Responsive image
博碩士論文 etd-0830112-142803 詳細資訊
Title page for etd-0830112-142803
論文名稱
Title
高效率強匿名無線通訊認證機制
Efficient Strong Anonymous Authentication Scheme for Wireless Communications
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
73
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2012-07-13
繳交日期
Date of Submission
2012-08-30
關鍵字
Keywords
認證、無線網路、匿名性、群簽章、撤銷、安全漫遊
Authentication, Wireless Network, Anonymity, Group Signature, Revocation, Secure Roaming
統計
Statistics
本論文已被瀏覽 5666 次,被下載 267
The thesis/dissertation has been browsed 5666 times, has been downloaded 267 times.
中文摘要
隨著無線通訊技術的發展, 人們可以在不受到環境的限制下來取得通訊服務, 並搭
配著行動裝置的快速發展, 如智慧手機、平板電腦等設備, 使得無線網路的使用更
加的頻繁, 而網路漫遊服務的提供讓使用者能夠不受地域的限制存取服務。行動網
路中的漫遊認證協定及隱私保護一直是重要的議題, 使用者向漫遊業者進行通訊
時, 必須與伺服器做認證, 以確保使用者是向一個合法的伺服器取得服務, 而伺服
器也必須確認此使用者是由主機認證的合法使用者, 雙方才能進行安全的通訊服
務。此外, 一個安全漫遊協定須具備對使用者的匿名性, 當使用者要求服務時, 伺
服器無法分辨任意兩次的通訊是否為同一行動裝置所發出。目前所提出可對外地
伺服器匿名的認證協定對於使用者撤銷的檢查上需耗費大量計算時間, 使得伺服
器計算成本增加以至於無法施行於現有的環境中。本文中所提出的強匿名安全認
證協定, 利用兩階段認證方式, 在初始認證中, 本地伺服器參與認證並於認證成功
後發給具時效性的匿名憑證供快速認證使用, 外地端的伺服器中所儲存撤銷數量
可因此減少並且只需保存一段時間, 內需的撤銷清單對於伺服器在撤銷檢查上的
計算量也因此降低, 並可減少保存資料的空間, 最後, 本文也對提出的協定提供安
全證明與效率分析。
Abstract
Because of the popularity of wireless communication technologies, people can access
servers without the restriction of place and time. With the rapid development of
mobile devices, such as smart phones and iPads, the frequency of wireless networks
have increased. Roaming services ensure service provision without location constraints.
A secure roaming authentication protocol is critical for the security and
privacy of users when accessing services by roaming. It ensures the authenticity
of mobile users, and foreign and home servers. After authentication, the session
key for the mobile user and the foreign server is established for secure communication.
In addition, a secure roaming protocol may provide anonymity for mobile
users. When the mobile user requests a service, the server is unable to identify two
requests from the same user. For the current anonymous authentication protocols,
the foreign server must fulfill the revocation check by the computation linear to the
number of revoked users. It makes the protocol infeasible in practical environments.
This thesis proposes a strong anonymous authentication protocol, using two-stage
authentication, in which the home server is involved in the initial authentication
to eliminate the revocation list and issues a timely anonymous credential for subsequent
authentication after successful authentication. It reduces the computation
costs for the revocation check and minimizes the size of the revocation list. Finally,
this thesis also provides security proofs and comparisons of the proposed authentication
mechanism.
目次 Table of Contents
論文審定書 i
誌謝 iii
中文摘要 iv
英文摘要 v
1 Introduction 1
1.1 System and Security Requirements . . . . . . . . . . . . . . . . . . . 2
1.1.1 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2 Security Requirements . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Our Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Related Works 6
2.1 The Concept of He et al.’s Priauth Scheme . . . . . . . . . . . . . . . 6
2.1.1 The Definition of VLR-GS-BU . . . . . . . . . . . . . . . . . . 7
2.2 VLR-GS-BU Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 The Priauth Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Preliminaries 11
3.1 Verifier-Local Revocable Group Signatures (VLR-GS) . . . . . . . . . 11
3.1.1 The Definition of BS-VLR-GS . . . . . . . . . . . . . . . . . . 11
3.1.2 Security Definition . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1.3 Bilinear Map . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.4 Boneh-Shacham VLR-GS Scheme . . . . . . . . . . . . . . . . 15
3.2 Nakanishi et al.’s Group Signature Scheme . . . . . . . . . . . . . . . 17
3.2.1 The Definition of Nakanishi et al.’s GS . . . . . . . . . . . . . 17
3.2.2 Security Definition . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.3 Signatures of Knowledge . . . . . . . . . . . . . . . . . . . . . 21
3.2.4 Nakanishi et al.’s GS Scheme . . . . . . . . . . . . . . . . . . 23
3.3 Elliptic Curve Digital Signature Algorithm (ECDSA) . . . . . . . . . 25
3.3.1 The Definition of ECDSA . . . . . . . . . . . . . . . . . . . . 25
3.3.2 Security Definition . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Definition of Broadcast Encryption . . . . . . . . . . . . . . . . . . . 27
4 An Efficient Strong Anonymous Authentication Protocol 28
4.1 Setup Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.2 Registration Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
4.3 Initial Authentication Phase . . . . . . . . . . . . . . . . . . . . . . . 31
4.4 Subsequent Authentication Phase . . . . . . . . . . . . . . . . . . . . 34
5 Security Proofs and Analyses 37
5.1 Security Model and Definition . . . . . . . . . . . . . . . . . . . . . . 37
5.2 Security Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.2.1 The Security Proof for Initial Authentication . . . . . . . . . . 41
5.2.2 The Security Proof for Subsequent Authentication . . . . . . . 47
6 Analyses and Comparisons 53
6.1 Properties Comparisons . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.2 Performance Comparisons . . . . . . . . . . . . . . . . . . . . . . . . 54
7 Conclusion 57

參考文獻 References
[1] G. Ateniese, A. Herzberg, H. Krawczyk, and G. Tsudik,On traveling incognito,
Proc. IEEE Workshop Mobile Syst, Appl, Dec. 1994.
