臺灣博碩士論文加值系統

　　目前有線電子商務的安全機制，均使用以憑證為基礎的公開金鑰密碼系統來解決相關的安全需求。然而，行動電子商務之無線的環境與前述有線的環境有顯著的差異性存在，如：較小的頻寬、傳輸時有較大延遲的現象、連線品質不佳比較容易斷線、無線的個人裝置運算能力與電力較低等諸多限制存在。因此，需要較多運算量的憑證基礎公開金鑰密碼系統並不適用於無線的環境，相當有必要對無線電子商務環境設計一個合適的安全基礎機制，我們稱之為無線公開金鑰安全基礎(Wireless Public Key Infrastructure)，以保障交易雙方的安全性。本論文將以較具效率之橢圓曲線密碼系統為基礎，設計出一個基於身分為考量的自我驗證公開金鑰密碼系統，並配合無線應用協定(Wireless Application Protocol；WAP)的相關標準，來打造出一個適合行動電子商務的安全基礎環境。本論文所提出之方法具有下列優點：
(1)相較於憑證基礎的方法，本方法驗證公鑰時，可免除額外的時間來對憑證作驗證簽章的動作；
(2)單一個邏輯步驟中同時完成簽章與加密的動作；
(3)分配交談金鑰及驗證公鑰的有效性可同時達成；
(4)驗證訊息簽章及驗證公鑰的有效性可同時達成；
(5)執行加解密及驗證公鑰的有效性可同時達成；
(6)因為本論文有結合身分為基礎的公開金鑰密碼系統，故可減少運算成本。
總之，基於上述優點，所使用的金鑰大小可以降低、可減少運算的複雜度及降低傳輸成本，故非常適合運用在具較小的記憶體與運算能力的裝置上，如智慧卡、手機與個人數位助理(PDA)等。此外，橢圓曲線密碼系統160位元金鑰長度的安全性，同等於RSA公開金鑰密碼系統的1024位元金鑰長度，而且本論文所使用的方法中，由於沒有金鑰目錄管理的問題，因此系統維護管理的成本也大大地降低。

　　At present, all of electronic commerce activities constructed on the Internet employ the certificate-based public key cryptosystem to solve their related security issues. However, as compared with the conventional electronic commerce, the promising mobile electronic commerce environment has many different characteristics, including the less network bandwidth and electronic power, the greater transmission delay time, the more unstable network connection, the less computing capacity, etc. Therefore, the certificate-based public key cryptosystem needing more computing time cannot be efficiently used for securing the mobile electronic commerce environment. In this thesis, we develop a wireless public key infrastructure (WPKI) more suitable for the mobile e-commerce environment to security the transaction. The proposed WPKI is constructed based on the elliptic curve cryptosystem (ECC) and the wireless application protocols (WAP), and is equipped with ID-based and self-certified public key cryptosystems. The approaches proposed in this thesis possess the following advantages:
(1) When verifying the validity of public key, it does not need to spend extra much time to verify the signature in the digital certificate.
(2) Both signing and encrypting a message can be concurrently accomplished in a logical step.
(3) Both distributing a session key and verifying the validity of public key can be concurrently achieved.
(4) Verifying both a signature and the validity of public key can be concurrently fulfilled.
(5) Both decrypting a cipher correctly and verifying the validity of public key can be concurrently finished
(6) Since the proposed methods are combined with the ID-based public key cryptosystem, they can reduce the computation cost greatly.
In summary, based on the above characteristics, the proposed WPKI can reduce the key size, computing time, and transmission cost, so it is quite suitable to be used in the devices with less storage and computing power, like the smart card, mobile phone, personal digital assistant (PDA), etc. Furthermore, the ECC can possess fewer bits achieving the same security degree as other public key cryptosystems like RSA cryptosystem. Also, since the proposed WPKI does not need to manage the key directory, the cost of system maintenance can be greatly reduced.

授權書 iii
中文摘要 v
英文摘要 vii
誌謝 ix
目錄 x
圖目錄 xii
表目錄 xiii
第一章 緒 論 1
1.1 研究背景與動機 1
1.2 研究目的 4
1.3 論文架構 5
第二章 文獻探討 6
2.1 電子商務的安全需求 6
2.2 行動電子商務環境 13
2.3 公開金鑰密碼系統 26
2.3.1 身分為基礎的公開金鑰密碼系統 28
2.3.2 憑證為基礎的公開金鑰密碼系統 30
2.3.3 自我驗證公開金鑰密碼系統 31
2.3.4 橢圓曲線密碼系統 35
2.3.5 結合身分基礎與自我驗證之金鑰交換協定 40
2.4 鑑別加密法 43
2.5 討論 45
第三章 行動電子商務環境下之安全協定 46
3.1 系統建置階段 48
3.2 使用者註冊階段 48
3.3 身分識別協定 50
3.4 加/解密機制 51
3.5 交談金鑰交換機制 54
3.6 數位簽章/驗證簽章機制 56
3.7 鑑別加密法 57
第四章 安全性與複雜度分析 59
4.1 安全性分析 59
4.2 複雜度分析 61
4.3 討論 67
第五章 結論與建議 70
參考文獻 72

[1]賴溪松、韓亮、張真誠，「近代密碼學及其應用」，松崗圖書資料公司，民國88年8月。
[2]高銘智，「使用在WAP協定中的橢圓曲線密碼系統」，電腦與通訊 第85期，第45-48頁，民國88年12月。
[3]鍾振華，「使用身分基礎之自我驗證公鑰的金鑰分配及會議金鑰分配技術」，台灣科技大學 資訊管理系碩士班碩士論文，民國88年。(指導教授：吳宗成)
[4]胡國新，「設計植基於自我驗證公開金鑰系統之安全線上電子拍賣機制」，大葉大學 資訊管理研究所碩士論文，民國89年。(指導教授：曹偉駿)
[5]張瑗玲，「捍衛網際網路的商機」，松崗圖書資料公司，民國86年4月。
[6]余千智，「電子商務總論」，智勝出版社，民國88年4月。
[7]李澄興、林祺政，「電子商務概要」，美商麥格羅．希爾，民國89年10月。
[8]何淑君， “The development of mobile internet technology,” 樹德科技大學-校園無線電子商務研討會 論文集，第203-210頁，民國88年11月。
[9]林祝興、李正隆，“Elliptic-curve undeniable signature schemes,” 第11屆全國資訊安全會議，第331-338頁，民國90年5月。
[10]R. Bakalov, “Introduction to WAP’s wireless transport layer security,” Information Securtiy Technical Report, Vol. 5, No. 3, Elsevier, 2000, pp. 15-22.
[11]E. Blham, and A. Shamir, “Differential cryptanalysis of the data encryption standard,” Springer Verlag, Berlin, 1993.
[12]M. Borcherding, “Mobile security - an overview of GSM, SAT and WAP,” R. Baumgart(Ed.): CQRE’99, LNCS 1740, Springer-Verlag, 1999, pp. 133-141.
[13]W. Caelli, E. Dawson, and S. Rea, “PKI, elliptic curve cryptography and digital signatures,” Computer & Security, Vol. 18, No. 1, 1999, pp. 47-66.
[14]CCITT Recommendation X.509, “The directory: authentication framework,” Jan 1997.
[15]Certicom Corp., “SEC 1: elliptic curve cryptography,” Standards for Efficient Cryptography Group, September 2000. (URL: http://www.secg.org/).
[16]Y.S. Chang, T.C. Wu, and S.C. Huang, “ElGamal-like digital signature and multisignature schemes using self-certified public keys,” The Journal of System and Software, 2000, pp. 99-105.
[17]W. Diffie, and M.E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644-654.
[18]T. Dierks, C. Allen, “The TLS protocol version 1.0,” IETF RFC 2246, January 1998. (URL: ftp://ftp.isi.edu/in-notes/rfc2246.txt)
[19]Durlacher Research, “Mobile commerce report,” 2000. (URL: http://www.durlacher.com/).
[20]T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, Vol. IT-31, No. 4, 1985, pp. 469-472.
[21]ETSI web site, (URL: http://www.etsi.org/).
[22]S. Farrell, “The WAP forum’s wireless public key infrastructure,” Information Securtiy Technical Report, Vol. 5, No. 3, Elsevier, 2000, pp. 23-31.
[23]A. Frier, P. Karlton and P. Kocher, “The SSL 3.0 protocol,” (URL: http://home.netscape.com/eng/ssl3/draft302.txt), 18 November 1996, Netscape Communications Corp.
[24]M. Girault, “Self-certified public keys,” Advances in Cryptology: EuroCrypt’91, Lecture Notes in Computer Science, Vol. 547, Springer-Verlag, 1991, pp. 491-497.
[25]C. Gunther, “An identity-based key-exchange protocol,” Advances in Cryptology EuroCrypt’91, Lecture Notes in Computer Science, Vol. 547, Springer-Verlag, 1991, pp.29-37.
