Download presentation
Presentation is loading. Please wait.
1
1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅 教授 ( Prof. Yu-Yi Chen) 研究生 : 陳昕逸 (Shin-I Chen)
2
2 Outline Agent-based Electronic Commerce Transaction Introduction Privacy issue of agent-based system Wang’s scheme Our scheme Analysis Conclusion RFID system Introduction Location privacy issue of RFID system Previous schemes Our scheme Analysis Conclusion
3
Part 1: Privacy Issues of Agent-based Electronic Commerce Transaction
4
4 Service Provider Introduction What is Agent-based Electronic Commerce Transaction??? I want to buy a Sony DVD player User User Agent Sony DVD player?
5
5 Privacy Issues of agent-based system User PlatformSP Platform User Agent SP Agent User Service Provider User Agent SP Agent
6
6 Service Provider Privacy Issues of agent-based system TTP User User Agent Agent Home
7
7 Servers Wang’s scheme CMC Customer Agent Home 1.Register ID Return a pseudonym 2.Apply for a agent Return Transaction ID I want to buy a Sony DVD player 3.Agent Executing 4.Order Verification
8
8 Preliminaries Customer CMC Agent Home Servers
9
9 Registration Phase 1.Send 2.Send a random message 3.Send 1.Register Customer’s identity 2.Varify Customer’s Key Pair 3.Generate pseudonym CMC Public List 4.check Customer
10
10 Mobile Agent issuing Customer 1.Apply for a agent using pseudonym (Problem 1) 2.Receive Transaction ID (Problem 2) 3.Shopping agent issuing 1.Send 2.Send 3.Send Agent Home CMC 4.check
11
11 Server Executing the Agent 1.Send the purchase message to the server 2.Generate the bid message and sign it (Problem 3) 3.Return signed bid message Agent 1.Send 2.Send
12
12 Order Verification 1.Return bid message 2.Varify bid message Agent 1.Send Custome r Check 2.Calculate
13
13 Problems of Wang’s protocol 1.CMC should keep online 2. CMC will be the bottle neck while a mass of connection CMC Agent Home Public List CustomerA Check
14
14 Problems of Wang’s protocol 1.Transaction ID, should be changed in each session Customer Agent Home 2.Apply for a agent Return Transaction ID
15
15 Problems of Wang’s protocol 1.A transaction key pair should be generate Servers Agent Home
16
16 Servers Our protocol CMC Customer Agent Home 1.Registeration Return a signature 2.Apply for a agent Return Shuffled Transaction ID I want to find a cheapest Sony DVD player 4.Result reporting 3.Agent executing
17
17 Preliminaries Customer CMC Agent Home Servers
18
18 Registration Phase Customer 1.Send 2.Send 1.Register personal identity 2.Return corresponding signature CMC
19
19 Agent issuing Phase 1.Apply for an agent-service 2.Generate a shuffled transaction number 3.Signed the query message 1.Send 2.Send 4.Send Customer Agent Home Check
20
20 Executing the Agent 1.Receive query message and verify it 2.Generate bid message and sign it 3.Attach the bid message Check 2.Send Server Agent 1.Send
21
21 Our protocol 1.Agent reports the results to AH 2.AH send a list of bid message 3.Customer choose favorite purchase Agent Customer Favorite purchase 4.Send full message with signature Agent Home Check
22
22 Analysis (1/4) Anonymity –Customer’s identity is only known by the trusted CMC. CMC knows AH knows Servers know –Transaction number will be changed in each session. Customer generates in each session. Transaction number
23
23 Analysis (2/4) Unforgeability –Each message is signed by the creator Query message is signed by the customer Bid message is signed by the server
24
24 Analysis (3/4) Non-repudiation –Query message is signed by the customer –Bid message is signed by the server –No one can tamer the message. It means the original creator of the message can not repudiate the message.
25
25 Analysis (4/4) Feasibility –AH need not to contact with CMC to check the validity of Customer. –AH verify the customer using CMC’s public key –We avoid CMC to be a bottle neck.
