簡易檢索 / 詳目顯示
| 研究生: |
張明聖 Ming-Shen Chang |
|---|---|
| 論文名稱: |
商業性金鑰恢復與金鑰託管機制之研究 The Research on Commercial Key Recovery and Key Escrow Mechanisms |
| 指導教授: |
顏嵩銘
Sung-Ming Yen |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 畢業學年度: | 89 |
| 語文別: | 中文 |
| 論文頁數: | 66 |
| 中文關鍵詞: | 機密性 、金鑰託管 、商業性金鑰恢復 、隱私權 |
| 外文關鍵詞: | Confidentiality, Key escrow, Commercial key recovery, Privacy |
| 相關次數: | 點閱:14 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
近年來,金鑰恢復 (Key recovery) 在密碼相關研究領域裡逐漸成為㆒
熱絡討論的議題。此議題起源於1992 年Micali 所提出"公正之公開金鑰密碼系統"(Fair public key cryptosystem)。但是引起廣泛的注意與探討則是在隔年 (1993 年) 美國政府計劃發展㆒套託管加密標準及金鑰託管系統(Escrow Encryption Standard / Key Escrow System)。在本論文裡,將會提出㆒新型態之商業性金鑰恢復機制以及㆒具有時效性之金鑰託管系統。
密碼理論的使用主要目的是為了保障資料的機密性及相關個㆟隱私權的保護,透過加密器的運用,使用者可以將資料轉換成安全的密文。而金鑰在整個加密/解密過程裡扮演㆒關鍵性的角色。因此,將金鑰妥善保管並確保其可用性是絕對必要的,這也是金鑰恢復機制所要達到的目的。直至目前為止,已有許多的金鑰恢復機制被發表於文獻㆖,在論文的第㆓章,將會針對幾個文獻㆖著名的金鑰恢復系統進行回顧。
而在論文的第㆔章裡,將會提出㆒全新之商業性金鑰恢復機制。其不同於文獻㆖其他金鑰恢復系統之特點,主要是在於金鑰恢復機構 (Key
Recovery Agent) 並不允許得知使用者所欲恢復的金鑰。另㆒方面,高效率的金鑰恢復服務以及高度可行性(實用性)亦是此金鑰恢復機制的兩個
重要特性。除此之外,本章也將介紹㆒些在文獻㆖具實用價值之密碼應用
並且和本論文所提出之金鑰恢復機制整合,提供有效率之金鑰恢復服務。
本論文的第㆓個主題是關於發展㆒具時效性之金鑰託管系統。所謂"具時效性"即是將政府機構合法監聽的權力限定在某㆒個特定的時間期限內。政府合法監聽機構 (Law Enforcement Agent, LEA) 無法從合法獲得
的使用者秘密金鑰去猜測使用者其他時限的金鑰,進行非法監聽。在論文
的第㆕章裡,將會提出㆒符合具時效性定義之金鑰託管系統
Recently, key recovery has become a popular issue of cryptographic research. The problem of key recovery was first
considered in 1992 by Micali. Subsequently, key recovery received much attention and was widely discussed because of the notions of Escrow Encryption Standard and Key Escrow System developed by the U.S. government. In this thesis, a new type of commercial key recovery scheme and a key escrow scheme with limited time span are developed.
A major motivation of using cryptography comes from the requirement of protecting confidentiality and privacy. The keys employed in a cryptography play the most important role in the above requirement. Hence, it should be protected carefully and should ensure high usability. Key recovery mechanisms can chieve
this goal. Up to now, a lot of related works can be found in the literature. In Chapter 2, a brief review of these schemes are given.
In Chapter 3, a new type of commercial key recovery mechanism is
developed in which it is emphasized that a key recovery agent is not permitted to learn any sensitive keys. Efficiency and practicability are two of the most important features in the proposed key recovery system. Also, we illustrate some possible cryptographic applications based on this commercial key recovery environment.
Another topic considered in this thesis is the key escrow system with limited time span. The concept of limited time span is to restrict the authority of wiretapping within a specific time instance. It should disable a LEA to recover any previous or following private keys of a user. In Chapter 4, a genuine key escrow scheme with limited time span is proposed.
[1] M. Burmester, Y. Desmedt, and J. SE. Berry,
''Equitable key escrow with limited time span (or, How to
enforce time expiration cryptographically),'' In Advanced
in Cryptology - Asiacrypt''98, Springer-Verlag,
Lecture Notes in Computer Science, LNCS 1514, pp.380--391,
1998.
