基於區塊鏈與代理重新加密之隱私保護威脅情資分享平台

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：70

、訪客IP：18.223.172.199

姓名

陳冠瑜(Guan-Yu Chen) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

基於區塊鏈與代理重新加密之隱私保護威脅情資分享平台
(A Privacy-Preserving Threat Intelligence Sharing Platform Based on Blockchain and Proxy Re-Encryption)

相關論文

★ DeFi 去中心化金融發展現況及風險分析- 以2017~2022 年 6 月為研究區間	★ 基於區塊鏈防止雙重投票的匿名投票系統
★ NFT-based 車輛與零件履歷驗證平台	★ 元宇宙與 NFT 應用於旅遊購物虛實整合架構規劃之研究
★ Blockchain-based Federated learning with Data privacy protection	★ 具公正性抽獎機制與隱私防護之問卷平台
★ 建立安全可靠的推薦信平台: 基於分散式系統的創新方法	★ 去中心化電子書交易平台之區塊鏈框架設計與可行性分析
★ A Decentralized Group-oriented Information Sharing System with Searchable Encryption in Supply Chain Environment	★ A Batch Verified Decentralized-AI Against Poisoning Attack In 6G Industrial CPS Environments
★ A Blockchain-based Work Performance Authenticity Platform with User Incentive Mechanism	★ 基於區塊鏈與存取控制之多媒體分享平台

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2024-8-10以後開放)

摘要(中)

近幾年來，分散式阻斷服務攻擊（DDoS）攻擊在是一個非常嚴重的威脅，也是最流行的攻擊之一。各種IoMT平台、網站或伺服器可能會因遭受DDoS攻擊而癱瘓。目前，黑名單存取控制仍然是抵制這些攻擊的有效方法。不幸的是，大多數能夠收集大量威脅情資的資訊安全監控中心（SOC）都拒絕交換他們收集到的寶貴知識。因此，如何有效與公平地共享威脅情資是一個具有前景的研究課題。
在本文中，我們提出了一個基於區塊鏈的威脅情資共享平台，並且搭配誘因式代幣鼓勵資訊分享。為了保護資料隱私，提議的系統實作了代理重新加密方案，使資料透過加密形式做資訊交換。此外，為了有效地搜尋有用的資料，我們提出的方案設計了一種新穎的布隆過濾器，可以有效地排除無效的數據集。最後的模擬結果表明，本文採用的代理重新加密執行時間優於其他現有方案65%到70%。

摘要(英)

In recent decades, Distributed Denial of Service (DDoS) attacks is a very serious threat in today′s, which is one of the most popular attacks. As a consequence, various IoMT platforms, websites and servers could be paralyzed by DDoS attacks. Currently, blacklist access control is still the effective way to resist those attack. Unfortunately, most of security operation centers (SOC) who can gather a lot of threat intelligence refuse to exchange their valuable knowledge due to lack of benefits. Therefore, how to effective and fair sharing threat intelligence is a promising research topic.
In this article, we proposed a blockchain-based threat intelligence sharing platform to offer incentive benefit and keep exchange records on smart contracts for transparency. For data privacy, the proposed system implements a proxy re-encryption scheme keeping data in encrypted form. Furthermore, to effectively search useful data, our scheme proposed a novel bloom filter for data requester, which can effectively rule out inefficacious data set. Our simulation results show that the execution time of proxy re-encryption is about 65\%-70\% better than other existing schemes.

關鍵字(中)

★ 區塊鏈
★ 代理重新加密
★ 布隆過濾器
★ 分散式阻斷服務攻擊
★ 誘因式代幣

關鍵字(英)

★ Blockchain
★ Proxy re-encryption
★ Bloom filter
★ Distributed denial of service
★ Incentive coin

論文目次

摘要 i
Abstract ii
List of Figures v
List of Tables vi
Explanation of Symbols vii
I. Introduction 1
1-1 Background 1
1-2 Motivation 2
1-3 Purpose 3
II. Related work 4
2-1 Technology background 4
2-1-1 Threat intelligence 4
2-1-2 Blockchain 4
2-1-3 IPFS 5
2-1-4 Blockchain oracle 5
2-1-5 Proxy re-encryption 6
2-1-6 Bloom filter 7
2-2 Literature review 8
III. Preliminaries 9
3-1 Design goals 9
3-2 Symmetric-key encryption 9
3-3 Proxy re-encryption 10
IV. Proposed system 11
4-1 System model 11
4-2 System overview 12
4-3 The proposed dual-level Bloom filter 13
4-4 Cryptographic operations 15
4-5 Workflow 17
V. Security analysis 21
5-1 Data confidentiality 21
5-2 Data integrity and tamper proof 21
5-3 Searchability and data privacy 21
5-4 Fair and convincible incentive mechanism 22
VI. Evaluation 23
6-1 Feature comparison 23
6-2 Computational evaluation 24
6-3 Cost analysis in Blockchain network 27
VII. Conclusion 30
References 31

