認證機制與權利委託機制之隱私強化及效能提升

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：23

、訪客IP：3.21.246.99

姓名

郭宗閔(Tsung-Min Kuo) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

認證機制與權利委託機制之隱私強化及效能提升
(Privacy and Efficiency Enhancement of Authentication and Delegation Control)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

認證機制 (authentication) 一直以來都是受關注的議題，然而使用者在與服務提供者互動過程中可能會洩漏其隱私，使得使用者必須承受被心懷不軌的服務提供者追蹤或是假冒的風險。雖然已經有許多會員資格 (membership) 認證與授權之隱私強化保護機制被提出，但這些機制受限於運算複雜度或是安全性上的考量，只能流於形式卻未必實用。此外，代理人重加密系統 (proxy re-encryption systems) 的研究中，有關金鑰揭露攻擊和未經授權的重加密等安全性議題及系統運算效能提升之挑戰，在過去幾年也有非常廣泛的討論。本論文將對前述的幾個系統及應用情節進行討論，並且提出相對應的解決方案。本論文的研究分成兩部分：第一部分是有關會員資格的認證與授權；而第二部分則是在代理人重加密系統中進行完善的權利委託控管。

在會員資格認證的研究中，匿名憑證系統 (anonymous credential system) 和會員資格認證系統 (membership authentication system) 是兩個具代表性的認證機制：使用者可利用零知識證明 (zero-knowledge proof) 技術向驗證者證明其擁有憑證或會員資格的合法性；但驗證者在驗證憑證或會員資格正確性的過程中卻無法得知使用者的真實身分。然而，此機制需要進行大量複雜的密碼計算，本論文會針對此兩個系統提出相對應的效能提升的研究成果。而動態累積系統 (dynamic accumulator) 是有關會員資格授權研究中一個重大的發明，使得管理者可以更簡單地針對每個會員的資格有效性進行管理，並且可以針對不同的群組進行不同服務存取的權力授權。然而，此系統卻可能發生合法的會員憑證遭到假冒的攻擊，本論文會針對此研究提出一個更安全但卻更有效率的研究成果。

另外，透過本論文的研究發現，假如每個重加密後之密文可以綁定一個特定的權限，那麼委託者 (delegator) 透過代理人 (proxy) 的幫助就可以指定某個密文可被解密的被委託者 (delegatee) 身分，以此達到限制每把重加密金鑰 (re-encryption key) 可應用範圍以及管理所有可取得重加密密文對象的目的。值得注意的是，此研究成果除了提供有彈性地進行重加密權利委託之隱私強化存取控管，更提供針對原密文與重加密後之密文一體適用的解密演算法 (universal decryption);而且保證系統在面對選擇密文攻擊 (chosen-ciphertext attack) 時的不可分辨性 (indistinguishability)。

摘要(英)

The debate on the issue of access control in literature is always enthusiastic and will never be suspended. Because the information provided by users during interaction with service providers may undermine their privacy. The users must risk being traced or even impersonated by corrupt service providers. Many recent authentication and authorization
mechanisms of memberships are introduced to enrich the protection of privacy. Nevertheless, these mechanisms do not apply directly, because the defects regarding computational complexity and security. Besides, the security issues of key exposure attack and unauthorized re-encryption and the performance challenges have been extensively considered in proxy re-encryption systems for years. In this dissertation, not only the aforementioned mechanisms and its application scenarios are mentioned and discussed but also the corresponding countermeasures are proposed. The research orientation of this dissertation can be divided into two parts in substance: one is authentication and authorization of memberships; and the other one is flexible delegation control in proxy re-encryption systems.

For the part of membership authentication, anonymous credential systems and membership authentication systems are two common mechanisms. A user can prove to a verifier that
he or she has been given an appropriate credential or membership in zero-knowledge. The verifier can verify the validity of the credential or membership while learning nothing about the user′s real identity. However, existing solutions consist of complicated cryptographic computations, thus, two efficiency-enhanced approaches are suggested for
individual systems. For the part of membership authorization, dynamic accumulator is an important invention in which the authority can simply administer each member′s access
right and provide differential services for individual groups. However, existing solutions are vulnerable to membership certificate impersonation. The suggested dynamic reversed accumulator can withstand this attack and performs more efficiently.

In addition, for the part of flexible delegation control, our research shows that if each of the re-encrypted ciphertexts is bound to a specific grant; the delegator can decide which of his or her ciphertexts can later be decrypted by a designated delegatee with the help of a semi-trusted proxy. In this way, the power of the re-encryption key is restrained and the re-encryption of all ciphertexts can be handled by the delegator. The suggested ID-based proxy re-encryption system provides a practical solution which has the advantages of flexible delegation control and universal decryption; and guarantees the system supply indistinguishability against chosen-ciphertext attack.

