臺灣博碩士論文加值系統

此論文分為三個部分，各自為改良型通行碼應用架構、全球行動通訊系統認證協定之改進機制、模糊傳送協定之研究。
通行碼確認系統已經是現今網路不可分割的一部分，幾乎所有的應用從雲端硬碟、遊戲平台、行動裝置、智慧家庭、網路購物甚至文章訂閱等，所有使用者都會需要經過通行碼確認系統以驗證身份，應用的普遍化與年輕化，系統要處理的使用者資料也大量增長。我們提出一個改良型通行碼應用架構，可以將多次加解密運算系統改良成簡單的互斥或運算與同餘運算，減少傳輸時間跟運算成本，即使簡化架構仍然保有安全性。
全球行動通訊系統認證協定是目前運用最廣的通訊協定，然而這幾年行動裝置的普及與跨國跨區的活動的頻繁，漫遊服務的需求量越加龐大。而我們提出的全球行動通訊系統認證協定之改進機制，將原本由母系統註冊中心發出挑戰，改成由客系統註冊中心同時向行動裝置跟母註冊系統中心發出挑戰，並同時回收各自回應，用這種方式減少認證協定的時間與程序。
最後是模糊傳送協定之研究，我們提出了十個新的模糊協定模型，其中四個是基於RSA加密演算法，另外四個是基於離散對數加密演算法，最後兩個是基於拉賓加密演算法。 

In this thesis, we apply cryptography to propose improved a scheme for password, an improved authentication protocol for Global System for Mobile Communications (GSM) and some new oblivious transfer protocols.
At first, with the popularity of the internet and increasing population of users, the great amount of user information need to be managed. We propose an improved model of password system which can reduce transfer times and computing costs by using XOR operator and linear congruential method instead of original encryption and decryption operations, not only simplify infrastructure but also keep the security.
Furthermore, the demand for international roaming services is largely fuelled by the increasing availability of mobile devices and increasing frequency of going abroad. We propose an improved scheme for GSM that prompts the challenge to provide the response at the same time from Mobile Station (MS) and Home Location Register (HLR) by Visitor Location Register (VLR) that used to prompt by HLR. As this scheme, it can reduce the times and steps of verification process.
Finally, oblivious transfer is an important tool for designing secure protocols and has been widely used in various applications like fairly signing contracts, obliviously searching database, privacy-preserving auctions, secure multiparty computations, playing mental poker games, and so on. It is a protocol by which a sender can send some messages to a receiver without the receiver''s knowing which part of the messages can be obtained. We design ten new schemes for oblivious transfer protocol which are based on RSA, discrete logarithm and Rabin’s cryptosystems, respectively.

There are three results provided in our thesis as follows:

1. We propose an improved password system that keep the security with simple infrastructure.
2. We propose an improved scheme for GSM Authentication Protocol that can reduce the times and steps of verification process.
3. We propose 4 new Schemes for Oblivious Transfer Protocols based on RSA.
4. We propose 4 new Schemes for Oblivious Transfer Protocols based on discrete logarithm.
5. We propose 2 new Schemes for Oblivious Transfer Protocols based on Rabin’s cryptosystems.

It is believed that the results of our study in this thesis will be much helpful for the future research in the area of password, GSM and oblivious transfer protocols.

Contents

Abstract I
中文摘要 III
Contents IV
List of Figures V

Chapter 1. Introduction 1
1.1 Introduction of Password, GSM and Oblivious Transfer Protocol 1
1.2 The proposed Schemes 8
1.3 Organization of This Thesis 9

Chapter 2. Overview 10
2.1 Overview of Password Security 10
2.2 Overview of Authentication Protocol for GSM 12
2.3 Overview of Oblivious Transfer Protocols 15

Chapter 3. Several Schemes of Password, GSM and Oblivious Transfer Protocol 19
3.1 An Improved Scheme for Password Security 19
3.2 An Improved Scheme for GSM Authentication Protocol 22
3.3 Ten Schemes for Oblivious Transfer Protocols 23

Chapter 4. Conclusions and Future Research 36

Reference 37

List of Figures

Figure 1.1.1 Password file 2
Figure 1.1.2 User registered 3
Figure 1.1.3 User login 3
Figure 1.1.4 Original GSM Authentication Protocol 5
Figure 2.1.1 Password file after encrypt 11
Figure 2.3.1 Oblivious Transfer Protocol 16
Figure 3.1.1 User registered of improved scheme 20
Figure 3.1.2 User login of improved scheme 21
Figure 3.2.1 Improved GSM Authentication Protocol 22
Figure 3.3.1 Protocol 1 22
Figure 3.3.2 Protocol 2 25
Figure 3.3.3 Protocol 3 27
Figure 3.3.4 Protocol 4 28
Figure 3.3.5 Protocol 5 29
Figure 3.3.6 Protocol 6 30
Figure 3.3.7 Protocol 7 31
Figure 3.3.8 Protocol 8 32
Figure 3.3.9 Protocol 9 33
Figure 3.3.10 Protocol 10 34

