基於限制路徑為基礎的存取控制系統__臺灣博碩士論文知識加值系統

English |FB 專頁 |Mobile

免費會員登入| 註冊

(44.192.112.123) 您好！臺灣時間：2021/03/08 23:57

字體大小：

詳目顯示:::

第 1 筆 / 共 1 筆

/1頁

論文基本資料
摘要
外文摘要
目次
參考文獻
紙本論文
論文連結
QR Code

本論文永久網址:

研究生:

李繼昀

論文名稱:

基於限制路徑為基礎的存取控制系統

論文名稱(外文):

Securing Office PC based on Knowledge of Pedestrian Paths

指導教授:

孫宏民

學位類別:

碩士

校院名稱:

國立清華大學

系所名稱:

資訊系統與應用研究所

學門:

電算機學門

學類:

系統設計學類

論文種類:

學術論文

論文出版年:

2010

畢業學年度:

語文別:

英文

論文頁數:

中文關鍵詞:

存取控制、門禁系統

外文關鍵詞:

Access Control、Entrance Guard System

相關次數:

被引用:0
點閱:141
評分:
下載:0
書目收藏:0

辦公室屬於開放式的環境，只要是內部的成員就能夠使用裡面的電
腦，然而其他使用者只要趁著辦公司成員不注意的時候，也能夠趁機
使用內部電腦，針對這點，使用者會利用帳號密碼來做為存取PC 的
access control policy 防止外人使用PC，但是為了方便記憶，他們會傾向於使用簡單的文字來當作密碼，在此我們認為這是不安全的。在這篇論文裡，我們觀察到一般人有走熟悉路徑的習性，基於這個觀察下，我們提出了一個利用行走路徑當作access control policy 的存取控制系統，稱做SOP-KPP。在環境中我們部署了大量的Gateway，系統可以藉由Gateway 來描繪出使用者經過的路徑。在系統中，使用者必須走過預定的路線，並且利用手機和經過的Gateway 互動，取得該Gateway的簽章以證明自己曾經走過此Gateway，之後要使用PC，使用者必須要把蒐集到的簽章丟給PC 驗，假如簽章的順序是正確的，PC 就會解除鎖定。除此之外，我們的系統還提供了Pulling 的機制，藉由短距離的無線傳輸介面，將手機和PC 綁定，在Pulling protocol 當中，PC會不斷的pull 手機，以確保它是在範圍之內(代表使用者正在使用PC)，當使用者帶著手機離開PC 的時候，PC 就會自動鎖定住，防止外人使用它。在我們的實驗之下，使用者在Gateway 所花的時間少於十秒，以及Pulling 時所花的電量為每8 小時消耗掉10% 的總電量。

Office is an open environment where the employees are able to access the PCs in it. However, other people may access the PCs even when they are not the members of the office; if no one is conscious of them. Due to such problem, owner set password as the secure policy to protect their PC. But individuals tend to use weak password since it is easy for them to remember it; we think it is not secure. In this thesis, we observe that employees have behavior of walking the familiar path to their office. Base on the observation, we proposed SOP-KPP system, which leverage
knowledge of pedestrian paths as the access control policy. In SOP-KPP, we deployed amount of gateways and could use them to depict the pedestrian paths. Individuals must pass the gateways and aggregate their digital signatures through the path to their office with mobile devices. Till individuals reach the PC, they would send aggregated signatures to PC to access it. If signatures are aggregated in right sequential order, PC would unlock itself. Besides we use short-range wireless link to bond mobile devices to PC for detecting the presence of user. If user left the PC, it will lock the screen to protect itself. Furthermore, we made a serial of experiments to evaluate the performance and the result showed that time spent at each gateway is less than 10 seconds and power consumption is 10 percents of the total power capacity per 8 hours for pulling protocol.

