臺灣博碩士論文加值系統

近年來，網路科技的快速發展，可謂一日千里，目前正朝向無線網路(Wireless Internet)的目標邁進。而國軍在各項作業處理上，隨著自動化公文處理，亦越來越仰賴電腦。未來極有可能藉由網路及電腦完成各項作業，如：公文傳遞、線上傳輸與零附件申補作業等，都必須經由網路這條公眾通道作為傳遞媒介，特別是在C4ISR的指、管、通、資、情、監、偵系統，更有可能遭受敵人的竊取。
於網路上傳輸國軍重要機密文件，並不十分恰當，因網路雖具有快速、超越地域性等特性，在作戰時能夠將各種情資快速的傳達到每一個角落中，但網路屬於開放式之架構，任何人皆可在網路中進行存取。在兩權相害取其輕的考量下，大多放棄網路傳輸。倘若在傳輸過程中加入必要的密碼系統，網路傳輸仍然是相當安全可靠的，也因此產生許多的加密理論。以近代的加密技術而言，多採用RSA及資料加密標準（Data Encryption Standard, DES）然而其具有以下的缺點：
1)RSA的加密技術乃是將強大質數作為密碼，並將其運用在指數運算上，若非大型電腦是無法勝任的。且以人類的記憶能力而言，是無法記憶長達二、三十位數的數字。
2)DES是一種對稱式的加密系統，必須在傳送端與接收端都具有相同的密碼時，才能夠傳遞訊息。若使用者欲與二、三十位使用者通訊，則必須擁有相同組數的密碼，在保管密碼的工作上，也是一個沈重的負擔。
本論文之研究重點在於針對上述傳統加密方式所面臨的問題進行討論，並且在第三章分三小節加以敘述，第一節針對國軍各級參謀人員，運用智慧卡產生獨一無二之個人身份認證，對所傳送之訊息進行加密：第二節探討在各級組織中，訊息廣播加密模組之研究，以解決傳統對稱式密碼系統與非對稱式密碼系統，在進行需傳送至多人之文件加密過程產生之缺憾：第三節提出偽裝公鑰之密碼系統，以防止系統中心遭駭客入侵所可能遭致之損失。期能為國軍在資訊作戰環境下，尋求適合作戰時期訊息傳遞之加密方式，方能在良好之指、管、通、資、情、監、偵的優勢條件下獲致最後勝利。

In recent years, Internet techniques are developed fast toward an object of wireless Internet. As automatic document process is widely implied, the armed forces are now relying on computers more then ever. It is possible for them to finish their works by computers as well as Internet in the future such as document transmission, group signature and components applications…etc. All of these are expecting to transmit through a public channel such as Internet and surely under an insecure environment especially for C4ISR systems.
It is not the best way to transmit classified documents by Internet, however it has the advantages of fast and inter-area abilities, sending intelligence information to every unit in battlefield immediately. In considering of the risk of insecurity, most of them give up Internet transmission. But if we involve a necessary cryptosystem in the transmission carefully, most of the Internet transmissions will turn out to be quite secured. Therefore, many encryption theories appeared. Contemporary encryption techniques are mostly applied from RSA and DES (Data Encryption Standard), but they are challenged with the disadvantages as follow:
1. RSA encryption technique is based on a strong prime as its private key and usually needs exponentiation calculations, this will require at lest a large computer to finish the job. Furthermore, as human being memory, it is impossible for us to memorize a number up to 20 or even 30 digits.
2. DES is a symmetric cryptosystem; both sender and receiver have to own the same key, so the key copies are as many as the amount of users. It forms a heavy load for key management unit.
This research is focused on working out the traditional encryption issues that I have mentioned above. The details are present in the 3rd chapter and it is divided into three sections: in the first section, we introduce how to create a unique identification for every crew in military staff by smart card. In the second section, the main research is on a message broadcast encryption model to solve the problem that a traditional public key or symmetric cryptosystems may face while sending messages to multi-users. Finally, in the third section, provides a public key camouflage cryptosystem to prevent hackers from invading Certification Authority. We hope that our armed forces will figure out a suitable technique to encrypt messages in wartime under information warfare environment so as to create advantages for command, control, communication, information, intelligence, surveillance and reconnaissance to win a victory.

