- 學位論文
結合資料隱藏與信息加密實現不可否認性之安全認證機制
The Design of a Secure and Non-Repudiation Authentication Mechanism with Data Hiding and Message Encryption
摘要
中 文 摘 要 網路的興起不僅提供了資訊傳遞的快速與便利,相對地讓一些有心人士可藉由它來從事非法的行為,如隨意截取網路上傳遞的訊息或偽冒他人傳送錯誤訊息;也由於這些網路安全的問題存在,使得一些網路應用無法直接順利達成,如網路購物電子錢包、無線通訊與醫療資訊等等的傳輸安全。因此,完善的資訊安全技術以確保資料能安全地與可靠地在網路上傳遞,為值得重視的研究主題之一。有鑑於目前資訊安全機制的不完善,本論文主要在發展一個具安全性並適用於各種不同資料型態的不可否認性之認證機制;並以具文字、信號與影像的電子病歷資料為實驗範例。 本論文提出以影像壓縮所產生的可容許誤差為基礎之雙極性多重基底數字系統,做為對資料的隱藏(加密)演算法。其原理是將不同類型的資料數據化後,隱藏於一幅影像內,接收者可藉由該影像來達到資料來源的認證,並可經由收發間的協定,取出所隱藏(加密)的資料與數位簽章。另外,本文亦提出一具不可否認性之認證機制來釐清資料的責任歸屬。其原理是使用簽章對的唯一性,以有效的防止網內第三者假冒傳送端將資料傳給接收端;並使用公正的第三者(認證中心) 儲存管理一個需配合使用者控制的動態認證碼,以讓使用者與認證中心彼此信賴。 本機制經實驗模擬後,有效改善目前現存的機制。以秘密通訊的觀點而言,除執行速度較快以外,由於本機制所產生的秘密金匙具資料相依性,故不須定期更換金匙以增加安全性。另外,本文亦提出以公開金匙的觀念,使用認證中心與動態認證碼之機制達到公正的仲裁功能;換言之,可同時達到彼此之間或與認證中心間之不可否認性。以數位簽章的觀點而言,一個具安全的簽章管理機制亦被提出,以增加認證的完整與安全性。 關鍵字:資訊安全、資料隱藏、認證、與數位簽章。
並列摘要
Abstract With the growing popularities of Internet, information could be transferred fast and conveniently among different institutions. However, this technology might bring some illegal transactions by unauthorized people, including intercepting information and pretending someone to transmit false messages via the Internet. Because of the existence of information security problems on Internet, some Internet applications such as transmitting electronic payment and exchanging medical information activities thus cannot be accomplished safely. As a result, a secure mechanism for data transmitted on the Internet is an important issue to explore. Therefore, an authentication technique with capabilities of confidentiality and non-repudiation for different data types is proposed in this dissertation. Furthermore, an electronic patient record (EPR) including the text, signal and image data types is simulated and evaluated by the proposed method. The proposed approach uses the bi-polar multiple number-base with tolerant error range (TER) from JPEG to hide (encrypt) data securely. Different types of data are enumerated and then hidden in a mark image. The receiver can use this marked image to authenticate the origin of data. And, the data can be extracted correctly by key escrow between the transmitter and the receiver. Moreover, a non-repudiation authentication can be achieved with a unique pair of digital signatures. The certificate authority (CA) is also proposed to store a dynamic authentication code generated by the users. Hence, the trust can be built between users and CA. The experimental results show that the proposed approach has faster processing time. Changing key periodically for better security is not necessary because the hidden (encrypted) data is data dependent. Furthermore, a secured management of digital signatures also is proposed to enhance the capabilities of integrity, confidentiality and authentication. Index terms: Information security, electronic patient records (EPRs), JPEG, authentication and digital signatures.
參考文獻
延伸閱讀
- Yang, F. Y., Chen, C. H., & Hwu, Y. N. (2004). 一個可證明安全的認證式加密法. 建國科大學報, 24(1), 13-19. https://doi.org/10.6995/JCTU.200410.0013
- Shih, W. Y. (2016). A4: 基於屬性加密演算法之電子病歷系統的身分認證、授權與存取控制機制 [master's thesis, National Chiao Tung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0030-0803201714322488
- Sung, Y. H. (2010). 具機密性、匿名性與收送方保護之可否認驗證協定 [master's thesis, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2010.01137
- Chi, J. F. (2011). 可提供不可區分安全性與匿名性之非互動式公平可否認驗證協定 [master's thesis, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2011.00721
- Liu, C. H. (2011). The Design and Applications of Some Control Mechanisms for Data Security [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://doi.org/10.6826/NUTC.2011.00058