[2] C. Boyd, ''Enforcing traceability in software,''
In Conference on Computer and Communication Security
- First International Conference, ICICS''97,
pp. 398--408, Springer-Verlag, 1997
[3] D. Boneh and R.J. Lipton, ''A Revocable Backup System,'' 6th
USENIX Security Symposium, San Jose, CA, pp. 91--96, 22--25
July, 1996.
[4] M. Bellare and S. Goldwasser, ''Verifiable partial key
escrow,'' In Proceedings of the Fourth Annual Conference on
Computer and Communications Security, ACM, 1996.
[5] M. Blaze, ''Protocol failure in the escrowed encryption
standard,'' Proc. of 2nd ACM Conference on Computer and
Communications Security, ACM Press, New York, pp.59--67,
1994.
[6] T. Beth, H. Knobloch, M. Otten, G.J. Simmons, and P.
Wichmann, ''Towards acceptable key escrow system,'' Proc.
of 2nd ACM Conference on Computer and Communications
Security, ACM Press, New York, pp.51--58, 1994.
[7] D.M. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker,
''A new approach to software key escrow,'' TISR #520,
Trusted Information Systems, 1994.
[8] Chien-Yuan Chen, Wei-Bin Lee, and Chin-Chen Chang,
''A software key escrow system suitable for
broadcasting,'' In T.L. Hwang and A.K. Lenstra (eds), Proc
of the 1998 International Computer Symposium -- Workshop on
Cryptology and Information Security, Tainan, pp. 155--158,
17--19 December, 1998.
[9] R. Cramer, I. Damgard and B. Schoenmakers, ''Proofs of
partial knowledge and simplified design of witness hiding
protocols,'' Advances in Cryptology - Crypto94 Proceedings,
Lecture Notes in Computer Science Vol. 839, Y. Desmedt
ed., Springer-Verlag, 1994.
[10] D.E. Denning and D.K. Branstad, ''A taxonomy for key
recovery encryption systems,'' available at
http://www.cosc.georgetown.edu/~denning/crypto/taxonomy.html
[11] D.E. Denning and D.K. Branstad, ''A taxonomy for key
escrow encryption systems,''
Commun. ACM, vol.39, no.3, pp.34--40, 1996.
[12] D.E. Denning, ''Key Escrow Encryption -- the third
paradigm,'' Computer Security Journal, vol.11, no.1, pp.43-
-52, 1995.
[13] Yvo Desmedt, ''Securing traceability of
ciphertexts: Towards a secure software key escrow
system,'' In L.C. Guillou and J.-J. Quisquater (eds.),
Advances in Cryptology -- EUROCRYPT,''95, vol 921 of
Lecture Notes in Computer Science, pp. 147--157, Springer-
Verlag, 1995.
[14] D.E. Denning and M. Smid, ''Key escrowing today,'' IEEE
Communication Magazine, pp.58--68, September 1994.
[15] D.E. Denning, ''The US key escrow encryption technology,''
Computer Communication Magazine, vol.17, no.7, pp.453--
457, July 1994.
[16] W. Diffie and M.E. Hellman, "New directions in
cryptography,'' IEEE Trans. on Inform. Theory, vol.IT-22,
pp.644--654, 1976.
[17] T. ElGamal, ''A public key cryptosystem and a signature
scheme based on discrete logarithms,'' IEEE Trans. on
Inform. Theory, vol.31, no.4, pp.469--472, July 1985.
[18] Yair Frankel and Moti Yung, ''Escrow encryption
systems visited: Attacks, analysis and designs,'' In
D. Coppersmith (ed.), Advances in
Cryptology -- CRYPTO,''95, vol 963 of Lecture Notes in
Computer Science, pp. 222--235, Springer-Verlag, 1995.
[19] R. Gennaro, P. Karger, S.Matyas, M. Peyravian, A.
Roginsky, D. Safford, M. Willet, and N. Zunic, ''Two-phase
cryptographic key recovery system,''
Computers and Security, no.16, pp. 681--506, 1997
[20] R. Ganesan, ''The Yaksha security system,'' Commun. ACM,
vol.39, no.3, pp.55--60, 1996.
[21] P. Horster, M. Michels, and H. Petersen, ''A new key
escrow system with active investigator,'' Proc. of
Securicom ''95, April 1995. Also available from
University of Technology Chemnitz茂wickau, Department of
Computer Science, Theoretical Computer Science and
Information Security Technical Report: TR-95-4,
April 1995.
[22] M. Joye and S.M. Yen, ''Generation and Release of Secrets
Using One-way Cross-trees,'' Proc. of the 1998
International Computer Symposium, Workshop and
Cryptography and Information Security, Tainan,
Taiwan, R.O.C., pp.23--28, 17--19 December, 1998.
