(44.192.112.123) 您好!臺灣時間:2021/03/07 17:30
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:葉昌國
研究生(外文):Chang-Kuo Yeh
論文名稱:可攜式通訊系統之辨識協定
論文名稱(外文):Authentication Protocols for the Portable Communication Systems (PCS)
指導教授:李維斌李維斌引用關係
指導教授(外文):Wei-Bin Lee
學位類別:博士
校院名稱:逢甲大學
系所名稱:資訊工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:英文
論文頁數:119
中文關鍵詞:身份辨識可攜式通訊系統
外文關鍵詞:AuthenticationPortable Communication Systems
相關次數:
  • 被引用被引用:0
  • 點閱點閱:130
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:17
  • 收藏至我的研究室書目清單書目收藏:0
可攜式通訊系統(Portable Communication Systems)在系統與用戶間不需要任何線路,只有無線微波在空中傳遞資訊,使得任何人都很容易偷聽到通訊內容,所以比起有線通訊系統會有更多的安全的威脅。除此之外,由於計算能力、通訊頻寬和儲存空間等硬體的限制,可攜式通訊系統也必須仔細考慮執行效率。因此,如何設計既安全又有效率的辨識協定是一個很重要的議題。在這一本論文中,我們將提出一些安全又有效率可攜式通訊系統的辨識協定
首先,我們將引進委任授權(Delegation)的觀念。在我們所提出的論文中,由於代理簽章(Proxy signature)技術技巧性的應用,使得我們新提出的辨識協定不僅可達成安全的效益,諸如、使用者身份的隱私,不可否認性,使用者與系統間的相互驗證。而且也提供了很好的執行效率,例如、有效的金鑰管理服務,用戶端低的計算負擔和不錯的系統通訊效率。
再來,我們介紹了自我隱藏(Self-Concealing)的機制。在目前正在使用的可攜式通訊系統中,系統需要擁有一個資料庫去維護與所有使用者共享的私密金鑰,當然、要維護如此大的資料庫對系統是一個很大的負擔,而且容易引起駭客攻擊的目標。如資料庫被破解了,重要敏感的資料洩漏出去,整個系統就瓦解了。為了解決上述的問題,自我隱藏的機制提出來移除這個資料庫還能維持原有的功能。更進一步來看,基於此機制的提出,自我隱藏的概念讓簽章技術技巧性應用而保障了用戶對系統存取的權限,這是一種全新的簽章概念。
第三,雙重目的簽章(Dual-Purpose signature)技術引進來改善UMTS的辨識協定,這技術不僅可以移除位於系統端儲存與所有使用者共享私密金鑰的敏感資料庫並且可以保證使用者所擁有存取的權限。同一個簽章可同時達成雙重的目的,所以雙重目的簽章確實可改善UMTS辨識通訊協定。
第四,雙重目的簽章技術也可以應用於我們在第二章所提出委任授權的觀念上,在第二章,為了簡化分析,我們假設有一個很安全而且充分受保護的資料庫,用來保存維護所有使用者委任授權金鑰。但在這章節,我們把焦點轉移到這個敏感的資料庫,因為它會帶來安全和維護上的負擔。換句話說,在第二章所關心的是如何使用委任授權金鑰,進而合乎可攜式通訊系統某些特殊需求。但是在本章,我們將聚焦於委任授權金鑰的管理,來改善原始的設計。
第五,金鑰赫序鏈(Key hash chain)的想法將被引用在UMTS辨識協定上,我們提出金鑰赫序鏈的技術用來加強UMTS和相關的辨識協定的安全和效率。我們比較一些有關的辨識協定,證明我們的設計確實擁有較好的安全性和執行效率,例如,不會產生改變方向攻擊、低的頻寬消費、低的儲存空間負擔、低的赫序計算負擔和低的亂數產生負擔。
最後,基於大部分的通訊行為是誠實的理念下,我們將設計一個更有效率辨識協定,雖然在不誠實的行為發生時我們的設計可能比較沒有效率,但整體而言,我們的辨識協定還是比較有效率。我們將以重新設計BGSW辨識協定為例,充分表達這樣一個理念。
整體而言,本篇論文主要是發展更多既安全又有效率的辨識技術以合乎可攜式通訊系統的特殊需求。我們非常期待我們研究的結果能為可攜式通訊系統的通訊辨識協定帶來更多的應用。
Portable Communication Systems (PCS) do not require any physical circuits between subscriber and service provider. Radio waves being transmitted in space make it easy for anyone to eavesdrop on the contents of communication, so there are more security and privacy threats than with wired communication systems. Besides, due to the limitation of the computation power, communication bandwidth and storage capacity, the efficiency should also be concerned in PCS. Therefore, how to design a secure and efficient authentication protocol has become an important issue in PCS. In this thesis, some secure and efficient authentication protocols for PCS are proposed.