參考文獻

[1] AˇColakovi´c, M. Hadˇziali´c, Internet of things (iot): A review of enabling technologies, challenges, and open research issues, Computer networks, 144, 2018, 17–39.
[2] M. Bromiley, Threat intelligence: What it is, and how to use it effectively, SANS Institute InfoSec Reading Room, 15, 2016, 172.
[3] S. Barnum, Standardizing cyber threat intelligence information with the structured threat information expression (stix), Mitre Corporation, 11, 2012, 1–22.
[4] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, Decentralized Business Review, 2008, 21260.
[5] G. Wood, et al., Ethereum: A secure decentralised generalised transaction ledger, Ethereum project yellow paper, 151, 2014, 1–32.
[6] E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. De Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, et al., Hyperledger fabric: a distributed operating system for permissioned blockchains, in: Proceedings of the thirteenth EuroSys conference, 2018, 1–15.
[7] M. Wohrer, U. Zdun, Smart contracts: security patterns in the ethereum ecosystem and solidity, in: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), IEEE, 2018, 2–8.
[8] M. I. Mehar, C. L. Shier, A. Giambattista, E. Gong, G. Fletcher, R. Sanayhie, H. M. Kim, M. Laskowski, Understanding a revolutionary and flawed grand experiment in blockchain: the dao attack, Journal of Cases on Information Technology (JCIT), 21 (1), 2019, 19–32.
[9] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, A. Hobor, Making smart contracts smarter, in: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, 254–269.
[10] J. Benet, Ipfs-content addressed, versioned, p2p file system, arXiv preprint arXiv:1407.3561.
[11] A. M. Antonopoulos, G. Wood, Mastering ethereum: building smart contracts and dapps, O’reilly Media, 2018.
[12] L. Breidenbach, C. Cachin, B. Chan, A. Coventry, S. Ellis, A. Juels, F. Koushanfar, A. Miller, B. Magauran, D. Moroz, et al., Chainlink 2.0: Next steps in the evolution of decentralized oracle networks, Chainlink Labs.
[13] M. Blaze, G. Bleumer, M. Strauss, Divertible protocols and atomic proxy cryptography, in: International conference on the theory and applications of cryptographic techniques, Springer, 1998, 127–144.
[14] B. H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, 13 (7), 1970, 422–426.
[15] H. Shafagh, A. Hithnawi, L. Burkhalter, P. Fischli, S. Duquennoy, Secure sharing of partially homomorphic encrypted iot data, in: Proceedings of the 15th ACM Conference on Embedded Network Sensor Systems, 2017, 1–14.
[16] L.-Y. Yeh, P. J. Lu, S.-H. Huang, J.-L. Huang, Sochain: A privacypreserving ddos data exchange service over soc consortium blockchain, IEEE Transactions on Engineering Management, 67 (4), 2020, 1487–1500.
[17] A. A. Battah, M. M. Madine, H. Alzaabi, I. Yaqoob, K. Salah, R. Jayaraman, Blockchain-based multi-party authorization for accessing ipfs encrypted data, IEEE Access, 8, 2020, 196813–196825.
[18] W. Zhang, Y. Bai, J. Feng, Tiia: A blockchain-enabled threat intelligence integrity audit scheme for iiot, Future Generation Computer Systems, 132, 2022, 254–265.
[19] S. S. Chow, J.Weng, Y. Yang, R. H. Deng, Efficient unidirectional proxy reencryption, in: International Conference on Cryptology in Africa, Springer, 2010, 316–332.
[20] D. Derler, K. Gellert, T. Jager, D. Slamanig, C. Striecks, Bloom filter encryption and applications to efficient forward-secret 0-rtt key exchange, Journal of Cryptology, 34 (2), 2021, 1–59.
[21] S. Yao, R. Sankar, I.-H. Ra, A collusion-resistant identity-based proxy reencryption scheme with ciphertext evolution for secure cloud sharing, Security and Communication Networks, 2020.
[22] P. Zeng, K.-K. R. Choo, A new kind of conditional proxy re-encryption for secure cloud storage, IEEE Access, 6, 2018, 70017–70024.
[23] K. He, X. Liu, H. Yuan, W. Wei, K. Liang, Hierarchical conditional proxy re-encryption: A new insight of fine-grained secure data sharing, in: International Conference on Information Security Practice and Experience, Springer, 2017, 118–135.
[24] C. Zhou, Z. Zhao, W. Zhou, Y. Mei, Certificateless key-insulated generalized signcryption scheme without bilinear pairings, Security and Communication Networks, 2017.

指導教授

葉羅堯(Lo-Yao Yeh)

審核日期

2022-8-10

推文