論文使用權限 Thesis access permission:校內外都一年後公開 withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
論文名稱 Title |
IEEE802.11無線區域網路下具生物特徵隱私保護之擴展認證協定方法 An EAP Method with Biometrics Privacy Preserving in IEEE 802.11 Wireless LANs |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
57 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2009-07-07 |
繳交日期 Date of Submission |
2009-08-15 |
關鍵字 Keywords |
無線區域網路、認證機制、擴展認證協定、低計算成本、前推私密性、通行碼、生物特徵 Extensible Authentication Protocol (EAP), Lightweight Computation, Wireless Local Area Networks (WLANs), Three-Factor Authentication, Forward Secrecy |
||
統計 Statistics |
本論文已被瀏覽 5660 次,被下載 1858 次 The thesis/dissertation has been browsed 5660 times, has been downloaded 1858 times. |
中文摘要 |
當使用者想要在無線區域網路上取得服務,採取認證機制是必要的,擴展認證協定是 廣泛用在無線區域網路的一個認證架構,建立在擴展認證協定上的認證機制就叫做擴 展認證協定方法,在無線區域網路上的擴展認證協定方法之需求定義在RFC4017上, 此外,沒定義在RFC4017 上之需求如:低計算成本和前推私密性,在無線區域網路上 的認證也是相當重要的,然而到目前為止,所有為無線區域網路所設計的擴展認證協 定方法和認證協定都沒有達到上述的需求,因此我們提出了一個擴展認證協定方法, 利用三因子,儲存的秘密、通行碼和生物特徵來驗證使用者,我們所提出的方法完全 滿足RFC4017的需求、前推私密性和低運算量特性,此外,我們也對生物特徵的隱私 進行保護,使得認證伺服器並不知道使用者的生物特徵,另外,認證伺服器可以彈性 的決定是否通行碼和生物特徵在每個回合被認證。 |
Abstract |
It is necessary to authenticate users when they want to access services in WLANs. Extensible Authentication Protocol (EAP) is an authentication framework widely used in WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLAN authentication have been defined in RFC 4017. Besides, low computation cost and forward secrecy, excluded in RFC 4017, are noticeable requirements in WLAN authentication. However, all EAP methods and authentication schemes designed for WLANs so far do not satisfy all of the above requirements. Therefore, we will propose an EAP method which utilizes three factors, stored secrets, passwords, and biometrics, to verify users. Our proposed method fully satisfies 1) the requirements of RFC 4017, 2) forward secrecy, and 3) lightweight computation. Moreover, the privacy of biometrics is protected against the authentication server, and the server can flexibly decide whether passwords and biometrics are verified in each round or not. |
目次 Table of Contents |
List of Tables iii List of Figures iv Acknowledgments v Chapter 1 Introduction 1 Chapter 2 Related Works 4 2.1 Park-Park Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Juang-Wu Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1 The First Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.2 The Second Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3 Yoon-Yoo Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.4 Introduction to the Three-Factor Authentication . . . . . . . . . . . . . . . . 12 Chapter 3 IEEE 802.11, 802.1x and EAP 14 3.1 The IEEE 802.11 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1.1 802.11 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . 16 3.2 The IEEE 802.1X Standard . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.1 The IEEE 802.1x Framework . . . . . . . . . . . . . . . . . . . . . 17 3.3 Extensible Authentication Protocol . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.1 Legacy EAP Methods . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.2 Certificate-Based EAP Methods . . . . . . . . . . . . . . . . . . . . 21 3.3.3 Password-Based EAP Methods . . . . . . . . . . . . . . . . . . . . . 23 3.3.4 Strong Password-Based EAP Methods . . . . . . . . . . . . . . . . 24 Chapter 4 EAP Method Requirements for Wireless LANs 25 Chapter 5 The Goals of Our Proposed EAP Method 28 Chapter 6 The Proposed EAP Method 30 6.1 Authentication Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . 30 6.2 Fast Reconnect Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Chapter 7 Security Analysis and Discussions 35 Chapter 8 Comparisons 40 Chapter 9 Conclusions 45 |
