簡易檢索 / 詳目顯示

回結果列表
研究生: 黃士杰
Shih-Chieh Huang
論文名稱: 在無法確保點對點安全時鑑別他人持有行動裝置之機制
On the Design and Implementation of a Mechanism for Customers to Evaluate Trustworthy of Mobile Services
指導教授: 查士朝
Shi-Cho Cha
口試委員: 羅乃維
Nai-Wei Lo
林俊叡
Raymund J.-R. Lin
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2014
畢業學年度: 102
語文別: 中文
論文頁數: 65
中文關鍵詞: 行動應用服務鑑別力點對點安全
外文關鍵詞: Mobile Services, Authentication, End-to-End Security
相關次數: 點閱:185下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著行動科技的進步,政府單位能夠讓人員攜帶手機或平板提供到府服務。然而在提供民眾使用服務時,有時會需要採用比較強的認證方式,像是透過具有非對稱式金鑰的智慧卡,來做到點對點的安全,以便讓政府單位與民眾間做到交互認證,甚至能夠確保資料傳輸的安全。然而因為系統資源的限制與便利性的考量,有時無法做到點對點的安全,此時民眾會需要識別到府服務的人員所攜帶之裝置,是否真的為合格的裝置。
    因此本研究將針對使用者在使用他人攜帶之裝置,來使用沒辦法確保點對點安全的服務時,提出一個可以鑑別他人的行動裝置的機制,讓使用者在使用前,可以自行決定是否鑑別這些行動應用服務,是真正有經過服務提供者的授權,藉以避免惡意的行動應用服務竊取使用者的機敏資訊。

    As advances of mobile technologies, government agencies are willing and able to request employees to bring to citizens’ home to provide on-site service. However, upon the constraints of mobile devices, people may use services without end-to-end security mechanism. Therefore, people may be curious about whether mobile devices are trustworthy.
    To address this issue, this paper presents a mechanism for people to evaluate trustworthy of mobile services and associated devices. With such mechanism, people can use their smart phones to request devices to be verified to give them one time validate information. The requests along with associated information cannot be eavesdropped by rivals. While people can validate trustworthy of a specified mobile device brought by employees of government agencies, the research can hopefully contribute to government agencies to provide people secure on-site mobile services.

    論文摘要 I Abstract II 致謝 III 目錄 IV 圖目錄 VI 表目錄 VIII 第一章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的與貢獻 2 1.3 章節介紹 4 第二章 背景知識與文獻探討 6 2.1 電子發票背景 6 2.2 Web應用服務鑑別機制 9 2.3 防偽技術 10 2.4 旁通道攻擊 11 第三章 問題定義與需求分析 12 3.1 情境描述 12 3.2 問題定義 13 3.3 需求分析 15 第四章 鑑別機制設計 17 4.1 系統架構說明 17 4.2 鑑別機制流程 21 4.3 鑑別機制設計 23 4.4 各階段說明 25 第五章 安全性說明 33 5.1 傳遞訊息的安全性 33 5.2 進行身分認證 34 5.3 降低旁通道風險 35 5.4 降低阻斷服務攻擊 35 第六章 系統實作 36 6.1 系統實作環境 37 6.2 系統功能頁面展示 38 第七章 系統效能評估 43 第八章 結論與未來方向 50 參考文獻 51

    [1] La Polla, M., Martinelli, F. and Sgandurra, D.“A Survey on Security for Mobile Devices,”IEEE Communications Surveys & Tutorials, 2012, pp. 446-471.
    [2] Cha, S.-C., Chen, J.-F., Huang, S.-C., Tseng, C.-T. and Chen, W.-K.“On Design of Secure APIs for IoT Applications—Using Taiwan Uniform e-Invoices as Examples,”Radio Frequency Identification System Security 8 , 2012, pp. 9-20.
    [3] Organization for Economic Co-operation and Development, The Economic Impact of Counterfeiting, OECD Publications, 1988, pp. 30-34.
    [4] Chaudhry, P. E. and Walsh, M. G. “An Assessment of the Impact of Counterfeiting in International Markets: The Piracy Paradox Persists,”The Columbia Journal of World Business, 1996, pp. 34-48.
    [5] Benassi, P.“TRUSTe: An Online Privacy Seal Program,”Communications of the ACM, 1999, pp. 56-59.
    [6] Agrawal, D., Archambeault, B., Rao, J. R. and Rohatgi, P.“The EM Side—Channel(s),”Cryptographic Hardware and Embedded Systems-CHES 2002, 2003, pp. 29-45.
    [7] Newman-Wolfe, R. E. and Venkatraman, B. R.“High Level Prevention of Traffic Analysis, ”IEEE Computer Security Applications Conference, 1991, pp. 102-109.
    [8] Newman-Wolfe, R. E. and Venkatraman, B. R.“Performance Analysis of a Method for High Level Prevention of Traffic Analysis,”IEEE Computer Security Applications Conference, 1992, pp.123-130.
    [9] Venkatraman, B. R. and Newman-Wolfe, R. E.“Transmission Schedules To Prevent Traffic Analysis,”IEEE Computer Security Applications Conference, 1993, pp. 108-115.
    [10] Piao, C. and Han, X.“Study on Open APIs of E-Commerce Platforms and Design of a Third Party Application for Taobao,”IEEE e-Business Engineering (ICEBE), 2010, pp. 184-189.
    [11] Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V. and Iftode, L.“Rootkits on Smart Phones: Attacks, Implications and Opportunities,”Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, ACM, 2010, pp. 49-54.
    [12] Xin, M., Huang, Z. and Qian, Q.“A Security Protocol for Mobile E-service Oriented Architecture (MSOA): Design and Implementation,”IEEE Networks Security, Wireless Communications and Trusted Computing, 2009, pp. 477-480.
    [13] Liu, K. and Xu, K.“OAuth Based Authentication and Authorization in Open Telco API,”IEEE Computer Science and Electronics Engineering (ICCSEE), 2012, pp. 176-179.
    [14] Burr, W. E., Dodson, D. F. and Polk, W. T.“NIST SP 800-63,”2006.
    [15] Felt, A. P., Chin, E., Hanna, S., Song, D. and Wagner, D. “Android Permissions Demystified,”Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 627-638.
    [16] Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E. and Wagner, D.“Android Permissions: User Attention, Comprehension, and Behavior,”Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM, 2012.
    [17] 財政部,「電子發票多元捐贈作業介紹及說明」,2014。
    <https://www.einvoice.nat.gov.tw/home/Article!getArticleListByCId?cId=AC10000001&CSRT=13443503943023562342>
    [18] 財政部,「財政部電子發票整合服務平台」,2014。
    <https://www.einvoice.nat.gov.tw/>
    [19] 賽門鐵克,「諾頓安全標章」,2014。
    <http://www.symantec.com/zh/tw/page.jsp?id=seal-transition>

    無法下載圖示
    全文公開日期 本全文未授權公開 (校外網路)
    全文公開日期 本全文未授權公開 (國家圖書館:臺灣博碩士論文系統)
    QR CODE