Full metadata record
DC FieldValueLanguage
dc.contributor.author曾蕙如en_US
dc.contributor.authorTseng, Huei-Ruen_US
dc.contributor.author簡榮宏en_US
dc.contributor.authorJan, Rong-Hongen_US
dc.date.accessioned2015-11-26T01:05:04Z-
dc.date.available2015-11-26T01:05:04Z-
dc.date.issued2010en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079323822en_US
dc.identifier.urihttp://hdl.handle.net/11536/40587-
dc.description.abstract無線網路產業歷經多年發展,發展重心在於提供客戶獨一無二的資訊應用服務的技術。對於無線網路而言,其技術核心在於資源的存取-滿足使用者隨時隨地皆能存取遠端資源的行動生活應用需求。然而電腦犯罪活動卻隨著資訊科技的發展日益猖獗。因此,建構一個安全的資訊/通訊環境乃為當務之急。針對無線網路資源的存取,伺服器必須能有效地認證遠端使用者的身份。 近年來無線感測網路(wireless sensor networks, WSNs)已經是無線網路研究中重要的議題之一,它是由許多散佈於各地的感測節點(sensor nodes)所組成,主要用以蒐集各種環境資料,例如溼度、壓力、溫度等。每個節點皆有監控偵測物理環境的能力,並藉由無線通訊的方式,將所蒐集之資訊回傳至基地台(base station)或是應用系統的後端平台(backend)。因應無線感測網路無所不在(ubiquity)的應用需求增加,使用者應能即時存取儲存於感測節點的資訊。因此,感測節點所收集之資訊應該採取安全機制來加以保護,避免未經授權的使用者非法取得。 本論文中,我們將闡述無線安全領域的發展現況,與多種無線網路中的使用者認證協定(user authentication protocols)。同時針對使用者認證之安全架構與安全需求加以說明。再者,我們提出數種適用於無線網路之使用者認證協定,其中包括植基於密碼方法的使用者認證協定(password-based user authentication protocols)、植基於生物特徵方法的使用者認證協定(biometrics-based user authentication protocols),以及自我憑證方法的使用者認證協定(self-certificate-based user authentication protocols)。 針對植基於密碼方法的使用者認證協定,我們提出兩種認證協定。協定一乃運用LU矩陣分解法(LU decomposition),讓使用者透過開放式通訊網路進行認證與存取網路服務。此協定的特性包括動態更改密碼、相互認證(mutual authentication)、使用者匿名(user anonymity),與金鑰協議(key agreement)等。協定二主要是適用於無線感測網路的使用者認證協定,能讓使用者以低運算量來即時存取感測節點的資訊。 針對植基於生物特徵方法的使用者認證協定,我們提出一個適用於智慧卡(smart cards)的使用者認證協定。此協定能允許伺服器驗證使用者之生物特徵的同時,亦能保護使用者隱私。此外,我們將此協定與秘密分享方法結合,擴充為多人生物特徵認證協定(multi-party biometrics-based user authentication protocol)-即(t, n)-門檻式多人認證協定,在此協定中,必須提出至少t個以上之使用者生物特徵、密碼,與智慧卡,方可重建認證金鑰(authentication key)。 針對植基於自我憑證方法的使用者認證協定,我們提出一個適用於無線感測網路的認證協定,提供使用者與感測節點相互認證與金鑰協議,同時,金鑰分配中心(key distribution center, KDC)亦可撤銷金鑰對。在此協定中,使用者首先傳送資料要求封包予其傳輸範圍內的感測節點,感測節點認證通過,即可回傳使用者所要求之資料。平均而言,我們假設使用者傳輸範圍內有n個感測節點。在攻擊者截取n個感測節點當中t個節點的情況下,此協定仍然可以維持其安全性。此外,我們利用派翠網路(Petri nets)來建立模型並分析所提出的協定,並證明其可抵禦多種攻擊模式。zh_TW
dc.description.abstractThe wireless industry, over the last few years, has undergone a tremendous amount of change, which is brought about through the introduction of a never ending stream of technologies all designed to provide unique services that customers will purchase. For wireless networks, at the heart of all the technologies introduced is access---being able to access services regardless of where the end user is physically located. While wireless networks are very convenient for users, their widespread use creates new challenges from a security point of view. To control access to wireless networks, it is essential for the server to authenticate the remote users. A variant of the wireless networks is wireless sensor networks (WSNs). In WSNs, there are spatially distributed sensors which cooperatively monitor environmental conditions, such as humidity, pressure, temperature, motion, or vibration, at different locations. Each sensor node has the ability to monitor the physical world and return the sensed information to base stations or at the backend of the application system via wireless communication. With the increasing ubiquity of WSNs, real-time data could be accessed from every sensor node. Hence, security measures should be taken to protect the collected secrets in order to prevent un-authorized users from gaining the information. In this dissertation, we introduce recent developments in the field of wireless security and investigate several user authentication protocols in wireless networks. A detailed explanation of security frameworks and security requirements for authentication will be given. We design several user authentication protocols in wireless networks, including two kinds of password-based user authentication protocols, a biometrics-based user authentication protocol, and a self-certificate-based user authentication protocol. For password-based user authentication, we propose two password-based user authentication protocols, namely protocol-I and protocol-II. The protocol-I is a password-based user authentication protocol using LU decomposition, which authenticates remote users and allows legitimate users to access network services over an open communication network. This protocol possesses many merits, including freely changeable passwords, mutual authentication, user anonymity, and session key agreement. The protocol-II is a password-based user authentication protocol for WSNs, which allows legitimate users to query sensor data at any of the sensor node in an ad hoc manner and imposes very little computational overhead. For biometrics-based user authentication, we propose a biometrics-based remote user authentication protocol using smart cards. The protocol fully preserves the privacy of the biometric data of each user while allowing the server to verify the correctness of the users' biometric characteristics without knowing the exact values. In addition, the proposed protocol is later extended to a multi-party biometrics-based remote user authentication protocol by incorporating a secret sharing component. This extended protocol is essentially a (t, n)-threshold multi-party authentication protocol. Any group of t or more users can together reconstruct the authentication key with their own biometric data, passwords, and smart cards but no group of less than t users can. For self-certificate-based user authentication, we propose a self-certificate-based user authentication protocol for WSNs, which can deal with authenticated queries involving multiple sensor nodes, achieve mutual authentication and key agreement between users and sensor nodes, and provide a key distribution center (KDC) to revoke compromised key pairs. In this protocol, a user can send data requests to the sensor nodes within his communication range and receives valid responses if the requests are legitimate. On average, there are n sensors in the communication range of the user. The proposed protocol still works well even if the adversary captures t nodes out of n nodes in the WSNs. Moreover, security of these proposed protocols is modelled and analyzed with Petri nets. Our analysis shows that the protocols can defend notorious attacks.en_US
dc.language.isoen_USen_US
dc.subject無線網路zh_TW
dc.subject無線感測網路zh_TW
dc.subject使用者認證zh_TW
dc.subject派翠網路zh_TW
dc.subjectWireless networksen_US
dc.subjectWireless sensor networksen_US
dc.subjectUser authenticationen_US
dc.subjectPetri netsen_US
dc.title適用於無線網路之使用者認證協定zh_TW
dc.titleUser Authentication Protocols in Wireless Networks with Petri Net Verificationen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis


Files in This Item:

  1. 382201.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.