, Hung Yu
關鍵字: 密碼學;認證;wireless communication;mobile network;cryptography;authentication;無線通訊;移動式網路
出版社: 應用數學系
摘要: 
在我們日常生活當中,有越來越多的機會利用公共網路來傳送及存取個人機密資訊,因此,如何確認使用者身份及保護傳輸資料不被篡改或取得,是件重要的安全議題。通常傳輸資訊之保密,可經由對資訊加密來達成,而加密作業必需通訊之參與者事先溝通好共同的加密金鑰。加密金鑰之產生方式有下列數種:金鑰分配協定、金鑰共議協定、及群體導向式金鑰分配與金鑰共議協定。然而,在產生共同金鑰之同時,必需確認通訊對方之身份。因此,如何設計安全且有效率的認證分配金鑰與金鑰共議協定是件重要的研究課題。
隨著技術不斷的演進,今日我們所使用的公共網路也越來越多樣化,計有線式網路 (如:區域網路及網際網路)、無線式網路 (如:GSM 或 3G)、移動式網路 (如: Mobile-IP)、自動櫃員機網路及公用資訊站 (如:Internet Kiosks)等。這些不同的網路環境對設計認證分配金鑰與金鑰共議協定會有一些不同的需求。在本論文中,我們將探討不同環境下的個別需求,並提出我們的解決方案。
在本論文中,我們首先討論有線環境下的金鑰認證協定。如果被認證的一方是一般使用者,我們稱呼該機制為遠端登入機制。我們討論兩個已知機制的弱點並提出改良。接著,我們提出一新的機制;該機制的效率及功能性都比先前提出的機制表現佳。此外,我們也將討論群體導向式認證機制。
無線通訊的無線頻道比有線頻道更易招受攻擊,且目前行動設備的計算能力及電力遠不如一般的電腦。因此,在設計金鑰認證協定時須特別考量這些因素。此外,使用者的匿名及使用服務的不可否認性,也是設計無線金鑰認證協定的重要考量。在這一部份,我們首先討論現有協定的弱點及其改良;接著,提出一種新的無線金鑰認證協定。此協定除了提供較完整的匿名性功能及不可否認性外,也比先前所提出的機制效率佳。
由於無線區域網路及移動式 IP 的發展,移動式的使用者可以在跨領域經過認證後取得網路服務。設計跨領域的金鑰認證協定須考量擴充性、通訊及計算效率、以及對各種可能攻擊之防禦強度。在這部份,我們將討論現有機制的弱點,且提出一有效率的新機制。
目前廣佈的提款機系統及公用資訊站便利了我們的生活,但偽裝的提款機及公用資訊站也造成一些安全上的問題且會造成財產上的損失。為此,我們提出一新機制來解決公用資訊站及提款機的認證問題。較之先前所提出之機制,我們的機制可降低伺服器管理私密資料庫的負擔,而且需求較少的通訊步驟及資訊儲存量。

The increasing usage of public networks for transmission or access of sensitive data raises security issues, which especially include how to ensure the privacy of the transmitted data and how to authenticate the legal users for later authorization. The privacy of the transmitted data can be protected through encryption with a negotiated key. There are several cryptographic protocols to set up this key: the key distribution protocols, the key agreement protocols, and the group-oriented key distribution or agreement protocols. And, to set up a negotiated key, one should first authenticate the communicating party. Therefore, the study of the authenticated key exchange protocols is very important.
As the technology progresses, there are many varieties of public networks we can access: the wired networks (LAN or Internet), the wireless networks (GSM or 3G), the mobile networks, the ATM network and the public Internet Kiosks. The different network environments pose different challenges in designing the authenticated key exchange protocols. In this dissertation, we investigate the authenticated key exchange protocols for different networks (the wired networks, the wireless networks, the mobile networks, the ATM network and the public Internet kiosks).
In this dissertation, we shall first discuss the authenticated key exchange protocol for the wired network. If the party to be authenticated is a user, then we call such a scheme the remote login scheme. We shall present attacks on three efficient schemes, and propose our improvements. Two of them are two-party authentication schemes, and one is group-oriented scheme. We further propose a more efficient scheme that owns more practical merits.
The vulnerability of the wireless link and the low computing power of the mobile device raise new challenges in designing the authentication scheme for wireless network. The wireless network service also causes more security issues: the anonymity of users and the non-repudiation of service. We shall present attack and improvement on one known protocol. We further propose a new authenticated key exchange scheme for the wireless network service. This new scheme is more efficient than the previous works, in addition to the provision of anonymity and non-repudiation.
As the rapid development of wireless LAN and mobile network layer protocol Mobile-IP, a mobile user is allowed to access the service at the visiting domain after he has been authenticated. The design criteria of the inter-domain authentication protocols include: the scalability, the communication efficiency, the computational efficiency, and the robustness of security. We first show the weakness of some existing protocols against the session key compromise, and then propose a new and efficient inter-domain authentication protocol.
The wide deployment of ATM machines and the public Internet kiosks make our life more convenient. However, it also causes new security issues when we use them to access sensitive data; these public terminals are susceptible to the fake terminal attack. We shall propose an efficient scheme to authenticate these terminals. The scheme is more attractive than the previous works with respect to the number of secret databases, the number of interaction steps and the storage.
URI: http://hdl.handle.net/11455/17451
Appears in Collections:應用數學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.