請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58806
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 雷欽隆(Chin-Laung Lei) | |
dc.contributor.author | Yu-Shian Chen | en |
dc.contributor.author | 陳煜弦 | zh_TW |
dc.date.accessioned | 2021-06-16T08:32:05Z | - |
dc.date.available | 2014-01-27 | |
dc.date.copyright | 2014-01-27 | |
dc.date.issued | 2013 | |
dc.date.submitted | 2013-12-18 | |
dc.identifier.citation | [1] Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, pages 416--432, 2003.
[2] Jonathan Katz and Andrew Y. Lindell. Aggregate message authentication codes. In Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, volume 4964 of LNCS, pages 155--169. Springer, 2008. [3] Wassim Znaidi, Marine Minier, and Cêdric Lauradoux. Aggregated authentication (AMAC) using universal hash functions. In International Conference on Security and Privacy in Communication Networks (SecureComm), pages 248--252, 2009. [4] Moni Naor and Kobbi Nissim. Certificate revocation and certificate update. In Proceedings of the 7th conference on USENIX Security Symposium - Volume 7, SSYM'98, pages 17--17, Berkeley, CA, USA, 1998. USENIX Association. [5] Scott A. Crosby and Dan S. Wallach. Authenticated dictionaries: Real-world costs and trade-offs. ACM Trans. Inf. Syst. Secur., 14(2):17, 2011. [6] Michael T. Goodrich and Roberto Tamassia. Efficient authenticated dictionaries with skip lists and commutative hashing. US Patent App, 10(416015), 2000. [7] Michael T. Goodrich, Roberto Tamassia, and Andrew Schwerin. Implementation of an authenticated dictionary with skip lists and commutative hashing. In DARPA Information Survivability Conference And Exposition, pages 68--82. IEEE Computer Society Press, 2001. [8] Paul C. Kocher. On certificate revocation and validation. In Financial Cryptography, Second International Conference, FC '98, pages 172--177, 1998. [9] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J. D. Tygar. SPINS: security protocols for sensor networks. In MobiCom '01: Proceedings of the 7th annual international conference on Mobile computing and networking, pages 189-- 199, New York, NY, USA, 2001. ACM. [10] Donggang Liu and Peng Ning. Multilevel μtesla: Broadcast authentication for distributed sensor networks. ACM Trans. Embedded Comput. Syst., 3(4):800--836, 2004. [11] Donggang Liu, Peng Ning, Sencun Zhu, and Sushil Jajodia. Practical broadcast authentication in sensor networks. In Proceedings of the The Second Annual Inter- national Conference on Mobile and Ubiquitous Systems: Networking and Services, MOBIQUITOUS '05, pages 118--132, Washington, DC, USA, 2005. IEEE Computer Society. [12] Mihir Bellare, Joe Kilian, and Phillip Rogaway. The security of cipher block chain- ing. In Advances in Cryptology - CRYPTO 1994: 14th Annual International Cryptology Conference, pages 341--358, London, UK, 1994. Springer-Verlag. [13] Adrian Perrig, Robert Szewczyk, VictorWen, David Culler, and J. D. Tygar. SPINS: security protocols for sensor networks. In MobiCom '01: Proceedings of the 7th annual international conference on Mobile computing and networking, pages 189-- 199, New York, NY, USA, 2001. ACM. [14] Danny Harnik, Benny Pinkas, and Alexandra Shulman-Peleg. Side channels inc loud services: Deduplication in cloud storage. IEEE Security & Privacy, 8(6):40--47, 2010. [15] Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and misc slack space. In USENIX Security, 8 2011. [16] Giuseppe Ateniese, Randal C. Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary N. J. Peterson, and Dawn Xiaodong Song. Provable data possession at untrusted stores. In ACM Conference on Computer and Communications Security, pages 598--609, 2007. [17] Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, and Gene Tsudik. Scalable and efficient provable data possession. In International Conference on Security and Privacy in Communication Networks (SecureComm), SecureComm '08. ACM, 2008. [18] Hovav Shacham and Brent Waters. Compact proofs of retrievability. In Advances in Cryptology - ASIACRYPT 2009, 14th International Conference on the Theory and Application of Cryptology and Information Security, pages 90--107, 2008. [19] Qian Wang, Cong Wang, Jin Li, Kui Ren, and Wenjing Lou. Enabling public verifiability and data dynamics for storage security in cloud computing. In Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, pages 355--370, 2009. [20] Qian Wang, Cong Wang, Kui Ren, Wenjing Lou, and Jin Li. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distributed System, 22(5):847--859, 2011. [21] Wuala. Wuala - secure misc storage - backup. sync. share. access everywhere. http://www.wuala.com/. [22] SpiderOak. Free Windows, Mac and Linux misc backup, misc sync, share; storage from spideroak.com. https://spideroak.com/. [23] Yu-Shian Chen and Chin-Laung Lei. Aggregate message authentication codes (AMACs) with on-the-fly verification. International Journal of Information Secu- rity, 12(6):495--504, 2013. [24] Yu-Shian Chen, I-Lun Lin, Chin-Laung Lei, and Yen-Hua Liao. Broadcast authen- tication in sensor networks using compressed bloom filters. In IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS), pages 99--111. Springer, 2008. [25] I-Lun Lin. Curtain: A broadcast authentication scheme in wireless sensor network using bloom filter. Master's thesis, National Taiwan University, 2008. [26] Yu-Shian Chen and Chin-Laung Lei. Filtering false messages en-route in wireless multi-hop networks. In IEEE Wireless Communications and Networking Conference (WCNC), pages 1--6, 2010. [27] Yu-Shian Chen, He-Ming Ruan, and Chin-Laung Lei. Stratus: Check and share encrypted data among heterogeneous cloud storage. Journal of Internet Technology, Special Issue on Cloud Computing and Big Data:(to appear), 2013. [28] Burton H. Bloom. Space/time trade-offs in hash coding with allowable errors. Commun. ACM, 13(7):422--426, July 1970. [29] Michael Mitzenmacher. Compressed Bloom filters. IEEE/ACM Trans. Netw., 10(5): 604--612, 2002. [30] Li Fan, Pei Cao, Jussara Almeida, and Andrei Z. Broder. Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans. Netw., 8(3):281--293, 2000. [31] Mark Luk, Adrian Perrig, and Bram Whillock. Seven cardinal properties of sensor network broadcast authentication. In SASN '06: Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, pages 147--156, New York, NY, USA, 2006. ACM. [32] Michael T. Goodrich, Roberto Tamassia, and Jasminka Hasic. An efficient dynamic and distributed cryptographic accumulator. In International Security Conference (ISC), pages 372--388, 2002. [33] William Pugh. Skip lists: A probabilistic alternative to balanced trees. Commun. ACM, 33(6):668--676, 1990. [34] C. Christopher Erway, Alptekin Küpçü, Charalampos Papamanthou, and Roberto Tamassia. Dynamic provable data possession. In ACM Conference on Computer and Communications Security, pages 213--222, 2009. [35] Yu-Shian Chen, I-Lun Lin, Chin-Laung Lei, and Yen-Hua Liao. Lightweight broad- cast authentication for multiple senders in sensor networks. In The fourth Joint Work- shop on Information Security (JWIS), 2009. [36] Paul C. van Oorschot Alfred J. Menezes and Scott A. Vanstone. Handbook of Applied Cryptography - References. CRC Press, 2001. [37] Hans Eberle, Arvinderpal Wander, Nils Gura, Sheueling Chang Shantz, and Vipul Gupta. Architectural extensions for elliptic curve cryptography over GF(2m) on 8-bit microprocessors. In IEEE