(44.192.112.123) 您好!臺灣時間:2021/03/08 23:57
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:李繼昀
論文名稱:基於限制路徑為基礎的存取控制系統
論文名稱(外文):Securing Office PC based on Knowledge of Pedestrian Paths
指導教授:孫宏民
學位類別:碩士
校院名稱:國立清華大學
系所名稱:資訊系統與應用研究所
學門:電算機學門
學類:系統設計學類
論文種類:學術論文
論文出版年:2010
畢業學年度:98
語文別:英文
論文頁數:38
中文關鍵詞:存取控制門禁系統
外文關鍵詞:Access ControlEntrance Guard System
相關次數:
  • 被引用被引用:0
  • 點閱點閱:141
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
辦公室屬於開放式的環境 ,只要是內部的成員就能夠使用裡面的電
腦,然而其他使用者只要趁著辦公司成員不注意的時候,也能夠趁機
使用內部電腦,針對這點,使用者會利用帳號密碼來做為存取PC 的
access control policy 防止外人使用PC,但是為了方便記憶,他們會傾向於使用簡單的文字來當作密碼,在此我們認為這是不安全的。在這篇論文裡,我們觀察到一般人有走熟悉路徑的習性,基於這個觀察下,我們提出了一個利用行走路徑當作access control policy 的存取控制系統,稱做SOP-KPP。在環境中我們部署了大量的Gateway,系統可以藉由Gateway 來描繪出使用者經過的路徑。在系統中,使用者必須走過預定的路線,並且利用手機和經過的Gateway 互動,取得該Gateway的簽章以證明自己曾經走過此Gateway,之後要使用PC,使用者必須要把蒐集到的簽章丟給PC 驗,假如簽章的順序是正確的,PC 就會解除鎖定。除此之外,我們的系統還提供了Pulling 的機制,藉由短距離的無線傳輸介面,將手機和PC 綁定,在Pulling protocol 當中,PC會不斷的pull 手機,以確保它是在範圍之內(代表使用者正在使用PC),當使用者帶著手機離開PC 的時候,PC 就會自動鎖定住,防止外人使用它。在我們的實驗之下,使用者在Gateway 所花的時間少於十秒,以及Pulling 時所花的電量為每8 小時消耗掉10% 的總電量。

Office is an open environment where the employees are able to access the PCs in it. However, other people may access the PCs even when they are not the members of the office; if no one is conscious of them. Due to such problem, owner set password as the secure policy to protect their PC. But individuals tend to use weak password since it is easy for them to remember it; we think it is not secure. In this thesis, we observe that employees have behavior of walking the familiar path to their office. Base on the observation, we proposed SOP-KPP system, which leverage
knowledge of pedestrian paths as the access control policy. In SOP-KPP, we deployed amount of gateways and could use them to depict the pedestrian paths. Individuals must pass the gateways and aggregate their digital signatures through the path to their office with mobile devices. Till individuals reach the PC, they would send aggregated signatures to PC to access it. If signatures are aggregated in right sequential order, PC would unlock itself. Besides we use short-range wireless link to bond mobile devices to PC for detecting the presence of user. If user left the PC, it will lock the screen to protect itself. Furthermore, we made a serial of experiments to evaluate the performance and the result showed that time spent at each gateway is less than 10 seconds and power consumption is 10 percents of the total power capacity per 8 hours for pulling protocol.

List of Figures 4
List of Tables 5
1 Introduction 1
1.1 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Concept of SOP-KPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Background and Related Works 5
2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.1 MULE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.2 Grey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2.3 ZIA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Problem Statement 10
3.1 Environment Statements . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Adversary Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4 Protocol 13
4.1 Signature Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 Register Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.3 Authentication Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.4 Tracing Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.5 Access Control Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.6 Pulling phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5 Implementation 21
5.1 SOP-KPP Mobile Client . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 SOP-KPP Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.3 SOP-KPP Guarder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3.1 Pulling Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3.2 Locking and Unlocking PCs . . . . . . . . . . . . . . . . . . . 25
5.4 SOP-KPP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5 SOP-KPP Walk-Through . . . . . . . . . . . . . . . . . . . . . . . . . 26
6 Evaluation and Comparison 29
6.1 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.1.1 Evaluation of the Time Spent at Gateway . . . . . . . . . . . 29
6.1.2 Power Consumption . . . . . . . . . . . . . . . . . . . . . . . 30
6.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
7 Conclusion and Future Work 34
7.1 Pairing Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7.2 Bluetooth Dongle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Bibliography 36

