近來,行動程式碼的運用範疇,已經越來越廣泛。隨著網路的普及化,行動代理人的存在,已經成為不可或缺的一環。透過行動代理人的行動性,使得網路上過去不可能達成的交易行為,變得容易。而經由行動代理人的運用,使得無論是主機或使用者可以有更佳的溝通管道。然而,在廣泛運用的情況下,相對的也產生了安全性上的疑慮。若當行動代理人無法完善的保護自己,其所完成的交易行為相對的也會讓使用者產生懷疑,因而降低使用行動代理人的便利性。因此,如何在行動代理人身上,運行適宜的安全保護機制。藉以提高行動代理人的自我保護能力,一直是許多學者所追求的目標。 Sander提出一種函式加密的機制,希望透過函式加密的概念,對行動程式碼內容產生混亂使其難以辨識,保護行動程式碼內的機密內容。Chen以這個概念開發了一套具有函式加解密能力的函式加密系統,稱之為JOBS系統。JOBS系統可以在當行動代理人派遣出去之前,對於內部的機密函式進行加密處理。因而保護機密函式內容不被竊取。而Tu又依據錯誤更正碼的方式,對JOBS系統作進一步的加強。希望透過更完善的函式保護方式,來對行動程式碼作保護。 本研究主要的目標在希望將函式加密計算的概念,靈活運用在網路行的行動代理人行為。因此,希望將函式加密計算的方法,用在認證機制的設計方面。本研究並透過模擬的方式,來計算當改用函式加密計算後的認證機制效率,透過分析來了解函式加密計算在認證機制上的可行性。 Recently, the use of mobile code has been widely. And with the popular of the internet, the existence of the mobile agent cannot be ignored. By the mobility of the mobile agent, the trade behavior, which could not be done in the past, has become easily now. Through the use of mobile agent, no matter what the client or server have a better communication channel. However, the widely use also leads some security problem. If the mobile agent cannot protect himself safely, the transaction will seem to be suspicious. Finally, the convenience of the mobile agent will be lower down. How to enhance the security of the mobile agent will be a serious problem. Sander proposed a function hiding method, which could obfuscate the content of the mobile code and protect the confidential information. Chen developed a function hiding system based on Sander, and called JOBS (Java OBfuscation System). JOBS would encrypt the confidential function before dispatching the mobile agent. So the secret content would not be stolen. Tu used the method of the error correcting code to enhance the JOBS system. In order to use a more secure way protects the mobile code security. The target of our research is to use the concept of function hiding in the application of internet. So we find the authentication protocols by using the evaluation of encryption function to be our research target. This research uses the simulation to calculate the performance of the authentication using evaluation of encrypted function, and discuss the feasibility of the evaluation of encrypted function in authentication protocol.
