跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 張立仁
Chang, Li-Jen
論文名稱: 基於 FIDO 與 Kerberos 的元宇宙身分驗證設計研究
A Secure Authentication Framework for the Metaverse Environment Based on FIDO and Kerberos
指導教授: 左瑞麟
Tso, Ray-Lin
口試委員: 左瑞麟
Tso, Ray-Lin
楊明豪
Yang, Ming-How
蔡東佐
Tsai, Tung-Tso
陳昱圻
Chen, Yu-Chi
王紹睿
Wang, Peter Shao-Jui
學位類別: 碩士
Master
系所名稱: 資訊學院 - 資訊科學系碩士在職專班
Excutive Master Program of Computer Science
論文出版年: 2025
畢業學年度: 114
語文別: 中文
論文頁數: 75
中文關鍵詞: 元宇宙資訊安全FIDOKerberos身分驗證零信任
外文關鍵詞: Metaverse, Information Security, FIDO, Kerberos, Authentication, Zero Trust
相關次數: 點閱:17下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著科技快速發展,元宇宙(Metaverse)作為一個結合虛擬實境、擴增實境、人工智慧及通訊技術的新興數位空間,逐漸成為下一代網路互動的發展方向。然而,元宇宙的開放性與跨裝置、跨平台特性,使得使用者身分驗證面臨前所未有的挑戰,包括身分偽冒、帳號竊取、社交工程攻擊、中間人攻擊及裝置竊取等風險。傳統以帳號密碼為基礎的驗證方式,已無法有效應對元宇宙中多元化、分散式的安全需求。
    為解決上述問題,現有文獻研究提出基於橢圓曲線密碼學(Elliptic Curve Cryptography, ECC)的三因子驗證機制,強化安全性與隱私性。然而,該方案在跨域應用、裝置驗證與持續驗證層面仍有不足,難以完全滿足元宇宙高度互動與跨平台的需求。有鑑於此,本研究方法提出一個結合 FIDO(Fast Identity Online)、Kerberos 認證協定與符合零信任(Zero Trust)理念的身分驗證設計,期望有一個兼具安全性、互通性與可擴展性的身分驗證機制,以因應元宇宙環境下多裝置、多場景的應用挑戰。
    本研究方法透過分析元宇宙中的身分驗證威脅、探討多因子驗證與 ECC 技術發展,並比較現有身分驗證方案的優缺點,進而設計出結合 FIDO 無密碼驗證特性、Kerberos 票據授權機制與符合零信任理念的身分驗證架構,為元宇宙中的身分驗證提供一套更安全、靈活且可持續發展的解決方案,也為未來建構更全面的元宇宙安全模型奠定了堅實的基礎。

    As the Metaverse evolves into a next-generation interactive space, its open and cross-platform nature renders traditional password-based authentication inadequate against emerging threats like identity theft and impersonation. Existing ECC-based solutions also fall short in cross-domain and continuous verification. To address these challenges, this study proposes a secure authentication framework integrating FIDO (Fast Identity Online), Kerberos, and Zero Trust principles. By combining FIDO's passwordless capabilities with Kerberos's ticket-granting mechanism, the proposed architecture offers a secure, interoperable, and scalable solution tailored for multi-device Metaverse environments, establishing a robust foundation for future security models

    誌謝 I
    摘要 II
    ABSTRACT III
    目次 IV
    表次 VII
    圖次 VIII
    第1章 緒論 1
    1-1. 研究背景 1
    1-2. 研究動機與目的 3
    1-3. 研究貢獻 4
    1-4. 論文架構 5
    第2章 背景知識 6
    2-1. 元宇宙相關 6
    2-1-1. 元宇宙介紹 6
    2-1-2. 元宇宙架構 6
    2-1-3. 元宇宙特性 7
    2-2. FIDO( FAST IDENTITY ONLINE)8
    2-2-1. FIDO介紹 8
    2-2-2. FIDO標準 9
    2-3. KERBEROS 14
    2-3-1. Kerberos介紹 14
    2-3-2. Kerberos流程 14
    2-4. 零信任( ZERO TRUST ) 16
    2-4-1. 零信任介紹 16
    2-4-2. 零信任核心原則 17
    2-5. DIFFIE-HELLMAN 18
    2-5-1. Diffie-Hellman介紹 18
    2-5-2. Diffie-Hellman技術原理 18
    2-6. 訊息驗證碼(MESSAGE AUTHENTICATION CODE, MAC)20
    2-6-1. MAC介紹 20
    2-6-2. MAC運作流程 20
    第3章 相關文獻介紹 21
    3-1. 元宇宙中的身分認證風險 21
    3-2. 多因子認證與ECC技術發展趨勢 23
    3-3. 三因子架構分析 24
    3-3-1. 系統初始化階段(Initialization Phase) 24
    3-3-2. 使用者註冊階段(User Registration Phase) 25
    3-3-3. 虛擬分身生成階段(Avatar Generation Phase) 26
    3-3-4. 登入與驗證階段(Login and Authentication Phase) 28
    3-3-5. 虛擬分身間的驗證階段(Avatar Authentication Phase)30
    3-3-6. 協定分析探討 33
    3-4. 文獻方案分析 34
    3-5. 本研究之延伸觀察與挑戰 36
    第4章 實例介紹與分析 37
    4-1. MICROSOFT ENTRA ID 37
    4-1-1. Microsoft Entra ID介紹 37
    4-1-2. Microsoft Entra ID運作流程 39
    第5章 基於FIDO與KERBEROS的身分驗證架構設計 41
    5-1. 架構設計 41
    5-1-1. Initialization Phase(初始化階段) 41
    5-1-2. User registration phase(使用者註冊階段) 42
    5-1-3. Login and Authentication Phase(登入與驗證階段) 43
    5-1-4 Avatar Generation Phase(虛擬角色生成階段) 44
    5-1-5 Avatar Authentication Phase(虛擬角色間的驗證階段) 44
    5-2. 預期效益 45
    5-3. 驗證架構之多階段流程設計與說明 46
    5-4. 整體設計原則與安全理念 56
    第6章 安全性分析 57
    6-1. 威脅模型與假設 57
    6-2. 形式化驗證 60
    6-3. 安全性比較分析 66
    6-5. 零信任原則符合性分析 69
    第7章 結論 71
    參考文獻 72

    [1] A. Armando et al., "The AVISPA tool for the automated validation of internet security protocols and applications," in International Conference on Computer Aided Verification, Berlin, Heidelberg: Springer Berlin Heidelberg, 2005, pp. 281–285.
    [2] E. Barker et al., "Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography," NIST Special Publication (SP) 800-56A Rev. 3 (Draft), 2017.
    [3] D. Basin, S. Mödersheim, and L. Vigano, "OFMC: A symbolic model checker for security protocols," International Journal of Information Security, vol. 4, no. 3, pp. 181–208, 2005.
    [4] M. Bellare, R. Canetti, and H. Krawczyk, "Keying hash functions for message authentication," in Annual International Cryptology Conference, Berlin, Heidelberg: Springer Berlin Heidelberg, 1996, pp. 1–15.
    [5] Checkpoint, "The ultimate guide to Zero Trust security," 2019. [Online]. Available: https://pages.checkpoint.com/the-ultimate-guide-to-zero-trust.html
    [6] R. Di Pietro and S. Cresci, "Metaverse: Security and privacy issues," in 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2021, pp. 281–288.
    [7] W. Diffie and M. E. Hellman, "New directions in cryptography," in Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman, 2022, pp. 365–390.
    [8] D. Dolev and A. Yao, "On the security of public key protocols," IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 2003.
    [9] B. Falchuk, S. Loeb, and R. Neff, "The social metaverse: Battle for privacy," IEEE Technology and Society Magazine, vol. 37, no. 2, pp. 52–61, 2018.
