在行動科技快速的興起，智慧型行動裝置已成為人們密不可分的工具，然而行動裝置的技術發展越來越成熟，人們已經習慣利用智慧型行動裝置取得各類資訊，漸漸使得資訊由實體轉為數位化。使用Beacon裝置和對應的應用程式可以將業者想傳達的訊息給消費者，透過應用程式與消費者產生互動，進而傳送商品訊息與COUPON，藉此提升消費者光顧與消費意願。Beacon所廣播的ID要如何具備唯一性，或者足夠的防仿冒性，則與Beacon 的用途有關。當Beacon只是用來讓商家提供互動廣告與微定位服務，防偽造的需求自然不高，但Beacon用來作為一種身分識別或者付款，安全性就是另一個議題。因Beacon協定是開放的，而易於偽造與竄改，所部屬的節點完全可以被有心人士惡意使用，甚至偽造一個ID完全相同的Beacon，散發大量不良推播，造成商家不必要的困擾，或者對消費者產生不友善的使用體驗。為解決以上所述事件，本論文提出的「一個防偽造的Beacon認證機制」，透過數位簽章，能有效提升Beacon的安全性，並解決偽造與竄改等問題。

With the rapid rise of mobile technology, smart mobile devices have become the epicenter of people's lives. Furthermore, as technological development of mobile devices is becoming more and more mature, the demand for access to various information on mobile devices has also increased. This in turn has gradually prompted many organizations to digitize their information. Beacon, combined with mobile app can be used to connect with customers, such as promoting products, providing useful information, or making personalized offers, thereby enhancing customer's willingness to purchase. However, Beacon is vulnerable; it is easy to piggyback or even clone a beacon configuration. When Beacon is only used to send interactive advertising and navigation services, security is not a top priority, but when Beacon is used as a means of identification or making payment, security becomes even more important. In order to solve the aforementioned problems, this research proposes "An authorizing mechanism of protecting beacon counterfeit" that not only effectively improves the security of Beacon, but also solves the problems of forgery and tampering through digital signatures.

目錄 II
圖 目錄 IV
表 目錄 VI
第一章 緒論 1
1.1 研究動機與目的 1
1.2 論文架構 3
第二章 文獻與技術探討 5
2.1 Beacon 5
2.2 秘密金鑰系統 6
2.3 數位簽章 10
2.4 安全攻擊 16
2.5 PayPal Beacon 17
2.6 Bluetooth Low Energy(BLE) 18
2.7 Raspberry Pi 21
第三章 防偽造的Beacon認證機制 23
第四章 系統實作與安全分析 29
4.1 系統架構與流程 29
4.2 系統實作 33
4.3 安全分析 42
第五章 結論與未來方向 45
參考文獻 47
附錄A 51

