研究生: |
江宏文 Jiang, Hung-Wen |
---|---|
論文名稱: |
在TPS有限的公有區塊鏈上實現具大量操作數目需求的DPKI系統 Implement a DPKI system with a large number of operations on a public blockchain with limited TPS |
指導教授: |
黃冠寰
Hwang, Gwan-Hwan |
學位類別: |
碩士 Master |
系所名稱: |
資訊工程學系 Department of Computer Science and Information Engineering |
論文出版年: | 2020 |
畢業學年度: | 108 |
語文別: | 中文 |
論文頁數: | 43 |
中文關鍵詞: | 公開金鑰基礎設施 、PKI 、DPKI 、證明違約 、智能合約 、區塊鏈 、自動賠償 |
DOI URL: | http://doi.org/10.6345/NTNU202000907 |
論文種類: | 學術論文 |
相關次數: | 點閱:133 下載:9 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
PKI架構是目前被廣泛使用的網路身分驗證架構,使用者會向憑證認證機構註冊身分資訊以取得數位憑證,再將數位憑證展示給他人當作身分證明,他人看到憑證後,必須向CA取得撤銷名單才能確認憑證是否有效。雖然這個架構已經在網路中使用10年以上,但他安全性其實有很大的疑慮,因為CA可能會受到DDoS、DNS攻擊,導致檢驗者無法索取撤銷名單,造成身分驗證機制完全失去效用。目前以有許多可以改善CA單點故障的新型PKI架構,但是它們本身或多或少還有其他缺陷,導致到目前為止大家還是使用最原版的架構。
為此,我們提出了半去中心化的PKI架構,透過區塊鏈可以輕易的避開單點故障問題,並且融入的自動賠償機制,使用者透過特定協議,取得密碼學證據,釐清憑證錯誤的責任歸屬,再將證據交由智能合約進行自動判決以及賠償,可以免除現實中,使用者與CA不同國家時,申訴、客服可能遇到的困難。
1. Cooper, David, et al. "RFC 5280: Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile." IETF, May (2008)
2. Santesson, Stefan, et al. "X. 509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP." RFC 6960 (2013). p. 1-41
3. Housley, Russell, et al. Internet X. 509 public key infrastructure certificate and CRL profile. RFC 2459, January (1999).
4. Ellison, Carl, and Bruce Schneier. "Top 10 PKI risks." Computer Security Journal 16.1 (2000).
5. Comodo hacker claims credit for DigiNotar attack. January 24, 2014.
Available from: https://www.pcworld.idg.com.au/article/399812/
comodo_hacker_claims_credit_diginotar_attack/.
6. 58% of Phishing Websites Now Use HTTPS. Available from: https://www.thesslstore.com/blog/58-of-phishing-websites-now-use-https/.
7. Garfinkel, Simson. PGP: pretty good privacy. " O'Reilly Media, Inc.", 1995.
8. Swan, M., Blockchain: Blueprint for a new economy. 2015: " O'Reilly Media, Inc".
9. AL-BASSAM, Mustafa. SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, ryptocurrencies and Contracts. 2017. p. 35-40.
10. Lewison, Karen, and Francisco Corella. "Backing rich credentials with a blockchain PKI." Tech. Rep. (2016).
11. Ethereum. Available from: https://etherscan.io/.
12. Let's Encrypt 統計數據. Available from: https://letsencrypt.org/zh-tw/stats/.
13. Regulation, Protection. "Regulation (EU) 2016/679 of the European Parliament and of the Council." REGULATION (EU) 679 (2016): 2016.
14. TP-Merkle Tree. Available from: https://itrustmachines.com/
15. Swan, Melanie. Blockchain: Blueprint for a new economy. " O'Reilly Media, Inc.", 2015.
16. Nakamoto, Satoshi. Bitcoin: A peer-to-peer electronic cash system. 2008.
17. Wood, Gavin. "Ethereum: A secure decentralised generalised transaction ledger." Ethereum project yellow paper 151.2014 (2014): 1-32.
18. Litecoin. Available from: https://chainz.cryptoid.info/ltc/.
19. HWANG, Gwan-Hwan; HUANG, Wei-Sian; PENG, Jenn-Zjone. Real-time proof of violation for cloud storage. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science. IEEE, 2014. p. 394-399.
20. Hwang, G.H., et al., Fulfilling mutual nonrepudiation for cloud storage. 2016. 28(3): p. 583-599.
21. Benet, Juan. "Ipfs-content addressed, versioned, p2p file system." arXiv preprint arXiv:1407.3561 (2014).