[1] Phillips, P., Martin, A., Wilson, C., Przybocki, M.: An Introduction Evaluating
Biometric Systems. Computer 33(2) (2000) 56–63
[2] XyLoc: Ensure technologies. http://www.ensuretech.com
[3] Corner, M., Noble, B.: Zero-Interaction Authentication. In: Proceedings of
the 8th annual international conference on Mobile computing and networking,
ACM (2002) 1–11
[4] Abdelhameed, R., Khatun, S., Ali, B., Ramli, A.: Authentication Model Based
Bluetooth-Enabled Mobile Phone. Journal of Computer Science 1(2) (2005)
199–202
[5] Abdelhameed, R., Khatun, S., Ali, B., Ramli, A.: Application of Cell-Phonein
Laptop Security. Journal of Applied Sciences 5(2) (2005) 215–219
[6] Noble, B., Corner, M.: The Case for Transient Authentication. In: Proceedings
of the 10th workshop on ACM SIGOPS European workshop, ACM (2002) 29
[7] Bauer, L., Garriss, S., McCune, J., Reiter, M., Rouse, J., Rutenbar, P.: Device-
Enabled Authorization in the Grey System. Information Security 431–445
[8] Bauer, L., Cranor, L., Reeder, R., Reiter, M., Vaniea, K.: Comparing Access-
Control Technologies: A Study of Keys and Smartphones. (2007)
[9] Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Lessons Learned from the
Deployment of a Smartphone-Based Access-Control System. In: SOUPS ’07:
Proceedings of the 3rd Symposium on Usable Privacy and Security. (2007) 64–
75
[10] Beaufour, A., Bonnet, P.: Personal Servers as Digital Keys. In: Proc. 2nd
IEEE International Conference of Pervasive Computing and Communications,
Citeseer (2004)
[11] Ravi, N., Stern, P., Desai, N., Iftode, L.: Accessing Ubiquitous Services Using
Smart Phones. (2005)
[12] McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-Is-Believing: Using Camera
Phones for Human-Verifiable Authentication. In: Proceedings of the IEEE
Symposium on Security and Privacy. (2005)
[13] Lin, Y.H., Studer, A., Hsiao, H.C., McCune, J.M., Wang, K.H., Krohn, M.,
Lin, P.L., Perrig, A., Sun, H.M., Yang, B.Y.: SPATE: Small-Group PKI-Less
Authenticated Trust Establishment. In: MobiSys ’09: Proceedings of the 7th
international conference on Mobile systems, applications, and services, New
York, NY, USA, ACM (2009) 1–14
[14] Chen, C.H.O., Chen, C.W., Kuo, C., Lai, Y.H., McCune, J.M., Studer, A.,
Perrig, A., Yang, B.Y., Wu, T.C.: GAnGS: Gather Authenticate ’n Group
Securely. In: Proceedings of the ACM Annual International Conference on
Mobile Computing and Networking. (2008)
[15] Kato, H., Tan, K.: Pervasive 2D Barcodes for Camera Phone Applications.
IEEE Pervasive Computing (2007) 76–85
[16] Hsiao, H., Lin, Y., Studer, A., Studer, C., Wang, K., Kikuchi, H., Perrig, A.,
Sun, H., Yang, B.: A Study of User-Friendly Hash Comparison Schemes. In:
Proceedings of the 2009 Annual Computer Security Applications Conference,
IEEE Computer Society (2009) 105–114
[17] Glasbey, C., van der Heijden, G., Toh, V.F.K., Gray, A.: Colour Displays for
Categorical Images. Color Research and Application 32(4) (2007) 304–309
[18] Studer, A., Perrig, A.: Mobile User Location-Specific Encryption (MULE): Using
Your Office as Your Password. In: Proceedings of the third ACM conference
on Wireless network security, ACM (2010) 151–162
[19] Kasten, O., Langheinrich, M.: First Experiences with Bluetooth in the Smart-
Its Distributed Sensor Network. In: Workshop on Ubiquitous Computing and
Communications, PACT. Volume 1., Citeseer (2001)
[20] Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems. Communications of the ACM 21(2)
(1978) 126
[21] Brands, S., Chaum, D.: Distance-Bounding Protocols. In: Advances in CryptologyEUROCRYPT93,
Springer (1993) 344–359
[22] Blaze, M.: A cryptographic file system for UNIX. In: Proceedings of the 1st
ACM conference on Computer and communications security, ACM (1993) 9–16
[23] Mircosoft Corporation: BitLocker Drive Encryption Overview. http://
technet.microsoft.com/en-us/library/cc732774.aspx
[24] SecureStar: DriveCrypt: Disk Encryption and Data Encryption Software.
http://www.securstar.com/products_drivecrypt.php

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