Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 黃俊傑 | en_US |
dc.contributor.author | Huang, Chun-Chieh | en_US |
dc.contributor.author | 羅濟群 | en_US |
dc.contributor.author | Lo, Chi-Chun | en_US |
dc.date.accessioned | 2014-12-12T01:21:56Z | - |
dc.date.available | 2014-12-12T01:21:56Z | - |
dc.date.issued | 2010 | en_US |
dc.identifier.uri | http://140.113.39.130/cdrfb3/record/nctu/#GT079134808 | en_US |
dc.identifier.uri | http://hdl.handle.net/11536/40334 | - |
dc.description.abstract | 無基礎行動網路(Wireless Ad-Hoc Network, WAN)是由一群具無線傳輸能力之設備所構成之集合。因為無基礎行動網路具有動態拓樸、無線廣播之特性與本身網路特性的特性,使得它比其他的網路架構更容易遭受攻擊,以及更難設計出一個符合安全需求的群組通訊架構。然而,應用無基礎行動網路的環境,例如:軍事之應用,它需要更安全與穩定的通訊環境。 本研究致力於安全機制之設計,以提供應用於無基礎行動網路環境中達到安全通訊之目標。在本論文中,本研究以數位版權管理為核心思考幾個安全議題:應用於數位內容管理之執照簽署(Digital License)、於群播環境之金鑰管理、應用於點對點(Peer-to-Peer, P2P)的通訊環境中監督之管理,以及應用網頁服務(Web Service)之資源存取控制。基於上述之議題,本研究設計四個安全機制以滿足在無基礎行動網路(特別是以叢集架構所形成的無基礎行動網路(Cluster-based WANs))之安全性要求。 本研究提出了以群組為導向的提名式代理簽章機制(Group-Oriented Nominative Proxy Signature Scheme, GO-NPSS),本機制將群組觀念融入至提名式代理簽章機制中,以滿足無基礎行動網路環境的要求。在此機制中數位內容提供者可將本身的簽章能力轉由一群代理人來完成,且數位內容提供者可以指派哪些人具有簽章驗證能力。本研究希望在行動商務環境中,數位內容提供者可以順利的提供消費者完成執照合法性驗證的方法。於本機制中,可以保證消費者所獲得執照,確認是數位內容提供者所產生。此外,本研究亦對GO-NPSS機制之安全性進行分析,以證明本研究所提之機制滿足簽章機制安全上的要求。 本研究提出以EBS(Exclusion Basis System)為基底之批次金鑰更新機制,應用於群組通訊的環境。本機制解決EBS不能提供群體成員同時加入與離開的要求。於此機制共有三個操作:新增成員、具抵擋部份共謀攻擊之成員離開、以及可抵共謀攻擊之成員離開。此外,於效能上之分析,本研究將從三個角度,包括:儲存空間的成本、計算上的成本、以及通訊之負荷;來比較本論文所提之機制與EBS之差異。從比較結果發現,本研究所提之機制較EBS來的更有效率及更具彈性。 本研究提出一個具監督能力之安全機制,並將其應用於點對點通訊架構之資料傳遞環境。本機制基於吳等學者所提的單一階層式監督機制,修改為可提供多個階層式監督機制。在本機制中,存在一個全域的叢集頭,由它來掌管與監督整個點對點之通訊。在每個叢集內,存在一個叢集頭,由它來掌管與監督整個叢集內點對點之通訊。藉由安全性之分析證明本論文所提之具監督能力的安全機制,達到監督之目的。在叢集內任兩個通訊節點可以產生彼此的通訊金鑰,以進行秘密通訊。叢集內或叢集外其他的節點是無法監聽通訊內容,除了該叢集內的叢集頭及全域的叢集頭才能監聽通訊內容。 最後,本研究設計一個應用於網頁服務的具彈性之存取控機制。此機制基於RBAC(Role-Based Access Control)之存取控制模式,調適至符合本研究環境之存取控制機制。在此機制下,Web Service伺服器依據目前需求者所在之位置資訊、該需求者在此位置下信譽度、結合所有該使用者曾經拜訪過位置的整體信譽度計算、每個領域的安全度及資料傳送路徑之信賴度等參數結合政策定義之資料庫,做為具彈性以角色為基底控制機制設計之基礎。所有信譽值的計算是由領域代理者完成。實作結果,證明本研究可以滿足具彈性之存取控制要求,使得需求者必須依當時之條件存取到符合該條件的資料內容。 | zh_TW |
dc.description.abstract | A wireless ad-hoc network (WAN) is a collection of wireless mobile nodes and each of these can be considered as an individual portable devices. In such networks packets are relayed over multiple hops to reach their destination. Due to the infrastructure-less, dynamic, and broadcast nature of radio transmissions, communications in WANs are susceptible to security attacks. And, the inherent limitations of WANs impose major difficulties in establishing a suitable secure group communications framework. However, many applications, particularly those in military and critical civilian domains require that WANs be secure and stable. For the sake of such reasons mentioned above, this dissertation focuses on the development of some security schemes and mechanisms to provide secure communications over WANs. In addition, this dissertation considers a scenario of digital rights management (DRM) in cluster-based WANs. Under this scenario, some security issues are announced and the corresponding solutions are proposed: Digital signature for digital license in DRM, key management for group communications, supervising management for peer nodes communications in peer-to-peer (P2P) application, and access control for managing the access privilege about the resources provided by web service. This dissertation is concerned with the design and development