| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 蘇奕彰 | zh_TW |
| DC.creator | Yi-Zhang Su | en_US |
| dc.date.accessioned | 2017-7-25T07:39:07Z | |
| dc.date.available | 2017-7-25T07:39:07Z | |
| dc.date.issued | 2017 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=103522120 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 隨著科技的快速發展,諸如電子商務與數位版權管理等系統皆被應用在各式各樣存有敏感性資料的儲存平台上,因此在進行交易或使用應用程式前,先行確保運算平台的狀態與完整性是必需的。為了驗證遠端運算平台完整性,可信賴運算集團(trusted computing group)提出了基於可信賴平台模組所設計的完整性回報系統(trusted platform module based integrity reporting scheme)。然而該方法卻無法抵抗偽裝攻擊(masquerading attack),除此之外,其他可以抵擋偽裝攻擊的一些現有方法卻會遭受金鑰洩漏攻擊(key disclosure attack)。另一類透過Secure Sockets Layer (SSL)或Transport Layer Security (TLS)來建立安全通道並鎖定身份的方法被使用來抵擋偽裝攻擊,但是該類方法卻嚴重缺乏對隱私性的保護。身份相關訊息的洩漏能使攻擊者輕易的進行社交工程攻擊。因此在本論文中,我們提出一個強化隱私保護並成功抵擋偽裝攻擊以及金鑰洩漏攻擊的完整性回報系統。同時,我們也透過對隱私性的保護,大幅降低攻擊者成功進行社交工程攻擊的可能性。 | zh_TW |
| dc.description.abstract | With the rapid development of information technology, many digital applications take place on heterogeneous platforms storing sensitive data, such as e-commerce, on-line banking, enterprise security, and digital rights management. Ensuring the configurations and system status of the computing platforms is crucial before carrying out the applications. The trusted computing group proposed a trusted platform module based integrity reporting scheme used for verifying the configurations of a remote computing platform. Unfortunately, such scheme is vulnerable to a masquerading attack and existing solutions addressing the masquerading attack however suffered from a key disclosure attack. Alternative identity-based approach had been suggested by employing a secure channel (e.g., the SSL and TLS) for defending the masquerading attack, but the approach however was short of privacy protection. The leakage of identity information may be subject to a social engineering attack. In this thesis, we propose an enhanced integrity reporting scheme with user privacy protection and is free from the masquerading and key disclosure attacks that previous studies are vulnerable to. | en_US |
| DC.subject | 完整性回報 | zh_TW |
| DC.subject | 隱私性 | zh_TW |
| DC.subject | 偽裝攻擊 | zh_TW |
| DC.subject | 可信賴平台模組 | zh_TW |
| DC.subject | 遠端驗證 | zh_TW |
| DC.subject | Integrity reporting | en_US |
| DC.subject | Privacy | en_US |
| DC.subject | Masquerading attack | en_US |
| DC.subject | Trusted Platform Module | en_US |
| DC.subject | Remote Attestation | en_US |
| DC.title | 強化隱私保護之系統完整性回報系統 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | Privacy Enhanced Integrity Reporting Scheme | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |