基於 OurChain 的自主身分系統設計與實作

林俊佑; Jun-You Lin

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/95646

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	薛智文	zh_TW
dc.contributor.advisor	Chih-Wen Hsueh	en
dc.contributor.author	林俊佑	zh_TW
dc.contributor.author	Jun-You Lin	en
dc.date.accessioned	2024-09-15T16:17:39Z	-
dc.date.available	2024-09-16	-
dc.date.copyright	2024-09-14	-
dc.date.issued	2024	-
dc.date.submitted	2024-08-12	-
dc.identifier.citation	[1] A. Acquisti, I. Adjerid, R. Balebako, L. Brandimarte, L. F. Cranor, S. Komanduri, P. G. Leon, N. Sadeh, F. Schaub, M. Sleeper, Y. Wang, and S. Wilson. Nudges for privacy and security: Understanding and assisting users’ choices online. ACM Comput. Surv., 50(3), aug 2017. [2] G.-J. Ahn and M. Ko. User-centric privacy management for federated iden tity management. In 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007), pages 187– 195, 2007. [3] F. Alaca and P. C. van Oorschot. Device fingerprinting for augmenting web authen tication: classification and analysis of methods. In Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC ’16, pages 289–301, New York, NY, USA, 2016. Association for Computing Machinery. [4] C. Allen. The path to self-sovereign identity, 4 2016. [5] A. A. S. AlQahtani, Z. El-Awadi, and M. Min. A survey on user authentication factors. In 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 0323–0328, 2021. [6] Apple Inc. Introducing apple’s on-device and server foundation models. Apple Machine Learning Research, 2024. Featured highlight. [7] Apple Inc. Private cloud compute. Blog post, Apple Security, 2024. Apple Security Blog. [8] M. S. Blumenthal and D. D. Clark. Rethinking the design of the internet: the end to-end arguments vs. the brave new world. ACM Trans. Internet Technol., 1(1), aug 2001. [9] J. Bonneau, C. Herley, P. C. v. Oorschot, and F. Stajano. The quest to replace pass words: A framework for comparative evaluation of web authentication schemes. In 2012 IEEE Symposium on Security and Privacy, pages 553–567, 2012. [10] K. Cameron. The laws of identity. White paper, Microsoft Corporation, 2005. [11] L. Campbell. Kant, autonomy and bioethics. Ethics, Medicine and Public Health, 3(3):381–392, 2017. [12] U. W. Chohan. Decentralized autonomous organizations (daos): Their present and future. March 2024. [13] D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden. Tussle in cyberspace: defining tomorrow’s internet. SIGCOMM Comput. Commun. Rev., 32(4), aug 2002. [14] R. Dhamija and L. Dusseault. The seven flaws of identity management: Usability and security challenges. IEEE Security and Privacy, 6(2):24–29, 2008. [15] European Parliament and Council of the European Union. General Data Protection Regulation (GDPR), 2016. [16] M. Finck. Blockchains and data protection in the european union. Eur. Data Prot. L. Rev., 4:17, 2018. [17] S. Ghorbani Lyastani, M. Schilling, M. Neumayr, M. Backes, and S. Bugiel. Is fido2 the kingslayer of user authentication? a comparative usability study of fido2 passwordless authentication. In 2020 IEEE Symposium on Security and Privacy (SP), pages 268–285, 2020. [18] M. Goodner and A. Nadalin. Web services federation language (ws-federation) ver sion 1.2. OASIS Standard, 2009. [19] Google Cloud. Best practices for planning your identity architecture. https://cloud.google.com/architecture/identity/ best-practices-for-planning#combine_cloud_identity_and_g_suite_ in_a_single_account, 2024. Accessed: 2024-07-08. [20] T. Hamme, V. Rimmer, D. Preuveneers, W. Joosen, M. A. Mustafa, A. Abidin, and E. Argones Rúa. Frictionless authentication systems: Emerging trends, research challenges and opportunities. 