關鍵字(中)

★ 會員資格認證
★ 匿名憑證
★ 動態反向累積器
★ 代理人重加密
★ 零知識證明

關鍵字(英)

★ Membership Authentication
★ Anonymous Credential
★ Dynamic Reversed Accumulator
★ Proxy Re-encryption
★ Zero-knowledge Proofs

論文目次

Contents

1 Introduction 1
1.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Organization of the Dissertation . . . . . . . . . . . . . . . . . . . . . 3
1.3 Our Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

I Review of Related Work and Proposed Attacks 7
2 Review of Anonymous Credentials and Memberships Management 9
2.1 Introduction to Anonymous Credential Systems . . . . . . . . . . . . 9
2.1.1 Security requirements . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.2 U-Prove anonymous credential system . . . . . . . . . . . . . 11
2.2 Introduction to Membership Authentication Systems . . . . . . . . . 17
2.2.1 Generic algorithms and security requirements . . . . . . . . . 18
2.2.2 The scheme of Ateniese et al. . . . . . . . . . . . . . . . . . . 19
2.2.3 The scheme of Boneh et al. . . . . . . . . . . . . . . . . . . . 22
2.3 Introduction to Dynamic Accumulators . . . . . . . . . . . . . . . . . 26
2.3.1 Dynamic accumulators by Camenisch et al. . . . . . . . . . . . 27
2.3.2 Attacks ─ Membership certificate impersonation . . . . . . . . 28
3 Review of Proxy Re-encryption Systems 31
3.1 Model of Secure Distributed Storage Systems . . . . . . . . . . . . . . 31
3.2 Introduction to Proxy Re-encryption Systems . . . . . . . . . . . . . 32
3.2.1 Generic algorithms and properties . . . . . . . . . . . . . . . . 33
3.2.2 The PRE system of Ateniese et al. and proposed attacks . . . 34
3.2.3 The Green─Ateniese PRE system and proposed attacks . . . . 36

II Proposed Authentication and Authorization of Memberships 39
4 An Efficient Anonymous Credential System without Zero-Knowledge Proofs 41
4.1 Review of ID-based Chameleon Hash and Signature . . . . . . . . . . 41
4.1.1 ID-based chameleon hash . . . . . . . . . . . . . . . . . . . . . 42
4.1.2 ID-based chameleon signature . . . . . . . . . . . . . . . . . . 44
4.2 Proposed Anonymous Credential System . . . . . . . . . . . . . . . . 46
4.2.1 Issuance protocol . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.2.2 Presentation protocol . . . . . . . . . . . . . . . . . . . . . . . 48
4.3 Security and Performance Analysis . . . . . . . . . . . . . . . . . . . 50
4.4 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5 Dynamic Reversed Accumulator 55
5.1 Security Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.2 Proposed Dynamic Reversed Accumulator . . . . . . . . . . . . . . . 56
5.2.1 Proof of membership certificate . . . . . . . . . . . . . . . . . 58
5.2.2 Performance and security analysis . . . . . . . . . . . . . . . . 60
5.3 Efficient Multiwitness Verification . . . . . . . . . . . . . . . . . . . . 62
5.4 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6 Anonymous and Unlinkable Membership Authentication with Illegal Privilege Transfer Detection 65
6.1 Security Assumptions and Requirements . . . . . . . . . . . . . . . . 66
6.2 Basic Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.2.1 Remarks and discussion . . . . . . . . . . . . . . . . . . . . . 68
6.3 Enhanced Version of the Proposed Scheme . . . . . . . . . . . . . . . 70
6.3.1 Detection of illegal privilege transfer . . . . . . . . . . . . . . 71
6.3.2 Exclusiveness of the membership certificate . . . . . . . . . . . 72
6.3.3 Performance and security analysis . . . . . . . . . . . . . . . . 73
6.4 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

III Proposed Flexible Delegation Control 79
7 Secret Data Sharing Based on Proxy Re-encryption 81
7.1 Security Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
7.2 Proposed Secret Data Sharing System . . . . . . . . . . . . . . . . . . 82
7.2.1 Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.2.2 Secret data sharing system . . . . . . . . . . . . . . . . . . . . 84
7.2.3 Definition of attack model . . . . . . . . . . . . . . . . . . . . 85
7.3 Performance and Security Analysis . . . . . . . . . . . . . . . . . . . 87
7.4 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
8 Conclusions and Future Work 93
8.1 Summary of Contributions . . . . . . . . . . . . . . . . . . . . . . . . 93
8.2 Further Research Directions . . . . . . . . . . . . . . . . . . . . . . . 95

