Responsive image
博碩士論文 etd-0815109-160229 詳細資訊
Title page for etd-0815109-160229
論文名稱
Title
IEEE802.11無線區域網路下具生物特徵隱私保護之擴展認證協定方法
An EAP Method with Biometrics Privacy Preserving in IEEE 802.11 Wireless LANs
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
57
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2009-07-07
繳交日期
Date of Submission
2009-08-15
關鍵字
Keywords
無線區域網路、認證機制、擴展認證協定、低計算成本、前推私密性、通行碼、生物特徵
Extensible Authentication Protocol (EAP), Lightweight Computation, Wireless Local Area Networks (WLANs), Three-Factor Authentication, Forward Secrecy
統計
Statistics
本論文已被瀏覽 5660 次,被下載 1858
The thesis/dissertation has been browsed 5660 times, has been downloaded 1858 times.
中文摘要
當使用者想要在無線區域網路上取得服務,採取認證機制是必要的,擴展認證協定是
廣泛用在無線區域網路的一個認證架構,建立在擴展認證協定上的認證機制就叫做擴
展認證協定方法,在無線區域網路上的擴展認證協定方法之需求定義在RFC4017上,
此外,沒定義在RFC4017 上之需求如:低計算成本和前推私密性,在無線區域網路上
的認證也是相當重要的,然而到目前為止,所有為無線區域網路所設計的擴展認證協
定方法和認證協定都沒有達到上述的需求,因此我們提出了一個擴展認證協定方法,
利用三因子,儲存的秘密、通行碼和生物特徵來驗證使用者,我們所提出的方法完全
滿足RFC4017的需求、前推私密性和低運算量特性,此外,我們也對生物特徵的隱私
進行保護,使得認證伺服器並不知道使用者的生物特徵,另外,認證伺服器可以彈性
的決定是否通行碼和生物特徵在每個回合被認證。
Abstract
It is necessary to authenticate users when they want to access services in WLANs. Extensible
Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication
mechanisms built on EAP are called EAP methods. The requirements for EAP
methods in WLAN authentication have been defined in RFC 4017. Besides, low computation
cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication.
However, all EAP methods and authentication schemes designed for WLANs so
far do not satisfy all of the above requirements. Therefore, we will propose an EAP method
which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our
proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and
3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication
server, and the server can flexibly decide whether passwords and biometrics are
verified in each round or not.
目次 Table of Contents
List of Tables iii
List of Figures iv
Acknowledgments v
Chapter 1 Introduction 1
Chapter 2 Related Works 4
2.1 Park-Park Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Juang-Wu Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 The First Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2 The Second Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Yoon-Yoo Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4 Introduction to the Three-Factor Authentication . . . . . . . . . . . . . . . . 12
Chapter 3 IEEE 802.11, 802.1x and EAP 14
3.1 The IEEE 802.11 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.1 802.11 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . 16
3.2 The IEEE 802.1X Standard . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.1 The IEEE 802.1x Framework . . . . . . . . . . . . . . . . . . . . . 17
3.3 Extensible Authentication Protocol . . . . . . . . . . . . . . . . . . . . . . . 20
3.3.1 Legacy EAP Methods . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.3.2 Certificate-Based EAP Methods . . . . . . . . . . . . . . . . . . . . 21
3.3.3 Password-Based EAP Methods . . . . . . . . . . . . . . . . . . . . . 23
3.3.4 Strong Password-Based EAP Methods . . . . . . . . . . . . . . . . 24
Chapter 4 EAP Method Requirements for Wireless LANs 25
Chapter 5 The Goals of Our Proposed EAP Method 28
Chapter 6 The Proposed EAP Method 30
6.1 Authentication Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.2 Fast Reconnect Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 7 Security Analysis and Discussions 35
Chapter 8 Comparisons 40
Chapter 9 Conclusions 45
參考文獻 References
[1] C.I. Fan, Y.H. Lin and R.H. Hsu, ”Remote password authentication scheme with smart
cards and biometrics,” IEEE Telecommunications Conference, 2006
[2] C.H. Lin and Y.Y. Lai, ”A flexible biometrics remote user authentication Scheme, ”Computer
Standards & Interfaces, Vol. 27, No. 1, pp. 19-23, 2004.