[26]GSM web site, (URL: http://www.gsm.org/).
[27]M. Hoogenboom and P. Steemers, “Security for remote access and mobile application,” Computer & Security, Vol. 19, No. 2, 2000, pp. 149-163.
[28]P. Horster, M. Michels and H. Petersen, “Authenticated encryption schemes with low communication costs,” Electronics Letters, Vol.30, No.15, 1994, pp. 1212-1213.
[29]IEEE P1363 working Group, “IEEE P1363 standard specifications for public key cryptography,” (URL：http://grouper.ieee.org/groups/1363/).
[30]A. Jurisic, and A.J. Menezes, “Elliptic curves and cryptography,” Dr. Dobb’s Journal, 1997, pp. 26-35.
[31]A. Jurisic, and A.J. Menezes, “ECC whitepapers: elliptic curves and cryptography,” Certicom corp., (URL: http://www.certicom.com/research/weccrypt.html).
[32]B.S. Kaliski, “An overview of the PKCS standards,” RSA Laboratories, Nov. 1993.
[33]S. Kim, S. Oh, S. Park, and D. Won, “On saeednia’s key-exchange protocols,” KICS (Korean Institute of Communication Sciences) Conference, Vol. 17, No. 2, Korea, 1998, pp.1001-1004.
[34]N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, Vol. 48, No. 17, 1987, pp. 203-209.
[35]X. Lai, and J. Massey, “A proposal for a new block encryption standard,” Advances in Cryptology EuroCrypt’90, Springer-Verlag, 1991, pp. 389-404.
[36]W.B. Lee and C.C. Chang, “Authenticated encryption scheme without using a one way function,” Electronics Letters, Vol.31, No.19, 1995, pp. 1656-1657.
[37]A.J. Menezes and S.A. Vanstone, “Elliptic curve cryptosystem and their implementation,” Journal of Cryptology, Vol. 6, No. 4, 1993, pp. 209-224.
[38]V.S. Miller., “Use of elliptic curves in cryptography,” Advances in Cryptology:Crypto’85, Springer-Verlag,1986, pp. 417-426.
[39]MasterCard and VISA, “Secure electronic transaction (SET) specification,” June 1996.
[40]National Bureau of Standards, “Data encryption standard,” Federal Information Processing Standards Publication FIPS PUB 46 U.S. Department of Commerce, 1977.
[41]National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure hash standard,” U.S. Department of Commerce, 1993.
[42]National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital signature standard,” U.S. Department of Commerce, 1994.
[43]H. Petersen, and P. Horster, “Self-certified keys concepts and applications,” Proceedings of Communications and Multimedia Security’97, 1997, pp. 102-116.
[44]R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120-126.
[45]R. Rivest, “The MD5 message digest algorithm,” RFC 1321, 1992.
[46]S. Saeednia, “Identity-based and self-certified key-exchange protocols,” Information Security and Privacy: ACISP’97, 1997, pp. 303-313.
[47]C.P. Schnorr, “Efficient identification and signatures for smart cards,” Advances in Cryptology: Crypto’89, Springer-Verlag, 1990, pp.339-351.
[48]R.M. Schnorr, “The data encryption standard in perspective,” Computer Security and the Data Encryption Standard, National Bureau of Standards, Feb 1978.
[49]A. Shamir, “Identity-based cryptosystems and signature schemes,” Advances in Cryptology: Crypto’84, Springer-Verlag, 1985, pp. 47-53.
[50]S. Vanstone, “Elliptic curve cryptosystem - the answer to strong, fast public-key cryptography for securing constrained environments,” Information Security Technical Report, Vol. 2, No. 2, Elsevier, 1997, pp. 78-87.
[51]T.C. Wu, Y.S. Chang and T.Y. Lin, “Improvement of saeednia’s self-certified key exchange protocols,” IEE Electronic Letters,Vol 34, No 11, May 1998, pp. 1094-1095.
[52]T.C. Wu, “Digital signature/multisignature schemes giving public key verification and message recovery simultaneously,” to appear in Computer Systems Science and Engineering, 2001.
[53]WAP forum, (URL: http://www.wapforum.org/).
[54]WAP forum, “WAP architeture specification,” 30 April 1998, (URL: http://www.wapforum.org/).
[55]WAP Forum, “Wireless transport layer security specification,” 18 February 2000, (URL: http://www.wapforum.org/).