| 摘要: | 無論是有線或是無線網路,隱密性和安全性愈來愈受到重視。有線的通訊環境,不但線路架設費時昂貴外,更限制使用者接受服務時的行動;反觀,在無線通訊環境,人們可以隨時隨地、方便迅速地接受服務。對於資料傳送時的隱密性和安全性,通常我們都是利用加解密演算法來達成。然而,如果加解密演算法被犯罪者濫用,進而隱藏犯罪過程,如此一來,必定違害社會安全。 近年來,無線通訊市場的快速發展,提供更多的電信加值服務及應用,WAP (無線應用協定) 提供手機能夠隨時隨地查閱最即時的訊息,如:新聞報導、股市行情、行動銀行、電子商務、瀏覽網際網路等最新的資料。雖然可以利用加解密演算法的輔助,保護傳送時的訊息,但是,以手機的運算能力和電力,卻不適合使用複雜運算的公開金鑰演算法,只能使用對稱金鑰演算法完成資料的隱密和安全。 在本篇論文,我們提出新的、且適用於數位通訊系統的加解密演算法,這個演算法,不但能夠兼顧資料傳送時的隱密性和安全性之外,更能在可能危及社會安全時,對可疑通訊進行合法監聽。考量手機本身不足的電力和運算能力,我們決定改良對稱金鑰演算法,來達成點對點的安全傳輸和不可否認性的服務,不可否認性服務,在以前的對稱金鑰算法是不可能達成的,但在我們改進的演算法中,我們提供了如同公開金鑰演算法才能完成的不可否認性服務。不同於公開金鑰演算法,我們改進的對稱金鑰演算法,是當通訊發生可疑或是對訊息內容有所爭議時,才由公正第三者做評斷。 要完成點對點的安全傳輸及不可否認性,我們把會議金鑰之構成要素分給幾個可信賴的金鑰託管機構,在通訊可疑或有爭議時,在政府法院許可之下,調查單位便可以和金鑰託管機構,對發生爭議的通訊對合法的監聽。 我們提出的演算法,不但加強了第二代行動通訊系統的安全程度,更能提供原有系統所缺乏的點對點安全傳輸和不可否認性服務。雖然使用我們的演算法,卻不會佔用系統太多的頻寬,也不會增加太多傳輸時的延遲時間。 No matter wired or wireless network, confidentiality and privacy become more and more momentous. Wired communications, expensive to establish restrict end user to one particular service locale. On the contrary, wireless communications allow people connecting quickly and conveniently. The essential of most security methods is encryption. Encryption can be used to provide message privacy and integrity. However, if encryption is strong enough and becomes readily available in communications equipment, once manipulated by rascals or criminals, public safety could be seriously risked. With the growth of the wireless market, value-added services and applications are increasing rapidly. WAP (Wireless Application Protocol) provides a platform to access real-time information including news reports, stock fluctuation, mobile bank, E-Commerce and browse Internet any time, anywhere. For current device with lower power and finite computing capability, it is not suitable to encrypt transmission message using public-key encryption algorithm. In the thesis, we propose a new protocol for digital mobile communications. This protocol permits users to hold a secure conference and ensures public safety. Considering the limited computing capability of mobile phone device, we improve traditional symmetric key encryption algorithm to achieve end-to-end security and non-repudiation for each individual communication connection. Different from public-key encryption algorithm, non-repudiation of our proposed symmetric key encryption algorithm is arbitrated once the communication is disputed or doubted to endanger public safely. To achieve end-to-end security and non-repudiation service, we will distribute ‘Session Key Components’ to several believable organizations, called KETO (Key Escrow Trust Organization). As long as one particular communication transmission is doubted to endanger or dispute with public safety, the CS (Count System) will consult with KETOs to recover session key after the government agreement. Our new security protocol of the thesis not only enhances the second-generation wireless communication, but also provides end-to-end confidentiality and non-repudiation service. Although ‘Sharing Session Key Component’ algorithm is used in the wireless communication, the required bandwidth is much lower than the GSM capacity, and signaling message transaction delay time increases only one RDT (Radio Delay Time), in addition to original ADT (Authentication Delay Time) of GSM. |
