支援發送者匿名性和選擇性訊息存取的連續群組密鑰協議協定

林義閔; I-Min Lin

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93433

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君	zh_TW
dc.contributor.advisor	Hsu-Chun Hsiao	en
dc.contributor.author	林義閔	zh_TW
dc.contributor.author	I-Min Lin	en
dc.date.accessioned	2024-07-31T16:18:13Z	-
dc.date.available	2024-08-01	-
dc.date.copyright	2024-07-31	-
dc.date.issued	2024	-
dc.date.submitted	2024-07-26	-
dc.identifier.citation	[1] J. Alwen, B. Auerbach, M. C. Noval, K. Klein, G. Pascual-Perez, K. Pietrzak, and M. Walter. Cocoa: concurrent continuous group key agreement. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 815–844. Springer, 2022. [2] J. Alwen, S. Coretti, and Y. Dodis. The double ratchet: security notions, proofs, and modularization for the signal protocol. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 129–158. Springer, 2019. [3] J. Alwen, S. Coretti, Y. Dodis, and Y. Tselekounis. Security analysis and im- provements for the ietf mls standard for group messaging. In Annual International Cryptology Conference, pages 248–277. Springer, 2020. [4] J. Alwen, S. Coretti, Y. Dodis, and Y. Tselekounis. Modular design of secure group messaging protocols and the security of mls. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 1463– 1483, 2021. [5] J. Alwen, S. Coretti, D. Jost, and M. Mularczyk. Continuous group key agreement with active security. In Theory of Cryptography, pages 261–290. Springer, 2020. [6] J. Alwen, M. Mularczyk, and Y. Tselekounis. Fork-resilient continuous group key agreement. In Annual International Cryptology Conference, pages 396–429. Springer, 2023. [7] D. Balbás, D. Collins, and P. Gajland. Analysis and improvements of the sender keys protocol for group messaging. In XVII Reunión española sobre criptología y seguridad de la información. RECSI 2022, volume 265, page 25. Ed. Universidad de Cantabria, 2022. [8] D. Balbás, D. Collins, and S. Vaudenay. Cryptographic administration for secure group messaging. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1253–1270, 2023. [9] R. Barnes, B. Beurdouche, R. Robert, J. Millican, E. Omara, and K. Cohn-Gordon. The Messaging Layer Security (MLS) Protocol. RFC 9420, July 2023. [10] K. Bhargavan, R. Barnes, and E. Rescorla. TreeKEM: Asynchronous Decentralized Key Management for Large Dynamic Groups A protocol proposal for Messaging Layer Security (MLS). Research report, Inria Paris, May 2018. [11] A. Bienstock, J. Fairoze, S. Garg, P. Mukherjee, and S. Raghuraman. A more complete analysis of the signal double ratchet algorithm. In Annual International Cryptology Conference, pages 784–813. Springer, 2022. [12] D. Biswas. Privacy preserving chatbot conversations. In IEEE International Conference on Artificial Intelligence and Knowledge Engineering (AIKE), 2020. [13] D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In Advances in Cryptology - EUROCRYPT 2004, pages 506– 522. Springer, 2004. [14] N. Borisov, I. Goldberg, and E. Brewer. Off-the-record communication, or, why not to use pgp. In Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 77–84, 2004. [15] M. Chase, T. Perrin, and G. Zaverucha. The signal private group system and anony- mous credentials supporting efficient verifiable encryption. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 1445–1459, 2020. [16] D. Chaum and E. Van Heyst. Group signatures. In Advances in Cryptology—EUROCRYPT'91: Workshop on the Theory and Application of Cryptographic Techniques Brighton, UK, April 8–11, 1991 Proceedings 10, pages 257–265. Springer, 1991. [17] K. Chen and J. Chen. Anonymous end to end encryption group messaging protocol based on asynchronous ratchet tree. In Information and Communications Security, pages 588–605. Springer, 2020. [18] K. Chen, J. Chen, and J. Zhang. Anonymous asynchronous ratchet tree protocol for group messaging. Sensors, 21(4):1058, 2021. [19] Y. Chen, Y. Gao, N. Ceccio, R. Chatterjee, K. Fawaz, and E. Fernandes. Experimen- tal security analysis of the app model in business collaboration platforms. In 31st USENIX Security Symposium (USENIX Security 22), pages 2011–2028, 2022. [20] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila. A formal security analysis of the signal messaging protocol. Journal of Cryptology, 33:1914– 1983, 2020. [21] K.Cohn-Gordon,C.Cremers,andL.Garratt.Onpost-compromisesecurity.In2016 IEEE 29th Computer Security Foundations Symposium (CSF), 2016. [22] K. Cohn-Gordon, C. Cremers, L. Garratt, J. Millican, and K. Milner. On ends- to-ends encryption: Asynchronous group messaging with strong security guaran- tees. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1802–1819, 2018. [23] R. Dingledine, N. Mathewson, P. F. Syverson, et al. Tor: The second-generation onion router. In USENIX security symposium, volume 4, pages 303–320, 2004. [24] J. Edu, C. Mulligan, F. Pierazzi, J. Polakis, G. Suarez-Tangil, and J. Such. Exploring the security and privacy risks of chatbots in messaging services. In Proceedings of the 22nd ACM internet measurement conference, 2022. [25] K.Emura,K.Kajita,R.Nojima,K.Ogawa,andG.Ohtake.Membershipprivacyfor asynchronous group messaging. In International Conference on Information Security Applications, pages 131–142. Springer, 2022. [26] K.Emura,A.Kanaoka,S.Ohta,K.Omote,andT.Takahashi.Secureandanonymous communication technique: Formal model and its prototype implementation. IEEE Transactions on Emerging Topics in Computing, 4(1):88–101, 2015. [27] K. Emura, A. Kanaoka, S. Ohta, and T. Takahashi. Building secure and anony- mous communication channel: Formal model and its prototype implementation. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, pages 1641–1648, 2014. [28] C.G.Günther.Anidentity-basedkey-exchangeprotocol.InAdvancesinCryptology — EUROCRYPT ’89, pages 29–37. Springer Berlin Heidelberg, 1990. [29] K. Hashimoto, S. Katsumata, and T. Prest. How to hide metadata in mls-like se- cure group messaging: simple, modular, and post-quantum. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1399–1412, 2022. [30] Keybase. Chat - crypto \| keybase docs. https://book.keybase.io/docs/chat/ ephemeral. Accessed on 2024-06-10. [31] Keybase.Chat-restrictedbots\|keybasedocs.https://keybase.io/docs/chat/ restricted_bots. Accessed on 2024-07-10. [32] Keybase. Introducing keybase bots. https://keybase.io/blog/bots. Accessed on 2024-06-10. [33] Y. Kim, A. Perrig, and G. Tsudik. Tree-based group key agreement. ACM Transactions on Information and System Security (TISSEC), 7(1):60–96, 2004. [34] M. Marlinspike and T. Perrin. The x3dh key agreement protocol. https://www. signal.org/docs/specifications/x3dh/, 2016. [35] T. Perrin and M. Marlinspike. The double ratchet algorithm. https://signal. org/docs/specifications/doubleratchet/, Nov 2016. Accessed on 2024-02- 07. [36] P. Rösler, C. Mainka, and J. Schwenk. More is less: on the end-to-end security of group chats in signal, whatsapp, and threema. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pages 415–429. IEEE, 2018. [37] Slack. Permission scopes. https://api.slack.com/scopes. Accessed on 2024- 01-29. [38] R. Staab, M. Vero, M. Balunović, and M. Vechev. Beyond memorization: Violating privacy via inference with large language models. arXiv preprint arXiv:2310.07298, 2023. [39] Telegram Messenger Inc. Telegram privacy policy. https://telegram.org/ privacy, Apr 2023. Accessed on 2024-02-07. [40] N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith. Sok: Secure messaging. In 2015 IEEE Symposium on Security and Privacy, pages 232–249, 2015. [41] M. Weidner, M. Kleppmann, D. Hugenroth, and A. R. Beresford. Key agree- ment for decentralized secure group messaging with strong security guaran- tees. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 2024–2045, 2021. [42] WhatsApp. Whatsapp encryption overview. https://www.whatsapp.com/ security/WhatsApp-Security-Whitepaper.pdf, Jan 2023. Accessed on 2024- 02-07.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/93433	-
dc.description.abstract	群組通訊應用程式重度依賴群組密鑰協定協議以確保安全性，但這些協議的隱私方面尚未被充分探討。當不受信任的第三方應用程式，例如聊天機器人，被整合進群組通訊時，這種疏忽可能會嚴重危及使用者隱私。本文旨在通過設計一種支持發送者匿名和選擇性訊息存取的群組密鑰協定協議，來提高群組通訊應用程式的隱私保證。我們首先在威脅模型中考慮不受信任的第三方應用程式，然後基於 IETF MLS 群組通訊標準，我們提出了一個捕捉這兩個隱私特性的安全模型。此外，我們基於 MLS 標準使用的 TreeKEM 密鑰協定協議提出了一個可行的實現方法。我們的方法造成的額外計算負擔不會隨著使用者數量增加，對聊天機器人數量則是線性成長，而模組化的設計使其便於整合進 MLS 標準。	zh_TW
dc.description.abstract	Group messaging applications rely heavily on group key agreement protocols to ensure security, but the privacy aspects of these protocols have been underexplored. This oversight becomes particularly critical when untrusted third-party applications, the chatbots, are integrated into group chats, potentially compromising privacy. This paper aims to improve the privacy guarantee of group messaging applications by designing a group key agreement protocol that supports sender anonymity and message access control. We first consider untrusted third party applications in our threat model, then, based on the security model of the IETF MLS standard for group messaging, we propose a security model that captures the two privacy features. Furthermore, we propose a construction based on TreeKEM, the key agreement protocol used by MLS. Our construction imposes an overhead that is constant with respect to the number of users and linear with the number of chatbots, and the modular design makes it easy to integrate into the MLS standard.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-07-31T16:18:13Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-07-31T16:18:13Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員會審定書 i 致謝 iii 摘要 v Abstract vii Contents ix List of Figures xiii List of Tables xv Chapter 1 Introduction 1 Chapter 2 Background 7 2.1 Secure Messaging 7 2.2 Continuous Group Key Agreement 9 Chapter 3 Problem Definition 11 3.1 Threat Model and Assumptions 11 3.2 Security Goals 12 Chapter 4 Notations 15 Chapter 5 Continuous Group Key Agreement Protocol for Selective Message Access and Sender Anonymity 17 5.1 Formal Definition of Continuous Group Key Agreement 17 5.2 Our CGKA 19 5.3 Security of Our CGKA 21 Chapter 6 Compressed Multi-Roots Tree (CMRT) 23 6.1 Building Blocks 24 6.2 Protocol Overview 25 6.3 Protocol 27 Chapter 7 Results 31 7.1 Security Analysis 31 7.1.1 Forward Secrecy 32 7.1.2 Post-Compromise Secrecy 32 7.1.3 Sender Anonymity 33 7.1.4 Selective Message Access 34 7.2 Security Comparison 34 7.3 Efficiency Analysis 35 Chapter 8 Related Work 37 8.1 Chatbot Security 37 8.2 Metadata-hiding Secure Messaging 38 Chapter 9 Conclusions and Future Directions 41 References 43 Appendix A - Cryptographic Primitives 49 A.1 Pseudorandom Generators 49 A.2 Public Key Encryption 49 Appendix B - Formal Security Definition for Our CGKA 51 B.1 Security Game for External Adversaries 52 B.1.1 Key Indistinguishability Game 52 B.2 Security Game for Chatbot Adversaries 54 B.2.1 Sender Anonymity Game 54 B.2.2 Selective Message Access Game 55	-
dc.language.iso	en	-
dc.subject	連續群組密鑰協議	zh_TW
dc.subject	安全群組訊息傳輸	zh_TW
dc.subject	基於樹結構的群組密鑰管理協議	zh_TW
dc.subject	群取控制	zh_TW
dc.subject	發送者匿名性	zh_TW
dc.subject	sender anonymity	en
dc.subject	access control	en
dc.subject	tree-based group key agreement	en
dc.subject	continuous group key agreement	en
dc.subject	secure group messaging	en
dc.title	支援發送者匿名性和選擇性訊息存取的連續群組密鑰協議協定	zh_TW
dc.title	A Continuous Group Key Agreement Protocol Supporting Sender Anonymity and Selective Message Access	en
dc.type	Thesis	-
dc.date.schoolyear	112-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黎士瑋;游家牧	zh_TW
dc.contributor.oralexamcommittee	Shih-Wei Li;Chia-Mu Yu	en
dc.subject.keyword	安全群組訊息傳輸,連續群組密鑰協議,發送者匿名性,群取控制,基於樹結構的群組密鑰管理協議,	zh_TW
dc.subject.keyword	secure group messaging,continuous group key agreement,sender anonymity,access control,tree-based group key agreement,	en
dc.relation.page	56	-
dc.identifier.doi	10.6342/NTU202401660	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2024-07-29	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-112-2.pdf	1.33 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。