學術產出-Theses
Article View/Open
Publication Export
-
題名 基於FIDO無密碼身分驗證之群組會議金鑰生成與管理機制
Group Key Agreement and Management Scheme Based on FIDO作者 簡廷宇
Chien, Ting-Yu貢獻者 左瑞麟
Tso, Ray-Lin
簡廷宇
Chien, Ting-Yu關鍵詞 會議金鑰
FIDO
公開金鑰加密
Conference Key
FIDO
Public Key Cryptography日期 2024 上傳時間 1-Feb-2024 12:59:57 (UTC+8) 摘要 會議金鑰( Conference Key ),是一種讓線上會議的多方參與者,於公開網路上用來加密傳送訊息,以保護所傳送的訊息免受窺探和攻擊的解決方案。而其中的會議金鑰協議(Conference Key Agreement,CKA),可以使多個會議參與者在不事先共享密鑰的情況下,安全地協商出這把共享的金鑰。 現今,傳統密碼輸入的身分驗證方式,已經無法滿足現代數位世界對於資安的需求。FIDO(Fast IDentity Online)聯盟提出一套標準,利用公開金鑰加密技術、多重要素認證與生物辨識進行認證,取代密碼輸入,提供更安全的身分認證以及更良好的用戶體驗。 本篇論文提出一個以會議金鑰協議為基礎所設計的群組會議金鑰建立機制,並結合FIDO的身分認證功能,提供線上會議的內容具有端到端加密的保護,並且無密碼的身分驗證方式也能提高會議與者的身分安全性與增加使用便利性。另外我們的機制提供金鑰管理的功能,可以解決每次群組會議的會議金鑰保管問題。
Conference Key is a solution that enables multiple participants in an online meeting to encrypt the messages over the public network, protecting them from eavesdropping and potential attacks. Participants can negotiate this key before the conference begins through Conference Key Agreement (CKA). In today’s digital world, the traditional authentication methods that rely on passwords is no longer secure. FIDO (Fast IDentity Online) Alliance proposed a set of standards in 2013 for change the nature of authentication. It leverages public key cryptography and biometric authentication to verify a user, and can bring more strong security, user convenience and interoperability. In this paper, we propose a group key agreement scheme based on FIDO. It provides end-to-end encryption for online meeting and enhances participant identity security through passwordless authentication, thereby improving both security and convenience. Furthermore, our scheme provides conference key management, which can solve the issue of key storage for each time.參考文獻 [1] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory Volume: 22, Issue: 6, November 1976. [2] Yi-Yen Huang, “FIDO-based Authenticated Conference Key Exchange Protocol,” Master’s Thesis, Department of Information Management, National Taiwan University of Science and Technology, 2023. [3] The FIDO Alliance Whitepaper on FIDO 1.0 Final Specifications, Retrieved 2014, from: https://media.fidoalliance.org/wp-content/uploads/FIDOMessagingWPv1.pdf [4] BIP 0032, Retrieved 2012, from: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki [5] Y.-M. Tseng and J.-K. Jan, “Anonymous conference key distribution systems based on the discrete logarithm problem,” Computer Communications, Vol. 22, 1999. [6] C.C. Yang, T.Y. Chang, and M.S. Hwang, “A new anonymous conference key distribution system based on the Elliptic Curve Discrete Logarithm Problem,” Computer Standards and Interfaces, 25 2003. [7] C.-S. Laih and S.-M. Yen, “On the design of conference key distribution systems for the broadcasting networks,” in IEEE INFOCOM '93 The Conference on Computer. Communications, Proceedings. [8] Mike Burmester and Yvo Desmedt, “A secure and efficient conference key distribution system,” in EUROCRYPT 1994. [9] Yuanbo Guo and Jianfeng Ma, “An efficient and secure fault-tolerant conference-key distribution scheme, ” IEEE Transactions on Consumer Electronics, Volume: 50, Issue: 2, May 2004. [10] M. Steiner; G. Tsudik; M. Waidner, “CLIQUES: a new approach to group key agreement,” in Proceedings. 18th International Conference on Distributed Computing Systems 1998. [11] Y. Kim, A. Perrig and G. Tsudik, “Group key agreement efficient in communication,” IEEE Transactions on Computers (Volume: 53, Issue: 7, July 2004). [12] H.-F. Huang and C.-C. Chang, “A Novel Conference Key Distribution System with Re-keying Protocol,” In: Web and Communication Technologies and Internet-Related Social Issues - HSI 2005. Ed. by S.Shimojo et al. Vol. 3597. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2005. [13] FIDO UAF Protocol Specification, Retrieved 2017, from: https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/fido-uaf-protocol-v1.1-ps-20170202.html [14] FIDO Universal 2nd Factor (U2F) Overview, Retrieved 2017, from: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html [15] FIDO 2.0: Overview, Retrieved 2017, from: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-overview-v2.0-rd-20170927.html [16] Web Authentication: An API for accessing Public Key Credentials, from: https://www.w3.org/TR/webauthn/ [17] FIDO 2.0: Client To Authenticator Protocol, Retrieved 2017, from: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html [18] User Authentication Specifications Overview, from: https://fidoalliance.org/specifications/ [19] Florentin Putz, Steffen Schön and Matthias Hollick, ”Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions,” in 4th International Workshop on Emerging Technologies for Authorization and Authentication. Darmstadt, Germany 08,10,2021. [20]Web Authentication: An API for accessing Public Key Credentials Level 3, from: https://w3c.github.io/webauthn/#prf-extension [21] Web Authentication (WebAuthn)- WebAuthn Attestation Statement Format Identifiers, from: https://www.iana.org/assignments/webauthn/webauthn.xhtml [22] FIDO White Paper: Multi-Device FIDO Credentials, Retrieved 2022, from: https://media.fidoalliance.org/wp-content/uploads/2022/03/How-FIDO-Addresses-a-Full-Range-of-Use-Cases-March24.pdf [23] About the security of passkeys, Retrieved 2023, from: https://support.apple.com/en-ca/102195 [24] Manage passkeys in Chrome, from: https://support.google.com/chrome/answer/13168025?hl=en&co=GENIE.Platform%3DAndroid&sjid=3010656995617399239-AP [25] Christos Tselikis, Christos Douligeris, S. Mitropoulos, Nikos Komninos and George Tselikis,” Adaptation of a Conference Key Distribution System for the wireless ad hoc network,” in 2017 IEEE International Conference on Communications (ICC). [26] Szu-Yin Wang, “A Study on Dynamic Conference Key Distribution”, Master’s Thesis, Department of Information Management Shih Hsin University, 2005. [27] Orhan Ermiş, Serif Bahtiyar, Emin Anarim and Mehmet Ufuk Çağlayan, “An Improved Fault-Tolerant Conference-Key Protocol with Forward Secrecy,” ACM The 6th International Conference on Security of Information and Networks 2013. 描述 碩士
國立政治大學
資訊科學系碩士在職專班
107971022資料來源 http://thesis.lib.nccu.edu.tw/record/#G0107971022 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 簡廷宇 zh_TW dc.contributor.author (Authors) Chien, Ting-Yu en_US dc.creator (作者) 簡廷宇 zh_TW dc.creator (作者) Chien, Ting-Yu en_US dc.date (日期) 2024 en_US dc.date.accessioned 1-Feb-2024 12:59:57 (UTC+8) - dc.date.available 1-Feb-2024 12:59:57 (UTC+8) - dc.date.issued (上傳時間) 1-Feb-2024 12:59:57 (UTC+8) - dc.identifier (Other Identifiers) G0107971022 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/149681 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 107971022 zh_TW dc.description.abstract (摘要) 會議金鑰( Conference Key ),是一種讓線上會議的多方參與者,於公開網路上用來加密傳送訊息,以保護所傳送的訊息免受窺探和攻擊的解決方案。