First, we introduce the concept of delegation into PCS. In the proposed scheme, proxy signature is skillfully applied so that the scheme can not only provide security benefits such as user identity privacy, non-repudiation, and mutual authentication between user and service provider but can also provide efficiency advantages such as efficient key management service, low computational loads for mobile stations and the good communicational efficiency.
Second, we introduce the concept of the Self-Concealing mechanism into PCS. In the currently used PCS, a database is required by the authentication server to maintain the secret shared keys of all mobile stations. Certainly, a large database causes high demand of maintenance, and also makes itself as the target of hackers. If the server is compromised, the security of the whole system will be broke down due to the leakage of sensitive information. To provide solution of the above mentioned issue, the concept of Self-Concealing mechanism can be used to eliminate the bulky database. Further, based on the idea, signature technique is skillfully applied to guarantee the rights of the mobile clients. This is a new application of signature.
Third, extended from the concept of the Self-Concealing mechanism, the dual-purpose signature technique is introduced to improve the UMTS authentication protocol, the technique can be applied not only to discard the bulky storage needed at the server but also to guarantee the access rights of the mobile clients. Two different important purposes can be simultaneously achieved from the same signature equation, so the Dual-Purpose signature provides valuable improvements to UMTS.
Fourth, the dual-purpose technique can also be applied to our scheme introduced in chapter 2. In chapter 2, to simplify the analysis, a secure and well-protected storage to directly maintain the shared delegation keys of all users was assumed. In this part, we shift the focus on such a sensitive and large database because this includes not only maintenance loading but also problems concerning malicious intruders. In other words, the major concern of the original scheme was how to use the delegation key to meet some of the specific requirements of the PCS. However, in the new scheme, we focus on the management of the delegation key to improve the original design.
Fifth, we introduce the concept of the keyed hash chain mechanism into the UMTS. The keyed hash chain authentication technique is proposed to enhance security and efficiency to UMTS and the relative improved protocols. We compare our protocol with the other protocols to show that the new technique offers real benefits with no redirection attack, low bandwidth consumption, low storage overhead of SN, low hash computation load and low random challenge generation load.
Finally, according to the fact--most communicational behavior is honest, it is reasonable to design a more efficient authentication protocol despite its loss of efficiency in dishonest communicational situations. In such a way, an overall cost-effective solution can be obtained. In this part, the BGSW protocol is redesigned under the concept and a cost-effective solution is shown.
Overall, this dissertation develops more secure and efficient authentication techniques to meet the requirements in PCS. Hopefully, the result of the proposed schemes will be benefit to the application for the PCS authentication protocol.
Abstract in Chinese……………………………………………………..…………………...Ⅰ
Abstract in English.…..………...………..…………………………...……………………….Ⅳ
Chapter 1 Introduction 1
1.1 Research Motivation 1
1.2 Related Works 2
1.3 Research Background 6
Chapter 2 Delegation Based Authentication Protocol for use in PCS 12
2. 1 Review of the proposed protocols 12
2.2 The concept of delegation mechanism 14
2.3 The delegation based authentication scheme 15
2.4 Implementation 18
2.5 Discussion and comparison 23
Chapter 3 A Self-Concealing Mechanism for Authentication of Portable Communication Systems 33
3.1 The concept of Self-Concealing mechanism 33
3.3 Generic challenge-response based protocol 37
3.4 The Self-Concealing authentication protocol 38
3.5. Discussions and comparisons 40
3.6 Summaries 47
Chapter 4 A Dual-Purpose Signature for Authentication on UMTS 48
4.1 The concept of Dual-Purpose signature 49
4.2 The UMTS authentication protocol 50
4.3 The authentication protocol based on Dual-Purpose signature 50
4.4 Security analysis 53
4.5 Discussion 55
4.6 Summaries 59
Chapter 5 A Dual-Purpose Signature Technique for Use in the Lee-Yeh’s Authentication Protocol for Portable Communication Systems (PCS) 60
5.1 Improvement of the Lee-Yeh’s protocol by employing the dual-purpose signature 61
5.2 Discussions 63
5.3 Security Analysis 68
5.4 Summaries 69
Chap 6 A Keyed Hash Chain Based Authentication Protocol on UMTS 70
6.1 The concepts of the keyed hash chain mechanism 71
6.2 The weakness of the UMTS authentication protocol 72
6.3 The improved UMTS authentication scheme based on keyed hash chain mechanism 72
6.4 Security Analysis 75
6.5 Performance evaluation 78
6.6 Summaries 81
Chapter 7 An Overall Cost-Effective Authentication Technique for the Global Mobility Network 82
7.1 The concept of the Overall Cost-Effective 82
7.2 Review of BGSW Scheme 83
7.3 The improved BGSW Scheme based on overall cost-effective concept 85
7.4 Security Analysis 87
7.5 Performance Analysis 90
7.6 Summaries 95
Chapter 8 Conclusions and Future Researches 96
Bibliography 100
[1]. M. Abadi and R. Needham, “Prudent Engineering Practice for Cryptographic Protocols,” Proceeding of the IEEE on CS Symp. Res. Security and Privacy, pp. 122-136, 1994.
[2]. K. Al-Tawill, A. Akrami and H. Youssef, "A new Authentication Protocol for GSM Networks," 23rd Annual IEEE Conference on Local Computer Networks, 1998. LCN’98, pp. 21 –30, 1998.
[3]. T. Arakawa and T. Kamada, “The Internet Home Electronics and the Information Network Revolution”, IEICE Technical Report, OFS96-1, 1996.
[4]. M. Aydos, B. Sunar and C. K. Koc, "An Elliptic Curve Cryptography Based Authentication and Key Agreement Protocol for Wireless Communication," 2nd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, Dallas, Texas, October,1998.
[5]. M. J. Beller, L. F. Chang and Y. Yacobi, "Privacy and Authentication on a Portable Communications System," IEEE Journal on Selected Area in Communications, Vol. 11, No. 6. pp. 821-829, Aug. 1993.
[6]. E. Biham and A. Shamir, “Differential Cryptanalysis of the Data Encryption Standard,” Spring Verlag, Berlin, 1993.
[7]. L. Buttyan, C. Gbaguidi, S. Staamann, and U. Wilhelm, “Extensions to an Authentication Technique Proposed for the Global Mobility Network”, IEEE Transactions on Communications, Vol. 48, No. 3, pp. 373-376, March 2000.
[8]. N. El-Fishway, M. Nofal and A. Tadros, “An Effective Approach for Authentication of Mobile Users,” Vehicular Technology Conference, 2002. IEEE 55th, Vol. 2, pp. 598-601, Spring 2002.
[9]. T. ELGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, Vol. IT-31, No. 4, pp. 469-472, 1985.
[10]. L. Harn, and H. Y. Lin, “Modification to Enhance the Security of the GSM Protocol,” Proceedings of the 5th National Conference on Information security, Taipei, Taiwan, pp. 416-420, May 1995.
[11]. L. Harn and Y. Xu, “Design of generalized ElGamal type digital signature schemes based on discrete logarithm,” Electronics Letters, Vol. 30, No. 24, pp. 2025-2026, Nov. 1994.
[12]. L. Harn and W. J. Hsin, “On the Security of Wireless Network Access with Enhancements,” Proceedings of the 2003 ACM Workshop on Wireless Security, pp. 88-95, 2003.
[13]. C. M. Huang and J. W. Li, “Authentication and Key Agreement Protocol for UMTS with Low Bandwidth Consumption,” Advanced Information Networking and Applications (AINA), 19th International Conference on Vol 1, pp. 392-397, March 2005.
[14]. S. Hwang, Y. L. Tang, and C. C. Lee, “ An Efficient Authentication Protocol for
GSM Networks”, EUROCOMM 2000. Information Systems for Enhanced Public
Safety and Security. IEEE/AFCEA, pp. 326-329, 2000
[15]. J. S. Hwu, R. J. Chen and Y. B. Lin, “An Identity-based Cryptosystem for End-to-End Mobile Security,” Accepted and to appear in IEEE Transactions on Wireless Communications.
[16]. C. Laferriere and R. Charland, “Authentication and Authorization Techniques in Distributed Systems,” International Carnahan Conference on Security Technology, pp. 164-170, 1993.
[17]. C. H. Lee, M. S. Hwang and W. P. Yang, "Enhanced privacy and authentication for
the GSM,", Wireless Networks, Vol. 5, pp. 231- 243, 1999.
[18]. W. B. Lee and C. Y. Chang, "Efficient Proxy-Protected Proxy Signature Scheme
Based on Discrete Logarithm," Proceedings of 10th Conference on Information
Security, pp. 4-7, May 2000, Hualein, Taiwan, R.O.C.
[19]. W. B. Lee and C. K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication Systems,” IEEE Transactions on Wireless Communications, Vol 4, No. 1, pp. 57-64, Jan. 2005.
[20]. Y. B. Lin and Y. K. Chen, “Reducing Authentication Signaling Traffic in Third-Generation Mobile Network,” IEEE Transactions on Wireless Communications, Vol. 2, No. 3, pp. 493-501, May 2003.
[21]. H. Y. Lin, "Security and authentication in PCS", Computers and Electrical
Engineering Vol. 25, issue 4, pp. 225-248, 1999.
[22]. L. Lamport, “Password Authentication with Insecure Communication,”
Comminications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.
[23]. C. C. Lo and Y. J. Chen, "Secure Communication Mechanisms For GSM Networks,"
IEEE Transactions on Consumer Electronics, Vol. 45, No. 4, pp. 1074-1080, Nov.
