| Summary: | 博士 === 國立清華大學 === 資訊工程學系 === 101 === With the rapid development of network and information technologies and the continuing growth of the online population, more and more commercial enterprises are supporting online transactions. However, due to the digitization of information, it is easy for malicious attackers to eavesdrop on, tamper with, or duplicate data that are transmitted on the network. In order to protect the rights and interests of both communication parties, authentication is one of the most important security issues for network systems. Thus, when any two parties are communicating, it is very important that they be able to confirm the legitimacy of each other’s identity in order to achieve secure communication.
In this study, we focused on security research and the essentials of various authentication protocols and related applications. First, we reviewed the principle of three-party authenticated key exchange (3PAKE) and provided a more secure and efficient authentication protocol based on this architecture. Second, considering that the single-server authentication mechanism is no longer sufficient due to the explosive growth of computer networks, we extended the first 3PAKE protocol to a multi-server architecture. In the new scheme, we improved the strategy of key sharing between service providers and the registration center in order to achieve single registration with certainty. Third, based on the two previous authentication protocols, we subsequently designed three application systems, including an anonymous electronic English auction system, an authentication scheme for satellite communication systems, and a diverse ticket-sale system in a hybrid cloud. Especially in the new auction system, we were the first to design an on-shelf mechanism for an auction system that allows users to play the role of a bidder as well as an auctioneer. In the new, diverse, ticket-sale system, we applied the concept of a multi-server to provide a ticket integration platform that service providers can use to delegate the sale of their service tickets to the integrated server, and the customers can freely browse and purchase electronic service tickets from the system in any networked place. In addition to previous one-to-one communications, we also explored the security of one-to-many communications. Finally, we proposed a secure multicast authentication protocol and developed the cryptanalysis of a polynomial-based key management scheme for group communication.
|
|---|