[1]甜芯,黃玉蓓,電子商務概論第一版,化學工業出版社,2015.
[2]陳永東,電子商務基礎第一版, 中國科學技術出版社,2006.
[3]張真誠, 電子商務安全http://msn.iecs.fcu.edu.tw/courses/talk/download.php?id=127&type=ppt
[4]陳德富, 行動商務與行動顧客關係管理
http://www.takming.edu.tw/lib/vedio/file/%E8%A1%8C%E5%8B%95%E5%95%86%E5%8B%99%E8%88%87%E8%A1%8C%E5%8B%95%E9%A1%A7%E5%AE%A2%E9%97%9C%E4%BF%82%E7%AE%A1%E7%90%86.pdf
[5]Anil Kini and Jobbin Choobineh (1998), “Trust in Electronic Commerce:Definition and Theoretical Considerations”, IEEE Conference Publications, Vol.4, P51-61
[6]Minghua He, Nicholas Robert Jennings and Ho-Fung Leung (2003), “On Agent-Mediated Electronic Commerce”, IEEE Transactions on Knowledge and Data Engineering, VoL.15, No.4
[7]Craig Gilchrist, Learning iBeacon, Packt Publishing, 2014.
[8]Bluetooth Mesh Overview,
https://3pl46c46ctx02p7rzdsvsg21-wpengine.netdna-ssl.com/wp-content/uploads/2019/03/Bluetooth-Mesh-Overview.pdf
[9]Bluetooth Specification Version 4.0,
https://drive.google.com/open?id=0B115T-MWV0JUbFdkcEU1WFRjQ28
[10]Estimote Inc. https://estimote.com/
[11]太和光THLight USBeacon, http://www.thlight.com/home/index
[12]Airyzone mBeacon, https://www.airyzone.com/
[13]Apple iBeacon, https://developer.apple.com/ibeacon/
[14]Google Eddystone Beacon, https://developers.google.com/beacons/eddystone
[15]Radius Network AltBeacom, https://altbeacon.org/
[16]FIPS PUB (2001), “Advanced Encryption Standard(AES)”, National Institute of Standards and Technology(NIST), FIPS Publication 197.
[17]FIPS PUB (1999), “Data Encryption Standard(DES)”, National Institute of Standards and Technology(NIST), FIPS Publication 46-3.
[18]William Barker (2004), “Recommendation for the Triple Data Encryption Algorithm(TDEA) Block Cipher”, NIST Special 800-67 Ver:1.
[19]Whitfield Diffie and Martin Hellman (1976), “New directions in cryptography”, IEEE Transactions on Information Theory, 22(6):644-654.
[20]Ronald Linn Rivest, Adi Shamir and Leonard Adleman (1978), “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, 21(2):120-126.
[21]FIPS PUB (1998), “Digital Signature Standard(DSS)”, National Institute of Standards and Technology(NIST) , FIPS Publication 186-1.
[22]FIPS PUB (2000), “Digital Signature Standard(DSS)”, National Institute of Standards and Technology(NIST) , FIPS Publication 186-2.
[23]FIPS PUB (2009), “Digital Signature Standard(DSS)”, National Institute of Standards and Technology(NIST) , FIPS Publication 186-3.
[24]FIPS PUB (2013), “Digital Signature Standard(DSS)”, National Institute of Standards and Technology(NIST) , FIPS Publication 186-4.
[25]Neal Koblitz (1987), “Elliptic curve cryptosystems, Mathematics of Computation”, 48(177):203-209.
[26]李宗漢 (2016), “客戶端多裝置單一帳號使用相同錢幣鏈之安全小額付款機制”, 東華大學資訊工程學系碩士班碩士論文, 全國博碩士論文資訊網。
[27]林益暉 (2017),“單金鑰多人使用之加密系統”, 東華大學資訊工程學系碩士班碩士論文, 全國博碩士論文資訊網。
[28]粘添壽 (2009),“資訊與網路安全技術”, 台北：旗標出版股份有限公司。
[29]林祝興與張真誠 (2003),“電子商務安全技術與應用”, 台北：旗標出版股份有限公司。
[30]Ralph Charles Merkle, “A digital signature based on a conventional encryption function”, A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology(CRYPTO ‘87), pp.369-378, 1988.
[31]Ronald Linn Rivest (2001), “The MD5 Message-Digest Algorithm”, RFC1321(Informational).
[32]Tao-Ku Chang. “A Mutual Non-repudiation Protocol for a Cloud-based Checkout System.”, The 2015 International Conference on e-Commerce.
[33]呂正彥 (2016), “具有相互稽核機制的雲端櫃台系統”, 東華大學資訊工程學系碩士班碩士論文, 全國博碩士論文資訊網。
[34]Tao-Ku Chang. “A Secure Mobile Payment Model.” International Workshop on Cloud Computing and Information Security (CCIS 2013), Shanghai, China. Pages: 137-140.
[35]Tao-Ku Chang “A Secure Cloud-based Payment Model for M-Commerce,” 2013 International Workshop on Advanced Technologies of Cloud Computing, Lyon, France. Page: 1082-1086.
[36]Kellogg Booth (1981), “Authentication of Signatures Using Public Key Encryption”, Communications of ACM, 24(11):772-774.
[37]Ronald Linn Rivest (2001), “The MD5 Message-Digest Algorithm”, RFC1321(Informationl).
[38]FIPS PUB (2015), “Secure Hash Standard(SHS)”, National Institute of Standards and Technology(NIST), FIPS Publication 180-4.
[39]FIPS PUB (2015), “SHA-3 Standard: Permutation-Based Hash and Extendable-Output Funtions”, National Institute of Standards and Technology(NIST), FIPS Publication 202.
[40]Guillaume Dabosville, Houssem Maghrebi, Alexis Lhuillery, Julien Bringer, Thanh-Ha Le(2019),“On the Bright Side of Darkness:Side-Channel Based Authentication Protocol Against Relay Attacks”.
[41]William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, pearson, 2016.
[42]PayPal Beacon, https://www.paypal.com/stories/uk/introducing-paypal-beacon-a-new-signal-for-retail
[43]Bluetooth Core Specification Version 5.0, https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=460029
[44]林忠祺 (2016), “Beacon之應用-以展覽與商場的廣告訊息推播為例”, 東華大學資訊工程學系碩士班碩士論文, 全國博碩士論文資訊網。
[45]Teach, Learn, and Make with Raspberry Pi, https://www.raspberrypi.org/