Summary: | 博士 === 臺灣大學 === 電機工程學研究所 === 95 === Development of computer network and computer technology will no doubt provide users with an open and public runtime environment for resource sharing. However, ensuring legal access and confidentiality of data will undoubtedly be a big challenge in resource sharing environment. An examination of the different types of unpredictable phenomena in network environment, for instance, situations like unauthorized access request, user access rights not matching, or violation of user data, sufficiently shows the importance of access control.
Access control in hierarchy key management mainly lies in solving the key generation and access problem among groups. So, users can effectively access data through the acquired key, and at the same time avoid personal data from unauthorized access.
Therefore, this study presents three different types of access control schemes, all of which are used in hierarchies with order relation that is bias. Among which, each group can be subordinate to many immediate groups. Each of these three methods uses a different mathematic background, including one-way hash function, Chinese remainder theorem, and elliptic curve cryptosystem, to ensure the security of the secret key, and to meet the requirements of dynamic management such as solution to problems like adding and deleting groups, modifying relationships among groups, and changing of secret key, etc.
Besides, in conventional centralized network administration method, due to the increased workload brought on by enlarged network systems, a host must send messages and exchange data with clients that are distributed. This causes net-flow to increase leading to a drop in work efficiency. At the same time, the frequent exchange of data between host and clients also uses up large amount of network bandwidth, eating into efficiency. This causes the system administration, which presently tends toward large and distributed network framework, to face a considerably large problem relating to dependability, interactivity, expandability, and inelasticity.
For this reason, this study also proposes a hierarchical mobile operation scheme that can be used to solve access control problems in distributed environment, to handle access and key management between mobile agent and mobile agent or mobile agent and host server. At that same time that the proposed scheme alleviates security problems in key management, it also meets the functionality requirements of access control in distributed environment on undesignated network.
|