這篇碩士論文介紹了一種在網路環境中切換認證的新方法，解決了與多個 交換機配置相關的挑戰。所提出的連續認證流程無縫地整合到 TCP 握手 中，利用公私鑰加密和基於挑戰的認證方法。這種新穎的解決方案旨在提 高傳統一對一認證方法的性能，無論是在效率還是安全性方面。
通過與基於相同認證機制的一對一解決方案進行比較分析，研究展示 了所提出的認證流程實現的效率增益。結果顯示，由於連接延遲的減少， 認證時間顯著減少。公私鑰加密的引入增強了安全性，確保防範未經授權 的訪問和交換機欺騙企圖。
這篇碩士論文通過提出一個在多個交換機環境中平衡性能和安全性考 慮的全面認證框架，為該領域做出了貢獻。研究結果不僅強調了所提出解 決方案的可行性和效果，還為在不斷演變的網絡環境中防範新興網絡安全 威脅奠定了基礎。

This master’s thesis introduces a new approach to switch authentication within a network environment, addressing the challenges associated with multiple switch configurations. The proposed continuous authentication process is seamlessly integrated into the TCP handshake, leveraging public- private key encryption and challenge-based authentication methodologies. This novel solution aims to improve performance of traditional one-to-one authentication methods, both in terms of efficiency and security.
The research demonstrates the efficiency gains achieved by the pro- posed authentication process through a comparative analysis with one-to- one solution based on the same authentication mechanism. The results re- veal a significant reduction in authentication time, thanks to link latency reduction. The incorporation of public-private key encryption enhances the security, ensuring protection against unauthorized access and switch spoofing attempts.
This master’s thesis contributes to the field by presenting a comprehensive authentication framework that balances performance and security considerations in the context of multiple switches. The findings not only underscore the feasibility and effectiveness of the proposed solution but also lay the groundwork for advancements in securing networked environments against evolving cybersecurity threats.

[1] miniOrange, “Zero Trust Security Model.” https://www.miniorange.com/blog/ zero-trust-security-model/. [Online; accessed Jan 30, 2024].
[2] JavaTpoint, “Software Defined Networking (SDN): Benefits and Chal-
lenges of Network Virtualization.” https://www.javatpoint.com/ software-defined-networking-sdn-benefits-and-challenges-of-network-virtualization, 2011–2021. [Online; accessed Jan 30, 2024].
[3] GeeksforGeeks, “Tcp 3-way handshake process.” https://www.geeksforgeeks.org/ tcp-3-way-handshake-process/, 2017. [Online; Accessed Nov 14, 2023].
[4] Cisco, “Achieving security resilience,” Security Outcomes Report Cisco, vol. 3, p. 5, 2022.
[5] M. Graham, “New internet research shows 30,000 spoofing attacks per day.” https://www.dell.com/en-us/perspectives/ new-internet-research-shows-30000-spoofing-attacks-per-day/, 2018. [Online; Accessed Nov 2, 2023].
[6] Wikipedia contributors, “Zero trust security model — Wikipedia, the free encyclopedia,” 2024. [Online; accessed Nov 3, 2023].
[7] M. Buckbee, “What is zero trust? architecture and security guide.” https://www.varonis.com/ blog/what-is-zero-trust, 2023. [Online; Accessed Nov 14, 2023].
[8] X. Yan and H. Wang, Survey on Zero-Trust Network Security, pp. 50–60. 09 2020.
[9] M. Shore, S. Zeadally, and A. Keshariya, “Zero trust: The what, how, why, and when,” Computer,
vol. 54, no. 11, pp. 26–35, 2021.
[10] I. Ahmed, T. Nahar, S. S. Urmi, and K. A. Taher, “Protection of sensitive data in zero trust model,” in Proceedings of the International Conference on Computing Advancements, ICCA 2020, (New York, NY, USA), Association for Computing Machinery, 2020.
[11] F. Al-Naji and R. Zagrouba, “A survey on continuous authentication methods in internet of things environment,” Computer Communications, vol. 163, pp. 109–133, 09 2020.
[12] I. Matiushin and V. Korkhov, “Continuous authentication methods for zero-trust cybersecurity architecture,” in Computational Science and Its Applications – ICCSA 2023 Workshops (O. Gervasi, B. Murgante, A. M. A. C. Rocha, C. Garau, F. Scorza, Y. Karaca, and C. M. Torre, eds.), (Cham), pp. 334–351, Springer Nature Switzerland, 2023.
[13] Y. He, D. Huang, L. Chen, Y. Ni, and X. Ma, “A survey on zero trust architecture: Challenges and future trends,” Wireless Communications and Mobile Computing, vol. 2022, p. 3, 06 2022.
