跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.89) 您好!臺灣時間:2025/01/25 03:30
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林詠章
研究生(外文):Iuon-Chang Lin
論文名稱:網路服務安全之研究
論文名稱(外文):A Study on Internet Service Security
指導教授:黃明祥黃明祥引用關係
指導教授(外文):Min-Shiang Hwang
學位類別:碩士
校院名稱:朝陽大學
系所名稱:資訊管理系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2000
畢業學年度:88
語文別:英文
論文頁數:82
中文關鍵詞:密碼學電子競標電子商務電子付款網路安全小額付款智慧卡使用者驗證
外文關鍵詞:CryptographyElectronic auctionElecronic commerceElectronic paymentInternet securityMicro-paymentSmart cardUser authentication
相關次數:
  • 被引用被引用:5
  • 點閱點閱:404
  • 評分評分:
  • 下載下載:51
  • 收藏至我的研究室書目清單書目收藏:1
由於網際網路的蓬勃發展,許多商業活動都希望利用網路的便利性,來吸引更多的消費者參與。近來,許多新型態的網路服務,如雨後春筍般被提出,例如:使用者認證、電子付款、電子競標、電子投票等。然而,訊息在公開的網路上傳送可以輕易地被竊取及竄改,因此,這些新型態的網路服務面臨了許多安全上的問題,例如:系統遭入侵、冒名交易、偽造交易訊息等。一般來說,各種透過網路來提供的服務都需要滿足機密性(confidentiality)、確認性(authentication)、完整性(integrity)及不可否認性(non-repudiation)等基本的安全需求。除了這些安全需求外,不同的網路服務有著不同的需求,因此,要設計出符合安全的網路服務協定,適當的保護措施是必須的。本研究,首先針對使用者驗證(user authentication)、電子付款(electronic payment)、及電子議約(electronic auction)等網路服務技術,對其特性及安全需求做一探討,並做相關的文獻探討及分析。本論文將以使用者驗證機制、小額付款系統、及電子議約為主要的研究主題,期望利用資訊安全技術及密碼學方法來設計出安全實用的機制。第一個研究主題-使用者認證機制。傳統的使用者驗證機制允許一提供服務的伺服器去驗證遠端登入者的身份的合法性,然而,這種方法卻不適用於多伺服器的網路架構中。因此,我們提出一個適用於多個伺服器架構的使用者認證機制,配合智慧卡的使用,使用者可自由的選擇登入密碼,而且,只需記憶一組密碼便可登入不同的伺服器。此外,系統不需要建立任何的密碼驗證表(verification table),並可以抵抗重送(replay)及竄改(modification)等安全攻擊,對於使用者的使用權限亦可做有效的管理。第二個研究主題-小額付款系統。我們提出了一個後付的小額付款機制,有別以往此類型的小額付款機制,商家可以與銀行間以離線的方式來驗證付款訊息。此外,此協定亦可有效防止重複花費及確保交易訊息的完整性。本研究,除了使用訊息驗證碼(MAC)來確保資料的安全性外,並沒有其他複雜的數學運算,因此,相當符合小額付款的成本效益。第三個研究主題-電子議約系統。我們將改良Subramanian所提的電子議約系統,藉由時戳(timestamp)觀念的導入,以防止招標商獲取競標者的敏感資訊及解決同標價狀況的發生。
Today, the Internet is used to a wide range in business. electronic commerce is not a futuristic dream. There are everal success applications to provide services over the Internet, uch as user authentication, electronic payments, electronic Auction, and electronic voting, etc. However, the Internet services are still not mature for the security reason. Since digital data can be intercepted and altered easily in open network, it requires some protections to ensure the information security. In generally, these Internet services have to satisfy the following security requirements: confidentiality, authentication, integrity, and non-repudiation. Except the four security requirements, different Internet services have ifferent
requirements. In this study, we first discuss the haracteristics
and requirements for the three Internet services: user authentication, electronic payment, and electronic auction services. Then, we survey the related works for the three
different Internet services. Furthermore, We anticipate using information security techniques and cryptography to propose some secure and efficient methods in the three subjects.
For the first subject -- user authentication. Conventional user authentication schemes allow a server to authenticate the legitimacy of a remote login user. However, these schemes are not suitable for multi-server architecture environment. In this study, we propose a remote password authentication scheme for multi-servers architecture using smart card. In this scheme, users can freely choose their password and can not remember
different login password for various servers. Besides, the proposed scheme can withstand the replay attacks. Furthermore, the systems need not to maintain any verification table and can delete a legal user from the system easily. For the second subject -- micro-payments. We proposed a post-paid micro-payment scheme. Different with other post-paid micro-payments
schemes, the merchant can verify the payment message off-line.
