摘要
電子化租賃服務,如線上音樂、影片租賃服務、電子書借閱、雜誌訂閱等,已廣泛的被人們所使用。大部分的電子化租賃服務,皆要求使用者在租賃時提供真實個人資料,若服務供應商(Service providers)在未獲得使用者的授權下,分析使用者的租借紀錄(Rental records),則可能曝露許多敏感的個人資訊,危害使用者之權益。因此,個人隱私問題實為電子化租賃服務之一大課題。 本論文提出一個匿名之電子化租賃服務協定,並以租車系統為例,具有以下五個特點:(1)匿名性(Anonymity)︰使用者僅需向一公正的第三者(Trusted third party, TTP)揭露個人資訊。於租車過程中,不需向租車公司透露真實身份。(2)不可連結性(Unlinkability)︰租車公司無法從多次租車紀錄分析並連結至使用者身份。(3)可追蹤性(Traceability)︰當有消費紛爭或車輛發生問題時,租車公司可請求TTP揭露使用者身份。(4)靈活性(Flexibility)︰使用者可任意選擇租車公司租賃車輛。(5)匿名付款(Anonymous payment)︰租車公司透過TTP向銀行請款,可避免因信用卡資訊洩露使用者身份。 本論文之匿名租車系統,利用基於橢圓曲線上雙線性配對(Bilinear pairings)個人身份為基礎(ID-based)之密碼系統,並加入TTP及NFC手機中的安全元件(Secure element, SE)結合發展出一個具備認證(Authentication)、授權(Authorization)及稽核(Audit)的租賃及付款系統。 經安全性分析證明,本匿名租車系統可達到匿名性、機密性、向前安全性、向後安全性及撤銷匿名等安全目的,以及防止重送攻擊和中間人攻擊。
並列摘要
Online rental services, such as music stores, DVD rentals, magazine subscriptions, have been quite popular in our daily life. However, most of them require customers to provide personal information. The service providers may collect users’ consumption habits from rental records. Such analysis is carried out mostly without users’ permission and has consequently caused privacy breaches in e-rental services. In this paper, we propose a protocol for anonymous e-rental services, particularly vehicle rentals. Our contributions include: (1) Anonymity. Users provide their personal information to a trusted third party (TTP) only. They do not even need to reveal their real identity to a rental company. (2) Unlinkability. Car rental companies are unable to establish any link between users’ rental records and users’ identity simply by analyzing the rental records. (3) Traceability. If there are consumer disputes or accidents, the rental company can request that TTP reveal users’ identity. (4) Flexibility. Users are free to choose their preferred vehicles from any allied companies. (5) Anonymous payment. Car rental companies have to claim payments through a TTP, which prevents privacy breaches in credit card payments. Our proposed protocol use identity-based certificateless signature scheme with bilinear pairings. We then implement the scheme into near field communication (NFC) phones’ secure elements (SE). The improved SE will be of higher efficiency in authentication, authorization and auditing in car rental services. Our security analysis also proves that our system is able to guarantee anonymity, confidentiality, forward secrecy, backward secrecy, and anonymity revocation. It can also resist replay attacks and man-in-the-middle (MITM) attacks.
參考文獻
延伸閱讀
- 劉醇洋(2014)。基於NFC之智慧校園標籤管理系統〔碩士論文,國立臺灣師範大學〕。華藝線上圖書館。https://doi.org/10.6345/NTNU202205516
- 趙偉凱(2014)。具保護隱私的安全一次性公鑰NFC行動付款技術〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2014.01198
- 馮玄明、陳華慶、陳尚維(2022)。行動裝置NFC技術應用之使用意向模型。國立金門大學學報,10(1),101-115。https://www.airitilibrary.com/Article/Detail?DocID=2221142X-202203-202204270011-202204270011-101-115
- 張芝華(2012)。運用NFC技術之室內導覽系統〔碩士論文,國立臺灣師範大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0021-1610201315282008
- 周文生(2007)。Functional Requirements of IC Card Meter for Taxicab。運輸學刊,19(3),215-240。https://doi.org/10.6383/JCIT.200709.0215