科技的日新月異以及網際網路的發達，人們的通訊方式多為利用TCP/IP的網路架構進行，在現今TCP/IP的架構上，由於使用者對於網路傳輸的要求下，此類型的網路架構下可能有些不足的地方，像是流量過載與檔案的不確定性。為了要補強這些不足，因此新型網路架構資料命名網路被提出。
資料命名網路主要以檔案為主的一個網路架構，其架構下之使用者皆利用鄰近結點進行檔案存取，並在接受檔案後可以驗證檔案之正確性。在資料命名網路中，路由器不僅擁有儲存的功能，而且可以幫助搜尋檔案，此架構改善了上述TCP/IP可能造成的不便，然而資料命名網路屬於一個新穎的研究議題，在現今研究上的安全檔案傳輸機制並不完整，目前的安全檔案傳輸機制接收者並無法知道送出檔案的使用者為誰，在某些情況下（例如：檔案受損與來源確認），接收者必須查證檔案的傳送者身份，因此在安全的檔案傳輸機制上，應該要賦予接收方與發送方的一個認證的機制。
有鑑於此，我們提出了一個具認證特性之重加密機制來實現在資料命名網路上，當檔案散布於資料命名網路時，不僅達到檔案之私密性，更解決了在檔案來源端的認證需求，並且對於來源端的認證機制更提出的新的定義與證明。

With the rapid growth of technology and the Internet, the digital communication is increasingly based on the architecture of TCP/IP. However, TCP/IP’s architecture has limitations such as flow overloading and data uncertainty. In response to this, a new architecture has been proposed, known as the Named Data Network.
The Named Data Network (NDN) is an alternative architecture based on the data each user accesses. Users gain access to the data by using an adjacent router (node) that verifies the correctness of the data. In NDN, the router has the ability to store and search for the data. Therefore, this architecture improves the disadvantages in TCP/IP’s architecture. NDN is a new proposal and relatively under-researched. Thus far, an adequate file-transfer protocol is unavailable for NDN. In some cases, files are broken or the source fails to authenticate, resulting in the need to discover the owner of the file. Moreover, we believe that NDN should contain an authentication mechanism in the secure-transfer protocol.
In view of this, we propose an authenticated re-encryption scheme for NDN, offering sender authentication, data confidentiality, and support for potential receivers. Furthermore, we propose a security model for sender authentication to prove that the scheme we propose is secure.

論文審定書i
Acknowledgments iv
摘要v
Abstract vi
List of Figures x
List of Tables xi
Chapter 1 Introduction 1
1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 2 Preliminaries 5
2.1 Named Data Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 The Architecture of Name Data Network . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Bilinear Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4 Identity-Based Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.5 Proxy Re-Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.6 Identity-Based Proxy Re-Encryption Scheme . . . . . . . . . . . . . . . . . . . . 10
2.7 Complexity Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 3 Related Works 13
3.1 Hamdane et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2 Green et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.3 Chu et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3.1 The Scheme IB-PRE-I . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3.2 The Scheme IB-PRE-II . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.4 Hu et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.5 Ding et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.6 Wang et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.7 Libert et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.7.1 Unidirectional Scheme in the Known Secret Key Model . . . . . . . . . 26
3.7.2 Scheme in the Chosen-Key Model . . . . . . . . . . . . . . . . . . . . . 28
3.8 Shao et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.8.1 Multi-use Unidirectional Proxy Re-Encryption . . . . . . . . . . . . . . 31
3.8.2 Identity-Based Conditional Proxy Re-Encryption . . . . . . . . . . . . . 33
Chapter 4 The Proposed Scheme 37
4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.2 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.3 The Proposed Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Chapter 5 Security Proof 43
5.1 Data Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.1.1 Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.1.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2 Sender Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2.1 Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Chapter 6 Properties and Comparisons 54
6.1 Comparison with Protocols in NDN . . . . . . . . . . . . . . . . . . . . . . . . . 54
6.2 Comparison with Proxy Re-Encryption Schemes . . . . . . . . . . . . . . . . . 55
Chapter 7 Conclusion 58
Bibliography 59

