利用代理轉密法之高效率安全群播架構

Yun-Peng Chiu; 邱允鵬

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/23142

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆(Chin-Laung Lei)
dc.contributor.author	Yun-Peng Chiu	en
dc.contributor.author	邱允鵬	zh_TW
dc.date.accessioned	2021-06-08T04:44:02Z	-
dc.date.copyright	2011-08-22
dc.date.issued	2011
dc.date.submitted	2011-08-16
dc.identifier.citation	[1] Andrew Adams, Jonathan Nicholas, and William Siadak. Protocol independent multicast — dense mode (PIM-DM): Protocol specification (revised). RFC 3973, January 2005. [2] Jari Arkko, Elisabetta Carrara, Fredrik Lindholm, Mats Naslund, and Karl Norrman. MIKEY: Multimedia internet keying. RFC 3830, August 2004. [3] Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC), 9(1):1–30, February 2006. [4] Tony Ballardie. Core based trees (CBT) multicast routing architecture. RFC 2201, September 1997. [5] Tony Ballardie. Core based trees (CBT version 2) multicast routing — protocol specification. RFC 2189, September 1997. [6] Tony Ballardie, Paul Francis, and Jon Crowcroft. Core based trees (CBT) — an architecture for scalable inter-domain multicast routing. ACM SIGCOMM Computer Communication Review (CCR), 23(4):85–95, October 1993. [7] Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid. Recommendation for key management - Part 1: General (revised). NIST Special Publication 800-57, March 2007. [8] Mark Baugher, Ran Canetti, Lakshminath R. Dondeti, and Fredrik Lindholm. Multicast security (MSEC) group key management architecture. RFC 4046, April 2005. [9] Mark Baugher, Brian Weis, Thomas Hardjono, and Hugh Harney. The group domain of interpretation. RFC 3547, July 2003. [10] Supratik Bhattacharyya. An overview of source-specific multicast (SSM). RFC 3569, July 2003. [11] Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In Proceedings of Advances in Cryptology - EUROCRYPT ’98: International Conference on the Theory and Application of Cryptographic Techniques, volume 1403 of LNCS, pages 127–144, May/June 1998. [12] Scott Bradner. Key words for use in RFCs to indicate requirement levels. RFC 2119, March 1997. [13] Brad Cain, Steve Deering, Isidor Kouvelas, Bill Fenner, and Ajit Thyagarajan. Internet group management protocol, version 3. RFC 3376, October 2002. [14] Kin-Ching Chan and S.-H. Gary Chan. Key management approaches to offer data confidentiality for secure multicast. IEEE Network Magazine, 17(5):30–39, September/October 2003. [15] Yun-Peng Chiu, Chin-Laung Lei, and Chun-Ying Huang. Secure multicast using proxy encryption. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS 2005), volume 3783 of LNCS, pages 280–290, December 2005. [16] Debra L. Cook and Angelos D. Keromytis. Conversion and proxy functions for symmetric key ciphers. In Proceedings of the IEEE International Conference on Information Technology: Coding and Computing (ITCC), Information and Security (IAS) Track, pages 662–667, April 2005. [17] Debra L. Cook and Angelos D. Keromytis. Conversion and proxy functions for symmetric key ciphers. Journal of Information Assurance and Security (JIAS), 1(2):119–128, June 2006. [18] Stephen E. Deering and David R. Cheriton. Multicast routing in datagram internetworks and extended LANs. ACM Transactions on Computer Systems (TOCS), 8(2):85–110, May 1990. [19] Stephen Edward Deering. Multicast routing in a datagram internetwork. PhD thesis, Stanford University, 1992. [20] Steve Deering. Host extensions for IP multicasting. RFC 1112, August 1989. [21] Whitfield Diffie and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644–654, 1976. [22] Lakshminath R. Dondeti, Sarit Mukherjee, and Ashok Samal. A dual encryption protocol for scalable secure multicasting. In Proceedings of the Fourth IEEE Symposium on Computers and Communications (ISCC ’99), pages 2–8, July 1999. [23] Lakshminath R. Dondeti, Sarit Mukherjee, and Ashok Samal. Scalable secure one-to-many group communication using dual encryption. Computer Communications (COMCOM), 23(17):1681–1701, November 2000. [24] Taher Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, July 1985. [25] Ahmet M. Eskicioglu. Multimedia security in group communications: Recent progress in wired and wireless networks. In Proceedings of the IASTED International Conference on Communications and Computer Networks (CCN 2002), pages 125–133, November 2002. [26] Bill Fenner, Mark Handley, Hugh Holbrook, and Isidor Kouvelas. Protocol independent multicast — sparse mode (PIM-SM): Protocol specification (revised). RFC 