跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 張淯閎
Yu-Hong Zhang
論文名稱: Security of Mutual Authentication AT QR Codes
指導教授: 王尉任
Wei-Jen Wang
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系在職專班
Executive Master of Computer Science & Information Engineering
論文出版年: 2014
畢業學年度: 102
語文別: 英文
論文頁數: 52
中文關鍵詞: 鑑別雙向認證QR codeGNY logic行動通訊系統
外文關鍵詞: Authentication, mutual authentication, QR code, GNY logic, mobile system
相關次數: 點閱:15下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 如何在網際網路上鑑別使用者身份,一直是網路服務提供者必須面對的問題,而一個良好的鑑別協定首重安全性,並且可以達成雙方交互認證的功能。一般來說,愈複雜的鑑別協定,可有效增加惡意攻擊者破解的難度,然而,卻可能造成協定運作的運算成本過高及使用設備的限制,反而缺乏易用性。因此,如何發展兼顧安全性及易用性一直是相關研究者共同努力的目標。
    QR code為1994年由日本DENSO WAVE公司所開發出的一種二維條碼,所謂QR為Quick Response的縮寫,最早應用於汽車零件管理。隨著智慧型手機的盛行,使得一般人可隨時可以利用智慧型手機上的相機進行拍攝工作。由於QR code可透過相機拍攝後快速解碼,再加上它具有高儲存容量及高容錯等優點,所以可以打破普通條碼需要特定掃瞄器的限制,使得QR code成為近年來十分熱門的技術應用領域,例如:高鐵車票、電子發票及網址連結等。
    本論文將結合上述兩項領域,提出一種利用QR code來實現的高安全性的鑑別協定。本論文完整介紹鑑別協定各階段的運作機制外,並透過實作來展現協定具有QR code的相關優點。另外,我們採用了GNY logic來分析鑑別協定的邏輯合理性及進行常見各類型攻擊的安全性分析,藉此證明鑑別協定具備高安全性。最後,我們期望透過本項鑑別協定的提出,提供網站服務者一項可實際應用兼具易用性及安全性的鑑別協定的選擇,並且可將此認證機制,應用於各種行動通訊系統中。

    User authentication over the Internet has been a long issue to the service providers as well as the users of the Internet services. A good authentication protocol must provide high security and mutual authentication for both sides. In addition, it has to find the balance between security and usability, as finding the balance is a hard problem shown in the literature. To solve this problem, we propose a novel mutual authentication protocol with high security and high usability. The proposed protocol is developed on QR code, a type of two-dimensional barcode that can be taken by the camera and be quickly decoded by smart phones. We have implemented a prototype using the proposed mutual authentication protocol, and showed how the prototype improves usability in a mobile communication system. We also use the GNY logic with several well-known attack models to analyze the security of the proposed protocol, and it shows a satisfactory result. We expect that, via the proposed protocol, the Internet service providers are able to provide a mutual authentication mechanism with high security and high usability.

    Abstract ..................................................................................................................................... ii List of Figures ............................................................................................................................ iv List of Tables .............................................................................................................................. v Chapter 1 Introduction ............................................................................................................ 1 1.1 Motivation ................................................................................................................... 1 1.2 Background ................................................................................................................. 2 1.3 Solution and Contributions ....................................................................................... 4 1.4 Organization ............................................................................................................... 5 Chapter 2 Related Work .......................................................................................................... 6 2.1 The QR code ................................................................................................................ 6 2.2 Needham-Schroeder Protocol .................................................................................... 9 2.3 GNY logic .................................................................................................................. 13 Chapter 3 Mutual Authentication AT QR Codes ................................................................. 19 3.1 Protocol Overview .................................................................................................... 19 3.2 System Construction ................................................................................................ 20 3.3 Login and Authentication Phase ............................................................................. 24 Chapter 4 Architecture Simulations ..................................................................................... 28 4.1 Implementation Environment ................................................................................. 28 4.2 Authentication System Implementation ................................................................. 31 Chapter 5 Performance Evaluations ..................................................................................... 36 5.1 Data Capacity with different QR code versions .................................................... 36 5.2 Protocol Analysis by GNY logic ............................................................................... 37 5.3 Security Analysis ....................................................................................................... 41 Chapter 6 Conclusion ............................................................................................................. 42 References ................................................................................................................................ 43

    [1] K. C. Liao and W. H. Lee, "A novel user authentication scheme based on QR-code," Journal of Networks, vol. 5, no. 8, pp. 937-941, 2010.
    [2] K. C. Liao, W. H. Lee, M. H. Sung, and T. C. Lin, "A one-time password scheme with QR-code based on mobile phone," IEEE-PROCEEDINGS, The 5th International Joint Conference on Networked Computing and Advanced Information Management (NCM’09), pp. 2069-2071, 2009.
    [3] S. K. Sahu and S. K. Gonnade, "Encryption in QR Code Using Steganography," International Journal of Engineering Research and Applications, vol. 3, no. 4, pp. 1738-1741, 2013.
    [4] C. H. Chung, W. Y. Chen, and C. M. Tu, "Image hidden technique using QR-barcode," IEEE-PROCEEDINGS, The 5th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP’09), pp. 522-525, 2009.
    [5] S. Vongpradhip and S. Rungraungsilp, "QR code using invisible watermarking in frequency domain," IEEE-PROCEEDINGS, 2011 9th International Conference on ICT and Knowledge Engineering, pp. 47-52, 2012.
    [6] D. Park, C. Boyd, and E. Dawson, "Classification of authentication protocols: A practical approach," SPRINGER VERLAG PROCEEDINGS (Lecture Notes in Computer Science, vol. 1975, Springer-Verlag Berlin Heidelberg 2000), The 3rd International Workshop, ISW 2000 Wollongong, Australia, pp.194-208, 2000.
    [7] P. Kieseberg, M. Leithner, M. Mulazzani, L. Munroe, S. Schrittwieser, M. Sinha, and E. Weippl, "QR code security," ACM-PROCEEDINGS, The 8th International Conference on Advances in Mobile Computing and Multimedia (MoMM’10), pp. 430-435, 2010.
    [8] D. S. Oh, B. H. Kim, and J. K. Lee, "A study on authentication system using QR code for mobile cloud computing environment," SPRINGER VERLAG PROCEEDINGS (Communications in Computer and Information Science, vol. 184, Springer-Verlag GmbH Berlin Heidelberg 2011), The 6th International Conference on FutureTech 2011, Loutraki, Greece, pp. 500-507, 2011.
    [9] Denso Wave, the Inventor of QR Code, "http://www.qrcode.com/en/"
    [10] Y. H. Chang, C. H. Chu, and M. S. Chen, "A General Scheme for Extracting QR Code from a non-uniform background in Camera Phones and Applications," IEEE-PROCEEDINGS, The 9th IEEE International Symposium on Multimedia (ISM 2007), pp. 123-130, 2007.
    [11] I. S. Reed and G. Solomon, "Polynomial codes over certain finite fields," Journal of the Society for Industrial and Applied Mathematics, vol. 8, no. 2, pp. 300-304, 1960.
    [12] R. M. Needham and M. D. Schroeder, "Using encryption for authentication in large networks of computers," Communications of the ACM, vol. 21, no. 12, pp. 993-999, 1978.
    [13] B. C. Neuman and T. Ts'o, "Kerberos: An authentication service for computer networks," IEEE Communications Magazine, vol. 32, no. 9, pp. 33-38, 1994.
    [14] D. E. Denning and G. M. Sacco, "Timestamps in key distribution protocols," Communications of the ACM, vol. 24, no. 8, pp. 533-536, 1981.
    [15] G Lowe, "An attack on the Needham-Schroeder public-key authentication protocol," Information processing letters, vol. 56, no. 3, pp. 131-133, 1995.
    [16] G. Lowe, "Breaking and fixing the Needham-Schroeder public-key protocol using FDR," SPRINGER VERLAG PROCEEDINGS (Lecture Notes in Computer Science, vol. 1055, Springer-Verlag Berlin Heidelberg 1996), The 2nd International Workshop, TACAS 1996 Passau, Germany, pp.147-166, 1996.
    [17] Formal Systems (Europe) Ltd. Failures Divergence Refinement—User Manual and Tutorial ver. 1.3, 1993.
    [18] M. Burrows, M. Abadi, and R. M. Needham, "A logic of authentication," Proceedings of the Royal Society A, Mathematical and Physical Sciences, vol. 426, no. 1871, pp. 233-271, 1989.
    [19] L. Gong, R. Needham, and R. Yahalom, "Reasoning about belief in cryptographic protocols," IEEE-PROCEEDINGS, Computer Society Symposium on Research in Security, pp. 234-248, 1990.
    [20] Y. Ding, "An improvement of GNY logic for the reflection attacks," Journal of Computer Science and Technology, vol. 14, no. 6, pp. 619-623, 2010.
    [21] A. M. Mathuria, R. Safavi-Naini, and P. R. Nickolas, "On the automation of GNY logic," IEEE Computer Society Press Los Alamitos, Australian Computer Science Communications, pp. 370-379, 1995.
    [22] N. Asokan, V. Niemi, and K. Nyberg, "Man-in-the-middle in tunnelled authentication protocols," SPRINGER VERLAG PROCEEDINGS (Lecture Notes in Computer Science, vol. 3364, Springer-Verlag Berlin Heidelberg 2005), The 11th International Workshop, Cambridge, UK, pp.28-41, 2005.
    [23] R. Perlman, "An overview of PKI trust models," IEEE Network, vol. 13, iss. 6, pp. 38-43, 1999.
    [24] P. Syverson, "A taxonomy of replay attacks [cryptographic protocols]," IEEE-PROCEEDINGS, Computer Security Foundations Workshop VII (CSFW 7), pp. 187-191, 1994.

    QR CODE
    :::