本計畫提出依不同的屬性分類資訊內容,進而使得使用者具有身分階級與分群的廣播 加密法。其中,授權於使用者的階級限制其存取權限,使得使用者無法存取比自身權限高 的資訊;分類資訊內容後,使用者可依自身的需求對資訊內容具有選擇權,針對需求所訂 閱的資訊量相對付費。利用區分不同資訊粗細度,將資訊作細部的劃分,以達到以數位資 訊的使用需求為前提,提供使用者選擇權,訂購所需的數位資訊。我們提出的方法可達到 數位資訊保護、使用者動態管理等目的。因此,本計畫提出的方法具有以下特色:
z 使用者可依需求選擇訂閱分類的資訊內容,且根據訂閱授權的等級,存取階級權 限的資訊內容。
z 利用資訊粗細度的特性,將資訊以不同屬性分類成不同粗細度資訊,並將資訊依 可存取的權限不同建構資訊粗細度樹,在此資訊分類架構下,內容提供者可動態 管理資訊內容以及授權使用者存取權限。而使用者僅需儲存一把金鑰即可解密在 許可階級權限範圍的訂閱資訊。
z 只需先定義資訊內容的粗細度與使用者存取等級,因此,無須預先設定使用者數 目的上限,達到可延展性。
z 具群體動態管理功能,系統可隨時且容易地增加或註銷使用者,而且既有的使用 者亦不需更新自己的秘密金鑰。
z 可抵抗使用者共謀攻擊,由於本計畫所提出的方法中,使用者秘密金鑰彼此獨 立,因此,無法共謀一把新的秘密金鑰或交談金鑰。
z 達到後推安全與前推安全。當使用者註銷或加入時,利用金鑰更新管理機制,已 註銷或新加入的使用者無法利用所握有的秘密金鑰推導到之後或之前訊息內容 的交談金鑰。
六、計畫成果自評
未來科技之發展朝向將計算、通訊、消費性及網際網路內容多元化數位內容整合應用,
本計畫之成果提供一個安全且具有彈性的數位內容保護機制,可以提昇產業投入數位內容 應用的開發意願。此外,本計畫之研究成果亦可搭配無線行動裝置應用(包括手機、PDA、
車用數位電視盒等),將促進數位內容產業、軟體開發、晶片設計、硬體設備等相關產業發 展,使目前資訊、通訊及消費性電子聚合成3C 一體的新興整合性科技與產業。
在二年期的計畫中,我們已提出實現資訊粗細度之授權廣播加密機制,並證明可以達 到抵抗使用者共謀、達到解密金鑰的前推安全與後推安全、達到階級權限牽制可選擇性、
達到解密金鑰的連續性等安全目標。本計畫已將相關研究成果共有 4 篇論文投稿至 SCI、
EI 等國際期刊且被接受發表[TLW09, THW10, LWH10, LWBT09]以及國內資訊安全相關會 議[吳林林 09, 吳陳林 09],以期能將我們所提出之研發成果與國際密碼研究社群分享。
七、 參考文獻
[ACFP05] M. Abdalla, O. Chevassut, P.-A. Fouque, and D. Pointcheval, “A simple threshold authenticated key exchange from short secrets’ Advances in Cryptology – ASIACRYPT’ 05, Springer-Verlag, 2005, pp.566-584.
[AFI06] N. Attrapadung, J. Furukawa, and H. Imai, “Forward-secure and searchable broadcast encryption with short ciphertexts and private keys” Advances in Cryptology -- ASIACRYPT’06, Springer-Verlag, 2006, pp.161-177.
[AI05] N. Attrapadung and H. Imai, “Graph-decomposition-based frameworks for subset-cover broadcast encryption and efficient instantiations,” Advances in Cryptology – ASIACRYPT’ 05, Springer-Verlag, 2005, pp.100-120.
[AMM99] J. Anzai, N. Matsuzaki, and T. Matsumoto, “A quick group key distribution scheme with entity revocation,” Advances in Cryptology -- ASIACRYPT’99, Springer-Verlag, 1999, pp. 333-347.
