輕量目錄存取協定(LDAP; Lightweight Directory Access Protocol)是一項運用於網際網路的新技術。在使用TCP/IP協定的大型網路系統中，沒有一個標準建議使用單一目錄，當然對於企業內部網路系統亦如此。LDAP服務具備許多的優點－例如，提供快速與進階搜尋、快速回應與以階層式展現資料。它也可以被運用到許多其他的應用中。
憑證授權中心(CA; Certification Authority)是一個被信任的系統，它在終端實體(包括人與機器)間扮演一個類似公正人的橋接角色，幫助終端實體間建立安全環境。假如某個終端實體想要與其他終端實體交易或溝通，它需要透過一張CA系統發行的憑證來取信於其他終端實體。當有許多終端實體需要憑證服務時，CA系統的負載會變得相當的沉重。使用分散式的CA系統聽起來可能是一個好點子，但是其建購成本太高。在這本論文中，我們將運用目錄系統來設計一個會議式憑證授權中心(Session CA)以減輕CA系統的負載，因為屬性憑證(Attribute Certificate)生命週期很短暫所以此系統不需維護憑證廢止序列(CRL; Certificate Revocation List)。
基於LDAP目錄服務具備上述的優點，因此很值得我們採用它來設計一個新的CA系統。藉由使用LDAP服務，我們可以明顯減輕CA系統與終端實體間的憑證服務負載。此外，此技術可以減少管理上的維護工作並改善我們所提CA系統的效能。因此，結合以角色為基礎的存取控制與屬性憑證，我們系統的安全性將大幅改善。

Lightweight Directory Access Protocol (LDAP) service [1, 2] is a new technology being applied on the Internet. On large-scale network systems using TCP/IP protocol, there''s no standard suggested for single directory − certainly without one to be routinely used on the scale of intranets. LDAP service has many great features, such as providing quick and advanced search, quick response and hierarchy view of data. It also can be utilized to many different applications.
Certification Authority (CA) [3] is a trusted system, and it plays an important role just like a notary bridging between end-entities and helps end-entities to establish a secure environment. If someone wants to trade or communicate with others, he or she needs the certificate issued by the CA to help him or her get the trust from others. When a number of end-entities need this service, the load of CA may become huge. Using distributed CAs may sound like a good idea, but it costs too much. In this dissertation, we have designed a Session CA using a directory system to share its load without the necessity to maintain the Certificate Revocation List (CRL) [4, 5] because the lifetime of the attribute certificate is very short.
With these great features of LDAP service mentioned above, it becomes desirable that we can apply them to design a new CA system. By using LDAP service, we can reduce the load of certification significantly between CA and end-entity. In addition, this new technology can reduce the maintenance work of administration and improve the efficiency of our new proposed CA. Furthermore, combining with Role-Based Access Control (RBAC) [6] and attribute certificate, the security of our system is greatly improved.

