201117041 λ · •.六、發明說明: 【發明所屬之技術領域】 本發明係關於一種外接式健存裝置相互認證方法,特別 是指-種利用有效㈣認證協定來監控與管理傳輸介面,以 防止資料經由外接式儲存裝置浪露,縱然外接式儲存裝置遭 竊’盜取者也難讀㈣存的資訊,對於企業或政府機構的 資訊安全提供適當的保護之傳輸介面認證方法。 • 【先前技術】 近年來,隨著電腦與資訊產㈣蓬勃發展,各種新的周 邊設備可輕易的連結上PC^Noteb〇〇k等企業電腦終端其 中包含了網際網路和外接式儲存裝置等,這些新的連結装 置,雖㈣人類帶來了效率與便利性,但也對資料的保密和 安全造成了很大的威脅。而在控管方面,網際網路比較容易 管理,-般企業會在在網路閘道端部署各種不同功能的資安 _設備’像是郵件過攄(稽核)’或者是即時通訊侧錄設備, 目的除了防纽圾郵件、病毒等含有不當内容的資料進入各 使用者的電腦造成破壞之外’也能記錄進出網路的所有訊 息。 而現有的企業或單位在建構内部儲存網路時,通常會選 一般電腦主機與外接式的 擇DAS、NAS與SAN三種方式作為 儲存設備的連接方式: 201117041201117041 λ · • 6. Description of the invention: [Technical field of the invention] The present invention relates to a method for mutual authentication of external storage devices, in particular to use an effective (four) authentication protocol to monitor and manage the transmission interface to prevent The data is leaked through the external storage device, even if the external storage device is stolen, it is difficult for the pirate to read (4) the information stored, and the transmission interface authentication method for providing appropriate protection for the information security of the enterprise or the government agency. • [Prior Art] In recent years, with the rapid development of computers and information products (four), various new peripheral devices can be easily connected to PC^Noteb〇〇k and other enterprise computer terminals, including Internet and external storage devices. These new connecting devices, although (iv) humans bring efficiency and convenience, but also pose a great threat to the confidentiality and security of data. In terms of control, the Internet is relatively easy to manage, and enterprises will deploy various functions of the security device on the network gateway side. The device is like an email (audit) or an instant messaging device. In addition to anti-mug mail, viruses and other data containing inappropriate content into the user's computer caused damage, it can also record all messages entering and leaving the network. When an existing enterprise or organization constructs an internal storage network, it usually selects a general computer host and an external DAS, NAS, and SAN as the storage device connection method: 201117041
i I ' ' 1. DAS(Direct Attached Storage )就是所謂的直接相連 接,由於DAS是將儲存裝置直接與伺服器相連,因此 這樣的設計能夠提供較高的安全性。 2. NAS(Network Attached Storage)是將儲存系統透過一 特殊專Π的檔案伺服器直接連到區域網路上,其設計 在需要擷取與共享大量文件資料系統的環境。 3. SAN(Storage Area Network)為將許多儲存裝置從區域 • 網路獨立出來成為另一個網路,其最大的特色即在於 得以實現伺服器與儲存設備間多對多的高速連接,同 時以便將資料集中管理。 通用串列匯流排(Universal Serial Bus簡稱USB)是 目則最常見的連結介面之一,它強調的是能夠即插即用 (Plug-and-Play )’並能自動偵測與配置系統的資源。因此 許多周邊應用也隨之而起,其中又以USB為傳輸介面的儲存 •裝置更是受到歡迎,也因此讓資料的傳輸更加快速與方便。 但很不幸的’針對傳輸介面的監控與管理系統並不常 見’也對資訊安全方面造成很大的漏洞。 而美國太空總署(National Aeronautics and Space Administration,NASA)先前由於内部電腦經由外接式儲存 裝置的資料外洩與病毒感染,使美國太空總署下達了禁止使 用外接式儲存裝置的規I為了防止前提f安漏洞,有的單 位/企業拆除傳輸介面,也有使用軟體封鎖傳輸介面,但如 201117041i I ' ' 1. DAS (Direct Attached Storage) is a so-called direct connection. Since DAS connects the storage device directly to the server, this design provides high security. 2. NAS (Network Attached Storage) connects the storage system directly to the local area network through a special dedicated file server. It is designed in an environment that needs to capture and share a large number of file data systems. 