Publications-Theses
Article View/Open
Publication Export
-
題名 透過電信門號認證自然人以進行數位簽章之研究
Study on Phone Number based Natural Person Authentication in Digital Signature作者 蔡孟修
Tsai, Meng-Hsiu貢獻者 張宏慶
Jang, Hung-Chin
蔡孟修
Tsai, Meng-Hsiu關鍵詞 數位簽章
橢圓曲線數位簽章算法
遠端使用者撥入驗證服務
Digital signature
ECDSA
RADIUS日期 2022 上傳時間 2-Sep-2022 15:47:38 (UTC+8) 摘要 流程數位化有很多實現方式,其中數位簽章就是一個典型的例子,數位簽章可以取代實體簽核流程降低紙本使用,好處可降低運輸與交付時間成本,且有助於保護我們的環境;此外,透過帳密登入識別使用者,有可能遭到破解,如再搭配社交等網站透露個人資料或使用者習慣,將會增加帳號密碼遭盜用或外洩等風險,建立一套安全的使用者識別方式,也是本文進行探討與研究的主要目的。橢圓曲線密碼學(Elliptic Curve Cryptography,ECC)主要優勢可以透過較小的密鑰長度提供相當等級的安全性,並可有效降低儲存空間,故選用橢圓曲線數位簽章算法(Elliptic Curve Digital Signature Algorithm,ECDSA) 作為本次數位簽章實驗之研究。另外對於使用者識別方式將採用電信門號認證方式,透過遠端使用者撥入驗證服務(Remote Authentication Dial In User Service, RADIUS)完善自然人認證識別,應可有效降低使用者帳密遭駭之風險。
There are many ways to digitize processes, of which digital signatures are a typical example. Digital signatures can replace the physical signature process and reduce paper use. The benefits can reduce the cost of transportation and delivery time and help protect our environment; in addition, to identify users through account password login, it may be cracked. Using social networking sites to disclose personal information or user habits will increase the risk of account password theft or leakage. Establish a set of secure user identification.The main advantage of Elliptic Curve Cryptography (ECC) is that it can provide a considerable level of security through a smaller key length and can effectively reduce storage space. Therefore, the Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA) is selected as a study on the application of digital signatures. In addition, the user identification method will use the mobile phone number authentication method and improve the natural person authentication and identification through the Remote Authentication Dial In User Service (Remote Authentication Dial In User Service, RADIUS) which should effectively reduce the risk of user account password hacking.參考文獻 [1] S. I. Adam and S. Andolo, "A New PHP Web Application Development Framework Based on MVC Architectural Pattern and Ajax Technology," 2019 1st International Conference on Cybernetics and Intelligent System (ICORIS), 2019, pp. 45-50, doi: 10.1109/ICORIS.2019.8874912.[2] X. Cui, C. Li, Y. Qin and Y. Ding, "A Password Strength Evaluation Algorithm Based on Sensitive Personal Information," 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1542-1545, doi: 10.1109/TrustCom50675.2020.00211.[3] J. Feng, "Design and Implementation of RADIUS Client Based on Finite State Machine," 2009 Pacific-Asia Conference on Circuits, Communications and Systems, 2009, pp. 435-438, doi: 10.1109/PACCS.2009.53.[4] S. Fugees and P. Sanchol, "Proxy-Assisted Digital Signing Scheme for Mobile Cloud Computing," 2021 13th International Conference on Knowledge and Smart Technology(KST), 021, pp. 78-83, doi: 10.1109/KST51265.2021.9415816.[5] Y. Genç and E. Afacan, "Design and Implementation of an Efficient Elliptic Curve Digital Signature Algorithm (ECDSA)," 2021 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), 2021, pp. 1-6, doi: 10.1109/IEMTRONICS52119.2021.9422589.[6] E. Husni, "Digital signing using national identity as a mobile ID," 2016 International Seminar on Intelligent Technology and Its Applications (ISITIA), 2016, pp. 261-264, doi: 10.1109/ISITIA.2016.7828668.[7] D. Johnson, A. Menezes and S. Vanstone, "The elliptic curve digital signature algorithm (ECDSA)", International journal of information security, pp. 36-63, 2001.[8] J. J. Rodriguez, M. F. Zibran and F. Z. Eishita, "Finding the Middle Ground: Measuring Passwords for Security and Memorability," 2022 IEEE/ACIS 20th International Conference on Software Engineering Research, Management and Applications (SERA), 2022, pp. 77-82, doi: 10.1109/SERA54885.2022.9806772.[9] S. Ji, S. Yang, X. Hu, W. Han, Z. Li and R. Beyah, "Zero-Sum Password Cracking Game: A Large-Scale Empirical Study on the Crackability, Correlation, and Security of Passwords," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 5, pp. 550-564, 1 Sept.-Oct. 2017, doi: 10.1109/TDSC.2015.2481884.[10] S.Ji,S.Yang, A. Das, X. Hu and R. Beyah, "Password correlation: Quantification, evaluation and application," IEEE INFOCOM 2017 - IEEE Conference on Computer Communications,2017,pp.1-9,doi: 10.1109/INFOCOM.2017.8057067.[11] N. Koblitz, "Elliptic curve cryptosystems", Mathematics of computation, vol. 48, no. 177, pp. 203-209, 1987.[12] Y. Li, H. Wang and K. Sun, "A study of personal information in human-chosen passwords and its security implications," IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016, pp. 1-9, doi: 10.1109/INFOCOM.2016.7524583.[13] V. S. Miller, "Use of elliptic curves in cryptography", Conference on the theory and application of cryptographic techniques, pp. 417-426, 1985.[14] D. L. Moise and K. Wong, "Extracting Facts from Perl Code," 2006 13th Working Conference on Reverse Engineering, 2006, pp. 243-252, doi: 10.1109/WCRE.2006.28.[15] I. Mannuela, J. Putri, Michael and M. S. Anggreainy, "Level of Password Vulnerability," 2021 1st International Conference on Computer Science and Artificial Intelligence (ICCSAI), 2021, pp. 351-354, doi: 10.1109/ICCSAI53272.2021.9609778.[16] N. Nayyar and S. Arora, "Paperless Technology – A Solution to Global Warming," 2019 2nd International Conference on Power Energy, Environment and Intelligent Control (PEEIC), 2019, pp. 486-488, doi: 10.1109/PEEIC47157.2019.8976599.[17] C. Rigney、A. Rubens、W. Simpson、S. Willens。RFC 2865:Remote Authentication Dial In User Service (RADIUS)。http://www.ietf.org/rfc/rfc2865。[18] C. Rigney。RFC 2866: RADIUS Accounting. http://www.ietf.org/rfc/rfc2866。[19] C. Rigney、W. Willats、P. Calhoun。RFC 2869:RADIUS Extensions。http://www.ietf.org/rfc/rfc2869。[20] E. Rahmawati et al., "Digital signature on file using biometric fingerprint with fingerprint sensor on smartphone," 2017 International Electronics Symposium on Engineering Technology and Applications (IES-ETA), 2017, pp. 234-238, doi: 10.1109/ELECSYM.2017.8240409.[21] M. R. Perbawa, D. I. Afryansyah and R. F. Sari, "Comparison of ECDSA and RSA signature scheme on NLSR performance," 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob), 2017, pp. 7-11, doi: 10.1109/APWiMob.2017.8284007.[22] Joseph H. Silverman, The Arithmetic of Elliptic Curves, 2009.[23] Y. Shang, "Efficient and Secure Algorithm: The Application and Improvement of ECDSA," 2022 International Conference on Big Data, Information and Computer Network (BDICN), 2022, pp. 182-188, doi: 10.1109/BDICN55575.2022.00043.[24] D. Toradmalle, R. Singh, H. Shastri, N. Naik and V. Panchidi, "Prominence Of ECDSA Over RSA Digital Signature Algorithm," 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), 2018 2nd International Conference on, 2018, pp. 253-257, doi: 10.1109/I-SMAC.2018.8653689.