而其中的會議金鑰協議(Conference Key Agreement,CKA),可以使多個會議參與者在不事先共享密鑰的情況下,安全地協商出這把共享的金鑰。 現今,傳統密碼輸入的身分驗證方式,已經無法滿足現代數位世界對於資安的需求。FIDO(Fast IDentity Online)聯盟提出一套標準,利用公開金鑰加密技術、多重要素認證與生物辨識進行認證,取代密碼輸入,提供更安全的身分認證以及更良好的用戶體驗。 本篇論文提出一個以會議金鑰協議為基礎所設計的群組會議金鑰建立機制,並結合FIDO的身分認證功能,提供線上會議的內容具有端到端加密的保護,並且無密碼的身分驗證方式也能提高會議與者的身分安全性與增加使用便利性。另外我們的機制提供金鑰管理的功能,可以解決每次群組會議的會議金鑰保管問題。 zh_TW dc.description.abstract (摘要) Conference Key is a solution that enables multiple participants in an online meeting to encrypt the messages over the public network, protecting them from eavesdropping and potential attacks. Participants can negotiate this key before the conference begins through Conference Key Agreement (CKA). In today’s digital world, the traditional authentication methods that rely on passwords is no longer secure. FIDO (Fast IDentity Online) Alliance proposed a set of standards in 2013 for change the nature of authentication. It leverages public key cryptography and biometric authentication to verify a user, and can bring more strong security, user convenience and interoperability. In this paper, we propose a group key agreement scheme based on FIDO. It provides end-to-end encryption for online meeting and enhances participant identity security through passwordless authentication, thereby improving both security and convenience. Furthermore, our scheme provides conference key management, which can solve the issue of key storage for each time. en_US dc.description.tableofcontents 第一章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的與貢獻 2 1.3 論文架構 4 第二章 技術背景 5 2.1 公開金鑰密碼系統 5 2.2 會議金鑰 6 2.3 拉格朗日插值法 6 2.4 偽隨機數 7 2.6 階層式確定性錢包 8 2.7 FIDO 10 2.7.1 FIDO標準 11 2.7.2 FIDO 運作 13 2.7.3 FIDO2擴展 16 2.7.4 PASSKEY 18 第三章 相關研究 19 3.1 DIFFIE-HELLMAN金鑰交換協議 19 3.2 TSENG–JAN 會議金錀系統 21 3.3 HUANG 基於FIDO的會議金鑰交換協定 23 第四章 研究方法 27 4.1 流程設計與系統架構 28 4.2 基於FIDO無密碼身分驗證之群組會議金鑰生成 30 第五章 安全性與效能分析 40 5.1安全性分析 40 5.2效能分析 44 第六章 研究方法實作 48 6.1實作方式 48 6.2實作範圍 49 6.3實作畫面 49 第七章 結論與未來研究方向 56 參考文獻 58 zh_TW dc.format.extent 9943640 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0107971022 en_US dc.subject (關鍵詞) 會議金鑰 zh_TW dc.subject (關鍵詞) FIDO zh_TW dc.subject (關鍵詞) 公開金鑰加密 zh_TW dc.subject (關鍵詞) Conference Key en_US dc.subject (關鍵詞) FIDO en_US dc.subject (關鍵詞) Public Key Cryptography en_US dc.title (題名) 基於FIDO無密碼身分驗證之群組會議金鑰生成與管理機制 zh_TW dc.title (題名) Group Key Agreement and Management Scheme Based on FIDO en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory Volume: 22, Issue: 6, November 1976. [2] Yi-Yen Huang, “FIDO-based Authenticated Conference Key Exchange Protocol,” Master’s Thesis, Department of Information Management, National Taiwan University of Science and Technology, 2023. [3] The FIDO Alliance Whitepaper on FIDO 1.0 Final Specifications, Retrieved 2014, from: https://media.fidoalliance.org/wp-content/uploads/FIDOMessagingWPv1.pdf [4] BIP 0032, Retrieved 2012, from: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki [5] Y.-M. Tseng and J.-K. Jan, “Anonymous conference key distribution systems based on the discrete logarithm problem,” Computer Communications, Vol. 22, 1999. [6] C.C. Yang, T.Y. Chang, and M.S. Hwang, “A new anonymous conference key distribution system based on the Elliptic Curve Discrete Logarithm Problem,” Computer Standards and Interfaces, 25 2003. [7] C.-S. Laih and S.-M. Yen, “On the design of conference key distribution systems for the broadcasting networks,” in IEEE INFOCOM '93 The Conference on Computer. Communications, Proceedings. [8] Mike Burmester and Yvo Desmedt, “A secure and efficient conference key distribution system,” in EUROCRYPT 1994. [9] Yuanbo Guo and Jianfeng Ma, “An efficient and secure fault-tolerant conference-key distribution scheme, ” IEEE Transactions on Consumer Electronics, Volume: 50, Issue: 2, May 2004. [10] M. Steiner; G. Tsudik; M. Waidner, “CLIQUES: a new approach to group key agreement,” in Proceedings. 18th International Conference on Distributed Computing Systems 1998. [11] Y. Kim, A. Perrig and G. Tsudik, “Group key agreement efficient in communication,” IEEE Transactions on Computers (Volume: 53, Issue: 7, July 2004). [12] H.-F. Huang and C.-C. Chang, “A Novel Conference Key Distribution System with Re-keying Protocol,” In: Web and Communication Technologies and Internet-Related Social Issues - HSI 2005. Ed. by S.Shimojo et al. Vol. 3597. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2005. [13] FIDO UAF Protocol Specification, Retrieved 2017, from: https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/fido-uaf-protocol-v1.1-ps-20170202.html [14] FIDO Universal 2nd Factor (U2F) Overview, Retrieved 2017, from: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html [15] FIDO 2.0: Overview, Retrieved 2017, from: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-overview-v2.0-rd-20170927.html [16] Web Authentication: An API for accessing Public Key Credentials, from: https://www.w3.org/TR/webauthn/ [17] FIDO 2.0: Client To Authenticator Protocol, Retrieved 2017, from: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html [18] User Authentication Specifications Overview, from: https://fidoalliance.org/specifications/ [19] Florentin Putz, Steffen Schön and Matthias Hollick, ”Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions,” in 4th International Workshop on Emerging Technologies for Authorization and Authentication. Darmstadt, Germany 08,10,2021. [20]Web Authentication: An API for accessing Public Key Credentials Level 3, from: https://w3c.github.io/webauthn/#prf-extension [21] Web Authentication (WebAuthn)- WebAuthn Attestation Statement Format Identifiers, from: https://www.iana.org/assignments/webauthn/webauthn.xhtml [22] FIDO White Paper: Multi-Device FIDO Credentials, Retrieved 2022, from: https://media.fidoalliance.org/wp-content/uploads/2022/03/How-FIDO-Addresses-a-Full-Range-of-Use-Cases-March24.pdf [23] About the security of passkeys, Retrieved 2023, from: https://support.apple.com/en-ca/102195 [24] Manage passkeys in Chrome, from: https://support.google.com/chrome/answer/13168025?hl=en&co=GENIE.Platform%3DAndroid&sjid=3010656995617399239-AP [25] Christos Tselikis, Christos Douligeris, S. Mitropoulos, Nikos Komninos and George Tselikis,” Adaptation of a Conference Key Distribution System for the wireless ad hoc network,” in 2017 IEEE International Conference on Communications (ICC). [26] Szu-Yin Wang, “A Study on Dynamic Conference Key Distribution”, Master’s Thesis, Department of Information Management Shih Hsin University, 2005. [27] Orhan Ermiş, Serif Bahtiyar, Emin Anarim and Mehmet Ufuk Çağlayan, “An Improved Fault-Tolerant Conference-Key Protocol with Forward Secrecy,” ACM The 6th International Conference on Security of Information and Networks 2013. zh_TW
