(3.230.76.48) 您好!臺灣時間:2021/04/15 02:00
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳英倫
研究生(外文):Ying-lun Chen
論文名稱:階層式時綁金鑰分配機制之設計與應用
論文名稱(外文):Application and Design of Time-Bound Hierarchical Key Assignment Scheme
指導教授:唐元亮簡宏宇簡宏宇引用關係
指導教授(外文):Yuan-liang TangHung-yu Chien
學位類別:碩士
校院名稱:朝陽科技大學
系所名稱:資訊管理系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:中文
論文頁數:77
中文關鍵詞:密碼學階層式時綁金鑰分配機製存取控制XML安全
外文關鍵詞:time-bound hierarchical key assignmentXML Securityaccess controlcryptography
相關次數:
  • 被引用被引用:0
  • 點閱點閱:241
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:28
  • 收藏至我的研究室書目清單書目收藏:0
在分散式的環境下,使用者與資源經常會依照其權利等級及資源安全需求而區分成許多不同的類別Ci;例如s={C1,C2,...,Cm}代表區分成m個等級。在很多情形下,這些資源等級及使用者權力等級之間的關係往往可表示成階層式架構;諸如行政系統、軍隊組織、企業結構…。當這些類別被組織成樹狀的階層式架構時,在類別之間的存取控制之權限上也就產生部份相依(partial-order)的關係,即“<=”(特殊字元,詳見論文)。如Cj<=Ci就表示被分配到階層Ci的使用者,能擁有高於或等於層級Cj的權限。本文所提的階層式金鑰分配機制,更是為了對階層式架構中的使用者與資源進行有效的管控。雖然,已經有許多的研究以金鑰分配的方式,用不同階層之金鑰加密資源達到階層式架構的存取控制,卻仍然無法解決現今階層式架構應用上的問題。這個問題是指使用者可能在加入階層式系統後,經過一段時間就退出或是更換使用者的安全等級到另一個層級去。此時,為了避免舊有的金鑰被非法的延續使用,系統需要在使用者退出層級之後更新大量的金鑰,並將新的金鑰交付到合法的使用者手中;當前述的問題頻繁發生時,除了造成了大量的運算成本,分派金鑰的風險更隨之成長。而階層式時綁金鑰分配機制增加了“時綁”的特性,其目的正是為了解決具時序性的階層式架構中之存取控制的問題。在這個機制下,合法的使用者可以利用自己被分配到的一把由密碼學產生之使用者金鑰推導一個預訂的時段之中,使用者在階層式架構裡的權限足以取用的數把不同的加密金鑰;反之,在非預定時段裡,使用者金鑰就像失效一樣,加密金鑰無法被未授權的使用者所推導出;基於這種特性,系統再也不需要因為使用者自主性的離開,而需要經常更新系統中的金鑰。儘管,這門科學已有許多新的想法與機制,然而這些機制仍然不安全;在另一方面,由於它們使用了大量的公開參數,所以在效率上的顯得不盡理想;同時,在實務應用的經驗也顯得十分不足。因此,在本論文的研究裡,我們對階層式時綁金鑰分配機制提出了有效率且安全性的改進方法,並經由建構一個安全且資源分享性高的電子報服務系統,表達利用階層式時綁金鑰分配機制的特性與XML的結構,就能改善電子報的服務效率,並提升系統在未來資源分享的能力。
In the systems of distributed environments, the users and the resources can be classified into a number of disjoint classes Ci, S={C1,C2,...,Cm} according to their importance, and these classes usually can be organized as a hierarchy tree through the partially ordered relation "<=", where "Cj<=Ci" means that the privilege belonging to Ci is higher than or equal to the privilege belonging to Cj. In the practice, hierarchical structures can be applied to many organizations such as government, military and enterprise. In order to control access to these resources, the conventional hierarchical key assignment schemes would be a good way to do this. Though many hierarchical key assignment schemes have been proposed for access control in a hierarchy, the conventional hierarchical key assignment schemes have poor performance in those environments where the users may frequently join and leave the system or change their classes in a short time. In the above mentioned situation, the conventional hierarchical key assignment schemes have to renew and redistribute the class keys to other users to prevent illegal access from unauthorized users. Thus, conventional hierarchical key assignment schemes are not only inefficient, due to periodically renewing the keys, but also error-prone due to frequent key redistribution. The "time-bound" hierarchical cryptographic key assignment schemes deal with the above mentioned temporal partial-order hierarchical access control problem. In this scheme, legal users can access a distinct resource among assigned classes by using the user’s owned cryptographic key to derive the data encrypting keys if and only if the privilege belongings to the class of resources is lower than or equal to the class of user at predetermined time period; therefore, the time-bound hierarchical cryptographic key assignment scheme does not require renewing and redistributing the class keys. Though many related investigations have been published, these schemes are either inefficiency (due to large-scale public parameters) or insecure, moreover, the implementation experience of time-bound hierarchical key assignment schemes are not enough. The aim of this thesis, we will show that security weakness and present a more efficient solution without the security weakness, and then we present an implementation experience by using time-bound hierarchical key assignment schemes and XML for improving the efficiency, data interoperability in the e-newspaper publication system.
摘要 I
Abstract III
誌謝 V
目錄 VI
表目錄 IX
圖目錄 X
第一章、簡介 1
1.1 動機 1
1.2 階層式金鑰分派機制 3
1.3 可擴展標記語言 8
1.4 電子報服務系統 9
第二章、相關研究 11
2.1 以RSA為基礎的階層式時綁金鑰分配機制 11
2.2 高效率的階層式時綁金鑰分配機制 13
2.3 XML與XML 安全 16
2.3.1 XML-Encryption 18
2.3.2 XML Digital Signature 19
第三章、安全、有效率的階層式時綁金鑰分配機制 22
3.1 Yeh的機制所存在的安全弱點 22
3.2 新的階層式時綁金鑰分配機制 24
3.3 安全與效率分析 26
3.3.1 安全分析 27
3.3.2 效率分析 28
第四章、植基於反竄改裝置的階層式時綁金鑰分配機制之電子報系統 31
4.1 新電子報服務系統之分析 32
4.1.1 系統環境 32
4.1.2 系統需求 33
4.2 新電子報服務系統之設計 36
4.2.1 系統架構 36
4.2.2 資源架構 38
4.2.3 電子報文件格式 38
4.2.4 關係參數文件格式 40
4.3 閱讀電子報 41
4.4 實作成果 42
4.4.1 系統管理介面 42
4.4.2 使用者介面 45
4.5 分析與比較 46
第五章、植基於RSA的階層式時綁金鑰分配機製之電子報系統 49
5.1 實作目的 49
5.2 新電子報服務系統的修改處 50
5.2.1 系統環境、需求與架構部份 50
5.2.2 修改過的關係參數文件格式 51
5.2.3 使用者的啟始金鑰 52
5.2.4 系統管理介面 53
5.2.5 使用者介面 54
5.3 實作結果與比較 56
5.3.1 實驗一 56
5.3.2 實驗二 57
5.3.3 實驗三 57
5.4 實驗結果之分析 58
第六章、結論與未來展望 60
參考文獻 63
附錄1、電子報服務系統之範例文件 66
1.1 電子報文件(明文) 66
1.2 電子報文件(密文) 67
1.3 關係參數檔 72
1.4 修改過的關係參數檔 73
1.5 啟始金鑰檔 77
[1]S.G. Akl and P.D. Taylor(1983), "Cryptographic Solution to a Problem of Access Control in a hierarchy," ACM Trans. on Computer Systems, Vol. 1, No. 3, pp. 239-248.
[2]E. Bertino, B. Carminati, and E. Ferrari(2001), "XML Security," Information Security Technical Report, Vol. 6, No. 2, pp. 44-58.
[3]E. Bertino, B. Carminati, and E. Ferrari(2002), "A Temporal Key Management Scheme for Secure Broadcasting of XML Documents," Proc. of the 9th ACM Conf. on Computer and Comm. Security, pp.31-40.
[4]C.-C. Chang, R.-J. Hwang, and T.-C. Wu(1992), "Cryptographic Key Assignment Scheme for Access Control in a Hierarchy," Information Systems, Vol. 17, No. 3, pp. 243-247.
[5]T.-S. Chen and J.-Y. Huang(2005), "A Novel Key Management Scheme for Dynamic Access Control in a User Hierarchy," Applied Mathematics & Computation, pp. 339-351.
[6]H.-Y. Chien and J.-K. Jan(2003), "New Hierarchical Assignment without Public Key Cryptography," Computer and Security, Vol. 22, No.6, pp. 523-526.
[7]H.-Y. Chien(2004), "Efficient Time-Bound Hierarchical Key Assignment Scheme," IEEE Trans. on Knowledge and Data Eng., Vol. 16, No. 10, pp. 1301-1304.