摘要 ii
ABSTRCT iv
Contents vi
List of Figures x
List of Tables xii
Chapter 1 Introduction 1
Chapter 2 Cryptography 3
2.1 Symmetric Ciphers 3
2.2 Asymmetric Ciphers 4
2.3 One-Way Hash Functions 5
2.4 Digital Signature Schemes 6
2.5 Message Authentication Codes 6
Chapter 3 Related Technologies on Networking 8
3.1 Directory Service 8
3.1.1 LDAP 10
3.2 Public Key Infrastructure 17
3.2.1 X.509 Certificate 20
3.2.2 Simple Public-Key Infrastructure 22
3.3 Secure Communication Technologies 23
3.3.1 Secure Socket Layer 24
3.3.2 Transport Layer Security 28
3.4 Role-Based Access Control 30
Chapter 4 Role-Base Access Control Model based on Directory Service and PKI 34
4.1 System Architecture of Our Proposed Model 34
4.2 Important Operations on LDAP service 37
Chapter 5 The Design of Our Proposed Model 39
5.1 Protocol Model 39
5.1.1 Phase 1: ID Certificate Registration Protocol 39
5.1.2 Phase 2: Attribute Certificate Retrieval protocol 42
5.1.3 Phase 3: Logon protocol 43
5.2 Data Flow Model 43
5.2.1 Data flow of ID certificate registration protocol 44
5.2.2 Data flow of attribute certificate retrieval protocol 48
5.2.3 Data flow of logon protocol 51
5.2.4 Other important function 52
5.3 Information Model for RBAC 53
5.4 Security Analysis of Protocol 57
Chapter 6 Discussion and Comparison 60
6.1 The future of LDAP 60
6.2 Other applications 61
6.3 Comparisons with other CAs 63
6.4 Session CA vs. Kerberos 68
Chapter 7 Conclusion 71
APPENDIX A ND-Cipher 73
A.1 Background 74
A.1.1 Notations and Vector Operations 74
A.1.2 Number Representations 74
A.1.3 Deterministic Number Representations (DNR) 76
A.1.4 Nondeterministic Number Representations (NNR) 80
A.1.5 Combination of DNR and NNR 84
A.2 Cryptosystem 86
A.2.1 NDC 86
A.2.2 Key Generation 87
A.2.3 Selection of Ciphertext 88
A.2.4 Concatenation of NDCs 89
A.2.5 Enhanced NDC 90
A.2.6 Use the Middle Part of 91
A.2.7 Data Expansion 91
A.3 Security Analysis 92
APPENDIX B Message Authentication Codes with SHA and AES 94
B.1 Non-deterministic Message Authentication Code (NMAC) 94
B.2 Algorithm of MAC 96
B.3 Security Analysis 98
APPENDIX C Authenticated TELNET Protocol 99
C.1 Objects 99
C.2 Background 100
C.2.1 TELNET Protocol 100
C.3 Proposed Design 102
C.3.1 Authenticated TELNET Protocol Overview 102
C.3.2 Negotiation Phase 104
C.3.3 Example 113
C.4 Application Phase 116
C.5 Designing Cipher Suite 118
C.5.1 Cipher Suite Comprising Public-Key Cryptography 121
C.5.2 Cipher Suite Comprising Secret-Key Cryptography 121
C.5.3 Cipher Suite Comprising Hash Function 122
C.6 Codes For the Cipher Specification 122
Bibliography 124
Publication Lists 128
Curriculum Vita 130

[01] IETF, "Lightweight Directory Access Protocol," RFC 1777, March 1995.
[02] IETF, "Lightweight Directory Access Protocol (v3)," RFC 2251, December 1997.
[03] ITU-T, "ITU-T Recommendation X.509: The Directory-Public-key and attribute certificate frameworks," March 2000.
[04] IETF, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile," RFC 3280, April 2002
[05] IETF, "Internet X.509 Public Key Infrastructure Certificate Management Protocols," RFC 2510, March 1999.
[06] Ravi S. Sandhu and Edward J. Coyne and Hal L. Feinstein, "Role-based access control models," IEEE Computer, vol. 29, 1996, pp. 38-47.
[07] IETF, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework," RFC 2527, March 1999.
[08] IETF, "Internet X.509 Public Key Infrastructure Qualified Certificates Profile," RFC 3039, January 2001.
[09] A.O. Freier, P. Karlton, and P.C. Kocher, "The SSL Protocol version 3.0," Netscape Communication Corp, March 1996.
[10] IETF, "The TLS Protocol Version 1.0," RFC 2246, January 1999.
[11] Bruce Schneier, Applied Cryptography 2nd edition, John Wiley & Sons, Inc., 1996.
[12] A.J. Menezes, P.C.V. Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
[13] D.R. Stinson, Cryptography - Theory and Pratice 2nd Edition, CRC Press, March 2002.
[14] S. Goldwasser and M. Bellare, Lecture Notes on Cryptography,
http://www-cse.ucsd.edu/users/mihir.
[15] W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, v. 22, pp. 644-654,1976.
[16] Certicom White Paper , "Elliptic Curve Cryptosystems,"
http://www.certicom.com.
[17] NIST, "DES Modes of Operation," NIST FIPS PUB 81, December 1980.
[18] NIST, "Recommendation for Block Cipher Modes of Operation - Methods and Techniques," NIST SP 800-38a, 2001 Edition.
[19] NIST, "NIST Recommendation for Mode,"
http://csrc.nist.gov/encryption/modes/index.html
[20] NIST, "Computer Data Authentication," NIST FIPS PUB 113, May 1985.
[21] M. Bellare, R. Canetti, and H. Krawczyk, "Keying Hash Functions for Message Authentication," Advances in Cryptology-CRYPTO''96, pp. 1-15, Springer-Verlag, 1996.
[22] D.W. Chadwick, Understanding X.500 (The Directory), Chapman and Hall, June 1994.
[23] ITU, "ITU-T Recommendation X.509: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)," November 1988.
[24] IETF, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names," RFC 2253, December 1997.
[25] IETF, "Using Domains in LDAP Distinguished Names," RFC 2247, January 1998.
[26] IETF, "Naming Plan for Internet Directory-Enabled Applications," RFC 2377, September 1998.
[27] IETF, "File Transfer Protocol," STD 0009, October 1985.
[28] IETF, "Hypertext Transfer Protocol HTTP/1.1," RFC 2616, June 1999.
[29] ITU, "ITU-T Recommendation X.691: Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)," November 1997.
[30] ITU, "ITU-T Recommendation X.691: Information technology - Open Systems Interconnection - The Directory: Models," February 2001.
[31] IETF, "SPKI Requirements," RFC 2692, September 1999.
[32] IETF, "SPKI Certificate Theory," RFC 2693, September 1999.
[33] ANSI, "Public Key Cryptography for the Financial Services Industry - Certificate Management," ANSI X9.57, March 1997.
[34] IETF, "HMAC: Keyed-Hashing for Message Authentication," RFC 2104, February 1997.
[35] Y.S. Yeh, W.S. Lai, and C.J. Cheng, Applying lightweight directory access protocol service on session certification authority, Computer Networks, v. 38, i. 5, pp. 675-692, April, 2002.
[36] World Wide Web Consortium, W3C Recommendation: Extensible Markup Language (XML) 1.0 (Second Edition),
http://www.w3.org/TR/2000/REC-xml-20001006.pdf
[37] Y.S. Yeh, W.S. Lai, I-T Chen, "An N-D Cryptoscheme," Journal of Information and Optimization Sciences, v. 23, n. 1, pp. 19-36, 2002.
[38] Y.S. Yeh and C.C. Wang, "Construct Message Authentication Code with One-Way Hash Functions and Block Ciphers," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, v. E82-A, No. 2, pp. 390-393, February 1999.
[39] NIST, "Secure Hash Standard (SHS)," NIST FIPS 180-1, April 1995.
[40] NIST, "Secure Hash Standard (SHS)," NIST FIPS Draft 180-2, May 2001.
[41] NIST, "Advanced Encryption Standard (AES)," NIST FIPS PUB 197, November 2001.
[42] Y.S. Yeh, C.H. Lain, and W.S. Lai, "Construct Message Authentication Code with SHA and AEA," Journal of Discrete Mathematical Sciences and Cryptography. (accepted on April 2002)
[43] Y.S. Yeh and W.S. Lai, "The Design of Authenticated TELNET Protocol to Enhance Cryptography and Security," Malaysian Journal of Computer Sciences, v. 15, n. 1, June 2002. (accepted)
[44] IETF, "Telnet Protocol Specification," RFC 854, May 1983.
[45] IETF, "Telnet Option Specifications," RFC 855, May 1983.
[46] IETF, "XDR: External Data Representation Standard," RFC 1832, August 1995.