跳到主要內容

簡易檢索 / 詳目顯示

研究生: 李滎澤
Ying-tse Lee
論文名稱: 同步選擇派翠網路在虛擬私人網路上的應用
Application of Synchronized Choice Petri Nets to Virtual Private Networks
指導教授: 趙玉
學位類別: 碩士
Master
系所名稱: 商學院 - 資訊管理學系
Department of Management Information System
論文出版年: 2003
畢業學年度: 91
語文別: 英文
論文頁數: 78
外文關鍵詞: Synchronized Choice Petri Nets, Dynamic Key Exchange, One Time Pads, Virtual Private Networks
相關次數: 點閱:193下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

  •   The Synchronize Choice Petri net, a subclass of Petri nets that is constructed based on special structural objects, can improve analytical power to make solving the behavioral problems of Petri nets practically possible. The fact that proving liveness and verifying reachability of a Synchronize Choice Petri net are feasible may lead to several applications. This thesis contributes to one of the applications: building a dynamic key exchange mechanism embedded in Virtual Private Network products by applying Synchronize Choice Petri nets.
      Based on modern symmetric-key algorithms, such as DES, the dynamic key exchange mechanism enables two communicating sides to use the changing keys to encrypt or decrypt messages correctly without requiring any key transmission during the communication session after the initiation. A proper use of the mechanism is to be integrated with Virtual Private Network products to make the information transmitting between two peers more confidential.

    Abstract-----i
    Acknowledgements-----ii
    Contents-----iii
    List of Figures-----v
    List of Tables-----vi
    1 Introduction-----1
      1.1 The Use of Virtual Private Networks-----1
      1.2 Drawbacks of the Modern VPN Security Mechanism-----2
      1.3 A Brief Introduction to Synchronized Choice Petri Nets-----7
      1.4 Applying Synchronized Choice Petri Nets as a Security Algorithm to VPN-----9
      1.5 Research Method and Framework-----10
    2 Literature Review-----13
      2.1 Security Algorithms in Virtual Private Network-----13
        2.1.1 Symmetric-key Algorithms-----13
        2.1.2 Asymmetric-key Algorithms-----21
        2.1.3 IPsec-----26
      2.2 Synchronized Choice Petri Net-----33
        2.2.1 Preliminaries-----33
        2.2.2 Analysis Techniques-----37
        2.2.3 Subclasses of Petri nets-----40
        2.2.4 Additional Structural Properties of Petri Nets-----41
        2.2.5 Liveness for Synchronized Choice Petri Nets-----43
        2.2.6 Formal Proof of Liveness Conditions-----46
        2.2.7 The Algorithm for Verification of SNC and Liveness-----48
    3 System Analysis and Design-----50
      3.1 System Overview-----50
      3.2 System Module Analysis-----51
       3.3 System Module Design-----53
    4 Prototype System Implementation-----57
      4.1 Development Platform-----57
      4.2 Development Tools57
        4.2.1 Access Database System-----57
        4.2.2 Borland C++ Builder Component-----58
      4.3 The Core of SNC Security-----59
         4.3.1 Data Representation of SNC net-----60
        4.3.2 Generating a New Marking-----61
        4.3.3 Checking Firability-----62
        4.3.4 Generating a Firing Sequence-----63
        4.3.5 Using a Marking as an Encryption Key-----64
    5 Conclusions and Suggestions-----66
      5.1 Conclusions-----66
      5.2 Suggestions-----66
      5.3 Research Limitations-----67
    Bibliography-----68