09 2017. [21] Hard. The oauth 2.0 authorization framework. IETF RFC 6749, 2012. [22] G. Hub. Cnil (france) - san-2019-001. https://gdprhub.eu/index.php?title= CNIL_(France)_-_SAN-2019-001, 2023. [23] International Telecommunication Union. ITU-T Recommendation X.509: Informa tion technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. Recommendation X.509, ITU-T, October 2019. Last accessed: 2024-08-03. [24] A. Jøsang, S. Marsh, and S. Pope. Exploring different types of trust propagation. In K. Stølen, W. H. Winsborough, F. Martinelli, and F. Massacci, editors, Trust Management, pages 179–192, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg. [25] A. Jøsang, M. A. Zomai, and S. Suriadi. Usability and privacy in identity manage ment architectures. In Proceedings of the Fifth Australasian Symposium on ACSW Frontiers- Volume 68, ACSW ’07, pages 143–152, AUS, 2007. Australian Computer Society, Inc. [26] I. Krstić. Personal data in the cloud is under siege. end-to-end encryption is our most powerful defense. Lawfare, 12 2023. [27] M. Kubach, C. H. Schunck, R. Sellung, and H. Roßnagel. Self-sovereign and de centralized identity as the future of identity management? In H. Roßnagel, C. H. Schunck, S. Mödersheim, and D. Hühnlein, editors, Open Identity Summit 2020, Lecture Notes in Informatics (LNI), pages 35–47, Bonn, 2020. Gesellschaft für In formatik. [28] LastPass. Psychology of passwords: The online behavior that’s putting you at risk, 2020. [29] P. Leach, M. Mealling, and R. Salz. A universally unique identifier (uuid) urn names pace. 01 2005. [30] leon123858. aid. https://github.com/leon123858/aid, 2024. [31] Y. Lin. 自主式社群網路身分的設計與實作 (the design and implementation of au tonomous identity for social network). Master’s thesis, National Taiwan University, Taipei, Taiwan, 2014. Advisor: Chih-Wen Hsueh. [32] C. Lundkvist, R. Heck, J. Torstensson, Z. Mitton, and M. Sena. uport: A platform for self-sovereign identity. https://publications.aston.ac.uk/id/eprint/ 42147/1/uPort_SSI_DrNitinNaik.pdf, 2017. [33] Microsoft. Ion - we have liftoff! Microsoft Azure Blog, 2020. [34] Microsoft. Active directory domain services overview. https://docs. microsoft.com/en-us/windows-server/identity/ad-ds/get-started/ virtual-dc/active-directory-domain-services-overview, 2021. [35] Microsoft. Ai chat protocol. https://github.com/microsoft/ ai-chat-protocol/tree/main/spec, 2024. Accessed: 2024-07-17. [36] National Institute of Standards and Technology. Digital identity guidelines. Special Publication 800-63-3, National Institute of Standards and Technology, Gaithersburg, MD, June 2017. [37] P. Nikander, A. Gurtov, and T. R. Henderson. Host identity protocol (hip): Connec tivity, mobility, multi-homing, security, and privacy over ipv4 and ipv6 networks. IEEE Communications Surveys & Tutorials, 12(2):186–204, 2010. [38] NTU CSIE Lab408. Ourchain. https://github.com/OurLab408/OurChain, 2024. Accessed: 2024-07-17. [39] OASIS. Security assertion markup language (saml) v2.0 technical overview. Tech nical report, OASIS Committee Draft, 2005. [40] A. Preukschat and D. Reed. Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials. Manning Publications, May 2021. [41] M. Saemann, D. Theis, T. Urban, and M. Degeling. Investigating gdpr fines in the light of data flows. Proceedings on Privacy Enhancing Technologies, 2022. [42] N. Sakimura. Openid connect core 1.0. OpenID Foundation. [43] F. Schardong and R. Custódio. Self-sovereign identity: A systematic review, map ping and taxonomy. Sensors, 22(15), 2022. [44] J. Sermersheim. Lightweight directory access protocol (ldap): The protocol. IETF RFC 4511, 2006. [45] S. . Simmons. Amazon faces record gdpr fine. https://www. simmons-simmons.com/en/publications/ckrus16301do70a28ptvwqy5t/ amazon-faces-record-gdpr-fine, 2021. [46] Y. Smirnova and V. Travieso-Morales. Understanding challenges of gdpr implemen tation in business enterprises: a systematic literature review. International Journal of Law and Management, 66:326–344, 01 2024. [47] R. Soltani, U. T. Nguyen, and A. An. A survey of self-sovereign identity ecosystem. Security and Communication Networks, 2021(1):8873429, 2021. [48] S.-T. Sun and K. Beznosov. The devil is in the (implementation) details: an empirical analysis of oauth sso systems. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pages 378–390, New York, NY, USA, 2012. Association for Computing Machinery. [49] S. Wiefling, M. Dürmuth, and L. Lo Iacono. What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics. In25th International Conference on Financial Cryptography and Data Security, FC ’21, pages 361–381. Springer, Mar. 2021. [50] T. Wu. Network neutrality, broadband discrimination. Journal of Telecommunications and High Technology Law, 2:141, 2003. [51] T.