3. SAN (Storage Area Network) is to separate many storage devices from the regional network into another network. The biggest feature is that it can realize the many-to-many high-speed connection between the server and the storage device. Centralized management of data. Universal Serial Bus (USB) is one of the most common connection interfaces. It emphasizes plug-and-play (Plug-and-Play) and automatically detects and configures system resources. . As a result, many peripheral applications have followed, with USB as the storage interface for storage. • Devices are more popular, which makes data transmission faster and more convenient. But unfortunately, the monitoring and management system for the transmission interface is not common, and it also causes a lot of loopholes in information security. The National Aeronautics and Space Administration (NASA) has previously issued a ban on the use of external storage devices to prevent premise due to the leakage of data from internal computers via external storage devices and virus infection. f security loopholes, some units/enterprise remove the transmission interface, and also use the software to block the transmission interface, but as 201117041
i- I ’ ’此—來,外接式儲存袭置的便利性即大打折扣。 相形之下,以USB為連接蜂的儲存裝置較難有效管理, 也為各種機密資料的安全性帶來了很大的風險;因此,如何 有效的控管這些即時存取的储存裝置已經成為現今資訊安 全的一大重要議題了 β 【發明内容】 本發明之目的即在於提供-種外接讀存裝置相互認證 春方法,係提出一套有效率的認證協定來監控與管理傳輸介 面,希望能保留外接式儲存裝置帶來的優勢,又能防止經由 外接式儲存裝置衍生的資安問題。 可達成上述目的之外接式储存裝置相互認證方法,使用 者必須透過通行碼與遠端㈣器達到交互認證,並且取得協 商金錄#利用!4把金錄對傳輸介面的傳輸做加解密的動 作。I- I ’ ‘this—com, the convenience of external storage is greatly reduced. In contrast, the storage device with USB as the connection bee is difficult to manage effectively, and it also poses a great risk to the security of various confidential data; therefore, how to effectively control these instant access storage devices has become a modern An important issue of information security is β. [Invention] The purpose of the present invention is to provide an external authentication method for external authentication, which proposes an efficient authentication protocol to monitor and manage the transmission interface, hoping to retain The advantages brought by the external storage device can prevent the security problems derived from the external storage device. The mutual authentication method of the external storage device can be achieved for the above purpose, and the user must achieve mutual authentication through the pass code and the remote (four) device, and obtain the use of the business registration! 4 The operation of encrypting and decrypting the transmission of the gold interface to the transmission interface.
至於在協商金鑰方面 本發明使用了 Diffie和Heilman 在1976年所提出的金較換協定,此協定的目的在於當網 路上的雙方需㈣訊時,彼此只需要分享部分㈣密資訊就 可透過模指數的運算,使得雙方獲得相同的協商金餘,並且 運用這把金鑰對想要傳送之訊息加密。 但上述協定容易遭受中間人攻擊’假設傳送端與接受端 之間存在-個攻擊者’攻擊者若假㈣送端傳送其公開金錄 給接收者,則接收者會因缺之身分料,而無法辨别出此訊 201117041 許多學者對此問題 方的身分確認方法 息是否由傳送者所發送。因此近幾年來, 紛紛提出解決其中㈣行碼做為雙 最為廣泛採用。 …:在本發明所提出的協定方法_,不但能夠對傳輸介 出有效的控g ’並且在遠端認證協定中還能滿足以下特 性: 通訊雙方月b夠在最有限的通訊次數中達到交互驗證。 • 2.本發明能夠抵擋一些常見的攻擊方式。 3.協商金鑰建立在解Diffie_HeU_之難題上。 【實施方式】 明參閱圖-及圖二’為本發明外接式儲存裝置相互認證 方法之系統流程示意圖及驗證與資料加密階段流程示意 圖’由圖中可知’在本發日㈣統設Μ,所有要經由標準傳 輸介面(Interface)的槽案都是被限制住的。該傳輸介面能為 鲁 USB SuperSpeed USB、超寬頻(uitl*awideband)的無線 USB、 eSATA FireWire、PCI Express、光纖傳輸外部介面標準(Light Peak)、紅外線、藍牙等介面。 假設使用者2想要以外接式儲存裝置3透過電腦傳輸介 面傳輸檔案到儲存裝置,則必須先通過遠端伺服器丨的認 證,系統才會開啟傳輸介面給使用者2使用。而所有透過傳 輸介面傳輸到儲存裝置的檔案都會運用一把協商金鑰進行 加密,此金鑰是依據檔案名稱和使用者2身分建立的,因此 201117041 任何使用者2或㈣所產生的協商金錄都不相同,並且祠服 器1會將每個使用者2透過傳輸介面傳輸的㈣紀錄在伺服 器1的資料料’已達到機錢㈣驗與管理,此外,若 使用者2欲對此加密檀案進行解密也必須通過相同的驗證程 序並取得同樣㈣商金射能成功解密,並以統會在每次 A解密後删除暫存在使用者2端的協商切,以確保系統的 安全性。其中料接式儲存裝置3能為外接式隨身硬碟、外 接式硬碟、外接燒錄儲存設備。 以下為說明本發明的協定方法,其相關參數及符號定義 如下: P:為一個大質數。 g:由 <中所選取的原根。 id :使用者的帳號。 W:使用者的密碼。 (U):伺服器的公鑰與密鑰,並且r=ym£)dp λ(·):無碰揸單向雜湊函數。 丨丨:字串連結運算符號。 尺.使用者與伺服器通訊之秘密交談金錄。 欲加密的檔案名。 F :欲加密的檔案。 心[]:以尺為金錄的對稱加密式。