政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/137163
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113822/144841 (79%)
Visitors : 51818752      Online Users : 488
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/137163


    Title: 利用多金鑰授權中心與免憑證聚合簽章解決金鑰託管問題之研究
    A Study on Solving the Key Escrow Problem by Multiple Key-Privacy Authorities and Certificateless Aggregate Signatures
    Authors: 葉政宏
    Yeh, Cheng-Hung
    Contributors: 左瑞麟
    Tso, Ray-Lin
    葉政宏
    Yeh, Cheng-Hung
    Keywords: 公鑰基礎建設
    基於身份之密碼系統
    免憑證聚合簽章
    金鑰產生中心
    金鑰授權中心
    Public Key Infrastructure (PKI)
    ID-Based Cryptography(IBC)
    Certificateless Aggregate Signatures
    Key Generation Center (KGC)
    Key Privacy Authority (KPA)
    Date: 2021
    Issue Date: 2021-09-02 18:16:52 (UTC+8)
    Abstract: 密碼學發展的過程中,如何透過加密技術保護使用者資料的隱私及確認使用者身份常常是研究的主題,我們所熟悉的公鑰基礎建設(Public Key Infrastructure, PKI)為了確認用戶身份是合法的,須透過憑證管理中心(Certification Authority, CA)進行用戶認證,但由於CA在協同工作中需要彼此交換憑證,在憑證管理上需大量憑證存儲問題外,也需要花額外的計算來處理驗證和撤銷憑證等問題。
    自身份公鑰加密技術(Identity-based Public Key Cryptography, ID-PKC)概念提出後,用戶可使用其身份代表其公鑰,並將其傳至金鑰產生中心(Key generation center, KGC),KGC收到後產生用戶的私鑰,這解決PKI需要交換憑證的問題,但是,ID-PKC卻存在一個金鑰託管問題,KGC知道所有用戶的私鑰。
    因此,陸續有許多篇論文提出解決方案,近期有篇論文參考Lee等人所提出的方案後,改採區塊鏈之聯盟鏈方式去解決,該方案雖然成功解決了金鑰託管及原始金鑰授權中心(Key privacy authority, KPA)沒有機制驗證用戶身份的缺點,但因採用聯盟鏈太過龐大,且所需資源需求大。
    在本文中,我們將研究Lee等人提出的方案,透過其原始架構優勢並結合身份密碼搭配免憑證優勢,提出我們的改良方案,讓KPA有驗證用戶身份的機制外,我們方案讓用戶在計算私鑰上,能有效減少雙線性配對計算以及減少KPA驗證等待的時間。
    In the process of cryptography development, how to protect the privacy of user data and verify user identity through encryption technology is often the subject of research. Authority (CA) for user authentication but since CA needs to exchange certificates with each other in collaborative work, a large number of certificate storage issues are required in certificate management and additional calculations are required to handle problems such as authentication and revocation of certificates.
    Since the concept of Identity-based Public Key Cryptography (ID-PKC) was proposed, the user can use its identity to represent its public key and transmit it to the Key generation center (KGC) and the KGC receives it and generates the user’s private key, which solves the problem that the PKI needs to exchange certificates. However, ID-PKC has a key escrow problem and KGC knows all user’s private keys.
    Therefore, there are many papers proposing solutions one after another. Recently, one paper referred to the solution proposed by Lee et al. and adopted the Consortium Blockchain approach to solve the problem. Although the solution successfully solved the shortcomings of key escrow and the original Key privacy authority (KPA) without a mechanism to verify the user`s identity, the Consortium Blockchain was too large and required large resources.
    In this paper, we will study the scheme proposed by Lee et al. and propose our improved scheme by combining the advantages of its original architecture with the advantages of identity cryptography and certificateless, so that KPA has a mechanism to verify the user`s identity and our scheme allows the user to effectively reduce the bilinear pairing calculations and reduce the waiting time for KPA authentication in the calculation of private keys.
    Reference: [1] Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.
    [2] Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
    [3] ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4), 469-472.
    [4] Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48(177), 203-209.
    [5] Hunt, R. (2001, October). PKI and digital certification infrastructure. In Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. (pp. 234-239). IEEE.
    [6] Perlman, R. (1999). An overview of PKI trust models. IEEE network, 13(6), 38-43.
    [7] Adams, C., & Lloyd, S. (2003). Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional.
    [8] Chokhani, S., Ford, W., Sabett, R., Merrill, C. R., & Wu, S. S. (2003). Internet X. 509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC, 3647, 1-94.