International Conference on Application-Specific Systems, Architecture Processors (ASAP), pages 343--349, 2005. [38] Vipul Gupta, Matthew Millard, Stephen Fung, Yu Zhu, Nils Gura, Hans Eberle, and Sheueling Chang Shantz. Sizzle: A standards-based end-to-end security architecture for the embedded internet. In IEEE International Conference on Pervasive Comput- ing and Communications (PerCom), pages 247--256, 2005. [39] Donggang Liu, Peng Ning, Sencun Zhu, and Sushil Jajodia. Practical broadcast authentication in sensor networks. In MobiQuitous, pages 118--132, 2005. [40] Adrian Perrig, Ran Canetti, J.D̃ . Tygar, and Dawn Song. The TESLA broadcast authentication protocol. RSA CryptoBytes, 5(2):2--13, 2002. [41] Shang-Ming Chang, Shiuhpyng Shieh, Warren W. Lin, and Chih-Ming Hsieh. An efficient broadcast authentication scheme in wireless sensor networks. In ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pages 311--320, New York, NY, USA, 2006. ACM. [42] Mark Luk, Ghita Mezzour, Adrian Perrig, and Virgil Gligor. Minisec: A secure sensor network communication architecture. In Proceedings of IEEE International Conference on Information Processing in Sensor Networks (IPSN), April 2007. [43] Kui Ren, Wenjing Lou, and Yanchao Zhang. Multi-user broadcast authentication in wireless sensor networks. In Proceedings of the Fourth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2007, pages 223--232, 2007. [44] Ronghua Wang, Wenliang Du, and Peng Ning. Containing denial-of-service attacks in broadcast authentication in sensor networks. In MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing, pages 71--79, New York, NY, USA, 2007. ACM. [45] Hugo Krawczyk, Mihir Bellare, and Ran Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational), February 1997. Updated by RFC 6151. [46] Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Keying hash functions for message authentication. In Advances in Cryptology - CRYPTO 1996: 16th Annual International Cryptology Conference, pages 1--15, London, UK, 1996. Springer-Verlag. [47] Sencun Zhu, Sanjeev Setia, Sushil Jajodia, and Peng Ning. An interleaved hop-by- hop authentication scheme for filtering of injected false data in sensor networks. In IEEE Symposium on Security and Privacy, pages 259--271, 2004. [48] Sencun Zhu, Shouhuai Xu, Sanjeev Setia, and Sushil Jajodia. Lhap: A lightweight hop-by-hop authentication protocol for ad-hoc networks. In 23rd International Conference on Distributed Computing Systems Workshops (ICDCS 2003 Workshops), pages 749--, 2003. [49] Rehan Akbani, Turgay Korkmaz, and G. V. S. Raju. Heap: hop-by-hop efficient authentication protocol for mobile ad-hoc networks. In Proceedings of the 2007 Spring Simulation Multiconference, SpringSim 2007, pages 157--165, San Diego, CA, USA, 2007. Society for Computer Simulation International. [50] Tobias Heer, Stefan Götz, Oscar García Morchon, and Klaus Wehrle. ALPHA: an adaptive and lightweight protocol for hop-by-hop authentication. In ACM Conference on Emerging Network Experiment and Technology, CoNEXT 2008, page 23, 2008. [51] Burton H. Bloom. Space/time trade-offs in hash coding with allowable errors. Com- mun. ACM, 13(7):422--426, 1970. [52] Qi Dong, Donggang Liu, and Peng Ning. Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks. In WiSec '08: Proceedings of the first ACM conference on Wireless network security, pages 2--12, New York, NY, USA, 2008. ACM. [53] Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-based en- cryption for fine-grained access control of encrypted data. In ACM Conference on Computer and Communications Security, pages 89--98, 2006. [54] Rafail Ostrovsky, Amit Sahai, and Brent Waters. Attribute-based encryption with non-monotonic access structures. In ACM Conference on Computer and Communications Security, pages 195--203, 2007. [55] Matt Blaze. A cryptographic filesystem for UNIX. In ACM Conference on Computer and Communications Security, pages 9--16, 1993. [56] Giuseppe Cattaneo, Luigi Catuogno, Aniello Del Sorbo, and Pino Persiano. The design and implementation of a transparent cryptographic file system for UNIX. In USENIX Annual Technical Conference, FREENIX Track, pages 199--212, 2001. [57] Erez Zadok and Jason Nieh. FiST: A language for stackable filesystems. In USENIX Annual Technical Conference, General Track, pages 55--70, 2000. [58] Kevin Fu, M. Frans Kaashoek, and David Mazières. Fast and secure distributed read-only filesystems. ACM Transactions on Computer Systems, 20(1):1--24, 2002. [59] Mahesh Kallahalla, ErikRiedel, Ram Swaminathan, Qian Wang,and KevinFu. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the FAST '03 Conference on File and Storage Technologies, 2003. [60] Michael Austin Halcrow. eCryptFS: An enterprise-class encrypted filesystem for Linux. In Proceedings of the 2005 Linux Symposium, volume 1, pages 201--218, 2005. [61] Dominik Grolimund, Luzius Meisser, Stefan Schmid, and Roger Wattenhofer. Cryptree: A folder tree structure for cryptographic file systems. In 25th IEEE Symposium on Reliable Distributed Systems (SRDS 2006), pages 189--198, 2006. [62] Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Gerardo Pelosi, and Pierangela Samarati. Efficient and private access to outsourced data. In 2011 International Conference on Distributed Computing Systems, ICDCS 2011, pages 710--719, 2011. [63] Seny Kamara and Kristin Lauter. Cryptographic cloud storage. In Financial Cryptography and Data Security, FC 2010 Workshops, RLCPS, WECSR, and WLC 2010, pages 136--149, 2010. [64] Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman. FADE: Secure overlay cloud storage with file assured deletion. In International Conference on Security and Privacy in Communication Networks, SecureComm '10, pages 380-- 397, 2010. [65] Seny Kamara, Charalampos Papamanthou, and Tom Roeder. CS2: A searchable cryptographic cloud storage system. Technical report, Technical Report MSR-TR- 2011-58, Microsoft, 2011. [66] Dropbox. Dropbox - simplify your life. http://www.dropbox.com/. [67] TrueCrypt. Free open-source on-the-fly disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux. http://www.truecrypt.org/. [68] Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on oblivious RAMs. J. ACM, 43(3):431--473, 1996. [69] Peter Williams, Radu Sion, and Alin Tomescu. Privatefs: a parallel oblivious file system. In ACM Conference on Computer and Communications Security, pages 977--988, 2012. [70] Benny Pinkas and Tzachy Reinman. Oblivious ram revisited. In Advances in Cryp- tology - CRYPTO 2010, 30th Annual Cryptology Conference, pages 502--519, 2010. [71] Ari Juels and Burton S. Kaliski Jr. PORs: proofs of retrievability for large files. In ACM Conference on Computer and Communications Security, pages 584--597, 2007. [72] Ralph C. Merkle. A digital signature based on a conventional encryption function. In Advances in Cryptology - CRYPTO '87, A Conference on the Theory and Applications of Cryptographic Techniques, pages 369--378, 1987. [73] Manuel Blum, William S. Evans, Peter Gemmell, Sampath Kannan, and Moni Naor. Checking the correctness of memories. Algorithmica, 12(2/3):225--244, 1994. [74] Dwaine E. Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, and Srinivas Devadas. Towards constant bandwidth overhead integrity checking of untrusted data. In IEEE Symposium on Security and Privacy, pages 139--153, 2005. [75] Gustavus J Simmons. Authentication theory/coding theory. In Advances in Cryptology, Proceedings of CRYPTO '84, pages 411--431. Springer-Verlag New York, Inc., 1985. [76] Michael Walker. Information-theoretic bounds for authentication schemes. J. Cryptology, 2(3):131--143, 1990. [77] Ute Rosenbaum. A lower bound on authentication after having observed a sequence of messages. J. Cryptol., 6(3):135--156, 1993. [78] Ben J. M. Smeets. Bounds on the probability of deception in multiple authentication. IEEE Trans. on Inf. Theory, 40(5):1586--1591, 1994. [79] Ueli M. Maurer. A unified and generalized treatment of authentication theory. InProceedings 13th Symp. on Theoretical Aspects of Computer Science (STACS), LNCS, pages 387--398. Springer-Verlag, 1996. [80] Dan Boneh, Glenn Durfee, and Matthew K. Franklin. Lower bounds for multicast message authentication. In EUROCRYPT, volume 2045 of LNCS, pages 437--452. Springer-Verlag, 2001. [81] Fan Ye, Haiyun Luo, Songwu Lu, and Lixia Zhang. Statistical en-route filtering of injected false data in sensor networks. In Proceedings IEEE INFOCOM 2004, The 23rd Annual Joint Conference of the IEEE Computer and Communications Societies, pages 2446–--2457. IEEE, 2004. [82] Haowen Chan, Adrian Perrig, and Dawn Song. Secure hierarchical in-network aggregation in sensor networks. In Proceedings of the 2006 ACM Conference on Computer and Communications Security, CCS 2008, pages 278--287, New York, NY, USA, 2006. ACM. [83] Haowen Chan and Adrian Perrig. Round-efficient broadcast authentication protocols for fixed topology classes. In IEEE Symposium on Security and Privacy, pages 257- -272. IEEE Computer Society, 2010. [84] Aldar C.-F. Chan and Claude Castelluccia. On the (im)possibility of aggregate message authentication codes. In 2008 IEEE International Symposium on Information Theory, ISIT 2008, pages 235--239, 2008. [85] Ran Canetti, Juan A. Garay, Gene Itkis, Daniele Micciancio, Moni Naor, and Benny Pinkas. Multicast security: A taxonomy and some efficient constructions. In IEEE International Conference on Computer Communications (InfoCom), pages 708-- 716, 1999. [86] Adrian Perrig, Ran Canetti, Dawn Xiaodong Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2001, 2001. [87] Oliver Eikemeier, Marc Fischlin, Jens-Fabian Götzmann, Anja Lehmann, Dominique Schröder, Peter Schröder, and Daniel Wagner. History-free aggregate mes- sage authentication codes. In Security and Cryptography for Networks, 7th International Conference, SCN 2010, pages 309--328, 2010. [88] Di Ma and Gene Tsudik. Extended abstract: Forward-secure sequential aggregate authentication. In IEEE Symposium on Security and Privacy, pages 86--91, 2007. [89] Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, and Hovav Shacham. Sequential aggregate signatures from trapdoor permutations. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, pages 74--90, 2004. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58806 | - |
dc.description.abstract | 本論文研討使用對稱式密碼學生成的認證的彙集。這也表示認證標記是被對稱性地彙集,或者說就是單純以雜湊函數處理。本論文可概分為應用面與理論面。應用面包含四大主題:動態認證字典、感測網路內的廣播認證、多點路由內的
假訊過濾、以及可檢驗的加密雲儲存。 一、認證字典是一個泛型的計算問題,在於彼方如何檢驗他方是否正確記錄被寄存的資料。以往的解法(多沿用 Merkle 樹)或僅適合靜態認證字典,或使用低效率的資料結構。基於典型的 Merkle 樹,本文提出數個新穎的資料結構來處理動態認證字典,並支援負查詢。包含基數Merkle 樹、疊 Merkle 樹、和二元 Merkle 樹林。與往者不同,這些提案保持了原始 Merkle 樹的結構簡易性。 二、廣播認證是感測網路運作的基礎。受限於節點的有限運算能力和電力,尤其在無線感測網路中,感測點不應採用昂貴的非對稱運算。在這個原則上,μTESLA 的鏈狀設計成為可靠且持久的認證依據。但鏈型的優點在長期來看亦成為其缺點,使得更新認證源極為不便。簾(Curatin)利用壓縮 Bloom 過濾器彙集多重μTESLA。Curtain 增長μTESLA 使用期限與提高更新效率,並延續其自我修 復的功能。mCurtain 則是進階版的Curtain ,可用於多方廣播者的情境中,系統可動態增加或撤銷廣播者。使用 Curtain 和 mCurtain 的成本僅接受端需紀錄少量的點陣圖。 三、輕量化的在路由認證對多跳點網路,特別是無線網路,是難以根除的問題。。在無線環境下,中介的路由點是顯而易見的攻擊標的。攻擊者可任意植入無意義的假性通訊,導致多餘的訊息轉發、消耗節點資源、和降低網路效能。即使假訊最終被識別,路由點必然得為難以完全遏止的假訊付出代價。再次地,本文提出使用 Bloom 過濾器的低成本解法,稱為 EAB。