[AP06] M. Abdalla and D. Pointcheval, “A scalable password-based group key exchange protocol in the standard model,” Advances in Cryptology – ASIACRYPT’ 06, Springer-Verlag, 2006, pp. 332-347.
[Asa02] T. Asano, "A revocation scheme with minimal storage at receivers", Advances in Cryptology – ASIACRYPT’ 02, Springer-Verlag, 2002, pp. 433-450.
[ASW99] M. Abdalla, Y. Shavitt, and A. Wool, “Towards making broadcast encryption practical,” FC’99, pp. 140-157.
[AT82] S. G. Akl, and P. D. Taylor, “Cryptographic solution to a multilevel security problem,” Advances in cryptology, pp. 237-249, 1982.
[Bal96] T. Ballardie, "Scalable multicast key distribution", RFC 1949, 1996.
[BC94] C. Blundo and A. Cresti, “Space requirements for broadcast encryption,” Advanced in Cryptology -- EUROCRYPT’94, Springer-Verlag, 1995, pp. 287-298.
[BCP01] E. Bresson, O. Chevassut, and D. Pointcheval, “Provably authenticated group Diffie-Hellman key exchange – the dynamic case,” Advances in Cryptology – ASIACRYPT’01, Springer-Verlag, 2001, pp. 290-309.
[BCP02] E. Bresson, O. Chevassut, and D. Pointcheval, “Dynamic group Diffie-Hellman key exchange under standard assumptions,” Advances in Cryptology – EUROCRYPT’02, Springer-Verlag, pp. 321-336.
[BCPQ01] E. Bresson, O. Chevassut, D. Pointcheval, and J.-J. Quisquater, “Provably authenticated group Diffie-Hellman key exchange,” Proceedings of the 8th ACM Conference on Computer and Communications Security: CCS2001, Philadelphia, Pennsylvania, 2001, pp 255-264.
[Bek91] S. Bekovits, “How to Broadcast a Secret,” Advanced in Cryptology – Eurocrypt’91, Springer-Verlag, 1991, pp. 535-541.
[BF01] D. Boneh, and M. Franklin, “Identity-based encryption from the Weil pairing,”
Advances in Cryptology -- CRYPTO 2001, Springer-Verlag, 2001, pp. 213-229.
[BF99] D. Boneh and M. Franklin, “An efficient public key traitor tracing scheme,”
Advances in Cryptology – CCRYPTO’99, Springer-Verlag, 1999, pp. 338-353.
[BSW06] D. Boneh, A. Sahai, and B. Waters, “Fully collusion resistant traitor tracing with short ciphertexts and private keys,” Advances in Cryptology – EUROCRYPT’06, Springer-Verlag, 2006, pp. 573-592.
[BW06] D. Boneh, and B. Waters, “A fully collusion resistant broadcast, trace, and revoke system,” Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 211-220.
[BW98] K. Becker and U. Wille, “Communication complexity of group key distribution,” in 5th ACM Conf. on Computer Communication. Security, 1998, pp. 1–6.
[CBH05] K.-K. R. Choo, C. Boyd, and Y. Hitchcock, “Examining indistinguishability-based proof models for key establishment protocols,” Advanced in Cryptology -- ASIACRYPT’05, Springer-Verlag, 2005, pp.585-.604
[CFN94] B. Chor, A. Fiat, and M. Naor, “Tracing traitors,” Advances in Cryptology -- CRYPTO’94, Springer-Verlag, 1994, pp. 257-270.
[CGI99] R. Canetti, J. Garay, G. Itkis, D. Miccianancio, M. Naor, and B. Pinkas, “Multicast security: a taxonomy and some efficient constructions,” INFOCOM’99, 1999.
[CHKLM05] R. Canetti, S. Halevi, J. Katz, Y. Lindell, and P. MacKenzie, “Universally
Composable Password-Based Key Exchange,” , Advanced in Cryptology -- EUROCRYPT’05, Springer-Verlag, 2005, pp. 404-421.