    List of Figures
    Figure 1.1 The concept of VPN-----1
    Figure 1.2 The use of Petri nets for the modeling and analysis of systems-----7
    Figure 1.3 The mutual exclusion problem modeled by Petri nets-----8
    Figure 1.4 The research framework-----12
    Figure 2.1 The symmetric-key encryption model-----14
    Figure 2.2 The simplified depletion of DES-----16
    Figure 2.3 The asymmetric-key encryption model-----22
    Figure 2.4 An example of elliptic curves-----25
    Figure 2.5 Classes of elliptic curves used by cryptographers-----25
    Figure 2.6 Host-to-host and gateway-to-gateway secure communication-----27
    Figure 2.7 Transport and tunnel modes of IPsec-----28
    Figure 2.8 (a) AH transport mode (b) AH tunnel mode (c) ESP transport mode (d) ESP tunnel mode-----31
    Figure 2.9 (a) an example of a Petri net (b) the reachability tree of (a)-----38
    Figure 2.10 (a) an example of a Petri net (b) the incidence matrix of (a)-----39
    Figure 2.11 The bridge B and the subhandle H<sub>s</sub>-----45
    Figure 3.1 The architecture of the prototype system-----50
    Figure 3.2 The idea of dynamic identity generation-----51
    Figure 3.3 The idea of dynamic encryption key generation-----51
    Figure 3.4 The design of user authentication module-----51
    Figure 3.5 The design of data encryption module-----53
    Figure 3.6 The design of the SNC crypto engine-----55
    Figure 4.1 A simplified database system environment-----56
    Figure 4.2 The concept of SNC security-----58
    Figure 4.3 The transpose of incidence matrix A in figure 2.10 (b)-----60
    Figure 4.4 The code snippet of transferring the incidence matrix into the transpose of incidence matrix-----60
    Figure 4.5 (a) a Petri net in figure 2.10 with a marking state (b) the marking vector of (a) (c) the firing transition vector of (a)-----61
    Figure 4.6 The code snippet of generation of a new marking-----62
    Figure 4.7 The code snippet of checking firability-----63
    Figure 4.8 The code snippet of generation of a firing sequence-----64
    Figure 4.9 Using a marking as an encryption key-----65

    List of Tables
    Table 1.1 Drawbacks of security algorithms or of security concepts-----6
    Table 2.1 Other DES replacements-----21

    [Brown 1999] Steven Brown, Implementing Virtual Private Networks, McGraw-Hill, 1999.
    [Burnett 2000] Steve Burnett, Crypto Blunders, RSA Security, Inc., 2000.
    [Burnett and Paine 2001] Steve Burnett and Stephen Paine, RSA Security’s Official Guide to Cryptography, McGraw-Hill, 2001.
    [Chao and Nicdao 2001] Daniel Y. Chao and Jose A. Nicdao, Liveness for Synchronized Choice Petri Nets, The Computer Journal, Vol. 44, No. 2, 2001, pp124 — 136.
    [Desel and Reisig 1998] Jörg Desel and Wolfgang Reisig, Place/Transition Petri Nets, Lectures on Petri Nets I: Basic Models — Advances in Petri nets, Lecture Notes in Computer Science, Vol. 1491, 1998, pp122 — 173.
    [Ellison and Schneier 2000] Carl Ellison and Bruce Schneier, Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure, Computer Security Journal, Vol. 16, No. 1, 2000.
    [Elmasri and Navathe 2000] Ramez Elmasri and Shamkant B. Navathe, Fundamentals of Database Systems, third edition, Addison-Wesley, 2000.
    [Ferguson and Schneier 2002] Niels Ferguson and Bruce Schneier, A Cryptographic Evaluation of IPsec, Counterpane Internet Security, Inc., http://www.counterpane.com, 2002.
    [Lipton 1976] Lipton, R.J., The Reachability Problem Requires Exponential Space, New Haven, CT, Yale University, Dept. of Computer Science, Res. Rep. 62, 1976.
    [Nicdao 2000] Jose A. Nicdao, Fundamental Structures in Petri Nets, Master Thesis, National Cheng Chi University, Taipei, Taiwan, 2000.
    [Peterson 1981] James L. Peterson, Petri Net Theory and the Modeling of Systems, Prentice-Hall, 1981.
    [Rozenberg and Engelfriet 1998] Grzegorz Rozenberg and Joost Engelfriet, Elementary Net Systems, Lectures on Petri Nets I: Basic Models — Advances in Petri nets, Lecture Notes in Computer Science, Vol. 1491, 1998, pp12 — 121.
    [Schneier 1998] Bruce Schneier, Security Pitfalls in Cryptography, Counterpane Systems, 1998.
    [Stallings 1999] William Stallings, Cryptography and Network Security — Principles and Practice, second edition, Prentice-Hall, 1999.
    [Tanenbaum 1996] Andrew S. Tanenbaum, Computer Networks, third edition, Prentice-Hall, 1996.
    [Yuan and Strayer 2001] Ruixi Yuan and W. Timothy Strayer, Virtual Private Networks — Technologies and Solutions, Addison-Wesley, 2001.
    [Wiener 1990] Wiener M., Cryptanalysis of Short RSA Secret Exponents, IEEE Transactions on Information Theory, vol. IT-36, 1990.

    無法下載圖示 此全文未授權公開
    QR CODE
    :::