透過您的圖書館登入 IP:3.141.41.187
透過您的圖書館登入
IP:3.141.41.187
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

行動資料安全管理之設計原則與實作

Mobile Data Security Management: Design Principles and Implementation

董才業(Tsai-Yeh Tung)
指導教授 : 李德財
國立臺灣大學/電機資訊學院/資訊工程學研究所/博士(2014年)
https://doi.org/10.6342/NTU.2014.02268
全文下載

摘要

本論文定義並探討了嶄新的資料存在問題(Data Presence Problem),涵蓋資料聚合、資料散布,與資料長時間存在的子問題,並提出了使用者控制、使用者端加密,與短暫性等三項顯著功能作為系統設計原則,分別解決上述三項子問題;為了實現這三項系統設計原則,我們提出同步與非同步「潘朵拉」安全訊息協定(Pandora Messaging Protocol),用來設計與建立一個行動資料安全管理系統;非同步潘朵拉訊息協定是一項具備密碼學前向安全(Forward Secrecy)性質的非同步訊息加密協定,此協定整合了我們設計的基於每條消息可更新加解密臨時金鑰的機制,而用來將訊息解密的臨時金鑰,則會在訊息傳送者所設定的過期條件滿足時被安全地刪除,進而達到加密過的訊息過期之後,在缺乏解密金鑰的情況下,無法以有限的電腦計算能力被迅速有效地解密,這機制讓訊息無法再取得,而達到訊息等同於「自我銷毀」的目的;讓訊息得以自我銷毀的機制,對於保護敏感資訊、避免資料外洩的訊息傳送者而言,尤其重要。藉由設定訊息的「過期條件」或者「解密條件」,例如,時間、事件或其他行動裝置之地理位置等,讓訊息過期之後,訊息接收者就無法再取得該訊息,或者讓第三者由於其裝置在無法滿足解密條件下,即使竊取了訊息也無從解密,進而達到保護機敏資訊的目的。論文中也根據同步與非同步潘朵拉安全訊息協定,在Android行動作業系統平台上實作了訊息傳送應用程式的原型,並且評估了訊息加解密在行動裝置上的效能,以確保我們提出的同步與非同步潘朵拉訊息協定具備實用性與可行性。

關鍵字

行動資料安全管理 即時訊息 隱私與安全 密碼學 使用者端加密 臨時金鑰 自我銷毀資料

並列摘要

In this dissertation, we define and investigate the novel data presence problem as data aggregation, data spreading, and data long-term existence problems. To address the data presence problem, we propose three salient features including user-controllability, client-side encryption, and ephemerality as design principles. And to realize these three design principles, we propose Synchronous and Asynchronous Pandora Messaging protocols for designing and building a mobile data security management system. The Asynchronous Pandora Messaging is a forward secure asynchronous messaging integrated with a per-message rekeying mechanism. The ephemeral decryption key of the message is securely deleted when the expiration condition of the message is satisfied. As a result, it is in principle impossible to decrypt the encrypted message efficiently without possessing the ephemeral decryption key. In other words, the message is regarded as self-destructible. Making a message self-destructible is particularly important for those who want to protect sensitive data in case of data compromise. By setting up expiration constraints for ephemeral decryption key or decryption policy for secret message transmission, we make messages inaccessible to anyone when the constraint is satisfied, or make messages unreadable even when intercepted by a third party who has no means to fulfill the decryption policy. In doing so, we provide a second-layer protection of sensitive data during message transmission. We have implemented two messaging application prototypes on Android, and have evaluated their performances to prove our Pandora Messaging protocols are practical and feasible.

並列關鍵字

mobile data security management instant messaging privacy and security cryptography client-side encryption ephemeral key self-destructing data

參考文獻

[4] S. Blake-Wilson and A. Menezes, “Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol”, in Public Key Cryptography, Springer Berlin Heidelberg, 1999, pp. 154–170.
[8] P. R. Burnap, I. Spasic, W. A. Gray, J. C. Hilton, O. F. Rana, and G. Elwyn, “Protecting patient privacy in distributed collaborative healthcare environments by retaining access control of shared information”, in 2012 International Conference on Collaboration Technologies and Systems (CTS), 2012, pp. 490 –497.
[10] R. Canetti and H. Krawczyk, “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels”, in Theory and Application of Cryptographic Techniques, 2001, pp. 453–474.
[12] Cloud Security Alliance, “Top Threats to Cloud Computing”, v1.0, March 2010. https://cloudsecurityalliance.org/research/top-threats/
[13] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2”, RFC 5246, August 2008. http://tools.ietf.org/html/rfc5246

延伸閱讀

全文下載