4601, August 2006. [27] William C. Fenner. Internet group management protocol, version 2. RFC 2236, November 1997. [28] Matthew Green and Giuseppe Ateniese. Identity-based proxy re-encryption. In Proceedings of the 5th International Conference on Applied Cryptography and Network Security, (ACNS 2007), volume 4521 of LNCS, pages 288–306, June 2007. [29] Mark Handley, Isidor Kouvelas, Tony Speakman, and Lorenzo Vicisano. Bidirectional protocol independent multicast (BIDIR-PIM). RFC 5015, October 2007. [30] Thomas Hardjono and Gene Tsudik. IP multicast security: Issues and directions. Annales de Telecom, pages 324–340, July–August 2000. [31] Thomas Hardjono and Brian Weis. The multicast group security architecture. RFC 3740, March 2004. [32] Hugh Harney, Uri Meth, Andrea Colegrove, and George Gross. GSAKMP: Group secure association key management protocol. RFC 4535, June 2006. [33] Hugh Holbrook, Brad Cain, and Brian Haberman. Using Internet group management protocol version 3 (IGMPv3) and multicast listener discovery protocol version 2 (MLDv2) for source-specific multicast. RFC 4604, August 2006. [34] Chun-Ying Huang, Yun-Peng Chiu, Kuan-Ta Chen, and Chin-Laung Lei. Secure multicast in dynamic environments. Computer Networks (COMNET), 51(10):2805–2817, July 2007. [35] Junbeom Hur, Youngjoo Shin, and Hyunsoo Yoon. Decentralized group key management for dynamic networks using proxy cryptography. In Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks (Q2SWinet ’07), pages 123–129, October 2007. [36] Jung Yeon Hwang, Ji Young Chun, and Dong Hoon Lee. Weaknesses in the Hur- Shin-Yoon decentralized group key management. Wireless Communications & Mobile Computing (WCM), 9(12):1565–1571, December 2009. [37] Dragan Ignjatic, Lakshminath Dondeti, Francois Audet, and Ping Lin. MIKEYRSA- R: An additional mode of key distribution in multimedia internet keying (MIKEY). RFC 4738, November 2006. [38] Anca Ivan and Yevgeniy Dodis. Proxy cryptography revisited. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS ’03), February 2003. [39] Daniel Jackson. Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM), 11(2):256–290, April 2002. [40] Bibo Jiang and Xiulin Hu. A survey of group key management. In Proceedings of International Conference on Computer Science and Software Engineering (CSSE 2008), volume 3, pages 994–1002, December 2008. [41] Paul Judge and Mostafa Ammar. Security issues and solutions in multicast content distribution: a survey. IEEE Network Magazine, 17(1):30–36, January/ February 2003. [42] Naga Naresh Karuturi, Ragavendran Gopalakrishnan, Rahul Srinivasan, and Pandu Rangan Chandrasekaran. Foundations of group key management — framework, security model and a generic construction. Cryptology ePrint Archive: Report 2008/295, 2008. [43] Yongdae Kim, Adrian Perrig, and Gene Tsudik. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS ’00), pages 235– 244, November 2000. [44] Dave Kosiur. IP Multicasting: The Complete Guide to Interactive Corporate Networks. Wiley Computer Publishing, 1998. [45] Peter S. Kruus. A survey of multicast security issues and architectures. In Proceedings of the 21st National Information Systems Security Conference (NISSC ’98), pages 5–8, October 1998. [46] Peter S. Kruus and Joseph P. Macker. Techniques and issues in multicast security. In Proceedings of IEEE Military Communication Conference, 1998 (MILCOM 98), volume 3, pages 1028–1032, October 1998. [47] SuvoMittra. Iolus: A framework for scalable secure multicasting. In Proceedings of the ACM SIGCOMM ’97 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pages 277–288, September 1997. [48] Refik Molva and Alain Pannetrat. Scalable multicast security with dynamic recipient groups. ACM Transactions on Information and System Security (TISSEC), 3(3):136–160, August 2000. [49] John Moy. Multicast extensions to OSPF. RFC 1584, March 1994. [50] Matthew J. Moyer, Josyula R. Rao, and Pankaj Rohatgi. A survey of security issues in multicast communications. IEEE Network Magazine, 13(6):12–23, November/December 1999. [51] Ritesh Mukherjee and J. William Atwood. Proxy encryptions for secure multicast key management. In Proceedings of the 28th Annual IEEE International Conference on Local Computer Networks (LCN ’03), pages 377–384, October 2003. [52] Ritesh Mukherjee and J. William Atwood. SIM-KM: Scalable infrastructure for multicast key management. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN ’04), pages 335–342, November 2004. [53] Ritesh Mukherjee and J. William Atwood. Scalable solutions for secure group communications. Computer Networks (COMNET), 51(12):3525–3548, August 2007. [54] Sandro Rafaeli and David Hutchison. A survey of key management for secure group communication. ACM Computing Surveys (CSUR), 35(3):309–329, September 2003. [55] S. Ramanathan. Multicast tree generation in networks with asymmetric links. IEEE/ACM Transactions on Networking (TON), 4(4):558–568, 1996. [56] Pitipatana Sakarindr and Nirwan Ansari. Survey of security services on group communications. IET Information Security, 4(4):258–272, December 2010. [57] Bruce Schneier. Applied Cryptography, page 184. John Wiley & Sons, Inc., second edition, 1996. [58] Victor Shoup. A proposal for an ISO standard for public key encryption. Cryptology ePrint Archive, Report 2001/112, September 2001. http://eprint. iacr.org/2001/112. [59] Graham Steel and Alan Bundy. Attacking group multicast key management protocols using Coral. Electronic Notes in Theoretical Computer Science (ENTCS), 125(1):125–144, March 2005. [60] Michael Steiner, Gene Tsudik, and Michael Waidner. Diffie-Hellman key distribution extended to group communication. In Proceedings of the 3rd ACM conference on Computer and Communications Security (CCS ’96), pages 31–37, March 1996. [61] Mana Taghdiri and Daniel Jackson. A lightweight formal analysis of a multicast key management scheme. In Formal Techniques for Networked and Distributed Systems - FORTE 2003, volume 2767 of LNCS, pages 240–256, September/ October 2003. [62] Yiannis Tsiounis and Moti Yung. On the security of Elgamal based encryption. In PKC ’98: Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography, volume 1431 of LNCS, pages 117–134, February 1998. [63] DavidWaitzman, Craig Partridge, and Steve Deering. Distance vector multicast routing protocol. RFC 1075, November 1988. [64] Debby M. Wallner, Eric J. Harder, and Ryan C. Agee. Key management for multicast: Issues and architectures. RFC 2627, June 1999. [65] Chung Kei Wong, Mohamed Gouda, and Simon S. Lam. Secure group communications using key graphs. In Proceedings of the ACM SIGCOMM ’98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pages 68–79, August/September 1998. [66] Chung Kei Wong, Mohamed Gouda, and Simon S. Lam. Secure group communications using key graphs. IEEE/ACM Transactions on Networking (TON), 8(1):16–30, February 2000. [67] Sencun Zhu and Sushil Jajodia. Scalable group rekeying for secure multicast: A survey. In Proceedings of the 5th International Workshop on Distributed Computing (IWDC 2003), volume 2918 of LNCS, pages 1–10, December 2003.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/23142	-
dc.description.abstract	安全群播的目的在只讓屬於群組的合法群體成員可以解開秘密訊息。為了建立實用並安全的安全群播架構，我們專注於提供可擴充性及封鎖力。可擴充性指的是每個安全操作的處理負擔必須盡量不隨著群組成員的數量增加而增加。而封鎖力指的是在一子群組發生的安全漏洞事件不應影響到其他的子群組。在本論文中，我們提出利用「代理轉密法」的創新安全群播機制。代理轉密法使得路由器可以將原本以一把密鑰加密之密文轉變成以另一把密鑰加密之密文，而不需洩漏私密金鑰或是原始明文。本論文提出兩個解決安全群播問題的方法。第一個方法專注於消去密鑰管理中心。由於密鑰管理中心通常是單一實體，消去密鑰管理中心也就消除了單點故障問題。此方法利用Elgamal 加密演算法，提出了分散式的密鑰合成協定。密鑰合成是傳送者與路由器共同商議建立密鑰的過程。第二個方法則著重於提供封鎖，並且嘗試降低密鑰更新的影響。成功的封鎖能夠提供較佳的安全度，並同時增進可擴充性。第二個方法並不限定某特定加密演算法。因此系統建置者可以自由選擇演算法。此特性也增加了整個系統因應不同環境的存活力。我們也比較其他的方法，並討論我們發現的一些安全問題。現存的方法都只使用公開金鑰演算法，但公開金鑰的高運算負擔使得這類方法在實際上並不可行。然而對稱金鑰演算法卻無法提供公開金鑰演算法能達成的許多特性。我們的方法結合公開金鑰演算法及對稱金鑰演算法，因此在現實環境中也是可實行的。	zh_TW
dc.description.abstract	The goal of a secure multicast communication environment is to ensure that only valid members belonging to the multicast group can decrypt data. To build a practical and secure multicast architecture, we focus on scalability and containment issues. Scalability means that the processing overhead of each security operation should be minimized in terms of the number of group members. Containment means that a security breach that occurs in one subgroup does not affect other subgroups. In this dissertation, we propose novel secure multicast schemes by exploiting a cryptographic primitive, 'proxy re-encryption.' Proxy re-encryption allows intermediate routers to convert the ciphertext encrypted with one key to ciphertext encrypted with another key, without revealing the private key or the plaintext. Two schemes are proposed in this dissertation to solve the multicast security problem. The first one focuses on eliminating the key management center. Without the key management center, which is usually a single entity, this scheme also eliminates the single point of failure. It exploits the Elgamal encryption algorithm and proposes a distributed protocol for key composition. The key composition