[1] Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur., 9(1):1–30, 2006.
[2] Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In Proceedings of International Conference on the Theory and Application of Cryptographic Techniques Espoo, Finland, May 31 –June 4, 1998 on Advances in Cryptology —EUROCRYPT’98, pages 127 – 144, 1998.
[3] Dan Boneh and Matt Franklin. Identity-based encryption from the weil pairing. In Proceedings of the 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19–23, 2001 on Advances in Cryptology —CRYPTO 2001, pages 213
– 229. Springer Berlin Heidelberg, 2001.
[4] Xavier Boyen. Identity-based signcryption. In Proceedings of Information Security and Cryptography, 2010 on Practical Signcryption, pages 159 – 261. Springer Berlin Heidelberg, 2010.
[5] Chen-Kai Cheng. Secure File Transfer Procotol for Named Data Network. National Sun Yat-sen University, master thesis, 2013.
[6] Cheng Kang Chu and Wen Guey Tzeng. Identity-based proxy re-encryption without random oracles. In Proceedings of 10th International Conference, ISC 2007, Valparaíso, Chile, October 9-12, 2007 on Information Security, pages 189 – 202, 2007.
[7] Yi Ding and Xu An Wang. Identity based proxy re-encryption based on a variant of bb1 identity based encryption. In 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), pages 506 – 509, 2010.
[8] Basil Etfia, Mario Gerla, and Lixia Zhang. Supporting military communications with named data networking: An emulation analysis. In 2012 - MILCOM 2012 MILITARY COMMUNICATIONS CONFERENCE, pages 1–6, 2012.
[9] Craig Gentry. Practical identity-based encryption without random oracles. In Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, May 28 - June 1, 2006 on Advances in Cryptology
- EUROCRYPT 2006, pages 445–464. Springer Berlin Heidelberg, 2006.
[10] Craig Gentry and Alice Silverberg. Hierarchical id-based cryptography. In Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security Queenstown, New Zealand, December 1–5, 2002 on Advances in
Cryptology —ASIACRYPT 2002, pages 548 – 566, 2002.
[11] Giulio Grassi, Davide Pesavento, Lucas Wang, Giovanni Pau, Rama Vuyyuru, RyujiWakikawa, and Lixia Zhang. Acm hotmobile 2013 poster: vehicular inter-networking via named data. Mobile Computing and Communications Review, 17(3):23–24, 2013.
[12] Matthew Green and Giuseppe Ateniese. Identity-based proxy re-encryption. In Proceedings of the 5th international conference on Applied Cryptography and Network Security, pages 288 – 306, 2007.
[13] Balkis Hamdane, Ahmed Serhrouchni, Ahmad Fadlallah, and Sihem Guemara El Fatmi. Named-data security scheme for named data networking. In 2012 Third International Conference on the Network of the Future (NOF), pages 1–6, 2012.
[14] Xiaoming Hu, Zhe Zhang, and Taozhi Si. Id-based proxy re-encryption schemes without random oracle. In 2009 CIS ’09. International Conference on Computational Intelligence and Security, pages 428 – 431, 2009.
[15] Van Jacobson, Diana K. Smetters, Nicholas H. Briggs, Michael F. Plass, Paul Stewart, James D. Thornton, and Rebecca L. Braynard. Voccn: Voice-over content-centric networks. In Proceedings of the 2009 Workshop on Re-architecting the Internet, pages 1–6.
ACM, 2009.
[16] Van Jacobson, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs, and Rebecca L. Braynard. Networking named content. In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pages
1–12. ACM, 2009.
[17] Xiaoke Jiang, Jun Bi, You Wang, Pingping Lin, and Zhaogeng Li. A content provider mobility solution of named data networking. In 2012 20th IEEE International Conference on Network Protocols (ICNP), pages 1–2, 2012.
[18] Neal Koblitz, Alfred Menezes, and Scott Vanstone. The state of elliptic curve cryptography. Designs, Codes and Cryptography, pages 173–193, 2000.
[19] Teemu Koponen, Mohit Chawla, Byung-Gon Chun, Andrey Ermolinskiy, Kye Hyun Kim, Scott Shenker, and Ion Stoica. A data-oriented (and beyond) network architecture. In Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and
Protocols for Computer Communications, pages 181–192. ACM, 2007.
[20] B. Libert and D. Vergnaud. Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Transactions on Information Theory, pages 1786 – 1802, 2011.
[21] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, Inc. Boca Raton, 2001.
[22] Michael Scott. Implementing cryptographic pairings. In Proceedings of the Pairing-Based Cryptography, pages 177–196, 2007.
[23] Adi Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in Cryptology, pages 47 – 53, 1985.
[24] Jun Shao, Peng Liu, Zhenfu Cao, and Guiyi Wei. Multi-use unidirectional proxy reencryption. In 2011 IEEE International Conference on Communications (ICC), pages 1–5, 2011.
[25] Jun Shao, Guiyi Wei, Yun Ling, and Mande Xie. Identity-based conditional proxy reencryption. In 2011 IEEE International Conference on Communications (ICC), pages 1–5, 2011.
[26] Lucas Wang, Alexander Afanasyev, Romain Kuntz, Rama Vuyyuru, Ryuji Wakikawa, and Lixia Zhang. Rapid traffic information dissemination using named data. In Proceedings of the 1st ACM Workshop on Emerging Name-Oriented Mobile Networking Design -
Architecture, Algorithms, and Applications, pages 7–12. ACM, 2012.
[27] Lucas Wang, Ryuji Wakikawa, Romain Kuntz, Rama Vuyyuru, and Lixia Zhang. Data naming in vehicle-to-vehicle communications. In 2012 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 328 – 333, 2012.
[28] Xu An Wang and WeiDong Zhong. A new identity based proxy re-encryption scheme. In 2010 International Conference on Biomedical Engineering and Computer Science (ICBECS), pages 1 – 4, 2010.
[29] Yu Guang Zeng and Xiao Yan Hong. A caching strategy in mobile ad hoc named data network. In 2011 6th International ICST Conference on Communications and Networking in China (CHINACOM), pages 805–809, 2011.
[30] Lixia Zhang, Deborah Estrin, Jeffrey Burke, Van Jacobson, James D. Thornton, and Diana K. Smetters. Named Data Networking(NDN) Project. Technical report, PARC, Tech. reprot ndn-0001, 2010.
[31] Yanchao Zhang, Wei Liu, Wenjing Lou, and Yuguang Fang. Securing mobile ad hoc networks with certificateless public keys. IEEE Transactions on Dependable and Secure Computing, 3:386–399, 2006.