論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0726113-162355 詳細資訊
Title page for etd-0726113-162355
論文名稱 Title |
在資料命名網路中之安全檔案傳輸協定 Secure File Transfer Procotol for Named Data Network |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
65 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2013-07-12 |
繳交日期 Date of Submission |
2013-08-26 |
關鍵字 Keywords |
授權、資料命名網路、安全傳輸、代理重加密 Secure Transfer Protocol, Authorization, Proxy Re-Encryption, Named Data Network |
||
統計 Statistics |
本論文已被瀏覽 5753 次,被下載 82 次 The thesis/dissertation has been browsed 5753 times, has been downloaded 82 times. |
中文摘要 |
在傳統的TCP/IP 的網路結構下, 人們在通訊的過程是以IP 位址為主, 在現今人們對於網路流量的要求與使用下, 此種網路結構下很有可能遇到兩種問題: 一.眾多的影音使用者可能在同一時段對主機要求存取服務, 導致主機無法負擔。二.雖然使用者附近的節點擁有使用者所需的檔案, 但因為使用者無法直接確認檔案內容本身, 導致使用者寧可與遠端的主機連線而不是附近的節點, 增加網路上的通訊量與負擔。直覺的方法是去增加備援伺服器使其緩衝流量, 但這不僅會增加主機的額外成本, 而且並不能解決TCP/IP 結構上的根本問題。因此以內容為主的新穎網路架構, 資料命名網路被提出。在資料命名網路的架構下所有的使用者都藉由鄰近節點存取檔案, 並且可以直接對檔案進行驗證, 而不用透過持有檔案的主機。然而資料命名網路是一個新穎的研究議題, 目前還沒有完整的標準跟安全檔案傳輸機制去支援密文傳輸及處理未知的潛在接收者的問題。直覺的方法是在寄件者傳遞檔案前使用已知特定接收者的公鑰加密, 但這在現有資料命名網路的傳輸環境下將會限制使用者的行為並且大量消耗每個節點的儲存空間。在此我們提出了一個完整的安全檔案傳輸協定, 結合資料重加密的技術去滿足安全密文傳輸, 解決了未知的潛在接收者的問題, 並且大量節省了節點的儲存空間。我們也跟其他的資料命名網路的檔案傳輸協定以及之前的重加密協定做了效率及特性的比較, 並且在安全傳輸的部分附上安全證明。 |
Abstract |
In traditional TCP/IP network architecture, computer systems communicate with each other based on IP address; Because of users’ network flow requirement and usage amount nowadays, IP address network architecture may faces various problems. For one, many users of video services may want to access simultaneously the same content, which leads to the host incurring extra costs. Secondly, although nearby nodes may have the file that the user wants to access, the user can not directly verify the file itself. This issue will lead the user to want to connect to the remote host rather than the nearby nodes and it causes the network traffic to greatly increase. A simple solution is to increase use of proxy servers to amortize the network flow. However, this not only increases the extra costs incurred by the host, but it can not solve the prime problem of TCP/IP architecture. Therefore, the name data network (NDN), which is based on data itself, was brought about to deal with previous problems. In NDN, all users can access the file from the nearby nodes, and they can straight verify the file themself rather than the specific host who holds the file. However, the NDN is a novel research issue, and it still has no complete standard and secure file transfer protocol to support the ciphertext transmission and the problem of the unknown potential receievers. The straightforward solution is that sender uses the receiver’s public key to encrypt file before he sends the file to NDN nodes. However, it will limit the behavior of users and incur significant storage costs of NDN nodes. In this thesis, we propose a complete secure file transfer protocol, which combines the data re-encryption, satisfies the secure ciphertext transmission, solves the problem of the unknown potential receievers, and saves the significant storage costs of NDN nodes. Finally, We compare the costs and properties with the other NDN transfer protocol and previous re-encryption scheme, and we also have security proof. |
目次 Table of Contents |
