臺灣博碩士論文加值系統

認證機制為電子商務環境提供一個安全通訊的通道。同時，安全的認證機制能確保只有被授權的客戶端能夠從伺服器存取服務。一般來說，在此類機制中包含了兩部分:雙向認證和會話金鑰協調。
現今，各種電子商務系統都有不同的安全基本要求，沒有一種安全機制能夠適用於所有的電子商務系統上。在本論文中，我們研究了三種類型的電子商務模式，即付費電視系統、物聯網環境和客户端-服務器系統。首先，我們針對付費電視系統提出兩種一對多的認證機制。此兩種認證機制能有效地減少認證過程中訊息的傳遞。為了容易的管理由用戶訂閱的大量電視頻道，我們提出第三種認證機制，此機制最大的優勢是在於提供頻道撤銷和頻道新增階段。
隨著物聯網的快速發展，人們開始將個人的裝置連接上網以傳輸訊息。用戶和伺服器之間的認證和會話密鑰的創建都是物聯網中重要的議題。因此，我們回顧現存的物聯網認證機制並且提出一個改進的方法。
所有上述機制均在互聯網上執行，有時在客戶-伺服器系統中，面對面的交易是不可或缺的。在論文的最後，我們針對該系統設計了兩種基於影像加密和秘密共享的認證機制。兩種認證機制都提供了低計算量和儲存率，進一步地，第二個機制採用擴散程序以抵擋統計攻擊。

The authentication scheme always plays an important role in providing a secure communication channel for the electronic-commerce environment. In addition, authentication schemes ensure that only the authorized clients can access services from the server. Generally speaking, this type of scheme is composed of two parts: (1) mutual authentication and (2) session key agreement.
Recently, various kinds of electronic-commerce systems have different essential requirements. There is no such security scheme that suits all the electronic-commerce systems. In this dissertation, we focused on three types of electronic-commerce models, i.e., pay-TV systems, internet of things (IoT) environment, and client-server systems. Firstly, we proposed two one-to-many authentication schemes in pay-TV systems which can effectively reduce the amount of message delivered in the authentication processing. To easily manage the large number of TV channels that are subscribed by users, we presented the third authentication scheme. The advantage of this scheme is that it supported the channel revocation and channel addition phases.
With the rapid development of IoT, people connect many of their personal devices to the Internet for information transmission. Both the authentication and the creation of session key between the user and the server are important issues in IoT. Therefore, we reviewed the existing IoT authentication schemes and proposed an improved one.
All the aforementioned schemes are performed on the Internet. Sometimes face-to-face trading is a necessary requirement in client-server systems. At last, we designed two authentication schemes based on image encryption and secret sharing for this model. Both schemes provided lower computational cost and storage rate. Moreover, our second scheme can resist statistical attack by adopting diffusion process.

誌謝 i
摘要 ii
Abstract iii
Table of Contents v
List of Figures viii
List of Tables ix
Chapter 1 Introduction 1
1.1 Research Motivation 1
1.2 Objectives 2
1.3 Organization 3
Chapter 2 Secure CAS-based Authentication Scheme for Mobile Pay-TV System 4
2.1 Introduction 4
2.2 Preliminaries 7
2.2.1 Elliptic curve cryptography 7
2.2.2 Bilinear pairing 8
2.3 Review of Yeh and Tsaur’s Scheme 9
2.3.1 Initialization phase 9
2.3.2 Issue phase 10
2.4 Security Analysis of Related Scheme 11
2.4.1 Security analysis of Yeh and Tsaur’s scheme 11
2.4.2 Security analysis of Wang and Qin’s scheme 15
2.5 The Proposed Scheme 16
2.5.1 Notations 16
2.5.2 Initialization phase 17
2.5.3 Issue phase 18
2.6 Security Analysis 20
2.6.1 Correctness 21
2.6.2 Impersonation attack with knowing MS’s ID 21
