適用於多種設備的可否認鑑別協定之設計;Design of Deniable Authentication Protocols for Multiple Device Types

NCU Institutional Repository > 管理學院 > 資訊管理研究所 > 博碩士論文 > Item 987654321/58576

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/58576

题名:	適用於多種設備的可否認鑑別協定之設計;Design of Deniable Authentication Protocols for Multiple Device Types
作者:	莊友豪;Chuang,Yu-hao
贡献者:	資訊管理學系
关键词:	可否認的身分鑑別;信任;使用意圖;實驗設計法;橢圓曲線;離散對數;自我驗證公開金鑰系統;行動裝置;公開金鑰基礎建設;隱私權;社交網路;deniable authentication protocol;trust;user intention;experimental design;elliptic curve cryptography;discrete logarithm problem;self-certified public key system;mobile device;public key infrastructure;privacy;social network services
日期:	2012-11-23
上传时间:	2012-12-25 13:38:32 (UTC+8)
出版者:	國立中央大學
摘要:	隨著資訊科技不斷進步，網路應用之快速發展下，個人隱私權的安全防護儼然成為在開放式的網路通訊媒介下必須思考且重視的議題。傳統的終端使用者與主機的身分鑑別機制已不符現今安全的需求，無法確保使用者在身分鑑別的過程中，個人私密資料不會外洩，或被惡意的服務終端管理者盜用做為額外商業用途。因此，本論文將提出安全且具可否認的身分鑑別協定機制，使其達到：1. 使用者可以向特定驗證者提出身分證明的正確性、合法性。2. 驗證者無法將使用者的身分資料向第三者提出證明，即使提出相關證明文件，第三者仍不會相信。同時為了滿足現今的公開金鑰基礎建設環境，本論文提出下列二種可否認的身分鑑別協定機制：1) 植基於解離散對數的可否認鑑別協定，此協定能與目前實務上多數的溝通協定相結合，降低建置成本；2) 植基於橢圓曲線計算的可否認鑑別協定，此協定僅需較低的計算量，適合資源有限的行動裝置設備。公開金鑰基礎建設環境下，使用者持有的公開金鑰須透過憑證中心所發行的憑證驗證其正確性、合法性。為了克服此缺點，本論文進一步提出自我驗證公開金鑰系統下的可否認身分鑑別協定機制，藉由自我驗證公開金鑰系統演算法，使用者不需再額外的憑證來驗證公開金鑰的正確性、合法性，以節省計算與傳送成本；同時，自我驗證公開金鑰系統相對於公開金鑰系統，更能提供較佳的安全防護。因此，本論文根據自我驗證公開金鑰系統的架構提出二種可否認身分鑑別協定機制，分別是：1) 植基於解離散對數的可否認鑑別協定；2) 植基於橢圓曲線計算的可否認鑑別協定。本論文提出的四種可否認身分鑑別協定機制，皆能滿足以下安全需求：1) 身分鑑別；2) 可否認性。同時，本論文提出的可否認身分鑑別協定皆為非交互溝通機制，與先前研究學者提出的方法比較，具有較佳的執行效率。實務方面，本論文透過實驗設計法對社交網路使用者的行為意圖進行分析，結果顯示安全、可靠的使用者身分登入鑑別機制會增進使用者對於網站的信任度，進而正面影響使用者的使用意圖。因此本論文將提出的可否認鑑別協定應用於社交網路服務架構，藉由提供更安全、可靠的使用者身分登入鑑別機制，使社交網路服務使用者的隱私權獲得更完善的防護，進而增進使用者的使用意圖。Since the information technology continues to grow and the network applications are getting popular, protecting the privacy of Internet users on the open network becomes a necessary concern. The traditional authentication protocol is not suitable for the requirements of internet security nowadays. That is, it cannot assure that the private information not be revealed during the authentication operation, or be used by malicious terminal service managers for their personal gain in some other business opportunities. Hence, in this dissertation, we propose secure and deniable authentication protocols to fulfill the following security requirements.1. Each user can prove his/her legitimacy to the designated verifier.2. The designated verifier cannot prove the identity of the user to the third party even though the verifier provides the testimonials. In the dissertation, we first propose two types of deniable authentication protocols to satisfy the security requirements of the current public key infrastructure (PKI). The first is based on discrete logarithm problem (DLP), which is suitable to be integrated with the most current communication protocols and the advantage of setting costs reduction; the second is based on elliptic curve cryptography (ECC), which is suitable for the mobile devices since it only needs limited computation resources. However, in PKI, all public keys for users need the certificates to be issued from the certification authority (CA) to assure the validity and legitimacy of the public keys. To overcome this complexity, we further propose another variant of the deniable authentication protocol based on self-certified public key systems. In such a protocol, it needs no extra certificates to validate the validity and legitimacy of public keys so that to reduce computational complexities and communicational costs. In addition, such self-certified-based protocols can provide superior security protections than certificated-based protocols in PKI. Accordingly, two types of deniable authentication protocols with self-certified public key systems are proposed: DLP-based deniable authentication protocol and ECC-based deniable authentication protocol. All proposed deniable authentication protocols can not only satisfy the security requirements of user authentication and deniability, but also achieve performance efficiency since they are non-interactive. In practice, using a randomized control group pretest-posttest experimental design, we analyze the user’s behavior in social network services (SNSs). Our tests demonstrate that high security and reliability mechanisms of user’s authentication during logging on online systems will enhance the trust of user toward using the website which positively impact the user’s intention of using the website. In this dissertation, we apply the proposed deniable authentication protocols in SNSs to provide high security and reliability requirements of user’s authentication during logging on online systems. With that, the user who can obtain individual privacy protections impeccably when he logins the systems of SNSs and further enhance his intention toward using the social websites.
显示于类别:	[資訊管理研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	802	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....