中文摘要 I
Abstract III
誌謝 V
目錄 VI
圖目錄 IX
表目錄 X
1. 緒論 1
1. 1 研究背景與動機 1
1.1.1 研究背景 1
1.1.2 研究動機 2
1. 2 研究目的與範圍 7
1.2.1 研究目的 7
1.2.2 研究範圍 9
1. 3 研究方法與步驟 10
1.3.1 研究方法 11
1.3.2 研究步驟 14
1.4 論文架構 15
2. 相關文獻探討 17
2.1 基礎密碼學介紹 17
2.1.1 非對稱式密碼系統 17
2.1.2 對稱式密碼系統 21
2.1.3 Shamir機密分享演算法 23
2.1.4 ElGamal數位簽章系統 26
2.1.5 Schnorr數位簽章系統 29
2.2 智慧卡簡介 31
2.3 數學基礎理論 33
2.3.1 原根 33
2.3.2 中國餘數定理 34
3. 研究方法 37
3.1數位身份識別機制之研究 37
3.1.1 智慧卡的時代 37
3.1.2 運作方式及架構 37
3.1.3 系統中心將文件轉發至相關單位 43
3.1.4 具體實例 44
3.1.4 小結 49
3.2 資訊廣播加密模組之研究 50
3.2.1 資訊廣播之演算法 53
3.2.2 具體實例 55
3.2.3 小結 60
3.3 偽裝公鑰在國軍軍事網路系統加密之研究 60
3.3.1 本系統運作模式 61
3.3.2 具體實例 65
3.3.3 小結 68
4. 安全性分析與評估 69
4.1數位身份識別機制之研究安全性分析 69
4.1.1 修改明文部分 69
4.1.2 不修改明文部分 69
4.2 資訊廣播安全性分析 70
4.2.1 自網路中竊取傳遞之資料： 70
4.2.2 串謀攻擊： 71
4.2.3 以系統中心公鑰破解出私鑰 71
4.3 偽裝公鑰系統安全性分析 71
4.3.1 非組織內部成員攻擊 72
4.3.2 組織內部成員攻擊 72
5. 結論與未來研究方向 73
5.1 結論 73
5.2 未來研究方向 74
參考資料 75

1. 華羅庚（民八二），「數論導引」，凡異出版社。
2. 張真誠（民八六），「電腦密碼學與資訊安全」，松崗電腦圖書公司，第3版。
3. 王志傑（民八七），「C4ISR系統整體運用之初探」，國防資訊季刊，第四期，頁80-96。
4. 李遠坤、陳玲慧（民八八），「數位影像之資訊隱藏技術探討」，資訊安全通訊，第五卷，第四期，pp.65-83。
5. 周德芳（民八八），「科索夫衝突之探討」，國防雜誌，第十四卷第十一期，頁40-52。
6. 賴溪松、韓亮、張真誠（民八八），「近代密碼學及其應用」，松崗圖書公司。
7. 孫屏台、陳正鎔、邱正宏（民九十‧五月），「數位身份識別安全策略之研究」，2001年第五屆資訊管理學術暨警政資訊實務研討會，中央警察大學主辦，頁164-170。
8. 「駭客入侵網路下單案客戶檔案券商未加密」（民九十年‧七月），中時電子報，http://news.kimo.com.tw/2001/07/03/finance/ctnews/1984625.html。
9. 邱正宏、林文茂、林勤經、陳正鎔（民九十‧七月），「高安全度群體數位身份識別機制之研究」，國防通信電子及資訊季刊，創刊號，頁112-123。
10. 「電子簽章法」（民九十年‧十一月）， http://www.pki.gov.tw/inform/digital_sign.doc。
11. 陳彥學（民九十），「資訊安全理論實務」，文魁資訊，第2版。
12. 邱正宏、孫屏台、陳正鎔（民九十‧十一月），「偽裝公鑰密碼系統於電子商務應用之研究」，第二屆產業資訊管理學術暨新興科技實務研討會，輔仁大學主辦，頁77-82。
13. 邱正宏、陳正鎔、孫智明（民九一‧二月），「未來資訊戰中訊息加密模式之研究」，陸軍通信兵九十一年度軍事學術研討會，陸軍通信電子資訊學校主辦，頁16-1~16-6。
14. 邱正宏、陳正鎔、孫屏台（民九一‧三月），「以非對稱式密碼系統建構電子商務環境下廣播加密模組之研究」，2002電子商務與數位生活研討會，實踐大學主辦，頁19。
15. Abdalla, M., Shavitt, Y., and Wool, A.[1999], “Towards Making Broadcast Encryption Practical.” Financial Cryptography '99, Anguilla, BWI.
