研究生: |
陳惠婷 Hui-Ting Chen |
---|---|
論文名稱: |
適用於NFC手機之匿名與鑑別金鑰協議機制 Anonymous and Authenticated Key Agreement Mechanism for NFC mobiles |
指導教授: |
吳宗成
Tzong-Chen Wu |
口試委員: |
羅乃維
Nai-Wei Lo 查士朝 Shi-Cho Cha |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2011 |
畢業學年度: | 99 |
語文別: | 中文 |
論文頁數: | 65 |
中文關鍵詞: | 自我驗證公開金鑰系統 、近場通訊 、匿名 、雙向鑑別 、金鑰協議 、橢圓曲線 |
外文關鍵詞: | self-certified public key system, NFC, anonymity, mutual authentication, key agreement, elliptic curve |
相關次數: | 點閱:256 下載:1 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
NFC手機主要應用於電子商務與電子企業,因此如何提供安全可信賴之應用環境,實為推動NFC手機運用於電子商務與電子企業之關鍵議題。有鑑於此,為改善使用者向服務提供者註冊服務與使用者向服務提供者存取服務時,缺乏匿名與其他安全威脅問題,本論文以自我驗證公開金鑰系統與橢圓曲線密碼系統的方法,提出適用於NFC手機的匿名與鑑別金鑰協議機制。本論文所提出方法達到以下安全目標與需求:提供通訊雙方相互鑑別、使用者匿名、通訊過程中抵抗中間人攻擊、抵抗重送攻擊,並提供通訊實體雙方建立之交談金鑰達到前推安全與已知金鑰安全。另外,在我們的方法中,服務提供者不需要使用通行碼驗證表即可鑑別使用者身分,能降低儲存成本。
NFC mobiles have many applications in E-commerce and e-business, and providing a secure and reliable application environment is crucial in promoting NFC mobiles in these sectors. This thesis has found that the needs of anonymity and authentication requirements have not yet been met in the NFC mobiles; for example, there are security issues and anonymity needs during the process of user registering at service provider site as well as accessing services. This thesis proposes a self-certified public key system and ECC scheme to add mechanisms to address these needs and issues and to make the process efficiency. Through mechanisms we reach the goal of mutual authentication and session key agreement, anonymity; during the communication process, our schemes can resist man-in-the-middle attack, resist replay attack, and achieve forward secrecy and know-key secrecy. The schemes can reduce message transmission cost and storage cost; since service providers no longer will need to use a password table to authenticate users when users accessing the service.
[AP09] V. Alimi, M. Pasquet, “Post-distribution provisioning and personalization of a payment application on a UICC-based Secure Element,” International Conference on Availability, Reliability and Security, 2009, pp. 701–705.
[CR05] B. Choudhary and J. Risikko, “Mobile device security element,” Key Findings form Technical Analysis v. 1.0, Mobey Forum. 2005.
[FHMM10] L. Francis, G. Hancke, K. Mayes and K. Markantonakis, “A security framework model with communication protocol Translator Interface for Enhancing NFC Transations,” Advanced International Conference on Telecommunications, pp. 452–461, 2010
[Glo06] GlobalPlatform, “ Confidential Card Content Management – GlobalPlatform Card Specification v2.2 – Amendment A,” http://www.globalplatform.org/, 2003
[Glo09] Global Platform, “ Secure Channel Protocol 03 – Global Platform Card Specification v2.2 - Amendment D ,” http://www.globalplatform.org/, 2009
[Gir91] M. Girault, “Self-certified public keys,” Proc. Advances in Cryptology-EUROCRYPT’91, Lecture Notes in Computer Science, Vol. 547, 1991, pp. 490-497.
[HB06] Ernst Haselsteiner and Klemens Breitfus: Security in near field communication (NFC), In Workshop on RFID Security, 2006.
[Kob87] N.Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, 1987, pp. 203-209.
[LW10] Y. P Liao and S. S Wang, “A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves,” Computer Communications 33, pp. 372–380, 2010
[Mil86] V. Miller, “Use of elliptic curves in cryptography,” Proc. Advances in Cryptology- CRYPTO’85, 1986, pp. 417-426.
[MLKS08] G. Madlmayr, J. Langer, C. Kantner, J. Scharinger. “NFC devices: security and privacy,” In Third International Conference on Availability, Reliability and Security, 2008, pp. 642–647.
[ML08] G. Madlmayr, J. Langer, “Managing an nfc ecosystem,” 7th International Conference on Mobile Business, 2008, pp. 95-101
[MM04] Konstantinos Markantonakis and Keith Mayes, “A secure channel protocol for multi-application smart cards based on public key cryptography,” Proceedings of 8th IFIP TC-6-11 Conference on Communications and Multimedia Security, 2004, pp.79-96.
[Mob08] Mobey Forum, Best practices for mobile financial services – enrolment business model analysis [online, White Paper], 2008, available from : http://www.mobeyforum.org/?page=bestpractice
[Mul09] C. Mulliner, “Vulnerability analysis and attacks on NFC-enabled mobile phones,” 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan: 2009, pp. 695-700.
[PH97] H. Petersen and P. Hoster, “Self-sertified keys concepts and applications,” Proceeding of Communications and Multimedia Security’ 97, 1997, pp.102-116.
[RP09] Marie Reveilhac, Marc Pasquet, “Promising secure element alternatives for NFC technology,” 2009 First International Workshop on Near Field Communication, 2009, pp. 75-80
[SCA09] Smart Card Alliance, “Security of Proximity Mobile Payments,” A smart Card Contactless and Mobile Payments Council White Paper,
http://www.sma rtcardalliance.org, 2009.