學術產出-學位論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 適用於邊緣運算之多方身分基礎密鑰交換協議
Multi-party Identity-based Key Exchange Protocols for Edge Computing
作者 林翰陽
Lin, Han-Yang
貢獻者 左瑞麟
Tso, Ray-Lin
林翰陽
Lin, Han-Yang
關鍵詞 密碼學
身分驗證
雙線性映射
工業物聯網
邊緣運算
金鑰交換
Cryptography
ID-Based Authentication
Bilinear Map
IIoT
Edge Computing
Key Exchange
日期 2023
上傳時間 1-九月-2023 15:39:26 (UTC+8)
摘要 隨著近年製造產業邁向智慧化發展,為了取得數據資料加以分析,必須在機台上設置感測器再藉由物聯網裝置傳送資料至主機,然而在計算性能有限的裝置,使用單晶片或是性能較差的CPU進行運作,如廉價又輕薄型的物聯網裝置 - ESP32,若需要用於邊緣運算架構進行多方的加密傳輸,使用普遍的非對稱式加密對於此類裝置有公私鑰管理與儲存的負擔,也使計算多方密鑰的總時間增加;而對稱式密鑰則需要透過安全的方式或離線的方式才能達成協議。基於上述的問題此篇論文提出如何運用雙線性映射的特性來解決非對稱式加密需要獨立產生公私鑰以及多方複雜計算量的問題,以及使用身分驗證發行裝置私鑰的方式來解決安全通道的問題與參與密鑰協議的過程,特別是將非必要獨立計算且不影響安全性的數值由身分驗證的角色運算並且公開,達到更加輕便的密碼計算量與易擴充的協議。此篇論文將由雙方協議開始論述,再藉由變更算法延伸證明可輕易擴充至多方協議。
With the recent development of the manufacturing industry towards intelligence, the installation of sensors on machines and transmitting data to servers through IoT devices has become necessary in order to obtain data for analysis. However, limited computing performance devices such as microcontrollers or low-performance CPUs, like the inexpensive and small IoT device ESP32, are commonly used. In cases where the service needs to be used in an edge computing architecture for multi-party encrypted transmission, using asymmetric encryption may pose challenges in terms of public and private key management, storage burden, and increased total time to calculate the session key. Additionally, ensuring secure agreement on the symmetric key either requires an offline process or a secure method of transmission.
To address these issues, this thesis proposes a solution that utilizes the features of bilinear mapping to overcome the challenges of generating independent public and private keys and performing multi-party complex calculations in asymmetric encryption. The thesis also suggests employing identity verification to issue device private keys, which helps resolve the problem of establishing secure channels. By leveraging the role of identity verification, the thesis aims to calculate and disclose only the necessary values that do not compromise security, thus achieving lighter password calculations and an easily expandable protocol. The thesis will start with a discussion of the two-party protocol and then extend it to multi-party protocols by modifying the algorithms, as demonstrated.
參考文獻 [1] Daya Sagar Gupta, Mohammad S. Obaidat, Neeraj Kumar, Pandi Vijayakumar, SK Hafizul Islam, YoHan Park "A Provably Secure and Lightweight Identity-Based Two-Party Authenticated Key Agreement Protocol for IIoT Environments" IEEE SYSTEMS JOURNAL,VOL.15,NO.2,JUNE 2021.
[2] Daya Sagar Gupta, Krittibas Parai, Mohammad S. Obaidat, SK Hafizul Islam, "Efficient and Secure Design of ID-3PAKA Protocol Using ECC" IEEE Conference on CITS, DOI: 10.1109/CITS52676.2021.9618445, 2021.
[3] D. S. Gupta, G. P. Biswas "A novel and efficient lattice-based authenticated key exchange protocol in C-K model" Int. J. Commun. Syst., vol. 31, no. 3, 2018, Art. no. e3473.
[4] S. H. Islam, R. Amin, G. P. Biswas, M. S. Faras, X. Li, S. Kumari "An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments" ournal of King Saud University - Computer and Information Sciences, vol. 29, no. 3, pp. 311–324, 2017.
[5] C.-L. Liu, W.-J. Tsai, T.-Y. Chang, T.-M. Liu "Ephemeral-secretleakage secure id-based three-party authenticated key agreement protocol for mobile distributed computing environments" Symmetry, vol. 10, no. 4, p. 84, 2018.
[6] C.-M. Chen, K.-H. Wang, T.-Y. Wu, E. K. Wang "On the security of a three-party authenticated key agreement protocol based on chaotic maps" Data Science and Pattern Recognition, vol. 1, no. 2, pp. 1–10, 2017.
[7] Jianmin Zhao, Qi Xie, Xiuyuan Yu, "Chaotic maps-based three-party password-authenticated key agreement scheme" Nonlinear Dyn 74:1021–1027 DOI:10.1007/s11071-013-1020-7, 2013.
[8] H. Xiong, Z. Chen, F. Li "New identity-based three-party authenticated key agreement protocol with provable security" Journal of Network and Computer Applications, vol. 36, no. 2, pp. 927–932, 2013.
[9] M. Hölbl, T. Welzer, B. Brumen "An improved two-party identitybased authenticated key agreement protocol using pairings" J. Comput. Syst. Sci., vol. 78, no. 1, pp. 142–150, 2012.
[10] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols in the escrow mode" Sci. China Inf. Sci., vol. 56, no. 8, pp. 1–14, 2013.
[11] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols" Comput. Elect. Eng., vol. 37, no. 2, pp. 205–217, 2011.
[12] H. Huang, Z. Cao "An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem" in Proc. 4th Int. Symp. Inf., Comput., Commun. Secur., 2009, pp. 333–342.
[13] L. Chen, Z. Cheng, N. P. Smart "Identity-based key agreement protocols from pairings" Int. J. Inf. Secur., vol. 6, no. 4, pp. 213–241, 2007.
[14] D. Boneh, M. Franklin "Identity-based encryption from the Weil pairing" in Proc. Annu. Int. Cryptol. Conf., 2001, pp. 213–229.
[15] Adi Shamir "Identity-Based Cryptosystems and Signature Schemes" in Proc. Workshop Theory Appl. Cryptographic Techn., 1984, pp. 47–53.
[16] Huihui Yang, Vladimir Oleshchuk*, Andreas Prinz “Verifying Group Authentication Protocols by Scyther”
[17] Cas Cremers, “The Scyther Tool” https://people.cispa.io/cas.cremers/scyther/index.html
[18] Ben Lynn “PBC Library - The Pairing-Based Cryptography Library” https://crypto.stanford.edu/pbc/
[19] Shaik Shakeel Ahamad, Al‑Sakib Khan Pathan "Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification" DOI: 10.1186/s40294-019-0064-z, 2019.
描述 碩士
國立政治大學
資訊科學系碩士在職專班
109971014
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109971014
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray-Linen_US
dc.contributor.author (作者) 林翰陽zh_TW
dc.contributor.author (作者) Lin, Han-Yangen_US
dc.creator (作者) 林翰陽zh_TW
dc.creator (作者) Lin, Han-Yangen_US
dc.date (日期) 2023en_US
dc.date.accessioned 1-九月-2023 15:39:26 (UTC+8)-
dc.date.available 1-九月-2023 15:39:26 (UTC+8)-
dc.date.issued (上傳時間) 1-九月-2023 15:39:26 (UTC+8)-
dc.identifier (其他 識別碼) G0109971014en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/147095-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學系碩士在職專班zh_TW
dc.description (描述) 109971014zh_TW
dc.description.abstract (摘要) 隨著近年製造產業邁向智慧化發展,為了取得數據資料加以分析,必須在機台上設置感測器再藉由物聯網裝置傳送資料至主機,然而在計算性能有限的裝置,使用單晶片或是性能較差的CPU進行運作,如廉價又輕薄型的物聯網裝置 - ESP32,若需要用於邊緣運算架構進行多方的加密傳輸,使用普遍的非對稱式加密對於此類裝置有公私鑰管理與儲存的負擔,也使計算多方密鑰的總時間增加;而對稱式密鑰則需要透過安全的方式或離線的方式才能達成協議。基於上述的問題此篇論文提出如何運用雙線性映射的特性來解決非對稱式加密需要獨立產生公私鑰以及多方複雜計算量的問題,以及使用身分驗證發行裝置私鑰的方式來解決安全通道的問題與參與密鑰協議的過程,特別是將非必要獨立計算且不影響安全性的數值由身分驗證的角色運算並且公開,達到更加輕便的密碼計算量與易擴充的協議。此篇論文將由雙方協議開始論述,再藉由變更算法延伸證明可輕易擴充至多方協議。zh_TW
dc.description.abstract (摘要) With the recent development of the manufacturing industry towards intelligence, the installation of sensors on machines and transmitting data to servers through IoT devices has become necessary in order to obtain data for analysis. However, limited computing performance devices such as microcontrollers or low-performance CPUs, like the inexpensive and small IoT device ESP32, are commonly used. In cases where the service needs to be used in an edge computing architecture for multi-party encrypted transmission, using asymmetric encryption may pose challenges in terms of public and private key management, storage burden, and increased total time to calculate the session key. Additionally, ensuring secure agreement on the symmetric key either requires an offline process or a secure method of transmission.
To address these issues, this thesis proposes a solution that utilizes the features of bilinear mapping to overcome the challenges of generating independent public and private keys and performing multi-party complex calculations in asymmetric encryption. The thesis also suggests employing identity verification to issue device private keys, which helps resolve the problem of establishing secure channels. By leveraging the role of identity verification, the thesis aims to calculate and disclose only the necessary values that do not compromise security, thus achieving lighter password calculations and an easily expandable protocol. The thesis will start with a discussion of the two-party protocol and then extend it to multi-party protocols by modifying the algorithms, as demonstrated.
en_US
dc.description.tableofcontents 第一章 緒論 1
1.1 研究動機 1
1.2 研究方法及目標 2
1.3 研究之重要性 3
第二章 背景知識 4
2.1 基於身分的認證協議 (ID-Based Authentication) 4
2.2 雙線性映射 (Bilinear Paring) 5
2.3 橢圓曲線離散對數問題 5
2.4 Computational Bilinear Diffie–Hellman 問題 6
2.5 邊緣運算 (Edge Computing) 7
第三章 相關研究 9
3.1 ID-2PAKA雙方協議 10
3.2 ID-3PAKA三方協議 14
第四章 本研究提出之密鑰協議 19
4.1 雙方密鑰協議機制 19
4.2 多方密鑰協議機制 23
4.2.1 三方密鑰協議範例 25
第五章 正確性及安全性分析 29
5.1 正確性 29
5.2 安全性 30
5.3 Scyther Tool 分析 32
第六章 密鑰協議實作 38
6.1 模擬方式 38
6.2 模擬結果 39
6.3 效能分析 43
第七章 結論 47
附錄 - 程式碼 48
程式碼A – Scyther Tool: Two Party Simulation 48
程式碼B – Scyther Tool: Three Party Simulation 50
程式碼C – Scyther Tool: Four Party Simulation 52
程式碼D – Scyther Tool: Five Party Simulation 55
程式碼E – Two Party Protocol Simulation 59
程式碼F – Three Party Protocol Simulation 62
程式碼G – 複雜運算性能測試 66
參考文獻 67
zh_TW
dc.format.extent 3700272 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109971014en_US
dc.subject (關鍵詞) 密碼學zh_TW
dc.subject (關鍵詞) 身分驗證zh_TW
dc.subject (關鍵詞) 雙線性映射zh_TW
dc.subject (關鍵詞) 工業物聯網zh_TW
dc.subject (關鍵詞) 邊緣運算zh_TW
dc.subject (關鍵詞) 金鑰交換zh_TW
dc.subject (關鍵詞) Cryptographyen_US
dc.subject (關鍵詞) ID-Based Authenticationen_US
dc.subject (關鍵詞) Bilinear Mapen_US
dc.subject (關鍵詞) IIoTen_US
dc.subject (關鍵詞) Edge Computingen_US
dc.subject (關鍵詞) Key Exchangeen_US
dc.title (題名) 適用於邊緣運算之多方身分基礎密鑰交換協議zh_TW
dc.title (題名) Multi-party Identity-based Key Exchange Protocols for Edge Computingen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) [1] Daya Sagar Gupta, Mohammad S. Obaidat, Neeraj Kumar, Pandi Vijayakumar, SK Hafizul Islam, YoHan Park "A Provably Secure and Lightweight Identity-Based Two-Party Authenticated Key Agreement Protocol for IIoT Environments" IEEE SYSTEMS JOURNAL,VOL.15,NO.2,JUNE 2021.
[2] Daya Sagar Gupta, Krittibas Parai, Mohammad S. Obaidat, SK Hafizul Islam, "Efficient and Secure Design of ID-3PAKA Protocol Using ECC" IEEE Conference on CITS, DOI: 10.1109/CITS52676.2021.9618445, 2021.
[3] D. S. Gupta, G. P. Biswas "A novel and efficient lattice-based authenticated key exchange protocol in C-K model" Int. J. Commun. Syst., vol. 31, no. 3, 2018, Art. no. e3473.
[4] S. H. Islam, R. Amin, G. P. Biswas, M. S. Faras, X. Li, S. Kumari "An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments" ournal of King Saud University - Computer and Information Sciences, vol. 29, no. 3, pp. 311–324, 2017.
[5] C.-L. Liu, W.-J. Tsai, T.-Y. Chang, T.-M. Liu "Ephemeral-secretleakage secure id-based three-party authenticated key agreement protocol for mobile distributed computing environments" Symmetry, vol. 10, no. 4, p. 84, 2018.
[6] C.-M. Chen, K.-H. Wang, T.-Y. Wu, E. K. Wang "On the security of a three-party authenticated key agreement protocol based on chaotic maps" Data Science and Pattern Recognition, vol. 1, no. 2, pp. 1–10, 2017.
[7] Jianmin Zhao, Qi Xie, Xiuyuan Yu, "Chaotic maps-based three-party password-authenticated key agreement scheme" Nonlinear Dyn 74:1021–1027 DOI:10.1007/s11071-013-1020-7, 2013.
[8] H. Xiong, Z. Chen, F. Li "New identity-based three-party authenticated key agreement protocol with provable security" Journal of Network and Computer Applications, vol. 36, no. 2, pp. 927–932, 2013.
[9] M. Hölbl, T. Welzer, B. Brumen "An improved two-party identitybased authenticated key agreement protocol using pairings" J. Comput. Syst. Sci., vol. 78, no. 1, pp. 142–150, 2012.
[10] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols in the escrow mode" Sci. China Inf. Sci., vol. 56, no. 8, pp. 1–14, 2013.
[11] L. Ni, G. Chen, J. Li, Y. Hao "Strongly secure identity-based authenticated key agreement protocols" Comput. Elect. Eng., vol. 37, no. 2, pp. 205–217, 2011.
[12] H. Huang, Z. Cao "An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem" in Proc. 4th Int. Symp. Inf., Comput., Commun. Secur., 2009, pp. 333–342.
[13] L. Chen, Z. Cheng, N. P. Smart "Identity-based key agreement protocols from pairings" Int. J. Inf. Secur., vol. 6, no. 4, pp. 213–241, 2007.
[14] D. Boneh, M. Franklin "Identity-based encryption from the Weil pairing" in Proc. Annu. Int. Cryptol. Conf., 2001, pp. 213–229.
[15] Adi Shamir "Identity-Based Cryptosystems and Signature Schemes" in Proc. Workshop Theory Appl. Cryptographic Techn., 1984, pp. 47–53.
[16] Huihui Yang, Vladimir Oleshchuk*, Andreas Prinz “Verifying Group Authentication Protocols by Scyther”
[17] Cas Cremers, “The Scyther Tool” https://people.cispa.io/cas.cremers/scyther/index.html
[18] Ben Lynn “PBC Library - The Pairing-Based Cryptography Library” https://crypto.stanford.edu/pbc/
[19] Shaik Shakeel Ahamad, Al‑Sakib Khan Pathan "Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification" DOI: 10.1186/s40294-019-0064-z, 2019.
zh_TW