A Study on Internet Service Security

• Main Authors: Iuon-Chang Lin, 林詠章
• Other Authors: Min-Shiang Hwang
• Format: Others
• Language: en_US
• Published: 2000
• Online Access: http://ndltd.ncl.edu.tw/handle/46492995236808562145

碩士 === 朝陽大學 === 資訊管理系碩士班 === 88 === Today, the Internet is used to a wide range in business. electronic commerce is not a futuristic dream. There are everal success applications to provide services over the Internet, uch as user authentication, electronic payments, electronic Auction, and electronic voting, etc. However, the Internet services are still not mature for the security reason. Since digital data can be intercepted and altered easily in open network, it requires some protections to ensure the information security. In generally, these Internet services have to satisfy the following security requirements: confidentiality, authentication, integrity, and non-repudiation. Except the four security requirements, different Internet services have ifferent requirements. In this study, we first discuss the haracteristics and requirements for the three Internet services: user authentication, electronic payment, and electronic auction services. Then, we survey the related works for the three different Internet services. Furthermore, We anticipate using information security techniques and cryptography to propose some secure and efficient methods in the three subjects. For the first subject -- user authentication. Conventional user authentication schemes allow a server to authenticate the legitimacy of a remote login user. However, these schemes are not suitable for multi-server architecture environment. In this study, we propose a remote password authentication scheme for multi-servers architecture using smart card. In this scheme, users can freely choose their password and can not remember different login password for various servers. Besides, the proposed scheme can withstand the replay attacks. Furthermore, the systems need not to maintain any verification table and can delete a legal user from the system easily. For the second subject -- micro-payments. We proposed a post-paid micro-payment scheme. Different with other post-paid micro-payments schemes, the merchant can verify the payment message off-line. Furthermore, the scheme can prevent of duplicate spending and protect the integrity of transaction message. Except the message authenticate code (MAC) technique, the scheme does not require any complexity computations. Therefore, the micro-payment scheme is easy to implement. For the third subject electronic auction. We add a timestamp to improve the robustness of Subramanian''s electronic auction scheme. The proposed scheme can prevent the sensitive information from being revealed by the auction house, and solve the resolution of two or more bidders offering the same price.