每個使用 EAB 的路由點可在短時間內以輕量運算過濾絕多數的假訊。在多點路由中,最終能成功穿越網路的假訊量以冪次降低。 四、僅能保證機密性或完整性其一的雲儲存並不符現代資料安全要求。沒有加密的遠端儲存等同不可逆的資料外洩;沒有檢驗機制的加密儲存則可能被置換成無效亂碼而無法咎責。層雲(Stratus)針對這種矛盾提出完整解法。以用戶的觀點為本,Stratus 旨在提供對加密雲儲存的便利化存取與資料檢驗。此外,Stratus 隱性地保存原始目錄階層並允許不需要經過反向解密的無痛資料移植與分享。藉由虛設目錄(dummy list)的技巧,Stratus 可以進行懶刪除(lazy deletion)以提高系統效率。其他Stratus 的特點包含確實刪除和O(logN) 的負查詢等 最末,在理論面,本文推導彙集認證的安全極限。首先給予具有 On-The-Fly(OTF) 特性之彙集認證的嚴謹定義。這個定義將涵蓋前述之Curtain、mCurtain、和 EAB 等。接著結合消息理論、認證理論和Bloom 過濾器演算,推導與證明此彙集認證的安全極限。結果呼應過去獨以認證理論或密碼學推論的文獻。 Merkle 雜湊樹和 Bloom 過濾器這兩個古老又簡單的資料結構是本文使用的主要認證技術。讀者將發現即使在非對稱式密碼學主宰的廿一世紀,善用與變化舊工具有機會能更有效率解決新問題。 | zh_TW |
dc.description.abstract | This thesis discusses the aggregation of authentication created purely from symmetric cryptography. It also means that the authentication tags are aggregated in a symmetric way, or simply via hash functions. The contents of this work can be can be roughly classified
as the applications and theory parts. From the aspect of applications, it consists of four computational applications regarding data and communication authenticity, spreading from micro-scaled sensor networks to macro-scaled cloud. These topics include (1) dynamic authenticated dictionary, (2) broadcast authentication in sensor networks, (3) en-route false injection filtering, and (4) verifiable encrypted cloud storage. Two canonical hash-based data structures are employed, the Merkle Tree (MT) and the Bloom Filter (BF). 1. Dynamic authenticated dictionary: As a generic computation paradigm, the authenticated dictionary is to verify that the delegated remote correctly store the outsourced data. Prior solutions, mostly adopting the Merkle Tree (MT), are either only suitable for static dictionary or lack of efficient structures. We propose several novel approaches to extend the MT's ability of data update and negative query. Unlike the other hash-based schemes for authenticating dynamic data, these proposals retains the structural simplicity of MT. 2. Broadcast authentication: Broadcast authentication (BA) is a crucial foundation of wireless sensor networks (WSN). Limited by computation and energy resources, the sensor motes should not directly adopt asymmetric cryptography. Hence, the μTESLA protocol has been acting as the major role for doing BA in WSN. The chain structure of TESLA, however, brings inconvenience to update of authentication source. To prolong durability and support self-healing property, the Curtain applies compressed Bloom filters (CBF) to multiple μTESLA. It greatly reduces the network communication overhead at the cost of a moderate memory usage in receiving motes. The mCurtain, an extended version of Curtain, works for scenario of multiple senders. It allows the system to dynamically add and revoke senders. 3. False injection filtering: Lightweight en-route authentication is a challenging task in wireless multi-hop networks. An adversary can inject false data into the system, incurring redundant message forwarding, consuming node resources, and degrading network performance. Although the injection might be identified, en-routers have paid price for them. We utilize Bloom filter techniques, again, to build an authentication manifest called en-route authentication bitmap (EAB). EAB helps nodes on the routing path to filter out false data in high success rate, thus confine the injection attacks within the one or two hops from the adversary. The evaluation shows that EAB effectively protect the forwarding path of tens of hops with only a few bytes cost. 4. Verifiable encrypted cloud storage: A cloud storage service is never sufficient if it only guarantees one of data confidentiality and integrity. Remote storage without encryption could expose private information to outsiders; while storage without integrity could be appended with garbled and useless cipher. This paper presents the Stratus, an integrated encrypted storage atop of heterogeneous cloud storage. Standing on user's perspective, Stratus focuses on offering transparent and convenient access and integrity verification of the data outsourced. Also, Stratus preserves implicitly the folder hierarchy of the original storage and allows painless data migration and sharing without backward decryption. By the technique of dummy list, Stratus is able to perform lazy deletion, reducing access overhead. Other salient features of Stratus include assured deletion and space query in O(log n). Finally, from the aspect of theory, the work derives a rigorous proof of the security extreme of aggregated authentication. First, we give a precise definition of Aggregate message authentication codes (AMACs) with the property of one-the-fly (OTF) verification. The AMACs encompass portions of each previous mentioned application. Combing information theory, authentication theory, and Bloom computation, the theoretical security extreme of such authentication is derived and proved. The results correspond to prior research adopting other methodologies in literature. The Merkle trees and Bloom filters, both ancient and simple hash-based structures, are the two foundations of this thesis. Readers will find that the old tools might be more efficient in tackling emerging problems, even in the modern computational world dominated by asymmetric cryptography. | en |
dc.description.provenance | Made available in DSpace on 2021-06-16T08:32:05Z (GMT). No. of bitstreams: 1 ntu-102-D94921021-1.pdf: 1670206 bytes, checksum: 1b26b010742bef3044dc171ad526fa9f (MD5) Previous issue date: 2013 | en |
dc.description.tableofcontents | 1 Introduction 1
1.1 Aggregated Authentication......................... 2 1.2 Authenticated Dictionary.......................... 3 1.3 Broadcast Authentication.......................... 4 1.4 False Injection Filtering........................... 6 1.5 Cloud Storage Security ........................... 8 1.6 Contribution Summary ........................... 11 1.7 Organization ................................ 14 2 Preliminaries 15 2.1 Merkle Tree................................. 15 2.1.1 Authentication Path......................... 15 2.2 Bloom Filters ................................ 16 2.2.1 Standard Bloom Filters....................... 17 2.2.2 Compressed Bloom Filters..................... 17 2.2.3 Counting Bloom Filters ...................... 19 2.2.4 Security of Bloom Filters...................... 20 2.3 μTESLA .................................. 21 2.3.1 Standard μTESLA ......................... 21 2.3.2 Tree-based μTESLA ........................ 23 I 3 Dynamic Authenticated Dictionary 27 3.1 Radix Merkle Trees............................. 28 3.1.1 TrimmedRMT ........................... 29 3.2 Stacked Merkle Trees............................ 31 3.3 Binomial Merkle Forest........................... 33 3.4 Evaluation.................................. 35 3.5 Related Works................................ 36 4 Curtain & mCurtain 39 4.1 Curtain Overview.............................. 40 4.2 Analysis................................... 45 4.3 Multiple Curtain............................... 49 4.3.1 Procedures ............................. 50 4.3.2 Analysis .............................. 51 4.4 Implementation ............................... 53 4.4.1 Curtain ............................... 53 4.4.2 mCurtain .............................. 54 4.5 Related Work ................................ 55 5 Filtering False Injection 59 5.1 Problem Definition ............................. 