論文審定書 i 誌謝 iii 中文摘要 iv Abstract v 1 Introduction 1 1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2 Related Works 7 2.1 Named Data Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 NDN Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3 Balkis Hamdane et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . 11 3 Preliminaries 15 3.1 Backgrounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.1.1 Re-Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.1.2 The Proxy Re-Encryption Scheme . . . . . . . . . . . . . . . . 16 3.1.3 Property of Proxy Re-Encryption . . . . . . . . . . . . . . . . 17 3.2 Identity-Based Cryptography . . . . . . . . . . . . . . . . . . . . . . 19 3.2.1 Identity-Based Encryption . . . . . . . . . . . . . . . . . . . . 20 3.3 Bilinear Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.3.1 Hard Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4 Secure File Transfer Protocol for Named Data Network 24 4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.2 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.3 The Proposed Scheme Construction . . . . . . . . . . . . . . . . . . . 29 4.3.1 Node Joining . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.3.2 Node leaving . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.3.3 User joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.3.4 User leaving . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5 Security Analysis and Proof 31 5.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5.2 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6 Properties and Comparisons 41 6.1 Comparison with Balkis’ Protocol . . . . . . . . . . . . . . . . . . . . 41 6.2 Comparison with Other Re-Encryption Schemes . . . . . . . . . . . . 43 7 Conclusions and Future Works 47 Bibliography 50 |
參考文獻 References |
[1] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy ReEncryption Schemes with Applications to Secure Distributed Storage,” In Proceedings of the 12th Annual Network and Distributed Systems Security Symposium, NDSS’05, pages 29-43, 2005. [2] M. Blaze, G. Bleumer, and M. Strauss, “Divertible Protocols and Atomic Proxy Cryptography,” In Advances in Cryptology - EUROCRYPT 1998, pages 127-144,1998. [3] D. Boneh and M. K. Franklin, “Identity-Based Encryption from the Weil Pairing,” In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, CRYPTO’01, pages 213-229, 2001. [4] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” In Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT’01, pages 514-532, 2001. [5] B. Hamdane, A. Serhrouchni, A. Fadlallah, Fatmi, and S.G.E, “Named-Data security scheme for Named Data Networking,” In Proceedings of the 2012 3rd International Conference on the Nwtwork of the Future, pages 1-6, 2012. [6] P. S. L. M. Barreto, H. Kim, B. Lynn, and M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” In Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology-CRYPTO 2002, volume 2442, pages 354-369, 2002. [7] P. S. L. M. Barreto, B. Lynn, and M. Scott, “Efficient Implementation of Pairing-Based Cryptosystems,” Journal of Cryptology, volume 17, issue 4, pages 321-334, 2004. [8] P. S. L. M. Barreto, S. Galbraith, C. ´O’ H´eigeartaigh, and M. Scott, “Efficient Pairing Computation on Supersingular Abelian Varieties,” Designs, Codes and Cryptography, volume 42, issue 3, pages 239-271, 2007. [9] F. Brezing and A. Weng, “Elliptic Curves Suitable for Pairing Based Cryptography,” Designs, Codes and Cryptography, volume 37, issue 1, pages 133-141, 2005. [10] C. K. Chu and W. G. Tzeng, “Identity-Based Proxy Re-Encryption Without Random Oracles,” In Proceedings of the 10th International Conference on Information Security, ISC’07, volume 4779, pages 189-202, 2007. [11] R. Canetti and S. Hohenberger, “Chosen-Ciphertext Secure Proxy Re- Encryption,” In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS’07, pages 185-194, 2007. [12] Y. Ding, “Identity Based Proxy Re-encryption Based on a Variant of BB1 Identity Based Encryption,” In Proceedings of the 2010 2nd International Conference on Networks Security Wireless Communications and