Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/19025
標題: 公開金匙確認方法之研究
A Study of Public Key Authentication Schemes
作者: 楊傳聖 
Yang, Chuan-Sheng 
關鍵字: Public Key;公開金匙;certification authority;certificate;cryptosystem;authentication;認證機構;身份確認;密碼系統
出版社: 資訊科學研究所
摘要: 
在公開金匙密碼系統中,確認某特定使用者所擁有之公開金匙的合法
性是相當重要的。目前大多數的金匙確認方法均需要至少一個可被信賴的
認證機構來提供使用者公開金匙合法性的保證,但如此一來,認證機構本
身的可信度就形成了決定系統安全性的主要因素。 在這篇論文中,我
們檢視了近來有關金匙確認技術的研究成果以及一些實際的應用情形。雖
然公開金匙密碼技術的發明使得諸如電子交易、電子公文作業等電腦網路
應用成為可行,但植基於開放架構且不受保護的Internet之上,必須先建
立一套能夠用來確認網路使用者身份及其公開金匙合法性的認證規範,才
能使這些網路應用具公信力及避免一些潛在的資訊安全危機。我們發現,
在缺乏成熟的認證規範下,目前常用的幾種認證方式均存在著一些缺失。
另外,我們提出了兩種不需額外認證機構存在的金匙確認方法。第一種方
法適用於基於離散對數的密碼系統(如ElGamal、DSA系統),第二種可廣
泛的使用於其他常見的公開金匙密碼系統(如RSA系統)。我們的方法主
要適用在含有一負責管理使用者身份之主機的小型區域網路中,只要系統
使用特定的密碼身份確認機制,即可讓使用者以簡單的程序,在不需額外
認證機構參與的情況下,達到確認使用者公開金匙合法性的目的,因而能
提供公開金匙密碼系統更高的安全性。

Verifying the legitimacy of an individual*s public key is
very importantin public-key cryptosystems. Most key
authentication schemes require one ormore trustworthy
authorities to authenticate the key of a user. Consequently,the
system security is mainly dependent on the honesty of these
third parties. In this thesis, we first examine recent
researches on key authenticationschemes and some currently used
methods. The invention of public-key crypto-graphy made many new
network applications, such as electronic commerce (CE),and
paperless document, become possible. However, the widely used
Internet isopen and unprotected, so how to guarantee the
legitimacy of an identity andthe associated public key is one of
the most important criteria for providingcredible and secure
network services. We found that there are still many flawsin
currently used certification systems. We also propose two key
authentication schemes that require no certifyingauthorities.
One is for cryptosystems based on discrete logarithms, such
asElGamal*s scheme and DSA, and the other is for other common
cryptosystems,such as the RSA cryptosystem. Our schemes can be
used mainly for computersystems in a local area network, in
which a host is responsible for userauthentication and it uses
designated password authentication mechanism. Thekey
authentication process is very simple in our schemes, and since
we excludethe participation of other third-parties, our schemes
can provide high securityin a cryptosystem.
URI: http://hdl.handle.net/11455/19025
Appears in Collections:資訊科學與工程學系所

Show full item record
 
TAIR Related Article

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.