標題: | 安全即時通訊系統之設計與實作 The Design and Implementation of A Secure Instant Messaging Service |
作者: | 林德政 李榮耀 理學院科技與數位學習學程 |
關鍵字: | 即時通訊;密碼學;驗證;金鑰交換;Instant Messaging;Cryptography;Authentication;Key Exchange |
公開日期: | 2010 |
摘要: | 即時通訊(Instant Messaging,IM)提供使用者在網路上交換即時文字訊息、語音、視訊、檔案等通訊服務,對許多網路使用者而言,已經成為日常生活不可或缺的聯絡工具。目前多數的即時通訊軟體多以明文的方式傳送即時訊息,不僅如此,在伺服器與使用者之間亦缺乏安全完善的驗證機制。而這些漏洞容易導致即時通訊系統容易遭受竊聽、使用者假冒與伺服器偽裝等網路攻擊,對使用者的隱私造成威脅。有鑑於此,如何提供完善的驗證機制,並對通訊的內容提供加密保護的安全機制,以提升即時通訊系統的安全性,已是刻不容緩。
本論文以學者Lee等人所提出的三方驗證金鑰交換協定為研究基礎,設計一套安全的即時通訊協定,並在Java平台實作本即時通訊系統,以驗證本研究所提出的即時通訊協定是可行的。在我們的即時通訊協定中,不僅讓伺服器與使用者之間能相互驗證彼此的身份,並在驗證完雙方身份無誤之後,讓通訊的兩位使用者間可以建立一把階段性共通金鑰(Session Key),而這把金鑰可以用來對即時通訊的內容加密,防止即時訊息透過網路傳送時,遭到攻擊者擷取、利用,以符合驗證性、機密性、完整性、前推私密性等安全需求,且在安全分析中,我們分析了幾種目前常見的網路攻擊方法,以提供使用者更安全的即時通訊協定。 IM (Instant Messaging) offers users the service of exchanging text messages, audios, videos and files instantly on a network. For many network users, IM becomes an indispensable tool for daily communications. So far, most sets of the IM software transmit instant messages in plaintext, and without a secure flawless authentication scheme between the server and users. These Flaws make the IM systems prone to eavesdrop attack, impersonation attack and server spoofing attack, which poses a threat to the users’ privacy. So it is necessary to enhance the security of IM systems by providing a flawless authentication scheme and the encryption approaches to secure the IM content in no time. This study, based on the three-party encrypted key exchange (EKE) protocol of Lee et al., designs a secure IM protocol and implements the IM system in the Java platform to verify that the proposed IM protocol is feasible. The proposed IM protocol not only enables the server and users to authenticate each other mutually but also generates a session key between the two users on communication after authenticating the validity of their identification. This session key is used to encrypt the IM content, protecting the instant messages sent on a network from being intercepted or misused by attackers, and therefore, meets the security requirements: authentication, confidentiality, integrity, and forward secrecy. In the security analysis, we also analyze several commom network attack methods and provide users with a more secure IM protocol. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT079773507 http://hdl.handle.net/11536/46403 |
顯示於類別: | 畢業論文 |