(3.235.11.178) 您好!臺灣時間:2021/02/26 04:28
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:黃仁楷
研究生(外文):Ren-Kai Huang
論文名稱:確保使用者隱私之驗證暨金鑰協議方法的研究
論文名稱(外文):A Research on Privacy-ensured Authentication and Key Agreement Schemes
指導教授:張雅芬張雅芬引用關係
指導教授(外文):Ya-Fen Chang
學位類別:碩士
校院名稱:國立臺中科技大學
系所名稱:資訊工程系碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:105
語文別:英文
論文頁數:25
中文關鍵詞:使用者匿名隱私金鑰協議認證完整EPR信息系統
外文關鍵詞:user anonymityprivacykey agreementauthenticationintegrated EPR information system
相關次數:
  • 被引用被引用:0
  • 點閱點閱:35
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著科技進步,網路越發普及,其相關應用也多元多樣化,然而訊息在網路上是透過公開的非安全通道進行傳遞,如何驗證通訊對方的身分合法性及保護傳送的資料便成為重要的安全議題。透過合宜的身分驗證機制便可確認通訊者的身分,另透過金鑰協議便可讓溝通的雙方協議出金鑰來保護傳輸的資料內容。除上述之兩項安全需求外,一個好的驗證暨金鑰協議方法也應保護使用者隱私,因為確保使用者隱私可防止使用者被追蹤,進而保護整個機制的安全。
最近,Amin等學者提出了無線感測網絡的三因素認證密鑰交換協議。 他們聲稱他們的協議可以確保用戶匿名,提供身份和密碼更新,並啟用智能卡撤銷。 在分析其協議之後,我們發現它有兩個安全缺陷。 首先,不能確保用戶匿名。 其次,它遭受去同步化攻擊。另一方面,Odelu等學者提出了用於整合EPR信息系統之動態群組密碼認證暨金鑰協商方法。他們宣稱他們所提出之方案可以確保用戶匿名性、完美前向安全和已知密鑰的安全。在分析了他們的方案後,我們發現它有一些缺陷。首先,他們的方案不能運作。其次,他們的方案不能保證聲稱的隱私。在本論文中,我們將詳細地闡述所發現的安全缺失。
With the progress of technologies, networks become more popular, and various applications are proposed. However, data is transmitted via public but insecure channels. How to ensure the legality of communication parties and how to protect the transmitted data are important security issues. Proper authentication mechanisms can ensure who the communication party is, and key agreement can help communication parties to negotiate one session key to protect the transmitted data. In addition to the above two security requirements, a good authentication and key agreement method should protect user anonymity as well. It is because protecting user anonymity can prevent the user from being traced and protect the whole mechanism as well.
Recently, Amin et al. proposed three-factor authenticated key exchange protocol for wireless sensor networks. They claimed that their protocol could ensure user anonymity, provide identity and password update, and enable smartcard revocation. After analyzing their protocol, we find that it suffers from two security flaws. First, user anonymity cannot be ensured. Second, it suffers from desynchronization attack. On the other hand, Odelu et al. proposed a dynamic group password-based authenticated key agreement scheme for the integrated EPR information system. They claimed that their scheme could ensure user anonymity, perfect forward security and known-key security. After analyzing their scheme, we find that it suffers from some flaws. First, their scheme cannot work. Second, their scheme cannot ensure privacy as claimed. In this thesis, the found weaknesses will be shown in detail.
中文摘要..............................................I
Abstract.............................................II
致謝.................................................IV
Table of Contents....................................V
List of Figures......................................VII
List of Tables.......................................VIII
Chapter 1. Introduction..............................1
1.1 Motivation and Background........................1
1.2 Thesis Organization..............................3
Chapter 2. Review of Amin et al.’s Three-factor Authenticated Key Exchange Protocol..................4
2.1 System Setup Phase...............................5
2.2 Sensor Node Registration Phase...................5
2.3 User Registration Phase..........................6
2.4 Login Phase......................................7
2.5 Authentication and Session Key Agreement Phase...8
2.6 Post-deployment Phase............................10
2.7 Identity Update Phase............................10
2.8 Password Change Phase............................11
2.9 Smart Card Revocation Phase......................13
Chapter 3. Security Analysis of Amin et al.’s Protocol .....................................................14
3.1 Lack of User Anonymity...........................14
3.2 Vulnerability to Desynchronization Attack........14
Chapter 4. Review of Odelu et al.’s a Dynamic Group Password-based Authenticated Key Agreement Scheme .....................................................16
4.1 User Registration Phase..........................17
4.2 Authentication and Session Key Agreement Phase .....................................................17
4.3 Password Change Phase............................20
Chapter 5. Security Analysis of Odelu et al.’s Scheme .....................................................21
5.1 Unworkable Design................................21
5.2 Lack of User Anonymity...........................22
Chapter 6. Conclusions...............................23
Bibliography.........................................24
[1] S. Kumari and H. Om “Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines,” Computer Networks, Vol. 104, No. 20, pp. 137-154, 2016.
[2] P. Gope and T. Hwang, “An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks,” Journal of Network and Computer Applications, Vol. 62, pp. 1-8, 2016.
[3] Z. Qin, J. Sun, A. Wahaballa , W. Zheng, H. Xiong and Z. Qin, “A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing, ” Computer Standards & Interfaces, Vol. 54, pp. 55-60, 2017.
[4] A. Chaturvedi, D. Mishra, S. Jangirala and S. Mukhopadhyay, “A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme, ” Journal of Information Security and Applications, Vol. 32, pp. 15-26, 2017.
[5] Z. J. Haddad, S. Taha and I. A. Saroit, “Anonymous authentication and location privacy preserving schemes for LTE-A networks,” Egyptian Informatics Journal, doi:10.1016/j.eij.2017.01.002, available online 11 February 2017.
[6] S. Kumari, X. Li, F. Wu, A. K. Das, H. Arshad and M. K. Khan, “A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps,” Future Generation Computer Systems, Vol. 63, pp. 56-75, 2016.
[7] R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, L. Leng, and N. Kumar, “Design of anonymity preserving three-factor authenticated key exchange protocol for wireless sensor network,” Computer Networks, Vol. 101, No. 4, pp. 42-62, 2016.
[8] V. Odelu, A. K. Das and A. Goswami, “A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system,” Journal of King Saud University - Computer and Information Sciences, Vol. 28, pp. 68-81, 2016.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