請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49208完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 鄭振牟 | |
| dc.contributor.author | Yu-Chen Kuo | en |
| dc.contributor.author | 郭育辰 | zh_TW |
| dc.date.accessioned | 2021-06-15T11:19:22Z | - |
| dc.date.available | 2016-08-26 | |
| dc.date.copyright | 2016-08-26 | |
| dc.date.issued | 2016 | |
| dc.date.submitted | 2016-08-18 | |
| dc.identifier.citation | [1] FIDO alliance. https://fidoalliance.org/ 2016.07.05
[2] Universal 2nd Factor. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html 2014.12.08 [3] Universal Authentication Framework. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html 2014.12.08 [4] Elliptic Curve Digital Signature Algorithm. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm 2016.07.05 [5] RSA. https://en.wikipedia.org/wiki/RSA_(cryptosystem) 2016.07.05 [6] Chapter5 in RFC 4648 - Base64url encoding. https://www.ietf.org/rfc/rfc4648.txt 2006.10 [7] RFC 6454 - Web origin. https://www.ietf.org/rfc/rfc6454.txt 2011.12 [8] FIDO appID and facet specification. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-appid-and-facets-v1.0-ps-20141208.html 2014.12.08 [9] X.509 certificate. https://en.wikipedia.org/wiki/X.509 2016.07.05 [10] JSON. http://www.json.org/ 2016.07.05 [11] FIDO UAF Authenticator Commands. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-cmds-v1.0-ps-20141208.html 2014.12.08 [12] RFC 7515 - JSON Web Signature. https://tools.ietf.org/html/rfc7515 2015.05 [13] JMeter . http://jmeter.apache.org/ 2016.05 [14] Yubico U2F test case. https://github.com/Yubico/php-u2flib-server/tree/master/tests 2016.02.05 | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49208 | - |
| dc.description.abstract | 近年來,網路服務的蓬勃發展,越來越多人使用線上服務進行交易或存取個人資訊,因此對使用者的身份認證成為一項非常重要的事情。目前大部分的網路服務都是採用輸入使用者名稱、密碼來完成認證,然而密碼系統本身卻有一些根本上的安全缺陷。為此快速身份認證聯盟提出兩種認證規格:'通用第二因素'和'通用認證框架'。其中通用第二因素是一個兩階段驗證的架構,其透過新增的一個實體令牌來強化密碼認證。通用認證框架則是透過令牌利用生物辨識的認證使用者身分,因此不再需要密碼協助。兩項認證機制皆是通過認證新增的實體令牌使遠端網路服務能與使用者生份進行連結,因此遠端網路服務需利用通用第二因素/通用認證框架提出的協議並使用非對稱式演算法來完成對令牌的確認。
此篇論文我們利用PHP來實作通用第二因素和通用認證框架兩項系統的伺服器端。由於與露天拍賣進行產學合作案,因此通用第二因素的程式碼無法成為開放原始碼。本篇論文將通用認證框架伺服器端的程式碼公佈於https://github.com/ckwill/uaf-server-library-php。 | zh_TW |
| dc.description.abstract | In recent years, services over Internet flourish rapidly. More and more people use online services to do transaction or access personal data. Therefore, authentication of user identity has become an important task. At present, most of the online services ask user enter the username and password to validate identity of user. However, the password-based authentication has several security problems. For this reason, FIDO alliance published two authentication specification: 'Universal 2nd Factor'(U2F) and 'Universal Authentication Framework'(UAF). U2F is a second factor verification. It strengthens the security of password-based authentication by using a real token. UAF uses biometrics or some other way provided by authenticator to verify user identity. Online services use protocols provides by U2F/UAF and asymmetric-key algorithms to authenticate the token or authenticator, so they can make sure the user identity.
In this paper, we implement the server side of U2F and UAF in PHP. Because our U2F is an industry-university cooperative research project with Ruten, we do not open the code. We open our UAF code on 'https://github.com/ckwill/uaf-server-library-php'. | en |
| dc.description.provenance | Made available in DSpace on 2021-06-15T11:19:22Z (GMT). No. of bitstreams: 1 ntu-105-R03943148-1.pdf: 1055223 bytes, checksum: 728074453e78787cd7dfc6bc83fd7a42 (MD5) Previous issue date: 2016 | en |
| dc.description.tableofcontents | 誌謝 i
中文摘要 ii Abstract iii Contents iv List of Figures vi List of Tables vii 1 Introduction 1 2 Glossary 3 3 FIDO U2F 5 3.1 Overview 5 3.2 Architecture 6 3.3 Registration 8 3.3.1 Steps of Registration 8 3.3.2 Signature 10 3.4 Authentication 11 3.4.1 Steps of Authentication 11 3.4.2 Signature 12 4 FIDO UAF 13 4.1 Overview 13 4.2 Architecture 14 4.3 Registration 17 4.3.1 Steps of Registration 17 4.3.2 Signature 19 4.4 Authentication 20 4.4.1 Steps of Authentication 20 4.4.2 Signature 22 4.5 Deregistration 23 5 FIDO U2F and UAF Server Tasks 24 5.1 Key Management 24 5.2 Authenticator Attestation 25 5.3 Prevent Phishing Attack 25 5.4 Detect Cloned Authenticator 26 6 Implementation and Validation 27 6.1 Implementation 27 6.1.1 Input Parameters of U2F/UAF Library 27 6.1.2 U2F Server Library 28 6.1.3 UAF Server Library 30 6.2 Measurement 33 6.2.1 U2F Server 33 6.2.2 UAF Server 34 6.3 Validation 36 6.3.1 U2F Server 36 6.3.2 UAF Server 36 7 Conclusion 37 8 Bibliography 38 | |
| dc.language.iso | en | |
| dc.subject | 網路身分認證 | zh_TW |
| dc.subject | 通用認證框架 | zh_TW |
| dc.subject | 通用第二因素 | zh_TW |
| dc.subject | 快速身份認證聯盟 | zh_TW |
| dc.subject | 身分令牌登入 | zh_TW |
| dc.subject | 密碼 | zh_TW |
| dc.subject | password | en |
| dc.subject | UAF | en |
| dc.subject | U2F | en |
| dc.subject | FIDO alliance | en |
| dc.subject | token-based authentication | en |
| dc.subject | user identity authentication | en |
| dc.title | FIDO U2F 與 UAF 伺服器端的高效實作 | zh_TW |
| dc.title | An Efficient Implementation of U2F & UAF Server | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 104-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 楊柏因,謝致仁 | |
| dc.subject.keyword | 網路身分認證,密碼,身分令牌登入,快速身份認證聯盟,通用第二因素,通用認證框架, | zh_TW |
| dc.subject.keyword | user identity authentication,password,token-based authentication,FIDO alliance,U2F,UAF, | en |
| dc.relation.page | 39 | |
| dc.identifier.doi | 10.6342/NTU201603000 | |
| dc.rights.note | 有償授權 | |
| dc.date.accepted | 2016-08-19 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 電子工程學研究所 | zh_TW |
| 顯示於系所單位: | 電子工程學研究所 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-105-1.pdf 未授權公開取用 | 1.03 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。