[8]A. De Santis, A.L. Ferrara, and B. Masucci(2006), "Enforcing the Security of a Time-Bound Hierarchical Key Assignment Scheme," Information Sciences, Vol. 176, pp. 1684-1694.
[9]M.L. Gemplus(1997), "Smart-Cards: A Cost-Effective Solution against Electronic Fraud," Proc. European Conf. Security and Detection, No.437, pp. 81-85.
[10]L. Ham and H.-Y. Lin(1990), "A Cryptographic Key Generation Scheme for Multilevel Data Security," Computers and Security, Vol. 9, No. 6, pp. 539-549.
[11]H.-F. Huang and C.-C. Chang(2004), "A New Cryptographic Key Assignment Scheme with Time-Constraint Access Control in a Hierarchy," Computer Standards and Interfaces, Vol. 26, No. 3, pp. 159-166.
[12]A. V.D.M. Kayem, S. G. Akl, and P. Martin(2005), "An Independent Set Approach to Solving the Collaborative Attack Problem," Proc. of International Conf. Parallel and Distributed Computing and Systems, pp. 594-599.
[13]W.-B. Lee, J.-H. Li, and C.-R. Dow(2005), "Efficient Date-Constraint Hierarchical Key Assignment Scheme," Proc. of the 2005 International Conf. on Security and Management, pp. 51-57.
[14]C.-H. Lin(2001), "Hierarchical Key Assignment without Public-Key Cryptography," Computer and Security, Vol. 20, Issue 7, pp.612-619.
[15]S.J. Mackinnon, P.D. Taylor, H. Meijer, and S.G. Akl(1985), "An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy," Trans. Computers, Vol. 34, No. 9, pp. 797-802.
[16]M. Naedele(2003), "Standard of XML and Web Services Security," Computer, Vol. 36, Issue 4, pp. 96-98.
[17]M. Renaudin, et al. (2004), "High Security Smartcards," Proc. of the Design, Automation and Test in Europe Conf. and Exhibition, Vol. 1, pp. 228-232.
[18]R. Rivest, A. Shamir, and L. Adleman(1978), "A Scheme for Obtaining Digital Signature and Public-Key Cryptosystems," Comm. of the ACM, Vol. 21, No. 2, pp. 120-126.
[19]R.S. Sandhu(1988), "Cryptographic Implementation of a Tree Hierarchy for Access Control," Information Processing Letters, No. 27, pp. 95-98.
[20]K.M. Shelfer and J.D. Procaccino(2002), "Smart Card Evolution," Comm. of ACM, Vol. 45, No. 7, pp. 83-88.
[21]W.-G. Tzeng(2002), "A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy," IEEE Trans. Knowledge and Data Eng., Vol. 14, No. 1, pp. 182-188.
[22]W.-G. Tzeng(2006), "Access Control and Authorization: A Secure System for Data Access Based on Anonymous Authentication and Time-Dependent Hierarchical Keys," Proc. ACM Symposium on Information, computer and comm. security, pp. 223-230.
[23]S.-Y. Wang and C.-S. Laih(2006), "Merging: An Efficient Solution for a Time-Bound Hierarchical Key Assignment Scheme," IEEE Trans. on Dependable and Secure Computing, Vol. 3, No. 1, pp. 91-100.
[24]World Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998. Available:
http://www.w3.org/TR/REC-xml/.
[25]World Wide Web Consortium. XML Encryption Syntax and Processing , 2002. Available:
http://www.w3.org/TR/xmlenc-core/.
[26]World Wide Web Consortium. XML-Signature Syntax and Processing , 2002. Available:
http://www.w3.org/TR/xmldsig-core/.
[27]J.-H. Yeh(2005), "An RSA-Based Time-Bound Hierarchical Key Assignment Scheme for Electronic Article Subscription," Proc. ACM conf. Information and Knowledge Management, pp.285-286.
[28]X. Yi and Y. Ye(2003), "Security of Tzeng''s Time-Bound Key Assignment Scheme for Access Control in a Hierarchy," IEEE Trans. on Knowledge and Data Eng., Vol. 15, No. 4, pp. 1054-1055.
[29]X. Yi(2005), "Security of Chien''s Efficient Time-Bound Hierarchical Key Assignment Scheme," IEEE Trans. on Knowledge and Data Eng., Vol. 17, No. 9, pp. 1298-1299.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