[14] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust architecture,” 02 2020.
[15] S. W. Shah, N. F. Syed, A. Shaghaghi, A. Anwar, Z. Baig, and R. Doss, “Lcda: Lightweight continuous device-to-device authentication for a zero trust architecture (zta),” Computers Security, vol. 108, p. 102351, 2021.
[16] S. W. Shah and S. S. Kanhere, “Recent trends in user authentication –a survey,” IEEE Access, vol. 7, pp. 112505–112519, 2019.
[17] ManageEngine OpUtils, “What is switch spoofing and how to prevent it.” https://www. manageengine.com/products/oputils/tech-topics/switch-spoofing.html, 2023. [Online; accessed Nov 1, 2023].
[18] K. Nisar, E. R. Jimson, M. H. A. Hijazi, I. Welch, R. Hassan, A. H. M. Aman, A. H. Sodhro, S. Pirbhulal, and S. Khan, “A survey on the architecture, application, and security of software defined networking: Challenges and open issues,” Internet of Things, vol. 12, p. 100289, 2020.
[19] A. Hussein, L. Chadad, N. Adalian, A. Chehab, I. Elhajj, and A. Kayssi, “Software-defined networking (sdn): the security review,” Journal of Cyber Security Technology, vol. 4, no. 1, pp. 3,15, 2020.
[20] H. Aldabbas and R. Amin, “A novel mechanism to handle address spoofing attacks in sdn-based iot,” Cluster Computing, vol. 24, pp. 3011–3026, 2021.
[21] M. Antikainen, T. Aura, and M. Särelä, “Spook in your network: Attacking an sdn with a compromised openflow switch,” in Nordic Conference on Secure IT Systems, Tromso, Norway, October 15-17, 2014, (Germany), pp. 229–244, Springer, 2014.
[22] R. Chirgwin, “Openflow switch auth vulnerability.” https://www.theregister.com/2018/05/ 10/openflow_switch_auth_vulnerability/, 2018. [Online; Accessed Nov 14, 2023].
[23] P. Kushwaha, H. Sonkar, F. Altaf, and S. Maity, “A brief survey of challenge–response authentication mechanisms,” in ICT Analysis and Applications (S. Fong, N. Dey, and A. Joshi, eds.), (Singapore), pp. 573–581, Springer Singapore, 2021.
[24] N. Rastogi, A. Pathak, and S. Rastogi, “Enhanced authentication scheme using password integrated challenge response protocol,” International Journal of Computer Applications, vol. 62, pp. 15–19, 01 2013.
[25] B. Yigit, G. Gur, B. Tellenbach, and F. Alagoz, “Secured communication channels in software-defined networks,” IEEE Communications Magazine, vol. 57, no. 10, pp. 63–69, 2019.
[26] J. W. Kang, S. H. Park, and J. You, “Mynah: Enabling lightweight data plane authentication for sdn controllers,” in 2015 24th International Conference on Computer Communication and Networks (IC- CCN), pp. 1–6, 2015.
[27] G. Yao, J. Bi, and P. Xiao, “Source address validation solution with openflow/nox architecture,” pp. 7– 12, 10 2011.
[28] D. Samociuk, “Secure communication between openflow switches and controllers,” 2015. https: //api.semanticscholar.org/CorpusID:209343721. [Online; Accessed Nov 14, 2023].
[29] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, “Dtls based security and two-way authentication for the internet of things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2710–2723, 2013.
[30] I. Alam and M. Kumar, “A novel authentication scheme for group-based communication for iot-oriented infrastructure in smart cities,” 12 2022.
[31] Y. Ming, P. Yang, H. Mahdikhani, and R. Lu, “A secure one-to-many authentication and key agreement scheme for industrial iot,” IEEE Systems Journal, vol. 17, no. 2, pp. 2225–2236, 2023.
[32] L. Meng, D. Huang, J. An, X. Zhou, and F. Lin, “A continuous authentication protocol without trust authority for zero trust architecture,” China Communications, vol. 19, no. 8, pp. 198–213, 2022.
[33] Y. Shoukry, P. Martin, Y. Yona, S. Diggavi, and M. Srivastava, “Pycra: Physical challenge-response authentication for active sensors under spoofing attacks,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, (New York, NY, USA), p. 1004– 1015, Association for Computing Machinery, 2015.
[34] M. Usman, R. Amin, H. Aldabbas, and B. Alouffi, “Lightweight challenge-response authentication in sdn-based uavs using elliptic curve cryptography,” Electronics, vol. 11, no. 7, 2022.
[35] IBM Corporation, “Public key encryption.” https://www.ibm.com/docs/en/cics-ts/5.4? topic=protection-public-key-encryption, 2024. [Online; accessed Jan 5, 2024].
