由於網路的快速成長以及媒體資訊的大量普及，在數位資訊內容的傳遞交易進行中，如何保護資訊的安全已廣泛地引起社會大眾的關切。面對新世代的通訊與網路，資訊安全的需求及機制，尤其更需要面對即時性與線上處理的問題。對於網路上的服務系統，使用者認證用於電腦系統的存取控制是最重要的機制。認證的機制雖然有點繁瑣，但為了保護使用者資訊的安全確是迫切必要的。此外，用戶可能尚需在其連線上要求作秘密通訊的服務，以保證其通訊內容不洩密。現今已有許多認證系統已被提出，但是既要安全且要基於成本考量有效益，通常是難以一併解決處理的問題。同時，以實務安全性的觀點來考量，在傳統加密系統上，已出現了某些新型態的攻擊法，這些攻擊法已發展出更有效率的方式，此一問題更讓人擔憂。因此必須審慎的考量採取更強韌性的新加密系統。

本篇論文提出一個新時代通訊與網路的安全認證與加密服務系統。在安全認證方面，主要用於防止未經授權的任意存取限制性資訊。另外，加密服務系統用以防止用戶的通訊連線資訊內容被破解。我們設計了使用後門雜湊函數與對稱式加密的金鑰儲存器，若單獨用電腦來破解該系統，在計算上將難以實行。因此可以用來抵擋公眾服務網路環境中離線與上線的攻擊，我們的機制既實用又有效，僅需花費少許的軟體成本，此機制能有效地挫敗破密攻擊，極適於當今通訊與網路的安全服務系統。在用戶經過認證後，取出金鑰可對通訊的媒體做加密，為防止新型態攻擊可能引起的破密風險，必須審慎的考量採取更強韌性的新加密系統，此一加密系統及其應用也將在本論文內文中詳細說明。

Due to the explosive growth of the network and the pervasion of media, protection of digital content in transactions induces people's concerns. Current security requirements and mechanisms especially need to work in real-time and on-line for communication and networking. For services in the network and communication systems, user's authentication is most essential in association with the access control of the computer system. The authentication scheme may be a trivial but crucial issue for protecting user's information. In addition, user may want confidential service in their communication link. Up to now, many authentication schemes have been proposed. However, it is difficult to keep the authentication system both secure and cost effective. Meanwhile, in terms of practical security, a major concern about some new attacks on the traditional encryption system is that they might pave the way to more efficient ones. A prudent migration to stronger encryption is necessary.

In this dissertation, a Secure Authentication and Confidential Service for communication and networking will be proposed. The purpose of the Secure Authentication is to prevent from gaining unauthorized access to restricted resources. The Confidential Service is to prevent user's communication link from being disclosed. We use a human-trapdoor distortion function and symmetric cipher to protect user's key in our key container so that it's computationally infeasible to break the system by using machine attack alone. It can prevent both on-line and off-line attacks on public environments. Our scheme is both practical and effective with only a little bit cost of software. This scheme is specially fit for security services for communication and networking since they will frustrate the attacker's attempt. After the user being authenticated, the key in software container can be retrieved out. Encryption can be applied to protect the messages on networks. In terms of practical security, a major concern about some new attacks on the traditional encryption system is that they might pave the way to more efficient ones. A prudent migration to stronger encryption is necessary. A further survey and application in the encryption/decryption algorithms will also be given in the context of this dissertation.

[1] D.S. Tan, P. Keyani and M. Czerwinski, Spy-Resistant Keybord: More secure password entry on public touch screen displays, Proceedings of OZCHI 2005; p.1-10.
[2] S. Brostoff, and M.A. Sasse, Are Passfaces more usable than passwords? A field trial investigation, Proceedings of HCI on People and Computers XIV, 2000; p. 405-24.
[3] A. Jain, L. Hong, and S. Pankanti, Biometric identification. Communications of the ACM 2000; 43(2): p.90-8.
[4] H. Pankanti, M.R. Bolle, and A. Jain, Special Issue on Biometrics: The future of identification. Computer 2000; 33(2): p. 46-80.
[5] PKCS # 5: Password-Based Encryption standard, RSA Laboratoris Technical Note, Version 1.5, Nov. 1, 1993; http://www.rsa.com/rsalabs/pubs/PKCS/.
[6] D. Hoover and B. Kausik, Software smart cards via cryptographic camouflage, Proc. IEEE Symposium on Security and Privacy, 1999; p. 208-15.
[7] X. Wang, M.H. Heydari and H. Lin, An Intrusion-tolerant Password Authentication System, Proceddings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), IEEE; 2003.
[8] T. Kwon, Virtual Software Tokens - A Practical Way to Secure PKI Roaming, InfraSec 2002, LNCS 2437. p. 288-302.
[9] C.S. Laih, L. Ding and Y.M. Huang, Password-only authenticated key establishment protocol without public key cryptography, Electronics Letters, Feb. 2005; 41(4): p.185-6.
[10] L.V. Ahn, M. Blum, N.J. Hopper, and J. Langford, CAPTCHA: Using Hard AI Problems for Security, Eurocrypt 2003, p. 294-311.
[11] R.E. Smith, The Strong Password Dilemma, CSI Computer Security Journa; 2002. http://www.smat.us/sanity/pwdliemma.html.
[12] R. Roman, J. Zhou and J. Lopez, An anti-spam scheme using pre-challenges, computer communications, 2006; 29(15) p. 2739-49.
[13] S. Bellovin and M. Merritt, Encrypted key exchange: password–based protocols secure against dictionary attacks, In Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, p. 72-84.
[14] S. Bellovin and M. Merritt, Augmented encrypted key exchange: a password–based protocol secure against dictionary attacks and password file compromise, In Proceedings of the 1st ACM Conference on Computer and Communications Security;1993, p. 244–250.
[15] D. Jablon, Extended password key exchange protocols immune to dictionary attack, Proceedings of the 6th IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises; 1997, p. 248-255.
[16] D. Jablon, Strong password–only authenticated key exchange, ACM SIGCOMM Computer Communication Review, October 1996; 26(5): p. 5-26.
[17] T. Wu, The secure remote password protocol, Proceedings of the 1998 Network and Distributed System Security Symposium;1998, p. 97–111.
[18] V. Boyko, P. MacKenzie and S. Patel, Provably secure password-authenticated key exchange using Diffie-Hellman, In B. Preneel, editor, Advances in Cryptology – EUROCRYPT 2000, LNCS 1807, Springer-Verlag; 2000, p. 156-171.
[19] J. Katz, R. Ostrovsky and M. Yung, Efficient passwordauthenticated key exchange using human-memorable passwords, In B. Pfitzann, editor, Advances in Cryptology – EUROCRYPT 2001, LNCS 2045, Springer-Verlag; 2001, p. 475-494.
[20] M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, In B. Preneel, editor, Advances in Cryptology - EUROCRYPT 2000, LNCS 1807, Springer-Verlag; 2000, p. 139-155.
[21] P. MacKenzie, S. Patel and R. Swaminathan, Passwordauthenticated key exchange based on RSA, In T. Okamoto, editor, ASIACRYPT2000, LNCS 1976, Springer-Verlag; 2000, p. 599-613.
[22] B. Pinkas and T. Sander, Securing passwords against dictionary attacks, Proc. ACM Computer and Security Conference (CCS); 2002, p. 161–170

[23] FIPS197(Federal Information Processing Standards Publication 197), Nov 26, 2001,Federal Register Announcement.
[24] AES Proposal: Rijndael, Joan Daemen,Vincent Rijmen, http://csrs.nist.gov/encryption/ aes/rijndael/Rijndael.pdf
[25] http://www.nist.gov/aes
[26] N.W. Wang, Y.M. Huang, C.S. Laih, “Concerns about the efficiency of data access and ambiguity in the AES Proposal”, Public Comments on the Draft Federal Information Processing Standards (FIPS) for the Advanced Encryption Standard
[27] W. Stallings, Network Security Essentials-applications and standards, Prentice Hall, 2000
[28] C. Hamacher etc., Computer Orgranazation, fifth ed.,McGraw Hill, p296-p307.
[29] S.J. Chen, http://www.cc.ee.ntu.edu.tw, Computer Architecture, Ch. 7 Memory System
[30] J. Daemen, L. Knudsen, V. Rijmen,”The Block Cipher Square”, Fast Software Encryption 1997,Spinger LNCE 1267, pp.149-165.
[31] J. Blum and A. Eskandarian. The threat of intelligent collisions. IT Professional, 6(1):24–29, Jan.-Feb. 2004.
[32] L. Gollan and C. Meinel, Digital signatures for automobiles, In Systemics, Cybernetics and Informatics (SCI), 2002.
[33] J.P. Hubaux, S. Capkun, and J. Luo, The security and privacy of smart vehicles, IEEE Security and Privacy Magazine, 2(3):49–55, May-June 2004.
[34] M.E. Zarki, S. Mehrotra, G. Tsudik, and N. Venkatasubramanian, Security issues in a future vehicular network, In European Wireless, 2002.
[35] M. Raya and J. P. Hubaux, The security of vehicular ad hoc networks, in: Proceedings of SASN’05, 2005, pp. 11–21.
[36] M. Raya and J. P. Hubaux, Securing vehicular ad hoc networks, Journal of Computer Security 15 (2007) 39–68
[37] B. Parno and A. Perrig, Challenges in securing vehicular networks, in: Proceedings of the Workshop on Hot Topics in Networks (HotNets-IV), 2005.
[38] P. Golle, D. Greene and J. Staddon, Detecting and correcting malicious data in VANETs. in Proceedings of the first ACM workshop on Vehicular ad hoc networks, (2004), ACM Press, 29–37.
[39] S. Duri, M. Gruteser, X. Liu, P. Moskowitz, R. Perez, M. Singh, and J.M. Tang, Framework for security and privacy in automotive telematics. in Proceedings of the 2nd international workshop on Mobile commerce, (2002), ACM Press, 25–32.
[40] S. Eichler, J. Billion, R. Maier, H.-J. Voegel and R. Kroh, On providing security for an open telematics platform, in: Proceedings of the 5th International Conference on ITS Telecommunications, 2005.
[41] I. Furgel and K. Lemke, A review of the digital tachograph system, in: Proceedings of the Workshop on Embedded Security in Cars (escar)’04, 2004.
[42] M. Wolf, A. Weimerskirch and C. Paar, Security in automotive bus systems, in: Proceedings of the Workshop on Embedded Security in Cars (escar)’04, 2004.
[43] 5.9 GHz DSRC. http://grouper.ieee.org/groups/scc32/dsrc/.
[44] IEEE P1609.2/D2 – Draft Standard for Wireless Access in Vehicular Environments – Security Services for Applications and Management Messages, November 2005.
[45] http://www.car-2-car.org/.
[46] http://www.network-on-wheels.de/.
[47] K. Matheus, R. Morich, I. Paulus, C. Menig, A. Lbke, B. Rech, and W. Specks, Car-to-car communication – market introduction and success factors, In ITS 2005: 5th European Congress and Exhibition on Intelligent Transport Systems and Services, 2005.
[48] P. Samuel, Of sticker tags and 5.9GHz. ITS International, 2004.
[49] Q. u, T. Mak, J. Ko, and R.Sengupta, Vehicle-to-vehicle safety messaging in DSRC, Proceedings of the first ACM workshop on Vehicular ad hoc networks, pages 19–28. ACM Press, 2004.
[50] X. Yang, J. Liu, F. Zhao, and N. Vaidya, A vehicle-to-vehicle communication protocol for cooperative collision warning, In First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous 2004), August 2004.
[51] Wave Systems Corp. EMBASSY 2100 cryptographic controller. http://www.wave.com/about/datasheets/03-000139 EMBASSY2100.pdf.
[52] A. Shamir, How to share a secret, Communications of the ACM, 22(11):612–613, 1979.
[53] M. Raya and J. P. Hubaux, The security of vehicular ad hoc networks, in: Proceedings of SASN’05, 2005, pp. 11–21.
[54] C. Boyd and A. Mathuria, Protocols for Authentication and Key Establishment, Springer, 2003.
[55] S. Rafaeli and D. Hutchison, A survey of key management for secure group communication, ACM Computing Surveys 35(3) (2003), 309–329.
[56] M. Raya, A. Aziz and J.P. Hubaux, Efficient secure aggregation in VANETs, in: Proceedings of VANET’06, 2006.
[57] H. Harney and C. Muckenhirn, Group Key Management Protocol (GKMP) architecture, RFC 2094,1997.
[58] W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, November 1976.