Furthermore, the scheme can prevent of duplicate spending and
protect the integrity of transaction message. Except the message
authenticate code (MAC) technique, the scheme does not require any complexity computations. Therefore, the micro-payment scheme is easy to implement. For the third subject electronic auction. We add a timestamp to improve the robustness of Subramanian''s electronic auction scheme. The proposed scheme can prevent the sensitive information from being revealed by the auction house, and solve the resolution of two or more bidders offering the same price.
1 Introduction 1
2 Internet Service and Its Requirements 7
3 Literature Review 13
4 User Authentication 24
5 Micro-payment Ststem 45
6 Electronic Auction System 63
7 Conclusions and Future Works 71
Bibiography 77
[1] ISO/IEC 9797: Data cryptographic techniques-Data integrity mechanism using a cryptographic check functionemploying a block cipher algorithm. Internal Organization for Standardization, 1989.
[2] R.~J. Anderson and M.~G. Kuhn, Tamper resistance a autionary note, Proc. of The 2nd Usenix Workshop on Electronic Commerce, Oakland, California, U.S.A., pp.~1--11, NOV 1996.
[3] R.~K. Bauer, T.~A. Berson, and R.~J. Feiertag, A key distribution protocol using event markers, ACM transactions on Computer Systems}, vol.~1, pp.~249--255, 1983.
[4] M.~Bellare~et al., ikp- a family of secure electronic payment protocols, Jul. 1995. http://www.zurich.ibm.com/Technology/Security/extern/ecommerce/).
[5] J.P. Boly~et al., The esprit project cafe-high security digital payment system, Computer Security - ESOLICS''94}, vol.~875, Nov. 1994.
[6] C.~C. Chang, R.~J. Hwang, and J.~B. Daniel, Using smart cards to authenticate passwords, IEEE International Carnahan Conference on Security Technology}, pp.~154--156, 1993.
[7] C.~C. Chang and S.~J. Hwang, Using smart cards to authenticate remote passwords, Computers and Mathematics with Applications, vol.~26, no.~7, pp.~19--27, 1993.
[8] C.~C. Chang and C.~S. Laih, Remote password authentication with smart cards (correspondence), IEE Proceedings-E, vol.~139, no.~4, p.~372, 1992.
[9] C.~C. Chang, S.~M. Tsu, and C.Y. Chen, Remote scheme for password authentication based on theory of quadratic residues, Computer Communications, vol.~18, pp.~936--942, Dec. 1995.
[10] C.~C. Chang and T.~C. Wu, Remote password authentication with smart cards, IEE Proceedings-E, vol.~138, no.~3, pp.~165--168, 1991.
[11] D.~Chaum, Blind signatures for untraceable payment, Advances in Cryptology-Crypto 82}, pp.~199--203, 1983.
[12] D.~Chaum, A.~Fiat, and M.~Naor, ''Untraceable electronic cash,'''' Advances in Cryptology-Crypto 88}, pp.~319--327, 1990.
[13] D.~Chaum and T.P. Pedersen, ''Wallet database with observers,'''' Advances in Cryptology-Crypto 92, pp.~89--105, 1993.
[14] I.B. Damgard, ''A design principle for hash functions,'''' Advances in Cryptology-Crypto 89}, pp.~416--427, 1990.
[15] D.W. Davies, ''A message authentication algorithm suitable for a mainframe computer,'''' Advances in Cryptology-Crypto 84, pp.~393--400, 1985.
[16] D.~E.~R. Denning, Cryptogryaphy and data security.
Addision-Wesley, Massachusetts, 1982.
[17] J.F. Dhem, D.~Veithen, and J.J. Quisquater, ''Scalps: smart card for limited payment systems,'''' IEEE Micro, vol.~163, pp.~42--51, Jun. 1996.
[18] W.~Diffie and M.~E. Hellman, ''New directions in cryptography,'''' IEEE Transactions on Information Theory, vol.~22, pp.~644--654, 1976.
[19] J.~Doggest, ''Electronic check project,'''' Financial Services Technology Consortium (FSTC)}, 1995.
(http://macke.wiwi.hu-berlin/IMI/micropayments.html).
[20] T.~ElGamal, ''A public-key cryptosystem and a signature scheme based on discrete logarithms,'''' IEEE Transactions on Information Theory}, vol.~31, no.~4, pp.~469--472, 1985.