2.6.3 Forgery attack 22
2.6.4 Replay attack 24
2.6.5 Denial-of-service attack 24
2.6.6 Collusion attack 24
2.6.7 Man-in-the-middle attack 25
2.7 Comparisons 26
2.8 Summaries 29
Chapter 3 A secure authentication scheme for access control in mobile pay-TV systems 30
3.1 Introduction 30
3.2 Review of Farash and Attari’s Scheme 31
3.2.1 Setup Phase 32
3.2.2 Issue Phas 32
3.2.3 Subscription Phase 35
3.2.4 Hand-off Phase 36
3.3 Analysis of Farash and Attari’s Scheme 37
3.3.1 Dolev-Yao Model 37
3.3.2 Attacks 37
3.4 Summaries 42
Chapter 4 A Secure Authentication Scheme with Provable Correctness for Pay-TV Systems 43
4.1 Introduction 43
4.2 Preliminaries 44
4.2.1 Chebyshev chaotic maps 44
4.2.2 FSR-GS technique 45
4.2.3 The definition of security requirements 47
4.3 The proposed scheme 48
4.3.1 Initialization phase 48
4.3.2 Issue phase 48
4.3.3 Subscription phase 51
4.3.4 Revocation phase 53
4.3.5 Addition phase 55
4.4 Security analysis 57
4.4.1 Correctness of mutual authentication 58
4.4.2 Anonymity and untraceability 64
4.4.3 Personal privacy 65
4.4.4 Replay attack 65
4.4.5 Impersonation attack 65
4.4.6 Man-in-the-middle attack 66
4.5 Performance discussion 68
4.6 Summaries 72
Chapter 5 Secure and efficient authentication scheme for IoT and cloud servers 73
5.1 Introduction 73
5.2 Review and Analysis of Kalra and Sood’s Scheme 74
5.2.1 Registration Phase 74
5.2.2 Pre-computation and Login Phase 75
5.2.3 Authentication Phase 75
5.2.4 Failure of Mutual Authentication 76
5.2.5 Mistiness of Session Key 76
5.3 The Proposed Scheme 77
5.4 Summaries 79
Chapter 6 An Efficient Smart Card Based Authentication Scheme Using Image Encryption 80
6.1 Introduction 80
6.2 Preliminaries 81
6.2.1 Gray Image Encryption Algorithm Based on Torus Automorphism 81
6.2.2 The Diffusion Algorithm 82
6.2.3 Shamir’s Secret Sharing 83
6.2.4 Chang et al.’s Authentication Scheme Based on Spatial Domain 83
6.3 Basic Image Encryption Scheme 84
6.3.1 Registration phase 85
6.3.2 Authentication phase 86
6.3.3 The key space 88
6.4 Three-dimensional Image Encryption Scheme 88
6.4.1 Registration phase 89
6.4.2 Authentication phase 91
6.5 Experimental results 92
6.5.1 Encryption and Decryption Results 92
6.5.2 Security Analysis 94
6.5.3 Distribution of DCT Matrix Coefficients 94
6.5.4 Performance Comparison 96
6.6 Summaries 98
Chapter 7 Conclusions and Future Works 99
7.1 Conclusions 99
7.2 Future Works 100
References 101

[1]F. Coutrot and V. Michon, “A Single Conditional Access System for Satellite-Cable and Terrestrial TV,” IEEE Trans. Consum. Electron., vol. 35, no. 3, pp. 464–468, Aug. 1989.
[2]ITU-R Rec. 810., Conditional-Access Broadcasting Systems. 1992.
[3]DVB Standrad, IP Datacast over DVB-H: Service Purchase and Protection (SPP). 2005.
[4]D. Diaz-Sanchez, A. Marin, F. Almenarez, and A. Cortes, “Sharing Conditional Access Modules Through the Home Network for Pay TV Access,” IEEE Trans. Consum. Electron., vol. 55, no. 1, pp. 88–96, Feb. 2009.
[5]H. Shirazi, J. Cosmas, and D. Cutts, “A Cooperative Cellular and Broadcast Conditional Access System for Pay-TV Systems,” IEEE Trans. Broadcast., vol. 56, no. 1, pp. 44–57, Mar. 2010.
