學術產出-Theses
Article View/Open
Publication Export
-
題名 適用於邊緣運算之多方身分基礎密鑰交換協議
Multi-party Identity-based Key Exchange Protocols for Edge Computing作者 林翰陽
Lin, Han-Yang貢獻者 左瑞麟
Tso, Ray-Lin
林翰陽
Lin, Han-Yang關鍵詞 密碼學
身分驗證
雙線性映射
工業物聯網
邊緣運算
金鑰交換
Cryptography
ID-Based Authentication
Bilinear Map
IIoT
Edge Computing
Key Exchange日期 2023 上傳時間 1-Sep-2023 15:39:26 (UTC+8) 摘要 隨著近年製造產業邁向智慧化發展,為了取得數據資料加以分析,必須在機台上設置感測器再藉由物聯網裝置傳送資料至主機,然而在計算性能有限的裝置,使用單晶片或是性能較差的CPU進行運作,如廉價又輕薄型的物聯網裝置 - ESP32,若需要用於邊緣運算架構進行多方的加密傳輸,使用普遍的非對稱式加密對於此類裝置有公私鑰管理與儲存的負擔,也使計算多方密鑰的總時間增加;而對稱式密鑰則需要透過安全的方式或離線的方式才能達成協議。基於上述的問題此篇論文提出如何運用雙線性映射的特性來解決非對稱式加密需要獨立產生公私鑰以及多方複雜計算量的問題,以及使用身分驗證發行裝置私鑰的方式來解決安全通道的問題與參與密鑰協議的過程,特別是將非必要獨立計算且不影響安全性的數值由身分驗證的角色運算並且公開,達到更加輕便的密碼計算量與易擴充的協議。此篇論文將由雙方協議開始論述,再藉由變更算法延伸證明可輕易擴充至多方協議。
With the recent development of the manufacturing industry towards intelligence, the installation of sensors on machines and transmitting data to servers through IoT devices has become necessary in order to obtain data for analysis. However, limited computing performance devices such as microcontrollers or low-performance CPUs, like the inexpensive and small IoT device ESP32, are commonly used. In cases where the service needs to be used in an edge computing architecture for multi-party encrypted transmission, using asymmetric encryption may pose challenges in terms of public and private key management, storage burden, and increased total time to calculate the session key. Additionally, ensuring secure agreement on the symmetric key either requires an offline process or a secure method of transmission.To address these issues, this thesis proposes a solution that utilizes the features of bilinear mapping to overcome the challenges of generating independent public and private keys and performing multi-party complex calculations in asymmetric encryption. The thesis also suggests employing identity verification to issue device private keys, which helps resolve the problem of establishing secure channels. By leveraging the role of identity verification, the thesis aims to calculate and disclose only the necessary values that do not compromise security, thus achieving lighter password calculations and an easily expandable protocol. The thesis will start with a discussion of the two-party protocol and then extend it to multi-party protocols by modifying the algorithms, as demonstrated.參考文獻 [1] Daya Sagar Gupta, Mohammad S. Obaidat, Neeraj Kumar, Pandi Vijayakumar, SK Hafizul Islam, YoHan Park "A Provably Secure and Lightweight Identity-Based Two-Party Authenticated Key Agreement Protocol for IIoT Environments" IEEE SYSTEMS JOURNAL,VOL.15,NO.2,JUNE 2021.[2] Daya Sagar Gupta, Krittibas Parai, Mohammad S. Obaidat, SK Hafizul Islam, "Efficient and Secure Design of ID-3PAKA Protocol Using ECC" IEEE Conference on CITS, DOI: 10.1109/CITS52676.2021.9618445, 2021.[3] D. S. Gupta, G. P. Biswas "A novel and efficient lattice-based authenticated key exchange protocol in C-K model" Int. J. Commun. Syst., vol. 31, no. 3, 2018, Art. no. e3473.[4] S. H. Islam, R. Amin, G. P. Biswas, M. S. Faras, X. Li, S. Kumari "An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments" ournal of King Saud University - Computer and Information Sciences, vol. 29, no. 3, pp. 311–324, 2017.