| Summary: | 碩士 === 國立臺灣科技大學 === 資訊管理系 === 102 === Many companies require strong authentication solutions that provide reliable security and easy to install and deploy, simple to manage, and adaptable for the changing needs. Furthermore, current trends indicate that software-based gateway has become extremely popular for companies instead of going for expensive hardware solutions. Software-based gateway can provide a lot of clear benefits. It enables the client configuration involves no additional software and compatible with various user terminals.
There are some protocols that are possible to be deployed in software-based gateway to meet the strong authentication solutions. The problems of fraud and security from eavesdropper need to be resolved. The solution lies in the implementation of the security protocols over software-based gateway. However, it is hard to generalize and automate the analysis for security features only by informal reasoning and manual efforts due to the subtle problems of cryptographic protocol. Furthermore, formal analysis methods have become the important means and tools in cryptographic protocol design and analysis to assess the security strength and find the flaws or redundancies in the protocol.
In this thesis we evaluate the security of SSL protocol which is the most popular deployed in software-based gateway using BAN Logic. Conclusions are then drawn about the viability, practicability and security of the mutual SSL authentication. It also shows the lack of completeness of the BAN Logic for proving the anonymous and authenticated server in SSL authentication protocol.
|
|---|
