跳到主要內容

臺灣博碩士論文加值系統

(35.172.136.29) 您好!臺灣時間:2021/07/29 08:06
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陳和樞
研究生(外文):He-Shu Chen
論文名稱:保護行動代理人所收集資料之研究
論文名稱(外文):The Research of Mobile Agent Collected Data Protection
指導教授:顏嵩銘顏嵩銘引用關係
指導教授(外文):Sung-Ming Yen
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:55
中文關鍵詞:變色龍簽章行動代理人環簽章
外文關鍵詞:chameleon signaturering signaturemobile agent
相關次數:
  • 被引用被引用:0
  • 點閱點閱:156
  • 評分評分:
  • 下載下載:14
  • 收藏至我的研究室書目清單書目收藏:2
在最近十年期間,分散式計算架構已經逐漸發展成大規模且行動式計算的形式。傳統的主從式計算系統漸漸地被一種新世代的技術 - 行動代理人所取代。幾種特色例如可以減少網路負載或自主性(Autonomy)使得這項技術很快地受到歡迎也廣泛地被應用在不同環境。
首先將介紹行動代理人及兩種行動代理人安全的分類,接著回顧一些已知的安全威脅及現今已提出的技術。此外,由於網路和通訊技術的蓬勃發展,電子商務帶來了廣大的商機和便利性,也因此變得更受歡迎且熱門。自然地,行動代理人這項技術也被應用在不同的電子商務場合。最常見的例子是行動代理人代表其擁有人去找尋並收集某樣商品的報價。如何保護這些報價的完整性是一個重要的主題。因此,一些現今已提出的技術將會被回顧。
由於現今大部份已提出的方法均使用傳統的數位簽章,因此造成隱私性(Forward Privacy)和可公開驗證的完整性(Publicly Verifiable Forward Integrity)無法同時存在單一的協定中。因此,一個改良過的協定被提出。藉由一種新的簽章技術 - 環簽章(Ring Signature),所提出的此協定可同時達到上述兩種安全特性。相關的安全性分析以及和現今技術的一些比較也會被討論。此外,當每個店家在簽章時適當地選擇其環成員(Ring members),可達成報價不能轉移的特性。
接著,由上述所提的協定提出另一個延伸。將另一種新的簽章技術 - 身份基礎式的變色龍簽章(ID-based Chameleon Signature)應用在某些電子交易場合中,同時能達成報價不能轉移的特性。如此一來將不會破壞市場行情也能避免惡性的競爭。此外,所提的此應用是相當具有實用價值的。最後將介紹一些未來可能的研究方向以及應用場合。
During the period of recent ten years, distributed computing architecture has evolved into the form of large scale and mobile computing. Traditional client/server computing systems were gradually replaced by a new generation of technique - Mobile Agent. Several features such as network load reduction or autonomy made this technique get popular rapidly and be applied widely in various environments.
Mobile agent and two types of mobile agent security will be first introduced, and then some known threats and some existing solutions/techniques will be reviewed. Moreover, with the rising and flourishing development of network and communication technology, electronic commerce becomes the most popular and hottest due to the vast business opportunities and convenience it brings. Naturally, mobile agent techniques were also be applied in different electronic commerce environments. The most common example is that a mobile agent is used to find and collect various offers for a certain good on behalf of its owner. How to protect the integrity of these offers is an important topic. Hence, some proposed and well-known methods for mobile agent collected data protection will be discussed.
Among most proposed methods, no single protocol can achieve forward privacy and publicly verifiable forward integrity simultaneously due to the use of traditional digital signature. And therefore, an improved collected data protection protocol will be proposed. With the ring signatures technique, the proposed protocol can achieve forward privacy and publicly verifiable forward integrity simultaneously. Related security analyses and comparisons with previous works will be discussed. Besides, the offer will not be transferable when each host selects its ring members appropriately.
