26 A Study on Secure Remote Control Methods 1175078 2015 2 27
Wi-Fi Wi-Fi Wi-Fi Wi-Fi SAS SAS-2 Wi-Fi i
Abstract A Study on Secure Remote Control Methods SHINGAI, Tatsuro In recent years, communication carriers provides public Wi-Fi services in train stations, airports, the city.this service if you are in possession of the terminal corresponding to the standard of Wi-Fi, you can be utilized.however, sometimes it is provided in a non password in such public Wi-Fi service.in such a case, there is a risk of eavesdropping the communication content from the malicious third party. To solve this problem, there is a remote control.however, the existing products, continue to use a single encryption key. Therefore, it is not maintained confidentiality of communication contents to be eavesdropping key. In this paper, I proposed a method to change the encryption key at regular time intervals and went the application development of applying the proposed method.as a result, In a network that does not safety is secured, it has become possible higher than the existing products confidential communication. key words Remote-Control SAS SAS-2 Wi-Fi One-time password Secure ii
1 1 1.1................................ 1 1.2................................. 2 2 3 2.1................................... 3 2.2........................... 4 2.2.1 VPN........................... 4 2.2.2..................... 4 2.3........................... 4 2.4........................... 5 3 7 3.1 Diffie-Hellman.......................... 7 3.1.1............................... 7 3.1.2 Difiie-Hellman................... 8 3.1.3........................... 9 3.1.4................................ 9 3.2 RSA............................. 10 3.2.1............................... 10 3.2.2 RSA...................... 10 3.3 SAS-2........................... 12 3.3.1............................... 12 3.3.2 SAS-2........................... 13 iii
4 16 4.1.............................. 17 4.2.......................... 17 4.3................................ 18 4.3.1 AuthenticationP hase........................ 18 4.3.2 RemoteControlP hase........................ 19 4.4...................................... 21 5 23 5.1............................. 23 5.2.......................... 24 5.2.1....................... 24 5.2.2.......................... 25 5.2.3..................... 25 5.3................................. 28 5.3.1................................ 28 5.3.2................................ 29 5.3.3.................................. 30 6 32 33 34 iv
2.1................................ 3 2.2............................. 5 2.3............................ 5 3.1 Diffie-Hellman....................... 8 3.2 RSA............................ 11 3.3 SAS-2.............................. 13 3.4 SAS-2............................ 14 4.1.......................... 17 4.2................................ 18 4.3 AuthenticationP hase............................ 19 4.4 RemoteControlP hase............................ 20 5.1............................ 24 5.2........................ 25 5.3 Server............................ 26 5.4 Client............................ 26 5.5................................. 27 5.6...................................... 27 5.7 Server.......................... 27 5.8 Server........................... 28 5.9 Client........................... 28 5.10............................... 29 5.11........................ 29 v
5.12....................... 30 vi
4.1............................... 17 5.1................... 30 vii
1 1.1 Wi-Fi [1] Wi-Fi LAN Wi-Fi [2] VPN VPN 1
1.2 RSA AES RSA AES 1.2 Diffie-Hellman RSA SAS-2 2
2 2.1 2.1 [3] 2.1 Wi-Fi 3
2.2 2.2 2.2.1 VPN VPN VPN VPN VPN VPN VPN 2.2.2 VPN 2.3 Wi-Fi 2.2 4
2.4 2.2 2.4 2.3 RSA AES 2.3 5
2.4 6
3 Diffie-Hellman [4] RSA SAS-2 [5] 3.1 Diffie-Hellman Diffie-Hellman 3.1.1 Diffie-Hellman X Y 7
3.1 Diffie-Hellman p a Z p a X a Y b X b Y K mod 3.1.2 Difiie-Hellman Diffie-Hellman a p X Y X Y a X a Y 0 p 2 3.1 X b X Y Y b Y X 3.1 Diffie-Hellman b Y = a a Y mod p 8
3.1 Diffie-Hellman X a X b Y K K = (b Y ) a X mod p Y a Y b x K K = (b X ) a Y mod p X Y K K = (a a X a Y mod p) b X b Y b X = a a X mod p b Y = a a Y mod p K = (a a X a Y mod p) K X Y 3.1.3 Diffie-Hellman a X a Y 3.1.4 Diffie-Hellman Man-in-the-middle Attack 9
3.2 RSA 3.2 RSA RSA Diffie-Hellman 3.2.1 RSA X Y e p q n p Q n a c m z / 3.2.2 RSA RSA X 10
3.2 RSA X X e p q n n a n a e 3.2 Y n a Y m m n a c X 3.2 RSA c = m e mod n a c X m m = c 1/e mod (p 1)(q 1) mod pq 11
3.3 SAS-2 c z e (z ) e n a n a z e c m X Y 3.3 SAS-2 SAS-2 (Replya Attack) (Man-in-the-middle Attack) 2 3.3.1 SAS-2 User Server User ID User S X F H H(x) x i 12
3.3 SAS-2 N i i + 3.3.2 SAS-2 SAS-2 3.3 3.3 SAS-2 ID S N i ID S N i A = X(ID S N 1 ) ID A ID A 3.4 13
3.3 SAS-2 3.4 SAS-2 ID S N i A = X(ID S N i ) N i+1 C = X(ID S N i+1 ) F (C) = F (ID C) C F (C) N i+1 α = C (F (C) + A) β = F (C) A ID α β β A F (C) = β A F (C) F (ID C) A C γ = H(ID F (C)) γ H(ID F (C)) γ 14
3.3 SAS-2 SAS-2 (i + 1) α E (F (E) + C) β F (E) C ID α x (F (E) + C) β F (x) C ID i SAS-2 15
4 Client Server A SAS-2 Ev D, X, F H(x) x i N i i I Server M k I e I M k E ve Ev M k + 16
4.1 4.1 Wi-Fi 4.1 [6] SAS-2 4.1 SAS-2 DH RSA 1 2 2 or 4 2400 bit 3856 bit 2400 bit 4.2 4.1 Client Server Server Client 4.1 17
4.3 4.2 4.3 4.2 Client Server AuthenticationP hase RemoteControlP hase Close 4.3.1 AuthenticationP hase 4.3 AuthenticationP hase AuthenticationP hase Client Server Client Server A Client Client N i N i C C F (C) C F (C) α β α β Server A M k 18
4.3 4.3 AuthenticationP hase Server Server Client α β A F (C) C C C M k AuthenticationP hase 4.3.2 RemoteControlP hase 4.4 RemoteControlP hase RemoteControlP hase E v I RemoteControlP hase AuthenticationP hase Client 19
4.3 4.4 RemoteControlP hase 20
4.4 Server C M k Client Client N i N i G G F (G) G F (G) α β E v M k E v E ve E ve α β Server Server Client α β C F (G) G G M k E ve E v E v Server I I M k I e I e Client G Server Client Server I e M k I G Client RemoteControlP hase 4.4 Server 21
4.4 Wi-Fi SAS-2 [7] 22
5 Client Server 5.1 CPU : Core i5(2.2ghz) : 4GB 23
5.2 SAS-2 JAVA AES128bit AES DES 3DES AES 5.2 5.2.1 5.1 5.1 Client Server Server Server Server Client Client Client Client Server Client Server 5.2 Socket T CP 24
5.2 5.2 5.2.2 Remote_Client_SAS.java Remote_Server_SAS.java Remote_Client_SAS.java Client Remote_Server_SAS.java Server 5.2.3 1. Server Remote_Server_SAS ( 5.3) 2. Server IP Remote_Client_SAS ( 5.4) 25
5.2 実装したアプリケーション 図 5.3 Server プログラム起動 図 5.4 3. 4. 5. 6. Client プログラム起動 実行を行うと 遠隔操作を行う画面が立ち上がる (図 5.5) 画面が立ち上がると Client は AuthenticationP hase に移る (図 5.6) 認証が完了したら Client は操作情報を Server に送信する (図 5.7) Server は操作情報をもとに操作を行い その状態をスクリーンキャプチャし暗号化し て Client に送信する (図 5.8) 7. Client で受け取った暗号化されたデータを復元し 画像データを表示する (図 5.9) 26
5.2 実装したアプリケーション 図 5.5 操作画面起動 図 5.6 認証 図 5.7 Server が受信した操作情報 27
5.3 利便性の評価 5.3 図 5.8 Server のキャプチャ画像 図 5.9 Client プログラムに表示 利便性の評価 本研究における提案方式を実装して 利便性の評価について述べる 図 5.10 に示す ユー ザが操作情報を入力し Server が処理を行い Client に画像データを送信して Client で 画像の表示を行うまでの応答時間を計測する このサイクルを 1000 回行い平均値 (ms) を 算出する これにより 反応待ちの時間と人間心理の関係について評価を行う 5.3.1 実験環境 実験を行うパソコンのスペックを以下に示す CPU : Core i5(2.2ghz) 28
5.3 5.10 : 4GB Client Server Client Server 5.3.2 5.11 Client Server 5.11 162ms 96ms 121ms Client 29
5.3 5.12 Server 5.12 220ms 140ms 178ms 5.3.3 5.1 [8] 5.1 (ms) 100ms 1000ms 10000ms 10000ms 121ms 178ms 100ms 30
5.3 31
6 Wi-Fi 121ms 178ms Client Server Server Server Client Wi-Fi Wi-Fi 32
33
[1] 2013 LAN ICT 2013 [2] LAN 2014. [3] 2007 [4] W.Diffie and M.E.Hellman New Directions in Cryptography IEEE Transactions on Information Theory vol.it-22 No.6 pp.644-654 Nov 1976 [5] T.Tsuji and A.Shimizu Simple and secure password authentication protocol ver.2(sas-2) IEICE Technical Reports OIS2002-30 2002 [6] VoIP 2009 [7] SAS 2013 [8] Jakob Nielsen Response Times:The 3 Important Limits 1993 [9] BP 2013 34