跳到主要內容

臺灣博碩士論文加值系統

(44.192.20.240) 您好!臺灣時間:2024/02/24 00:13
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:蘇有為
研究生(外文):Yu-wei Su
論文名稱:不安全網路環境中的金鑰管理協定之設計
論文名稱(外文):Some Key Management Protocols for Insecure Networks
指導教授:張真誠張真誠引用關係
指導教授(外文):Chin-chen Chang
學位類別:碩士
校院名稱:國立中正大學
系所名稱:資訊工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:英文
論文頁數:50
中文關鍵詞:加密金鑰管理對稱式加密演算法
外文關鍵詞:symmetric enctyption algorithmkey managementencryption
相關次數:
  • 被引用被引用:0
  • 點閱點閱:265
  • 評分評分:
  • 下載下載:35
  • 收藏至我的研究室書目清單書目收藏:2
金鑰管理技術是於資訊安全研究中的一重要議題。其主要討論包括有一中央管理單位如何發佈,或多使用者共同協議出用於對稱式加密演算法的加密金鑰。本論文針對三種不同的不安全網路環境,分別提出所適合的金鑰管理技術。第一個金鑰管理技術,目的為於使用者伺服器(Client-Server)環境中,利用智慧卡達到雙方金鑰協議。與先前相關技術相比,此方法主要提供了兩個重要的特性:(1) 雙向認證;(2) 避免使用時戳同步機制。第二個金鑰管理技術為一種三方金鑰交換技術。其適用於於使用者伺服器環境中,兩兩使用者可透過伺服器的協助,交換出一把加密金鑰。此方法提供了四個重要的特點:(1) 使用對稱式加密法來進行訊息的加密傳遞;(2) 使用者與伺服器利用共享的對稱式金鑰來避免密碼猜測攻擊(Password Guessing Attack);(3) 避免類似中間人攻擊(Man-in-the-middle);(4) 雙向認證。最後一個金鑰管理技術,主要用來解決群播秘密訊息問題(Multicast-in-secure Problem)。在此問題中,環境為廣播環境之下(亦即所有人皆可接收到環境中的所有訊息),一個中央管理單位試圖群播秘密訊息給特定的群組。此方法最大的優點在於可以消除於過去相關研究中,金鑰重新分配的問題;與降低每個使用者的金鑰儲存負擔。
The key management is a major issue in security researches. That
is a discussion about how a center distributes, or multi-users
commonly agree session keys, which are utilized with symmetric
encryption algorithms to encrypt secret data. In this thesis, we
propose three key management protocols with better security
strength, that are suitable to different network environments. The
first key management protocol in thesis is proposed to achieve the
two-party key agreement by using the smart card. Compared with
previous relative solutions, this approach is further provided
with two major characteristics: (1) mutual authentication; (2) no
timestamp usage in time synchronization. The second key management
approach is a kind of three-party key exchange protocols, with
four essentials: (1) no asymmetric encryption algorithm which is
adopted to reduce the costs (such as any public-key
infrastructure); (2) using pre-shared key to prevent adversaries
that masquerade as legal users after guessing attacks; (3)
avoiding the variant man-in-the-middle attacks on Diffie-Hellman
based protocols; (4) achieving mutual authentication. The final
key management protocol objectively solves the multicast-in-secure
problem in which a sender can centrally multicast secure messages
to specific group in insecure networks. The benefit of the key
multicast management protocol includes eliminating the rekeying
process and reducing the required key storage for each member.
