跳到主要內容

臺灣博碩士論文加值系統

(3.231.230.177) 您好!臺灣時間:2021/08/04 00:47
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:林仁宏
研究生(外文):Ren-Hung Lin
論文名稱:安全的廣播金鑰管理機制之設計
論文名稱(外文):The Design of Key Management Schemes for Secure Broadcasting
指導教授:詹進科詹進科引用關係
指導教授(外文):Jinn-Ke Jan
學位類別:博士
校院名稱:國立中興大學
系所名稱:應用數學系所
學門:數學及統計學門
學類:數學學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:英文
論文頁數:74
中文關鍵詞:廣播加密金鑰管理群體通訊一對多多對多
外文關鍵詞:BroadcastEncryptionKey managementGroup communicationOne-to-manyMany-to-many
相關次數:
  • 被引用被引用:0
  • 點閱點閱:104
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著網際網路的速度加快以及網路技術的可靠度提昇,伺服器已經能夠提供給終端使用者許多便利與多樣的服務,其中受到許多大眾喜愛的就是廣播服務。每天有數以萬計的廣播訊息傳送給使用者。舉例來說,數位影像節目、每日新聞播送、線上即時網路多人會議、以及線上遊戲等,都是經常應用到廣播服務的技術。如果傳送的訊息只有授權的使用者才能正確接收,送方就需要設法保護訊息的機密性。由於收方的人員眾多,而且合法接收者很可能時常變動,所以如何有效率地控制與管理合法人員存取訊息,是各種廣播服務機制設計的一個主要的挑戰。
我們通常會使用加密技術來確保訊息的機密性。明文經由加密演算法的處理,將產生無法看懂的密文,除非收方擁有相關的秘密資訊(秘密金鑰),才能將密文正確回復成原來的明文。一般在使用者註冊為合法成員的階段時,系統會指定相關密鑰給使用者,以便合法成員收到廣播密文之後可以正確解開。另一方面,廣播訊息很有可能也會被其他未註冊的使用者接收到,或者被有心人士輕易的截聽存取,由於他們沒有相關的秘密金鑰,所以即使可以輕易收到廣播訊息,也是沒有辦法解密使用。
目前有幾個網路加密協定可以直接用來加密明文,達到通訊雙方的傳輸機密性的要求,例如IPsec (IP security), SSL (Secure Sockets Layer), 或者 TLS (Transport Layer Security)。但是在廣播通訊的環境中直接使用這些協定,可能導致計算量的迅速增加,不利於系統的擴充性(scalability)要求。由於應用這些協定加解密時,需要通訊雙方建立一條點對點的安全連線,才能使用加解密的傳輸功能。假設有n個合法的成員要接收訊息,伺服器就要各自建立兩兩的安全連線來做加解密運算,很明顯的通訊與計算複雜度是O(n)。當成員大量增加後,系統需要相當多的計算能力以及通訊頻寬,才有辦法處理人員擴充的問題。而且在通訊的過程中,往往每隔一段特定的時間,系統便會執行更換加密金鑰的動作,以確保傳輸的秘密資訊不容易受到離線攻擊的破解,如此一來,人員的大量增加會使得系統更加難以負荷,因為系統要針對每個使用者,單獨處理金鑰更換協商與安全地傳送新的加密金鑰給使用者。特別是在無線傳輸的環境中,頻寬資源相對於有線的環境更是受到限制,如果定期執行更新金鑰的相關運算,其通訊複雜度是隨著使用者呈線性成長,有限的頻寬將不易即時處理大量資料傳輸的問題。而且無線通訊環境當中,接收端擁有的設備可能是運算能力較薄弱的可攜性裝置,例如手機或是個人數位助理(PDA),也不利於執行複雜度是線性成長的頻繁運算。
本論文提出幾個安全廣播的金鑰管理協定。透過這些機制,不僅可以減少傳送端的金鑰儲存空間,而且可以明顯降低通訊所需的頻寬。系統管理者能夠快速處理每個使用者不同的內容需求,針對個人提供多樣化的廣播服務(service diversity)。如果使用者也想分享他的廣播訊息給別的成員,只要系統管理者將相關金鑰設定完成,每一位使用者就能夠在任何時候傳送廣播訊息,而且只有他指定的成員才能順利解密,廣播期間不須要系統管理者從旁協助,能減輕廣播系統計算上的負擔。應用本文所提出的廣播機制,使用者不需要一直在上線(on-line)狀態,也不會漏接加密金鑰更動的訊息,經由安全性分析,我們所提之這些協定可以達到一定程度的安全水準。
Due to the great improvement in speed and reliability of Internet technology, servers are able to provide many different services for end users. One popular application is broadcast service. Millions of broadcast messages are transmitted to end users every day. For examples, video transmissions, daily news feeds, live multi-party conferencing, and online video games are some of end users’ favorite broadcast services. If some end users are not authorized to access the particular messages, senders should protect the confidentiality of what are broadcasting. Therefore, a major security challenge for broadcast communications is to provide efficient methods for controlling authorized accesses.