[5] C.-L. Liu, W.-J. Tsai, T.-Y. Chang, T.-M. Liu "Ephemeral-secretleakage secure id-based three-party authenticated key agreement protocol for mobile distributed computing environments" Symmetry, vol. 10, no. 4, p. 84, 2018.[6] C.-M. Chen, K.-H. Wang, T.-Y. Wu, E. K. Wang "On the security of a three-party authenticated key agreement protocol based on chaotic maps" Data Science and Pattern Recognition, vol. 1, no. 2, pp. 1–10, 2017.[7] Jianmin Zhao, Qi Xie, Xiuyuan Yu, "Chaotic maps-based three-party password-authenticated key agreement scheme" Nonlinear Dyn 74:1021–1027 DOI:10.1007/s11071-013-1020-7, 2013.[8] H. Xiong, Z. Chen, F. Li "New identity-based three-party authenticated key agreement protocol with provable security" Journal of Network and Computer Applications, vol. 36, no. 2, pp. 927–932, 2013.[9] M. Hölbl, T. Welzer, B. Brumen "An improved two-party identitybased authenticated key agreement protocol using pairings" J. Comput. Syst. Sci., vol. 78, no. 1, pp. 142–150, 2012.[10] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols in the escrow mode" Sci. China Inf. Sci., vol. 56, no. 8, pp. 1–14, 2013.[11] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols" Comput. Elect. Eng., vol. 37, no. 2, pp. 205–217, 2011.[12] H. Huang, Z. Cao "An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem" in Proc. 4th Int. Symp. Inf., Comput., Commun. Secur., 2009, pp. 333–342.[13] L. Chen, Z. Cheng, N. P. Smart "Identity-based key agreement protocols from pairings" Int. J. Inf. Secur., vol. 6, no. 4, pp. 213–241, 2007.[14] D. Boneh, M. Franklin "Identity-based encryption from the Weil pairing" in Proc. Annu. Int. Cryptol. Conf., 2001, pp. 213–229.[15] Adi Shamir "Identity-Based Cryptosystems and Signature Schemes" in Proc. Workshop Theory Appl. Cryptographic Techn., 1984, pp. 47–53.[16] Huihui Yang, Vladimir Oleshchuk*, Andreas Prinz “Verifying Group Authentication Protocols by Scyther”[17] Cas Cremers, “The Scyther Tool” https://people.cispa.io/cas.cremers/scyther/index.html[18] Ben Lynn “PBC Library - The Pairing-Based Cryptography Library” https://crypto.stanford.edu/pbc/[19] Shaik Shakeel Ahamad, Al‑Sakib Khan Pathan "Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification" DOI: 10.1186/s40294-019-0064-z, 2019. 描述 碩士
國立政治大學
資訊科學系碩士在職專班
109971014資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109971014 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 林翰陽 zh_TW dc.contributor.author (Authors) Lin, Han-Yang en_US dc.creator (作者) 林翰陽 zh_TW dc.creator (作者) Lin, Han-Yang en_US dc.date (日期) 2023 en_US dc.date.accessioned 1-Sep-2023 15:39:26 (UTC+8) - dc.date.available 1-Sep-2023 15:39:26 (UTC+8) - dc.date.issued (上傳時間) 1-Sep-2023 15:39:26 (UTC+8) - dc.identifier (Other Identifiers) G0109971014 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/147095 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 109971014 zh_TW dc.description.abstract (摘要) 隨著近年製造產業邁向智慧化發展,為了取得數據資料加以分析,必須在機台上設置感測器再藉由物聯網裝置傳送資料至主機,然而在計算性能有限的裝置,使用單晶片或是性能較差的CPU進行運作,如廉價又輕薄型的物聯網裝置 - ESP32,若需要用於邊緣運算架構進行多方的加密傳輸,使用普遍的非對稱式加密對於此類裝置有公私鑰管理與儲存的負擔,也使計算多方密鑰的總時間增加;而對稱式密鑰則需要透過安全的方式或離線的方式才能達成協議。