26
Conclusion We propose the a secure scheme on agent- based electronic commerce transaction with privacy protection. In our scheme, we solve the bottle neck problem of CMC and enhance the privacy protection of customers.
27
Part 2: Location Privacy Issue of RFID System
28
28 Introduction RFID TAG Terminal with a reader Database Server Request Unique Code Information
29
29 79456041 Location privacy issue of RFID system Just Reader Unjust Reader Interceptor 79456041
30
30 Previous schemes(1/4) Hash chain RFID TAG Terminal with a reader Database Server Hash circuit 1.Request ID 2. 4.Return information 3.For each ID in database
31
31 Previous schemes(2/4) Random Hash lock RFID TAG Terminal with a reader Database Server Hash circuit and Random number generator 1.Request ID 2. 4.Return information 3.For each ID in database Interceptor knows Forward secrecy?
32
32 Previous schemes(3/4) Random ID Update RFID TAG Terminal with a reader Database Server Hash circuit IdentityArrayInfo. …. ………. IdentityArrayIndex
33
33 Previous schemes(3/4) RFID TAG Terminal with a reader Database Server Hash circuit 1.Request ID 2. 4.Return information 3.For each ID in database Random ID Update Interceptor knows ?
34
34 Previous schemes(3/4) RFID TAG Terminal with a reader Database Server Hash circuit 4.Return information Random ID Update Update array= Update identity= Update array= Update identity=
35
35 Previous schemes(3/4) RFID TAG Terminal with a reader Database Server Hash circuit 1.Request ID 4.Return information 3. 2. For each ID in database Random ID Update Interceptor Replay attack?Efficiency?
36
36 Previous schemes(4/4) RFID TAG Terminal with a reader Database Server 1.Location privacy: Requirements 2.Replay attack: Interceptor knows 3.Forward secrecy: ? 4.Feasibility: high-efficiency and low-cost
37
37 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit IdentityInfo.Common secrete …. ………. IdentityCommon secrete Index
38
38 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit 1. 2. 3. Reading Phase
39
39 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit 4.Return information Reading Phase 3.
40
40 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit Updating Phase New common secreteupdate common secrete as 4.Return information
41
41 Analysis (1/4) Location privacy –In step 2 of reading phase, the tag should generate the response values and as follows. –Clearly, the two values will be different and independent in each access since the involved random number and the one-way hash value
42
42 Analysis (2/4) Replay attack – In step 3 of reading phase, the reader forwards the challenge number and the tag’s response values to the database server. Then the database server reveals the secret identity of the tag as follows. –It may exist a legitimate secret identity in the database, but it can not pass the following verification.
43
43 Analysis (3/4) Forward secrecy –For each session to authenticate an tag, the tag should generate the following two values and. –Even if the long term key had leaked out, it will not cause the values of the future session can be conquered. Suppose the common secret is still kept secret.
44
44 Analysis (4/4) Feasibility –In our scheme, the database need not to compare the emitted data with all hash values of identities. –The database authenticate a user using following equation.
45
45 Conclusion We propose a secure scheme on RFID system with location privacy protection. In our scheme, we achieve all security requirements such as location privacy, replay attack, and forward secrecy. Moreover our scheme is more efficient than others.
46
46 Thank You
47
47 Server Problems of Wang’s protocol 2.Next transaction, should be changed 1.After transaction, Server may knows the relationship between Customer Agent Home Apply for a agent Return Transaction ID
48
48 Introduction Coil RAM or/and ROM processor RFID TAG Terminal with a reader Database Server
49
49 25795438 Location privacy issue of RFID system Just Reader Unjust Reader Interceptor 4576745687683561 2579543879456041
50
50 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit 1. 2. 3. Reading Phase Interceptor 4.
51
51 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit 1. 2. 3. Reading Phase Interceptor 4.Return information
52
52 Our scheme RFID TAG Terminal with a reader Database Server Hash circuit 1. 2. 3. Reading Phase Interceptor knows ? 4.Return information Common secrete should keep secrete
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.