    [9] Shamir, A. (1984, August). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47-53). Springer, Berlin, Heidelberg.
    [10] Boneh, D., & Franklin, M. (2001, August). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213-229). Springer, Berlin, Heidelberg.
    [11] Boneh, D., Lynn, B., & Shacham, H. (2001, December). Short signatures from the Weil pairing. In International conference on the theory and application of cryptology and information security (pp. 514-532). Springer, Berlin, Heidelberg.
    [12] Al-Riyami, S. S., & Paterson, K. G. (2003, November). Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security (pp. 452-473). Springer, Berlin, Heidelberg.
    [13] Liu, J. K., Au, M. H., & Susilo, W. (2007, March). Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In Proceedings of the 2nd ACM symposium on Information, computer and communications security (pp. 273-283).
    [14] Waters, B. (2005, May). Efficient identity-based encryption without random oracles. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 114-127). Springer, Berlin, Heidelberg.
    [15] Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. computer, 35(10), 54-62.
    [16] Huang, X., Mu, Y., Susilo, W., Wong, D. S., & Wu, W. (2007, July). Certificateless signature revisited. In Australasian Conference on Information Security and Privacy (pp. 308-322). Springer, Berlin, Heidelberg.
    [17] Canetti, R., Goldreich, O., & Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM (JACM), 51(4), 557-594.
    [18] Zhou, B., Li, H., & Xu, L. (2018, June). An authentication scheme using identity-based encryption & blockchain. In 2018 IEEE Symposium on Computers and Communications (ISCC) (pp. 00556-00561). IEEE.
    [19] Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003, May). Aggregate and verifiably encrypted signatures from bilinear maps. In International conference on the theory and applications of cryptographic techniques (pp. 416-432). Springer, Berlin, Heidelberg.
    [20] Bellare, M., Namprempre, C., & Neven, G. (2007, July). Unrestricted aggregate signatures. In International Colloquium on Automata, Languages, and Programming (pp. 411-422). Springer, Berlin, Heidelberg.
    [21] Boldyreva, A., Gentry, C., O`Neill, A., & Yum, D. H. (2007, October). Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Proceedings of the 14th ACM conference on Computer and communications security (pp. 276-285).
    [22] Ahn, J. H., Green, M., & Hohenberger, S. (2010, October). Synchronized aggregate signatures: new definitions, constructions and applications. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 473-484).
    [23] Zhang, C., Lu, R., Lin, X., Ho, P. H., & Shen, X. (2008, April). An efficient identity-based batch verification scheme for vehicular sensor networks. In IEEE INFOCOM 2008-The 27th Conference on Computer Communications (pp. 246-250). IEEE.
    [24] Wasef, A., Jiang, Y., & Shen, X. (2009). DCS: An efficient distributed-certificate-service scheme for vehicular networks. IEEE Transactions on Vehicular Technology, 59(2), 533-549.
    [25] Xiong, H., Guan, Z., Chen, Z., & Li, F. (2013). An efficient certificateless aggregate signature with constant pairing computations. Information Sciences, 219, 225-235.
    [26] Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004, January). Secure key issuing in ID-based cryptography. In Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation-Volume 32 (pp. 69-74).
    [27] Menezes, A. J., Okamoto, T., & Vanstone, S. A. (1993). Reducing elliptic curve logarithms to logarithms in a finite field. iEEE Transactions on information Theory, 39(5), 1639-1646.
    Description: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    106971022
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106971022
    Data Type: thesis
    DOI: 10.6814/NCCU202101429
    Appears in Collections:[Executive Master Program of Computer Science of NCCU] Theses

    Files in This Item:

    File Description SizeFormat
    102201.pdf3901KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback