FIDO UAF 客戶端的高效能實作

Guo-Ting Wang; 王國婷

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/50501

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	鄭振牟(Chen-Mou Cheng)
dc.contributor.author	Guo-Ting Wang	en
dc.contributor.author	王國婷	zh_TW
dc.date.accessioned	2021-06-15T12:43:27Z	-
dc.date.available	2016-08-02
dc.date.copyright	2016-08-02
dc.date.issued	2016
dc.date.submitted	2016-07-26
dc.identifier.citation	[1] Coverity. Coverity Scan — Static Analysis. https://scan.coverity.com/, 2016. [Online; accessed 5-July-2016]. [2] FIDO Alliance. FIDO Validation Suite — UAF Conformance Testing. https://conformance.fidoalliance.org/v2_tool/, 2015. [Online; accessed 5-July-2016]. [3] FIDO Alliance. About The FIDO Alliance. https://fidoalliance.org/about/overview/, 2016. [Online; accessed 5-July-2016]. [4] FIDO Alliance. FIDO Alliance Bringing Stronger Authentication to Payments. https://fidoalliance.org/fido-alliance-bringing-stronger-authentication-to-payments/,2016. [Online; accessed 5-July-2016]. [5] FIDO Alliance. FIDO UAF Application API and Transport Binding Specification v1.0. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-client-api-transport-v1.0-ps-20141208.html, 2016. [Online; accessed 5-July-2016]. [6] FIDO Alliance. FIDO UAF Architectural Overview. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html,2016. [Online; accessed 5-July-2016]. [7] FIDO Alliance. FIDO UAF Protocol Specification v1.0. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html,2016. [Online; accessed 5-July-2016]. [8] leshi, arnar, balfanz, iuliaion, chriswifx, fido u2f, ianloic, mschilder123, peterconalgo, and matsprea. U2F reference implementations. https://github.com/google/u2f-ref-code, 2016. [Online; accessed 5-July-2016]. [9] npesic, emersonmello, quanken, vhuang01, hackappcom, alain2sf, mallikarjunap,sappho192 bhavinparekh04, mikanbako, and levangongPayPal. UAF — UniversalAuthentication Framework. https://github.com/eBay/UAF, 2016. [Online; accessed 5-July-2016].
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/50501	-
dc.description.abstract	隨著手機和平板電腦的普及,越來越多人習慣用行動裝置上網,在登入網站時,相較於使用傳統的個人電腦,在行動裝置上輸入密碼相當麻煩,但目前輸入帳號密碼仍然是最普遍的身分認證方式,因此許多使用者常在一開始登入後,就讓裝置紀錄密碼,或直接不登出網站,我們能夠發現,使用者為了方便使用,「密碼」在行動裝置上反而更不安全。除了使用「密碼」之外,有其他更加安全的認證方式可以選擇,例如加上每次都會更新的「一次性密碼」或硬體設備,作為雙重認證,但這些方式常因為步驟繁瑣而讓使用者卻步,FIDO 聯盟就是為了解決這樣的問題而成立的,他制定了免密碼登入的規範,搭配生物辨識的裝置,創造出安全且方便的登入環境。使用者僅需在登入該帳號時,通過瞳孔或指紋辨識等系統,即可自動登入。 FIDO 所制定的這套規範,除了官方文件之外,目前較少相關的公開資源,本論文實作了其中的客戶端軟體,期望能讓更多人參考並重視這個議題,讓未來的行動裝置,能更加兼具安全性與方便性。	zh_TW
dc.description.abstract	With the popularity of mobile phones and tablets, more and more people surf the Internet with mobile devices. When users log in a website, in contrast to using traditional PCs, typing the password is very troublesome on mobile phones. However, the most commonly used authentication is still password-based. Thus, users usually record their password on browsers or apps after the first login. These security issues become apparent on mobile devices. Apart from using ”password”, there are several authentication solutions with higher security. For example, adding one-time password or hardware token for two-factor authentication are good choices. Most of those solutions are not adopted because of the cumbersome steps. FIDO Alliance is formed to address the problems of password and authentication. They develop specification of password-less solution. With biometric device, the ecosystem oflogin is secure and convenient. Users only need to pass identity verification,then they can successfully log in. There are few open resources related to standard published by FIDO except to the official documents. In this thesis, we implement the client part sothat more people can refer to it and pay attention to this issue.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T12:43:27Z (GMT). No. of bitstreams: 1 ntu-105-R03943086-1.pdf: 1324369 bytes, checksum: 76e095c1ba1cf324a6f53114634fda5a (MD5) Previous issue date: 2016	en
dc.description.tableofcontents	口試委員會審定書 i 摘要 ii Abstract iii 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Mobile Payment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Universal Authentication Framework 4 2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3.1 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3.2 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3.3 ASM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3.4 Authenticator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4 Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4.1 Server and Client . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4.2 Client and ASM . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.4.3 ASM and Authenticator . . . . . . . . . . . . . . . . . . . . . . 8 2.4.4 Metadata Service . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.5 Protocol Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.5.1 Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.5.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.5.3 Transaction Confirmation . . . . . . . . . . . . . . . . . . . . . 12 2.5.4 Deregistration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3 Protocol Detail 16 3.1 Shared Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2 ASM API Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3 Operation Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.1 Registration Operation . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.2 Authentication Operation . . . . . . . . . . . . . . . . . . . . . . 23 3.3.3 Deregistration Operation . . . . . . . . . . . . . . . . . . . . . . 26 4 Implementation 27 4.1 RP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2.1 Client API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2.2 Android Intent . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.2.3 Work Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5 Evaluation 34 5.1 Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5.2 Conformance Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.3 UAF Ecosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.4 Coverity Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 6 Conclusion 38 Bibliography 40
dc.language.iso	en
dc.subject	密碼	zh_TW
dc.subject	FIDO聯盟	zh_TW
dc.subject	身份認證	zh_TW
dc.subject	行動裝置安全	zh_TW
dc.subject	FIDO聯盟	zh_TW
dc.subject	身份認證	zh_TW
dc.subject	行動裝置安全	zh_TW
dc.subject	密碼	zh_TW
dc.subject	authentication	en
dc.subject	FIDO Alliance	en
dc.subject	password	en
dc.subject	mobile security	en
dc.subject	authentication	en
dc.subject	FIDO Alliance	en
dc.subject	password	en
dc.subject	mobile security	en
dc.title	FIDO UAF 客戶端的高效能實作	zh_TW
dc.title	Efficient Implementation of FIDO UAF Client	en
dc.type	Thesis
dc.date.schoolyear	104-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	楊柏因,謝致仁
dc.subject.keyword	FIDO聯盟,身份認證,行動裝置安全,密碼,	zh_TW
dc.subject.keyword	FIDO Alliance,authentication,mobile security,password,	en
dc.relation.page	41
dc.identifier.doi	10.6342/NTU201601320
dc.rights.note	有償授權
dc.date.accepted	2016-07-27
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電子工程學研究所	zh_TW
顯示於系所單位：	電子工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-105-1.pdf 未授權公開取用	1.29 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。