政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/125046
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113648/144635 (79%)
造訪人次 : 51589555      線上人數 : 802
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/125046


    題名: 加密貨幣交易平台之私鑰管理
    Key management for cryptocurrency exchange platform
    作者: 李依珊
    Lee, Yi-Shan
    貢獻者: 左瑞麟
    Tso, Ray-Lin
    李依珊
    Lee, Yi-Shan
    關鍵詞: 加密貨幣交易平台
    金鑰管理
    秘密分享
    Cryptocurrency exchange platform
    Key management
    Secret sharing
    FIDO
    日期: 2019
    上傳時間: 2019-08-07 17:08:09 (UTC+8)
    摘要: 近幾年加密貨幣與區塊鏈的話題倍受矚目,國內外加密貨幣交易平台亦紛紛設立,但其安全性問題也逐漸浮上檯面,由於現行有許多加密貨幣交易平台是中心化運作,除了扮演了資金託管的角色,甚至也保管了用戶錢包金鑰,因此而造成國內外多起駭客攻擊盜取金鑰之案件,導致用戶的加密貨幣遭移轉而損失慘重。另一方面,因私鑰遺失造成損失的消息也是不時出現在新聞媒體中,故金鑰保管在此領域中是相當重要的議題。
    本研究將先針對加密貨幣、交易所及交易平台之資訊進行蒐集,並針對金鑰保管之流程進行改良,使用秘密分享(Secret Sharing)方法,設計結合FIDO標準之身分辨識機制,讓用戶能夠使用密碼或FIDO之辨識機制登入或轉帳,避免因密碼遺失而造成損失。此外,本研究透過密碼延伸PBKDF2方法,將用戶密碼複雜化後再用於金鑰加密,可確保交易平台管理者無法取得或使用用戶之金鑰,以強化金鑰保管的隱私性與安全性。
    研究實作主要開發註冊、登入與密碼變更等功能,實際驗證將金鑰進行秘密分享、加密與還原等流程,皆能如設計運作完成。
    In recent years, the topic of cryptocurrency and blockchain has attracted much attention. Domestic and foreign cryptocurrency exchange platforms have been set up, but their security issues have gradually surfaced. There are many cryptocurrency exchange platforms that are centralized, in addition to providing cryptocurrency hosting services, and also keeping the user`s wallet private key, thus causing many hackers to attack and steal keys. The user`s cryptocurrency was transferred and suffered heavy losses. On the other hand, the message of loss due to the loss of the private key is also frequently found in the news media, so key management is a very important issue.
    This research will first collect information on cryptocurrencies, exchanges and platforms, then improve the key management process, and use the Secret Sharing method to design an identity identification mechanism that combines the FIDO standard to enable users to use a password or FIDO identification mechanism to login or transfer to avoid loss due to lost password. In addition, this research uses "PBKDF2" method to protect the user`s password and then use it for key encryption to ensure that the exchange platform administrator cannot obtain and use the user`s private key to enhance the privacy and security of private key management.
    We successfully completed the secret sharing, encryption and recovery process of the key according to the design, and implemented functions such as registration, login and password change of the system in this research.
    參考文獻: [1] 北美智權報213期,ICO監管,關鍵得靠業者自律,Retrieved February 16 2019, from: http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_180613_0703.htm
    [2] 金融監督管理委員會重要公告, 金管會107年重要施政成果及108年工作重點, Retrieved February 16 2019, from: https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=201901280001&dtable=Bulletin&aplistdn=ou=bulletin,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw
    [3] ABC News, Retrieved March 9 2019, from: https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056?pfmredir=sm
    [4] CCN News, Retrieved March 9 2019, from: https://www.ccn.com/17-million-nano-xrb-lost-on-bitgrail-exchange
    [5] Business Korea, Retrieved March 9 2019, from: http://www.businesskorea.co.kr/news/articleView.html?idxno=29374
    [6] The Wall Street Journal, Retrieved March 9 2019, from: https://www.wsj.com/articles/a-crypto-mystery-is-140-million-stuck-or-missing-11549449001
    [7] Satoshi Nakamoto, (2008), Bitcoin-A Peer-to-Peer Electronic Cash System, Retrieved February 16 2019, from: https://bitcoin.org/bitcoin.pdf
    [8] 商業周刊1600期,2018.07,區塊鏈活用指南,page 80-81.