List of Figures 4
List of Tables 5
1 Introduction 1
1.1 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Concept of SOP-KPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Background and Related Works 5
2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.1 MULE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.2 Grey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.3 ZIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Problem Statement 10
3.1 Environment Statements . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Adversary Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4 Protocol 13
4.1 Signature Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 Register Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.3 Authentication Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.4 Tracing Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.5 Access Control Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.6 Pulling phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5 Implementation 21
5.1 SOP-KPP Mobile Client . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 SOP-KPP Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.3 SOP-KPP Guarder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3.1 Pulling Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3.2 Locking and Unlocking PCs . . . . . . . . . . . . . . . . . . . 25
5.4 SOP-KPP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5 SOP-KPP Walk-Through . . . . . . . . . . . . . . . . . . . . . . . . . 26
6 Evaluation and Comparison 29
6.1 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.1.1 Evaluation of the Time Spent at Gateway . . . . . . . . . . . 29
6.1.2 Power Consumption . . . . . . . . . . . . . . . . . . . . . . . 30
6.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
7 Conclusion and Future Work 34
7.1 Pairing Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7.2 Bluetooth Dongle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Bibliography 36

[1] Phillips, P., Martin, A., Wilson, C., Przybocki, M.: An Introduction Evaluating
Biometric Systems. Computer 33(2) (2000) 56–63
[2] XyLoc: Ensure technologies. http://www.ensuretech.com
[3] Corner, M., Noble, B.: Zero-Interaction Authentication. In: Proceedings of
the 8th annual international conference on Mobile computing and networking,
ACM (2002) 1–11
[4] Abdelhameed, R., Khatun, S., Ali, B., Ramli, A.: Authentication Model Based
Bluetooth-Enabled Mobile Phone. Journal of Computer Science 1(2) (2005)
199–202
[5] Abdelhameed, R., Khatun, S., Ali, B., Ramli, A.: Application of Cell-Phonein
Laptop Security. Journal of Applied Sciences 5(2) (2005) 215–219
[6] Noble, B., Corner, M.: The Case for Transient Authentication. In: Proceedings
of the 10th workshop on ACM SIGOPS European workshop, ACM (2002) 29
[7] Bauer, L., Garriss, S., McCune, J., Reiter, M., Rouse, J., Rutenbar, P.: Device-
Enabled Authorization in the Grey System. Information Security 431–445
[8] Bauer, L., Cranor, L., Reeder, R., Reiter, M., Vaniea, K.: Comparing Access-
Control Technologies: A Study of Keys and Smartphones. (2007)
[9] Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons Learned from the
Deployment of a Smartphone-Based Access-Control System. In: SOUPS ’07:
Proceedings of the 3rd Symposium on Usable Privacy and Security. (2007) 64–
75
[10] Beaufour, A., Bonnet, P.: Personal Servers as Digital Keys. In: Proc. 2nd
IEEE International Conference of Pervasive Computing and Communications,
Citeseer (2004)
[11] Ravi, N., Stern, P., Desai, N., Iftode, L.: Accessing Ubiquitous Services Using
Smart Phones. (2005)
[12] McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera
Phones for Human-Verifiable Authentication. In: Proceedings of the IEEE
Symposium on Security and Privacy. (2005)
[13] Lin, Y.H., Studer, A., Hsiao, H.C., McCune, J.M., Wang, K.H., Krohn, M.,
Lin, P.L., Perrig, A., Sun, H.M., Yang, B.Y.: SPATE: Small-Group PKI-Less
Authenticated Trust Establishment. In: MobiSys ’09: Proceedings of the 7th
international conference on Mobile systems, applications, and services, New
York, NY, USA, ACM (2009) 1–14
[14] Chen, C.H.O., Chen, C.W., Kuo, C., Lai, Y.H., McCune, J.M., Studer, A.,
Perrig, A., Yang, B.Y., Wu, T.C.: GAnGS: Gather Authenticate ’n Group
Securely. In: Proceedings of the ACM Annual International Conference on
Mobile Computing and Networking. (2008)
[15] Kato, H., Tan, K.: Pervasive 2D Barcodes for Camera Phone Applications.
IEEE Pervasive Computing (2007) 76–85
[16] Hsiao, H., Lin, Y., Studer, A., Studer, C., Wang, K., Kikuchi, H., Perrig, A.,
Sun, H., Yang, B.: A Study of User-Friendly Hash Comparison Schemes. In:
Proceedings of the 2009 Annual Computer Security Applications Conference,
IEEE Computer Society (2009) 105–114
[17] Glasbey, C., van der Heijden, G., Toh, V.F.K., Gray, A.: Colour Displays for
Categorical Images. Color Research and Application 32(4) (2007) 304–309
[18] Studer, A., Perrig, A.: Mobile User Location-Specific Encryption (MULE): Using
Your Office as Your Password. In: Proceedings of the third ACM conference
on Wireless network security, ACM (2010) 151–162
[19] Kasten, O., Langheinrich, M.: First Experiences with Bluetooth in the Smart-
Its Distributed Sensor Network. In: Workshop on Ubiquitous Computing and
Communications, PACT. Volume 1., Citeseer (2001)
[20] Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems. Communications of the ACM 21(2)
(1978) 126
[21] Brands, S., Chaum, D.: Distance-Bounding Protocols. In: Advances in CryptologyEUROCRYPT93,
Springer (1993) 344–359
[22] Blaze, M.: A cryptographic file system for UNIX. In: Proceedings of the 1st
ACM conference on Computer and communications security, ACM (1993) 9–16
[23] Mircosoft Corporation: BitLocker Drive Encryption Overview. http://
technet.microsoft.com/en-us/library/cc732774.aspx
[24] SecureStar: DriveCrypt: Disk Encryption and Data Encryption Software.
http://www.securstar.com/products_drivecrypt.php

國圖紙本論文

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供，不一定有電子全文可供下載，若連結有誤，請點選上方之〝勘誤回報〞功能，我們會盡快修正，謝謝！

推文
網路書籤
推薦
評分
引用網址
轉寄

top

相關論文
相關期刊
熱門點閱論文

無相關論文

1.	9.黃振豊、呂紹強，2000，“企業財務危機預警模式之研究-以財務及非財務因素構建”，當代會計，1卷，1期，頁19~40，11月。
2.	黃瓊慧、林雯瑜與陳政芳，2001，「關聯產業之垂直資訊移轉」，證券市場發展，第13卷第2期：1-29。
3.	3.周百隆、盧俊安，2007，“以Cascaded Logistic Model 建構我國企業財務危機預警模型之研究”，中華管理評論國際學報，10卷，2期，5月。

1.	三維多邊形模型之視覺密碼
2.	基於中國餘式定理之前向錯誤更正碼
3.	AStudyofKeyManagementMechanismforContentAccessControlinPay-TVBroadcastingSystems
4.	人生時光數位化分享平台之設計與建置
5.	AnEfficient-CommunicationPrivateMatchingSchemeinClient-ServerModel
6.	無線感測網路的中繼節點配置
7.	一個針對跨站腳本攻擊和網路釣魚攻擊的客戶端導向白名單策略
8.	基於錯誤訂正碼之無線射頻標籤輕量化認證協定之研究
9.	一個針對多解析器的網域名稱伺服器快取毒害攻擊的機率模型
10.	高可靠度網路資料傳輸與驗證
11.	Small-groupPKI-lessAuthenticatedTrustEstablishment
12.	MultimediaProgrammingforMobileHandhelds
13.	AStudyofArithmeticCodesforJointEncryptionandCompression
14.	一個應用合作機制於無線隨意行動網路之抵擋路徑斷裂的安全路由協定
15.	一個新的防禦共謀機制於無線隨意行動網路

簡易查詢 | 進階查詢 | 熱門排行 | 我的研究室