[CTW09] H.Y. Chien, C.S. Tu, and T.C. Wu, “RFID-Based, Anonymous Authentication Scheme,” The 2009 International Symposium on UbiCom Frontiers - Innovative Research, Systems and Technologies (UFirst 2009) In conjunction with The 6th International conference on Ubiquitous Intelligence and Computing (UIC 2009), Brisbane, Australia, July 2009.
[CMN99] R. Canetti, T. Malkin, and K. Nissim, "Efficient communication-storage tradeoffs for multicast encryption", Advanced in Cryptology -- EUROCRYPT’99, Springer-Verlag, 1999, pp. 459-474.
[CPP05] H. Chabanne, D. H. Phan, and D. Pointcheval, “Public traceability in traitor tracing schemes,” Advanced in Cryptology -- EUROCRYPT’05, Springer-Verlag,2005, pp.
542-558.
[DKRS06] Y. Dodis, J. Katz, and L. Reyzin, and A. Smith, “Robust fuzzy extractors and authenticated key agreement from close secrets,” Advances in Cryptology -- CRYPTO’06, Springer-Verlag,2006, pp. 232-250.
[DM00] L.R. Dondeti and S. Mukherjee, “Disec: A distributed framework for scalable secure many-to-many communication,” in Proceedings of the 5th IEEE Symposium on Computers and Communications, 2000.
[Fia01] A. Fiat, “Dynamic traitor tracing,” Journal of Cryptology, Vo. 14, no. 3, 2001, pp.211-223.
[FN93] A. Fiat and M. Naor, “Broadcast encryption,” Advances in Cryptology -- CRYPTO’93, Springer-Verlag, 1994, pp. 480-491.
[FNP07] N. Fazio, A. Nicolosi, and D. H. Phan, “Traitor Tracing with Optimal Transmission Rate,” Information Security Conference ’07, 2007, Lecture Notes in Computer Science, vol. 4779, pp.71-88.
[FSGKC01] D. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli, “Proposed NIST standard for role-based access control,” ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, 224–274.
[FT99] A. Fiat and T. Tassa, “Dynamic traitor tracing,” Advances in Cryptology -- CRYPTO’99, Springer-Verlag, 1999, pp. 354-371.
[GKR06] C. Gentry, P. MacKenzie, and Z. Ramzan, “A method for making password-based key exchange resilient to server compromise,” Advances in Cryptology -- ASIACRYPT’96, Springer-Verlag,2006, pp.142-159.
[GPSW06] V. Goyal, O. Pandey, A. Sahai, and B Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” Proceedings of the 13th ACM conference on Computer and communications security, 2006, pp. 89 - 98.
[HKN05] S. Halevi, P.A. Karger, and D. Naor, “Enforcing confinement in distributed storage and a cryptographic model for access control,” Report 2005/169, 2005, Cryptology ePrint Archive.
[HLL05] J. Y. Hwang, D. H. Lee, and J. Lim, “Generic transformation for scalable broadcast encryption schemes,” Advances in Cryptology – CRYPTO’ 05, Springer-Verlag, 2005, pp. 276-292.
[HMR94a] H. Harney, C. Muckenhirn, and T. Rivers, "Group key management protocol specification", RFC 2093, 1994.
[HMR94b] H. Harney, C. Muckenhirn, and T. Rivers, "Group key management protocol architecture", RFC 2094, 1994.
[HR05] T. Holenstein and R. Renner, “One-way secret-key agreement and applications to circuit polarization and immunization of public-key encryption,” Advances in Cryptology – CRYPTO’ 05, 2005, pp. 478-493.
[HS02] D. Halevy and A. Shamir, "The LSD broadcast encryption scheme", Advances in Cryptology – CRYPTO’ 02, Springer-Verlag, 2002, pp. 47-60.
