資訊管理學報
蘇品長;賴怡聖;陳岳霖;
頁: 93-121
日期: 2024/01
摘要: 為能杜絕來自網際網路的威脅並保護企業內部資料安全,多數企業採取實體隔離措施,並以集控式儲存媒體管控系統,結合白名單及權限管控進行管理,其中白名單係以硬體裝置序號為基礎,然考量裝置序號亦可透由人工燒錄而成,一旦有心人士偽冒為白名單USB裝置,則可在於企業內部主機獲合法資料存取。為能明確賦予企業內部公用USB裝置及公用電腦具備不可否認之數位身分,並以單次作業授權結合使用者資料交換作業行為,建立安全且可線上稽核之作業環境。本研究整合自我認證機制、橢圓曲線密碼系統及隨機背包難題之應用,建構具身分驗證之USB存取管控系統,管理者掌握管控內作業電腦及USB裝置授權資訊及稽核紀錄,使用者可依實務需求進行USB存取授權申請,並藉由橢圓曲線加密應用強化資料傳輸安全,落實裝置存取管理及後續稽核查驗之可用性,期能達到存取服務更具彈性及高安全性。
關鍵字: 身分驗證;存取管控;自我認證;通用序列匯流排;
Abstract: In order to protect the internal data against the cyberthreats from the Internet, corporations mostly enforcing the network isolation policy. On the basis of USB storage media control with a centralized management system, USB devices can be managed through a whitelist and permission access mechanism. In sight of the whitelist is based on the serial number of the hardware device, and that, those device serial number can be manually burned. What’s more, a fake whitelisted USB device can be used to access internal computers legally. The research integrates the application of Self-Certified scheme, Elliptic Curve Cryptography and Random Knapsack mechanism, to ensure that the internal USB devices and computers for public use have an undeniable digital identity, constructing a USB access control system with Identity Verification. Besides, the administrator manages the authorization information and audit records of all internal computers and USB devices. Moreover, users can apply for USB access authorization according to practical needs. With the architecture of Elliptic Curve encryption, we can strengthen data transmission security to implement device access management and online audit. Through the control mechanism combining the one-time authorization and data exchange, in this way, we can establish a flexible and high security access services with a safer and auditable operating environment.
Keywords: Authenticity, Access Control, Self-Certification, USB device;
瀏覽次數: 18123 下載次數: 336
引用 導入Endnote
頁: 93-121
日期: 2024/01
摘要: 為能杜絕來自網際網路的威脅並保護企業內部資料安全,多數企業採取實體隔離措施,並以集控式儲存媒體管控系統,結合白名單及權限管控進行管理,其中白名單係以硬體裝置序號為基礎,然考量裝置序號亦可透由人工燒錄而成,一旦有心人士偽冒為白名單USB裝置,則可在於企業內部主機獲合法資料存取。為能明確賦予企業內部公用USB裝置及公用電腦具備不可否認之數位身分,並以單次作業授權結合使用者資料交換作業行為,建立安全且可線上稽核之作業環境。本研究整合自我認證機制、橢圓曲線密碼系統及隨機背包難題之應用,建構具身分驗證之USB存取管控系統,管理者掌握管控內作業電腦及USB裝置授權資訊及稽核紀錄,使用者可依實務需求進行USB存取授權申請,並藉由橢圓曲線加密應用強化資料傳輸安全,落實裝置存取管理及後續稽核查驗之可用性,期能達到存取服務更具彈性及高安全性。
關鍵字: 身分驗證;存取管控;自我認證;通用序列匯流排;
The Discussions in Physical Isolation of Computer Data: A Study on USB Mass Storage Devices Access Management Based on Identity Verification Mechanism
Abstract: In order to protect the internal data against the cyberthreats from the Internet, corporations mostly enforcing the network isolation policy. On the basis of USB storage media control with a centralized management system, USB devices can be managed through a whitelist and permission access mechanism. In sight of the whitelist is based on the serial number of the hardware device, and that, those device serial number can be manually burned. What’s more, a fake whitelisted USB device can be used to access internal computers legally. The research integrates the application of Self-Certified scheme, Elliptic Curve Cryptography and Random Knapsack mechanism, to ensure that the internal USB devices and computers for public use have an undeniable digital identity, constructing a USB access control system with Identity Verification. Besides, the administrator manages the authorization information and audit records of all internal computers and USB devices. Moreover, users can apply for USB access authorization according to practical needs. With the architecture of Elliptic Curve encryption, we can strengthen data transmission security to implement device access management and online audit. Through the control mechanism combining the one-time authorization and data exchange, in this way, we can establish a flexible and high security access services with a safer and auditable operating environment.
Keywords: Authenticity, Access Control, Self-Certification, USB device;
瀏覽次數: 18123 下載次數: 336
引用 導入Endnote