[25] J. VenkataGiri and A. Murty, "Elliptical Curve Cryptography Design Principles," 2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), 2021, pp. 889-893, doi: 10.1109/RTEICT52294.2021.9573662.[26] L. Xiaosong and C. A. Jahanzaib, "An Empirical Study of Three PHP Frameworks", International Conference on Systems and Informatics, 2017.[27] 3GPP ,“ TS 29.061 version 13.4.0 Release 13,”2016.[28] 林秋輝,” 5G行動通訊網路安全:認證安全機制淺談”,第14卷第5期,2020. [Online]. Available: https://nccnews.com.tw/202010/ch4.html.[29] “2022年第1季行動通訊市場統計資訊”,ncc.gov.tw. [Online]. Available:https://www.ncc.gov.tw/chinese/news_detail.aspx?site_content_sn=3773&sn_f=47688. 描述 碩士
國立政治大學
資訊科學系碩士在職專班
109971018資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109971018 資料類型 thesis dc.contributor.advisor 張宏慶 zh_TW dc.contributor.advisor Jang, Hung-Chin en_US dc.contributor.author (Authors) 蔡孟修 zh_TW dc.contributor.author (Authors) Tsai, Meng-Hsiu en_US dc.creator (作者) 蔡孟修 zh_TW dc.creator (作者) Tsai, Meng-Hsiu en_US dc.date (日期) 2022 en_US dc.date.accessioned 2-Sep-2022 15:47:38 (UTC+8) - dc.date.available 2-Sep-2022 15:47:38 (UTC+8) - dc.date.issued (上傳時間) 2-Sep-2022 15:47:38 (UTC+8) - dc.identifier (Other Identifiers) G0109971018 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/141840 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 109971018 zh_TW dc.description.abstract (摘要) 流程數位化有很多實現方式,其中數位簽章就是一個典型的例子,數位簽章可以取代實體簽核流程降低紙本使用,好處可降低運輸與交付時間成本,且有助於保護我們的環境;此外,透過帳密登入識別使用者,有可能遭到破解,如再搭配社交等網站透露個人資料或使用者習慣,將會增加帳號密碼遭盜用或外洩等風險,建立一套安全的使用者識別方式,也是本文進行探討與研究的主要目的。橢圓曲線密碼學(Elliptic Curve Cryptography,ECC)主要優勢可以透過較小的密鑰長度提供相當等級的安全性,並可有效降低儲存空間,故選用橢圓曲線數位簽章算法(Elliptic Curve Digital Signature Algorithm,ECDSA) 作為本次數位簽章實驗之研究。另外對於使用者識別方式將採用電信門號認證方式,透過遠端使用者撥入驗證服務(Remote Authentication Dial In User Service, RADIUS)完善自然人認證識別,應可有效降低使用者帳密遭駭之風險。 zh_TW dc.description.abstract (摘要) There are many ways to digitize processes, of which digital signatures are a typical example. Digital signatures can replace the physical signature process and reduce paper use. The benefits can reduce the cost of transportation and delivery time and help protect our environment; in addition, to identify users through account password login, it may be cracked. Using social networking sites to disclose personal information or user habits will increase the risk of account password theft or leakage. Establish a set of secure user identification.The main advantage of Elliptic Curve Cryptography (ECC) is that it can provide a considerable level of security through a smaller key length and can effectively reduce storage space. Therefore, the Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA) is selected as a study on the application of digital signatures. In addition, the user identification method will use the mobile phone number authentication method and improve the natural person authentication and identification through the Remote Authentication Dial In User Service (Remote Authentication Dial In User Service, RADIUS) which should effectively reduce the risk of user account password hacking. en_US dc.description.tableofcontents 表次 I圖次 II公式 IV第一章 緒論 11.1研究背景 11.2研究動機 2第二章 文獻討論 32.1 A study of personal information in human-chosen passwords and its security implications[12] 32.2 Digital signing using national identity as a mobile ID [6] 62.3 Proxy-Assisted Digital Signing Scheme for Mobile Cloud Computing [4] 82.4 Elliptical Curve Cryptography Design Principles[25] 112.5 Prominence Of ECDSA Over RSA Digital Signature Algorithm[24] 14第三章 研究相關技術 173.1 超文字預處理器 (Hypertext Preprocessor,PHP) 183.2 遠端使用者撥入驗證服務(Remote Authentication Dial In User Service, RADIUS) 193.3 PERL (Practical Extraction Report Language) 243.4 橢圓曲線密碼學(Elliptic Curve Cryptography,ECC) 253.5 橢圓曲線數位簽章算法(Elliptic Curve Digital Signature Algorithm, ECDSA) 26第四章 研究方法 304.1用戶登入網站 314.2用戶身分比對 314.3產生憑證並進行文件簽章 344.4數位簽章確認 35第五章 實驗結果 36第六章 結論與未來研究 41第七章 參考文獻 42 zh_TW dc.format.extent 3928981 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109971018 en_US dc.subject (關鍵詞) 數位簽章 zh_TW dc.subject (關鍵詞) 橢圓曲線數位簽章算法 zh_TW dc.subject (關鍵詞) 遠端使用者撥入驗證服務 zh_TW dc.subject (關鍵詞) Digital signature en_US dc.subject (關鍵詞) ECDSA en_US dc.subject (關鍵詞) RADIUS en_US dc.title (題名) 透過電信門號認證自然人以進行數位簽章之研究 zh_TW dc.title (題名) Study on Phone Number based Natural Person Authentication in Digital Signature en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] S. I. Adam and S. Andolo, "A New PHP Web Application Development Framework Based on MVC Architectural Pattern and Ajax Technology," 2019 1st International Conference on Cybernetics and Intelligent System (ICORIS), 2019, pp. 45-50, doi: 10.1109/ICORIS.2019.8874912.[2] X. Cui, C. Li, Y. Qin and Y. Ding, "A Password Strength Evaluation Algorithm Based on Sensitive Personal Information," 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1542-1545, doi: 10.1109/TrustCom50675.2020.00211.[3] J. Feng, "Design and Implementation of RADIUS Client Based on Finite State Machine," 2009 Pacific-Asia Conference on Circuits, Communications and Systems, 2009, pp. 435-438, doi: 10.1109/PACCS.2009.53.[4] S. Fugees and P. Sanchol, "Proxy-Assisted Digital Signing Scheme for Mobile Cloud Computing," 2021 13th International Conference on Knowledge and Smart Technology(KST), 021, pp. 78-83, doi: 10.1109/KST51265.2021.9415816.[5] Y. Genç and E. Afacan, "Design and Implementation of an Efficient Elliptic Curve Digital Signature Algorithm (ECDSA)," 2021 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), 2021, pp. 1-6, doi: 10.1109/IEMTRONICS52119.2021.9422589.[6] E. Husni, "Digital signing using national identity as a mobile ID," 2016 International Seminar on Intelligent Technology and Its Applications (ISITIA), 2016, pp. 261-264, doi: 10.1109/ISITIA.2016.7828668.[7] D. Johnson, A. Menezes and S. Vanstone, "The elliptic curve digital signature algorithm (ECDSA)", International journal of information security, pp. 36-63, 2001.[8] J. J. Rodriguez, M. F. Zibran and F. Z. Eishita, "Finding the Middle Ground: Measuring Passwords for Security and Memorability," 2022 IEEE/ACIS 20th International Conference on Software Engineering Research, Management and Applications (SERA), 2022, pp. 77-82, doi: 10.1109/SERA54885.2022.9806772.[9] S. Ji, S. Yang, X. Hu, W. Han, Z. Li and R. Beyah, "Zero-Sum Password Cracking Game: A Large-Scale Empirical Study on the Crackability, Correlation, and Security of Passwords," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 5, pp. 550-564, 1 Sept.-Oct. 2017, doi: 10.1109/TDSC.2015.2481884.