Encrypting the original messages (plain text) with secret information (secret key) is a popular way to keep the privacy of messages. The plain text will be transformed to a confused one (cipher text) after being processed with encryption techniques. Usually, when authorized end users register at a server, they are assigned their own secret keys and are able to recover (decrypt) the cipher text received later. On the other side, even though unauthorized end users may receive each broadcast message through public mediums used for transmission, they cannot read the confidential messages because they do not own the specific secret key.
Enabling the available protocols such as IPsec (IP security), SSL (Secure Sockets Layer), or TLS (Transport Layer Security) can encrypt the packets to achieve the secrecy requirements. However, the complexity of communications will be raised substantially. When using IPsec or SSL/TLS to ensure the secrecy, each of the two parties must establish a secure point-to-point link respectively for communications. In an n-members group, if one sender wants to transmit (broadcast) an identical message to the other members simultaneously, the system needs to establish distinct links for secure transmissions. The needed bandwidth goes up with the order of n, namely the communication complexity is O (n). When the size of group goes up, it needs much more computing power and communication bandwidth to handle the problem of scalability. Moreover, when the communicating has lasted for a period of time, the system has to be enabled with a negotiation for each link to produce a different secret key. If we use IPsec or SSL/TLS to secure the broadcast messages, the communication complexity of re-keying will increase with n, namely with respect to the size of group. The scalability of system will be degenerated by the increasing of end users. Particularly when communicating via wireless mediums, the available bandwidth in a wireless environment is much less than in a wired one. Therefore, an efficient scheme must be developed to solve the scalability problem of secure broadcasting.
We propose key management schemes for secure broadcasting to reduce the key storage requirement of senders and the order of communication complexity when re-keying the session keys used for secure broadcasting. A service provider can efficiently manage each member’s content request and provide various services at the same time. When the initiation phase is completed, group members can freely communicate one another in security as long as they are the same network system with no need of a group controller. Moreover, with our schemes, group members are not required to be on-line constantly for saving the changes to the system.