16. Abdalla, M., Shavitt, Y., and Wool, A.[2000], “Key management for restricted multicast using broadcast encryption”, IEEE/ACM Transactions on Networking (TON), Volume 8, Issue 4, pp. 443-454.
17. Ajtai, M., and Dwork, C.[1997], “A public-key cryptosystem with worst-case/average-case equivalence.” Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, pp. 284-293.
18. Bari’c, N., and Pfitzmann, B.[1997], “Collision-free accumulators and fail-stop signature schemes without trees.” Advances in Cryptology-Eurocrypt ’97, Lecture Notes in Computer Science 1233, pp. 480-494.
19. Bleumer, G., Pfitzmann, B., and Waidner, M.[1991], “A remark on a signature scheme where forgery can be proved.” Advances in Cryptology-Eurocrypt ’90, Lecture Notes in Computer Science 437, pp. 441-445.
20. Blundo, C., Mattos, Luiz., A. Frota, Stinson, D. R.[1998], “Generalized Beimel-Chor schemes for broadcast encryption and interactive key distribution.” Theoretical Computer Science, Volume: 200, Issue: 1-2, pp. 313-334.
21. Brickell, E. F., and McCurley, K. S.[1991], “An Interactive Identification Scheme based on Discrete Logarithms and Factoring.” Advances in Cryptology-Eurocrypt ’90, Lecture Notes in Computer Science 437, pp:63-71.
22. Camenisch, J., and Michels, M.[1999], “Proving in zero-knowledge that a number is the product of two safe primes.” Advances in Cryptology — Eurocrypt ’99, Lecture Notes in Computer Science 1592.
23. Chaum, D., Heijst, E. van., and Pfitzmann, B.[1990], “Cryptographically strong undeniable signatures, unconditionally secure for the signer.” Interner Bericht, Fakultatfur Informatik, 1/91.
24. Chaum, D., Hendrik, J., and Graaf, J. van de[1987], “An improved protocol for demonstrating possession of discrete logarithms and some generalizations.” Advances in Cryptology-Eurocrypt ’87, Lecture Notes in Computer Science 304, Springer-Verlag, pp. 127-141.
25. Chen, J. R., and Liu, Y.[2000], “A Traceable Group Signature Scheme.” PERGAMON Mathematical and Computer Modelling 31, pp. 147-160.
26. Denning, D. E.[1982], Cryptography and Data Security, Addison-Wesley, 1982.
27. Diffie, W., and Hellman, M. E.[1976], “Privacy and Authentication: An Introduction to Cryptography.” Proceedings of the IEEE, Vol. 67, No. 3, pp. 644-654.
28. Diffie, W., and Hellman, M.[1976], “New directions in cryptography.” IEEE Trans. Inf. Theory IT-22(6), pp. 644-654.
29. Dutt, N., and Kelley, B.[1999], “On the rapid prototyping and design of a wireless communication system on a chip.” Proceedings of the 1999 international conference on Computer-aided design, pp. 609-610.
30. ElGamal, T.[1985], “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Trans, on Information Theory, Vol. IT-31, No. 4, pp. 469-472.
31. Ellison, C., and Schneier, B.[2000], “Inside risks: risks of PKI: e-commerce.” Commun, ACM 43, pp. 152.
32. Fabien, A. P., Ross, J. A., and Markus, G. K.(1999), “Information Hiding — A Survey.” Proceeding of the IEEE, Vol. 87, No. 7, pp. 1062-1078.
33. Feige, U., Fiat, A., and Shamir, A.[1988], “Zero-Knowledge Proofs of Identity,” Journal of Cryptology, pp. 77-94.
34. Forno, R., and Feinbloom, W.[2001], “Inside risks: PKI: a question of trust and value.” Commun, ACM 44, pp. 120.
35. Goldwasser, S., Micali, S., and Rivest, R. L.[1988], “A Digital Signature Scheme Secure Against Adaptive Chosenmessage Attacks.” SIAM Journal of Computing, 17/2, pp. 281-308.
36. Halevi, S., and Krawczyk, H.[1999], “Public-key cryptography and password protocols.” Trans. Inf. Syst. Secur. 2, pp. 230-268.
37. Hüseyin, U., Gbreve, Lu., Ian, F., Akyildiz and Michael, D. Bender.[2000], “A routing algorithm for connection-oriented low earth orbit (LEO) satellite networks with dynamic connectivity.” Wireless Networks 6, Vol. 3, pp. 181 — 190.
38. Imai, H., and Zheng, Y., “Public key cryptography first International Workshop on Practice and Theory.” in Public Key Cryptography, PKC '98, February 5-6.