Bibliography 97

Appendix A Review of Preliminary Cryptographic Tools 112
A.1 Bilinear Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
A.2 Zero-Knowledge Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . 113
A.2.1 Sigma-protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
A.2.2 Proofs of knowledge . . . . . . . . . . . . . . . . . . . . . . . 114
A.2.3 Zero-knowledge from Sigma-protocols . . . . . . . . . . . . . . . . 115
A.2.4 Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
A.3 Quadratic Residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
A.4 Provable Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
A.4.1 Generic attack modes . . . . . . . . . . . . . . . . . . . . . . . 125
A.4.2 Various security notions . . . . . . . . . . . . . . . . . . . . . 126
A.4.3 Random oracle model . . . . . . . . . . . . . . . . . . . . . . . 129

參考文獻

Bibliography

[1] Federal Financial Institutions Examination Council: Authentication of Internet Banking Environment, 2001. Available at http://www.ffiec.gov.
[2] V. C. Hu, D. Ferraiolom, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone, “Guide to Attribute Based Access Control (ABAC) Definition and Considerations,” NIST Special Publication, 2013.
[3] S. Narayan, M. Gagne, and R. Safavi-Naini, “Privacy Preserving EHR System Using Attribute-based Infrastructure,” In Proceedings of the 2010 ACM Cloud Computing Security Workshop, pp. 47─52, ACM, 2010.
[4] J. S. Park, R. Sandhu, and G. J. Ahn, “Role-based Access Control on the Web,” ACM Transaction on Information and System Security, Vol. 4, No. 1, pp. 37─71, 2001.
[5] D. W. Chadwick, A. Otenko, and E. Ball, “Role-based Access Control with X.509 Attribute Certificates,” IEEE Internet Computing, Vol. 7, No. 2, pp. 62─69, 2003.
[6] G. Appenzeller, M. Roussopoulos, and M. Baker, “User-friendly Access Control for Public Network Ports,” In Proceedings of 18th Annual Joint Conference of the IEEE Computer and Communications Societies─INFOCOM ′99, Vol. 2, pp. 699─707, IEEE, 1999.
[7] V. Koutsonikola and A. Vakali, “LDAP: Framework, Practices, and Trends,” IEEE Internet Computing, Vol. 8, No. 5, pp. 66─72, 2004.
[8] P. Bichsel, J. Camenisch, and M. Verdicchio, “Recognizing Your Digital Friends,” In Security and Privacy in Social Networks, pp. 27─46, Springer, 2013.
[9] J. Camenisch, A. Lehmann, and G. Neven, “Electronic Identities Need Private Credentials,” IEEE Security and Privacy, Vol. 10, No. 1, pp. 80─83, 2012.
[10] A. B. Spantzel, J. Camenisch, T. Gros, and D. Sommer, “User Centricity: A Taxonomy and Open Issues,” Journal of Computer Security, Vol. 15, No. 5, pp. 493─527, 2007.
[11] D. W. Chadwick and A. Otenko, “The PERMIS X.509 Role Based Privilege Management Infrastructure,” Future Generation Computer Systems, Vol. 19, No. 2, pp. 277─289, 2003.
[12] T. A. Howes, M. C. Smith, and G. S. Good, “Understanding and Deploying LDAP Directory Services,” Addison─Wesley Longman Publishing Co., Inc. Boston, MA, USA, 2003.
[13] J. Camenisch and A. Lysyanskaya, “An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation,” In Advances in Cryptology─EUROCRYPT ′01, LNCS 2045, pp. 93─118, Springer, 2001.
[14] J. Camenisch, S. Hohenberger, and A. Lysyanskaya, “Compact E-Cash,” In Advances in Cryptology─EUROCRYPT ′05, LNCS 3494, pp. 302─321, Springer, 2005.
[15] A. Kiayias, Y. Tsiounis, and M. Yung, “Traceable Signatures,” In Advances in Cryptology─EUROCRYPT ′04, LNCS 3027, pp. 571─589, Springer, 2004.
[16] T. Okamoto, “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” In Advances in Cryptology─CRYPTO ′92, LNCS 740, pp. 31─53, Springer, 1993.
[17] D. Chaum and E. van Heyst, “Group Signatures,” In Advances in Cryptology─EUROCRYPT ′91, LNCS 547, pp. 257─265, Springer, 1991.
[18] J. Camenisch, “Efficient and Generalized Group Signatures,” In Advances in Cryptology─EUROCRYPT ′97, LNCS 1233, pp. 465─479, Springer, 1997.
[19] J. Camenisch, “Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem,” PhD Thesis, Swiss Federal Institute of Technology, Zurich, 1998.
[20] E. Fujisaki and T. Okamoto, “Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations,” In Advances in Cryptology─CRYPTO ′97, LNCS 1294, pp. 16─30, Springer, 1997.
[21] S. Goldwasser, S. Micali, and C. Rackoff, “The Knowledge Complexity of Interactive Proof-systems,” In Proceedings of the 17th Annual ACM Symposium on Theory of Computing, pp. 291─304, ACM, 1985.
[22] J. Camenisch and T. Grob, “Efficient Attributes for Anonymous Credentials,” ACM Transaction on Information and System Security, Vol. 15, No. 1, Article 4, 2012.
[23] S. Brands, “Restrictive Blinding of Secret-key Certificates,” Technical Report CSR9509, CWI Amsterdam, 1995.
[24] S. Brands, “Rethinking Public Key Infrastructure and Digital Certificates: Building in Privacy,” The MIT Press, 2000.
[25] S. Brands and C. Paquin, “U-Prove Cryptographic Specification v1.1,” 2013. Available at http://research.microsoft.com/apps/pubs/default.aspx?id=166969.
[26] M. Backes, J. Camenisch, and D. Sommer, “Anonymous Yet Accountable Access Control,” In Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 40─46, ACM, 2005.
[27] J. Camenisch and E. V. Herreweghen, “Design and Implementation of the Idemix Anonymous Credential System,” In Proceedings of the 9th ACM Conference on Computer and Communications Security─CCS ′02, pp. 21─30, ACM, 2002.
[28] IDEntity MIXer (IDEMIX). Available at http://www.zurich.ibm.com/security/idemix/.
[29] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A Practical and Provably Secure Coalition-resistant Group Signature Scheme,” In Advances in Cryptology─CRYPTO ′00, LNCS 1880, pp. 255─270, Springer, 2000.
[30] D. X. Song, “Practical Forward Secure Group Signature Schemes,” In Proceedings of the 8th ACM Conference on Computer and Communications Security─CCS ′01, pp. 225─234, ACM, 2001.
[31] G. Ateniese, D. Song, and G. Tsudik, “Quasi-efficient Revocation of Group Signatures,” In Proceedings of the 6th International Conference on Financial Cryptography─FC ′02, pp. 183─197, Springer, 2003.
[32] D. Boneh, X. Boyen, and H. Shacham, “Short Group Signatures,” In Advances in Cryptology─CRYPTO ′04, LNCS 3152, pp. 41─55, Springer, 2004.
[33] Y. K. Lee, S. Lee, S. J. Lee, J. Y. Hwang, B. H. Chung, and D. G. Lee, “Anonymous Access Control Framework Based on Group Signature,” In Proceedings of the 2nd International Conference on Information Technology Convergence and Services, pp. 1─5, IEEE, 2010.
[34] H. Zheng, Z. Zhao, and X. Zhang, “Access Control Based on Group Signatures in Cloud Service,” In IEEE International Conference on Computer Science and Automation Engineering, pp. 316─320, IEEE, 2012.
[35] X. Hu, “Cost-effective Scalable and Anonymous Certificateless Remote Authentication Protocol,” IEEE Transactions on Information Forensics and Security, Vol. 9, No. 12, pp. 2327─2339, 2014.
[36] D. He, S. Zeadally, N. Kumar, and J. H. Lee, “Anonymous Authentication for Wireless Body Area Networks with Provable Security,” IEEE Systems Journal, Vol. 11, No. 4, pp. 2590─2601, 2017.
[37] J. Benaloh and M. de Mare, “One-way Accumulators: A Decentralized Alternative to Digital Signatures,” In Advances in Cryptology─EUROCRYPT ′93, LNCS 765, pp. 274─285, Springer, 1993.
[38] N. Baric and B. Pfitzmann, “Collision-free Accumulators and Fail-stop Signature Schemes without Trees,” In Advances in Cryptology─EUROCRYPT ′97, LNCS 1233, pp. 480─494, Springer, 1997.
[39] T. Sander, A. Ta-Shma and M. Yung, “Blind, Auditable Membership Proofs,” In Proceedings of the 4th International Conference on Financial Cryptography─FC ′00, LNCS 1962, pp. 53─71, Springer, 2001.
[40] J. Camenisch and A. Lysyanskaya, “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials,” In Advances in Cryptology─CRYPTO ′02, LNCS 2442, pp. 61─76, Springer, 2002.
[41] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” In Advances in Cryptology─CRYPTO ′84, LNCS 196, pp. 10─18, Springer, 1985.
[42] R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120─126, ACM, 1978.
[43] N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol. 48, No. 177, pp. 203─209, 1987.
[44] V. S. Miller, “Use of Elliptic Curve in Cryptography,” In Advances in Cryptology─CRYPTO ′85, LNCS 218, pp. 417─426, Springer, 1986.
[45] Google drive. Available at https://drive.google.com/.