1999.
[24]. M. Mambo, K. Usuda and E. Okamoto: "Delegation of the power to sign messages,"
IEICE Trans. Fundamentals, Vol. E79-A, No. 9, pp. 1338-1353, Sep. 1996.
[25]. J. L. Massey, “An Introduction to Contemporary Cryptology,” Proceeding of the IEEE, Vol. 76, No. 5, pp. 533-549, 1988.
[26]. J. H. Park and S. B. Lim, “Key Distribution for Secure VSAT Satellite
Communications,” IEEE Transactions on Broadcasting, Vol. 44, No. 3, pp. 274-277
Sep. 1998.
[27]. M. Rahnema, “Overview of the GSM system and protocol architecture,” IEEE
Communication Magazine, pp. 92-100, Apr. 1993.
[28]. R. Rivest, A. Shamir and L. Adleman, “A Method for Obtaining Digital Signature
and Public-Key Cryptosystem,” Communications of the ACM, Vol. 21, No. 2, pp.
120-126, Feb. 1978.
[29]. C. P. Schnorr, “Efficient Identification and Signatures for Smart Cards,” Lecture Notes in Computer Science 435, Advances in Cryptology: Crypto’89, Berlin: Springer Verlag, pp.729-730, May 1995.
[30]. A. Shamir, “Identity-based Cryptosystems and Signature Schemes,” Advances in CRYPTO’84, pp. 47-53.
[31]. A. Silberschatz and P. B. Galvin, “Operating System Concepts,” Fifth Edition, John Wiley & Sons, Inc., ISBN 0471-36414-2.
[32]. W. Stallings, Cryptography and Network Security: Principles and Practice, 2nd ed., Prentice-Hall, 1999.
[33]. S. Suzuki and K. Nakada, “An Authentication Technique Based on Distributed Security Management for the Global Mobility Network,” IEEE Journals on Select Areas Communications, Vol. 15, pp. 1608-1617, 1997.
[34]. V. Tzvetkov and B. Cubaleska “WAP Protocol Security Solutions for Mobile Commerce,” Proceedings of the 6th world multiconference on Systemics, Informatics and Cybernetics,Orlando, USA, 2002.
[35]. J.E. Wilkes, “Privacy and Authentication Needs of PCS,” IEEE Personal Communications, Vol. 2 No 4, pp. 11-15, Aug. 1995.
[36]. M. Zhang and Y. Fang, “Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol,” IEEE Transactions on Wireless Communications, Vol. 4, No. 2, pp. 734-742, March 2005.
[37]. RSA Laboratories'' Frequently Asked Questions about Today''s Cryptography, V4.0:
http://www.rsasecurity.com/rsalabs/faq/.
[38]. GSM 11.11 (ETS 300 608): "European digital cellular telecommunications system
(Phase 2); Specification of the Subscriber Identity Module - Mobile Equipment
(SIM - ME) interface".
http://www.scia.org/knowledgebase/aboutSmartCards/specs.html
[39]. WIDE ROOT CA Key Change Information.
http://www.wide.ad.jp/wg/moca/wide_root_key_change-e.html
[40]. Characterization of Magnetic Recording Systems: A Practical Approach written by
Alexander Taratorin http://www.guzik.com/solutions/prmlbook/book.htm
[41]. ETSI/TC Recommendation GSM 03.20, Security Related Network Function, version 3.3.2 (Jan. 1991).
[42]. ETSI Raft prETS, 300 175-7 (1991)
[43]. EIA/TIA-IS-54-B.
[44]. Rfc 1321, “The MD5 Message-Digest Algorithm”.
[45]. GSM 11.11 (ETS 300 608): "European digital cellular telecommunications system (Phase 2); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface".
[46]. RSA Laboratories'' Frequently Asked Questions about Today''s Cryptography, V4.0:
http://www.rsasecurity.com/rsalabs/faq/.
[47]. ETSI. Recommendation GSM 02.09: Security related network functions. Technical report, European Telecommunications Standards Institute, ETSI, June 1993.
[48]. 3GPP TS23.002 (v3.6.0). Network Architecture, Release 99. 2002.
[50]. 3GPP TS33.102. (v4.2.0). Security Architecture, Release 4. 2001.
[51]. RSA Laboratories'' Frequently Asked Questions about Today''s Cryptography, V4.0
http://www.rsasecurity.com/rsalabs/faq/
[52]. “The Digital Signature Standard Proposed by NIST,” Communications. ACM, Vol. 35, No. 7, pp. 36-40, July 1992.
[53]. 3GPP TS23.002 (v3.6.0). Network Architecture, Release 99. 2002.
[54]. 3GPP TS33.102. (v4.2.0). Security Architecture, Release 4. 2001.
[55]. The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB 198, Issued March 6, 2002.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