[HS06] J. Herranz and G. Saez, “New results on multipartite access structures,” IEE
Proceedings of Information Security, to appear.
[HSW00] Y. L. Huang, S. P. Shieh, and J. C. Wang, “Practical key distribution schemes for channel protection,” Computer Software and Applications Conference, 2000, pp.
569-574.
[ITW82] I. Ingemarsson, I.D. Tang, and C.K. Wong, “A conference key distribution system,”
IEEE Transactions on Information Theory, Vol. 28, No. 5, 1982, pp. 714-720.
[J00] A. Joux, “A One-round Protocol for Tripartite Diffie-Hellman,” Algorithm Number Theory Symposium - ANTS-IV, Springer-Verlag, 2000, pp. 385- 394.
[JHCKLY05] N.-S. Jho, J. Y. Hwang, J. H. Cheon, M.-H. Kim, D. H. Lee, E. S. Yoo, “One-way chain based broadcast encryption schemes,” Advances in Cryptology -- EUROCRYPT’05, Springer-Verlag 2005, pp. 559-574.
[JW06] F. G. Jen, and C. M. Wang, “An Efficient Key Management Scheme for Hierarchical Access Control based on Elliptic Curve Cryptosystem,” The Journal of Systems and Software, vol. 79, 2006, pp.1161-1167.
[Kob87] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, 1987, pp. 203–209.
[KP05] C. Kudla and K. G. Paterson, “Modular security proofs for key agreement protocols,” Advances in Cryptology -- ASIACRYPT’05, Springer-Verlag,2005, pp.549-565.
[KPT00] Y. Kim, A. Perrig, and G. Tsudik, “Simple and fault-tolerant key agreement for
dynamic collaborative groups,” Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, 2000, pp. 235-244.
[Kre05] G. kreitz, “Optimization of Broadcast Encryption Schemes,” Mater’s Tesis, 2005.
[KYDB98] K. Kurosawa, T. Yoshida, Y. Desmedt, and M. Burmester, “Some bounds and a construction for secure broadcast encryption,” Advances in Cryptology -- ASIACRYPT’98, Springer-Verlag, 1998, pp. 420-433.
[LDC04] S. Liu, Z. Dong, and K. Chen, “Attack on Identity-based Broadcasting Encryption Schemes,” Lecture Notes in Computer Science, vol.769, pp.165-172.
[LS98] M. Luby and J. Staddon, “Combinatorial bounds for broadcast encryption,”
Advanced in Cryptology -- EUROCRYPT’98, Springer-Verlag, 1998, pp. 512-526.
[LWBT09] C.I. Lee, T.C. Wu, B.Y. Yang, and W.G. Tzeng, “New Secure Broadcasting Scheme Realizing Information Granularity” accepted by Journal of Information Science and Engineering, 2009.
[LWH10] Y.L. Lin, T.C. Wu, and C.L. Hsu, “Secure and efficient time-bound key assignment scheme for access control in hierarchical structure,” accepted by International Journal of Innovative Computing, Information and Control, Vol. 6, No. 2, 2010.
[Mil86] V. Miller, “Uses of Elliptic Curves in Cryptography,” Advances in Cryptology – CRYPTO ’85, 1986, pp. 417–426.
[MOV93] A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing elliptic curve logarithms to a finite field,” IEEE Transactions on Information Theory, Vol. 39, 1993, pp.
1639-1646.
[MSL03] Y. Mu, W. Susilo, and Y. X. Lin, “Identity-Based Broadcasting,” INDOCRYPT 2003, pp. 177-190.
[NNL01] D. Naor, M. Naor and J. Lotspiech, “Revocation and tracing schemes for stateless receivers,” Cryptology ePring Archive, Report 2001/059.
[NP00] M. Naor and B. Pinkas, “Efficient trace and revoke schemes,” FC 2000, pp. 1-20.
[NP98] M. Naor and B. Pinkas, “Threshold traitor tracing,” in Advances in Cryptology – CRYPTO’98, Springer-Verlag, 1998, pp.502-517.
[RW06] Z. Ramzan and D. P. Woodruff, “Fast Algorithms for the Free Riders Problem in Broadcast Encryption,” in Advances in Cryptology – CRYPTO’06, Springer-Verlag, 2006, pp.308-325.
[S03] P. Stros, “Uniform approach to manadatory security of event management systems,”
Security and Protection of Information 2003.
[S96] R. Sandhu, “Authentication , access control, and audit,” ACM Computing Surveys, Vol. 28, No. 1, 1996.
[Sha79] A. Shamir, “How to Share a Secret,” Communications of ACM, Vol.22, No.11, 1979, pp. 612-613.
[SL07] Y. Sun and K. J. R. Liu, “Hierarchical Group Access Control for Secure Multicast Communications,” ACM Transactions on Networking, Vol.15, 2007, pp.1514-1526.
[SOK00] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems Based on Pairing,” 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26-28, 2000.
[STW00] M. Steniner, G. Tsudik, and M. Waidner, “ Key agreement in dynamic peer groups,”
IEEE Transaction on Parallel and Distributed Systems, Vol. 11, No. 8, 2000, pp.
769-780.
[STW96] M. Steiner, G. Tsudik, and M. Waidner, “Diffie-Hellman key distribution extended to group communication,” in Proc. 3rd ACM Conf. on Computer Commun. Security, 1996, pp. 31–37.
[STW97] M. Steniner, G. Tsudik, and M. Waidner, “CLIQUES: A new approach to group key agreement,” Technical Report RZ 2984, IBM Research, December 1997.
[SW00a] R. Safavi-Naini and H. Wang, “New constructions for multicast re-keying schemes using perfect hash families,” CCS’2000, pp. 228-234.
[THW10] K.Y. Tsai, C.L. Hsu, and T.C. Wu, “Mutual anonymity protocol with integrity protection for mobile peer-to-peer networks,” accepted by International Journal of Security and Networks, Vol. 5, No.1, 2010. (EI)
[TLT99] F. K. Tu, C. S. Laih, and H. H. Tung, “On key distribution management for conditional access system on pay-TV system,” IEEE Transactions on Consumer Electronics, Vol. 45, Issue 1, 1999, pp. 151-158.
[TLW09] H.C. Tsai, N.W. Lo, and T.C. Wu, “A Threshold-Adaptive Reputation System on Mobile Ad Hoc Networks,” IEICE Transactions on Information and Systems, Vol.
E92.D, No.5, 2009, pp.777-786. (SCI)
[TWL01] W. Trappe, Y. Wang, and K.J.R. Liu, “Group key agreement using divideand-conquer strategies,” Conference on Information Sciences and Systems, 2001.
[WGL98] C. K. Wong, M. Gouda, and S. Lam, “Secure group communications using key graphs,” Proceedings of the ACM SIGCOMM’98 conference on Applications, technologies, architectures, and protocols for computer communication, 1998.
[WHA99] D. Wallner, E. Harder, and R. Agee, “Key management for multicast: issues and architectures,” RFC 2627, 1999.
[WW05] J. Wu and R. Wei, “An access control scheme for partially ordered set hierarchy with provable security,” Proceedings of Selected Areas in Cryptography 2005, SAC 2005, pp.221-232.
[YCY07] Y. Zhang, C. Yuan, and Y. Zhong, “Implementing DRM over Peer-to-Peer Networks with Broadcast Encryption,” Lecture Notes in Computer Science, vol. 4810, 2007,pp.
236–245.
[吳林林 09]吳宗成、林喬雯、林燕卿:“以樹狀結構實現資訊粗細度之廣播加密法”, 第十 九屆全國資訊安全會議,台北,台灣科技大學,2009,pp. 186-191。
[吳陳林 09]吳宗成、陳孝勇、林燕卿:“適用於無線感測網路之動態式事前金鑰分配機制”,
第十九屆全國資訊安全會議,台北,台灣科技大學,2009,pp. 232-237。