    [10] FIDO Alliance, "Specifications," n.d. [Online]. Available: https://fidoalliance.org/specifications/
    [11] J. Kindervag, "Build security into your network’s DNA: The zero trust network architecture," Forrester Research Inc, vol. 27, pp. 1–16, 2010.
    [12] J. Kindervag and S. Balaouras, "No more chewy centers: Introducing the zero trust model of information security," Forrester Research, vol. 3, no. 1, pp. 1–16, 2010.
    [13] N. Koblitz, "Elliptic curve cryptosystems," Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
    [14] L. H. Lee et al., "All one needs to know about metaverse: A complete survey on technological singularity, virtual ecosystem, and research agenda," Foundations and Trends® in Human-Computer Interaction, vol. 18, no. 2–3, pp. 100–337, 2024.
    [15] A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, 2018.
    [16] Microsoft, "如何使用安全金鑰在內部部署環境中設定無密碼驗證," n.d. [Online]. Available: https://learn.microsoft.com/zh-tw/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises
    [17] V. S. Miller, "Use of elliptic curves in cryptography," in Conference on the Theory and Application of Cryptographic Techniques, Berlin, Heidelberg: Springer Berlin Heidelberg, 1985, pp. 417–426.
    [18] S. Mystakidis, "Metaverse," Encyclopedia, vol. 2, no. 1, pp. 486–497, 2022.
    [19] C. Neuman, T. Yu, S. Hartman, and K. Raeburn, "RFC 4120: The Kerberos network authentication service (V5)," 2005.
    [20] A. Ometov et al., "Multi-factor authentication: A survey," Cryptography, vol. 2, no. 1, p. 1, 2018.
    [21] S. M. Park and Y. G. Kim, "A metaverse: Taxonomy, components, applications, and open challenges," IEEE Access, vol. 10, pp. 4209–4251, 2022.
    [22] H. Ravilla et al., "Study and analysis of FIDO2 passwordless web authentication," ResearchGate, 2024. [Online]. Available: https://www.researchgate.net/publication/383944347_Study_and_Analysis_of_FIDO2_Passwordless_Web_Authentication
    [23] V. Stafford, "Zero trust architecture," NIST Special Publication, vol. 800, no. 207, pp. 800–207, 2020.
    [24] W. Stallings, Network and Internetwork Security: Principles and Practice. Prentice-Hall, Inc., 1995.
    [25] W. Stallings, Cryptography and Network Security, 4/E. Pearson Education India, 2006.
    [26] J. G. Steiner, B. C. Neuman, and J. I. Schiller, "Kerberos: An Authentication Service for Open Network Systems," in USENIX Winter, 1988, pp. 191–202.
    [27] N. Stephenson, Snow Crash. Penguin UK, 1994.
    [28] G. Thakur et al., "A robust privacy-preserving ECC-based three-factor authentication scheme for metaverse environment," Computer Communications, vol. 211, pp. 271–285, 2023.
    [29] M. Turuani, "The CL-Atse protocol analyser," in International Conference on Rewriting Techniques and Applications, Berlin, Heidelberg: Springer Berlin Heidelberg, 2006, pp. 277–286.
    [30] H. Wang et al., "A survey on the metaverse: The state-of-the-art, technologies, applications, and challenges," IEEE Internet of Things Journal, vol. 10, no. 16, pp. 14671–14688, 2023.
    [31] Y. Wang et al., "A survey on metaverse: Fundamentals, security, and privacy," IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 319–352, 2022.
    [32] J. Ryu, S. Son, J. Lee, Y. Park, Y. Park, Design of secure mutual authentication scheme for metaverse environments using blockchain, Ieee Access 10 (2022) 98944–98958.
    [33] S. Son, J. Lee, M. Kim, S. Yu, A.K. Das, Y. Park, Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain, IEEE Access 8 (2020) 192177–192191.

    無法下載圖示 全文公開日期 2031/01/05
    QR CODE
    :::