基於函式加密計算的認證機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：27

、訪客IP：3.15.139.147

姓名

王建智(Chien-Chih Wang) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

基於函式加密計算的認證機制
(Authentication Scheme using Evaluation of Encrypted Function)

相關論文

★ 網路合作式協同教學設計平台－以國中九年一貫課程為例	★ 內容管理機制於常用問答集(FAQ)之應用
★ 行動多重代理人技術於排課系統之應用	★ 存取控制機制與國內資安規範之研究
★ 信用卡系統導入NFC手機交易機制探討	★ App應用在電子商務的推薦服務-以P公司為例
★ 建置服務導向系統改善生產之流程-以W公司PMS系統為例	★ NFC行動支付之TSM平台規劃與導入
★ 關鍵字行銷在半導體通路商運用-以G公司為例	★ 探討國內田徑競賽資訊系統－以103年全國大專田徑公開賽資訊系統為例
★ 航空地勤機坪作業盤櫃追蹤管理系統導入成效評估—以F公司為例	★ 導入資訊安全管理制度之資安管理成熟度研究－以B個案公司為例
★ 資料探勘技術在電影推薦上的應用研究-以F線上影音平台為例	★ BI視覺化工具運用於資安日誌分析—以S公司為例
★ 特權帳號登入行為即時分析系統之實證研究	★ 郵件系統異常使用行為偵測與處理-以T公司為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

近來，行動程式碼的運用範疇，已經越來越廣泛。隨著網路的普及化，行動代理人的存在，已經成為不可或缺的一環。透過行動代理人的行動性，使得網路上過去不可能達成的交易行為，變得容易。而經由行動代理人的運用，使得無論是主機或使用者可以有更佳的溝通管道。然而，在廣泛運用的情況下，相對的也產生了安全性上的疑慮。若當行動代理人無法完善的保護自己，其所完成的交易行為相對的也會讓使用者產生懷疑，因而降低使用行動代理人的便利性。因此，如何在行動代理人身上，運行適宜的安全保護機制。藉以提高行動代理人的自我保護能力，一直是許多學者所追求的目標。
Sander提出一種函式加密的機制，希望透過函式加密的概念，對行動程式碼內容產生混亂使其難以辨識，保護行動程式碼內的機密內容。Chen以這個概念開發了一套具有函式加解密能力的函式加密系統，稱之為JOBS系統。JOBS系統可以在當行動代理人派遣出去之前，對於內部的機密函式進行加密處理。因而保護機密函式內容不被竊取。而Tu又依據錯誤更正碼的方式，對JOBS系統作進一步的加強。希望透過更完善的函式保護方式，來對行動程式碼作保護。
本研究主要的目標在希望將函式加密計算的概念，靈活運用在網路行的行動代理人行為。因此，希望將函式加密計算的方法，用在認證機制的設計方面。本研究並透過模擬的方式，來計算當改用函式加密計算後的認證機制效率，透過分析來了解函式加密計算在認證機制上的可行性。

摘要(英)

Recently, the use of mobile code has been widely. And with the popular of the internet, the existence of the mobile agent cannot be ignored. By the mobility of the mobile agent, the trade behavior, which could not be done in the past, has become easily now. Through the use of mobile agent, no matter what the client or server have a better communication channel. However, the widely use also leads some security problem. If the mobile agent cannot protect himself safely, the transaction will seem to be suspicious. Finally, the convenience of the mobile agent will be lower down. How to enhance the security of the mobile agent will be a serious problem.
Sander proposed a function hiding method, which could obfuscate the content of the mobile code and protect the confidential information. Chen developed a function hiding system based on Sander, and called JOBS (Java OBfuscation System). JOBS would encrypt the confidential function before dispatching the mobile agent. So the secret content would not be stolen. Tu used the method of the error correcting code to enhance the JOBS system. In order to use a more secure way protects the mobile code security.
The target of our research is to use the concept of function hiding in the application of internet. So we find the authentication protocols by using the evaluation of encryption function to be our research target. This research uses the simulation to calculate the performance of the authentication using evaluation of encrypted function, and discuss the feasibility of the evaluation of encrypted function in authentication protocol.