of such protocols in cluster-based WANs. In dissertation, a group-oriented nominative proxy signature scheme (GO-NPSS) is proposed. This scheme adds the concept of group-oriented into nominative proxy signature scheme for cluster-based WANs. The scheme supports a content provider to delegate his/her signing ability to the partial members of a group of clearinghouses and to designate the partial members of a group of consumers to verify their digital licenses. The proposed scheme can guarantee that the digital products come from the authorized providers. A formal security analysis demonstrates that our scheme is secure enough to be used in DRM systems. In this dissertation, an EBS-based batch rekeying scheme is proposed. This scheme is an extension of EBS and provides the batch rekeying operations. The scheme supports three operations, join, leave with collusion-resistant (L/CR), and leave with collusion-free (L/CF). This dissertation compares the performance of the proposed scheme with that of EBS in terms of three performance metrics: storage cost, computation cost, and communications overhead. By comparison results, it indicates that the proposed scheme outperforms EBS in all three categories. The simulation results also indicate that the proposed scheme is more efficient and scalable than EBS. In this dissertation, a framework for supporting a supervising mechanism is introduced in the cluster-based P2P networks. This mechanism supports multiple chains partial order supervising mechanism instead of single chain partial order supervising mechanism proposed by Wu, etc. In the proposed mechanism, a global clusterhead supervises the whole network; clusterheads in each cluster supervise their own clusters’ communications. Security analysis shows that the proposed mechanism is secure enough for P2P in WANs. Any two nodes within the same cluster generate their common session key. In the same cluster, no nodes gain this session key except the clusterhead. Finally, a flexible access control mechanism is designed in this dissertation. This mechanism is an extension of role-based access control (RBAC) model and adds some profiles into a new access control mechanism. The mechanism is a combination of the requester’s role, location, reputation, and the trust degree of the routing path. By this mechanism, the service provider easily calculates the requester’s access privilege with respect to a specific resource. This dissertation implements this mechanism using XACML. The implementation results show that the proposed mechanism is feasible. | en_US |
dc.language.iso | en_US | en_US |
dc.subject | 無基礎行動網路 | zh_TW |
dc.subject | 批次金鑰更新機制 | zh_TW |
dc.subject | 金鑰管理 | zh_TW |
dc.subject | 數位簽章 | zh_TW |
dc.subject | 監督機制 | zh_TW |
dc.subject | 具彈性之存取控制機制 | zh_TW |
dc.subject | Wireless ad-hoc network | en_US |
dc.subject | Batch rekeying scheme | en_US |
dc.subject | Key management | en_US |
dc.subject | Digital signature | en_US |
dc.subject | Supervising mechanism | en_US |
dc.subject | Flexible access control mechanism | en_US |
dc.title | 無基礎行動網路安全協定之研究—以數位版權管理為例 | zh_TW |
dc.title | A Study on the Security Protocols for Wireless Ad-Hoc Networks: A Case on Digital Rights Management | en_US |
dc.type | Thesis | en_US |
dc.contributor.department | 資訊管理研究所 | zh_TW |
Appears in Collections: | Thesis |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.