摘要 i
Abstract iii
List of Tables viii
List of Figures ix
Chapter 1 Introduction 1
Chapter 2 Session Key Distributions for Group Communications 7
2.1 Protocol Requirement 7
2.2 Pseudo Random Functions 8
2.3 Transmission Phase 9
2.4 Decryption Phase 10
2.5 A Simplified Example 10
2.6 Security Analysis 12
2.6.1 Brute force attack 12
2.6.2 Forward Security and Backward Security 13
2.6.3 Colluding Problem 14
2.7 Comparisons with other schemes 15
2.8 Summary 15
Chapter 3 One-to-many E-services 16
3.1 Initiation Phase 17
3.2 Transmission Phase 18
3.3 Decoding Phase 19
3.4 A Simplified Example 19
3.5 Performance Analysis 22
3.6 Applying Our Scheme to Pay-TV Systems 24
3.7 Security Analysis 26
3.8 Summary 27
Chapter 4 Many-to-Many Communications 28
4.1 Initiation Phase 28
4.2 Transmission Phase 31
4.3 Decoding Phase 31
4.4 An Example 32
4.5 Member Addition and Deletion 37
4.6 Performance Analysis 38
4.7 Summary 40
Chapter 5 Secure Group Communications Using Bilinear Pairing 41
5.1 Bilinear Pairing and the Related Hard Problems 42
5.2 The Proposed Scheme 43
5.2.1 System Setup Phase 43
5.2.2 Registration Phase 44
5.2.3 Sending Phase 45
5.2.4 Receiving Phase 48
5.3 Performance Analysis 50
5.3.1 Space Complexity 50
5.3.2 Computation Complexity 50
5.3.3 Communication Complexity 52
5.4 Guessing the Private Key Used in Bilinear Pairing 52
5.5 Applying Our Scheme to Personal Digital Creations Sharing 53
5.5.1 Uploading Personal Digital Creations 53
5.5.2 Distributing Digital Contents to Subscribers 57
5.6 Summary 61
Chapter 6 Conclusions and Future Works 62
6.1 Conclusions 62
6.2 Further Research Problems 64
6.2.1 Optimization Problem 64
6.2.2 Authentication Problem 65
6.2.3 Network coding 66
References 67
Vita 75
Publication Lists 76
Appendix A: The Hybrid Model and IHC Scheme 78
Hybrid Model 78
IHC (Iterated Hash Chain) scheme 81
[1] Akhter, F., Hobbs, D., and Maamar, Z., “Determining the Factors which Engender Customer Trust in Business-to-Consumer (B2C) Electronic Commerce,” Proceedings of the IEEE International Conference on E-Commerce Technology, 2004, pp.291-294.
[2] Baek, J., Safavi-Naini, R. and Susilo, W., “Efficient Multi-Receiver Identity-Based Encryption and Its Application to Broadcast Encryption Public-Key Encryption Schemes,” Proceedings of PKC 2005, LNCS 3386, 2005, pp.380-397.
[3] Boldyreva, A., “Efficient Threshold Signature, Multisignature and Blind Signature Schemes Based on the Gap-Diffie-Hellman-Group Signature Scheme,” Proceedings of PKC 2003, LNCS 2139, 2003, pp.31-46.
[4] Boneh, D. and Franklin, M., “Identity-Based Encryption from the Weil Pairing,” Proceedings of Advances in Cryptology – Crypto’01, LNCS 2139, 2001, pp. 213-229.
[5] Boneh, D. and Franklin, M., “Identity based encryption from the Weil pairing,” SIAM Journal on Computing, Vol. 32, No. 3, 2003, pp.586-615.
[6] Boneh, D., Gentry, C., Shacham, H. and Lynn, B., “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps,” Proceedings of Advances in Cryptology – Eurocryp’03, LNCS 2656, pp.416-432, 2003.
[7] Boneh, D., Shacham, H. and Lynn, B., “Short signatures from the Weil pairing,” Proceedings of Advances in Cryptology – Asiacrypt’01, LNCS 2248, 2001, pp.514-532.
[8] Briscoe, B., “MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences,” Proceedings of 1st International Workshopon Networked Group Communication, 1999, pp.301-320.
[9] Canetti, R., Garay, J., and Itkis, G., Micciancio, D., Naor, M., and Pinkas, B., “Multicast Security: a Taxonomy and Some Efficient Constructions,” Proceedings of the 18th Annual Joint Conference of the IEEE Computer and Communications Societies - INFOCOM 1999, Vol. 2, 1999, pp.708-716.
[10] Canetti, R., Malkin, T. and Nissim, K. “Efficient communication-storage tradeoffs for group communication encryption,” Proceedings of Advances in Cryptology – Eurocrypt’99, 1999, pp.456-470.
[11] Chan, K.C. and Chan, S.-H.G, “Distributed servers approach for large-scale secure group communication,” IEEE Journal on Selected Areas in Communications, Vol. 20, 2002, pp.1500-1510.
[12] Chien, H.Y. and Jan, J.K., “Improved authenticated multiple-key agreement protocol without using conventional one-way function,” Applied Mathematics and Computation, Vol.147, No.2, 2004, pp.491-497.
[13] Chien, H.Y. and Jan, J.K., “New Hierarchical Assignment without Public-Key Cryptography”, Computers & Security, Vol.22, No.6, 2003, pp.523-526.
[14] Choie, Y.J. and Lee, E., “Implementation of Tate pairing on hyperelliptic curves of Genus 2,” Proceedings of the International Calendar of Information Science Conferences (ICISC) 2003, LNCS 2971, 2004, pp.97-111.
[15] Chokhani, S. and Ford, W. “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,” IETF PKIX RFC 2527, March 1999.
[16] Chor, B., Fiat, A., Naor, M. and Pinkas, B., “Tracing traitors,” IEEE Transactions on Information Theory, Vol.46, Iss. 3, 2000, pp.893-910.
[17] Chu, H.H., Qiao, L., and Nahrstedt, K., “A secure group communication protocol with copyright protection,” ACM SIGCOMM Computer Communication Review, vol. 32, 2002, pp.42-60.
[18] Dierks, T. and Allen, C. “The TLS Protocol Version 1.0,” IETF RFC 2246, January 1999.
[19] Du, X.J., Wang, Y., Ge, J.H. and Wang, Y.M., “An ID-Based Broadcast Encryption Scheme for Key Distribution,” IEEE Transactions on Broadcasting, Vol.51, Iss.2, 2005, pp.264-266.
[20] Dutta, R., Barua, R., and Sarkar, P., “Pairing-Based Cryptographic Protocols: A Survey,” Cryptology ePrint Archive, Report 2004/064, 2004.
[21] Elgamal, T., “A public key cryptosystem and a signature scheme based on discrete logarithms.” IEEE Transactions on Information Theory, Vol. 31, Iss. 4, 1985, pp.473-481.
[22] El-Sayed, A., Roca, V. and Mathy, L., “A survey of proposals for an alternative group communication service,” IEEE Network, Vol.17, Iss.1, 2003, pp.46-51.
[23] Fan, C.I. and Lei, C.L., “Low-computation Partially Blind Signatures for Electronic Cash,” IEICE Transactions on Fundamentals of Electronics, Vol.E81-A, No.5, 1998, pp.818-824.
[24] Freier, A. O., Karlton, P. and Kocher, P. C. “The SSL Protocol Version 3.0,” IETF Internet Draft, March 1996.
[25] Galbraith, S.D., Paterson, K.G. and Smart, N.P., “Pairings for Cryptographers,” Cryptology ePrint Archive, Report 2006/165, 2006.
[26] Galbraith, S.D., Harrison, K. and Soldera, D., “Implementing the Tate pairing,” Proceedings of ANTS 2002, LNCS 2369, 2002, pp.324-337.
[27] Greveler, U., “How Pay-TV becomes E-Commerce,” Proceedings of the Seventh IEEE International Conference on E-Commerce Technology, 2005, pp.508-511.
[28] Halevy, D. and Shamir, A., “The LSD broadcast encryption scheme,” Proceedings of Advances in Cryptology – Crypto’02, LNCS 2442, 2002, pp.47-60.
[29] Herranz, J., and S?ez, G., “New Identity-Based Ring Signature Schemes,” Proceedings of Information and Communications Security (ICICS), 2004, LNCS 3269, 2004, pp.27-39.
[30] Hirakawa, S., Sato, N. and Kikuchi, H., “Broadcasting Satellite services for mobile reception,” Proceedings of the IEEE, Vol.94, Iss.1, 2006, pp.327-332.
[31] Hopwood, D., “PRF and KDF algorithms,” http://www.users.zetnet.co.uk/hopwood/crypto/scan/prf.html
[32] Huang, D.J. and Medhi, D., “A Key-Chain-Based Keying Scheme For Many-to-Many Secure Group Communication,” ACM Transactions on Information and System Security, Vol.7, No.4, 2004, pp.523-552.
[33] Huang, Y.L., Shieh, S.P., Ho, F.S. and Wang, J.C. “Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems,” IEEE Transactions on Multimedia, Vol. 6, No. 5, 2004, pp.760-769.