As for the negotiation key, the invention uses the gold exchange agreement proposed by Diffie and Heilman in 1976. The purpose of this agreement is that when both parties on the network need (4), they only need to share some (four) secret information. The operation of the modulus index allows both parties to obtain the same negotiation margin and use this key to encrypt the message that they want to transmit. However, the above-mentioned agreement is vulnerable to man-in-the-middle attacks. Suppose there is an attacker between the transmitting end and the receiving end. If the attacker sends a false call to the recipient, the recipient will be short of the material. Unable to distinguish this news 201117041 Many scholars have confirmed the method of identity of the problem party by the sender. Therefore, in recent years, it has been proposed to solve the problem that (4) the line code is the most widely used. ...: The proposed method in the present invention _ not only can effectively control the transmission and can also meet the following characteristics in the remote authentication protocol: The communication parties can reach the interaction in the most limited number of communication times. verification. • 2. The present invention is able to withstand some common attacks. 3. The negotiation key is built on the problem of solving Diffie_HeU_. [Embodiment] FIG. 2 and FIG. 2 are a schematic diagram of a system flow diagram of a mutual authentication method for an external storage device according to the present invention, and a schematic diagram of a process of verifying and encrypting data in the process of 'encryption of the data. Slots that pass through the standard transport interface are restricted. The transmission interface can be USB SuperSpeed USB, ultra-wideband (uitl*awideband) wireless USB, eSATA FireWire, PCI Express, optical transmission external interface standard (Light Peak), infrared, Bluetooth and other interfaces. It is assumed that the user 2 wants the external storage device 3 to transmit the file to the storage device through the computer transmission interface, and the system must first open the transmission interface to the user 2 through the authentication of the remote server. All files transmitted to the storage device through the transmission interface are encrypted using a negotiation key. The key is created based on the file name and user 2, so 201117041 any user 2 or (4) generated the negotiation record. Different, and the server 1 will transfer each user 2 through the transmission interface (4) The data recorded in the server 1 'has reached the machine money (four) inspection and management, in addition, if the user 2 wants to encrypt this The decryption of the Tan case must also pass the same verification procedure and obtain the same (4) commercial gold can be successfully decrypted, and the conference will delete the temporary negotiation of the user 2 after each A decryption to ensure the security of the system. The material storage device 3 can be an external portable hard disk, an external hard disk, and an external burning storage device. The following is a description of the agreed method of the present invention, the relevant parameters and symbols are defined as follows: P: is a large prime number. g: the original root selected by <. Id : The user's account number. W: User's password. (U): the server's public key and key, and r = ym £) dp λ (·): no touch one-way hash function.丨丨: String concatenation operands. Ruler. The secret conversation of the user's communication with the server. The name of the file to be encrypted. F: The file to be encrypted. Heart []: Symmetrical encryption with a ruler of gold.
Art]:以Λ"為金錄的對稱解密式。 201117041Art]: Λ" is the symmetric decryption of the golden record. 201117041
i I ’ •※註冊階段: 在註冊階段’首先使用者2自行選取一組讀π傳送給 祠服器!進行註冊動作,飼服器!收到密瑪後,先將帳號與 密碼經由無碰撞單向雜湊函數運算處理,再利用其秘密金鑰 X加密計算出,並將驗證表•存在飼服器1 的資料庫巾。最後健H丨則將所收到密碼由Μ中删除, 便完成了註冊階段。此註冊階段傳送過程皆在安全通道之下 ^ 通訊。 ※驗證與資料加密階段: 當使用者2向伺服器!註冊完成之後,若使用者2欲使 用外接式儲存裝置3的即時存取功能時,則必須與词服器工 達成交互認證,並且建立協商金鑰尤= g〇m〇d^其通訊階段 之流程,以下分四個步驟詳細敘述之: • 步驟一:首先使用者2先透過正常程序將外接式儲存裝 置3插入電腦中,並且輸入正確的w與π,此時系統會選取 一個當下的時戳Γ„並且在中隨機選取一個隨機亂數尸,並 十算及= grmodp與6 = /^丨丨/^),接著再運用伺服器1的公鑰y計 算0T6m〇dp與驗證訊息泌ς=啦丨丨ό丨丨厂丨丨,接著將所計算 出的訊息{ς,Μ4ς,竑7;}與欲加密的檔案檔名^傳送給伺服器 1 ° 步驟二:當伺服器i收到訊息U與檔名K後, 201117041i I ’ • Registration stage: In the registration stage, the user 2 first selects a set of reading π to transmit to the server! Make a registration action, feed the device! After receiving the Mimar, the account and password are first processed through the collision-free one-way hash function, and then encrypted using the secret key X, and the verification table is stored in the database towel of the feeder 1. At the end of the day, the password is deleted from the file and the registration phase is completed. This registration phase is transmitted under the secure channel ^ Communication. ※ Verification and data encryption phase: When user 2 is directed to the server! After the registration is completed, if the user 2 wants to use the instant access function of the external storage device 3, it must reach an interactive authentication with the word service device, and establish a negotiation key, especially = g〇m〇d^ The process is described in detail in four steps: • Step 1: First, the user 2 first inserts the external storage device 3 into the computer through the normal program, and inputs the correct w and π, and the system selects a current time. Poke Γ „ and randomly select a random number of corpses, and calculate = grmodp and 6 = / ^ 丨丨 / ^), and then use the public key y of server 1 to calculate 0T6m 〇 dp and verify message secretion = 丨丨ό丨丨 丨丨ό丨丨 丨丨 丨丨, then the calculated message {ς, Μ 4 ς, 竑 7;} and the file name to be encrypted ^ to the server 1 ° Step 2: When the server i received Message U and file name K, 201117041
I I 伺服器1會先將使用者2的w與巧記錄在資料庫中,接著選 取一個時戳7;,並檢驗時戳7;-7;<ΔΓ是否為合法,若不合法則 終止此次通訊。隨後伺服器】根據使用者2的W,在資料庫 中找出相對應的驗證表;r,並運用其秘密金鑰$計算 ,接著運用y來計算,並驗證所收到 訊息Μ4(71==ΜΛ’μ’丨|7;||F”)是否相等,若相等則代表此次通訊的 使用者2為合法,反之則中斷此次通訊;接著伺服器丨運用 #接收到的檔名F”計算W = /I(F”丨卜)與q =0,+ «)^^,最後計算驗證 訊息=咐,|丨”丨丨Ό ’並且將所產生的。,从^幻傳送給使用 者2。 步驟二.當使用者2接受到訊息%,嫩後,首先選取 一個當下的時戳7:,並驗證伺服器!的時戳γ",_γ <λγ是否為 合法,若合法則計算心cmod/3,接者驗證所收到的訊息 就2是否與自行I生的_„]|7;)相#,若相等即代表與词服 ♦器1為合法祠服器卜並且成功達到交互驗證。最後使用者 2計算少=解丨丨㈣丨《’)協商金錄!=町=发”福々。 步驟四:當使用者2與舰器1完成了以上驗證步驟, 即可計算出協商金錄w,mGd/?e假設使用者2要透過傳輸 介面使用儲存裝置的即時存取的功能時,就可運用這把與飼 服器1計算出的協商金鑰對檔案F進行加密即為训以 達到槽案的保護與使用傳輸介面快取記憶體的私密性和安 全性。而在槽案解密方面,假設下次要使用此儲存裝置令的 201117041II Server 1 will first record the w and Q of user 2 in the database, then select a time stamp 7; and check the time stamp 7; -7; < Δ Γ is legal, if not legal, then terminate this time communication. Then the server] according to the user 2's W, find the corresponding verification table in the database; r, and use its secret key $ calculation, then use y to calculate, and verify the received message Μ 4 (71 = =ΜΛ'μ'丨|7;||F") is equal. If they are equal, it means that the user 2 of the communication is legal, otherwise the communication is interrupted; then the server uses the file name F received by # "Calculate W = /I(F"丨) with q =0,+ «)^^, and finally calculate the verification message =咐,|丨"丨丨Ό ' and will be generated. , from ^ illusion to user 2. Step 2. When User 2 receives the message %, after tender, first select a current timestamp 7: and verify the server! Whether the time stamp γ", _γ <λγ is legal, if it is legal, the heart cmod/3 is calculated, and the receiver verifies that the received message is 2 or not with the self_I]_7;) Equivalence means that the word service is the legal service device and the interaction verification is successful. Finally, the user 2 calculates less = solution (four) 丨 "') negotiation record! = machi = send "future." Step 4: When User 2 and Ship 1 complete the above verification steps, the negotiation record w can be calculated. mGd/?e assumes that User 2 wants to use the instant access function of the storage device through the transmission interface. The file F can be encrypted by using the negotiation key calculated by the feeder 1 to achieve the protection of the slot and the privacy and security of the memory using the transport interface. In the case of slot decryption, assume that the next time you want to use this storage device order 201117041
i I 檔案時’也必須要透過同樣的驗證步驟取得交談金輪[來對 此秘密檔案進行解密,即為[F]] » 本發明可提供使用者2有效的安全保障,針對下列各種 攻擊的安全保障,分析如下: 重送攻擊:在本發明協定方法中,使用者2與伺服器i 的交互認證是透過驗證訊息Μ4ς和M4CZ,而驗證訊息和 泌q的產生參數都包含了當下所選取的時戳厂與',因此, # 假設攻擊者運用竊聽獲取的驗證訊息和M4C2來執行重送 攻擊’是難以實現的,因為時戳7;與7;在每次的驗證都會不 同。在此種環境的設置下,重送攻擊在本發明的協定方法中 是能被抵禦的。 離線密碼猜測攻擊:假設一個攻擊者想運用離線密碼猜 測攻擊獲取使用者2的密瑪,首先,他可以透過公開的網路 環^上取得使用者2的驗證訊息’其中 ® =(7r mod/7、。若攻擊者想從中猜測出正確的 密碼π是非常難以實現的,因為本發明的協定方法在每次的 驗也中都會在Ζ/>-ι中隨機選取一個亂數r作為驗證因子,攻擊 …、法在不知道〃的情況下是計算出及=〆,在缺少及的 清況下,攻擊者是無法運用猜測的密碼找出正確且相對應的 !或M4C,因此,本發明的協定方法能夠抵撞離線密碼猜測 攻擊。 偷取驗表攻擊.在本發明提出的協定方法中,假設伺 201117041 服器1的驗證㈣受到竊取’則攻擊者無法㈣證表中得知 有任何畨密資訊或是運用竊取而來的驗證表達到合法驗 證。因驗證表訊都經由單向無碰撞單向雜凑函數與飼 服器1的秘密金錄計算而成”㈣对,,在面對解離散對 :難題下’攻擊者無法在沒有伺服器α密金鑰X的情況下 得取得任何訊息,因此在本發明的協定方法中可抵擋竊取驗 證表之攻擊。In the case of i I file, it is necessary to obtain the chat gold wheel through the same verification step [to decrypt this secret file, which is [F]]. » The present invention provides user 2 with effective security for the following various attacks. The protection is analyzed as follows: Retransmission attack: In the protocol method of the present invention, the interaction authentication between the user 2 and the server i is through the verification messages Μ4ς and M4CZ, and the verification information and the generation parameters of the quiescence q all include the current selection. Time stamp factory with ', therefore, # assuming that the attacker uses the authentication message obtained by eavesdropping and M4C2 to perform the resend attack' is difficult to achieve because timestamp 7; and 7; will be different in each verification. In the setting of such an environment, the resend attack can be defended in the agreed method of the present invention. Offline password guessing attack: Suppose an attacker wants to use the offline password guessing attack to get the user 2's Mimma. First, he can get the user 2's authentication message through the public network ring^ where®=(7r mod/ 7. If the attacker wants to guess the correct password π from it is very difficult to achieve, because the agreed method of the present invention randomly selects a random number r as verification in Ζ/>-ι in each test. Factor, attack..., the law is calculated and =〆 in the case of not knowing 〃, in the absence of the situation, the attacker can not use the guessed password to find the correct and corresponding! Or M4C, therefore, this The invented protocol method can collide with the offline password guessing attack. Stealing the table-checking attack. In the agreed method proposed by the present invention, it is assumed that the verification of the server device 1 (4) is stolen by the server. Any confidential information or verification using stolen expression is legally verified. The verification report is calculated by the one-way collision-free one-way hash function and the secret record of the feeding machine 1 (4), in Solution of discrete: the problem of 'an attacker can not obtain any information obtained in the absence of α server secret key X of the case, thus in agreement method of the present invention can withstand attacks to steal card table of test.
本發明所提供之外接式儲存裝置3相互認證方法,與其 他習用技術相互比較時’更具備下列特點: 只有通過驗證的合法使用者2核使科接核存裝置 3的即時存取功能。 就算外接切存裝置3㈣機密㈣遭竊取,在沒有金 鑰的情況下也是無法對此檔案進行解密。 假設有-合法槽案持有者惡意茂漏儲存裝置内的機密資 訊,伺服器的資料庫t是存有記錄的^ 上列詳細說明係針對本發明之一可行實施例之具體說 明’惟該實施例並非用以限制本發明之專利範圍,凡未脫離 本發明技藝精神所為之等效實施或變更,均應包含於本案之 專利範圍中。 綜上所述,本案不但在技術思想上確屬創新,並能較習 用物品增進上述多項功效’應以充分符合新穎性及進步性之 法定發明專利要件4依法提出申請,料貴局核准本件 201117041 « * 發明專利申請案,以勵發明,至感德便。 【圖式簡單說明】 圖一為本發明外接式儲存裝置相互認證方法之系統流程 示意圖;以及 圖-為該外接式儲存裝置相互5/¾、證方法之驗證與資料加 密階段流程示意圖。 【主要元件符號說明】 # 1伺服器 2 使用者 3外捿式儲存裝置 12The mutual authentication method of the external storage device 3 provided by the present invention has the following characteristics when compared with other conventional technologies: Only the authenticated legitimate user 2 authenticates the instant access function of the physical storage device 3. Even if the external storage device 3 (4) is compromised (4), the file cannot be decrypted without a key. Suppose there is a legal slot holder maliciously leaking confidential information in the storage device, and the server database t is a record. The above detailed description is specific to one of the possible embodiments of the present invention. The examples are not intended to limit the scope of the invention, and the equivalents of the embodiments of the invention are intended to be included in the scope of the invention. In summary, this case is not only innovative in terms of technical thinking, but also able to enhance the above-mentioned multiple functions compared with the use of customary items. 'The statutory invention patent element 4 that fully meets the novelty and the progressiveness should be applied according to law. It is expected that this will be approved by your bureau. 201117041 « * Invention patent application, in order to invent invention, to the sense of virtue. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a system flow of a mutual authentication method for an external storage device according to the present invention; and FIG. 1 is a schematic flow chart of the verification and data encryption phase of the external storage device 5/3⁄4, the verification method. [Main component symbol description] # 1Server 2 User 3 External storage device 12