English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 78728/78728 (100%)
造訪人次 : 33544262      線上人數 : 518
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/74686


    題名: 強化隱私保護之系統完整性回報系統;Privacy Enhanced Integrity Reporting Scheme
    作者: 蘇奕彰;Su, Yi-Zhang
    貢獻者: 資訊工程學系
    關鍵詞: 完整性回報;隱私性;偽裝攻擊;可信賴平台模組;遠端驗證;Integrity reporting;Privacy;Masquerading attack;Trusted Platform Module;Remote Attestation
    日期: 2017-07-25
    上傳時間: 2017-10-27 14:36:13 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著科技的快速發展,諸如電子商務與數位版權管理等系統皆被應用在各式各樣存有敏感性資料的儲存平台上,因此在進行交易或使用應用程式前,先行確保運算平台的狀態與完整性是必需的。為了驗證遠端運算平台完整性,可信賴運算集團(trusted computing group)提出了基於可信賴平台模組所設計的完整性回報系統(trusted platform module based integrity reporting scheme)。然而該方法卻無法抵抗偽裝攻擊(masquerading attack),除此之外,其他可以抵擋偽裝攻擊的一些現有方法卻會遭受金鑰洩漏攻擊(key disclosure attack)。另一類透過Secure Sockets Layer (SSL)或Transport Layer Security (TLS)來建立安全通道並鎖定身份的方法被使用來抵擋偽裝攻擊,但是該類方法卻嚴重缺乏對隱私性的保護。身份相關訊息的洩漏能使攻擊者輕易的進行社交工程攻擊。因此在本論文中,我們提出一個強化隱私保護並成功抵擋偽裝攻擊以及金鑰洩漏攻擊的完整性回報系統。同時,我們也透過對隱私性的保護,大幅降低攻擊者成功進行社交工程攻擊的可能性。;With the rapid development of information technology, many digital applications take place on heterogeneous platforms storing sensitive data, such as e-commerce, on-line banking, enterprise security, and digital rights management. Ensuring the configurations and system status of the computing platforms is crucial before carrying out the applications. The trusted computing group proposed a trusted platform module based integrity reporting scheme used for verifying the configurations of a remote computing platform. Unfortunately, such scheme is vulnerable to a masquerading attack and existing solutions addressing the masquerading attack however suffered from a key disclosure attack. Alternative identity-based approach had been suggested by employing a secure channel (e.g., the SSL and TLS) for defending the masquerading attack, but the approach however was short of privacy protection. The leakage of identity information may be subject to a social engineering attack. In this thesis, we propose an enhanced integrity reporting scheme with user privacy protection and is free from the masquerading and key disclosure attacks that previous studies are vulnerable to.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML237檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明