-N. Wu. The design and implementation of general autonomous certification on blockchain. Master’s thesis, National Taiwan University, Taiwan, 2021. Department of Computer Science and Information Engineering. [52] Y. Zhang, F. Monrose, and M. K. Reiter. The security of modern password expiration: an algorithmic framework and empirical analysis. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS ’10, pages 176–186, New York, NY, USA, 2010. Association for Computing Machinery	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/95646	-
dc.description.abstract	現代數位身分系統面臨嚴峻挑戰：身分驗證漏洞威脅使用者安全，中央化數據儲存易遭攻擊導致大規模個資外洩，大型組織壟斷關鍵服務造成權力失衡。這些問題不僅危及個人權益，更阻礙了數位社會的發展。本研究將完善「自主身分」的系統設計，旨在徹底重塑數位身分管理。本研究從身分認證、資料管理和信用評分三個領域著手，設計了一套去中心化解決方案，成功將數位身分的控制權從大型機構手中歸還給個人使用者，顯著提升了使用者自主權。本研究還基於區塊鏈OurChain進行了概念驗證，成功證實了AID系統的可行性。本研究認為「自主身分」系統有潛力徹底改變人們與數位世界的互動方式，為建立一個更安全、公平和自由的數位社會鋪平道路。	zh_TW
dc.description.abstract	The modern identity systems face significant challenges: authentication vulnerabilities threaten user security, centralized data storage is susceptible to large-scale breaches, and key services monopolized by large organizations create power imbalances. These issues not only jeopardize individual rights but also impede the development of a digital society. This research aims to enhance the system design of "Autonomous Identity" to fundamentally reshape digital identity management. It focuses on three areas: identity authentication, data management, and credit scoring. We propose a decentralized solution that transfers control of digital identity from large institutions to individual users, significantly enhancing user autonomy. A proof of concept based on OurChain successfully demonstrates the feasibility of the Autonomous Identity system. This study posits that the Autonomous Identity system has the potential to transform digital interactions, paving the way for a safer, fairer, and freer digital society.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-09-15T16:17:39Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-09-15T16:17:39Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員審定書 i 致謝 iii 摘要 v Abstract vii 目次 ix 圖次 xv 表次 xvii 第一章緒論 1 1.1 研究動機 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 主要貢獻 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 論文架構 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 第二章文獻探討 5 2.1 身分系統的起源 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 身分系統的迭代 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1 中心化身分 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.2 聯合身分 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.3 使用者中心的身分 . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2.4 自治身分 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2.5 未來展望 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 AID 系統的發展 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.1 最初的自主身分 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.3.2 自主憑證機制 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4 身分系統的挑戰 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.1 使用者體驗 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.2 使用者認知 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.4.3 隱私保護 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.4.4 平等信任 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.4.5 法律合規性 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.4.6 公認原則 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.5 本章總結 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 第三章系統設計 23 3.1 系統的新設計 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.1.1 自主認證 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.1.1.1 最簡自主認證 . . . . . . . . . . . . . . . . . . . . . . 24 3.1.1.2 MFA 的加入 . . . . . . . . . . . . . . . . . . . . . . . 26 3.1.1.3 AID Server 的加入 . . . . . . . . . . . . . . . . . . . 28 3.1.1.4 自主憑證的使用 . . . . . . . . . . . . . . . . . . . . 29 3.1.1.5 自主認證流程 . . . . . . . . . . . . . . . . . . . . . . 31 3.1.2 數據自主 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3.1.2.1 數據被遺忘權 . . . . . . . . . . . . . . . . . . . . . . 33 3.1.2.2 數據明確授權 . . . . . . . . . . . . . . . . . . . . . . 