题名

智慧型裝置應用於雲端資料共享之安全防護研究

作者

陳信北;陳維魁;邱業桐

关键词

一次性密碼系統 ; 資料共享安全 ; 互動安全碼 ; IMOTP

期刊名称

資訊安全通訊

卷期/出版年月

20卷2期(2014 / 04 / 01)

页次

97 - 118

内容语文

繁體中文
中文摘要

近年來雲端運算技術的發展較著重於基礎的建設與服務的提供,在資訊安全方面只有簡單的網路控管與簡易帳號識別等。本研究的內容主要針對雲端資料共享安全之身分識別與存取管理方面進行研究。本研究將改良目前現有廣泛流行的一次性密碼系統(One-Time Password; OTP)技術為互動式行動OTP(Interaction Mobile OTP; IMOTP)於智慧型行動裝置上與PKI(Public Key Infrastructure)系統相互結合,應用於雲端硬碟之資料共享安全的機制上。我們將利用系統每回隨機產生的視覺碼(Vision-Code)做為交互詢答認證的基礎,由行動裝置APP應用程式運算完成後得到IMOTP互動安全碼,去登入身分認證識別,並利用PKI系統對共享資料做加密。此系統將與現行雲端硬碟登入方式(如;帳號密碼認證、OTP登入認證)做比較,進行各項網路攻擊之竊取行為模擬並做安全分析。相信系統模擬結果可提高雲端硬碟資料共享的安全性。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Microsoft SkyDrive, https://login.live.com/login.srf?
  2. Oracle White Paper, Information Lifecycle Management for Business Data, http://www.oracle.com/, June 2007
  3. Anti-Phishing Working Group, Inc. http://www.antiphishing.org, 2012
  4. Google 雲端硬碟,https://www.google.com.tw/
  5. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V3.0, Nov. 2011..
  6. Dropbox, https://www.dropbox.com/
  7. Chu, C.-K.,Zhu, W.-T.,Han, J.,Liu, J. K.,Jia, X.,Zhou, J. Y.(2013).Security Concerns in Popular Cloud Storage Services.IEEE Pervasive Computing,12(4),50-57.
  8. Hayes, B.(2008).Cloud computing.Communications of the ACM,51(7),9-11.
  9. Huang, X.,Zhang, T.,Hou, Y.(2009).ID Management among Clouds.2009 First International Conference on Future Information Networks
  10. Hur, Junbeom(2013).Improving Security and Efficiency in Attribute-Based Data Sharing.IEEE Transactions on Knowledge and Data Engineering,25(10),2271-2282.
  11. Hwang, K.,Kulkareni, S.,Hu, Y.(2009).Cloud Security with Virtualized Defense and Reputation-Based Trust Management.IEEE International Conference on DASC '09
  12. Jensen, M.,Schwenk, J.,Gruschka, N.,Iacono, L.L.(2009).On Technical Security Issues in Cloud Computing.IEEE International Conference on Cloud Computing
  13. Kao, Y.-W.,Huang, K.-Y.,Gu, H.-Z.,Yuan, S.-M.(2013).uCloud: a user-centric key management scheme for cloud data protection.IET Information Security,7(2),144-154.
  14. Kaufman, L. M.(2009).Data Security in the World of Cloud Computing.IEEE Security & Privacy,7(4),61-64.
  15. Li, H.,Dai, Y.,Tian, L.,Yang, H.(2009).Identity-Based Authentication for Cloud Computing.CloudCom 2009
  16. Liu, X.,Zhang, Y.,Wang, B.,Yan, J.(2013).Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.IEEE Transactions on Parallel and Distributed Systems,24(6),1182-1191.
  17. Sun Microsystems Inc.(2009).Introduction to Cloud Computing architecture White Paper.
  18. Sundareswaran, S.,Squicciarini, A. C.,Lin, D. E.(2012).Distributed Accountability for Data Sharing in the Cloud.IEEE Transactions on Dependable and Secure Computing,9(4),556-568.
  19. Wang, C.,Chow, S.S.M.,Wang, Q.,Ren, K.,Lou, W.J.(2013).Privacy-Preserving Public Auditing for Secure Cloud Storage.IEEE Transactions on Computers,62(2),362-375.
  20. Wang, C.,Wang, Q.,Ren, K.,Lou, W.(2009).Ensuring data storage security in Cloud Computing.17th International Workshop on Quality of Service
  21. Weiss, A.(2007).Computing in the Clouds.Net Worker,11(4),16-25.
  22. Yildiz, M.,Abawajy, J.,Ercan, T.,Bernoth, A.(2009).A Layered Security Approach for Cloud Computing Infrastructure.2009 10th International Symposium on ISPAN
  23. Yu, X.,Wen, Q.(2010).A View about Cloud Data Security from Data Life Cycle.Proc of CISE
print cancel