39. Kelly, Sandra. J., and Richards, John. E.[1997], “Development of Heart Inter-beat Interval Variability in Preweanling Rats: Effects of Exposure to Alcohol and Hypoxia.”, Physiology & Behavior Volume: 61, Issue: 2, pp. 231-241.
40. Lamport, L.[1979], “Construction digital signatures from a one-way function.” PSRI International CSL-98.
41. Lei, Z., Saraydar, C. U., and Mandayam, N. B.[2000], “Paging area optimization based on inteerval estimation in wireless personal communication networks.” Mob. Netw. Appl. 5, pp. 85 — 99.
42. Liaw, M. S., and Chen, L. H.(1997), “An Effective Data Hiding Method.” Proceedings of 1997 IPPR Conference on Computer Vision, Graphics and Image Processings, pp. 146-153.
43. Matsui, M.[1994], “Linear Cryptanalysis Method for DES Cipher.” in Proceeding of EUROCRYPT ’93, Springer-Verlag, Berlin.
44. Miyaguchi, S.[1990], “The FEAL-8 Cryptosystem and Call for Attack.” Advances in Cryptology-CRYPTO ’89 proceedings, Belin: Springer-Verlag, pp. 624-627.
45. Miyaguchi, S.[1991], “The FEAL Cipher Family.” Advances in Cryptology-Crypto ’90 proceedings, Berlin: Springer-Verlag, pp. 627-638.
46. Mollin. Richard A.[2000], “An Introduction to Cryptography,” Boca Rotan, FL: Chapman & Hall/CRC.
47. Naccache, D., and Stern, J.[1998], “A new public key cryptosystem based on higher residues.” Proceedings of the 5th ACM conference on Computer and communications security, pp. 59-66.
48. Okamoto, T.[1988], “A digital multisignature scheme using bijective public-key cryptosystems.” ACM Trans. Comput. Syst, pp. 432 — 441.
49. Pedersen, T.[1991], “Non-interactive and information-theoretic secure variable secret sharing.” Advances in Cryptology ’91, pp. 129-140.
50. Peyravian, M., Matyas, S. M., and Zunic, N.[1999], “Decentralized group key management for secure multicast communications.” ELSEVIER Computer Communications 22, pp. 1183-1187.
51. Rivest, R. L., Shamir, A., and Adleman, L.[1978], ”A method of obtaining Digital Signatures and Public-key Cryptosystems.” Communications of the ACM, Vol.21, No.2, pp. 120~126.
52. Roy, R.[2000], “A counterexample to questions on the integrality property of virtual signature.” ELSEVIER Topology and its Applications 100, pp. 177-185.
53. Schwemmlein, J., Posch, K. C., and Posch, R.[1998], “RNS-Modulo Reduction Upon a Restricted Base Value Set and its Applicability to RSA Cryptography.”, Computers & Security Volume: 17, Issue: 7, pp. 637-650.
54. Shamir, A.[1979], “How to Sharing a Secret.” Comm. ACM Vol.22, pp. 612-613.
55. Shek, E. C., Son, K. D., Zhang, Y., and Buer, D. V.[1999], “Dynamic multicast information dissemination in hybrid satellite-wireless networks.” Proceedings of the ACM international workshop on Data engineering for wireless and mobile access, pp. 30-35.
56. Stinson, D. R., and Wei, R.[1999], “An application of ramp schemes to broadcast encryption”, Information Processing Letters, Volume: 69, Issue: 3, pp. 131-135.
57. Susilo, W., Safavi-Naini, R., and Pieprzyk. J.[1999], “RSA-based fail-stop signature schemes.” International Workshop on Security (IWSEC ’99), IEEE Comp. Soc. Press, pp. 161-166.
58. Tseng, Y. M., and Jan, J. K.[1999], “A novel ID-based group signature.” ELSEVIER Information Sciences 120, pp. 131-141.
59. Valstar, E. R., de Jong, F. W., Vrooman, H. A., Rozing, P. M., and Reiber, J. H. C.[2001], “Model-based Roentgen stereophotogrammetry of orthopaedic implants.”, Journal of Biomechanics Volume: 34, Issue: 6, June, 2001, pp. 715-722.
60. Wehde, Ed.[1998], “RSA challenge.” Network Security, Volume: 1998, Issue: 2, pp. 5-6.
61. Wiener, M.[1994], “Efficient DES Key Search.” in Proceeding of CRYPTO ’93, Springer-Verlag, Berlin.