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 A Mutual Authenticated Key Agreement Scheme over Insecure Networks . . . 4
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Review of Lee et al.'s Scheme . . . . . . . . . . . . . . . . . . . . . 6
2.2.1 Weakness of Lee-Kim-Yoo's Scheme . . . . . . . . . . . . . . . . . . 7
2.3 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.4 Security Analysis of the Proposed Scheme . . . . . . . . . . . . . . . 10
2.5 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.6 Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 A Round-E±cient Three-Party Encrypted Key Exchange Protocol Using Self-Encryption Mechanism . . . . . . . . . . . . . . . . . . . . . . . . .14
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2 The Review of Sun et al.'s Password Based Protocol . . . . . . . . . . 16
3.2.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.2 The Steps of Sun et al.'s Protocol . . . . . . . . . . . . . . . . . 17
3.2.3 The Variant Man-in-the-middle Attack . . . . . . . . . . . . . . . . 18
3.3 Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.3.2 The Steps of Proposed Protocol . . . . . . . . . . . . . . . . . . . 20
3.4 Analyses and Comparison . . . . . . . . . . . . . . . . . . . . . . . 21
3.5 Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4 A Broadcast-Encryption-Based Key Management Scheme for Dynamic Multicast Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.1 Broadcast Encryption . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.2 Tree-Structure-Based Key Management Using Broadcast Encryption . . . 26
4.1.3 Goals and Organization . . . . . . . . . . . . . . . . . . . . . . . 27
4.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.2.1 Fundamental Idea . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.2.2 Greatest Common Divisor Attacks . . . . . . . . . . . . . . . . . . 29
4.2.3 Resisting Greatest Common Divisor Attacks . . . . . . . . . . . . . 29
4.2.4 Choosing the Session Key . . . . . . . . . . . . . . . . . . . . . . 31
4.3 A Broadcast-Encryption-Based Key Management Scheme . . . . . . . . . . 32
4.3.1 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3.2 An Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4 Costs Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5 Security Analyses . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.6 Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
[1] "Gnu multiple precision arithmetic library," http://www.swox.com/gmp/.
[2] "Secure hash standard," U.S. Federal Information Processing Standard (FIPS) 180-1, NIST, 1995.
[3] S. Berkovits, "How to broadcast a secret," in Proceedings of Advances in Cryptology-EUROCRYPT 1991, pp. 535-541, 1991.
[4] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, "Multicast security: A taxonomy and some efficient constructions," in Proceedings of IEEE Infocom 1999, pp. 708-716, 1999.
[5] R. Canetti, T. Malkin, and K. Nissim, "Efficient communication-storage tradeoffs for multicast encryption," in Proceedings of Advances in Cryptology-EUROCRTPT 1999, pp. 459-474, 1999.
[6] C. C. Chang and T. C. Wu, "Remote password authentication with smart card," IEE proceedings - Computers and Digital Techniques, vol. 138, no. 3, pp. 165-168, 1991.
[7] H. Y. Chien, J. K. Jan, and Y. M. Tseng, "An e±cient and practical solution to remote authentication: Smart card," Computers & Security, vol. 21, no. 4, pp. 372-375, 2002.
[8] W. Diffee and M. E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, 1976.
[9] A. Fiat and M. Naor, "Boradcast encryption," in Proceedings of Advances in Cryptology-CRYPTO 1992, pp. 480-491, 1992.
[10] C. L. Hsu, "Security of chien et al.'s remote user authentication scheme using smart cards," Computer Standards and Interfaces, vol. 26, no. 3, pp. 167-169, 2004.
[11] K. F. Hwang and C. C. Chang, "A self-encryption mechanism for authentication of roaming and teleconference services," IEEE Transactions on Wireless Communications, vol. 2, no. 2, pp. 400-407, 2003.
[12] M. S. Hwang and L. H. Li, "A new remote user authentication scheme using smart cards," IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28-30, 2000.
[13] L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol. 24, pp. 770{772, 1981.
[14] S. W. Lee, H. S. Kim, and K. Y. Yoo, "Improvement of chien et al.'s remote user authentication scheme using smart cards," Computer Standards and Interfaces, vol. 27, no. 2, pp. 181-183, 2005.
[15] T. F. Lee, T. Hwang, and C. L. Lin, "Enhanced three-party encrypted key exchange without server public keys," Computers & Security, vol. 23, no. 7, pp. 571-577, 2004.