關鍵字(中)

★ 行動程式碼
★ 加密函式計算
★ 認證

關鍵字(英)

★ authentication
★ EEF
★ mobile code

論文目次

目錄
第一章簡介 1
1.1. 行動程式碼的使用環境 1
1.2. 動機及目的 2
1.3. 研究目標 4
1.4. 研究限制 4
第二章文獻探討 5
2.1. 行動代理人安全保護 5
2.2. 混亂程式碼 7
2.3. 加密函式計算 8
2.4. MCELIECE公開金鑰加密系統 10
2.5. 認證機制分類 13
2.6. 認證系統的攻擊 15
2.7. 利用雜湊函數的認證機制 20
第三章利用函式加密計算的認證機制 22
3.1. ISO認證機制 22
3.2. 函式加密計算的認證機制 24
3.3. 以函式加密計算為基礎的認證機制 33
3.3.1. 系統註冊流程 33
3.3.2. 系統認證流程 34
3.3.3. 驗證碼變更流程 35
3.3.4. 認證架構分析 36
第四章系統設計及架構 38
4.1. 開發工具 38
4.2. 系統設計 39
4.3. 系統評估 40
第五章結論與未來研究方向 45
5.1. 結論 45
5.2. 未來研究方向 45
參考資料 47

參考文獻

參考資料
中文參考文獻
1. 賴溪松、韓亮、張真誠，近代密碼學及其應用，松崗電腦圖書，1998。
英文參考文獻
2. Bellovin, Steven M., and Michael Merritt (1992) “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” Proc. of the IEEE Symposium on Research in Security and Privacy. pp. 72-84.
3. Berson, Thomas A. (1997) “Failure of the Public-Key Cryptosystem Under Message-Resend and Related Message Attack,” Proc. Of the 17th Annual International Cryptology Conference on Advances in Cryptology. pp. 213-220.
4. Bierman, Elmarie, Technikon Pretoria, and Elsabe Cloete (2002) “Classification of Malicious Host Threats in Mobile Agent Computing,” Proceeding of SAICSIT 2002, pp. 141-148.
5. Chen, Zhi Wei(2002): A Study of Protecting Mobile Code. Master Thesis, Department of Information Management of National Central University.
6. Clark, John and Jeremy Jacob (1997) “A survey of authentication protocol literature: Version 1.0,” available at http://dcpul.cs.york.ac.uk/~jeremy.
7. Hohl, Fritz (1998) “Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Host,” Mobile Agents and Security, LNCS, Vol. 1419, pp. 92-113.
8. McEliece, R.J. (1978) “A Public-Key Cryptosystem Based on Algebraic Coding Theory,” Deep Space Network Progress Report, Jet Propulsion Laboratory, California Institute of Technology, pp.42-44.
9. ISO/IEC 9798. (1993) “Entity authentication - Parts 1 to 5”. International Organization for Standardization.
10. Jansen, Wayne A., (2000) “Countermeasure for Mobile Agent Security,” Computer Communication Vol. 23, pp.1667-1676.
11. Lange, Danny, and Oshima Mitsuru (1998): Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley.
12. Lee, Cheng-Chi, Li Hua-Li, and Min Shiang-Hwang, (2002) “A remote user authentication scheme using hash functions,” ACM SIGOPS Operating Systems Review, pp. 23-29.
13. Lee, Sung-Woon, Hyun-Sung Kim, and Kee-Young Yoo, (2004) “Cryptanalysis of A User Authentication Scheme Using Hash Functions,” ACM SIGOPS Operating Systems Review, Vol. 38. pp. 24-28.
14. Loidreau, Pierre (2000) “Strengthening McEliece Cryptosystem,” LNCS Vol 1976. Pro. Of the 6th International Conference on the Theory and Application of Cryptology and Information Security. pp 585-598.
15. Loureiro, Sergio, and Refik Molva, (1999) “Function Hiding based on Error Correcting Codes,” Proceedings of Cryptec'99 - International Workshop on Cryptographic Techniques and Electronic Commerce.