[6]J.-Y. Kim and H.-K. Choi, “Improvements on Sun ’s Conditional Access System in Pay-TV Broadcasting Systems,” IEEE Trans. Multimed., vol. 12, no. 4, pp. 337–340, Jun. 2010.
[7]H. Wang and B. Qin, “Improved One-to-Many Authentication Scheme for Access Control in Pay-TV Systems,” IET Inf. Secur., vol. 6, no. 4, pp. 281–290, Dec. 2012.
[8]H.-M. Sun and M.-C. Leu, “An Efficient Authentication Scheme for Access Control in Mobile Pay-TV Systems,” IEEE Trans. Multimed., vol. 11, no. 5, pp. 947–959, Aug. 2009.
[9]C.-C. Chang, T.-F. Cheng, and H.-L. Wu, “An Authentication and Key Agreement Protocol for Satellite Communications,” Int. J. Commun. Syst., vol. 27, no. 10, pp. 1994–2006, Oct. 2014.
[10]S. H. Islam and M. K. Khan, “Provably Secure and Pairing-Free Identity-Based Handover Authentication Protocol for Wireless Mobile Networks,” Int. J. Commun. Syst., vol. 29, no. 17, pp. 2442–2456, Nov. 2016.
[11]S. H. Islam, M. S. Obaidat, and R. Amin, “An Anonymous and Provably Secure Authentication Scheme for Mobile User,” Int. J. Commun. Syst., vol. 29, no. 9, pp. 1529–1544, Jun. 2016.
[12]Y.-L. Huang, S. Shieh, F.-S. Ho, and J.-C. Wang, “Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems,” IEEE Trans. Multimed., vol. 6, no. 5, pp. 760–769, Oct. 2004.
[13]H.-M. Sun, C.-M. Chen, and C.-Z. Shieh, “Flexible-Pay-Per-Channel: A New Model for Content Access Control in Pay-TV Broadcasting Systems,” IEEE Trans. Multimed., vol. 10, no. 6, pp. 1109–1120, Oct. 2008.
[14]N.-Y. Lee, C.-C. Chang, C.-L. Lin, and T. Hwang, “Privacy and Non-Repudiation on Pay-TV Systems,” IEEE Trans. Consum. Electron., vol. 46, no. 1, pp. 20–27, Feb. 2000.
[15]R. Song and L. Korba, “Pay-TV system with strong privacy and non-repudiation protection,” IEEE Trans. Consum. Electron., vol. 49, no. 2, pp. 408–413, May 2003.
[16]H. Roh and S. Jung, “An Authentication Scheme for Consumer Electronic Devices Accessing Mobile IPTV Service from Home Networks,” in 2011 IEEE International Conference on Consumer Electronics (ICCE), 2011, pp. 717–718.
[17]J.-H. Yang and C.-C. Chang, “An ID-based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on Elliptic Curve Cryptosystem,” Comput. Secur., vol. 28, no. 3, pp. 138–143, May 2009.
[18]H.-L. Wu, C.-C. Chang, and C.-Y. Sun, “A Secure Authentication Scheme with Provable Correctness for Pay-TV Systems,” Secur. Commun. Netw., vol. 9, no. 11, pp. 1577–1588, Jul. 2016.
[19]V. Ollikainen and C. Peng, “A Handover Approach to DVB-H Services,” in 2006 IEEE International Conference on Multimedia and Expo, 2006, pp. 629–632.
[20]T.-H. Chen, Y.-C. Chen, W.-K. Shih, and H.-W. Wei, “An Efficient Anonymous Authentication Protocol for Mobile Pay-TV,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1131–1137, Jul. 2011.
[21]H. Kim, Cryptanalysis on An Efficient Anonymous Authentication Protocol for Mobile Pay-TV, vol. 164. Springer, Heidelberg: James (Jong Hyuk) Park, Victor C.M. Leung, Cho-Li Wang, Taeshik Shon (eds.), 2012.
