摘要
本論文中,我們提出兩個鑰匙交換的架構,能使分別兩個不同組織中的會員們,在基於階層式存取控制的結構下行使安全的通訊。使用者除了能達成鑰匙交換的目的外,還能進一步的多重互相認證以辨別雙方的身分。 在第一個架構中,我們是利用整個階層式結構組織中的最高階層認證中心(CA)來產生每一次通訊中的個別password。首先,傳送者把他的要求送給接收者的CA,接收者的CA再依據階層式分支技術去尋找使用者,已確立接收者是否合法。接著,如果找到了接收者,雙方的CA產生一個password給傳送者跟接收者。最後,傳送者跟接收者使用這個password去進行鑰匙交換,產生一把共同的秘密鑰匙已達成通訊。 第二個架構的主要目的就是減少第一個架構中之CA的工作量。首先,傳送者跟接收者透過CA藉由雙方個別產生的隨機數值去認證對方。假如雙方都確認對方無誤,再使用雙方的隨機數值加以邏輯運算產生一把公同的秘密鑰匙。然後這把共同鑰匙就給用來加密訊息。 我們研究主要貢獻有下列幾點:(1)我們首先嘗試將階層式存取控制運用在鑰匙交換中。(2) 我們結合鑰匙交換以及階層式存取控制,以提供階層式結構中的使用者一個安全又便利的通訊方法。(3) 本架構不受組織加入會員、刪除會員或鑰匙的改變等的影響,依然能夠簡單的進行鑰匙交換。
並列摘要
In this thesis, we propose two schemes to make key exchange between two organizations via hierarchy access control. According to the frame of hierarchy access control in two different organizations, each of these users can execute key exchange to deliver messages to others. In addition, during the process of key exchange, they authenticate each other to make the transmission more secure. In the first scheme, the certificate authority (CA) of a group in a hierarchy will generate a particular password for communication each time. At first, the sender passes the request to the receiver’s CA. The receiver’s CA based on searching nodes technique in its hierarchical structure to authenticate the receiver. Then, if the receiver is found, both of group CA produce a password to the sender and the receiver. Finally, the sender and receiver use the password to make key exchange and generate a common key to communicate. The main purpose of the second scheme is to reduce CA’s workload in first scheme. At first, the sender and the receiver authenticate each other by their individual random number via counterpart’s CA. Then, if both of them were authenticated correctly, both of their random numbers are taken through the logic operations to generate a common secret key which causes the transmission being made securely. Finally, this common key will be used to encrypt the transmitted message. The main results of our study are as follows:(1) The feature of our schemes is that this is a new field about hierarchy access control applying to key exchange. (2) We combine key exchange and hierarchy access control to provide the users in hierarchical structure a very secure and convenient method to communicate. (3) We are unrestricted about inserting a member, deleting a member, or changing a key, etc., in the organization. That is, under such a status, it still makes the key exchange easily. Hierarchy access control is used by many organizations and companies. According to this method, we believe that the results of our study in this thesis will be much helpful to the future research and application in the area of making a secure environment for digital communication.
參考文獻
被引用紀錄
延伸閱讀
- Chen, C. J. (2005). 線性同餘和鑰匙交換的階層存取控制在行動隨意網路安全之研究 [master's thesis, Chung Yuan Christian University]. Airiti Library. https://doi.org/10.6840/cycu200500104
- 黃柏斯、卓世明、蔣遐齡(2010)。免鑰匙系統二重授權機制之實現。載於大葉大學資訊管理學系(主編),電子化企業經營管理理論暨實務研討會(頁368-377)。大葉大學資訊管理學系。https://doi.org/10.29709/ecmanagement.201005.0368
- 邱德治(2011)。有憑證的信賴鏈鑰匙交換方法植基於雙線性配對〔碩士論文,國立臺中科技大學〕。華藝線上圖書館。https://doi.org/10.6826/NUTC.2011.00012
- Chen, T. S., Huang, Y. F., & Wong, Y. C. (1999). The Dynamic Access Control Problems in A User Hierarchy. 大葉學報, 8(1), 39-47. https://doi.org/10.7119/JDYU.199906.0039
- Cacic, B. J., & Wei, R. Z. (2007). Improving Indirect Key Management Schemes of Access Hierarchies. International Journal of Network Security, 4(2), 128-137. https://doi.org/10.6633/IJNS.200703.4(2).02