臺灣博碩士論文加值系統

近來，行動程式碼的運用範疇，已經越來越廣泛。隨著網路的普及化，行動代理人的存在，已經成為不可或缺的一環。透過行動代理人的行動性，使得網路上過去不可能達成的交易行為，變得容易。而經由行動代理人的運用，使得無論是主機或使用者可以有更佳的溝通管道。然而，在廣泛運用的情況下，相對的也產生了安全性上的疑慮。若當行動代理人無法完善的保護自己，其所完成的交易行為相對的也會讓使用者產生懷疑，因而降低使用行動代理人的便利性。因此，如何在行動代理人身上，運行適宜的安全保護機制。藉以提高行動代理人的自我保護能力，一直是許多學者所追求的目標。
Sander提出一種函式加密的機制，希望透過函式加密的概念，對行動程式碼內容產生混亂使其難以辨識，保護行動程式碼內的機密內容。Chen以這個概念開發了一套具有函式加解密能力的函式加密系統，稱之為JOBS系統。JOBS系統可以在當行動代理人派遣出去之前，對於內部的機密函式進行加密處理。因而保護機密函式內容不被竊取。而Tu又依據錯誤更正碼的方式，對JOBS系統作進一步的加強。希望透過更完善的函式保護方式，來對行動程式碼作保護。
本研究主要的目標在希望將函式加密計算的概念，靈活運用在網路行的行動代理人行為。因此，希望將函式加密計算的方法，用在認證機制的設計方面。本研究並透過模擬的方式，來計算當改用函式加密計算後的認證機制效率，透過分析來了解函式加密計算在認證機制上的可行性。

Recently, the use of mobile code has been widely. And with the popular of the internet, the existence of the mobile agent cannot be ignored. By the mobility of the mobile agent, the trade behavior, which could not be done in the past, has become easily now. Through the use of mobile agent, no matter what the client or server have a better communication channel. However, the widely use also leads some security problem. If the mobile agent cannot protect himself safely, the transaction will seem to be suspicious. Finally, the convenience of the mobile agent will be lower down. How to enhance the security of the mobile agent will be a serious problem.
Sander proposed a function hiding method, which could obfuscate the content of the mobile code and protect the confidential information. Chen developed a function hiding system based on Sander, and called JOBS (Java OBfuscation System). JOBS would encrypt the confidential function before dispatching the mobile agent. So the secret content would not be stolen. Tu used the method of the error correcting code to enhance the JOBS system. In order to use a more secure way protects the mobile code security.
The target of our research is to use the concept of function hiding in the application of internet. So we find the authentication protocols by using the evaluation of encryption function to be our research target. This research uses the simulation to calculate the performance of the authentication using evaluation of encrypted function, and discuss the feasibility of the evaluation of encrypted function in authentication protocol.

目錄
第一章 簡介 1
1.1. 行動程式碼的使用環境 1
1.2. 動機及目的 2
1.3. 研究目標 4
1.4. 研究限制 4
第二章 文獻探討 5
2.1. 行動代理人安全保護 5
2.2. 混亂程式碼 7
2.3. 加密函式計算 8
2.4. MCELIECE公開金鑰加密系統 10
2.5. 認證機制分類 13
2.6. 認證系統的攻擊 15
2.7. 利用雜湊函數的認證機制 20
第三章 利用函式加密計算的認證機制 22
3.1. ISO認證機制 22
3.2. 函式加密計算的認證機制 24
3.3. 以函式加密計算為基礎的認證機制 33
3.3.1. 系統註冊流程 33
3.3.2. 系統認證流程 34
3.3.3. 驗證碼變更流程 35
3.3.4. 認證架構分析 36
第四章 系統設計及架構 38
4.1. 開發工具 38
4.2. 系統設計 39
4.3. 系統評估 40
第五章 結論與未來研究方向 45
5.1. 結論 45
5.2. 未來研究方向 45
參考資料 47

參考資料
中文參考文獻
1.賴溪松、韓亮、張真誠，近代密碼學及其應用，松崗電腦圖書，1998。
英文參考文獻
2.Bellovin, Steven M., and Michael Merritt (1992) “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” Proc. of the IEEE Symposium on Research in Security and Privacy. pp. 72-84.
3.Berson, Thomas A. (1997) “Failure of the Public-Key Cryptosystem Under Message-Resend and Related Message Attack,” Proc. Of the 17th Annual International Cryptology Conference on Advances in Cryptology. pp. 213-220.
4.Bierman, Elmarie, Technikon Pretoria, and Elsabe Cloete (2002) “Classification of Malicious Host Threats in Mobile Agent Computing,” Proceeding of SAICSIT 2002, pp. 141-148.
5.Chen, Zhi Wei(2002): A Study of Protecting Mobile Code. Master Thesis, Department of Information Management of National Central University.
6.Clark, John and Jeremy Jacob (1997) “A survey of authentication protocol literature: Version 1.0,” available at http://dcpul.cs.york.ac.uk/~jeremy.
7.Hohl, Fritz (1998) “Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Host,” Mobile Agents and Security, LNCS, Vol. 1419, pp. 92-113.
8.McEliece, R.J. (1978) “A Public-Key Cryptosystem Based on Algebraic Coding Theory,” Deep Space Network Progress Report, Jet Propulsion Laboratory, California Institute of Technology, pp.42-44.
9.ISO/IEC 9798. (1993) “Entity authentication - Parts 1 to 5”. International Organization for Standardization.
10.Jansen, Wayne A., (2000) “Countermeasure for Mobile Agent Security,” Computer Communication Vol. 23, pp.1667-1676.
11.Lange, Danny, and Oshima Mitsuru (1998): Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley.
12.Lee, Cheng-Chi, Li Hua-Li, and Min Shiang-Hwang, (2002) “A remote user authentication scheme using hash functions,” ACM SIGOPS Operating Systems Review, pp. 23-29.
13.Lee, Sung-Woon, Hyun-Sung Kim, and Kee-Young Yoo, (2004) “Cryptanalysis of A User Authentication Scheme Using Hash Functions,” ACM SIGOPS Operating Systems Review, Vol. 38. pp. 24-28.
14.Loidreau, Pierre (2000) “Strengthening McEliece Cryptosystem,” LNCS Vol 1976. Pro. Of the 6th International Conference on the Theory and Application of Cryptology and Information Security. pp 585-598.
15.Loureiro, Sergio, and Refik Molva, (1999) “Function Hiding based on Error Correcting Codes,” Proceedings of Cryptec'99 - International Workshop on Cryptographic Techniques and Electronic Commerce.
16.Loureiro, Sergio, Molva, Refik, and Roudier, Yves, (2000) “Mobile Code Security,” In proceedings of ISYPAR 2000, Code Mobile, France.
17.Patterson, N. J., (1975) “The Algebraic Decoding of Goppa Codes” IEEE Transaction on Information Theory, Vol. IT-21, No. 2. pp. 203-207.
18.Riordan, James, and Bruce Schneier (1998) “Environment Key Generation towards Clueless Agents,” Mobile Agents and Security, Springer-Verlag, Lecture Notes in Computer Science No. 1419.
19.Rivest, R. L., A. Shamir, and L. Adleman (1978) “A method for obtaining digital signatures and public-key cryptosystems.” Communications of the ACM 21(2),
pp. 120-126.
20.Roger Needham and Michael Schroeder (1978) “Using Encryption for Authentication in Large Networks of Computers.” Communications of the ACM, 21(12):993-999.
21.Roth, Volker (2001) “Mutual Protection of Co-operating Agents,” Lecture Notes in Computer Science. pp. 275-285.
22.Sander, Tomas, and Christian F. Tschudin (1998) “Protecting Mobile Agents Against Malicious Hosts,” Mobile Agent Security, LNCS Vol.1419, Springer-Verlag, pp. 44-60.
23.Sander, Tomas, and Christian F. Tschudin (1998) “On Software Protection Via Function Hiding,” In Proc. Of Information Hiding 98 Springer-Verlag. LNCS Vol.1525.
pp. 111-123.
24.Sander, Tomas, and Christian F. Tschudin (1998) “Towards Mobile Cryptography,” Proc. Of the IEEE Symposium on Security and Privacy, pp. 215-224.
25.Satyanarayanan, M., (1989) “Integrating Security in a Large Distributed System” ACM Transactions on Computer Systems (TOCS). Vol. 7, No. 3. pp. 247-280.
26.Schneider, Fred B. (1997) “Towards Fault-Tolerant and Secure Agentry,” Proc. 11th International Workshop on Distributed Algorithms. pp. 1-14.
27.Seo, Dae-Hee, Im-Yeong Lee, Soo-Young Chae, and Choon-Soo Kim (2003) “Single Sign-On Authentication Model using MAS(Mulit-Agent System),” Communications, Computers and signal Processing, 2003.
28.Sosokin, Mikhail, Gleb Naumovich, and Nasir Memon (2003) “Obfuscation of Design Intent in Object-Oriented Applications” Proceedings of the 2003 ACM workshop on Digital rights management. pp. 142-153.
29.Sun, Hung-Min (2000) “Enhancing the Security of the McEliece Public-Key Cryptosystem,” Journal of Information Science and Engineering. Vol. 16, no 6,
pp. 799-812.
30.Tu, Tun-Hung (2004): A Function Hiding Scheme based on Error Correcting Codes.Master Thesis, Department of Information Management of National Central University.
31.Ulf Carlsen (1994) “Optimal Privacy and Authentication on a Portable Communications System.” Operating Systems Review, 28(3):16-23.
32.Vigna Giovanni (1997) “Protecting Mobile Agents Through Tracing,” Prco. of the 3rd ECOOP Workshop on Mobile Object System. pp. 137-153.
33.Yee, Bennet S. (1997) “A Sanctuary for Mobile Agents,” Technical Report CS97-537, University of California in San Diego.
34.Aglets Official Site. IBM Research Lab. in Tokyo.
<http://www.trl.ibm.com/aglets/index_e.htm>.