[21] A.~J. Evans, W.~Kantrowiz, and E.~Weiss, ''A user authentication scheme not requiring secrecy in the computer,'''' Communications of the ACM, vol.~17, pp.~437--442, 1974.
[22] P.~Feldman, ''A practical scheme for non-interative verifiable secret sharing,'''' Proc. 28th IEEE Symp. Foundations of Computer Science, pp.~427--437, 1987.
[23] L.C. Ferreira and R.~Dahab, ''A scheme for analyzing elecronic payment system,'''' Computer Security Applications Conference 14th, pp.~137--146, 1998.
[24] M.K. Franklin and M.K. Reiter, ''The design and implementation of a secure auction service,'''' IEEE Transactions On Software Engineering, vol.~22, pp.~302--312, MAY 1996.
[25] Horng Gwoboa, ''Password authentication without using password table,'''' Information Processing Letters, vol.~55, pp.~247--250, 1995.
[26] R.~Hauser, M.~Steiner, and M.~Waidner, ''Micro-payments based on ikp,'''' Jan. 1996.
(http://www.zurich.ibm.com/publications/1996/HSW96.ps.gz/).
[27] M.~Hendry, Smart Card Security and Applications.
Artech House, Sep. 1997.
[28] Liaw H.T., ''Password authentication using triangles and straight lines,'''' Computers Math. Applic., vol.~30, no.~9, pp.~63--71, 1995.
[29] M.~S. Hwang, ''A remote password authentication scheme based on the digital signature method,'''' International Journal of Computer Mathematics, vol.~70, pp.~657--666, 1998.
[30] M.~S. Hwang, ''Cryptanalysis of remote login authentication scheme,'''' Computer Communications, vol.~22, no.~8, pp.~742--744, 1999.
[31] T.~Hwang, Y.~Chen, and C.~S. Laih, ''Non-interactive password authentications without password tables,'''' IEEE Region 10th Conference on Computer and Communication Systems, pp.~429--431, 1990.
[32] T.J. Hwang, ''Password authentication using public-key encryption,'''' IEEE Proceddings International Carnahan Conference Security Technology, pp.~141--144, 1983.
[33] S.~Inoue and T.~Matsumoto, ''A note on anonymous electronic auction,'''' IEICE Technical Report, Information Security, vol.~ISEC~95-5, 1995.
[34] J.K. Jan and Y.Y. Chen, ''paramita wisdom password authentication scheme without verification tables,'''' The Journal of Systems and software, vol.~42, pp.~45--57, 1998.
[35] H.W.E. Jones, A.C. Watson, and T.J. O''Neill, ''Vehicle security using smartcards,'''' Security Journal, vol.~10, no.~2, pp.~79--87, 1998.
[36] T.~Kawagoe, ''Electronic auction mechanism,'''' Proc. Symposium on Information Media''96}, pp.~75--82, 1996.
[37] H.~Kikuchi, M.~Hakavy, and D.~Tygar, ''Multi-round anonymous auction protocols,'''' IEICE Trans. on Information and Systems, vol.~E82-D, no.~4, pp.~769--777, 1999.
[38] H.~P. Konigs, ''Cryptographic identification methods for smart card in the process of standardization,'''' IEEE Communications Magazine, pp.~42--48, June 1991.
[39] M.~Kudo, ''Secure electronic sealed-bid auction protocol with public key cryptography,'''' IEICE Trans. On Fundamentals, vol.~E81-A, no.~1, pp.~20--27, 1998.
[40] L.~Lamport, ''Password authication with insecure communication,'''' Communications of the ACM, vol.~24, no.~11, pp.~770--772, 1981.
[41] R.~E. Lennon, S.~M. Matyas, and C.~H. Meyer, ''Cryptographic auyhentication of time-invariant quantities,'''' IEEE Transactions on Communications, vol.~29, no.~6, pp.~773--777, 1981.
[41] M.~Manassee, ''Millicent (electronic micro-commerce),'''' Digital Equipment Corp, 1995.
[42] MasterCard and Visa, ''Secure electronic transaction (set) specification book 1: business decryption,'''' May 1997.
[43] MasterCard and Visa, ''Secure electronic transaction (set) specification book 2: programmer''s guide,'''' May 1997.
[44] R.C. Merkle, ''A fast software one-way hash function,'''' Journal of Cryptology, vol.~3, no.~1, pp.~43--58, 1990.
[45] R.C. Merkle, ''One way hash function and des,'''' Advances in
Cryptology-Crypto 89, pp.~428--446, 1990.
