| Abstract: | 近年來,無線網路如Wi-Fi及3G在世界上已被廣泛的裝備及普遍的使用。人們在現代的無線網路以手持智慧型裝置可以方便地存取網際網路。然而,當人們正享受的使用無線系統時,網路安全是一個關鍵的挑戰,因為無線的訊號,無論是否有被加密,都可能被駭客惡意的截取。在分析及解密後,駭客非法的取得或偷竊訊號內之重要訊息,如信用卡卡號或帳號密碼。目前的網路安全機制是利用SSL及IPsec來保護這些傳遞中的訊息。然而,這兩種安全協定在金鑰交換和加解密的步驟中仍有其缺點。本研究中,我們提出一種安全的通訊系統Wireless Security System with Data Connection Core(簡稱WiSDC),其中有兩種安全構想,包含對稱金鑰交換程序及二維串流加密機制。前者在Data Connection Core(簡稱DCC)中採用隨機變數及關聯金鑰以產生內部金鑰,藉以加強金鑰交換程序的安全等級。在此,DCC是一組在嚴謹的無線系統中使用者登錄相關資料後所創造的隨機亂數,這些隨機亂數在無線系統中只有使用者及AAA伺服器知道。後者,以二維串流加密機制為例,則引用兩種數學運算,包括互斥運算及二進制加法,並使用兩個隨機亂數來加密明文以便有效的保護明文。WiSDC同時採用隨機亂數產生器以反饋的方式產生更複雜的金鑰及加密密文。實驗的結果顯示WiSDC對於無線環境中可以有效地保護傳輸訊息。分析的結果指出WiSDC比SSL及IPsec有更高的安全等級及執行效率。關鍵字 : Wi-Fi,3G,Data Connection Core,內部金鑰,隨機亂數產生器,二維串流加密
Recently, wireless networks, such as Wi-Fi and 3G, have been widely equipped and popularly used in the world. People holding smart devices can conveniently access the Internet services through modern wireless networks. However, when people are enjoying using wireless systems, network security has been a crucial challenge because wireless messages, encrypted or unencrypted, may be maliciously intercepted by hackers. After analyzing and/or decrypting the messages, hackers can illegally capture or steal important information, such as credit card numbers or usernames/passwords, carried in the messages. Currently, SSL and IPsec are utilized to protect the delivery of these types of information. However, each of the two security protocols has its own drawbacks both in their key exchange and message encryption/decryption processes. To solve these drawbacks, in this paper, we propose a secure communication system, named the Wireless Security System with Data Connection Core (WiSDC for short), which consists of two security schemes, including a symmetric key exchange process and a two-dimensional stream cipher mechanism. The former employs random numbers and the connection keys contained in the Data Connection Core (the DCC for short) to generate internal keys, through which the security level of the key exchange process can be enhanced. Here, the DCC is a set of random numbers created when the underlying user registers himself/herself with the wireless system being considered, and the random numbers are only known to the user and AAA server of the wireless system. The latter, i.e., the two-dimensional stream cipher mechanism, invokes two operators, including exclusive-or ? and binary adder +2 operators, and two Pseudo Random Number Sequences (PRNSs) to encrypt plaintext so as to well protect the plaintext. The WiSDC also adopts a pseudo random number generator, which feeds back keys generated in current stage as a part of the inputs of the next stage, to produce more complicated keys for data encryption. Experimental results show that the WiSDC can effectively protect transmitted messages for wireless environments. The analytical results indicate that the WiSDC has higher security level and execution efficiency than those of the SSL and IPsec.Keywords:Wi-Fi, 3G, Data Connection Core, Internal Key, Pseudo Random Number Generator, Two-dimensional Stream Cipher |