59 5.1.1 System Model ........................... 59 5.1.2 Threat Model............................ 60 5.2 Basic Design of Filtering .......................... 61 5.2.1 BasicTechnique .......................... 61 5.2.2 Protocol Description ........................ 62 5.2.3 Implementation of HashSet .................... 64 5.2.4 Security Analysis.......................... 66 5.3 Random Padding .............................. 68 II 5.3.1 Restraint of EAB.......................... 68 5.3.2 Further Enhancement........................ 69 5.4 Related Work ................................ 72 6 Cloud Storage Security 73 6.1 Problem Formulation ............................ 74 6.1.1 Cloud Model ............................ 75 6.1.2 Threat Model............................ 75 6.1.3 Design Goals............................ 76 6.2 Stratus Encryption ............................. 77 6.2.1 Data Structure ........................... 77 6.2.2 Encryption Strategy ........................ 80 6.3 Stratus Integrity Proof............................ 81 6.3.1 BMF in Stratus........................... 81 6.3.2 Stratus Integrity Checking ..................... 83 6.4 Data Share in Stratus ............................ 85 6.4.1 The Virtual Shared Folder ..................... 85 6.4.2 Data Share and Revoke....................... 86 6.4.3 Practical Scenario.......................... 87 6.5 Performance Analysis............................ 88 6.5.1 The BMF Performance....................... 88 6.5.2 Storage Overhead.......................... 88 6.5.3 File Operations........................... 90 6.6 Discussion.................................. 91 6.7 Related Work ................................ 92 6.7.1 Cryptography FileSystems..................... 92 6.7.2 Proofs of Possession or Retrievability . . . . . . . . . . . . . . . 95 7 Lower Bound of Aggregation 99 7.1 Preliminaries ................................ 99 7.1.1 System Model ...........................100 7.1.2 MAC, Attack, and Lower Bounds .................100 7.2 AMACs:Definition and Lower Bound...................101 7.2.1 Definition of AMACs .......................102 7.2.2 Attacks on AMACs.........................103 7.2.3 Lower Bound of AMACs......................103 7.2.4 Relation with Former Works....................106 7.2.5 Security of AMACs ........................106 7.3 Constructing AMACs via Bloom Filters..................107 7.3.1 Bloom-based construction, xBF-AMACs . . . . . . . . . . . . . 108 7.3.2 Primitive Analysis .........................109 7.3.3 Improvement by Subdivision....................109 7.3.4 Strengthening AMACs with Padding . . . . . . . . . . . . . . . 111 7.3.5 The Heuristics ........................... 111 7.3.6 Lower Bounds with Padding .................... 117 7.4 Security of BF-AMACs........................... 117 7.5 Comparison.................................119 7.6 RelatedWork ................................120 8 Conclusion................................127 | |
dc.language.iso | en | |
dc.title | 彙集對稱式認證:從感測點到雲端 | zh_TW |
dc.title | Aggregating Symmetric Authentication: From Motes to Clouds | en |
dc.type | Thesis | |
dc.date.schoolyear | 102-1 | |
dc.description.degree | 博士 | |
dc.contributor.oralexamcommittee | 顏嗣鈞,王勝德,楊中皇,吳宗成,莊文勝 | |
dc.subject.keyword | 彙集,認證,Merkle 雜湊樹,Bloom 過濾器,認證字典,感測網路,雲儲存, | zh_TW |
dc.subject.keyword | Aggregation,Authentication,Merkle Tree,Bloom Filters,Authenticated Dictionary,Sensor Networks,Cloud Storage, | en |
dc.relation.page | 141 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2013-12-18 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-102-1.pdf 目前未授權公開取用 | 1.63 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。