[3] E. J. Yoon and K. Y. Yoo, ”An Optimized Two Factor Authenticated Key Exchange
Protocol in PWLANs,” ICCS 2006, Part II, LNCS 3992, pp. 1000-1007, 2006.
[4] F. Hao, R. Anderson, and J. Daugman, ”Combining Crypto with Biometrics Effectively,”
IEEE Transactions on Computers, Vol 55, No. 1, pp. 1081-1088, 2006
[5] J. C. Chen, M. C. Jiang, and Y. W. Liu, ”Wireless LAN Security and IEEE 802.11i,”
IEEE Wireless Communications, vol. 12, pp. 27-36, 2005
[6] J. Chen and Y. Wang, ”Extensible authentication protocol (EAP) and IEEE 802.1x tutorial
and empirical experience,” IEEE Communications Magazine, vol. 43, no. 12, pp.
26-32, 2005
[7] W. S. Juang, and J. L. Wu, ”Two efficient two-factor authenticated key exchange protocols
in public wireless LANs,” Computers and Electrical Engineering, pp. 33-40, 2009.
[8] Y. Lee and T. Kwon, ”An Improved Fingerprint-Based Remote User Authentication
Scheme Using Smart Cards,” ICCSA 2006, Lecture Notes in Computer Science, Vol.
3981, pp. 915-922, 2006.
[9] Y. M. Park and S. K. Park, ”Two factor authenticated key exchange (TAKE) protocol in
public wireless LANs,” IEICE Transaction on Communication, vol. E87-B, no. 5, pp.
1382-1385, 2004.
[10] ANSI/IEEE Standard 802.11, ”Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications,” December 1999
[11] IEEE Standard 802.1X-2001, ”Port-Based Network Access Control,” June 2001
[12] B. Adoba, L. Blunk, J. Vollbrecht, J. Carlson, and E. Levkowetz, ” Extensible Authentication
Protocol (EAP),” RFC 3748, June 2004.
[13] B. Adoba, D. Simon, and R. Hurst, ”The EAP-TLS Authentication Protocol,” RFC 5216,
March 2008.
[14] D. Stanley, J.Walker, and B. Aboba, ”Extensible Authentication Protocol (EAP) Method
Requirements for Wireless LANs,” RFC 4017, March 2005.
[15] E. Rescorla, ”Diffie-Hellman Key Agreement Method,” RFC 2631, June 1999.
[16] N. Cam-Winget, D. McGrew, J. Salowey, and H. Zhou, ”The Flexible Authentication
via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST),” RFC
4851, May 2007.
[17] P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese, ”IEEE 802.1X Remote Authentication
Dial In User Service (RADIUS),” RFC 3580, September 2003.
[18] T. Dierks and C. Allen, ”The TLS Protocol Version 1.0,” RFC 2246, January 1999.
[19] W. Simpson, ”PPP Challenge Handshake Authentication Protocol (CHAP),” RFC 1994,
August 1996.
[20] D. Jablon: draft-jablon-speke-02.txt, ”The SPEKE Password-Based Key Agreement
Methods,” IETF Draft, October 2003.
[21] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Parlekar: draft-josefsson-pppexteap-
tls-eap-04.txt, ”Protected EAP Protocol (PEAP),” IETF Draft, September 2002.
[22] P. Funk and B. W. Simon: draft-funk-eap-ttls-v0-00.txt, ”EAP Tunneled TLS Authentication
Protocol Version 0 (EAP-TTLSv0),” IETF Draft, February 2005.
[23] Matthew Gast, 802.11 Wireless Network: The Definitive Guide, O’REILLY, 2002
[24] Cisco SAFE, ”WLAN security in Depth,” available at http://www.cisco.com/warp
/public/cc/so/cuso/epso/sqfr/safwl wp.pdf
[25] Dictionary Attack on Cisco LEAP available at http://www.cisco.com/warp/public
/707/cisco-sn-20030802-leap.shtml
[26] IEC On-Line Education, ”EAP Methods for 802.11 Wireless LAN Security,” available
at http://www.iec.org/online/tutorials/eap methods/index.asp
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內外都一年後公開 withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code