| Summary: | 碩士 === 國立中正大學 === 資訊工程所 === 95 === Nowadays, the network services have received more and more attentions, and more and more traditional services are applied in network environment. To realize the diversification of network services is not impractical. Generally, providing secure network services needs two essential requirements: authentication and confidentiality. The former requirement examines whether the user is legal (users who have paid) or not, and no one can successfully impersonate a legal user to receive services. The latter one not only guarantees that only the legal users can receive services, but also protects user’s privacy upon insecure network transaction. To achieve above requirements, the cryptographies are introduced. Cryptographies basically achieve three properties: confidentiality, authentication, and non-repudiation. Combinations of these properties can develop more kinds of network services. Besides, cryptographies are conceptually classified into two types, symmetric and asymmetric cryptographies. Each on capability and efficiency has advantages and disadvantages. As for the network services system developer, to determination which to use according to the system’s demand.
The thesis mainly concentrates on four subjects of network services, the oblivious transfer, the key management of secure multicast, remote authentication using smart cards, and payment system. Each of them is perspective in the future, and the target of the thesis is to provide more suitable schemes to replace ones in present.
In 2003, Mu et al. proposed a non-interactive oblivious transfer scheme based on the standard ElGamal encryption scheme. Unfortunately, the receiver cannot verify the retrieved messages in the original scheme. Though they also proposed an extension to amend this drawback, this extension makes itself impracticable. On the other hand, the RSA cryptosystem is widely spread, and the certification infrastructure for it has been well built. As a result, two efficient non-interactive t-out-of-n oblivious transfer schemes is presented in this thesis, where one is for the honest receiver and the other is to inhibit the dishonest user from getting the valid signature of the sender. Moreover, the receiver can easily verify the requested messages in the schemes.
Secure multicasting allows the sender to deliver an identical secret to an arbitrary set of recipients through an insecure broadcasting channel while the unintended recipients can not obtain the secret. A practical approach for securing multicast communications is to apply a session key to encrypt the transmitted data. However, the challenges of secure multicast are to manage the session keys possessed by a dynamic group of recipients and to reduce the overheads of computations and transmissions when the membership is changed. The thesis proposes a new key management scheme for scalable multicast communication, which is based on Privacy Homomorphism and Chinese Remainder Theorem. This scheme can efficiently and securely deliver an identical message to multiple recipients. In particular, the complexity of the key update process in the scheme is O(1).
Recently, Wang et al. proposed a password authentication scheme, in which contains three characteristics: no verifier table for server, freely defining account numbers and passwords for users, and non-interactive. Because of the integrity of the transmitted message is not well protected, unfortunately, any adversary can impersonate a legal user even though there is no private information discovered. To avoid such a forgery attack, the thesis proposes a novel scheme based on two cryptographic assumptions, large number factoring and discrete logarithm problem under a simplified architecture. The proposed scheme not only withstands the forgery attack, but also processes the merits that such verifier-free based schemes have. Moreover, the proposed scheme is simpler and easier to implement than previously similar ones.
As for payment systems, Wang, Cao, and Zhang proposed a practical and anonymous payment scheme in 2005. In their scheme, the authors claimed that their scheme can identify those who spend a coin more than once. That means the scheme can verify the payments in an offline batch process and prevent a consumer from double spending. The thesis points out a security flaw that Wang, Cao, and Zhang’s scheme can not identify consumers those who spend the same coin repeatedly in two or more different shops at the same time. So, all consumers can apply the security flaw to perform double spending successfully. In order to overcome this security flaw, an improved version of the scheme is provided in this thesis.
|
|---|