[46] R.~Morris and K.~Thompson, ''Password security: a case history,'''' Communications of the ACM, vol.~22, pp.~594--597, 1979.
[47] D.~Naccache and D.~M''Raihi, ''Cryptographic smart cards,'''' IEEE Micro, pp.~14--24, June 1996.
[48] T.~Nakanishi, II. Watanabe, T.~Fujiwara, and T.~Kasami, ''Undeniable electronic anonymous bidding protocol,'''' IEICE Technical Report, Information Security}, vol.~ISEC 94-3, 1994.
[49] R.~M. Needham and M.~D. Schroeder, ''Using encryption for authentication in large networks of computers,'''' Communications of the ACM, vol.~21, pp.~993--999, 1978.
[50] C.~Neumann and G.~Medvinsky, ''Requirements for network payment-the netcheque perspective,'''' IEEE COMPCON, March 1995.
[51] P.~G. Neumann, ''Risks of passwords,'''' Communications of the ACM, vol.~37, p.~126, 1994.
[52] H.~Nurmi, ''Cryptographic protocols for auctions and bargaining,'''' Proc. of Results and Trends in Theoretical Computer Science, pp.~317--324, 1994.
[53] National~Institute of~Standard and NIST FIPS PUB 46-2 Technology, ''Data encryption standard,'''' U.S. Department of Commerce, Dec. 1993.
[54] D.~O''Mahony, M.~Peirce, and H.~Tewari, Electronic payment systems. Artech House, INC., 1997.
[55] R.~Rivest and A.~Shamir, ''Payword and micromint: two simple micropayment schemes,'''' MIT Laboratory for Computer Science, May 1997.
[56] R.~L. Rivest, A.~Shamir, and L.~M. Adleman, ''A method for obtaining digital signatures and public-key cryptosystems,'''' Communications of the ACM, vol.~21, pp.~120--126, Feb. 1978.
[57] B.~Schneier, Applied Cryptography. WILEY, 2nd edition, 1996.
[58]b A.~Shamir, ''How to share a secret,'''' Communications on ACM, vol.~22, no.~11, pp.~612--613, 1979.
[59] A.~Shamir, ''Identity based on cryptosystems and signature schemes,'''' Advances in Cryptology, CRYPTO''84, pp.~47--53, 1984.
[60] K.~Singh, ''On improvements to password security,'''' Operation System Review, vol.~19, pp.~53--60, 1985.
[61] M.~Sirbu and J.D. Tygar, ''Netbill: An electronic commerce system optimized for network delivered information and services,'''' Proceedings of IEEE Compcon''95}, March 1995.
[62] M.~Sirbu and J.D. Tygar, ''Netbill: An internet commerce system optimized for network delivered services,'''' IEEE Personal Communications}, vol.~2, Aug. 1995.
[63] J.~Stern and S.~Vaudenay, ''Svp: A flexible micropayment scheme,'''' LNCS, Proc. Financial Cryptography Workshop, 1997.
[64] D.~Sternglass, ''The future is in the pc cards,'''' IEEE Spectrum, vol.~29, pp.~46--50, 1992.
[65] M.~Stirland, ''Smartcards in secure electronic commerce,'''' Information Security Technical Report, vol.~3, no.~2, pp.~41--54, 1998.
[66] S.~Subramanian, ''Design and verification of a secure electronic auction protocol,'''' Reliable Distributed System 1998 Proceedings, 17th IEEE, pp.~204--209, 1998.
[67] M.~Udi, ''A simple scheme to make passwords based on one-way function much harder to crack,'''' Computers & Security}, vol.~15, no.~2, pp.~171--176, 1996.
[68] C.~Vincent and W.~Anthony, ''Access control determination of smart cards using a quantification of security level,'''' Security Journal, vol.~10, pp.~89--95, 1998.
[69] S.~J. Wang and J.~F. Chang, ''Smart card based secure password authentication scheme,'''' Computers and Security, vol.~15, no.~3, pp.~231--237, 1996.
[70] P.~Wayner, ''Digital cash,'''' Byte, vol.~19, no.~10, p.~126.
[71] M.~V. Wilkes Time Sharing Computer Systems, 1975.
Macdonald.
[72] T.~C. Wu, ''Remote login authentication scheme based on a geometric approash,'''' Computer Communications, vol.~18, no.~12, pp.~959--963, 1995.
[73] T.C. Wu and H.S. Sung, ''Authentication passwords over an insecure channel,'''' Computers & Security, vol.~15, no.~5, pp.~431--439, 1996.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