[23] S.J. Kim, J.Y. Kim, B.C. Kim and D.H. Won,
''Base conversion attack on strong binded key escrow of
IWSEC''99,'' Submitted for publications, 28 February, 2001
[24] Lars R. Knudsen and Torben P. Pedersen, ''On the
difficulty of software key escrow,'' In U. Maurer (ed.),
Advances in Cryptology -- EUROCRYPT,''96, vol. 1070 of
Lecture Notes in Computer Science, pp. 237--244, Springer-
Verlag, 1996.
[25] W. Mao, ''Publicly verifiable partial key escrow,'' In T.
Han, T. Okamoto, and S. Qing, editors, Information and
Communications Security, Springer-Verlag, Lecture Notes in
Computer Science, pp.409--413, 1997.
[26] M. Mambo and E. Okamoto,
''Proxy cryptosystems : Delegation of the power to decrypt
ciphertexts,'' In IEICE Trans. Fundamentals, volume E80-A,
January 1997.
[27] M. Mambo K. Usuda and E. Okamoto,
''Proxy cryptosystems : Delegation of the power to sign
message,'' In IEICE Trans. Fundamentals, volume E79-A,
September 1996.
[28] D.P. Maher, ''Crypto backup and key escrow,'' Commun. ACM,
vol.39, no.3, pp.48--53, 1996.
[29] S. Micali, ''Fair public-key cryptosystems,''
Advanced in Cryptology - Crypto''92, Spring-Verlag,
Lecture Notes in Computer Science, LNCS 740, pp.113--138,
1992.
[30] J. Nieto, K. Viswanathan, C. Boyd, and E. Dawson,
''Key recovery system for the commercial environment,''
In Australasian Conference for Information Security and
Privacy, ACISP''2000, pp. 149--162. Lecture Notes in
Computer Science, Springer-Verlag, 2000.
[31] NIST, Govt. of U.S.A.,
''Requirements for key recovery products,''
Report of the Technical Advisory Committee to develop a
federal information processing standard for federal key
management infrastructure, November 1998,
available at http://csrc.nist.gov/keyrecovey/.
[32] NIST, ''SKIPJECK and KEA algorithm specifications,''
Version 2.0, 29 May, 1998.
[33] J. Nechvatel, ''A public-key-based key escrow system,''
Journal of Systems Software, vol.35, pp.73--83, 1996.
[34] FIPS 180-1, ''Secure Hash Standard,'' NIST, US Department
of Commerce, Washington D.C., April 1995.
[35] NIST, ''Escrowed Encryption Standard,'' FIPS PUB 185, 1994.
[36] T. Pedersen, ''Non-interactive and information theoretic
secure verifiable secret sharing,'' Advances in
Cryptology - Crypto91 Proceedings, Lecture Notes in
Computer Science Vol. 576, J. Feigenbaum ed., Springer-
Verlag, 1991.
[37] R.L. Rivest, ''The MD5 message digest algorithm,'' RFC
1321, April 1992.
[38] R.L. Rivest, A. Shamir, and L. Adleman, ''A method for
obtaining digital signatures and public-key
cryptosystem,'' Commun. of ACM, vol.21, no.2,
pp.120--126, 1978.
[39] A. de Solages and J. Traore,
''An efficient fair off-line electronic cash system with
extensions to checks and wallets with observers,''
In Financial Cryptography''98, pp.1--15, 1998
[40] M. Stadler, ''Publicly verifiable secret sharing,'' In U.
Maurer, editor, Advances in Cryptology - EUROCRYPT''96,
Spring-Verlag, Lecture Notes in Computer Science,
pp.190--199, 1996.
[41] A. Shamir, ''Partial key escrow : a new approach
to software key escrow,'' Private communication
made at Crypto 95, August 1995, also presented at
Key escrow conference, Washington, D.C., 15 September, 1995
[42] K. Viswanathan, C. Boyd, E. Dawson,
''Publicly verifiable key escrow with limited time span,''
In Information Security and Privacy, ACISP''99,
Lecture Notes in Computer Science, Springer-Verlag, 1999.
[43] K. Viswanathan, C. Boyd, E. Dawson,
''Strong binding for software key escrow,''
In International Workshop on Security, IWSEC''99. IEEE
Press, 1999.
[44] S.T. Walker, S.B. Lipner, C.M. Ellison, and D.M. Balenson,
''Commercial key recovery,'' Commun. ACM, vol.39, no.3,
pp.41--47, 1996.
[45] S.T. Walker, S.B. Lipner, C.M. Ellison, D.K. Branstad, and
D.M. Balenson, ''Commercial key escrow: Something for
everyone, now and for the future,'' TISR #541, Trusted
Information Systems, 16 April, 1995.