基於上述的問題此篇論文提出如何運用雙線性映射的特性來解決非對稱式加密需要獨立產生公私鑰以及多方複雜計算量的問題,以及使用身分驗證發行裝置私鑰的方式來解決安全通道的問題與參與密鑰協議的過程,特別是將非必要獨立計算且不影響安全性的數值由身分驗證的角色運算並且公開,達到更加輕便的密碼計算量與易擴充的協議。此篇論文將由雙方協議開始論述,再藉由變更算法延伸證明可輕易擴充至多方協議。 zh_TW dc.description.abstract (摘要) With the recent development of the manufacturing industry towards intelligence, the installation of sensors on machines and transmitting data to servers through IoT devices has become necessary in order to obtain data for analysis. However, limited computing performance devices such as microcontrollers or low-performance CPUs, like the inexpensive and small IoT device ESP32, are commonly used. In cases where the service needs to be used in an edge computing architecture for multi-party encrypted transmission, using asymmetric encryption may pose challenges in terms of public and private key management, storage burden, and increased total time to calculate the session key. Additionally, ensuring secure agreement on the symmetric key either requires an offline process or a secure method of transmission.To address these issues, this thesis proposes a solution that utilizes the features of bilinear mapping to overcome the challenges of generating independent public and private keys and performing multi-party complex calculations in asymmetric encryption. The thesis also suggests employing identity verification to issue device private keys, which helps resolve the problem of establishing secure channels. By leveraging the role of identity verification, the thesis aims to calculate and disclose only the necessary values that do not compromise security, thus achieving lighter password calculations and an easily expandable protocol. The thesis will start with a discussion of the two-party protocol and then extend it to multi-party protocols by modifying the algorithms, as demonstrated. en_US dc.description.tableofcontents 第一章 緒論 11.1 研究動機 11.2 研究方法及目標 21.3 研究之重要性 3第二章 背景知識 42.1 基於身分的認證協議 (ID-Based Authentication) 42.2 雙線性映射 (Bilinear Paring) 52.3 橢圓曲線離散對數問題 52.4 Computational Bilinear Diffie–Hellman 問題 62.5 邊緣運算 (Edge Computing) 7第三章 相關研究 93.1 ID-2PAKA雙方協議 103.2 ID-3PAKA三方協議 14第四章 本研究提出之密鑰協議 194.1 雙方密鑰協議機制 194.2 多方密鑰協議機制 234.2.1 三方密鑰協議範例 25第五章 正確性及安全性分析 295.1 正確性 295.2 安全性 305.3 Scyther Tool 分析 32第六章 密鑰協議實作 386.1 模擬方式 386.2 模擬結果 396.3 效能分析 43第七章 結論 47附錄 - 程式碼 48程式碼A – Scyther Tool: Two Party Simulation 48程式碼B – Scyther Tool: Three Party Simulation 50程式碼C – Scyther Tool: Four Party Simulation 52程式碼D – Scyther Tool: Five Party Simulation 55程式碼E – Two Party Protocol Simulation 59程式碼F – Three Party Protocol Simulation 62程式碼G – 複雜運算性能測試 66參考文獻 67 zh_TW dc.format.extent 3700272 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109971014 en_US dc.subject (關鍵詞) 密碼學 zh_TW dc.subject (關鍵詞) 身分驗證 zh_TW dc.subject (關鍵詞) 雙線性映射 zh_TW dc.subject (關鍵詞) 工業物聯網 zh_TW dc.subject (關鍵詞) 邊緣運算 zh_TW dc.subject (關鍵詞) 金鑰交換 zh_TW dc.subject (關鍵詞) Cryptography en_US dc.subject (關鍵詞) ID-Based Authentication en_US dc.subject (關鍵詞) Bilinear Map en_US dc.subject (關鍵詞) IIoT en_US dc.subject (關鍵詞) Edge Computing en_US dc.subject (關鍵詞) Key Exchange en_US dc.title (題名) 適用於邊緣運算之多方身分基礎密鑰交換協議 zh_TW dc.title (題名) Multi-party Identity-based Key Exchange Protocols for Edge Computing en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] Daya Sagar Gupta, Mohammad S. Obaidat, Neeraj Kumar, Pandi Vijayakumar, SK Hafizul Islam, YoHan Park "A Provably Secure and Lightweight Identity-Based Two-Party Authenticated Key Agreement Protocol for IIoT Environments" IEEE SYSTEMS JOURNAL,VOL.15,NO.2,JUNE 2021.