36 3.1.2.3 數據可驗證性 . . . . . . . . . . . . . . . . . . . . . . 38 3.1.2.4 無特權的執行 . . . . . . . . . . . . . . . . . . . . . . 41 3.1.3 信用評分 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.1.3.1 信用評分機制 . . . . . . . . . . . . . . . . . . . . . . 43 3.1.3.2 生態系的營運 . . . . . . . . . . . . . . . . . . . . . . 43 3.2 系統架構設計 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.2.1 系統結構概覽 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.2.2 層次與角色對應 . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.2.2.1 共識層與共識核心 . . . . . . . . . . . . . . . . . . . 45 3.2.2.2 服務層與服務提供者 . . . . . . . . . . . . . . . . . . 46 3.2.2.3 數據層與終端使用者 . . . . . . . . . . . . . . . . . . 46 3.2.3 共識層 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.2.4 服務層 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2.4.1 身分管理 . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2.4.2 憑證管理 . . . . . . . . . . . . . . . . . . . . . . . . 49 3.2.4.3 數據管理 . . . . . . . . . . . . . . . . . . . . . . . . 49 3.2.5 數據層 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.2.5.1 身分管理 . . . . . . . . . . . . . . . . . . . . . . . . 50 3.2.5.2 數據管理 . . . . . . . . . . . . . . . . . . . . . . . . 51 3.2.5.3 憑證管理 . . . . . . . . . . . . . . . . . . . . . . . . 51 3.2.5.4 數據存儲 . . . . . . . . . . . . . . . . . . . . . . . . 52 3.3 系統設計細節 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.3.1 區塊鏈憑證機制 . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.3.1.1 自主憑證 . . . . . . . . . . . . . . . . . . . . . . . . 53 3.3.1.2 數據憑證 . . . . . . . . . . . . . . . . . . . . . . . . 55 3.3.2 無摩擦機制 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.3.2.1 身分識別問題 . . . . . . . . . . . . . . . . . . . . . . 56 3.3.2.2 基於使用者時空的分析方法 . . . . . . . . . . . . . . 57 3.3.2.3 基於危險程度的驗證機制 . . . . . . . . . . . . . . . 58 3.3.2.4 混合數據管理 . . . . . . . . . . . . . . . . . . . . . . 59 3.3.3 密碼救援問題 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 3.3.3.1 極限多因素驗證 . . . . . . . . . . . . . . . . . . . . 60 3.3.4 組織使用者控管 . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3.4 資料結構 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.4.1 共識核心 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.4.2 AID Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.4.3 Wallet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 3.5 本章總結 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 第四章系統實作 65 4.1 系統架構 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 4.2 實現細節 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 4.3 流程分析 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 4.3.1 產生新的 AID 與自主憑證 . . . . . . . . . . . . . . . . . . . . . 68 4.3.2 進入支付服務獲取收據 . . . . . . . . . . . . . . . . . . . . . . . 69 4.3.3 使用 AI 服務對話 . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4.4 本章總結 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 第五章結論 73 參考文獻 75 附錄 A — 實際操作介面 83 A.1 AID 錢包 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 A.2 AI 聊天軟體 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 附錄 B — 系統 UML 圖 91 B.1 物件圖 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 B.2 時序圖 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 B.3 流程圖 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98	-
dc.language.iso	zh_TW	-
dc.subject	驗證	zh_TW
dc.subject	區塊鏈	zh_TW
dc.subject	自主身分	zh_TW
dc.subject	憑證	zh_TW
dc.subject	隱私	zh_TW
dc.subject	Privacy	en
dc.subject	Blockchain	en
dc.subject	Authentication	en
dc.subject	Autonomous Identity	en
dc.subject	Certification	en
dc.title	基於 OurChain 的自主身分系統設計與實作	zh_TW
dc.title	Design and Implementation of Autonomous Identity System Based on OurChain	en
dc.type	Thesis	-
dc.date.schoolyear	112-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	蔡孟峰;徐讚昇	zh_TW
dc.contributor.oralexamcommittee	Meng-Feng Tsai;Tsan-sheng Hsu	en
dc.subject.keyword	自主身分,驗證,憑證,隱私,區塊鏈,	zh_TW
dc.subject.keyword	Autonomous Identity,Authentication,Certification,Privacy,Blockchain,	en
dc.relation.page	100	-
dc.identifier.doi	10.6342/NTU202403979	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2024-08-14	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-112-2.pdf	3.72 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。