[10] S.Ji,S.Yang, A. Das, X. Hu and R. Beyah, "Password correlation: Quantification, evaluation and application," IEEE INFOCOM 2017 - IEEE Conference on Computer Communications,2017,pp.1-9,doi: 10.1109/INFOCOM.2017.8057067.[11] N. Koblitz, "Elliptic curve cryptosystems", Mathematics of computation, vol. 48, no. 177, pp. 203-209, 1987.[12] Y. Li, H. Wang and K. Sun, "A study of personal information in human-chosen passwords and its security implications," IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016, pp. 1-9, doi: 10.1109/INFOCOM.2016.7524583.[13] V. S. Miller, "Use of elliptic curves in cryptography", Conference on the theory and application of cryptographic techniques, pp. 417-426, 1985.[14] D. L. Moise and K. Wong, "Extracting Facts from Perl Code," 2006 13th Working Conference on Reverse Engineering, 2006, pp. 243-252, doi: 10.1109/WCRE.2006.28.[15] I. Mannuela, J. Putri, Michael and M. S. Anggreainy, "Level of Password Vulnerability," 2021 1st International Conference on Computer Science and Artificial Intelligence (ICCSAI), 2021, pp. 351-354, doi: 10.1109/ICCSAI53272.2021.9609778.[16] N. Nayyar and S. Arora, "Paperless Technology – A Solution to Global Warming," 2019 2nd International Conference on Power Energy, Environment and Intelligent Control (PEEIC), 2019, pp. 486-488, doi: 10.1109/PEEIC47157.2019.8976599.[17] C. Rigney、A. Rubens、W. Simpson、S. Willens。RFC 2865:Remote Authentication Dial In User Service (RADIUS)。http://www.ietf.org/rfc/rfc2865。[18] C. Rigney。RFC 2866: RADIUS Accounting. http://www.ietf.org/rfc/rfc2866。[19] C. Rigney、W. Willats、P. Calhoun。RFC 2869:RADIUS Extensions。http://www.ietf.org/rfc/rfc2869。[20] E. Rahmawati et al., "Digital signature on file using biometric fingerprint with fingerprint sensor on smartphone," 2017 International Electronics Symposium on Engineering Technology and Applications (IES-ETA), 2017, pp. 234-238, doi: 10.1109/ELECSYM.2017.8240409.[21] M. R. Perbawa, D. I. Afryansyah and R. F. Sari, "Comparison of ECDSA and RSA signature scheme on NLSR performance," 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob), 2017, pp. 7-11, doi: 10.1109/APWiMob.2017.8284007.[22] Joseph H. Silverman, The Arithmetic of Elliptic Curves, 2009.[23] Y. Shang, "Efficient and Secure Algorithm: The Application and Improvement of ECDSA," 2022 International Conference on Big Data, Information and Computer Network (BDICN), 2022, pp. 182-188, doi: 10.1109/BDICN55575.2022.00043.[24] D. Toradmalle, R. Singh, H. Shastri, N. Naik and V. Panchidi, "Prominence Of ECDSA Over RSA Digital Signature Algorithm," 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), 2018 2nd International Conference on, 2018, pp. 253-257, doi: 10.1109/I-SMAC.2018.8653689.[25] J. VenkataGiri and A. Murty, "Elliptical Curve Cryptography Design Principles," 2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), 2021, pp. 889-893, doi: 10.1109/RTEICT52294.2021.9573662.[26] L. Xiaosong and C. A. Jahanzaib, "An Empirical Study of Three PHP Frameworks", International Conference on Systems and Informatics, 2017.[27] 3GPP ,“ TS 29.061 version 13.4.0 Release 13,”2016.[28] 林秋輝,” 5G行動通訊網路安全:認證安全機制淺談”,第14卷第5期,2020. [Online]. Available: https://nccnews.com.tw/202010/ch4.html.[29] “2022年第1季行動通訊市場統計資訊”,ncc.gov.tw. [Online]. Available:https://www.ncc.gov.tw/chinese/news_detail.aspx?site_content_sn=3773&sn_f=47688. zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202201365 en_US
