論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
論文名稱 Title |
支援主動式撤銷功能之匿名憑據機制 Anonymous Credential Scheme Supporting Active Revocation |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
69 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2013-07-12 |
繳交日期 Date of Submission |
2013-08-26 |
關鍵字 Keywords |
數位憑據、匿名性、隱私性、密碼學、撤銷 Revocation, Cryptography, Privacy, Anonymity, Digital Credential |
||
統計 Statistics |
本論文已被瀏覽 5676 次,被下載 55 次 The thesis/dissertation has been browsed 5676 times, has been downloaded 55 times. |
中文摘要 |
隨著電子商務的蓬勃發展,數位憑據的使用也日漸頻繁,現今使用者對數位憑 據的需求除了只是完成身份認證並取得服務等基本需求之外,隨著使用者對隱私 保護的概念之提升,匿名認證的需求也逐漸被重視;雖然匿名憑據可以提供使用者 完整的隱私保護,但對於服務提供商或是憑據發行者而言卻會造成管理上的問題, 因此匿名憑據的撤銷機制變成了一項十分重要的議題。近年來有多篇研究提出的 撤銷機制運算量過於龐大,使用者必須進行龐大的運算後才證明數位憑據之合法 性。這樣的做法必須付出龐大的運算成本,而且僅能提供被動式的撤銷管理。 本篇論文提出了更實用的撤銷機制,將撤銷的權限分散給憑據發行者以及服務 提供商,撤銷行為必須由雙方同意才可執行,因此使用者不用擔心憑據發行者或是 服務提供商會單獨取得使用者的隱私資訊;而且憑據發行者以及服務提供商也可 以對非法使用者進行適當的管理。使得線上服務系統可以在更為安全的情況下被 使用。除此之外,本篇論文還針對所提出的可撤銷式匿名憑據加上了日期撤銷的機 制,可限制匿名憑據的時效性,使得憑據發行者 (Issuer) 可以做到更多元的管理。 |
Abstract |
With the rapid development of electronic commerce, digital credentials are used with increasing frequency. Today users employing digital credentials not only com- plete the identity authentication process and obtain service, but also attach impor- tance to their anonymity with the concept of privacy protection that is being rapidly developed. For this reason, anonymous credential mechanisms are being increasingly studied. However, while anonymous credentials provide privacy protection for users, the question of how to manage the credentials is a problem for issuers and service providers. In recent years, many thesiss have proposed that the revocation list is a challenge to effectively implement, while users and credential consumers receive the corresponding revocation list with massive computational costs. In this thesis, we examine how users not only provide passive revocation management but must spend considerable time in computational terms. In our thesis, we propose an improved anonymous credential revocation mech- anism. We distribute the permissioning of revocation to the issuer and the service provider. The revocation phase can be executed only if both issuer and service provider permit, so users are not afraid that the issuer or service provider will ac- cess their private information. In addition, the issuer and the service provider can also manage illegal users. Consequently, online service systems can be more widely used. Further, we add a mechanism of time-revocation, which sets a time limit on the revocability of the anonymous credentials. This capability enables the issuer to more effectively manage the revocation phase. |
目次 Table of Contents |
論文審定書i 誌謝iii 中文摘要iv 英文摘要v 1 Introduction 1 1.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2 Related Works 8 2.1 Review of Brickell-Li Scheme . . . . . . . . . . . . . . . . . . . . . . . 9 3 Preliminaries 18 3.1 Chaum’s Blind Signature Scheme . . . . . . . . . . . . . . . . . . . . 18 3.2 Proof of Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3 ElGamal Signature Scheme . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4 Anonymous Credential . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.5 The Game for One-More Forgery . . . . . . . . . . . . . . . . . . . . 24 4 The Proposed Anonymous Credential Scheme 26 4.1 Our Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.1.1 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4.1.2 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1.3 Joining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.1.4 Membership Proof . . . . . . . . . . . . . . . . . . . . . . . . 29 4.1.5 Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5 Security Analysis and Proof 34 5.1 Unforgeability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5.2 Unlinkability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.2.1 Linkability Game I . . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.2 Linkability Game II . . . . . . . . . . . . . . . . . . . . . . . . 42 5.2.3 Linkability Game III . . . . . . . . . . . . . . . . . . . . . . . 45 5.2.4 Linkability Game IV . . . . . . . . . . . . . . . . . . . . . . . 47 6 Comparisons 51 7 Conclusions 54 Bibliography 56 |