Reference

[1] PURDY, George B. A high security log-in procedure. Communications of the ACM, 1974, 17.8: 442-445.
[2] LAMPORT, Leslie. Password authentication with insecure communication. Communications of the ACM, 1981, 24.11: 770-772.
[3] EVANS JR, Arthur; KANTROWITZ, William; WEISS, Edwin. A user authentication scheme not requiring secrecy in the computer. Communications of the ACM, 1974, 17.8: 437-442.
[4] WILKES, Maurice Vincent. Time-sharing computer systems. 1972.
[5] HARN, Lein; HUANG, D.; LAIH, C. S. Password authentication using public-key cryptography. Computers & Mathematics with Applications, 1989, 18.12: 1001-1017.
[6] HWANG, Tai-Yang. Password authentication using public-key encryption. In: Proc. of international Carnahan Conference on Security Technology. 1983. p. 35-38.
[7] LENNON, R.; MATYAS, S.; MEYER, C. Cryptographic authentication of time-invariant quantities. IEEE Transactions on Communications, 1981, 29.6: 773-777.
[8] EREN, Halit. Wireless sensors and instruments: networks, design, and applications. CRC Press, 2005.
[9] HUURDEMAN, Anton A. The worldwide history of telecommunications. John Wiley & Sons, 2003.
[10] SAUTER, Martin. From GSM to LTE: an introduction to mobile networks and mobile broadband. John Wiley & Sons, 2010.
[11] RABIN, Michael O. How to Exchange Secrets with Oblivious Transfer. 1981.
[12] EVEN, Shimon; GOLDREICH, Oded; LEMPEL, Abraham. A randomized protocol for signing contracts. Communications of the ACM, 1985, 28.6: 637-647.
[13] CHANDRA, Sourabh, et al. A study and analysis on symmetric cryptography. In: Science Engineering and Management Research (ICSEMR), 2014 International Conference on. IEEE, 2014. p. 1-8.
[14] BENNETT, Charles H., et al. Practical quantum oblivious transfer. In: Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1991. p. 351-366.
[15] CRÉPEAU, Claude. Quantum oblivious transfer. Journal of Modern Optics, 1994, 41.12: 2445-2454.
[16] CRÉPEAU, Claude; KILIAN, Joe. Achieving oblivious transfer using weakened security assumptions. In: Foundations of Computer Science, 1988., 29th Annual Symposium on. IEEE, 1988. p. 42-52.
[17] CRÉPEAU, Claude. Efficient cryptographic protocols based on noisy channels. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1997. p. 306-317.
[18] CACHIN, Christian; CRÉPEAU, Claude; MARCIL, Julien. Oblivious transfer with a memory-bounded receiver. In: Foundations of Computer Science, 1998. Proceedings. 39th Annual Symposium on. IEEE, 1998. p. 493-502.
[19] CHANG, C. C. Computer cryptography and information security. Sung-Kang, Taipei, 1989.
[20] JOBUSCH, David L.; OLDEHOEFT, Arthur E. A survey of password mechanisms: Weaknesses and potential improvements. part 1. Computers & Security, 1989, 8.7: 587-604.
[21] JOBUSCH, David L.; OLDEHOEFT, Arthur E. A survey of password mechanisms: Weaknesses and potential improvements. Part 2. Computers & Security, 1989, 8.8: 675-689.
[22] DIFFIE, Whitfield; HELLMAN, Martin. New directions in cryptography. IEEE transactions on Information Theory, 1976, 22.6: 644-654.
[23] HWANG, Tai-Yang. Password authentication using public-key encryption. In: Proc. of international Carnahan Conference on Security Technology. 1983. p. 35-38.
[24] LAIH, C. S.; HARN, L.; HUANG, D. Password authentication using quadratic residues. In: Proc. 1988 Int. Computer Symp. 1988. p. 1484-1489.
[25] LIAW, Horng-Twu. Password authentications using triangles and straight lines. Computers & Mathematics with Applications, 1995, 30.9: 63-71.
[26] Chang, Chin-Chen, and H. T. Liaw. "Sharing a polynomial for password authentication." J. Comput 1.4 (1989): 11-17.
[27] LIN, Chu-Hsing, et al. Password authentication using Newton''s interpolating polynomials. Information Systems, 1991, 16.1: 97-102.
[28] KUMAR, K. Phani, et al. Mutual authentication and key agreement for GSM. In: Mobile Business, 2006. ICMB''06. International Conference on. IEEE, 2006. p. 25-25.
[29] BROOKSON, Charles. GSM (and PCN) Security and Encryption. Papers on mobile security,< http://www. brookson. com/gsm/gsmdoc. pdf>(10 June 2014), 1994.
[30] GSM Security, http://www.gsm-security.net/.
[31] HARN, L.; LIN, H. Y. Noninteractive oblivious transfer. Electronics Letters, 1990, 26.10: 635-636.
[32] RESCORLA, Eric. Diffie-hellman key agreement method. 1999.
[33] TSENG, Wei-Cheng, et al. A Study on Oblivious Transfer Protocols. 2000, 1-55.
[34] CHEN, Li-Ting, and TU, Shih-Hsiung. GSM無線通訊認證協定之改進機制. 2018全國資訊安全會議暨資安產業技術研討會, 2018, 1-3.
[35] CHEN, Li-Ting, and TU, Shih-Hsiung. 改良型通行碼應用架構. 2018全國資訊安全會議暨資安產業技術研討會, 2018, 1-3.