Please use this identifier to cite or link to this item:
標題: 行動網路安全認證策略之不可否認簽章機制
A Secure Authentication Policy with Non-Repudiation Signature Scheme for Mobile Networks
作者: 薛景聰
Hsueh, Ching-Tsung
關鍵字: WLAN;無線網路;non-repudiation;不可否認性
出版社: 電機工程學系所
引用: [1]“Digital signature standard,” National Institute of Standards and Technology, January 2000, NIST FIPS PUB 186-2. [2]“IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11 :Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” 1999, IEEE Std 802.11, 1999 Edition. [3]“IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control,” June 14, 2001, IEEE Std 802.1X-2001. [4]“IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements,” June 24, 2004, IEEE Std 802.11iTM-2004. [5]“Information technology-security techniques-non-repudiation, Part 1: General,” 1997, ISO/IEC 13888-1. [6]“Information technology-security techniques-non-repudiation, Part 2: Mechanisms using symmetric techniques,” 1998, ISO/IEC 13888-2. [7]“Information technology-security techniques-non-repudiation, Part 3: Mechanisms using asymmetric techniques,” 1997, ISO/IEC 13888-3. [8]“Information processing system-Open systems interconnection-Basic reference model-Part 2: Security architecture,” 1989, ISO 7498-2. [9] A. Mishra and W. A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1X Standard,” Department of Computer Science University of Maryland, February 6, 2002, CS-TR-43228. [10] C. He, J. C. Mitchell. “Security analysis and improvements for IEEE 802.11i,” The 12th Annual Network and Distributed System Security Symposium (NDSS''05), pages 90-110. February 2005. [11] C. Rigney, “Remote authentication dial In Supplicant Service (RADIUS),” IEFT RFC 2865, June 2000. [12] J. Walker, “IEEE 802.11i Standard Improves Wireless LAN Security,” Intel Corporation, Technology@Intel Magazine, May 2005. [13] L. S. He and N. Zhang, “A new signature scheme: joint-signature,” Proceedings of the 19th ACM Symposium on Applied Computing(AC2004), pp. 807-812, March 2004. [14] N. Borison,I. Goldberg and D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11,” proceedings of the Seventh Annual International Conference on Mobile Computing And Networking, July 16-21, 2001. [15] N. Haller and C. Metz, “A One-time password System,” IETF RFC 2289, February 1998. [16] S. Weatherspoon, “Overview of 802.11b Security,” Network Communications Group, Intel Corporation, Intel Technology Journal, Q2, 2000, [17] Y. C. Ouyang, C. B. Jang, H. T. Chen, “A Secure Authentication Policy for UMTS and WLAN Interworking,” IEEE International Conference on Communications ICC2007, Jun, 2007. [18] Y. C. Ouyang, J. H. Chiu, C. B. Jang, “A Secure Vertical Handoff Scheme for UMTS-WLAN Interworking,” International Conference on System & Signals, 2005. [19] Y. C. Ouyang, R. L. Chang and J. H. Chiu, “A New Security Key Exchange Channel for 802.11 WLANs,” IEEE Security Technology, 2003, Carnahan Conference, October 14 - 16, 2003.
本論文針對行動網路安全認證策略Dynamic Session Key Policy (DSKP) 作局部的改良,並加入一個之不可否認簽章機制。從Wi-Fi到Wi-Max的演進,無線網路WLAN可望成為未來行動網路的主流趨勢,在現有的無線網路標準中,其安全機制的主要問題,在於通訊雙方的密鑰傳輸與相互之間身份認證,DSKP應用一次性密碼原理來保護使用者的認證過程;在實務應用上,網路的安全性日益重要,對於網路連線的記帳、監測查核、記錄、追踨等功能也越來越重視,這些功能都需要藉助具有不可否認性的資料記録作為佐證,才能執行例如計費或非法連線追蹤等工作,但是使用密碼保護方式在先天上難以提供資料的不可否認性;針對這項不足,我們提出一種混合運用雜湊函數與傳統簽章技術的方法,並且藉助於簽章伺服器的運算能力,來提供不可否認性的機制,以達到傳統簽章技術的安全性而不增加行動用戶端的運算負擔。

In this thesis, we propose a refined Dynamic Session Key Policy (DSKP) with non-repudiation signature scheme for mobile networks. From Wi-Fi to Wi-Max, the WLAN is a trend of mobile network in the near future. The main problems in the wireless network security standards are key distribution and mutual authentication between mobile station (MS) and access point (AP). Based on the one-time password system, the DSKP is proposed to protect users during an authentication process. To overall security of the network, the functions of accounting, auditing, logging, and tracking of connections to a network system are becoming increasingly important. In practice, the non-repudiation property is a very important evidence for accounting system or tracking to illegal connections. But theoretically the password-based system does not provide the non-repudiation property for connection evidence. The proposed non-repudiation signature scheme under the DSKP is a mixed method that uses one-way hash function and traditional digital signature technique. In mobile user environment, the computational cost is an important issue. The proposed DSKP with non-repudiation signature scheme involves a semi-trusted signature server achieving the same security services as those by a traditional digital signature scheme and lightening the computing load for mobile devices.
其他識別: U0005-2506200723495300
Appears in Collections:電機工程學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.