[2] F. Boudot, Efficient proofs that a committed number lies in an interval,
Proc.EUROCRYPT2000, LNCS 1807, pp.431-444, 2000.
[3] P. Bichsel, J. Camenisch, G. Neven, N. P. Smart, and B. Warinschi, Get Shorty
via Group Signatures without Encryption, Proc. SCN 2010, LNCS 6280, pp.
381-398, 2010.
[4] D. Boneh, C. Gentry, and B.Waters, Collusion Resistant Broadcast Encryption
With Short Ciphertexts and Private Keys, Proc. Crypto ’05, LNCS 3621, pp.
258-275, 2005.
[5] D. Chaum and E. Heyst, Group signatures, Proc. EUROCRYPT 91, pp. 257-
265, 1991.
[6] M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for
designing efficient protocols, Proc. First ACM Conf. Computer Commun. Se-
curity, pp. 62-73, 1993.
[7] M. Bellare and P. Rogaway, Entity authentication and key distribution, Proc.
CRYPTO, pp. 232-249, 1993.
[8] D. Boneh and H. Shacham, Group signatures with verifier-local revocation,
Proc. ACM Conf. Computer Commun. Security, pp. 168-177,2004.
[9] J. Camenisch and A. Lysyanskaya, A signature scheme with efficient protocols,
Proc. SCN 02, LNCS 2576, pp.268 289, 2002.
[10] J. Camenisch and M. Michels, Separability and efficiency for generic group
signature schemes, Proc. CRYPTO 99, LNCS 1666, pp.413-430, 1999.
[11] I. Damgard and E. Fujisaki,A statistically-hiding integer commitment scheme
based on groups with hidden order, Proc. ASIACRYPT2002, LNCS 2501, pp.125-142, 2002.
[12] A. Fiat and A. Shamir,How to prove yourself: Practical solutions to identification
and signature problems, Proc. CRYPTO 86, LNCS 263, pp.186-194,1987.
[13] S. Goldwasser and S. Micali, Probabilistic encryption, Proc. J. Comput.Syst.
Sci., vol. 28, no. 2, pp. 270-299, 1984.
[14] K. F. Hwang and C. C. Chang,A self-encryption mechanism for authentication
of roaming and teleconference services, Proc. IEEE Trans. Wireless Communi-
cation, vol. 2, no. 2, pp. 400-407, Mar. 2003.
[15] D. He, C. Chen, S. Chan and J. Bu, Strong roaming authentication technique for
wireless and mobile networks, Proc. International Journal of Communication
System, 4 Jan. 2012.
[16] D. He, J. Bu, S. Chan, C. Chen, and M. Yin, Privacy-Preserving Universal
Authentication Protocol for Wireless Communications, Proc. IEEE Trans. on
Wireless Communications, vol. 10, no. 2, Feb. 2011.
[17] D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, A strong user authentication
scheme with smart cards for wireless communications, proc. Computer Com-
mun., 2010.
[18] T. Nakanishi and N. Funabiki, Verifer-local revocation group signature schemes
with backward unlinkability from bilinear maps, Proc. ASIACRYPT 05, LNCS,
vol. 3788, pp. 533-548, 2005.
[19] T. Nakanishi, F. Kubooka, N. Hamada, and N. Funabiki, Group Signature
Schemes with Membership Revocation for Large Groups, Proc. ACISP 2005,
LNCS 3574, pp. 443-454, 2005.
[20] T. Nakanishi and Y. Sugiyama, A group signature scheme with efficient membership
revocation for reasonable groups, Proc. ACISP2004, LNCS 3108,
pp.336 347,2004.
[21] G. Yang, Q. Huang, D. S. Wong, and X. Deng,Universal authentication protocols
for anonymous wireless Communications, proc. IEEE Trans.Wireless Commun., vol. 9, no. 1, pp. 168-174, 2010.
[22] G. Yang, D. S. Wong, and X. Deng, Formal security definition and efficient
construction for roaming with a privacy-preserving extension, Proc. J. Universal
Comput. Sci, vol. 14, no. 3, pp. 441-462, 2008.
[23] G. Yang, D. S. Wong, and X. Deng, Anonymous and authenticated key exchange
for roaming networks, proc. IEEE Trans. Wireless Communication,
vol.6, no. 9, pp. 3461-3472, 2007.
[24] M. Zhang and Y. Fang, Security analysis and enhancements of 3GPP authentication
and key agreement protocol, Proc. IEEE Trans. Wireless Communica-
tion, vol. 4, no. 2, pp. 734-742, 2005.
[25] ANSI X9.62,Public Key Cryptography for the Financial Services Industry: The
Elliptic Curve Digital Signature Algorithm (ECDSA), 1999.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code