請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/53695
標題: | 基於霧運算架構之可證明安全性的團體密鑰建立協議 Provable secure group key establishment scheme for fog computing |
作者: | Wen-Chin Chen 陳玟瑾 |
指導教授: | 王勝德(Sheng-De Wang) |
關鍵字: | 霧運算,團體金鑰建立,橢圓曲線密碼學,相互認證,Canetti–Krawczyk攻擊模型, fog computing,group key establishment,elliptic curve cryptography,mutual authentication,Canetti–Krawczyk adversary model, |
出版年 : | 2020 |
學位: | 碩士 |
摘要: | 在霧運算的架構中,霧節點被部署在離物聯網裝置較近的地方且可分擔物聯網節點的運算負擔,這樣的架構可以解決在雲端運算中的高延遲與網路連線受限的問題,現今有許多關於霧運算的應用,例如:車載隨意行動網路中的智慧型運輸系統,醫療照護系統與行動通訊網路,然而以上這些應用中裝置的數量通常多至可構成群體且這些裝置常常被部屬在僅有有限的安全防護之處,先前關於團體金鑰建立的方法有許多缺點,例如:傳輸的訊息量太大造成延遲以及無法確保所有節點的真實性,因此在這篇論文中,我們提出一個基於霧運算架構,使用橢圓曲線密碼學來完成相互認證的團體金鑰建立流程,在這個流程中,所有節點會互相認證對方的身分並安全地交換與分配金鑰,霧節點經過認證後可以分擔雲伺服器的運算負載且可以負責分配先前建立好的團體會談金鑰給所有裝置,且其中的團體會談金鑰是由所有設備的私鑰與暫存的隨機亂數所組成的,論文中正式的安全性證明則可以證明建立的團體會談金鑰對於Canetti–Krawczyk攻擊模型是可以安全防護的,最後我們由運算與傳輸會帶來的負載來分析此流程的性能,並將結果與他人的研究結果比較,結果顯示此流程與先前的研究結果相比是輕量且有效率的,因為此流程只包含了較輕量的運算,例如:橢圓曲線運算與對稱金鑰運算。 In fog computing paradigms, fog nodes are much closer to terminal devices and are able to extend the services to the edge of the network, mitigating the effects of high latency and constrained networking in Internet of things (IoTs). In the applications of fog computing, such as the intelligent transportation system (ITS) in vehicular ad-hoc networks (VANETs), healthcare system and mobile networks, terminal devices are often organized as groups and are usually deployed in environments with limited security protections. Previous studies about the group key establishment of fog computing architectures are with high communication costs and cannot verify the authenticity of each entity. Hence, in this paper, we propose a mutual authenticated group key establishment scheme for the fog computing architecture by using elliptic curve cryptography. Mutual authentication and secure key exchange will be accomplished in this scheme. After mutual authentication, the cloud server can offload the computation overheads to the fog nodes which will be responsible to authenticate the group of devices and distribute the established group session key, which is composed of private keys of each entity and some random and temporarily stored values. We prove that the established group session key is protected from the Canetti–Krawczyk (CK) adversary model. Finally, we evaluate the performance in terms of computational and communication costs. The proposed scheme is lightweight and efficient as compared with the previous study because it involves only elliptic curve operations and symmetric cryptographic operations. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/53695 |
DOI: | 10.6342/NTU202002402 |
全文授權: | 有償授權 |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
U0001-0408202017410600.pdf 目前未授權公開取用 | 1 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。