結合NTRU公開金密碼系統與行動條碼以強化交易安全機制

 

Transaction Security Enhancement Achieved by Integrating NTRU-based Public Key Cryptosystem with QR Code

 

張浩銘

崇右技術學院休閒事業經營系

義七路40

基隆市201信義區

hchang0608@gmail.com

 

陳志誠 

大同大學資訊經營學系

中山北路三段40

台北市104中山區

chenps@ttu.edu.tw

 

簡銘成

大同大學資訊經營學系

中山北路三段40

台北市104中山區

s0300882@hotmail.com

 

 

摘要

行動條碼(QR Code)具有系統架構開放、抗污損,建置成本低廉等優點,加上設備普及,在各個商務層面中被廣泛應用。但也由於條碼標籤規格開放,且易於產生與複製等之特點,在防偽的機制上並無健全的機制。有鑑於此,本研究提出行動條碼整合NTRU公開金密碼系統之防偽機制,其特點除可滿足行動通訊裝置與行動條碼之需求外,亦可將研究延伸至各項資訊安全防護。與其它非對稱式密碼系統比較之下,NTRU具有金短、產生速度快與加解密速度高的優點,也是在理論上可以有效抵擋未來量子計算機攻擊之密碼系統。在本研究中,我們將針對行動商務之付款流程,建立一個有效且安全的機制,透過本論文所提出的方法,能夠將二維條碼的應用範圍擴大,也避免傳統交易方式的風險,讓顧客與供應商可以更安全地完成每一筆交易,有助於未來行動商務的推廣,強化使用者對行動商務的信賴感。在實證上,我們將NTRU公開金密碼系統與行動條碼作結合,發展出一個系統雛型,加解密速度很快。在應用面上,此一系統可以強化商家對條碼票證的真偽驗證,也可協助客戶正確使用該票證,使交易更安全可靠,有助於行動商務的健全發展。在電子化政府的應用上,利用條碼可使民眾正確登入政府網站,也可以讓民眾方便得申請戶籍、地籍等謄本,作好便民措施。

 

關鍵詞:  行動商務、資訊安全、公開金密碼系統、NTRU、行動條碼

 

 

Abstract

Barcode is operated on a well-established open system. The tags can be generated and copied easily and cheaply, so it is widely used in a variety of business sectors, also in mobile commerce. Since the tag specifications are open to the public and the tags can be read easily, security mechanism should be enhanced. Herein, we suggest the use of NTRU encryption in barcode system to enhance security in mobile applications. Compared to other asymmetric encryption systems, NTRU has the advantages of short key, high speed in computation and high security. It can even resist the attacks from future quantum computers. In this research, we illustrate its application in mobile transactions, aiming to establish an effective and safe process. Through the methods proposed in this paper, the two-dimensional QR code can further expand its scope of applications. It can also avoid the risks in trading, so that customers and suppliers can complete their transactions more quickly and safely. It will help promote future business operations, by enhancing the trust of users in e.g. mobile business. We have implemented a prototype based on the NTRU public key cryptosystem integrated with QR code and assessed the effectiveness of using such a mechanism in mobile commerce. System evaluation reveals that the system can encrypt and decrypt in acceptable time. It can help merchant distinguish from tampered QR Code and help customer control the use of the code. There are also various possible applications in eGovernment.

 

Keywords:  Mobile Commerce, Information Security, NTRU Cryptosystem, Quick Response Code.