[16] C. L. Lin, H. M. Sun, and T. Hwang, "Three-party encrypted key exchange: Attacks and a solution," ACM Operating Systems Review, vol. 34, no. 4, pp. 12-20, 2000.
[17] C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang, "Three-party encrypted key exchange without server public-keys," IEEE Communications Letters, vol. 5, no. 12, pp. 497-499, 2001.
[18] H. Lu, "A novel high-order tree for secure multicast key management," IEEE Transactions on Computers, vol. 54, no. 2, pp. 214-224, 2005.
[19] S. Mittra, "Iolus: A framework for scalable secure multicasting," in Proceedings of ACM SIGCOMM 1997, pp. 277-288, 1997.
[20] M. J. Moyer, J. R. Rao, and P. Rohatgi, "A surevey of security issues in multicast communications," pp. 12-23, Nov/Dec 1999.
[21] J. Nam, S. Kim, and D. Won, "Attack on the sun-chen-hwang's three-party key agreement protocols using passwords," IEICE Transactions on Fundamentals, vol. E89-A, no. 1, pp. 209-212, 2006.
[22] D. Naor, M. Naor, and J. B. Lotspiech, "Revocation and tracing schemes for stateless receivers," in Proceedings of Advances in Cryptology-CRYPTO 2001, pp. 41-62, 2001.
[23] R. Nojima and Y. Kaji, "Using trapdoor permutations in a complete subtree method for broadcast encryption," IEICE Transactions on Fundamentals, vol. E88-A, no. 2, pp. 568-574, 2005.
[24] R. Rivest. "The md5 message-digest algorithm,". RFC 1321, IETF, 1992.
[25] B. Schneier, Applied Cryptography, Jon Wiley & Sons, Inc., New York, USA, 2nd edition.
[26] M. Steiner, G. Tsudik, and M. Waidner, "Re¯nement and extension of encrypted key exchange," ACM Operating Systems Review, vol. 29, no. 3, pp. 22-30, 1995.
[27] D. R. Stinson, Cryptography: Theory and Practice, CRC Press, Boca Ration, Florida, USA, 2nd edition.
[28] H. M. Sun, "An efficient remote user authentication scheme using smartcards," IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp. 958-961, 2000.
[29] H. M. Sun, B. C. Chen, and T. Hwang, "Secure key agreement protocols for three-party against guessing attacks," The Journal of Systems and Software, vol. 75, pp. 63-68, 2005.
[30] P. Syverson, "A taxonomy of replay attacks," in Proceedings of IEEE Computer Security Foundations Workshop VII, Franconia, New Hampshire, USA, pp. 187-191, 1994.
[31] K. Tan and H. Zhu, "Remote password authentication scheme based on cross-product," Computer Communications, vol. 22, no. 4, pp. 390-393, 1999.
[32] D. M. Wallner, E. J. Harder, and R. C. Agee. "Key management for multicast: Issues and architectures,". RFC 2627, IETF, 1999.
[33] S. J. Wang and J. F. Chang, "Smart card based secure password authentication scheme," Computers & Security, vol. 15, no. 3, pp. 231-237, 1996.
[34] C. K. Wong, M. Gouda, and S. S. Lam, "Secure group communication using key graphs," IEEE/ACM Transactions on Networking, vol. 8, no. 1, pp. 16-30, 2000.
[35] T. C. Wu, "Remote login authentication scheme based on a geometric approach," Computer Communications, vol. 18, no. 12, pp. 959-963, 1995.
[36] W. H. Yang and S. P. Shieh, "Password authentication schemes with smart cards," Computers & Security, vol. 18, no. 8, pp. 727-733, 1999.
[37] W. T. Zhu, "Optimizing the tree structure in secure multicast key management," IEEE Communication Letters, vol. 9, no. 5, pp. 477-479, 2005.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top