跳到主要內容

臺灣博碩士論文加值系統

(98.82.120.188) 您好!臺灣時間:2024/09/15 15:14
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:蔡國裕
研究生(外文):Tsai Kuo-Yu
論文名稱:自我驗證標記系統
論文名稱(外文):Self-Certified Mark System
指導教授:吳宗成吳宗成引用關係
指導教授(外文):Wu Tzong-chen
學位類別:碩士
校院名稱:國立臺灣科技大學
系所名稱:資訊管理系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2001
畢業學年度:89
語文別:中文
論文頁數:56
中文關鍵詞:鑑別性完整性非交談式自我驗證公鑰系統標記
外文關鍵詞:authenticationintegritynon-interactiveself-certified public key systemmark
相關次數:
  • 被引用被引用:0
  • 點閱點閱:472
  • 評分評分:
  • 下載下載:26
  • 收藏至我的研究室書目清單書目收藏:1
隨著網際網路(Internet)的發展與全球資訊網(World Wide Web,WWW)的掘起,使得人們可以輕易透過瀏覽器來瀏覽、存取或分享網際網路上的遠端資訊,這改變了人類的生活型態、商業行為及傳播方式等,並且開創了一個美好的電子商務願景。然而由於人類對全球資訊網站的依賴度與日俱增,網站的良莠對民眾的影響程度亦隨之增加,不當的內容將導致不可預測的傷害。近來各種交易糾紛、私人資料的洩露及網路詐欺(Internet fraud)等案件層出不窮,網頁瀏覽者的疑慮隨之增加,並且對於電子商務行為望之卻步。為了挽回網頁瀏覽者的信任,許多民間團體或政府機構紛紛成立公正的網站認證組織,以制定相關的網站規範,並且核發網頁標記(mark)給合法的網頁供應者。此外,網頁瀏覽者藉由網頁標記來確認網頁供應者的合法身分。
綜觀現行的網站認證組織與其網頁標記系統,主要的功能僅提供網站身分鑑別性(authentication),而卻未確保網頁內容完整性(integrity)。因此當內容發生爭議且網頁供應者否認錯誤時,此類網頁標記將無法完全保障網頁瀏覽者的權益,再者,現行的驗證機制皆採用交談式作法,易造成傳輸瓶頸與驗證費時。因此,本論文考量網站鑑別性、網頁內容完整性以及交談式驗證機制所面臨的問題後,利用自我驗證公鑰系統(self-certified public key system)提出新的網頁標記系統,稱之為「自我驗證標記系統」,本系統的優點是網頁瀏覽者無須藉由網站認證組織的協助便可自行驗證網站的身分與網頁內容是否遭到偽造(fabrication)或篡改(modification),如此將減少大量網路傳輸時間與網站認證組織的負荷。此外,本系統亦允許網頁供應者針對所提供的網頁內容加以分級,以提供適當的瀏覽權限給網頁瀏覽者。
本系統可分為分離式與集中式自我驗證標記系統,亦即網站身分鑑別與網頁內容驗證同時進行時,我們定義這種驗證方法為「集中式」;反之,定義為「分離式」。「分離式」的優點在於網頁瀏覽者於網站身分鑑別正確無誤後,再準備私人資料向網頁供應者提出註冊申請,如此可防止私人資料被不肖網頁供應者濫用。而「集中式」則是先向網頁供應者提出註冊申請以取得網頁瀏覽的權限,並於註冊後應驗證網站身分與網頁內容的正確性,若發現有不法行為立即向標記授權中心告發,「集中式」效率較「分離式」優。
綜言之,本方法具備以下的優點:
1.本論文所提出的方法在網站身分鑑別與網頁內容驗證皆採非交談式,比現行方法較具效率。
2. 網頁瀏覽者在網站身分鑑別與網頁內容驗證時皆無需額外花費計算時間與傳輸成本來驗證公鑰的正確性,因此傳輸成本較現行方法低。
3. 網頁供應者能有效地將網頁內容分級規範,因此更具實用價值。

Along with the rapid development of the Internet, anyone can easily explore, access, and share the remote information over the Internet with an explorer. That changes the life, the commercial activity, and the mass media immediately and creates a vision of electronic commerce. Since more and more web users would acquire information from the Internet, incorrect content of the information provided by a website will make web users suffer from inscrutable disservice. Web users’ doubts are raised by bargain dispute, private data reveal and Internet fraud. In order to remedy the worsening situation, kinds of website authentication organizations are established to make up rules for authenticating websites and giving a legal website a mark. By verifying the authenticity of the mark, any web user can ensure the identification of the website.
Taking a comprehensive view of the website authentication organizations, we find that their main job is to provide authentication of the website for web users by an authorized mark but integrity of the content on the web pages. When the web page provider denies his mistake appeared on the web page, identification authentication of websites is insufficient to protect rights of web users. Moreover, the adopted methods of authentication are interactive; hence, verification of the authorized mark is costly and transmission between the web users and the website authentication organization may result in the bottleneck. For insuring identification authentication of websites, providing integrity of the content on the web page, and overcoming the drawbacks of the interactive method, we propose a new mark system with self-certified public key system (called a self-certified mark system). The main advantage of the proposed system is that a web page user can verify whether the identification of the website and content of web pages are fabricated or modified. It does not require the assistance of the website authentication organization; hence, the data transmission time and the overload of the website authentication organization can be lowered. In addition, our system also provides a method to classify content of web pages to give appropriate rights to web users.
We propose two schemes for realizing our system. If the identification of the website and the content of the web pages can be verified simultaneously, we call this scheme as “centralized”. Otherwise, the scheme is called as “separable”. In the separable system, any web user registers his personal data to a web page provider after authenticating the website. It can prevent user’s personal data from being misused by an illegal provider. In the centralized system, any web user first registers with the web page provider and then authenticates the identification of the website and the content of web pages. It can be seen that the centralized scheme is more efficient than the separable one.
To sum up, our proposed schemes in this thesis are characterized as follows:
1. Since the proposed schemes are non-interactive, they are more efficient than the previously proposed methods for authenticating identification of the website and content of the web pages.
2. It is unnecessary for the web users to transmit the public keys (including their certificates) and verify their authenticity before authenticating the identification of the websites and the content of the web pages. Hence, it is more efficient than the previsouly methods in terms of the communication costs and the computational efforts.
3. The web page provider can efficiently classify and maintain the content of his website.

目 錄
中文摘要I
英文摘要IV
誌謝VII
目錄VIII
圖索引X
表索引XI
第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 7
1.3 論文架構 9
第二章 相關研究10
2.1 Secure online 安全線上交易認證網站10
2.2 遠端認證系統13
第三章 自我驗證標記系統 15
3.1 符號定義與系統模型 15
3.2 分離式自我驗證標記系統 27
3.3 集中式自我驗證標記系統35
第四章 安全性與效率性分析 39
4.1 安全性分析 39
4.2 效率性分析 43
第五章 結論與未來研究方向 48
5.1 結論 48
5.2 未來研究方向 49
參考文獻 50
附錄A 重要名詞之英、中文對照表 53
作者簡介 56

參考文獻
[ABSS96]G. Ateniese, C. Blundo, A. De Santis, and D.R. Stinson, “Constructions and bounds for visual cryptography”, in Proceedings of the 23rd International Colloquium on Automata, Languages and Programming, Lecture notes in computer science 1099, Sringer-Verlag, 1996, pp. 416- 428.
[BASS]C. Blundo, P.D Arco, A. De Santis, and D.R. Stinson, “Constrast optimal threshold visual cryptography scheme”, to appear in SIAM Journal on Discrete Mathematics.
[Girault]M. Girault, “Self-certified public keys”, Advances in Cryptology: EUROCRYPT ’91, Lecture notes in computer science 547, Springer-Verlag, 1991, pp. 490-497.
[HPM95]P. Horster, M. Michels, and H. Peterson, “Hidden signature schemes based on the discrete logarithm problem and related concepts”, Communications and Multimedia Security, Chapman and Hall on behalf of the International Federation for Information Processing, 1995, pp. 160-177.
[KI96-1]T. Katoh and H. Imai, “Some visual secret sharing schemes and their size”, in Proceedings of International Conference on Cryptology and Information Security, 1996, pp.41 -47.
[KI96-2]T. Katoh and H. Imai, “Limiting the visible space visual secret sharing schemes and their application to human identification”, Advances in Cryptology: ASIACRYPT ’96, Lecture notes in computer science 1163, Springer-Verlag, 1996, pp. 185-195.
[MOI90]S. Miyaguchi, K. Ohta, and M. Iwata, “128-bit hash function (n-hash)”, in Proceedings of SECURICOM’90, 1990, pp. 127-137.
[NIST91]National Institute of Standards and Technology (NIST), “A proposal federal information processing standard for digital signature standard (DSS)”, Federal Register 56, No. 169, 1991, pp. 42980-42982.
[NIST92]National Institute of Standards and Technology (NIST), “The digital signature standard proposed by NIST”, Communications of the ACM, Vol. 35, No. 7, 1992, pp. 36-40.
[NIST93]National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure hash standard”, U. S. Department of Commerce, 1993.
[NS94]M. Naor and A. Shamir, “Visual cryptography”, Advances in Cryptology: EUROCRYPT’94, Lecture notes in computer science 950, Springer-Verlag, 1995, pp.1-12.
[PH97]H. Petersen and P. Horster, “Self-certified keys — concepts and applications”, in Proceedings of the 3rd Communications and Multimedia Security CMS’97, Chapman and Hall, 1997, pp. 102-116.
[Sae97]S. Saeednia, “Identity-based and self-certified key-exchange protocols”, Information Security and Privacy: ASISP ’97, Lecture notes in computer science 1270, Springer-Verlag, 1997, pp. 303-313.
[SS98]S. Saeednia and R. Safavi-naini, “Efficient identity-based conference key distribution protocols”, Information Security and Privacy: ACISP ’98, Lecture notes in computer science 1438, Springer-Verlag, 1998, pp. 320-331.
[San98]A. De Santis, “On visual cryptography schemes”, Information Theory Workshop, 1998, pp. 154-155.
[Wu99]T.C. Wu, “Digital signature/multisignature schemes giving public key verification and message recovery simultaneously”, to appear in Computer Systems Science and Engineering.
[WCL98]T.C. Wu, Y.S. Chang, and T.Y. Lin, “Improvement of Saeednia’s self-certified key exchange protocols”, Electronics Letters, Vol. 34, No. 11, 1998, pp. 1094-1095.
[YCA96]H.K. Yang, J.H. Choi, and Y.H. Ann, “Self-certified identity information using the minimum knowledge”, IEEE TENCO: Digital Signature Processing Application, 1996, pp. 641-647.
[YL98]C.N Yang and C.S. Laih, “New (k, k) visual secret sharing schemes using hierarchical structure technique”, Workshop on Cryptology and Information Security, ICS’98, pp. 148-154.
[吳00]吳宗成,“隱私標記(Privacy Mark)與信賴標記(Trust Mark)”,日本之資訊安全及電子商務認證考察報告,日本東京市,2000年。

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top