[34] Jan, J.K. and Chern, Y.Y., “A practical design for secure broadcasting using PKD concept,” Proceedings of IEEE International Carnahan Conference on Security Technology, 1993, pp.22-27.
[35] Jin, H.X., Lotspiech, J. and Nusser, S., “Traitor Tracing for Prerecorded and Recordable Media,” Proceedings of the 4th ACM workshop on Digital rights management, 2004, pp.83-90.
[36] Joux, A., “A one round protocol for tripartite Diffie–Helman,” Proceedings of Algorithmic Number Theory symposium, LNCS 1838, 2000, pp.385-394.
[37] Jurisic, A. and Menezes, A., “Elliptic Curves and Cryptography,” Dr. Dobb’s Journal, 1997, pp.23-36.
[38] Kent, S. and Seo, K. “Security Architecture for the Internet Protocol,” IETF RFC 4301, December 2005.
[39] Koblitz, N., “Elliptic curve cryptosystems,” Mathematics of Computation, Vol. 48, 1987, pp.203-209.
[40] Li, M., Poovendran, R. and Berenstein, C., “Design of secure group communication key management schemes with communication budget constraint,” IEEE Communications Letters, Vol.6, 2002, pp.108-110.
[41] Lin, R.H. and Jan, J.K., “A Tree-Based Scheme for Security of Many-to-Many Communication,” Journal of High Speed Networks, Vol.16, No.1, 2007, pp.69-79.
[42] Lin, R.H. and Jan, J.K., “An Innovative Revocation Scheme for One-to-many E-services,” Electronic Commerce Research and Applications, Vol.6, Iss.3, 2007, pp.358-363.
[43] Lin, R.H. and Jan, J.K., “A Secure Session Key Distribution Scheme for Group Communications,” Journal of Shanghai Jiaotong University (Science), Vol.E-11, No.2, 2006, pp.192-196.
[44] Liu, B.F., Zhang, W.J. and Jiang, T.P., “A Scalable Key Distribution Scheme for Conditional Access System in Digital Pay-TV System,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, 2004, pp.632-637.
[45] Menezes, A.J., Okamoto, T. and Vanstone, S.A., “Reducing elliptic curve logarithm to logarithm in a finite field,” IEEE Transactions on Information Theory, Vol. 39, 1993, pp.1639-1646.
[46] Mihaljevic, M., “Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy,” Proceedings of Advances in Cryptology – Asiacrypt’03, 2003, pp.137-154.
[47] Miller, V. S., “The Weil pairing and its efficient calculation,” Journal of Cryptology, Vol. 7, No.4, 2004, pp.235-261.
[48] Miller, V., “Use of elliptic curves in cryptography,” Advances in Cryptology – Crypto’85, LNCS 218, 1985, pp.417-426.
[49] Mittra, S., “Iolus: A framework for scalable secure multicasting,” Proceedings of the ACM SIGCOMM ''97 conference on Applications, technologies, architectures, and protocols for computer communication, 1997, pp.277-288.
[50] Molva, R. and Pannetrat, A., “Scalable group communication security with dynamic recipient groups,” ACM Transactions on Information and System Security, Vol. 3 , 2000, pp.136-160.
[51] Naor, D., Naor, M. and Lotspiech, J., “Revocation and Tracing Schemes for Stateless Receivers,” Advances in Cryptology – Crypto’01, LNCS 2139, 2001, pp.41-62.
[52] Nishimoto, Y., Baba, A., Kurioka, T. and Namba, S. “A digital rights management system for digital broadcasting based on home servers,” IEEE Transactions on Broadcasting, Vol.52, Iss.2, 2006, pp.167-172.
[53] Noubir, G., Zhu, F. and Chan, A.H., “Key management for simultaneous join/leave in secure group communication,” Proceedings of 2002 IEEE International Symposium on Information Theory, 2002, pp.325-325.
[54] Park, J.M., Chong, E.K.P. and Siegel, H.J. “Efficient multicast packet authentication using signature amortization,” Porceedings of 2002 IEEE Symposium on Security and Privacy, 2002, pp.210-223.
[55] Perrig, A., Canetti, R., Tygar, J.D. and Song, D., “Efficient authentication and signing of group communication streams over lossy channels,” Proceedings of 2000 IEEE Symposium on Security and Privacy, 2000, pp.56-73.
[56] Rafaeli, S. and Hutchison, D., “A survey of key management for secure group communication,” ACM Computing Surveys, Vol.35, Iss.3, 2003, pp.309-329.
[57] Rivest, R., Shamir, A. and Adleman, L., “A method for obtaining on digital signatures and public-key cryptosystems,” Communications of the ACM, Vol.21, No.2, 1978, pp.120-126.
[58] Safavi-Naini, R. and Wang, Y.J., “Sequential Traitor Tracing,” IEEE Transactions on Information Theory, Vol.49, No.5, 2003, pp.1319-1326.
[59] Shamir, A., “Identity-based cryptosystems and signature schemes,” Proceedings of Advances in Cryptology – Crypto’84, 1984, LNCS 196, pp.47-53.
[60] Sherman, A.T. and McGrew, D.A., “Key Establishment in Large Dynamic Groups Using One-Way Function Trees,” IEEE Transactions on Software Engineering, Vol.29, No.5, 2003, pp.444-458.
[61] Stallings, W. “Network security essentials: applications and standards,” 2nd Edition, Prentice Hall, 2003, pp.216.
[62] Stallings, W., “Cryptography and Network Security: Principles and Practice,” Chapter 17, 3rd Edition, Prentice Hall, 2002.
[63] Steiner, M., Tsudik, G., and Waidner, M., “Diffie-Hellman key distribution extended to group communication,” Proceedings of 3rd ACM conference on computer and communications security, 1996, pp.31-37.
[64] Tran, M. and Tavanapong, W. “On the Design, Analysis, and Implementation of a Generalized Periodic Broadcast Server,” IEEE Transactions on Broadcasting, Vol.52, Iss.4, 2006, pp.515-528.
[65] Tseng, Y.M., “A scalable key-management scheme with minimizing key storage for secure group communications,” International Journal of Network Management, Vol.13, No.6, 2003, pp.419-425.
[66] Wallner, M., Harder, E.J. and Agee, R.C., “Key management for group communication : Issues and architectures,” RFC2627, 1999.
[67] Wang, L. and Wu, C.K., “Efficient identity-based multicast scheme from bilinear pairing,” IEE Proceedings Communications, 2005, Vol. 152, No. 6, pp.877-882.
[68] Wang, Y. and Li T.Y., “LITESET/A++: A New Agent-assisted Secure Payment Protocol.” Proceedings of the IEEE International Conference on E-Commerce Technology, 2004, pp.244-251.
[69] Wong, C.K., Gouda, M. and Lam, S.S., “Secure group communications using key graphs,” IEEE/ACM Transactions on Networking, Vol.8, No.1, 2000, pp.16-30.
[70] Xie, Q., Zeng, S.B., and Yu, X.J., “A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting,” IEEE Transactions on Consumer Electronics, Vol.51, Iss.3, 2005, pp.925-932.
[71] Zhang, F. and Kim, K., “ID-Based Blind Signature and Ring Signature from Pairings,” Proceedings of Advances in Cryptology – Asiacrypt’02, LNCS 2510, 2002, pp.533-547.
[72] Zhu, W.-T., “Optimizing the Tree Structure in Secure Multicast Key Management,” IEEE communications letters, vol. 9, no. 5, 2005, pp.477-479.
[73] National Institute of Standards and Technology (NIST) “Announcing the ADVANCED ENCRYPTION STANDARD (AES)”, Federal Information Processing Standards Publication 197, November 26, 2001.
[74] 林仁宏, 詹進科, “A Study on Secure Group Communications using Bilinear Pairing (雙線性配對在群體通訊之研究),” Communications of the CCISA (資訊安全通訊), Vol.12, No.4, 2006, pp.48-60.
[75] 林仁宏, 詹進科, “安全的群播金匙管理,” Communications of the CCISA (資訊安全通訊), Vol.9, No.2, 2003, pp.39-48.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top