張堂賢臺灣大學:土木工程學研究所張元瑞Chang, Yuan-JuiYuan-JuiChang2010-07-012018-07-092010-07-012018-07-092009U0001-1506200915123700http://ntur.lib.ntu.edu.tw//handle/246246/187910ITS的目標在於促進交通安全、減少交通擁擠、提高機動性、增進經濟生產力、減少環境衝擊、提昇能源使用效率及帶動相關產業發展。而先進交通管理系統(Advanced Transportation Management System, ATMS)乃為ITS下之核心系統之一，其中最重要的乃是駕駛人所需即時交通資訊之傳輸、交通控制中心須依即時收取之資料，將最正確的訊息與決策傳給用路人與路側設施；在這環環相扣的過程中涉及許多技術專業如通訊、電機、資訊工程等領域的發展。目前， ATMS之資料傳輸中，採用NTCIP (National Transportation Communications for ITS Protocol)作為其傳輸協定，為了與現行通用之通訊協定相結合而不致有所衝突，NTCIP之堆疊(Stack)亦依循ISO-OSI(Open Systems Interconnect)之七層模型架構。用ISO-OSI之模型架構使得NTCIP不致於與現行通訊協定不相容，但開放式的網路環境也為NTCIP帶來許多安全性(Security)的問題，如駭客(Hacker)可在封包傳輸途中進行攔截，並對其進行竄改、偽裝、重送等攻擊，然而在實際應用上，其資料的傳輸安全性卻往往為人們所忽略。故本研究透過現行之密碼學相關技術，針對資料傳輸之確認性(Authentication)、機密性(Confidentiality)與完整性(Integrity)等對傳輸訊息進行加密保護，對於ATMS之傳輸建立ㄧ套動態安全機制(Dynamic Security Mechanism, DSM)，藉此提高ATMS之傳輸安全性。外，在通訊安全的領域中並無所謂絕對性的安全機制；安全機制的安全性應取決於使用者的需求以及可使用之軟硬體設備、支援等。本研究DSM最大的特色為可變動式金鑰產生器DSKG (Dynamic Secret Key Generator) 以及DPKG (Dynamic Public Key Pair Generator)。此機制使得每一次的傳輸加密皆有不同的金鑰產生，藉此來達到防止駭客入侵、取得傳輸資料之安全漏洞。於在原有的資料傳輸過程中加入加解密程序對於原系統亦會產生其負效應，因此本研究尚進行實驗設計，以探討其封包於加密前後對於系統運作影響以及封包傳輸時間之影響，並進行統計檢定，以確認封包加密對其之影響幅度，最後會依實驗結果對於加密前後之封包於ISP與VPN之有線網路及無線網路傳輸架構下之傳輸與系統運作時間進行DSM運作效率分析，以使得採用加密機制之交控中心人員能夠依其所需，訂立相關傳輸時間之門檻值。ITS aims at enhancing traffic safety, reducing congestion, increasing travel mobility, enlarging economic power and controlling efficient energy-use. Advanced Transportation Management System (ATMS) is the major sub-system of ITS, and it utilizes monitor apparatus, communications and other control technologies to obtain or exchange traffic information between the traffic devices. However, during the data transmission, the situation of the data packets switching is exposed and not protected. Someone can use existing software to intercept the data packets from transmission process easily and these attacks will cause ATMS to become paralysed and disorder the signal timing or impaired traffic safety seriously. Therefore, the traffic data transmission security should be the principal issue for ATMS nowadays, but less people concern with the issue.y these reasons, this study concentrates on the information security of ATMS data transmission through modern cryptography and sets up a suitable security mechanism which aims at the message packet exchange and transmission via Java programming language. In which, the cryptography techniques would be adopted to protect the contents of data packet from masquerading, replying and tampering; and the general encryption algorithm is used to transform the plaintext into the ciphertext via the secret keys. n the past, the secret key algorithms during the encryption/decryption procedures are invariable and regular; furthermore, and the message packets are transmitted frequently in traffic control. In these conditions, one could crack the secret key algorithms easily by the frequent transmission. Thus, this research designs and implements an encryption technique which the secret keys could be changeable for each message and suitable for the ATMS data transmission; we called it dynamic encryption technique.n the other hand, we expect the security mechanism would not only achieve the data security but also consume less resources of the core system. Unfortunately, in the process of improving the data security, it also brings some negative-effects on the core system. Therefore, the system operation efficiency is also the major consideration of the security mechanism design. In additional, the security mechanism could be suitable for the existing communications media which transportation filed commonly uses nowadays, namely: wired network communications and 3.5G mobile communications.引 言 ………………………………………………………………………………..i 要…………………………………………………………………… ................iiiBSTRACT……...…………………………………………………………………...vABLE OF CONTENTS……...……………………………………………………viiIST OF TABLES……………………..……………………………………………xiIST OF FIGURES…………………………….…………………………………xvIST OF ABBREVIATIONS……….……………………………………………xixHAPTER ONE INTRODUCTION……………………………………………… .1.1 Background…………………………………………………………………..1.2 Objectives of this Research…………………………………………………6.3 Scope of this Research…………………………….