标题: 适用于企业电子化应用的认证及加密方法
Authentication and Encryption for Electronic Business
作者: 高铭智
Kao, Min-Chih
陈登吉
Chen, Deng-Jyi
资讯科学与工程研究所
关键字: 电子商务;密码;认证;e-business;cryptography;authentication
公开日期: 2008
摘要: 公司行号为了降低成本及营运效能而进行企业电子化。电子化企业营运环境跟原本的营运环境的不同点有:没有已经建立好信任关系的面对面运作,所有的交易均电子化并经由网路传送完成,交易的参与者分布于网际网路及内外部网路及可以处理以储存的资料会经常有小变动情形的加密的储存系统。由于这些不同的特性,电子化企业的相关应用需要下列三种基本元件以建立参与者间的信任关系:
1. 加密元件:提供电子文件在不同生命周期的机密性保护。
2. 摘要函式:保证特定资料片段的正确性。摘要函式常与其他密码演算法结合,用于保证资料不被窜改。
3. 数位签章:避免非授权的修改及否认。在电子化应用中,数位签章也用于判断是否为合法的资料存取。
然而,目前的解决方案无法适用于企业电子化环境的所有状况。因此,本论文发展一些解决方案改进这些障碍。这些方案包含如下的计画:
□ 关于区块密码,本论文针对加密模式及填充模式,发展了两个解决方案。在加密模式方面,首先分析了由Katz等人所提的不可伪造的加密演算法并提出新的演算法改进。所发展的演算法比原先的演算法更适合储存的资料会经常有小变动的情况。在填充模式方面,本论文发展出新的填充模式。此填充模式具有低资讯泄漏的特性,同时也可抵挡”padding oracle”攻击。此种攻击可用于攻击SSL/TLS (安全传输层/传输层安全)协定,这两个协定用于保护网页伺服器及浏览器之间的传输安全(也就是hypertext transfer protocol secure, https)以及一些无线网路认证协定,如EAP-TLS。
□ 关于认证程序,现有的解决方案,如SET(Secure Electronic Transaction),使用dual signature以满足完整性、认证、不可否认性、机密性及关连性等需求。然而,基于dual signature的认证程序的参与者局限于两个。针对这限制,本论文提出可供更多参与者的orthogonal signature。同时,基于orthogonal signature发展出参与者个数较具弹性的认证程序。
A firm keeps e-Business applications, such as e-Commerce, Supply Chains, and e-Services, running for cost down and efficiency. An e-Business environment has some different characteristics from the original business environment such as no face to face operations without established interpersonal trust among participants, all e-Business transactions that are performed electronically with the use of communication networks, the participants involved in through Intranet, Extranet, and Internet, and an encryption storage system in which the underlying data is constantly changing yet encrypted versions must be stored. Due to the different characteristics, three basic components of security mechanisms are needed to create trust relationship among the participants:
1. Encryption: provides confidentiality for each document life cycle in the electronic document management system.
2. Hash Functions: ensure the correctness of content of a piece of information. Hash Functions usually integrate with other cryptographies to ensure that no data should be corrupted in an electronic business application.
3. Digital Signatures: prevent unauthorized modification and repudiation. Digital signatures are also related to legitimate pattern of operations in data access in a business process.
However, current solutions can not fit in with all conditions of the e-Business environment. So, the dissertation develops some schemes to improve the barriers. The developed schemes include as follows:
□ For block cipher, three are two schemes proposed for encryption modes and padding (the last block) respectively. For the encryption mode scheme, Katz et al’s unforgeable encryption scheme is analyzed and improved. The improved unforgeable encryption is more fit in with the condition when the inputted document changes frequently and small than original one. For the padding scheme, a new padding with low information leakage is developed. The new padding scheme can prevent padding oracle attacks. Such attacks are useful for the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol, which is not only used for building secure channel such as hypertext transfer protocol secure (https) https but also used for some authentication protocols such as EAP-TLS
□ For authentication procedure, the current solutions, such as SET, HK, used dual signature to satisfy the requirements such as integrity, authentication, non-repudiation, confidentiality, and relationship. However, the number of the participants of authentication procedures based on dual signature restrict to two. For this restriction, this dissertation proposed an orthogonal signature scheme that can work within multiple parties more than two parties and a flexible authentication procedure based on orthogonal signature.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT009117816
http://hdl.handle.net/11536/50657
显示于类别:Thesis


文件中的档案:

  1. 781601.pdf
  2. 781602.pdf
  3. 781603.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.