[46] Dropbox. Available at https://www.dropbox.com/.
[47] G. Ateniese and B. de Medeiros, “ID-based Chameleon Hash and Application,” In International Conference on Financial Cryptography─FC ′04, LNCS 3110, pp. 164─180, Springer, 2004.
[48] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage,” ACM Transactions on Information and System Security, Vol. 9, No. 1, pp. 1─30, 2006.
[49] M. Green, G. Ateniese, “Identity-based Proxy Re-encryption,” In Proceedings of the 5th International Conference on Applied Cryptography and Network Security─ACNS ′07, LNCS 4521, pp. 288─306, Springer, 2007.
[50] R. Canetti and S. Hohenberger, “Chosen-ciphertext Secure Proxy Re-encryption,” In Proceedings of the 14th ACM conference on Computer and Communications Security─CCS ′07, pp. 185─194, ACM, 2007.
[51] R. H. Deng, J. Weng, S. Liu, and K. Chen, “Chosen-ciphertext Secure Proxy Re-encryption without Pairings,” In International Conference on Cryptology and Network Security─CANS ′08, LNCS 5339, pp. 1─17, Springer, 2008.
[52] H. Wang, Z. Cao, and L. Wang, “Multi-use and Unidirectional Identity-based Proxy Re-encryption Schemes,” Information Sciences, Vol. 180, No. 20, pp. 4042─4059, 2010.
[53] Y. Cai and X. Liu, “A CCA-secure Multi-use Identity-based Proxy Re-encryption Scheme,” In Proceedings of IEEE Symposium on Computer Applications and Communications─SCAC ′14, pp. 51─56, IEEE, 2014.
[54] K. Verslype, P. Verhaeghe, J. Lapon, V. Naessens, and B. De Decker, “PriMan: A Privacy-preserving Identity Framework,” In IFIP Annual Conference on Data and Applications Security and Privacy─DBSec ′10, LNCS 6166, pp. 327─334, Springer, 2010.
[55] W. Mostowski and P. Vullers, “Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards,” In International Conference on Security and Privacy in Communication Systems─SecureComm ′11, LNCS 96, pp. 243─260, Springer, 2012.
[56] P. Vullers and G. Alpar, “Efficient Selective Disclosure on Smart Cards Using Idemix,” In IFIP Working Conference on Policies and Research in Identity Management─IDMAN ′13, LNCS 396, pp. 53─67, Springer, 2013.
[57] K. Zeb, K. Saleem, J. Al Muhtadi, and C. Thuemmler, “U-prove Based Security Framework for Mobile Device Authentication in eHealth Networks,” In IEEE 18th International Conference on e-Health Networking Applications and Services─Healthcom ′16, pp. 1─6, IEEE, 2016.
[58] J. B. Bernabe, J. L. Hernandez-Ramos, and A. F. S. Gomez, “Holistic Privacy-preserving Identity Management System for the Internet of Things,” Mobile Information Systems, 2017. doi:10.1155/2017/6384186
[59] J. Camenisch, L. Chen, M. Drijvers, A. Lehmann, D. Novick, and R. Urian, “One TPM to Bind Them All: Fixing TPM2.0 for Provably Secure Anonymous Attestation,” In 38th IEEE Symposium on Security and Privacy, IEEE, 2017. doi:10.1109/SP.2017.22
[60] J. M. de Fuentes, L. Gonzalez-Manzano, J. Serna-Olvera, and F. Veseli, “Assessment of Attribute-based Credentials for Privacy-preserving Road Traffic Services in Smart Cities,” Personal and Ubiquitous Computing, Vol. 21, No. 5, pp. 869─891, 2017.
[61] J. Lapon, “Anonymous Credential Systems: from Theory Towards Practice,” PhD Thesis, Katholieke Universiteit Leuven, July 2012.
[62] E. R. Verheul, “Self-blindable Credential Certificates from the Weil Pairing,” In International Conference on the Theory and Application of Cryptology and Information Security─ASIACRYPT ′01, LNCS 2248, pp. 533─551, Springer, 2001.
[63] P. Persiano, I. Visconti, “An Anonymous Credential System and A Privacy-aware PKI,” In Proceedings of the 8th Australasian Conference on Information Security and Privacy─ACISP ′03, LNCS 2727, pp. 27─38, Springer, 2003.
[64] D. Chaum, “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Communications of the ACM, Vol. 28, No. 10, pp. 1030─1044, ACM, 1985.
[65] D. Chaum and J. H. Evertse, “A Secure and Privacy-protecting Protocol for Transmitting Personal Information between Organizations,” In Advances in Cryptology─CRYPTO ′86, LNCS 263, pp. 118─167, Springer, 1987.
[66] I. Damgard, “Payment Systems and Credential Mechanisms with Provable Security against Abuse by Individuals,” In Advances in Cryptology─CRYPTO ′88, LNCS 403, pp. 328─335, Springer, 1990.