…………………………6.4 Research Methodology………………………………………………………7.5 Structure of this Research……………………………………………………8.6 Chapter content of this Research…………………………………………10HAPTER TWO FUNDAMENTALS……………………………………………13.1 Introduction…………………………………………………………………13.2 Advanced Transportation Management System……………………………13.3 NTCIP………………………………………………………………………15.3.1 Protocol and NTCIP …………………………………………………15.3.2 Framework, Standards and Protocol Stacks of NTCIP………………19.3.3 Brief Summary……………………………………………………….23.4 Security Elements…………………………………………………………..24.4.1 Network Security Model……………………………………………..24.4.2 Security Attack Techniques…………………………………… …...26.4.3 Security Services……………………………………………………29.5 Cryptography Technologies………………………………………………30.5.1 Symmetric Cryptography……………………………………………31.5.2 Asymmetric Cryptography…………………………………………...38.5.3 Message Digest and Message Authentication………………………43.6 The Possible Attack Discussions on ATMS Data Transmission ……...…46.7 Summary and Evaluations………………………………………………….51HAPTER THREE SECURITY MECHANISM ESTABLISHMENT AND SECURITY PROTECTION DISCUSSION………………………………………55.1 Introduction…………………………………………………………………55.2 Conceptions of Information Security in this Study…………………… …...56.3 Development Tool- Java Programming Language ………………………...59.4 Architecture of the Security Mechanism …………………………………62.4.1 Conceptions of the Dynamic Encryption Technique ……………...62.4.2 Architecture of the Dynamic Security Mechanism…………………...67.5 Security Analysis for the Security Mechanism…………………………….76.5.1 Analysis of Security Protection………………………………………77.5.2 Cryptanalysis ………………………………………………………80.5.3 Brute-Force Attack…………………………………………………85.6 Summary……………………………………………………………… …...87 HAPTER FOUR EXPERIMENTS FOR SYSTEM EFFICIENCY……………89.1 Introduction…………………………………………………………………89.2 Experiment Design Principle ……………………………………………...89.3 Experiment Environment…………………………………………………92.3.1 Scope of Simulated Experiment……………………………………92.3.2 The protocol stacks and hardware for Simulation ……...……………94.3.3 NTCIP objects for the Simulation………………………………………100.4 Experiment Contents………………………………………………………105.4.1 Experiment Methodology…………………………………………..105.4.2 Experiment One……………………………………………………112.4.2 Experiment Two…………………………………………………….114.4.3 Experiment Three………………………………………………...…116 .5 Expected Outcomes ………………………………………………………118HAPTER FIVE DATA ANALYSIS AND FINDINGS…….……………………121.1 Introduction………………………………………………………………121.2 Queue and delay phenomenon of DSM operation ………………………121.3 Data Analysis of Experiment One ……………………………………….125.3.2 Analysis in the NTCIP object size for the influence of encryption and decryption operations ……………………………………………………….129.3.3 Brief summary………………………………………………………132.4 Data Analysis of Experiment Two …………………………………….133.4.1 Analysis in the combinations of AES and RSA for the influence of data packet transmission delay ………………………………………………….134.4.2 Analysis in the combinations of AES and RSA for the influence of operation delay………………………………………………………………136.5 Data Analysis of Experiment Three……………………………………….142.5.1 Analysis in the interval of the object dispatch and the computation-capability for influence of device operation delay ……………143.5.2 Analysis in the interval of the object dispatch and the computation-capability for influences of data transmission delay………........147.5.3 Brief summary………………………………………………………150.6 Regression Equation of DSM Operations…………………………………152HAPTER SIX CONCLUSIONS AND FUTURE RESEARC…………………156.1 Conclusions………………………………………………………………156.2 Future Research and Suggestions ……………………………………….160EFERENCE………………………………………………………………………162PPENDIX A SNMP AND STMP…………….………………………………166-1 Simple Network Management Protocol ………………………………….166-2 Simple Transportation Management Protocol……………………………170PPENDIX B OPERATIONS OF AES AND RSA…………………………174-1 AES ……………………………………………………………………174-2 RSA…………………………………………………………………178PPENDIX C LIST OF EXPERIMENT CONTENTS……………………1824479141 bytesapplication/pdfen-US先進交通管理系統智慧型運輸系統動態加密密碼學安全性ITSATMSCryptographySecurityEfficiencyEncryptionthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/187910/1/ntu-98-R95521511-1.pdf