16. Loureiro, Sergio, Molva, Refik, and Roudier, Yves, (2000) “Mobile Code Security,” In proceedings of ISYPAR 2000, Code Mobile, France.
17. Patterson, N. J., (1975) “The Algebraic Decoding of Goppa Codes” IEEE Transaction on Information Theory, Vol. IT-21, No. 2. pp. 203-207.
18. Riordan, James, and Bruce Schneier (1998) “Environment Key Generation towards Clueless Agents,” Mobile Agents and Security, Springer-Verlag, Lecture Notes in Computer Science No. 1419.
19. Rivest, R. L., A. Shamir, and L. Adleman (1978) “A method for obtaining digital signatures and public-key cryptosystems.” Communications of the ACM 21(2),
pp. 120-126.
20. Roger Needham and Michael Schroeder (1978) “Using Encryption for Authentication in Large Networks of Computers.” Communications of the ACM, 21(12):993-999.
21. Roth, Volker (2001) “Mutual Protection of Co-operating Agents,” Lecture Notes in Computer Science. pp. 275-285.
22. Sander, Tomas, and Christian F. Tschudin (1998) “Protecting Mobile Agents Against Malicious Hosts,” Mobile Agent Security, LNCS Vol.1419, Springer-Verlag, pp. 44-60.
23. Sander, Tomas, and Christian F. Tschudin (1998) “On Software Protection Via Function Hiding,” In Proc. Of Information Hiding 98 Springer-Verlag. LNCS Vol.1525.
pp. 111-123.
24. Sander, Tomas, and Christian F. Tschudin (1998) “Towards Mobile Cryptography,” Proc. Of the IEEE Symposium on Security and Privacy, pp. 215-224.
25. Satyanarayanan, M., (1989) “Integrating Security in a Large Distributed System” ACM Transactions on Computer Systems (TOCS). Vol. 7, No. 3. pp. 247-280.
26. Schneider, Fred B. (1997) “Towards Fault-Tolerant and Secure Agentry,” Proc. 11th International Workshop on Distributed Algorithms. pp. 1-14.
27. Seo, Dae-Hee, Im-Yeong Lee, Soo-Young Chae, and Choon-Soo Kim (2003) “Single Sign-On Authentication Model using MAS(Mulit-Agent System),” Communications, Computers and signal Processing, 2003.
28. Sosokin, Mikhail, Gleb Naumovich, and Nasir Memon (2003) “Obfuscation of Design Intent in Object-Oriented Applications” Proceedings of the 2003 ACM workshop on Digital rights management. pp. 142-153.
29. Sun, Hung-Min (2000) “Enhancing the Security of the McEliece Public-Key Cryptosystem,” Journal of Information Science and Engineering. Vol. 16, no 6,
pp. 799-812.
30. Tu, Tun-Hung (2004): A Function Hiding Scheme based on Error Correcting Codes. Master Thesis, Department of Information Management of National Central University.
31. Ulf Carlsen (1994) “Optimal Privacy and Authentication on a Portable Communications System.” Operating Systems Review, 28(3):16-23.
32. Vigna Giovanni (1997) “Protecting Mobile Agents Through Tracing,” Prco. of the 3rd ECOOP Workshop on Mobile Object System. pp. 137-153.
33. Yee, Bennet S. (1997) “A Sanctuary for Mobile Agents,” Technical Report CS97-537, University of California in San Diego.
34. Aglets Official Site. IBM Research Lab. in Tokyo.
.

指導教授

林熙禎(Shi-Jen Lin)

審核日期

2005-7-15

推文