[67] L. Chen, “Access with Pseudonyms,” In Cryptography: Policy and Algorithms, LNCS 1029, pp. 232─243, Springer, 1996.
[68] A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf, “Pseudonym Systems,” In International Workshop on Selected Areas in Cryptography─SAC ′99, LNCS 1758, pp. 184─199, Springer, 1999.
[69] M. Blum, P. Feldman, and S. Micali, “Non-interactive Zero-knowledge and Its Applications,” In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, pp. 103─112, ACM, 1988.
[70] A. Fiat and A. Shamir, “How to Prove Yourself: Practical Solutions to Identification and Signature Problems,” In Advances in Cryptology─CRYPTO ′86, LNCS 263, pp. 186─194, Springer, 1987.
[71] H. Krawczyk and T. Rabin, “Chameleon Hashing and Signatures,” In Proceedings of Symposium on Network and Distributed System Security Symposium─NDSS ′00, pp. 143─154, The Internet Society, 2000.
[72] H. J. Kim, J. I. Lim, and D. H. Lee, “Efficient and Secure Member Deletion in Group Signature Schemes,” In Proceedings of the 3rd International Conference on Information Security and Cryptology─ICISC ′00, LNCS 2015, pp. 150─161, Springer, 2001.
[73] L. Nguyen, “Accumulators from Bilinear Pairings and Applications,” In Proceedings of the Cryptographers′ Track at the RSA Conference 2009 on Topics in Cryptology─CT-RSA ′05, LNCS 3376, pp. 275─292, Springer, 2005.
[74] D. Boneh and X. Boyen, “Short Signatures without Random Oracles,” In Advances in Cryptology─EUROCRYPT ′04, LNCS 3027, pp. 56─73, Springer, 2004.
[75] M. H. Au, P. P. Tsang, W. Susilo, and Y. Mu, “Dynamic Universal Accumulators for DDH Groups and Their Application to Attribute-based Anonymous Credential Systems,” In Proceedings of the Cryptographers′ Track at the RSA Conference 2009 on Topics in Cryptology─CT-RSA ′09, LNCS 5473, pp. 295─308, Springer, 2009.
[76] J. Li, N. Li, and R. Xue, “Universal Accumulators with Efficient Nonmembership Proofs,” In Proceedings of the 5th International Conference on Applied Cryptography and Network Security─ACNS ′07, LNCS 4521, pp. 253─269, Springer, 2007.
[77] A. Mashatan and S. Vaudenay, “A Fully Dynamic Universal Accumulator,” Proceedings of the Romanian Academy, Vol. 14, pp. 269─285, 2013.
[78] L. Chen and T. P. Pedersen, “New Group Signature Schemes,” In Advances in Cryptology─EUROCRYPT ′94, LNCS 950, pp. 171─181, Springer, 1995.
[79] J. Camenisch, M. Kohlweiss, and C. Soriente, “An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials," In Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography─PKC ′09, LNCS 5443, pp. 481─500, Springer, 2009.
[80] B. Libert and D. Vergnaud, “Unidirectional Chosen-ciphertext Secure Proxy Re-encryption,” In International Workshop on Public Key Cryptography─PKC ′08, LNCS 4939, pp. 360─379, Springer, 2008.
[81] J. Shao and Z. Cao, “CCA-secure Proxy Re-encryption without Pairings,” In International Workshop on Public Key Cryptography─PKC ′09, LNCS 5443, pp. 357─376, Springer, 2009.
[82] J. Shao, P. Liu, Z. Cao, and G. Wei, “Multi-use Unidirectional Proxy Re-encryption,” In Proceedings of IEEE International Conference on Communications─ICC ′11, pp. 1─5, IEEE, 2011.
[83] J. Shao and Z. Cao, “Multi-use Unidirectional Identity-based Proxy Re-encryption from Hierarchical Identity-based Encryption,” Information Sciences, Vol. 206, pp. 83─95, 2012.
[84] M. Blaze, G. Bleumer, and M. Strauss, “Divertible Protocols and Atomic Proxy Cryptography,” In Advances in Cryptology─EUROCRYPT ′98, LNCS 1403, pp. 127─144, Springer, 1998.
[85] A. Ivan and Y. Dodis, “Proxy Cryptography Revisited,” In Proceedings of the Network and Distributed System Security Symposium─NDSS ′03, The Internet Society, 2003.
[86] D. Boneh and M. Franklin, “Identity-based Encryption from the Weil Pairing,” In Advances in Cryptology─CRYPTO ′01, LNCS 2139, pp. 213─229, Springer, 2001.
[87] J. Weng, R. H. Deng, X. Ding, C. K. Chu, and J. Lai, “Conditional Proxy Re-encryption Secure against Chosen-ciphertext Attack,” In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security─ASIACCS ′09, pp. 322─332, ACM, 2009.