Moreover, an extension of the proposed protocol will be proposed. By applying the ID-based chameleon signature to some electronic transactions, the offer is not transferable as well. Besides, the proposed application neither disarranges the quotations on the market nor leads to vicious competitions. Furthermore, it is also practical for further implementations. Finally, we conclude this thesis and introduce some future research directions and possible applications.
1 Introduction 1
1.1 Motivation...................... 1
1.2 Categories of Mobile Agent Security ............ 3
1.2.1 Protecting The Hosts ................ 3
1.2.2 Protecting The Mobile Agents ............ 4
1.3 Overview of the Thesis ................. 6
2 Review of Previous Works ................. 9
2.1 Digital Signatures and Partial Result Authentication Codes .... 9
2.1.1 Per-server Digital Signatures............. 9
2.1.2 Simple MAC-based PRACs ............. 9
2.2 Two Chained Digital Signature Protocols within The PKI Environment 10
2.2.1 Publicly Verifiable Chained Digital Signature Protocol ... 10
2.2.2 Chained Digital Signature Protocol with Forward Privacy... 11
2.3 An Agent-Based Price Collection Protocol in Distributed Marketplaces 12
2.3.1 Distributed Marketplace ............... 12
2.3.2 A Price Collection Protocol with Trusted Devices...... 12
2.4 A Truncation Defense Based on A Co-Signing Mechanism.... 12
2.4.1 Two-Colluder Truncation Attack............ 12
2.4.2 A Truncation Defense Based on A Co-Signing Mechanism.. 13
2.5 A Configurable Data Protection Protocol........... 13
2.5.1 An Abstract Protocol Binding The Static Data of The Mobile Agent 13
2.6 Discussions...................... 13
3 A Collected Data Protection Protocol by Using Ring Signature 16
3.1 Motivation...................... 16
3.2 Review of Ring Signature Scheme............. 17
3.2.1 Brief Review of Group Signature Scheme........ 17
3.2.2 Review of Ring Signature Scheme........... 17
3.2.3 Comparisons.................. . 19
3.3 Prelimiinaries..................... 20
3.3.1 A Standard Airfare Querying Scenario.......... 20
3.3.2 Trust Model.................... 21
3.3.3 Notations..................... 21
3.4 The Proposed Protocol................. 22
3.4.1 A Modified Ring Signature Scheme........... 22
3.4.2 The Proposed Protocol................ 23
3.5 Security Analyses................... 24
3.6 Comparisons and Further Explanation........... 25
4 A Practical Application by Using ID-based Chameleon Signature 28
4.1 Motivation...................... 28
4.2 Review of ID-based Chameleon Signature Scheme........ 29
4.2.1 Review of ID-based Cryptosystems........... 29
4.2.2 Brief Review of Chameleon Signature Scheme....... 31
4.2.3 Review of ID-based Chameleon Signature Scheme...... 32
4.3 Preliminaries...................... 32
4.4 The Proposed Application................. 34
4.4.1 The Proposed Application............... 34
4.4.2 Forgery and Dispute................. 35
4.5 Security Analyses.................... 37
5 Conclusions 39
5.1 Brief Review of Main Contributions............. 39
5.2 Further Research Topics and Directions............ 40
5.2.1 Some Future Considerable Directions........... 40
5.2.2 Several Application Occasions............. 41
[1] P.A. Bonatti, S. Kraus, and V.S. Subrahmanian, ``Secure Agents,' Tech. Report CS-TR-4068, Dept. of Computer Science, University of Maryland, October 1999.
[2] S. Loureiro, ``Mobile Code Protection,' Ph.D. thesis, Institut Eurecom, Sophia Antipolis & ENST Paris, France, January 2001.
[3] R. Guttman, A. Moukas, and P. Maes, ``Agent-mediated electronic commerce:A survey,' Knowledge Engineering Review, June 1998.
[4] Bruce Krulwich, ``Automating the internet: Agents as user surrogates,' IEEE Internet Computing, 1(4): 34-38, July-August 1997.