參考文獻 References |
[1] C.I. Fan, Y.H. Lin and R.H. Hsu, ”Remote password authentication scheme with smart cards and biometrics,” IEEE Telecommunications Conference, 2006 [2] C.H. Lin and Y.Y. Lai, ”A flexible biometrics remote user authentication Scheme, ”Computer Standards & Interfaces, Vol. 27, No. 1, pp. 19-23, 2004. [3] E. J. Yoon and K. Y. Yoo, ”An Optimized Two Factor Authenticated Key Exchange Protocol in PWLANs,” ICCS 2006, Part II, LNCS 3992, pp. 1000-1007, 2006. [4] F. Hao, R. Anderson, and J. Daugman, ”Combining Crypto with Biometrics Effectively,” IEEE Transactions on Computers, Vol 55, No. 1, pp. 1081-1088, 2006 [5] J. C. Chen, M. C. Jiang, and Y. W. Liu, ”Wireless LAN Security and IEEE 802.11i,” IEEE Wireless Communications, vol. 12, pp. 27-36, 2005 [6] J. Chen and Y. Wang, ”Extensible authentication protocol (EAP) and IEEE 802.1x tutorial and empirical experience,” IEEE Communications Magazine, vol. 43, no. 12, pp. 26-32, 2005 [7] W. S. Juang, and J. L. Wu, ”Two efficient two-factor authenticated key exchange protocols in public wireless LANs,” Computers and Electrical Engineering, pp. 33-40, 2009. [8] Y. Lee and T. Kwon, ”An Improved Fingerprint-Based Remote User Authentication Scheme Using Smart Cards,” ICCSA 2006, Lecture Notes in Computer Science, Vol. 3981, pp. 915-922, 2006. [9] Y. M. Park and S. K. Park, ”Two factor authenticated key exchange (TAKE) protocol in public wireless LANs,” IEICE Transaction on Communication, vol. E87-B, no. 5, pp. 1382-1385, 2004. [10] ANSI/IEEE Standard 802.11, ”Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” December 1999 [11] IEEE Standard 802.1X-2001, ”Port-Based Network Access Control,” June 2001 [12] B. Adoba, L. Blunk, J. Vollbrecht, J. Carlson, and E. Levkowetz, ” Extensible Authentication Protocol (EAP),” RFC 3748, June 2004. [13] B. Adoba, D. Simon, and R. Hurst, ”The EAP-TLS Authentication Protocol,” RFC 5216, March 2008. [14] D. Stanley, J.Walker, and B. Aboba, ”Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs,” RFC 4017, March 2005. [15] E. Rescorla, ”Diffie-Hellman Key Agreement Method,” RFC 2631, June 1999. [16] N. Cam-Winget, D. McGrew, J. Salowey, and H. Zhou, ”The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST),” RFC 4851, May 2007. [17] P. Congdon, B. Aboba, A. Smith, G. Zorn, and J. Roese, ”IEEE 802.1X Remote Authentication Dial In User Service (RADIUS),” RFC 3580, September 2003. [18] T. Dierks and C. Allen, ”The TLS Protocol Version 1.0,” RFC 2246, January 1999. [19] W. Simpson, ”PPP Challenge Handshake Authentication Protocol (CHAP),” RFC 1994, August 1996. [20] D. Jablon: draft-jablon-speke-02.txt, ”The SPEKE Password-Based Key Agreement Methods,” IETF Draft, October 2003. [21] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Parlekar: draft-josefsson-pppexteap- tls-eap-04.txt, ”Protected EAP Protocol (PEAP),” IETF Draft, September 2002. [22] P. Funk and B. W. Simon: draft-funk-eap-ttls-v0-00.txt, ”EAP Tunneled TLS Authentication Protocol Version 0 (EAP-TTLSv0),” IETF Draft, February 2005. [23] Matthew Gast, 802.11 Wireless Network: The Definitive Guide, O’REILLY, 2002 [24] Cisco SAFE, ”WLAN security in Depth,” available at http://www.cisco.com/warp /public/cc/so/cuso/epso/sqfr/safwl wp.pdf [25] Dictionary Attack on Cisco LEAP available at http://www.cisco.com/warp/public /707/cisco-sn-20030802-leap.shtml [26] IEC On-Line Education, ”EAP Methods for 802.11 Wireless LAN Security,” available at http://www.iec.org/online/tutorials/eap methods/index.asp |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內外都一年後公開 withheld 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus: 已公開 available |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |