跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.87) 您好!臺灣時間:2024/12/05 21:46
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:黃詠娸
研究生(外文):Yung-Chi Huang
論文名稱:針對半誠實的網路管理者的無線網路匿名認證
論文名稱(外文):Anonymous WiFi Authentication against Honest-but-curious Administrators
指導教授:蕭旭君
指導教授(外文):Hsu-Chun Hsiao
口試委員:黃俊穎鄭欣明林忠緯
口試委員(外文):Chun-Ying HuangShin-Ming ChengChung-Wei Lin
口試日期:2020-06-19
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊網路與多媒體研究所
學門:電算機學門
學類:網路學類
論文種類:學術論文
論文出版年:2020
畢業學年度:108
語文別:英文
論文頁數:35
中文關鍵詞:無線網路位置隱私權匿名認證
外文關鍵詞:WiFiLocation PrivacyAnonymous Authentication
DOI:10.6342/NTU202002851
相關次數:
  • 被引用被引用:0
  • 點閱點閱:163
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
如今無線熱點已經廣泛部署在世界各地,然而這可能會導致位置和軌跡隱私洩露的風險,大部分過去的研究都著重在針對竊聽者可以取得的可用來唯一識別身份的MAC地址來做防範,目前的無線網路認證機制所使用的身分認證其實也會有同樣的隱私洩露風險。因此,我們提出了一個針對半誠實的網路管理者的無線網路匿名認證機制,透過直接匿名認證的特性,我們使用直接匿名認證的簽章作為無線網路認證時的身份認證可以達成匿名性和不可聯繫性,此外,我們有做出一個可以簡易部署的實作,它是由嵌入X.509的擴充欄位在用戶端的證書,搭配FreeRadius伺服器上可客製化的證書驗證機制來完成的,我們驗證我們設計的安全性和易佈署性,並且證明我們的設計和EAP-TLS相比只會增加部分邊際延遲,而和常用的PEAP相比則近乎相同。
Nowadays, wireless hotspots have been widely deployed around the world, which may lead to significant location and trajectory privacy risks. While most previous work focuses on protecting MAC addresses which can be used as a unique identifier against eavesdroppers, the authentication identity of existing WiFi authentication mechanisms can also be used by administrators to track users. In our work, we propose a new authentication mechanism for WiFi which supports anonymous authentication against honest-but-curious administrators. Leveraging the properties of Direct Anonymous Attestation (DAA), our scheme can achieve anonymity and unlinkability with a DAA signature as an authentication identity while authenticated by the authentication server in the WiFi network. We further build an implementation of our scheme by using an X.509 extension embedded in the client certificate and importing a customized certificate validation check on FreeRadius server. We validate the security property and demonstrate the deployability of our solution. We show that our scheme introduced marginal overhead compared with EAP-TLS and performs similarly to the widely-deployed PEAP.
誌謝 i
Acknowledgements ii
摘要 iii
Abstract iv
1 Introduction 1
2 Background 4
2.1 ExtensibleAuthenticationProtocol..................... 4
2.1.1 EAP-TLS.............................. 4
2.1.2 PEAP................................ 5
2.2 802.11rFastTransition/Roaming/Handover . . . . . . . . . . . . . . . 6
2.3 DirectAnonymousAttestation ....................... 7
3 Motivation 9
4 Problem Definition 11
4.1 SystemModel................................ 12
4.2 Assumption................................. 12
4.3 ThreatModel ................................ 13
4.4 DesiredProperties.............................. 13
5 Proposed Solution 15
5.1 SystemSetup ................................ 16
5.1.1 Prerequisite............................. 16
5.1.2 Role................................. 16
5.2 ArchitectureDesign............................. 16
5.2.1 Joining ............................... 16
5.2.2 Verification............................. 17
5.3 DynamicGroup............................... 18
5.3.1 Addingnewmembers ....................... 18
5.3.2 Revocation ............................. 18
5.3.3 Adaptiverevocation ........................ 19
5.4 Implementation ............................... 20
5.4.1 X.509................................ 21
5.4.2 FreeRADIUS............................ 22
6 Evaluation 25
6.1 ExperimentsSettings ............................ 25
6.2 SecurityAnalysis .............................. 26
6.3 PerformanceEvaluation........................... 26
6.4 Deployability ................................ 28
7 Discussion 29
8 Related Work 31
9 Conclusion 33
Bibliography 34
A C implementation of elliptic-curve-based DAA project. https://github.com/ xaptum/ecdaa.
FreeRADIUS: The world’s most popular RADIUS Server. https://freeradius.org.
How the NSA is tracking people right now. http://apps.washingtonpost.com/g/page/national/how-the-nsa-is-tracking-people-right-now/634/.
If You Have a Smart Phone, Anyone Can Now Track Your Every Move. https://www.technologyreview.com/2012/04/20/19824/ if-you-have-a-smart-phone-anyone-can-now-track-your-every-move/.
No, this isn’t a scene from Minority Report. This trash can is stalk- ing you. https://arstechnica.com/information-technology/2013/08/ no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/.
Ieee standard for information technology– local and metropolitan area networks– specific requirements– part 11: Wireless lan medium access control (mac) and phys- ical layer (phy) specifications amendment 2: Fast basic service set (bss) transition. IEEE Std 802.11r-2008 (Amendment to IEEE Std 802.11-2007 as amended by IEEE Std 802.11k-2008), pages 1–126, 2008.
J.Camenisch,M.Drijvers,andA.Lehmann.UniversallyComposableDirectAnony- mous Attestationy. In Public-Key Cryptography – PKC 2016, 2016.
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. RFC 5280 (Proposed Standard).
M. Gruteser and D. Grunwald. Enhancing location privacy in wireless lan through disposable interface identifiers: A quantitative analysis. volume 10, pages 46–55, 01 2003.
R. Housley, T. Polk, D. W. S. Ford, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280, 2002.
D. Inoue, R. Nomura, and M. Kuroda. Transient mac address scheme for untraceability and dos attack resiliency on wireless network. In Symposium, 2005 Wireless Telecommunications, pages 15–23, 2005.
T. Jiang, H. J. Wang, and Y.-C. Hu. Preserving location privacy in wireless lans. In Proceedings of the 5th international conference on Mobile systems, applications and services, pages 246–257, 2007.
M. Lei, X. Hong, and S. V. Vrbsky. Protecting location privacy with dynamic mac address exchanging in wireless networks. In IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference, pages 49–53, 2007.
J.Martin,T.Mayberry,C.Donahue,L.Foppe,L.Brown,C.Riggins,E.C.Rye,and D. Brown. A study of mac address randomization in mobile devices and when it fails. Proceedings on Privacy Enhancing Technologies, 2017(4):365–383, 2017.
Qi He, Dapeng Wu, and P. Khosla. The quest for personal control over mobile loca- tion privacy. IEEE Communications Magazine, 42(5):130–136, 2004.
M.Vanhoef,C.Matte,M.Cunche,L.S.Cardoso,andF.Piessens.Whymacaddress randomization is not enough: An analysis of wi-fi network discovery mechanisms. In AsiaCCS, pages 413–424. ACM, 2016.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top