[88] S. S. Vivek, S. S. D. Selvi, V. Radhakishan, and C. Pandu Rangan, “Conditional Proxy Re-encryption ─ A More Efficient Construction,” In Advances in Network Security and Applications─CNSA ′11, CCIS, Vol. 196, pp. 502─512, Springer, 2011.
[89] J. Li, X. Zhao, Y. Zhang, and W. Yao, “Provably Secure Certificate-based Conditional Proxy Re-encryption,” Journal of Information Science and Engineering, Vol. 32, No. 4, pp. 813─830, 2016.
[90] C. Gentry, “Certificate-based Encryption and the Certificate Revocation Problem,” In Advances in Cryptology─EUROCRYPT ′03, LNCS 2656, pp. 272─293, Springer, 2003.
[91] D. Chaum and H. van Antwerpen, “Undeniable Signatures,” In Advances in Cryptology─CRYPTO ′89, LNCS 435, pp. 212─216, Springer, 1990.
[92] D. Chaum, “Designated Confirmer Signatures,” In Advances in Cryptology─EUROCRYPT ′94, LNCS 950, pp. 86─91, Springer, 1995.
[93] R. Gennaro, H. Krawczyk, and T. Rabin, “RSA-based Undeniable Signatures,” In Advances in Cryptology─CRYPTO ′97, LNCS 1294, pp. 132─149, Springer, 1997.
[94] A. Shamir, “Identity-based Cryptosystems and Signature Schemes,” In Advances in Cryptology─CRYPTO ′84, LNCS 196, pp. 47─53, Springer, 1984.
[95] RSA Labs: RSA Cryptography Standard: EMSAPSS-PKCS#1 v2.1, 2002.
[96] L. C. Guillou and J. J. Quisquater, “A Practical Zero-knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory,” In Advances in Cryptology─EUROCRYPT ′88, LNCS 330, pp. 123─128, Springer, 1988.
[97] D. Pointcheval and J. Stern, “Security Proofs for Signature Schemes,” In Advances in Cryptology─EUROCRYPT ′96, LNCS 1070, pp. 387─398, Springer, 1996.
[98] D. Pointcheval and J. Stern, “Provably Secure Blind Signature Schemes,” In Advances in Cryptology─ASIACRYPT ′96, LNCS 1163, pp. 252─265, Springer, 1996.
[99] Y. Seurin, “On the Exact Security of Schnorr-type Signatures in the Random Oracle Model,” In Advances in Cryptology─EUROCRYPT ′12, LNCS 7237, pp. 554─571, Springer, 2012.
[100] M. Bellare and A. Palacio, “GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks,” In Advances in Cryptology─CRYPTO ′02, LNCS 2442, pp. 162─177, Springer, 2002.
[101] M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, “The One-more-RSA-inversion Problems and the Security of Chaum′s Blind Signature Scheme,” Journal of Cryptology, Vol. 16, No. 3, pp. 185─215, 2003.
[102] P. Baecher and M. Fischlin, “Random Oracle Reducibility,” In Advances in Cryptology─CRYPTO ′11, LNCS 6841, pp. 21─38, Springer, 2011.
[103] B. Chor, A. Fiat, and M. Naor, “Tracing Traitors,” In Advances in Cryptology─CRYPTO ′94, LNCS 839, pp. 257─270, Springer, 1994.
[104] S. Mitsunari, R. Sakai, and M. Kasahara, “A New Traitor Tracing,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E85-A, No. 2, pp. 481─484, 2002.
[105] V. D. To, R. Safavi-Naini, and F. Zhang, “New Traitor Tracing Schemes Using Bilinear Map,” In Proceedings of the 3rd ACM Workshop on Digital Rights Management, pp. 67─76, ACM, 2003.
[106] D. Boneh, A. Sahai, and B. Waters, “Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys,” In Advances in Cryptology─EUROCRYPT ′06, LNCS 4004, pp. 573─592, Springer, 2006.
[107] D. Boneh and M. Naor, “Traitor Tracing with Constant Size Ciphertext,” In Proceedings of the 15th ACM Conference on Computer and Communications Security─CCS ′08, pp. 501─510, ACM, 2008.
[108] T. M. Kuo, S. M. Yen, and M. C. Han, “Dynamic Reversed Accumulator,” International Journal of Information Security, Vol. 17, No. 2, pp. 183─191, 2018. doi:10.1007/s10207-017-0360-6
[109] A. Miyaji, M. Nakabayashi, and S. Takano, “New Explicit Conditions of Elliptic Curve Traces for FR-reduction,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E84-A, No. 5, pp. 1234─1243, 2001.
[110] S. Galbraith, F. Hess, and F. Vercauteren, “Aspects of Pairing Inversion,” IEEE Transactions on Information Theory, Vol. 54, No. 12, pp. 5719─5728, 2008.
[111] M. S. Kiraz and O. Uzunkol, “Still Wrong Use of Pairings in Cryptography,” Cryptology ePrint Archive, Report 2016/223, 2016. Available at https://eprint.iacr.org/2016/223.
[112] G. Frey and H. G. Ruck, “A Remark Concerning m-divisibility and the Discrete Logarithm in the Divisor Class Group of Curves,” Mathematics of Computation, Vol. 62, No. 206, pp. 865─874, 1994.
