研究生: |
黃士杰 Shih-Chieh Huang |
---|---|
論文名稱: |
在無法確保點對點安全時鑑別他人持有行動裝置之機制 On the Design and Implementation of a Mechanism for Customers to Evaluate Trustworthy of Mobile Services |
指導教授: |
查士朝
Shi-Cho Cha |
口試委員: |
羅乃維
Nai-Wei Lo 林俊叡 Raymund J.-R. Lin |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2014 |
畢業學年度: | 102 |
語文別: | 中文 |
論文頁數: | 65 |
中文關鍵詞: | 行動應用服務 、鑑別力 、點對點安全 |
外文關鍵詞: | Mobile Services, Authentication, End-to-End Security |
相關次數: | 點閱:185 下載:0 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著行動科技的進步,政府單位能夠讓人員攜帶手機或平板提供到府服務。然而在提供民眾使用服務時,有時會需要採用比較強的認證方式,像是透過具有非對稱式金鑰的智慧卡,來做到點對點的安全,以便讓政府單位與民眾間做到交互認證,甚至能夠確保資料傳輸的安全。然而因為系統資源的限制與便利性的考量,有時無法做到點對點的安全,此時民眾會需要識別到府服務的人員所攜帶之裝置,是否真的為合格的裝置。
因此本研究將針對使用者在使用他人攜帶之裝置,來使用沒辦法確保點對點安全的服務時,提出一個可以鑑別他人的行動裝置的機制,讓使用者在使用前,可以自行決定是否鑑別這些行動應用服務,是真正有經過服務提供者的授權,藉以避免惡意的行動應用服務竊取使用者的機敏資訊。
As advances of mobile technologies, government agencies are willing and able to request employees to bring to citizens’ home to provide on-site service. However, upon the constraints of mobile devices, people may use services without end-to-end security mechanism. Therefore, people may be curious about whether mobile devices are trustworthy.
To address this issue, this paper presents a mechanism for people to evaluate trustworthy of mobile services and associated devices. With such mechanism, people can use their smart phones to request devices to be verified to give them one time validate information. The requests along with associated information cannot be eavesdropped by rivals. While people can validate trustworthy of a specified mobile device brought by employees of government agencies, the research can hopefully contribute to government agencies to provide people secure on-site mobile services.
[1] La Polla, M., Martinelli, F. and Sgandurra, D.“A Survey on Security for Mobile Devices,”IEEE Communications Surveys & Tutorials, 2012, pp. 446-471.
[2] Cha, S.-C., Chen, J.-F., Huang, S.-C., Tseng, C.-T. and Chen, W.-K.“On Design of Secure APIs for IoT Applications—Using Taiwan Uniform e-Invoices as Examples,”Radio Frequency Identification System Security 8 , 2012, pp. 9-20.
[3] Organization for Economic Co-operation and Development, The Economic Impact of Counterfeiting, OECD Publications, 1988, pp. 30-34.
[4] Chaudhry, P. E. and Walsh, M. G. “An Assessment of the Impact of Counterfeiting in International Markets: The Piracy Paradox Persists,”The Columbia Journal of World Business, 1996, pp. 34-48.
[5] Benassi, P.“TRUSTe: An Online Privacy Seal Program,”Communications of the ACM, 1999, pp. 56-59.
[6] Agrawal, D., Archambeault, B., Rao, J. R. and Rohatgi, P.“The EM Side—Channel(s),”Cryptographic Hardware and Embedded Systems-CHES 2002, 2003, pp. 29-45.
[7] Newman-Wolfe, R. E. and Venkatraman, B. R.“High Level Prevention of Traffic Analysis, ”IEEE Computer Security Applications Conference, 1991, pp. 102-109.
[8] Newman-Wolfe, R. E. and Venkatraman, B. R.“Performance Analysis of a Method for High Level Prevention of Traffic Analysis,”IEEE Computer Security Applications Conference, 1992, pp.123-130.
[9] Venkatraman, B. R. and Newman-Wolfe, R. E.“Transmission Schedules To Prevent Traffic Analysis,”IEEE Computer Security Applications Conference, 1993, pp. 108-115.
[10] Piao, C. and Han, X.“Study on Open APIs of E-Commerce Platforms and Design of a Third Party Application for Taobao,”IEEE e-Business Engineering (ICEBE), 2010, pp. 184-189.
[11] Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V. and Iftode, L.“Rootkits on Smart Phones: Attacks, Implications and Opportunities,”Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, ACM, 2010, pp. 49-54.
[12] Xin, M., Huang, Z. and Qian, Q.“A Security Protocol for Mobile E-service Oriented Architecture (MSOA): Design and Implementation,”IEEE Networks Security, Wireless Communications and Trusted Computing, 2009, pp. 477-480.
[13] Liu, K. and Xu, K.“OAuth Based Authentication and Authorization in Open Telco API,”IEEE Computer Science and Electronics Engineering (ICCSEE), 2012, pp. 176-179.
[14] Burr, W. E., Dodson, D. F. and Polk, W. T.“NIST SP 800-63,”2006.
[15] Felt, A. P., Chin, E., Hanna, S., Song, D. and Wagner, D. “Android Permissions Demystified,”Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 627-638.
[16] Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E. and Wagner, D.“Android Permissions: User Attention, Comprehension, and Behavior,”Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM, 2012.
[17] 財政部,「電子發票多元捐贈作業介紹及說明」,2014。
<https://www.einvoice.nat.gov.tw/home/Article!getArticleListByCId?cId=AC10000001&CSRT=13443503943023562342>
[18] 財政部,「財政部電子發票整合服務平台」,2014。
<https://www.einvoice.nat.gov.tw/>
[19] 賽門鐵克,「諾頓安全標章」,2014。
<http://www.symantec.com/zh/tw/page.jsp?id=seal-transition>