Please use this identifier to cite or link to this item:
DC FieldValueLanguage
dc.contributor.authorHsueh, Ching-Tsungen_US
dc.identifier.citation[1]“Digital signature standard,” National Institute of Standards and Technology, January 2000, NIST FIPS PUB 186-2. [2]“IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11 :Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” 1999, IEEE Std 802.11, 1999 Edition. [3]“IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control,” June 14, 2001, IEEE Std 802.1X-2001. [4]“IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements,” June 24, 2004, IEEE Std 802.11iTM-2004. [5]“Information technology-security techniques-non-repudiation, Part 1: General,” 1997, ISO/IEC 13888-1. [6]“Information technology-security techniques-non-repudiation, Part 2: Mechanisms using symmetric techniques,” 1998, ISO/IEC 13888-2. [7]“Information technology-security techniques-non-repudiation, Part 3: Mechanisms using asymmetric techniques,” 1997, ISO/IEC 13888-3. [8]“Information processing system-Open systems interconnection-Basic reference model-Part 2: Security architecture,” 1989, ISO 7498-2. [9] A. Mishra and W. A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1X Standard,” Department of Computer Science University of Maryland, February 6, 2002, CS-TR-43228. [10] C. He, J. C. Mitchell. “Security analysis and improvements for IEEE 802.11i,” The 12th Annual Network and Distributed System Security Symposium (NDSS''05), pages 90-110. February 2005. [11] C. Rigney, “Remote authentication dial In Supplicant Service (RADIUS),” IEFT RFC 2865, June 2000. [12] J. Walker, “IEEE 802.11i Standard Improves Wireless LAN Security,” Intel Corporation, Technology@Intel Magazine, May 2005. [13] L. S. He and N. Zhang, “A new signature scheme: joint-signature,” Proceedings of the 19th ACM Symposium on Applied Computing(AC2004), pp. 807-812, March 2004. [14] N. Borison,I. Goldberg and D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11,” proceedings of the Seventh Annual International Conference on Mobile Computing And Networking, July 16-21, 2001. [15] N. Haller and C. Metz, “A One-time password System,” IETF RFC 2289, February 1998. [16] S. Weatherspoon, “Overview of 802.11b Security,” Network Communications Group, Intel Corporation, Intel Technology Journal, Q2, 2000, [17] Y. C. Ouyang, C. B. Jang, H. T. Chen, “A Secure Authentication Policy for UMTS and WLAN Interworking,” IEEE International Conference on Communications ICC2007, Jun, 2007. [18] Y. C. Ouyang, J. H. Chiu, C. B. Jang, “A Secure Vertical Handoff Scheme for UMTS-WLAN Interworking,” International Conference on System & Signals, 2005. [19] Y. C. Ouyang, R. L. Chang and J. H. Chiu, “A New Security Key Exchange Channel for 802.11 WLANs,” IEEE Security Technology, 2003, Carnahan Conference, October 14 - 16, 2003.zh_TW
dc.description.abstract本論文針對行動網路安全認證策略Dynamic Session Key Policy (DSKP) 作局部的改良,並加入一個之不可否認簽章機制。從Wi-Fi到Wi-Max的演進,無線網路WLAN可望成為未來行動網路的主流趨勢,在現有的無線網路標準中,其安全機制的主要問題,在於通訊雙方的密鑰傳輸與相互之間身份認證,DSKP應用一次性密碼原理來保護使用者的認證過程;在實務應用上,網路的安全性日益重要,對於網路連線的記帳、監測查核、記錄、追踨等功能也越來越重視,這些功能都需要藉助具有不可否認性的資料記録作為佐證,才能執行例如計費或非法連線追蹤等工作,但是使用密碼保護方式在先天上難以提供資料的不可否認性;針對這項不足,我們提出一種混合運用雜湊函數與傳統簽章技術的方法,並且藉助於簽章伺服器的運算能力,來提供不可否認性的機制,以達到傳統簽章技術的安全性而不增加行動用戶端的運算負擔。zh_TW