[2] Daya Sagar Gupta, Krittibas Parai, Mohammad S. Obaidat, SK Hafizul Islam, "Efficient and Secure Design of ID-3PAKA Protocol Using ECC" IEEE Conference on CITS, DOI: 10.1109/CITS52676.2021.9618445, 2021.[3] D. S. Gupta, G. P. Biswas "A novel and efficient lattice-based authenticated key exchange protocol in C-K model" Int. J. Commun. Syst., vol. 31, no. 3, 2018, Art. no. e3473.[4] S. H. Islam, R. Amin, G. P. Biswas, M. S. Faras, X. Li, S. Kumari "An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments" ournal of King Saud University - Computer and Information Sciences, vol. 29, no. 3, pp. 311–324, 2017.[5] C.-L. Liu, W.-J. Tsai, T.-Y. Chang, T.-M. Liu "Ephemeral-secretleakage secure id-based three-party authenticated key agreement protocol for mobile distributed computing environments" Symmetry, vol. 10, no. 4, p. 84, 2018.[6] C.-M. Chen, K.-H. Wang, T.-Y. Wu, E. K. Wang "On the security of a three-party authenticated key agreement protocol based on chaotic maps" Data Science and Pattern Recognition, vol. 1, no. 2, pp. 1–10, 2017.[7] Jianmin Zhao, Qi Xie, Xiuyuan Yu, "Chaotic maps-based three-party password-authenticated key agreement scheme" Nonlinear Dyn 74:1021–1027 DOI:10.1007/s11071-013-1020-7, 2013.[8] H. Xiong, Z. Chen, F. Li "New identity-based three-party authenticated key agreement protocol with provable security" Journal of Network and Computer Applications, vol. 36, no. 2, pp. 927–932, 2013.[9] M. Hölbl, T. Welzer, B. Brumen "An improved two-party identitybased authenticated key agreement protocol using pairings" J. Comput. Syst. Sci., vol. 78, no. 1, pp. 142–150, 2012.[10] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols in the escrow mode" Sci. China Inf. Sci., vol. 56, no. 8, pp. 1–14, 2013.[11] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols" Comput. Elect. Eng., vol. 37, no. 2, pp. 205–217, 2011.[12] H. Huang, Z. Cao "An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem" in Proc. 4th Int. Symp. Inf., Comput., Commun. Secur., 2009, pp. 333–342.[13] L. Chen, Z. Cheng, N. P. Smart "Identity-based key agreement protocols from pairings" Int. J. Inf. Secur., vol. 6, no. 4, pp. 213–241, 2007.[14] D. Boneh, M. Franklin "Identity-based encryption from the Weil pairing" in Proc. Annu. Int. Cryptol. Conf., 2001, pp. 213–229.[15] Adi Shamir "Identity-Based Cryptosystems and Signature Schemes" in Proc. Workshop Theory Appl. Cryptographic Techn., 1984, pp. 47–53.[16] Huihui Yang, Vladimir Oleshchuk*, Andreas Prinz “Verifying Group Authentication Protocols by Scyther”[17] Cas Cremers, “The Scyther Tool” https://people.cispa.io/cas.cremers/scyther/index.html[18] Ben Lynn “PBC Library - The Pairing-Based Cryptography Library” https://crypto.stanford.edu/pbc/[19] Shaik Shakeel Ahamad, Al‑Sakib Khan Pathan "Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification" DOI: 10.1186/s40294-019-0064-z, 2019. zh_TW