is a process that the sender and routers agree on encryption keys collaboratively. The second scheme focuses on providing containment, and tries to minimize the impact of rekeying events. Successful containment provides better security, and also improves scalability. The second scheme is not limited to one specific cryptographic scheme. Hence, operators have the freedom to choose proper schemes. This property enhances the survivability of the whole system. We also compare several related schemes, and discuss some security problems that we identified in them. Existing schemes that use similar techniques only use asymmetric-key algorithms, but the computational costs of the algorithms mean that the schemes are infeasible in practice. However, symmetric-key schemes can not afford several properties that can be achieved by asymmetric-key schemes. Our schemes combine asymmetric-key and symmetric-key algorithms, so they are practical for real-world applications.	en
dc.description.provenance	Made available in DSpace on 2021-06-08T04:44:02Z (GMT). No. of bitstreams: 1 ntu-100-D87921023-1.pdf: 842947 bytes, checksum: 7183f179cc42de6c0e90d1b3df9d46cc (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	Abstract i 摘要 iii Contents v List of Figures viii List of Tables x 1 Introduction 1 2 Preliminaries 5 2.1 IP Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Proxy Re-Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.1 Basic Concepts and Historical Review . . . . . . . . . . . . . . 7 2.2.2 Symmetric-Key Based Proxy Re-Encryption . . . . . . . . . . 10 3 Related Works 13 3.1 GDH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2 Iolus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.3 Logical Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.4 Dual Encryption Protocol . . . . . . . . . . . . . . . . . . . . . . . . 15 3.5 Cipher Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.6 SIM-KM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.7 Hur et al.’s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4 A Distributed Key Composition Protocol for Secure Multicast Using Proxy Re-Encryption 23 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.2 Proxy Re-Encryption and Key Composition . . . . . . . . . . . . . . 25 4.3 The Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.3.1 Operations and Notations . . . . . . . . . . . . . . . . . . . . 30 4.3.2 The Key Composition Protocol: Joining a Group . . . . . . . 31 4.3.3 Leaving a Group and Rekeying . . . . . . . . . . . . . . . . . 33 4.3.4 The Message Delivery Process . . . . . . . . . . . . . . . . . . 34 4.3.5 Handling Network Dynamics . . . . . . . . . . . . . . . . . . . 35 4.4 Evaluations and Discussions . . . . . . . . . . . . . . . . . . . . . . . 39 4.4.1 Load-Sharing with Trusted Proxy Nodes . . . . . . . . . . . . 39 4.4.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.4.3 Performance Evaluation and Comparisons . . . . . . . . . . . 43 4.5 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5 Sempre: SecureMulticast Architecture Using Proxy Re-Encryption 47 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.2 The Proposed Scheme: Sempre . . . . . . . . . . . . . . . . . . . . . 49 5.2.1 Multicast Model and System Architecture . . . . . . . . . . . 50 5.2.2 Two Modes and Key Assignment . . . . . . . . . . . . . . . . 52 5.2.3 Rekeying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5.3.1 Related Proxy Re-Encryption Properties . . . . . . . . . . . . 71 5.3.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 74 5.3.3 Comparisons of Features . . . . . . . . . . . . . . . . . . . . . 76 5.3.4 Comparisons of Costs . . . . . . . . . . . . . . . . . . . . . . . 76 5.4 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 6 Conclusions and Future Work 87 Bibliography 89
dc.language.iso	en
dc.title	利用代理轉密法之高效率安全群播架構	zh_TW
dc.title	Efficient Secure Multicast Schemes Using Proxy Re-Encryption	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	博士
dc.contributor.oralexamcommittee	顏嗣鈞(Hsu-Chun Yen),楊中皇(Chung-Huang Yang),黃秋煌(Chua-Huang Huang),陳俊良(Chuen-Liang Chen),范俊逸(Chun-I Fan)
dc.subject.keyword	安全群播,群播密鑰管理,代理轉密法,Elgamal 加密演算法,密鑰合成,	zh_TW
dc.subject.keyword	Secure multicast,multicast key management,proxy re-encryption,Elgamal encryption algorithm,key composition,	en
dc.relation.page	97
dc.rights.note	未授權
dc.date.accepted	2011-08-16
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 目前未授權公開取用	823.19 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。