Trusted Computing Conference, pages 506-509, 2010. [13] B. Etefia, M. Gerla, and L. Zhang, “Supporting Military Communications with Named Data Networking: An Emulation Analysis,” In Proceedings of the 2012 Military Communications Conference, pages 1-6, 2012. [14] C.I. Fan, L.Y. Huang, and P.H. Ho, “Anonymous multireceiver identity-based encryption,” IEEE Transactions on Computers, volume 59, issue 9, pages 12391249, 2010. [15] G. Grassi, D. Pesavento, L. Wang, G. Pau, R. Vuyyuru, R. Wakikawa, and L. Zhang, “Vehicular Inter-Networking via Named Data” , In Proceedings of the ACM HotMobile 2013, 2013 [16] M. Green and G. Ateniese, “Identity-Based Proxy Re-Encryption,” In Applied Cryptography and Network Security, volume 4521, pages 288-306, 2007. [17] S. Galbraith, K. Harrison, and D. Soldera, “Implementing the Tate Pairing,” In Algorithmic Number Theory, volume 2369, pages 69-86, 2002. [18] F. Hess, “Efficient Identity Based Signature Schemes Based on Pairings,” In Selected Areas in Cryptography-SAC 2003, volume 2595, pages 310-324, 2003. [19] X. Hu, “ID-Based Proxy Re-Encryption Schemes Without Random Oracle,” In Proceedings of the 2009 International Conference on Computational Intelligence and Security, pages 428-431, 2009. [20] V. Jacobson, D.K. Smetters, J.D. Thornton, M.F. Plass, N.H. Briggs, and R.L. Braynard, “Networking named content,” In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, 2009. [21] X. Jiang, J. Bi, Y. Wang, P. Lin, and Z. Li, “A Content Provider Mobility Solution of Named Data Networking,” Network Protocols (ICNP), In Proceedings of the 2012 20th IEEE International Conference on Network Protocols, pages 1-2, 2012. [22] B. Libert and D. Vergnaud, “Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption,” IEEE Transactions on Information Theory, volume 57, issue 3, pages 1786-1802, 2011. [23] J. Shao, P. Liu, Z. Cao, and G. Wei, “Multi-Use Unidirectional Proxy ReEncryption,” In Proceedings of the 2011 IEEE International Conference on Communications, pages 1-5, 2011 [24] J. Shao, “Identity-based Conditional Proxy Re-encryption,” In Proceedings of the 2011 IEEE International Conference on Communications, pages 1-5, 2011 [25] X. A. Wang, “A New Identity Based Proxy Re-Encryption Scheme,” In Proceedings of the 2010 International Conference on Biomedical Engineering and Computer Science, pages 1-4, 2010. [26] L. Wang, A. Afanasyev, R. Kuntz, R. Vuyyuru, R. Wakikawa, and L. Zhang, “Rapid Traffic Information Dissemination Using Named Data,” In Proceedings of the 1st ACM workshop on Emerging Name-Oriented Mobile Networking , pages 7-12, 2012. [27] L. Wang, R. Wakikawa, R. Kuntz, R. Vuyyuru, and L. Zhang, “Data Naming in Vehicle-to-Vehicle Communications,” In Proceedings of the 2012 IEEE Conference on Computer Communications Workshops, pages 328-333, 2012. [28] C. Yi, A. Afanasyev, L.Wang, B. Zhang, and L. Zhang, “Adaptive forwarding in named data networking,” In ACM Computer Communication Reviews, volume 42, pages 62-67, 2012. [29] H. Yuan, T. Song, and P. Crowley, “Scalable NDN Forwarding: Concepts, Issues and Principles,” In Proceedings of the International Conference on Computer Communications and Networks, pages 1-9, 2012. [30] L. Zhang, D. Estrin, J. Burke, V. Jacobson, J.D. Thornton, D.K. Smetters, B. Zhang, G. Tsudik, D. Massey, C. Papadopoulos, et al, “Named data networking (ndn) project, Technical report, PARC, Tech. report ndn-0001, 2010. [31] Y. Zeng, X. Hong, “A caching strategy in mobile ad hoc named data network,” In Proceedings of the 2011 6th International ICST Conference on Communications and Networking in China, pages 805-809, 2011. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS