摘要5-7
Abstract7-15
List of Tables15-16
List of Figures16-17
Notations17-18
Abbreviations18-21
1 Introduction21-31
1.1 Motivations and challenges21-24
1.2 Contributions24-28
1.3 Organisation of thesis28-31
Part I Background31-45
2 Security building blocks32-41
2.1 Security services32-33
2.2 Security Mechanis33-37
2.2.1 Nonces33
2.2.2 Cryptographic hash functions33-34
2.2.3 Key derivation functions34
2.2.4 Symmetric cryptosystems34-35
2.2.5 Asymmetric cryptosystems35-37
2.3 Entity authentication and key estabpshment37-41
2.3.1 Entity authentication: Basic conceptions37-38
2.3.2 General Authentication Model38
2.3.3 Human user authentication38-39
2.3.4 Key estabpshment39-41
3GPP: Generic Authentication Architecture41-45
3.1 Introduction41-42
3.2 Generic Bootstrapping Architecture42
3.3 Support for Subscriber Certifcates42-43
3.4 GAA apppcations43-44
3.5 Summary44-45
II Building on existing security infrastructures for general-purpose security services45-104
4 Generic Security Architecture46-56
4.1 Introduction46
4.2 Generic Security Architecture46-51
4.2.1 Architecture and entities47-50
4.2.2 Procedures50-51
4.3 The GSA key estabpshment service51-52
4.4 The security of GSA52-53
4.4.1 Threat model52
4.4.2 Security goals52-53
4.5 Advantages and disadvantages53-54
4.6 Related work54-55
4.7 Summary55-56
5 3GPP-GBA: GSA supported by G and UMTS systems56-65
5.1 Introduction56-57
5.2 UMTS-GSA57-62
5.2.1 Overview of UMTS security57-58
5.2.2 Architecture and entities58-60
5.2.3 Procedures60-62
5.3 G-GSA62-63
5.4 The security of G- and UMTS-GSA63-64
5.5 Summary64-65
6 GSA supported by Trusted Computing65-83
6.1 Introduction65-66
6.2 Review of TCG specifcations66-71
6.2.1 TPM Identities67-68
6.2.2 Platform Integrity68-69
6.2.3 Secure Storage69-70
6.2.4 The supporting PKI70-71
6.3 TC-GSA71-78
6.3.1 Architecture and entities71-73
6.3.2 Procedures73-78
6.4 Informal Security Analysis78-79
6.5 An enhanced Bootstrapping scheme79-81
6.6 Related work81
6.7 Summary81-83
7 GSA supported by EMV payment cards83-98
7.1 Introduction83-84
7.2 EMV Security84-87
7.2.1 Transactions84-86
7.2.2 AC Generation86-87
7.3 EMV-GSA87-93
7.3.1 Architecture and entities87-89
7.3.2 Procedures89-93
7.4 Informal Security Analysis93-94
7.5 Privacy and security issues94-96
7.5.1 Threats94-96
7.5.2 A modifed scheme96
7.6 Related work96-97
7.7 Summary97-98
8 The provision of ubiquitous GSA security services98-104
8.1 Introduction98
8.2 Enabpng ubiquitous GSA security services98-102
8.2.1 Trust of the B server7999
8.2.2 The distributed deployment of B servers99-100
8.2.3 Trust relationships among B servers and NAF servers100-101
8.2.4 Accessing GSA security services from cpent101-102
8.3 Cost of GSA security services102-103
8.4 Summary103-104
III Building on GSA for Internet user authentication104-152
9 On constructing Internet user authentication using GSA105-109
9.1 Introduction105
9.2 Enhancing static passwords105-107
9.3 Enabpng alternatives to static passwords107-108
9.4 Summary108-109
10 A basic security-enhanced password system using GSA109-117
10.1 Introduction109
10.2 A basic GSA-enhanced password system109-113
10.2.1 Architecture and entities109-111
10.2.2 The basic GSA-enhanced password protocol111-113
10.3 Informal security analysis113-114
10.4 Advantages and Disadvantages114-116
10.5 Summary116-117
11 Ubiquitous one-time password services using GSA117-125
11.1 Introduction117-118
11.2 Phishing attacks118-119
11.3 The GSA-OTP System119-121
11.3.1 Architecture120
11.3.2 The proposed protocol120
11.3.3 Informal security analysis120-121
11.4 Possible variants121-122
11.5 Advantages and disadvantages122-123
11.6 Related work123-124
11.7 Summary124-125
12 SSL/TLS Session-Aware User Authentication using GSA125-134
12.1 Introduction125-126
12.2 Background126-128
12.2.1 SSL/TLS126-127
12.2.2 Man in the Middle Attacks127-128
12.3 Related work128-129
12.4 The GSA-TLS-SA system129-132
12.4.1 Architecture and entities130
12.4.2 The proposed protocol130-131
12.4.3 Informal security analysis131-132
12.5 Advantages and disadvantages132-133
12.6 Summary133-134
13 Leveraging UMTS-GSA for one-time password from an untrusted computer134-152
13.1 Introduction134-136
13.2 The UbiPass System136-141
13.2.1 System Entities and Prerequisites for Operation136-137
13.2.2 System Confguration137-138
13.2.3 OTP Parameter Agreement138-140
13.2.4 OTP Use140-141
13.3 The Bind/Unbind Protocol141-143
13.4 Implementation and Performance143-146
13.5 Usabipty, Scalabipty and Deployment146-147
13.6 Security and Trust Issues147-149
13.7 Related work149-150
13.8 Summary150-152
Conclusions and directions for further research152-155
References155-168
附录:博士论文中文缩写版说明168-169
攻读博士学位期间取得的探讨成果169-175
Acknowledgements175-176
附件176-207