針對半誠實的網路管理者的無線網路匿名認證

Yung-Chi Huang; 黃詠娸

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/50909

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Yung-Chi Huang	en
dc.contributor.author	黃詠娸	zh_TW
dc.date.accessioned	2021-06-15T13:05:53Z	-
dc.date.available	2020-08-20
dc.date.copyright	2020-08-20
dc.date.issued	2020
dc.date.submitted	2020-08-14
dc.identifier.citation	A C implementation of elliptic-curve-based DAA project. https://github.com/ xaptum/ecdaa. FreeRADIUS: The world’s most popular RADIUS Server. https://freeradius.org. How the NSA is tracking people right now. http://apps.washingtonpost.com/g/page/national/how-the-nsa-is-tracking-people-right-now/634/. If You Have a Smart Phone, Anyone Can Now Track Your Every Move. https://www.technologyreview.com/2012/04/20/19824/ if-you-have-a-smart-phone-anyone-can-now-track-your-every-move/. No, this isn’t a scene from Minority Report. This trash can is stalk- ing you. https://arstechnica.com/information-technology/2013/08/ no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/. Ieee standard for information technology– local and metropolitan area networks– specific requirements– part 11: Wireless lan medium access control (mac) and phys- ical layer (phy) specifications amendment 2: Fast basic service set (bss) transition. IEEE Std 802.11r-2008 (Amendment to IEEE Std 802.11-2007 as amended by IEEE Std 802.11k-2008), pages 1–126, 2008. J.Camenisch,M.Drijvers,andA.Lehmann.UniversallyComposableDirectAnony- mous Attestationy. In Public-Key Cryptography – PKC 2016, 2016. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. RFC 5280 (Proposed Standard). M. Gruteser and D. Grunwald. Enhancing location privacy in wireless lan through disposable interface identifiers: A quantitative analysis. volume 10, pages 46–55, 01 2003. R. Housley, T. Polk, D. W. S. Ford, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280, 2002. D. Inoue, R. Nomura, and M. Kuroda. Transient mac address scheme for untraceability and dos attack resiliency on wireless network. In Symposium, 2005 Wireless Telecommunications, pages 15–23, 2005. T. Jiang, H. J. Wang, and Y.-C. Hu. Preserving location privacy in wireless lans. In Proceedings of the 5th international conference on Mobile systems, applications and services, pages 246–257, 2007. M. Lei, X. Hong, and S. V. Vrbsky. Protecting location privacy with dynamic mac address exchanging in wireless networks. In IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference, pages 49–53, 2007. J.Martin,T.Mayberry,C.Donahue,L.Foppe,L.Brown,C.Riggins,E.C.Rye,and D. Brown. A study of mac address randomization in mobile devices and when it fails. Proceedings on Privacy Enhancing Technologies, 2017(4):365–383, 2017. Qi He, Dapeng Wu, and P. Khosla. The quest for personal control over mobile loca- tion privacy. IEEE Communications Magazine, 42(5):130–136, 2004. M.Vanhoef,C.Matte,M.Cunche,L.S.Cardoso,andF.Piessens.Whymacaddress randomization is not enough: An analysis of wi-fi network discovery mechanisms. In AsiaCCS, pages 413–424. ACM, 2016.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/50909	-
dc.description.abstract	如今無線熱點已經廣泛部署在世界各地，然而這可能會導致位置和軌跡隱私洩露的風險，大部分過去的研究都著重在針對竊聽者可以取得的可用來唯一識別身份的MAC地址來做防範，目前的無線網路認證機制所使用的身分認證其實也會有同樣的隱私洩露風險。因此，我們提出了一個針對半誠實的網路管理者的無線網路匿名認證機制，透過直接匿名認證的特性，我們使用直接匿名認證的簽章作為無線網路認證時的身份認證可以達成匿名性和不可聯繫性，此外，我們有做出一個可以簡易部署的實作，它是由嵌入X.509的擴充欄位在用戶端的證書，搭配FreeRadius伺服器上可客製化的證書驗證機制來完成的，我們驗證我們設計的安全性和易佈署性，並且證明我們的設計和EAP-TLS相比只會增加部分邊際延遲，而和常用的PEAP相比則近乎相同。	zh_TW
dc.description.abstract	Nowadays, wireless hotspots have been widely deployed around the world, which may lead to significant location and trajectory privacy risks. While most previous work focuses on protecting MAC addresses which can be used as a unique identifier against eavesdroppers, the authentication identity of existing WiFi authentication mechanisms can also be used by administrators to track users. In our work, we propose a new authentication mechanism for WiFi which supports anonymous authentication against honest-but-curious administrators. Leveraging the properties of Direct Anonymous Attestation (DAA), our scheme can achieve anonymity and unlinkability with a DAA signature as an authentication identity while authenticated by the authentication server in the WiFi network. We further build an implementation of our scheme by using an X.509 extension embedded in the client certificate and importing a customized certificate validation check on FreeRadius server. We validate the security property and demonstrate the deployability of our solution. We show that our scheme introduced marginal overhead compared with EAP-TLS and performs similarly to the widely-deployed PEAP.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T13:05:53Z (GMT). No. of bitstreams: 1 U0001-1008202017413300.pdf: 2873535 bytes, checksum: 4086433a2ec4b30bb4665238f2404da6 (MD5) Previous issue date: 2020	en
dc.description.tableofcontents	誌謝 i Acknowledgements ii 摘要 iii Abstract iv 1 Introduction 1 2 Background 4 2.1 ExtensibleAuthenticationProtocol..................... 4 2.1.1 EAP-TLS.............................. 4 2.1.2 PEAP................................ 5 2.2 802.11rFastTransition/Roaming/Handover . . . . . . . . . . . . . . . 6 2.3 DirectAnonymousAttestation ....................... 7 3 Motivation 9 4 Problem Definition 11 4.1 SystemModel................................ 12 4.2 Assumption................................. 12 4.3 ThreatModel ................................ 13 4.4 DesiredProperties.............................. 13 5 Proposed Solution 15 5.1 SystemSetup ................................ 16 5.1.1 Prerequisite............................. 16 5.1.2 Role................................. 16 5.2 ArchitectureDesign............................. 16 5.2.1 Joining ............................... 16 5.2.2 Verification............................. 17 5.3 DynamicGroup............................... 18 5.3.1 Addingnewmembers ....................... 18 5.3.2 Revocation ............................. 18 5.3.3 Adaptiverevocation ........................ 19 5.4 Implementation ............................... 20 5.4.1 X.509................................ 21 5.4.2 FreeRADIUS............................ 22 6 Evaluation 25 6.1 ExperimentsSettings ............................ 25 6.2 SecurityAnalysis .............................. 26 6.3 PerformanceEvaluation........................... 26 6.4 Deployability ................................ 28 7 Discussion 29 8 Related Work 31 9 Conclusion 33 Bibliography 34
dc.language.iso	en
dc.subject	匿名認證	zh_TW
dc.subject	匿名認證	zh_TW
dc.subject	位置隱私權	zh_TW
dc.subject	無線網路	zh_TW
dc.subject	無線網路	zh_TW
dc.subject	位置隱私權	zh_TW
dc.subject	Location Privacy	en
dc.subject	Anonymous Authentication	en
dc.subject	Location Privacy	en
dc.subject	WiFi	en
dc.subject	WiFi	en
dc.subject	Anonymous Authentication	en
dc.title	針對半誠實的網路管理者的無線網路匿名認證	zh_TW
dc.title	Anonymous WiFi Authentication against Honest-but-curious Administrators	en
dc.type	Thesis
dc.date.schoolyear	108-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	黃俊穎(Chun-Ying Huang),鄭欣明(Shin-Ming Cheng),林忠緯(Chung-Wei Lin)
dc.subject.keyword	無線網路,位置隱私權,匿名認證,	zh_TW
dc.subject.keyword	WiFi,Location Privacy,Anonymous Authentication,	en
dc.relation.page	35
dc.identifier.doi	10.6342/NTU202002851
dc.rights.note	有償授權
dc.date.accepted	2020-08-17
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊網路與多媒體研究所	zh_TW
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
U0001-1008202017413300.pdf 未授權公開取用	2.81 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。