dc.description.abstractIn this thesis, we propose a refined Dynamic Session Key Policy (DSKP) with non-repudiation signature scheme for mobile networks. From Wi-Fi to Wi-Max, the WLAN is a trend of mobile network in the near future. The main problems in the wireless network security standards are key distribution and mutual authentication between mobile station (MS) and access point (AP). Based on the one-time password system, the DSKP is proposed to protect users during an authentication process. To overall security of the network, the functions of accounting, auditing, logging, and tracking of connections to a network system are becoming increasingly important. In practice, the non-repudiation property is a very important evidence for accounting system or tracking to illegal connections. But theoretically the password-based system does not provide the non-repudiation property for connection evidence. The proposed non-repudiation signature scheme under the DSKP is a mixed method that uses one-way hash function and traditional digital signature technique. In mobile user environment, the computational cost is an important issue. The proposed DSKP with non-repudiation signature scheme involves a semi-trusted signature server achieving the same security services as those by a traditional digital signature scheme and lightening the computing load for mobile devices.en_US
dc.description.tableofcontentsContents 1.Introduction 1 1.1 Occasion 1 1.2 The current wireless network security 2 1.3 Contributions 3 1.4 Organization of this thesis 4 2.Wireless LAN Security 5 2.1 IEEE 802.11 5 2.1.1 WEP 5 2.1.2 Shared key authentication 8 2.1.3 Key reuse 8 2.1.4 Linear checksum 9 2.1.5 Drawbacks of the shared key authentication 10 2.2 IEEE 802.1X 11 2.2.1 Port access control 12 2.2.2 The drawbacks of the 802.1X 14 2.3 IEEE 802.11i 14 2.3.1 Temporary Key Integrity Protocol (TKIP) 16 2.3.2 Counter mode with CBC-MAC Protocol (CCMP) 16 2.3.3 Security issues of 802.11i 17 Availability 17 Security Level Rollback Attack 17 3.Related Work 19 3.1 Secure authentication policy for wireless LAN 19 3.1.1 Dynamic Session Key Policy (DSKP) 19 3.1.2. Initialization phase of the DSKP 19 3.1.3. Transmission phase of the DSKP 21 3.1.4. Re-authentication phase of the DSKP 23 3.1.5 Security analysis 24 Cipher-suite negotiation 24 Initial vector 25 Key reuse 25 Dynamic re-key 26 ID confidentiality 26 Data confidentiality 27 Session hijack attack 27 Replay attack 27 Data integrity 28 Entity authentication 28 Re-authentication 28 3.2 Non-repudiation 29 3.2.1 Classes of non-repudiation services 30 3.2.2 Techniques of non-repudiation 30 Non-repudiation mechanisms using symmetric techniques 30 Non-repudiation mechanisms using asymmetric techniques 31 Comparison of non-repudiation mechanisms 31 3.3 Digital signature 31 3.4 Joint-signature 32 4.Dynamic Session Key Policy with Joint-Signature 36 4.1 Initialization phase 36 4.2 Transmission phase 41 4.3 Re-authentication phase 42 4.4 Security analysis 46 4.5 Dispute resolution 48 4.6 Performance analysis 48 4.6.1 Computation load 48 4.6.2 Communication load 49 5.Conclusions and Future Works 50 5.1 Conclusions 50 5.2 Some other issues 50 5.3 Future works 51 6.References 52 7.Notations 54 8.Glossaries 56en_US
dc.titleA Secure Authentication Policy with Non-Repudiation Signature Scheme for Mobile Networksen_US
dc.typeThesis and Dissertationzh_TW
item.openairetypeThesis and Dissertation-
item.fulltextno fulltext-
Appears in Collections:電機工程學系所
Show simple item record
TAIR Related Article

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.