[36] M. Nieles, K. Dempsey, and V. Pillitteri, “An introduction to information security,” 06 2017.
[37] L. Rosencrance, “Challenge-response authentication.” https://www.techtarget.com/ searchsecurity/definition/challenge-response-system, 2021. Definition on TechTarget; [Online; accessed Jan 5, 2024].
[38] Wikipedia contributors, “Control plane — Wikipedia, the free encyclopedia.” https://en. wikipedia.org/wiki/Control_plane, 2022. [Online; accessed Jan 5, 2024].
[39] M. Rouse, “Data packet.” https://www.techopedia.com/definition/6751/data-packet, 2023. [Online; accessed Jan 5, 2024].
[40] NextLabs, “Dynamic authorization.” https://www.nextlabs.com/ what-is-dynamic-authorization/, 2023. [Online; accessed Jan 5, 2024].
[41] A. S. Gillis, “Internet of things (iot).” https://www.techtarget.com/iotagenda/definition/ Internet-of-Things-IoT, 2023. [Online; accessed Jan 5, 2024].
[42] P. Kirvan, “Mutual authentication.” https://www.techtarget.com/searchsecurity/ definition/mutual-authentication, 2022. [Online; accessed Jan 5, 2024].
[43] Wikipedia contributors, “Openflow — Wikipedia, the free encyclopedia.” https://en.wikipedia. org/wiki/OpenFlow, 2024. [Online; accessed Jan 5, 2024].
[44] National Institute of Standards and Technology, “Digital signature standard (dss),” Tech. Rep. FIPS 186-5, Information Technology Laboratory, Gaithersburg, MD 20899-8900, February 3 2023. Supersedes FIPS 186-4.
[45] Lanner Inc., “Why p4 programmable switch is relevant for software defined infrastructure?.” https://lannerinc.com/news-and-events/eagle-lanner-tech-blog/ why-p4-programmable-switch-is-relevant-for-software-defined-infrastructure, 2022. Published on February 9, 2022. [Online; accessed Jan 5, 2024].
[46] IBM Corporation, “Tcp/ ip routing.” https://www.ibm.com/docs/pl/aix/7.1?topic= protocol-tcpip-routing. Last updated on March 24, 2023. [Online; accessed Jan 5, 2024].
[47] J. English, “Sdn controller (software-defined networking controller).”
https://www.techtarget.com/searchnetworking/definition/ SDN-controller-software-defined-networking-controller. Last updated in May 2023. [Online; accessed Jan 5, 2024].
[48] Wikipedia contributors, “Shared secret — Wikipedia, the free encyclopedia.” https://en. wikipedia.org/wiki/Shared_secret, 2023. [Online; Accessed Jan 5, 2024].
[49] Wikipedia contributors, “Software-defined networking — Wikipedia, the free encyclopedia.” https: //en.wikipedia.org/wiki/Software-defined_networking, 2023. [Online; accessed Jan 5, 2024].
[50] Wikipedia contributors, “Spoofing attack — Wikipedia, the free encyclopedia.” https://en. wikipedia.org/wiki/Spoofing_attack, 2023. [Online; accessed Jan 5, 2024].
[51] J. Networks, “What is a network switch?.” https://www.juniper.net/us/en/ research-topics/what-is-a-network-switch.html, 2015. Published by Juniper Networks. [Online; accessed Jan 5, 2024].
[52] K. Yasar and B. Lutkevich, “Transmission control protocol (tcp).” https://www.techtarget.com/ searchnetworking/definition/TCP, 2023. Published by TechTarget. [Online; accessed Jan 5, 2024].
[53] Wikipedia contributors, “Transport layer security — Wikipedia, the free encyclopedia.” https:// en.wikipedia.org/wiki/Transport_Layer_Security, 2023. [Online; accessed Jan 5, 2024].
[54] Oracle Corporation, “Class KeyPairGenerator.” https://docs.oracle.com/javase/8/docs/ api/java/security/KeyPairGenerator.html, 2014. [Online; accessed on Dec 12, 2023].
[55] Oracle Corporation, “Class Cipher.” https://docs.oracle.com/javase/8/docs/api/javax/ crypto/Cipher.html, 2014. [Online; accessed on Dec 12, 2023].
[56] N. Dilhara, “Challenge response authentication protocol.” https://nipunadilhara.medium.com/ challenge-response-authentication-protocol-850925f50813, Nov 4 2018. [Online; accessed Nov 3, 2023].
[57] Yubico AB, “Challenge-response.” https://docs.yubico.com/yesdk/users-manual/application-otp/challenge-response.html, 2021. [Online; accessed Nov 3, 2023].