[5] W. Farmer, J. Guttman, and V. Swarup, ``Security for Mobile Agents: Authentication and State Appraisal,' In Proceedings of the Fourth European Symposium on Research in Computer Security (ESORICS '96), pp. 118-130, September 1996.
[6] B.S. Yee, ``A Sanctuary for Mobile Agents,' In Proceedings of DARPA Workshop on Foundations for Secure Mobile Code, Monterey, CA, USA, 1997.
[7] B.S. Yee, ``A Sanctuary for mobile Agents,' In Proceedings of Fourth International Workshop (MOS '98), Lecture Notes in Computer Science, vol. 1603, pp. 261-273, 1999.
[8] G. Karjoth, N. Asokan, and C. Gulcu, ``Protecting the Computation Results of Free-Roaming Agents,' In Proceedings of Second International Workshop on Mobile Agents (MA '98), Lecture Notes in Computer Science, vol. 1477, pp. 195-207, 1998.
[9] V. Roth, ``On the Rrobustness of some Cryptographic Protocols for Mobile Agent Protection,' In Proceedings of Fifth International Conference on Mobile Agents (MA 2001), Lecture Notes in Computer Science, vol. 2240, pp. 1-14, 2001.
[10] G. Karjoth, ``Secure Mobile Agent-Based Merchant Brokering in Distributed Marketplaces,' In Proceedings of Second International Symposium on Agent Systems and Applications and Fourth International Symposium on Mobile Agents (ASA/MA2000), Lecture Notes in Computer Science, vol. 1882, pp. 44-56, 2000.
[11] Jeff S.L. Cheng and V.K. Wei, ``Defenses against the Truncation of Computation Results of Free-Roaming Agents,' In Proceedings of Fourth International Conference on Information and Communication Security (ICICS 2002), Lecture Notes in Computer Science, vol. 2513, pp. 1-12, 2002.
[12] P. Maggi and R. Sisto, ``A Configurable Mobile Agent Data Protection Protocol,' In Proceedings of the Second International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS '03), ACM, pp. 851-858, 2003.
[13] V. Roth, ``Programming Satan's Agent,' Electronic Notes in Theoretical Computer Science, vol. 63, Elsevier, 2001.
[14] D. Chaum and Eugene Van Heyst, ``Group Signature,' In Advances in Cryptology - EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, pp. 257-265, 1991.
[15] R.L. Rivest, A. Shamir, and Y. Tauman ``How to Leak a Secret,' In Advances in Cryptology - ASIACRYPT 2001, Lecture Notes in Computer Science, vol. 2248, pp. 552-565, 2001.
[16] A. Shamir, ``Identity-Bbased Cryptosystems and Signature Schemes ,' In Advances in Cryptology - CRYPTO '84, Lecture Notes in Computer Science, vol. 196, pp. 47-53, 1985.
[17] H. Krawczy and T. Rabin, ``Chameleon Signatures,' In Proceedings of the Network and Distributed System Security Symposium (NDSS 2000), 2000.
[18] G. Ateniese and B. de Medeiros, ``Identity-Based Chameleon Hash and Applications,' In Proceedings of Financial Cryptography 2004, Key West, Florida, USA, 2004.
[19] B. Lee, H. Kim, and K. Kim, ``Secure Mobile Agent Using Strong Non-designated Proxy Signature,' In Proceedings of the Sixth Australasian Conference on Information Security and Privacy (ACISP 2001), Lecture Notes in Computer Science, vol. 2119, pp. 474-486, 2001.
[20] P. Kotzanikolaou, M. Burmester, and V. Chrissikopoulos, ``Secure Transactions with Mobile Agents in Hostile Environments,' In Proceedings of the Fifth Australian Conference (ACISP 2000), Lecture Notes in Computer Science, vol. 1841, pp. 289-297, 2000.
[21] N. Mitrovic and U.A. Arribalzaga, ``Mobile Agent Security Using Proxy-Agents and Trusted Domains,' In Proceedings of the Second International Workshop on Security of Mobile Multiagent Systems (SEMAS 2002), pp. 81-83, 2002.
[22] D.-G. Lee, I.-Y. Lee, J.-K. Ahn, and Y.-H. Kong, ``The Illegal Copy Protection Using Hidden Agent,' In Proceedings of the First Eurasian Conference on Information and Communication Technology (EurAsia-ICT 2002), Lecture Notes in Computer Science, vol. 2510, pp. 832-841, 2002.
[23] G. Brassard, D. Chaum, and C. Crepeau, ``Minimum Disclosure Proofs of Knowledge,' Journal of Computer and System Sciences, vol. 37, pp. 156-189, 1988.
[24] D. Boneh and M. Franklin, ``Identity-Based Encryption from the Weil Pairing,' In Advances in Cryptology - CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, pp. 213-229, 2001.
[25] N. Borselius, ``Mobile Agent Security,' Journal of Electronics $&$ Communication Engineering, vol. 14, no. 5, IEE, London, UK, pp. 211-218, October 2002.
[26] E. Bresson, J. Stern, and M. Szydlo, ``Threshold Ring Signatures and Applications to Ad-hoc Groups,' In Advances in Cryptology - CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, pp. 465-480, 2002.
[27] D. Chaum and H.V. Antwerpen, ``Undeniable Signatures,' In Advances in Cryptology - CRYPTO '89, Lecture Notes in Computer Science, vol. 435, pp. 212-217, 1989.
[28] J. Camenisch, ``Efficient and generalized group signatures,' In Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, vol. 1233, pp. 465-479, 1997.
[29] Anthony H.W. Chan and M.R. Lyu, ``Security Modeling and Evaluation for the Mobile Code Paradigm,' In Proceedings of 1999 Asian Computing Science Conference (ASIAN '99), pp. 371-372, Phuket, Thailand, December 1999.
[30] Y. Desmedt and M. Yung, ``Weaknesses of Undeniable Signature Schemes,' In Advances in Cryptology - CRYPTO '91, Lecture Notes in Computer Science, vol. 576, pp. 205-220, 1991.
[31] S. Fischmeister, ``Building Secure Mobile Agents: The Supervisor-Worker Framework,' Master thesis, Distributed Systems Group, Technical University of Vienna}, February 2000.
[32] A. Fujioka, T. Okamoto, and K. Ohta, ``Interactive bi-proof Systems and Undeniable Signature Schemes,' In Advances in Cryptology - EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, pp. 243-256, 1991.
[33] F. Hohl, ``A Model of Attacks of Malicious Hosts Against Mobile Agents,' In Proceedings of the ECOOP Workshop on Distributed Object Security and Fourth Workshop on Mobile Object Systems: Secure Internet Mobile Computations, pp. 105-120, INRIA, France, 1998.
[34] W. Jansen and T. Karygiannis, ``NIST Special Publication 800-19 - Mobile Agent Security,' National Institute of Standards and Technology, 2000.
[35] D. Kotz, R. Gray, and D. Rus, ``Future Directions for Mobile-Agent Research,' Tech. Report TR2002-415, Dept. of Computer Science, Dartmouth College, Jan. 2002.
[36] H. Krawczy and T. Rabin, ``Chameleon Hashing and Signatures,' 1997, available at http://eprint.iacr.org/1998/010.ps
[37] N. Karnik and A. Tripathi, ``Security in the Ajanta Mobile Agent SYstem,' Software - Practice and Experience, vol. 31, no. 4, pp 301-329, 2001.
[38] S. Loureiro, R. Molva, and A. Pannetrat, ``Secure Data Collection with Updates,' Journal of Electronic Commerence Research, vol. 1, no. 1/2, pp. 119-130, 2001.
[39] J. Mir and J. Borrell, ``Protecting General Flexible Itineraries of Mobile Agents,' In Proceedings of the Fourth International Conference Seoul on Information Security and Cryptology (ICISC 2001), Lecture Notes in Computer Science, vol. 2288, pp. 382-396, 2002.
[40] K.G. Paterson, ``ID-Based Signatures from Pairings on Elliptic Curves,' available at http://eprint.iacr.org/2002/004/
[41] T. Pedersen, ``Distributed Provers with Applications to Undeniable Signatures,' In Advances in Cryptology - EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, pp. 221-242, 1991.
[42] J.-Y. Park, D.-I. Lee, and H.-H. Lee, ``Data Protection in Mobile Agents: One-Time Key Based Approach,' In Proceedings of the Fifth International Symposium on Autonomous Decentralized Systems, IEEE, pp. 411-418, 2001.
[43] V. Roth, ``Mutual Protection of Co-operating Agents,' In Proceedings of Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Lecture Notes in Computer Science, vol. 1603, pp. 275-285, 1999.
[44] N.P. Smart, ``An Identity-Based Authenticated Key Agreement Protocol Based on The Weil Pairing,' Electronics Letters, 38(13): 630-632, 2002.
[45] T. Sander and C.F. Tschudin ``Protecting Mobile Agents Against Malicious Hosts,' In Proceedings of the 1998 IEEE Symposium of Research in Security and Privacy, Lecture Notes in Computer Science, vol. 1419, pp. 44-60, 1998.
[46] H.K. Tan and L. Moreau, ``Certificates for Mobile Code Security,' In Proceedings of the 17th ACM Symposium on Applied computing (SAC 2002), pp. 76-81, Madrid, Spain, 2002.
[47] G. Vigna ``Protecting Mobile Agents through Tracing,' In Proceedings of the Third ECOOP Workshop on Operating System support for Mobile Object Systems, pp. 137-153, 1997.
[48] G. Vigna ``Cryptographic Traces for Mobile Agents,' In Mobile Agents and Security, Lecture Notes in Computer Science, vol. 1419, pp. 137-153, 1998.
[49] C.-K. Wu, ``Electronic Supermarket for Mobile Agents,' In Proceedings of the Fourth World Multi-Conference on Systemics, Cybernetics and Informatics (SCI2000), vol. 3, pp. 371-379, Orlando, Florida, USA, 2000.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 王朝茂(1992)。學校衝突問題之探討。教育文粹, 2, 101-126。
2. 吳宗立(1996)。國中學校行政人員工作壓力與困應策略之研究。國教學報 ,8 ,99-131。
3. 林振春(1993)。衝突管理理論及其在團體中的應用。社會教育學刊, 22, 73-106。
4. 邱珍琬(2001)。線上諮商新趨勢。輔導季刊,36,60-62。
5. 柯永河(1997)。教師的情緒管理。學生輔導, 51, 40-51。
6. 范珍輝(1980)。社會衝突與民主自由政治。憲政思潮季刊, 49, 69-72 。
7. 高大威 (1984)。社會變遷與現代親子關係的建立。人與社會, 2, 20-27。
8. 張德銳(1994)。淺談學校衝突管理。教師天地, 64,49-53。
9. 曹中瑋(1997)。情緒的認識與掌控。學生輔導通訊, 51, 26-39。
10. 曹常仁(1993)。親子溝通的藝術。國教之聲, 26, 37-40。
11. 郭有遹(1997)。情緒教育的目標與教略:情緒的了解、表達、管理與利用。臺灣教育, 559, 2-8。
12. 陳建光(2000)。淺談組織內的衝突管理。技術及職業教育雙月刊, 58, 57-60。
13. 曾燦金(1994)。衝突係助力乎?抑阻力乎?-論組織衝突之正反功能及其在學校行政管理之啟示。教育資料文摘, 200, 150-158。
14. 葉光輝(1999)。家庭中的循環性衝突。應用心理研究, 2, 41-82。
15. 蔡明昌(1997)。情緒管理-淺談情緒教育。教師之友, 38, 33-35。