    [9] 科學人雜誌No.192,2018.02,鑄造全新貨幣秩序特別報導,page 32-35.
    [10] Scott Vanstone, (July 1992), Responses to NIST`s Proposal, Communications of the ACM, Retrieved February 16 2019, from: https://dl.acm.org/citation.cfm?id=129905
    [11] 國家發展委員會重大政策,智慧政府推動策略計畫,Retrieved February 16 2019, from: https://www.ndc.gov.tw/Content_List.aspx?n=589F7971894A9B51&upn=4ACC9949162C6856
    [12] Trade Tech–A New Age for Trade and Supply Chain Finance, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_White_Paper_Trade_Tech_.pdf
    [13] Building Block(chain)s for a Better Planet, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_Building-Blockchains.pdf
    [14] iThome News, Retrieved March 9 2019, from: https://www.ithome.com.tw/news/115341
    [15] Business Insider News, Retrieved March 9 2019, from: https://www.businessinsider.com/dao-hacked-ethereum-crashing-in-value-tens-of-millions-allegedly-stolen-2016-6
    [16] Nick Szabo, (1994). Smart Contracts, Retrieved February 16 2019, from: https://web.archive.org/web/20011102030833/http://szabo.best.vwh.net:80/smart.contracts.html
    [17] Vitalik Buterin, (2013), Ethereum White Paper - A Next Generation Smart Contract & Decentralized Application Platform, Retrieved February 16 2019, from: http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
    [18] 經濟日報, Retrieved March 9 2019,from: https://money.udn.com/money/story/5613/3675743
    [19] LocalEthereum Witepaper, Retrieved April 14 2019, From: https://whitepaper.localethereum.com/
    [20] 橢圓曲線Diffie-Hellman, Retrieved April 14 2019, From: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
    [21] Alliance Overview, Retrieved February 16 2019, from: https://fidoalliance.org/overview/
    [22] FIDO UAF Architectural Overview(Draft 02), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-overview-v1.1-id-20170202.html
    [23] FIDO2 Project, Retrieved February 16 2019, from: https://fidoalliance.org/fido2/
    [24] Web Authentication: An API for accessing Public Key Credentials Level 1, Retrieved February 16 2019, from: https://www.w3.org/TR/webauthn/
    [25] Client to Authenticator Protocol (CTAP), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
    [26] W3C and FIDO Alliance Finalize Web Standard for Secure, Retrieved April 20 2019, From: https://www.w3.org/2019/03/pressrelease-webauthn-rec.html
    [27] G. R. Blakley, (1979), Safeguarding Cryptographic Keys, in Proc. AFIPS 1979 NCC, vol. 48, pp. 313-317.
    [28] A. Shamir, (1979), How to Share a Secret, Communications of the ACM, vol. 22, pp. 612-613.
    [29] RONG Hui-gui, MO Jin-xia, CHANG Bing-guo, SUN Guang, LONG Fei, (2015), Key distribution and recovery algorithm based on Shamir`s secret sharing, Journal on Communications, vol. 36, page 1-6.
    [30] F. Yao, Frances & Lisa Yin, Yiqun. (2005). Design and Analysis of Password-Based Key Derivation Functions. IEEE Transactions on Information Theory - TIT. 51. 245-261. 10.1109/TIT.2005.853307.
    [31] 比特幣-台灣 Bitcoin-tw.com, Retrieved February 24 2019, from: http://www.bitcoin-tw.com/bitcoin-risks.html
    [32] 趨勢科技2019年資安預測, Retrieved April 20 2019 , From: https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelligence/research/reports/rpt_2019-Security-Prediction-Mapping-the-Future_C.pdf
    [33] FIDO Alliance FIDO的工作原理, Retrieved April 20 2019 , From: https://fidoalliance.org/fido-%E7%9A%84%E4%B8%8E%E4%BC%97%E4%B8%8D%E5%90%8C%E4%B9%8B%E5%A4%84/?lang=zh-hans
    [34] White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations, Retrieved April 20 2019 , From: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations/?lang=zh-hans
    描述: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    106971006
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0106971006
    資料類型: thesis
    DOI: 10.6814/NCCU201900275
    顯示於類別:[資訊科學系碩士在職專班] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    100601.pdf5271KbAdobe PDF2977檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