行動計算服務的身分驗證、授權、與保護

Abstract

隨著通訊與電腦技術的發展，一個全球性的行動計算網路正在成形中，人們可以在任何時間、任何地點取得各式各樣的通訊服務，包括語音、影像、圖片、及文件資料等。由於新世代的行動通訊網路的全球性與可移動性，使得越來越常被應用在商業、娛樂、以及個人助理等服務上，而安全性即成為影響行動服務品質的重要因素之一。然而，要設計出一個完整的方法來一次解決所有的安全問題是非常困難的。因此在這本論文中，我們分別考慮三種重要的安全議題，並提出可行的解決方案。首先，我們探討如何於不同的環境限制下、建構安全的通訊管道；其次是考慮到行動計算服務的內容的使用授權問題；最後則是研究在服務提供商（service provider）的統計資料庫中，如何保護使用者資料的隱私問題。 為了建構一個安全的通訊管道以提供行動計算服務，可行的身分驗證協定需要考慮不同的環境限制來設計。在跨網域(inter-domain)、線上及時漫遊(on-line roaming)的環境下，我們提出了一種"鏈式身分驗證"（chain authentication）的方法，這個方法僅需耗費極少的時間與網路成本即可建構出一個安全的通訊通道，而且適用於一般的蜂巢式行動通訊網路(cellular mobile communication network)。此外，在離線漫遊的環境下，我們針對信用電話的服務功能提出一個IC卡的付費機制，本方法具有許多必要的特點：如使用者的身份驗證、資料的隱密性、使用者身分的匿名性、以及使用過服務後的無可否認性。 以上兩個方法都是針對所謂的"強連結"的環境而設計的，也就是在提供服務的過程中，通訊通道都是一直保持通暢、不斷線的。我們也針對"弱連結"環境提出一個安全的訊息交換協定，這個協定使每個被傳送的訊息都具有身份驗證、保證資料隱密與完整的功能，因此，即使通訊通道時常因為不可靠的無線電波而必須重新連結，也不至於因此加重安全機制運作的成本。 雖然以上的安全機制皆可透過加密技術來保證服務內容的隱密性、避免內容被竊聽或篡改，但是一些可重複使用的服務內容，如以行動碼組成的軟體，依舊得面臨非法盜版的問題。因此，我們特別設計了一個軟體的授權與保護模式來避免如行動碼(mobile code)之類的服務內容被使用者盜拷並散佈出去。 最後，我們還提出一個推論控制(inference control)機制來保護服務提供商的統計式資料庫，以保護使用者的個人資料。這個方法可以使服務提供商透過資料庫提供客戶的統計資料，但同時保護個人的機密資料被曝光。

As the development of communication and computer technologies, a global mobile computing network is forming where people can access various communication services, including audio, video, image, and data, anytime and anywhere. Due to the globality and mobility of new generation mobile computing networks, more and more applications are introduced for commerce, entertainment, personal assistant services, and so on. Security is the one of critical factors affecting the quality of mobile services. However, it is very difficult to give a total solution to all security problems. In this dissertation, we consider three critical security issues and propose the solutions. First, we discuss the security problems of establishing communication channels under different mobile environment restrictions. Then, the authorization of service contents carried through communication channels is studied. Finally, we investigate the protection of users' private sensitive data stored in the service provider's statistical database. To establish a secure communication channel for a mobile computing service, the design of an authentication protocol must take into consideration the restrictions of different environments. For the inter-domain on-line roaming environment, we propose a chain authentication scheme. This scheme takes less time and lower overhead on networks to establish a secure communication channel, and is suitable for all cellular mobile communication networks. For the off-line roaming environment, we propose an IC card-based billing scheme for credit card phone services. This scheme supports all necessary features, including authentication of users, confidentiality of data, anonymity of user's identities, and non-repudiation of demanded services. The two schemes above are designed for the "strong connection" environment, in which the communication channel is always available during the service. We also propose a secure message exchange protocol for the "weak connection" environment. In this protocol, every message itself provides authentication, confidentiality, and integrity of message data. No authentication message is needed, even if the channel is often re-connected due to unreliable radio paths or limited spectrum bandwidth. Thus the overhead caused by the security mechanism is limited. Although the above security mechanisms can adopt encryption technologies to guarantee the confidentiality of service contents and avoid eavesdropping or modifying, some reusable service contents, such as mobile codes, still suffer from the piracy problem. We herein design a software authorization and protection model to protect valuable service contents (i.e. mobile codes) from being unauthorizedly copied or distributed by users. Finally, in order to protect the information of an individual, we propose an inference control scheme to protect service providers' statistical databases against statistical analysis. With this scheme, the service provider's database can provide statistical information of customers, and at the same time protect sensitive information (e.g. their addresses and monthly bills) of individuals from being disclosed.