臺灣博碩士論文加值系統

時戳服務機制在電子化的世界裡是相當重要的一環，諸如電子憑證機制、智慧財產權保護機制與數位契約書等機制，均需藉由時戳服務機制來為電子資料提供具法律效力的時間證明。因此在建構數位化的生活環境時，必須建立一方便的時戳運作環境，讓電子資料很容易取得時間證明，以便得知文件的產生時間的相關證明。本論文將說明時戳服務系統的基本服務機制，建置時戳服務應用系統時需考慮的問題，探討兩時戳在判斷先後順序所遇到的問題，提出一種在兩個時戳伺服器間建立時戳時序關聯性的機制。利用原本的時戳服務協定，讓兩時戳服務中心所各別簽發的時戳，有機會得知兩者確切先後順序，此時序判斷機制不需使用絕對時間資訊，去除因時間誤差所造成的時序誤判與爭議，提昇時戳的實際應用價值。最後模擬並討論在特定時戳服務運作環境與條件下，此種建立時戳時序關聯性機制的效能表現。

Time Stamping Service has quite critical role in an electronic society. Many mechanisms such as Electronic Signature Scheme, Copy Right Protection, and Digital Contract Signing require valid time certificates which set up the legal status. Hence, it is necessary to set up a sound enviroment for Time Stamping Services. The time certificate for an electronic document is provided to prove that the document was existent since a particular time and was not changed after it was time stamped. This thesis will review the basic mechanisms of Time Stamping Service and problems when building a Time Stamping application. The issuetor determination of the temporal order of two Time Stamps obtained from different Time Stamp Authority are discussed. A mechanism is proposed to establish Timeline Associate Chain between two Time Stamping Authorities. This method uses the Time Stamp Protocol to recognize relative temporal order of two Time Stamps that was signed by two Time Stamping Authorities. This mechanism for determining temporal order of two time stamps does not use absolute time information. Finally, performance of the mechanism for establishing Timeline Associate Chain is simulated and discussed.

論文授權書………………………………………………………………Ⅰ
中文摘要…………………………………………………………………Ⅱ
英文摘要…………………………………………………………………Ⅲ
誌謝………………………………………………………………………Ⅳ
目錄………………………………………………………………………Ⅴ
圖目錄……………………………………………………………………Ⅷ
簡介………………………………………………………………………1
一、背景…………………………………………………………………3
1.1 時戳與文件的關係…………………………………………………3
1.2 文獻回顧……………………………………………………………4
1.2.1 線性鏈結( Linear Linking )…………………………………4
1.2.2 回合( Round )概念的鏈結方法 ………………………………6
1.2.3 分散式信任( Distributed Trust ) …………………………8
1.2.4 建置時戳服務的相關問題………………………………………9
1.3 局部嵌入攻擊( PARTIAL INSERTION ATTACK )…………………10
1.3.1 發現時序鏈結關係分支的方法…………………………………11
1.3.2 局部嵌入攻擊對判斷時戳時序的影響…………………………11
二、時戳服務系統與時戳應用軟體……………………………………13
2.1 文件上的時戳………………………………………………………13
2.1.1 為文件產生時戳的程序…………………………………………13
2.1.2 文件上的時戳與簽章……………………………………………14
2.2 公開金鑰基礎建設(PKI)架構下的時戳服務 ……………………15
2.3 時戳服務系統………………………………………………………16
2.3.1 時戳服務系統的提供的基本服務………………………………16
2.3.2 時戳服務系統的分類……………………………………………18
2.4 建置時戳應用系統需考慮的因素…………………………………19
2.4.1 客戶端的使用與操作模式………………………………………19
2.4.2 保存時戳的方式…………………………………………………20
2.4.3 應用環境所需的法律效力………………………………………20
2.4.4 時間資訊的形式…………………………………………………21
三、時戳的時序關係 ……………………………………………………22
3.1 判斷時戳時序的相關問題…………………………………………22
3.1.1 利用絕對時間資訊判斷時戳時序………………………………22
3.1.2 利用相對時間資訊判斷時戳時序………………………………23
3.1.3 同時使用絕對與相對時間資訊…………………………………24
3.2 兩時序鏈的相對時序關聯性………………………………………24
3.2.1 利用現實生活時間來產生關聯性………………………………25
3.2.2 建立時戳序號中心………………………………………………28
四、一種建立兩時序鏈時序關聯性的機制……………………………29
4.1 建立相對式時序關聯性……………………………………………29
4.1.1 概念………………………………………………………………29
4.1.2 建立時序關聯鏈…………………………………………………30
4.2 比對時戳時序關係的方法…………………………………………32
4.2.1 搜尋時序關聯鏈資訊……………………………………………32
4.2.2 得知兩時序鏈相對時序關係……………………………………33
4.2.3 驗證時序判斷結果………………………………………………34
4.2.4 安全性……………………………………………………………35
4.2.5 討論………………………………………………………………35
4.3 時序關聯鏈的功能…………………………………………………37
4.3.1 提昇時戳服務品質………………………………………………37
4.3.2 轉移時戳簽發服務………………………………………………37
4.3.3 討論………………………………………………………………39
4.4 應用上的問題與解決方法…………………………………………40
4.4.1 時序關聯鏈在應用上的問題……………………………………40
4.4.2 解決方法一：兩時戳服務中心相互建立時序關聯鏈…………41
4.4.3 解決方法二：產生時序關聯鏈的時戳…………………………42
五、時序判斷機制之模擬與分析………………………………………46
5.1 運作環境……………………………………………………………46
5.1.1 無法判斷相對時序關係的時段…………………………………47
5.1.2 可以判斷時序關係的機率………………………………………48
5.2 分析與模擬…………………………………………………………50
5.2.1 模擬………………………………………………………………50
5.2.2 平均機率表現 ……………………………………………………52
六、結論…………………………………………………………………54
七、參考文獻……………………………………………………………55
附 錄 A………………………………………………………………57
附 錄 B………………………………………………………………60

[ 1] S. Haber and W. Scott Stornetta, “How to Time-Stamp a Digital Document,” Journal of Cryptology, Vol. 3, No. 2, pp. 99-111, 1991.
[ 2] J. Benaloh and M. deMare, “Efficient Broadcast Time-Stamping,” Clarkson University Department of Mathematics and Computer Science Technical Report number TR-MCS-91-1, April 1991.
[ 3] Dave Bayer, Stuart Haber and W. Scott Stornetta, “Improving the efficiency and reliability of digital time-stamping,” In Sequences''91: Methods in Communication, Security, and Computer Science, pp. 329--334. SpringerVerlag, 1992.
[ 4] J. Benaloh and M. deMare, “One-Way Accumulators: A Decentralized Alternative to Digtal Signatures,” Advances in Cryptology — Proceedings of Eurocrypt ’93, Springer-Verlag, 1993.
[ 5] Mike Just, “Some Timestamping Protocol Failures,” Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, CA, pp. 89-96, March 11-13 1998.
[ 6] Ahto Buldas, Peeter Laud, Helger Lipmaa and Jan Villemson, “Time-Stamping with Binary Linking Schemes,” In Hugo Krawczyk, editor, Advances in Cryptology --- CRYPTO ''98, volume 1462 of Lecture Notes in Computer Science, pp. 486-501. Springer-Verlag, 1998.
[ 7] Ahto Buldas and Peeter Laud, “New linking schemes for digital timestamping,” in The 1st International Conference on Information Security and Cryptology, pp. 3-14, December 1998.
[ 8] Akira Takura, Satoshi Ono and Shozo Naito, “A Secure and Trusted Time Stamping Authority,” Internet Workshop, IWS 99, pp. 88-93, IEEE, 1999.
[ 9] H. Massias, X. Serre Avila and J-J. Quisquater, “Timestamps:Main issues on their use and implementation,” Enabling Technologies: Infrastructure for Collaborative Enterprises, (WET ICE ''99) Proceedings. IEEE 8th International Workshops on, pp. 178-183, 1999.
[10] Ahto Buldas, Helger Lipmaa and Berry Schoenmakers, “Optimally Efficient Accountable Time-Stamping,” In Yuliang Zheng and Hideki Imai, editors, Public Key Cryptography ''2000, volume 1751 of Lecture Notes in Computer Science, pp. 293-305, Melbourne, Australia, 18--20 January 2000.
[11] C. Adams, P. Cain, D. Pinkas and R. Zuccherato, “Internet X. 509 Public Key Infrastructure: Time Stamp Protocol (TSP),” RFC 3161, August 2001.
[12] David L. Mills, “Network Time Protocol (Version 3) Specification, Implementation and Analysis,” RFC 1305, March 1992.
[13] Carlisle Adams and Steve Lloyd, “Understanding Public-Key Infrastructure,” 296 pages, Macmillan Technical Publishing, USA, August 1999, ISBN 157870166X.
[14] 電子簽章法,中華民國90.11.14 總統府公告
中華民國經濟部商業司, http://www.moea.gov.tw/~meco/doc/ndoc/s5_p05.htm
[15] Fernando Pinto and Vasco Freitas, “Digital Time-stamping to Support Non Repudiation in Electronic Communications,” Proc SECURICOM''96 - 14th Worldwide Congress on Computer and Communications Security and Protection, pp. 397-406, Ed MCI (Manifestations & Communications Internationales), CNIT, Paris, France, Jun 5-6, 1996.
[16] A. Shamir, “How to share a secret,” Commun. of th ACM, vol.22, pp.612-613, November 1979.
[17] Ahto Buldas and Helger Lipmaa, “Digital Signatures, Timestamps and the Corresponding Infrastructure,” Baltic IT Review, January 1998.
[18] Matt Blaze, John Ioannidis, and Angelos D. Keromytis, “DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System,” Request For Comments (RFC) 2792, March 2000.
[19] H. Krawczyk, M. Bellare and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” RFC2104, February 1997.
[20] I. Damgård. A Design, “Principle for Hash Functions,” In G. Brassard, editor, Advances in Cryptology -- Crypto'' 89 Proceedings, number 435 in Lecture Notes in Computer Science. Springer-Verlag, 1989.
[21] Alfredo De Santis and Moti Yung, “On the design of provably-secure cryptographic hash functions,” In Advances in Cryptology -- EUROCRYPT 90, volume 473 of Lecture Notes in Computer Science, pages 412-431.
[22] “Digital Signature Standard,” National Bureau of Standards FIPS Publication 180, 1993.
[23] R. L. Rivest, A. Shamir and L. M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, 21(2):120—126, 1978.
[24] Manuel Blum and Silvio Micali, “How to generate cryptographically strong sequences of pseudo-random bits,” SIAM Journal on Computing, 13(4):850-864, November 1984.