[22]X. Huang, C.-K. Chu, H.-M. Sun, J. Zhou, and R. H. Deng, “Enhanced Authentication for Commercial Video Services,” Secur. Commun. Netw., vol. 5, no. 11, pp. 1248–1259, Nov. 2012.
[23]L.-Y. Yeh and W.-J. Tsaur, “A Secure and Efficient Authentication Scheme for Access Control in Mobile Pay-TV Systems,” IEEE Trans. Multimed., vol. 14, no. 6, pp. 1690–1693, Dec. 2012.
[24]D. He, N. Kumar, H. Shen, and J.-H. Lee, “One-to-Many Authentication for Access Control in Mobile Pay-TV Systems,” Sci. China Inf. Sci., vol. 59, no. 5, p. 052108, May 2016.
[25]D. He, J. Chen, and R. Zhang, “An Efficient Identity-Based Blind Signature Scheme Without Bilinear Pairings,” Comput. Electr. Eng., vol. 37, no. 4, pp. 444–450, Jul. 2011.
[26]A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, 1st ed. Boca Raton, FL, USA: CRC Press, Inc., 1996.
[27]D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” in Advances in Cryptology — CRYPTO 2001, 2001, pp. 213–229.
[28]FIPS PUB 180-4., Secure Hash Standard. 2012.
[29]R. Song and M. R. Lyu, “Analysis of Privacy and Non-Repudiation on Pay-TV Systems,” IEEE Trans. Consum. Electron., vol. 47, no. 4, pp. 729–733, Nov. 2001.
[30]S.-Y. Wang and C.-S. Laih, “Efficient Key Distribution for Access Control in Pay-TV Systems,” IEEE Trans. Multimed., vol. 10, no. 3, pp. 480–492, Apr. 2008.
[31]L.-Y. Yeh and J.-L. Huang, “A Conditional Access System with Efficient Key Distribution and Revocation for Mobile pay-TV Systems,” ACM Trans Multimed. Comput Commun Appl, vol. 9, no. 3, p. 18:1–18:20, Jul. 2013.
[32]H. Kim and S.-W. Lee, “Anonymous Authentication Protocol for Mobile Pay-TV System,” in Computer Applications for Security, Control and System Engineering, Springer, Berlin, Heidelberg, 2012, pp. 471–478.
[33]W. I. Khedr, “On the Security of Anonymous Authentication Protocol for Mobile Pay-TV,” J. Inf. Secur., vol. 04, no. 04, p. 225, Sep. 2013.
[34]M. S. Farash and M. A. Attari, “A Provably Secure and Efficient Authentication Scheme for Access Control in Mobile Pay-TV Systems,” Multimed. Tools Appl., vol. 75, no. 1, pp. 405–424, Jan. 2016.
[35]D. Dolev and A. C. Yao, “On the Security of Public Key Protocols,” in Proceedings of the 22Nd Annual Symposium on Foundations of Computer Science, Washington, DC, USA, 1981, pp. 350–357.
[36]J.-W. Lee, “Key Distribution and Management for Conditional Access System on DBS,” in Proceedings of International Conference on Cryptology and Information Security, Kaohsiung, Taiwan, 1996, pp. 82–86.
[37]F.-K. Tu, C.-S. Laih, and H.-H. Tung, “On Key Distribution Management for Conditional Access System on Pay-TV System,” IEEE Trans. Consum. Electron., vol. 45, no. 1, pp. 151–158, Feb. 1999.
[38]R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-key Cryptosystems,” Commun ACM, vol. 21, no. 2, pp. 120–126, Feb. 1978.
[39]D. Xiao, X. Liao, and K. W. Wong, “An Efficient Entire Chaos-Based Scheme for Deniable Authentication,” Chaos Solitons Fractals, vol. 23, no. 4, pp. 1327–1331, Feb. 2005.
[40]H. Jin, D. S. Wong, and Y. Xu, “Efficient Group Signature with Forward Secure Revocation,” in Security Technology, 2009, pp. 124–131.