[113] A. Menezes, T. Okamoto, and S. Vanstone, “Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field,” IEEE Transactions on Information Theory, Vol. 39, No. 5, pp. 1639─1646, 1993.
[114] Z. Qin, H. Xiong, S. Wu, and J. Batamuliza, “A Survey of Proxy Re-encryption for Secure Data Sharing in Cloud Computing,” IEEE Transactions on Services Computing, 2016. doi:10.1109/TSC.2016.2551238
[115] C. Lan, H. Li, S. Yin, and L. Teng, “A New Security Cloud Storage Data Encryption Scheme Based on Identity Proxy Re-encryption,” International Journal of Network Security, Vol. 19, No. 5, pp. 804─810, 2017.
[116] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, “Handbook of Applied Cryptography,” CRC Press, pp. 229─230.
[117] D. Boneh and X. Boyen, “Efficient Selective-ID Secure Identity-based Encryption without Random Oracles,” In Advances in Cryptology─EUROCRYPT ′04, LNCS 3027, pp. 223─238, Springer, 2004.
[118] Y. Rouselakis and B. Waters, “Efficient Statically-secure Large-universe Multi-authority Attribute-based Encryption,” In International Conference on Financial Cryptography and Data Security─FC ′15, LNCS 8975, pp. 315─332, Springer, 2015.
[119] T. Unterluggauer and E. Wenger, “Efficient Pairings and ECC for Embedded Systems,” In International Workshop on Cryptographic Hardware and Embedded Systems─CHES ′14, LNCS 8731, pp. 298─315, Springer, 2014.
[120] Y. Wen and Z. Gong, “A Dynamic Matching Secret Handshake Scheme without Random Oracles,” In International Conference on Network and System Security─NSS ′14, LNCS 8792, pp. 409─420, Springer, 2014.
[121] B. Waters, “Efficient Identity-based Encryption without Random Oracles,” In Advances in Cryptology─EUROCRYPT ′05, LNCS 3494, pp. 114─127, Springer, 2005.
[122] V. Miller, “The Weil Pairing, and Its Efficient Calculation,” Journal of Cryptology, Vol. 17, No. 4, pp. 235─261, 2004.
[123] J. Camenisch and M. Stadler, “Efficient Group Signature Schemes for Large Groups,” In Advances in Cryptology─CRYPTO ′97, LNCS 1294, pp. 410─424, Springer, 1997.
[124] I. Damgard, “On the Existence of Bit Commitment Schemes and Zero-knowledge Proofs,” In Advances in Cryptology─CRYPTO ′89, LNCS 435, pp. 17─27, Springer, 1990.
[125] R. Cramer, “Modular Design of Secure, yet Practical Cryptographic Protocols,” PhD Thesis, University of Amsterdam, 1996.
[126] I. Damgard, “On Sigma─protocols,” 2010. Available at http://www.cs.au.dk/_ivan/Sigma.pdf.
[127] W. Mao, “Modern Cryptography: Theory and Practice,” Prentice Hall Professional Technical Reference, 2003.
[128] M. Bellare and P. Rogaway, “Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols,” In Proceedings of the 1st ACM Conference on Computer and Communications Security─CCS ′93, pp. 62─73, ACM, 1993.
[129] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among Notions of Security for Public-key Encryption Scheme,” In Advances in Cryptology─CRYPTO ′98, LNCS 1462, pp. 26─45, Springer, 1998.
[130] D. Dolev, C. Dwork, and M. Naor, “Non-malleable Cryptography,” SIAM Journal on Computing, Vol. 30, No. 2, pp. 391─437, 2000.
[131] R. Canetti, H. Krawczyk, and J. B. Nielsen, “Relaxing Chosen-ciphertext Security,” In Advances in Cryptology─CRYPTO ′03, LNCS 2729, pp. 565─582, Springer, 2003.
[132] S. Goldwasser and S. Micali, “Probabilistic Encryption,” Journal of Computer and System Sciences, Vol. 28, pp. 270─299, 1984.
[133] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, “On the (Im)possibility of Obfuscating Programs,” In Advances in Cryptology─CRYPTO ′01, LNCS 2139, Springer, 2001. doi:10.1007/3-540-44647-8_1
[134] M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption,” In Advances in Cryptology─EUROCRYPTO ′94, LNCS 950, pp. 92─111, Springer, 1995.
[135] C. Gentry, “Practical Identity-based Encryption without Random Oracles,” In Advances in Cryptology─EUROCRYPT ′06, LNCS 4004, pp. 445─464, Springer, 2006.
[136] E. Kiltz, “Chosen-ciphertext Secure Identity-based Encryption in the Standard Model with Short Ciphertexts,” Cryptology ePrint Archive, Report 2006/122, 2006. Available at https://eprint.iacr.org/2006/122.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2018-6-19

推文