臺灣博碩士論文加值系統

在此資訊爆炸的時代，資訊不可能集中儲存於某一特定場所，因此分散式系統應運而生。在分散式系統中，各個節點提供不同的服務，這些節點間由相連的網路串接而成，因此如何保障節點間的通訊安全已成為當前網路安全一大議題。
在眾多認證架構中，Kerberos認證技術是目前最廣為使用的認證系統。它採取中央認證策略，由一個集權式認證伺服器負責認證使用者身份。使用者經過認證後可以取得一份身份證明，憑藉著身份證明，使用者將可以存取在不同節點上的資源。由於中央認證策略，這個系統提供了單一登入的功能，這帶給人們莫大的方便性。但也因為Kerberos採用密碼認證機制、純粹對稱式密碼學以及信任終端機儲存安全性，使得Kerberos容易遭受攻擊。因此本論文目的在於提出一個植基於改良式Kerberos，並結合生物辨識及公開金鑰技術之網路認證系統。
我們的認證系統是以生物認證為基礎，這個機制可以避免因為使用者選用不安全密碼所帶來的風險。再者，使用者的認證資料並非存於任何終端，而是儲存於一張可以隨身攜帶的智慧卡上，這個認證資料管理策略使得本系統安全性和終端機是無關的，並且使用者存取資料時不再受限於特定終端機。
在我們的系統中，應用程式伺服器並不直接管理使用者登入程序，而是由一個登入管理伺服器來執行這項工作。這帶來兩項好處：第一，應用程式伺服器將可致力於服務品質之提升。第二，免除不同管理策略所造成的安全漏洞。這個登入管理伺服器負責使用者之生物認證以及後續之登入管理。使用者必須先通過生物認證後才可向認證伺服器索取身份證明文件。這份證明代表使用者有權提取到某些應用程式伺服器之文件。當使用者取得往某個應用程式伺服器之文件後，該名使用者必須再次回到登入管理伺服器作登入查驗。一旦通過上述檢驗後，使用者便能夠取得往應用程式伺服器之金鑰，為了防止駭客在使用者通過驗證後竊取登入金鑰，這把金鑰只能被使用一次，下次使用者登入時必須經由登入管理伺服器檢驗是否已經通過生物辨識並且擁有往應用程式伺服器之相關文件。
對稱式密碼學多為簡單的邏輯運算元組成，因此具有較佳的效能，然而由於通訊雙方必須同時擁有相同金鑰，因此應用於認證系統時容易吸引駭客攻擊認證伺服器。另一類密碼學是非對稱式密碼學，這類密碼學中，使用者擁有公開金鑰以及私有金鑰。任何人皆可使用公開金鑰加密文件，但是只有真正的使用者握有解密所需之私有金鑰。因此植基於非對稱式密碼學之認證系統不需在認證伺服器端紀錄使用者之私有金鑰，這點使得這類認證系統擁有較高之安全度。然而現行非對稱式密碼學多半植基於某些複雜的數學運算，因此計算速度較慢，這也使得這種認證系統效能不佳。在我們的系統中，我們混用對稱式密碼系統以及非對稱式密碼系統以期在安全與效能上尋得一平衡點。
綜上所述，我們的認證系統具有較佳的安全度以及可接受的效能，因此我們的系統比其他認證系統更適用於現今網路環境。

Due to the rapid growth of technology, it is impossible to store all information in a single instance. This results in the development of distribution system. A distribution system means a set of interconnected nodes. Hence, how to guarantee the communication security between nodes is a major topic of modern network security.
Currently, Kerberos is the most widely-used authentication scheme for distribution system. In Kerberos, user verification is achieved by a central authentication server. This server will give user an identity credential a after the verification. With this credential, user can access resources spreading in multi-nodes. Because adopting central authentication policy, Kerberos provides a convenient functionality─single sign on. But Kerberos has potential weaknesses which result from its password based architecture, purely symmetric cryptography, and the assumption that a client can securely protect users’ verification documents. Therefore, the objective of this thesis is to propose a secure network authentication system based on Kerberos, biometric verification, and public-key technology.
Biometric verification can provide a stronger evidence of one’s identity than password verification. By adopting biometric verification, our system can avoid the risks result from using vulnerable passwords. Besides, in our system, user’s authentication documents do not exist in any client but in a portable device─smart card. This storage tactic leads to the result that the storage-security of user’s data is independent of client’s security.
In our system, application server does not manage the log-in procedures of users directly, and a trusted log-in management server is responsible for this task. This brings two benefits. First, application server can concentrate itself to service providing. Second, we can prevent security loopholes result from diverse management policies. The log-in procedures managed by the log-in management server include biometric verification and later log-in checks. A user must be verified using his biometric features before presenting the ticket to application server. After these checks, the user can receive a session key to the application server. In order to prevent hackers from embezzling this key, log-in key can be used just once.
Because symmetric cryptography is generally constructed of simple computing logic units, these algorithms can run fast. But in symmetric cryptography, the shared secret is necessary and this will lead to some security loopholes. On the other hand, because of the nature of asymmetric cryptography, user does not share a secret with his communicating parties. However, these algorithms suffer from poor performance. Hence, by adopting a mixed mode of both symmetric and asymmetric cryptographies, our system can achieve a trade-off between security and efficiency.
In summary, our authentication system is more secure than other systems and can achieve acceptable performance. Therefore, our system is more suitable to modern network environments than other authentication systems.

Chapter 1 Introduction........................................1
1.1 Motivation................................................1
1.2 The Features of Distribution System and Authentication Architecture..................................................2
1.3 Kerberos Authentication System............................3
1.4 Objective.................................................4
1.5 Thesis Organization.......................................6
Chapter 2 Authentication System...............................7
2.1 The Related Cryptography and Glossary.....................7
2.1.1 The Related Cryptography................................7
2.1.2 Glossary and Symbols Used in Our Thesis.................9
2.2 The Overview and the Development of Authentication System13
2.2.1 Authentication.........................................13
2.2.2 The Embryo of Authentication System....................16
2.2.3 The Analysis of Early Authentication Systems...........18
2.3 Kerberos Authentication System...........................18
2.3.1 The Ideas behind Kerberos..............................19
2.3.2 The Assumptions of Kerberos............................20
2.3.3 The Authentication Flowchart of Kerberos Vision........20
2.3.4 Kerberos Vision 5......................................23
2.3.5 Security Analysis of Kerberos Authentication System....29
2.4 Public-key Enabled Authentication Systems Extend Kerberos.....................................................31
2.4.1 Motivation.............................................31
2.4.2 Internet Drafts........................................32
2.4.2.1 PKINIT...............................................32
2.4.2.2 PKCROSS..............................................33
2.4.3 SESAME.................................................34
2.4.3.1 The Components of SESAME.............................35
2.4.3.2 The Authentication Flowchart of SESAME...............38
2.4.3.3 The Analysis of SESAME...............................41
2.5 IC Card Based Authentication System......................42
2.6 Biometric Authentication System..........................45
Chapter 3 The Threats of Network Security....................48
3.1 Network Intruders........................................48
3.1.1 Password Based Systematic Security.....................48
3.1.2 Password Selection Strategies..........................49
3.2 Software Threats of Network Security.....................50
Chapter 4 Propose System.....................................54
4.1 System Features..........................................54
4.2 System Servers...........................................59
4.2.1 PKI Domain.............................................60
4.2.2 Authentication Domain..................................61
4.3 System Flowchart.........................................64
4.3.1 Register Phase.........................................64
4.3.1.1 The Register Procedures in CA........................65
4.3.1.2 The Register Procedures of the Servers in Authentication Domain........................................65
4.3.2 Biometric Authentication Phase.........................67
4.3.3 Ticket Request Phase...................................69
4.3.3.1 Request a New Ticket.................................69
4.3.3.2 Request a Renewed Ticket.............................72
4.3.3.3 Update TGT...........................................73
4.4 Secure Analysis..........................................74
4.4.1 Compare BA-Kerberos with Other Authentication Systems..74
4.4.2 The Resistance of BA-Kerberos to Network Threats.......76
Chapter 5 Conclusions........................................80
Bibliography.................................................82

[ABRA99] Abraham Silberschatz and Peter Baer Galvin Operating System Concepts, Reading, MA: Addison-Wesley, June 1999.
[AKL83] S. Akl “Digital Signatures: A Tutorial Survey.” Computer, February 1983.
[ANDE80] J. Anderson Computer Security Threat Monitoring and Surveillance, Fort Washington, PA: James P. Anderson Co., April 1980.
[ALVA90] A. Alvare “How Crackers Crack Passwords or What Passwords to Avoid.” Proc., UNIX Security Workshop II, August 1990.
[ASHL99] P. Ashley and M. Vandenwauver “Using SESAME to Implement Role Based Access Control in Unix File Systems.” (WET ICE ''99) Proc. IEEE Int. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 141 -146, 1999.
[BOSS97] A. Bosselaers, R. Govaerts, and J. Vandewlle “Fast Hashing on the Pentium.” Proc., Crypto ’96, published by Springer-Verlag, August 1996.
[BOWL92] J. Bowles and C. Pelaez “Bad Code.” IEEE Spectrum, August 1992.
[BRIA01] Brian Tung, Tatyana Ryutov, and Clifford Neuman “Public Key Cryptography for Cross-Realm Authentication in Kerberos.” Internet draft working documents of IETF, May 8, 2001.
available at http://search.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-cross-08.txt
[BRIA02] Brian Tung and Clifford Neuman “Public Key Cryptography for Initial Authentication in Kerberos.” Internet draft working documents of IETF, May 25, 2002.
available at http://search.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-15.txt
[CCIT92] CCITT X.500 Series | ISO/IEC 9594, 1~9, Information Technology─ Open Systems Interconnection─The directory, 1992.
[CHAN01] N.Z. Chang and Cungang Yang “An Object-oriented RBAC Model for Distributed System.” Proc. IEEE Int. Conference on Software Architecture, pp. 24~32, 2001.
[COR95] ISO/IEC JTC 1/SC 21, Technical Corrigendum 2 to ISO/IEC 9594-8: 1990 񝐩 (1995:E), July 1995.
[CRYP02] Cryptix 3, available at http://www.cryptix.org/products/index.html
[DIFF76] W. Diffie and M. Hellman “New Directions in Cryptography.” IEEE Transactions on Information Theory, November 1976.
[DOBB96] H. Dobbertin, A. Bosselaers, and B. Preneel “RIPEMD-160: A Strengthened Version of RIPEMD.” Proc., 3rd International Workshop on Fast Software Encryption, published by Springer-Verlag, 1996.
[DENN81] D.E. Denning and G.M. Sacco “Timestamps in Key Distribution Protocols.” Communication of the ACM, vol. 24, no. 8, pp. 533~536, August 1981.
[FIPS95] “Secure Hash Standard.” FIPS PUB 180-1, National Institute of Standards (NIST), 1995.
available at http://csrc.nist.gov/publications/fips/fips180-1/fip180-1.pdf
[FIPS85] “Computer Data Authentication.” FIPS PUB 113, National Institute of Standards (NIST), 1985.
available at http://csrc.nist.gov/publications/fips/
[GANE95] R. Ganesan “Yaksha: Augmenting Kerberos with Public Key Cryptography.” Proc., the Symposium on Network and Distributed System Security, pp. 132~143, 1995.
[GONG92] L. Gong “A Security Risk of Depending on Synchronized Clocks.” Operating System Review, vol. 26, no. 1, pp. 49~53, January 1992.
[HARB01] A.H. Harbitter and D.A. Menasce “Performance of Public-key-enabled Kerberos Authentication in Large Networks.” Proc. IEEE Int. IEEE Symposium on Security and Privacy, pp. 170~183, 2001.
[HEGA97] N.H. Hegazi, M.T. El-Hadidi, and H.K. Aslan “Performance Analysis of the Kerberos Protocol in a Distributed Environment.” Proc. IEEE Int. 2nd IEEE Symposium on Computers and Communications, pp. 235~239, 1997.
[ISO9594-8] ISO/IEC 9594-8, Information Processing System─Open Systems Interconnection─The Directory─Part 8: Authentication Framework (X.509).
[ISOB01] Y. Isobe, Y. Seto, and M. Kataoka “Development of Personal Authentication System Using Fingerprint with Digital Signature Technologies.” Proc., 34th Annual Hawaii International Conference on System Sciences, pp. 4039~4047, 2001.
[ITOI99] N. Itoi and P. Honeyman “Practical Security Systems with Smartcards.” Proc., 7th Workshop on Hot Topics in Operating Systems, pp. 185~190, 1999.
[JONA99] Jonathan Knudsen Java Cryptography, Reading, CA: O’Reilly, 1999.
[JOHN94] John. Kohl, B. Clifford Neuman, and Theodore Y. Ts’o “The Evolution of the Kerberos Authentication Service.” Distributed Open Systems IEEE Computer Society Press, pp. 78-94. 1994.
[CHEN99] Ju-Chen Hsueh “Design of Authentication Systems with IC Cards.” (NCS99) Nation Computer Symposium, 1999.
[KOHL93] John Kohl and B. Clifford Neuman “The Kerberos Network Authentication Service.” Internet Request for Comments RFC 1510. September 1993.
available at http://www.ietf.org/rfc/rfc1510.txt
[KUAN00] Kuang-Yu Tang “Design of Secure Environment for Certificate Authorities.” Master thesis of Tang in NCKU, June 2000.
available at http://192.83.186.1/theabs/01/
[LINN96] J. Linn “The Kerberos Vision 5 GSS-API Mechanism.” RFC 1964, Network Working Group, 1996.
available at http://www.ietf.org/rfc/rfc1964.txt
[MCMA95] P.V. McMahon “SESAME V2 Public Key and Authorization Extensions to Kerberos.” Proc., the Symposium on Network and Distributed System Security, pp. 114~131, 1995.
[MEDV97] A. Medvinsky, et al. “Public Key Utilizing Tickets for Application servers.” (PKTAPP), Internet Draft, 1997.
available at http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-tapp-03.txt
[MITC92] C. Mitchell, F. Piper, and P. Wild “Digital Signatures.” The Science of Information Integrity. Piscataway, NJ: IEEE Press, 1992.
[FIPS77] National Bureau of Standards. Announcing the data encryption standard. Technical Report FIPS Publication 46, National Bureau of Standard, January 1977.
[PKI01] “Public Key Infrastructure Specification.” The specification issued by Object Management Group (OMG), February 2001.
available at http://www.omg.org/issues/
[RIVE78] R. Rivest, A. Shamir, and L. Adleman “A Method of Obtaining Digital Signaures and Public Key Cryptosystems.” Communications of ACM, February 1978.
[RIVE90] R. Rivest “The MD4 Message Digest Algorithm.” Proc., 2nd International Workshop on Fast Software Encryption, published by Springer-Verlag, December 1994.
[RIVE92] R. Rivest “The MD5 Message Digest Algorithm.” RFC 1321, Network Working Group, 1995.
available at http://www.ietf.org/rfc/rfc1321.txt
[ROGE78] Roger M. Needham and Michael D. Schroeder “Using Encryption for Authentication in Larger Networks of Computer.” Communications of the ACM, vol. 21, no. 12, December 1978.
[SAND96] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and Youman “Role-based Access Control Models.” C.E. Computer, vol. 29, no. 2, pp. 38~47, February 1996.
[SEMI01] Seminar of IC card─theory and practice, 2001.
[SHAN93] C.E. Shannon, Collected Paper: Claude Elmwood Shannon, N.J.A. Sloane and A.D. Wyner, eds., New York: IEEE Press, 1993.
[SIRB97] M.A. Sirbu and J.C.-I. Chuang “Distributed Authentication in Kerberos Using Public Key Cryptography.” Proc., 1997 Symposium on Network and Distributed System Security, pp. 134~141, 1997.
[SLOM02] M. Sloman and E. Lupu “Security and Management Policy Specification.” IEEE Network, vol. 16 no. 2, pp. 10~19, March-April 2002.
[STEV90] Steven M. Bellovin and Michael Merritt “Limitations of the Kerberos Authentication System.” USENIX-Winter’ 91-Dallas, TX, October 1990.
[PACK95] Tom Packer and Denis Pinkas “SESAME-V4 Overview.” Bull SA (Bull), International Computers Ltd (ICL), Siemens Nixdorf Informationssymteme (SNI), December 1995.
available at https://www.cosic.esat.kuleuven.ac.be/sesame/
[TSAN01] Tsang hin Chung, Leung Kwong Sak, and Lee Kin Hong “Design and Analysis of Smart Card Based Remote Authentication Protocol for Internet-based System.” (WET ICE 2001) Proc. IEEE Int. 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 229~230, 2001.
[TUNG01] B. Tung, et al. “Public Key Cryptography for Initial Authentication In Kerberos.” Internet Draft, January 15 2001.
available at http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-12.txt
[VAND97a] M. Vandenwauver, R. Govaerts, and J. Vandewalle “Overview of Authentication Protocol.” Proc. IEEE Int. 31st Annual IEEE Carnahan Conference on Security Technology, pages 108-113, 1997.
[VAND97b] M. Vandenwauver, R. Govaerts, J. Vandewalle “How Role Based Access Control is Implemented in SESAME.” Proc. IEEE Int. 6th IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 293~298, 1997.
[W2000] Microsoft document.
available at http://dado.thu.edu.tw/research/p2/11/W2000Sec_2.htm
[WAHL97] M. Wahl, A. Coulbech, T. Howes, and S. Kille “Lightweight X.500 Directory Access Protocol (v3): Attribute Syntax Definitions.” RFC 2252, Network Working Group, December 1997.
available at ftp://ftp.isi.edu/in-notes/rfc2252.txt
[WENJ96] Wen-Jian Tsai “Security Architecture of Information System.” Master thesis of Tsai, 1996.
available at http://datas.ncl.edu.tw/
[WILL99] William Stallings Cryptography and Network Security: Principles and Practice, international second edition, Reading, Prentice-Hall, Inc., 1999.
[X.208] Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1), CCITT, 1988.
[X.209] Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1), CCITT, 1988.
[YEN96] Yen-Jen Lee, D.H.C. Du, and Wei-Hsiu Ma “SESAME a Scalable and ExtenSible Architecture for Multimedia Entertainment.” (COMPSAC ''96) Proc., 20th International Computer Software and Applications Conference, pp. 56~61, 1996.
[ZHIQ00] Zhiqun Chen Java Card Technology for Smart Cards: Architecture and Programmer’s Guide, Reading, MA: Addison Wesley, June 2000.