[41]“Data Encryption Standard,” Wikipedia. 19-Jan-2018.
[42]M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” ACM Trans Comput Syst, vol. 8, no. 1, pp. 18–36, Feb. 1990.
[43]M. Burrows, M. Abadi, and R. Needham, Authentication: a Practical Study in Belief and Action. University of Cambridge Computer Laboratory, 1988.
[44]W.-J. Tsaur, J.-H. Li, and W.-B. Lee, “An Efficient and Secure Multi-Server Authentication Scheme with Key Agreement,” J. Syst. Softw., vol. 85, no. 4, pp. 876–882, Apr. 2012.
[45]S.-P. Yang and X. Li, “Defect in Protocol Analysis with BAN Logic on Man-in-the-middle Attacks,” Appl. Res. Comput., vol. 24, no. 3, pp. 149–151, 2007.
[46]W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, Nov. 1976.
[47]C.-C. Lee, “A Simple Key Agreement Scheme Based on Chaotic Maps for VSAT Satellite Communications,” Int. J. Satell. Commun. Netw., vol. 31, no. 4, pp. 177–186, Jul. 2013.
[48]B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition. New York: Wiley, 1996.
[49]L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Comput. Netw., vol. 54, no. 15, pp. 2787–2805, Oct. 2010.
[50]Y.-P. Liao and C.-M. Hsiao, “A Secure ECC-Based RFID Authentication Scheme Integrated with ID-Verifier Transfer Protocol,” Ad Hoc Netw., vol. 18, pp. 133–146, Jul. 2014.
[51]M. Turkanović, B. Brumen, and M. Hölbl, “A Novel User Authentication and Key Agreement Scheme for Heterogeneous ad Hoc Wireless Sensor Networks, Based on the Internet of Things Notion,” Ad Hoc Netw., vol. 20, pp. 96–112, Sep. 2014.
[52]M. S. Farash, M. Turkanović, S. Kumari, and M. Hölbl, “An Efficient User Authentication and Key Agreement Scheme for Heterogeneous Wireless Sensor Network Tailored for the Internet of Things Environment,” Ad Hoc Netw., vol. 36, pp. 152–176, Jan. 2016.
[53]S. Kalra and S. K. Sood, “Secure Authentication Scheme for IoT and Cloud Servers,” Pervasive Mob. Comput., vol. 24, pp. 210–223, Dec. 2015.
[54]V. S. Miller, “Use of Elliptic Curves in Cryptography,” in Advances in Cryptology — CRYPTO ’85 Proceedings, 1985, pp. 417–426.
[55]N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Comput., vol. 48, no. 177, pp. 203–209, 1987.
[56]C. Guo, C.-C. Chang, and C.-Y. Sun, “Chaotic Maps-Based Mutual Authentication and Key Agreement using Smart Cards for Wireless Communications,” J. Inf. Hiding Multimed. Signal Process., vol. 4, no. 2, pp. 99–109, 2013.
[57]W.-S. Juang, S.-T. Chen, and H.-T. Liaw, “Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Trans. Ind. Electron., vol. 55, no. 6, pp. 2551–2556, Jun. 2008.
[58]X. Li, W. Qiu, D. Zheng, K. Chen, and J. Li, “Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Trans. Ind. Electron., vol. 57, no. 2, pp. 793–800, Feb. 2010.
[59]C.-C. Chang and L.-H. Wu, “Password Authentication Scheme Based upon Rabin’s Public-key Cryptosystem,” presented at the Proceedings of International Conference on Systems Management, Hong Kong, China, 1990, pp. 425–429.
[60]M.-S. Hwang and L.-H. Li, “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Trans. Consum. Electron., vol. 46, no. 1, pp. 28–30, Feb. 2000.
[61]W. Rankl and W. Effing, Smart Card Handbook, 1st ed. New York, NY, USA: John Wiley & Sons, Inc., 1997.
[62]Q. Zhao and C.-H. Hsieh, “Card User Authentication Based on Generalized Image Morphing,” in 2011 3rd International Conference on Awareness Science and Technology (iCAST), 2011, pp. 117–122.
[63]K. Thongkor and T. Amornraksa, “Digital Image Watermarking for Photo Authentication in Thai National ID Card,” in 2012 9th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, 2012, pp. 1–4.
[64]T. N. Shankar, G. Sahoo, and S. Niranjan, “Image Encryption for Mobile Devices,” in 2010 INTERNATIONAL CONFERENCE ON COMMUNICATION CONTROL AND COMPUTING TECHNOLOGIES, 2010, pp. 612–616.
[65]C.-C. Chang, M.-S. Hwang, and T.-S. Chen, “A New Encryption Algorithm for Image Cryptosystems,” J. Syst. Softw., vol. 58, no. 2, pp. 83–91, Sep. 2001.
[66]G. Zhao, X. Yang, B. Zhou, and W. Wei, “RSA-Based Digital Image Encryption Algorithm in Wireless Sensor Networks,” in 2010 2nd International Conference on Signal Processing Systems, 2010, vol. 2, pp. V2-640-V2-643.
[67]Z. Zhao and X. Zhang, “ECC-Based Image Encryption Using Code Computing,” in Proceedings of the 2012 International Conference on Communication, Electronics and Automation Engineering, Springer, Berlin, Heidelberg, 2013, pp. 859–865.
[68]L. Li, A. A. Abd El-Latif, and X. Niu, “Elliptic Curve ElGamal Based Homomorphic Image Encryption Scheme for Sharing Secret Images,” Signal Process., vol. 92, no. 4, pp. 1069–1078, Apr. 2012.
[69]Y. Wang, K.-W. Wong, X. Liao, and G. Chen, “A New Chaos-Based Fast Image Encryption Algorithm,” Appl. Soft Comput., vol. 11, no. 1, pp. 514–522, Jan. 2011.
[70]S. M. Seyedzadeh and S. Mirzakuchaki, “A Fast Color Image Encryption Algorithm Based on Coupled Two-Dimensional Piecewise Chaotic Map,” Signal Process., vol. 92, no. 5, pp. 1202–1215, May 2012.
[71]M. François, T. Grosges, D. Barchiesi, and R. Erra, “A New Image Encryption Scheme Based on a Chaotic Function,” Signal Process. Image Commun., vol. 27, no. 3, pp. 249–259, Mar. 2012.
[72]G. Chen, Y. Mao, and C. K. Chui, “A Symmetric Image Encryption Scheme Based on 3D Chaotic Cat Maps,” Chaos Solitons Fractals, vol. 21, no. 3, pp. 749–761, Jul. 2004.
[73]C.-C. Chang, Q. Mao, and H.-L. Wu, “A Novel Authentication Scheme Based on Torus Automorphism for Smart Card,” in Advances in Intelligent Systems and Applications - Volume 2, Springer, Berlin, Heidelberg, 2013, pp. 53–60.
[74]R. Devaney and R. L. Devaney, An Introduction to Chaotic Dynamical Systems, 2 edition. Boulder, Colo: CRC Press, 2003.
[75]A. Shamir, “How to Share a Secret,” Commun ACM, vol. 22, no. 11, pp. 612–613, Nov. 1979.
[76]P. Akritas, I. E. Antoniou, and G. P. Pronko, “On the Torus Automorphisms: Analytic solution, Computability and Quantization,” Chaos Solitons Fractals, vol. 12, no. 14, pp. 2805–2814, Nov. 2001.
[77]I. Percival and F. Vivaldi, “Arithmetical Properties of Strongly Chaotic Motions,” Phys. Nonlinear Phenom., vol. 25, no. 1, pp. 105–130, Mar. 1987.
[78]Q. Mao, C.-C. Chang, and H.-L. Wu, “An Image Encryption Scheme Based on Concatenated Torus Automorphisms,” KSII Trans. Internet Inf. Syst., vol. 7, no. 6, pp. 1492–1511, Jun. 2013.