- 學位論文
植基於QR-Code的安全簡訊機制
Secure Short Message Service Based on QR-Code
摘要
隨著行動通訊技術發展的日新月異,行動電話用戶除了過去單純的語音通話功能外;亦可藉由行動電話來進行文字、圖片、影音等多種即時訊息的傳遞,讓使用者可隨時取得最新最即時的新聞、財經、體育等等的相關資訊,並享有多元化的行動加值服務。而目前行動通訊週邊加值服務中,又屬簡訊服務最受歡迎,同時也能替各家電信系統業者帶來相當可觀的獲利。 目前各家電信系統業者現行的簡訊服務在傳遞過程中,雖然已使用了加密技術以提供訊息的保密性,只是這些方法並非屬於點對點的加密技術(End-to-End Encryption),因此簡訊的明文仍會暴露於電信系統業者端。這時倘若電信系統業者的內部管理上沒有一個安全有效的管控機制,將有可能使這些簡訊資料遭受到有心人士的任意竊取。也正因為簡訊傳遞過程中這項尚無法克服的弱點,故而許多學者紛紛提出各種點對點的簡訊加密機制,企圖讓簡訊服務能擁有多一層的安全防護,以解除使用者對於電信系統業者端的安全疑慮。 回顧目前既有的點對點簡訊安全協定,皆使用公開金鑰密碼系統結合對稱式加密演算法來保障簡訊內容使其免於遭受非法的存取。然而,在引入公開金鑰密碼系統首先要面臨的重大考驗即是公開金鑰的驗證問題。雖然,普遍的解決方法是使用金鑰憑證來確保公開金鑰之正確性,但相對地也會衍生出檢驗憑證時所需耗費的儲存、通訊及計算等負擔。這對於資源有限的行動通訊設備而言,儼然已成為沉重的壓力。 有鑑於此,本論文提出了兩個點對點的簡訊加密機制。其中,【方法一】使用了QR-Code 二維條碼技術搭配單向雜湊函數來發送安全簡訊,而該機制已完全跳脫了既有公開金鑰密碼系統的框架,將可望有效大幅提升整體的運作效能。 由於在【方法一】中,簡訊收發雙方必須事前進行金鑰交換,部份限制了其應用層面。因此,在【方法二】則引入了自我驗證(Self-Certified)公開金鑰密碼系統。如此一來,不但成功地解決了金鑰交換的問題,更進一步繼承了自我驗證公開金鑰密碼系統所帶來的各項優點,包括:不須配合憑證即可進行公開金鑰的驗證動作,以及節省檢驗憑證時所需的儲存、通訊及計算等負擔。
並列摘要
With the rapid development of mobile communication technology, mobile subscribers can send multiple messages such as text, picture, and video, etc., besides simply through voice in the past. They can also obtain information about finance, sports, local or international news as they need and have prompt supplementary and value-added services. In addition, short message service is the most popular among subscribers and brings lots of profits to each carrier. Although carriers provide encrypted protocols to short message service during its transmission, these still not belong to end-to-end encryption. Hence, plaintext are still exposed to the carriers. If they don’t have an effective safety mechanism, then short message service could be stolen by anyone who attempts to. With this unsolved drawback, many researchers brought up different end-to-end encryption protocols about short message service in order to provide extra protection and relieve customer’s concern. The current end-to-end safe short message service protocols integrate public key cryptosystem with symmetric encryption algorithm to against illegal access. However, the biggest challenge in adopting public key is verification. Although the popular solution is using certificate to assure the correctness of public key, it adds burdens to storage, communication, and computation during verifying process. It becomes serious issue to limited resource of mobile communication device without doubt. Therefore, this research provides two kinds of end-to-end encryption protocols about short message service. The Scheme 1 applies QR-Code and one-way hash function to send the short message service securely. It is completely different from the traditional public key cryptosystem and upgrade operation efficiency substantially. In Scheme 1, senders and receivers must accomplish key exchange beforehand, thus, it restricts part of its application. For this reason, the concept of the self-certified public key cryptosystem is introduced in Scheme 2. It not only can solve the problems of key exchange successfully, but also can further derive the benefits inherited from self-certified public key system, such as verifying public key without certificate and reducing storage, communication, and computation costs.
參考文獻
延伸閱讀
- 劉得祺(2014)。QR Code中的資料隱藏機制之研究〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://doi.org/10.6827/NFU.2014.00023
- 洪長宏(2014)。QR code應用在行動設備之網路交易上的資通安全探討。電腦稽核,(30),65-71。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201407-201408070021-201408070021-65-71
- 王尉任、黃正達、黃翔偉、王旭正(2012)。具高隱匿性QR code雙重型態資訊隱藏研究。資訊管理學報,19(4),769-784。https://doi.org/10.6382/JIM.201210.0769
- 劉柏辰(2013)。安全的QR code行動電子票證所有權轉移系統〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu201301064
- 邱美僑(2017)。The Software Development of Virtual QR Code〔碩士論文,國立交通大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0030-0705201811390983