參考文獻 References |
[1] N. Akagi, Y. Manabe, and T. Okamoto, “An Efficient Anonymous Credential System,” Financial Cryptography and Data Security, pp. 272-286, 2008 [2] M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, “The One-More- RSA Inversion problems and the security of chaums blind signature scheme,” Journal of Cryptology, pp.185-215, 2003 [3] Ernie Brickell and Li Jiangtao, “Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation,” Second International Conference on IEEE, 2010 [4] Ernie Brickell and Li Jiangtao, “Enhanced Privacy ID A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities,” IEEE Transactions on Dependable and Secure Computing, vol.9, pp.345-360, 2012 [5] J. Camenisch and M. Michels, “Proving in Zero-Knowledge That a Number n Is the Product of Two Safe Primes,” Advances in Cryptology-CRYPTO'99, vol. 1592, pp. 107-122, 1999. [6] J. Camenisch and A. Lysyanskaya, “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials,” CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryp- tology, 2002. [7] J. Camenisch, M. Kohlweiss, and Claudio Soriente. “Solving revocation with efficient update of anonymous credentials,” SCN'10 Proceedings of the 7th in- ternational conference on Security and cryptography for networks, pp. 454-471, 2010 [8] T. Cao and D. Lin and R. Xue, “A randomized RSA-based partially blind signature scheme for electronic cash,” Computers and Security, vol. 24, no. 1, pp. 44-49, 2005. [9] D. Chaum, “Blind Signatures for Untraceable Payments,” Advances in Cryptology-CRYPTO'82, pp. 199-203, 1983. [10] D. Chaum, “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Communications of the ACM, vol. 28, no. 10, pp. 1030-1044, 1985. [11] D. Chaum and J. Evertse, “A Secure and Privacy-Protecting Protocol for Transmitting Personal Information between Organizations,” Proceedings on Advances in cryptology-CRYPTO'86, pp. 118-167, 1987. [12] D. Chaum and A. Fiat, and M. Naor, “Untraceable electronic cash,” Advances in Cryptology-CRYPTO'88, LNCS 403, Springer-Verlag, pp. 319-327, 1990. [13] H. Chen and P. P. Y. Lam and H. C. B. Chan, “Business-to-Consumer Mobile Agent-Based Internet Commerce System,” IEEE Transactions on Systems, Man, and Cybernetics-Part C: Applications and Reviews, vol. 37, no. 6, pp. 1174-1189, 2007. [14] I. Damg˚ard, “Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals,” Proceedings on Advances in Cryptology, pp. 328-335, 1990. [15] I. Damg˚ard and E. Fujisaki, “An Integer Commitment Scheme Based on Groups with Hidden Order”, http://eprint.iacr.org/2001, 2001. [16] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, vol. 31, pp. 469-472, 1985. [17] C. I. Fan and R. S. Huang,“Blind Signature Scheme with Anonymous Verification,” National Sun Yat-sen University Master Thesis, 2010. [18] E. Fujisaki and T. Okamoto, “A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications,” Advances in Cryptology- EUROCRYPT'98, vol. 1403, pp. 32-46, 1998. [19] S. Goldwasser and S. Micali and C. Rackoff, “The Knowledge Complexity of Interactive Proof-Systems,” SIAM Journal on Computing, vol. 18, no. 1, pp. 186-208, 1989. [20] A. Juels and M. Luby, andAdvances in Cryptology-CRYPTO'97, pp. 150-164, 1997. [21] A. Lysyanskaya and R. L. Rivest and A. Sahai and S. Wolf,“Pseudonym Systems,” Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, pp. 184-199, 1999. [22] D. Pointcheval and J. Stern, “Security Arguments for Digital Signatures and Blind Signatures,” Journal of Cryptology, vol. 13, pp. 361-396, 2000. [23] R. L. Rivest and A. Shamir and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, vol. 21, pp. 120-126, 1978. [24] C. P. Schnorr, “Efficient Identification and Signatures for Smart Cards,” Ad- vances in Cryptology-EUROCRYPT'89, pp. 239-252, 1990. [25] C. Wachsmann and L. Chen and K. Dietrich and H. Lohr and A. R. Sadeghi and J. Winter. “Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices.” ISC'10 Proceedings of the 13th international conference on Information security, pp. 84-98, 2011 R. Ostrovsky,“Security of Blind Digital Signature,” |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:自定論文開放時間 user define 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus: 已公開 available |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |