研究生: |
吳曼甄 Man-Chen Wu |
---|---|
論文名稱: |
應用於 App 洩密者追蹤之動態金鑰管理機制 Dynamic Key Management Mechanism forApp Traitor Tracing |
指導教授: |
吳宗成
Tzong-Chen Wu |
口試委員: |
羅乃維
Nai-Wei Lo 蔡國裕 Kuo-Yu Tsai |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2015 |
畢業學年度: | 103 |
語文別: | 中文 |
論文頁數: | 76 |
中文關鍵詞: | 存取控制 、共謀攻擊 、金鑰管理 、動態洩密者追蹤 、Android 、行動裝置 |
外文關鍵詞: | Mobile device, Android, Access control, Collusion attack, Key management, Dynamic traitor tracing |
相關次數: | 點閱:222 下載:2 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
2014年,Tsai等人提出基於動態載入之AndroidApp 防複製攻擊機制,不僅每次執行前須向伺服器下載完整的一次性分離程式檔 (即數位內容)。再者,App 使用者經合作收集資訊,共謀製作出解密金鑰,進一步非授權取得與執行App 內容。因此,本論文主要研究動態金鑰管理機制,防制App 非授權的行為、抵禦App 使用者的共謀攻擊、有效保護分離程式檔,且能降低每次與伺服器資料傳輸的通訊成本。本機制亦可達到有效性、機密性、完整性、連結性、可追蹤性、共謀攻擊、抵抗中間人攻擊及抵抗重送攻擊等安全需求。
In 2014, Tsai et al. presented an android App copy protection mechanism based on dynamic loading. However, it has large communication cost with server and risky to start a pirate broadcast situation. Although server give authorized parties cryptographic keys allowing them to decrypt a class separation segment (as digital content), it does not prevent one of those authorized to view the separation segment from transferring the plaintext format to some unauthorized party. That is to say, the (set of) authorized user(s) may combine their information to generate a pirate decoder, so that other non-authorized parties execute App . We called collusion attack, and these non-authorized parties are called pirate users.
In this paper, we propose a Dynamic Key Management Mechanism based on dynamic loading and dynamic traitor tracing scheme to against collusion attacks, cost down communication cost and effectively protect the class separation segment. In addition, we can satisfy these requirements: effectiveness, confidentiality, robustness, binding, traceability, collusion attacks resistance, man-in-the-middle-attack resistance and replay-attack resistance.
中文部份
[1] 李敏勤,「動態洩密者追蹤之金鑰管理機制,臺灣科技大學資訊管理學系碩士論文,2004。
[2] 周旭東,「以虛擬亂數為基之對稱式區塊加密機制研究」,國防大學學資訊管理學系碩士論文,2008。
[3] 陳俊佑,「使用列表解碼法之洩密者追蹤與廢止協定」,交通大學資訊管理學系碩士論文,2003。
[4] 曾蕙如,「具時限性之安全廣播機制」,臺灣科技大學資訊管理學系碩士論文,2004。
[5] 賴溪松,韓亮與張真誠,「近代密碼學及其應用」,松崗,1997。
英文部份
[6] M. Abdalla, Y. Shavitt, and A. Wool, “Key Management for Restricted Multicast Using Broadcast Encryption,” IEEE Transactions on Networking, Vol. 8, Issue 4, pp. 443-454, 2000.
[7] J. Anzai, N. Matsuzaki, and T. Matsumoto, “A Quick Group Key Distribution Scheme with “Entity Revocation” ,” Proceedings of Advances in Cryptology – Asiacrypt’99, Springer-Verlag, pp. 333-347, 1999.
[8] Arxan Inc., Arxan Technology Research Report: “State of MobileApp Security,” Vol. 3, Nov 2014, https://www.arxan.com/resources/state-of-security-in-the-App -economy/.
[9] S. Bhatt, R. Sion, and B. Carbunar, “A personal mobile DRM manager for smart phones,” Computers and Security, Vol. 28, No. 6, pp. 327-340, 2009.
[10] S. Boneh and J. Shaw, “Collusion-Secure Fingerprinting for Digital Data,” IEEE Transaction on Information Theory, Vol. 44, No. 5, pp. 1897-1905, 1998.
[11] C. L. Chen, “A secure and traceable e-DRM system based on mobile device,” Expert Systems with Applications, Vol. 5, No. 3, pp. 878-886, 2008.
[12] S. Choi, J. Jang and E. Jae, “Android Application's Copyright Protection Technology based on Forensic Mark,” ACM Research in Applied Computation Symposium, pp. 338-339, 2012.
[13] B. Chor, A. Fiat, and M. Naor, “Tracing Traitors,” Proceedings of Advances in Cryptology - CRYPTO’94, Vol. 839, pp. 257-270, Springer -Verlag, 1994.
[14] A. Fiat and M. Naor, “Broadcast Encryption,” Proceedings of Advances in Cryptology - CRYPTO’93, Springer-Verlag, Vol. 773, pp. 480-491, 1993.
[15] A. Fiat and T. Tassa, “Dynamic Traitor Tracing,” Proceedings of Advances in Cryptology - CRYPTO’99, Springer, Vol. 1666, pp. 354-371, 1999.
[16] Y. L. Huang, S. P. Winston Shieh, and J. C. Wang, “Practical Key Distribution Schemes for Channel Protection,” Computer Software and Applications Conference, pp. 569-574, 2000.
[17] J. Jang, J. Jung, H. Ji, J. Hong, D. Kim, and S. K. Jung, “Protecting Android Applications with Steganography based Software Watermarking,” Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 106-120, 2013.
[18] Y. S. Jeong, J. C. Moon, D. Kim, Y. U. Park, S. J. Cho, and M. Park, “An Anti-Piracy Mechanism based on Class Separation and Dynamic Loading for Android Applications,” ACM Research in Applied Computation Symposium, pp. 328-332, 2012.
[19] H. Ji and W. Kim, “Design of a Mobile Inspector for Detecting Illegal Android Applications Using Fingerprinting,” Proceedings of the 2013 Research in Adaptive and Convergent Systems, ACM, 2013.
[20] A. Kiayias and M. Yung, “Self Protecting Pirates and Black-Box Traitor Tracing,” Proceedings of Advances in Cryptology - Crypto’2001, Vol. 2139, pp. 63-79, Springer -Verlag, 2001.
[21] H. Kim, “Protection Framework for Android Applications by Encrypting DEX files,” Diss. MS Thesis, Department of Electronics and Computer Engineering, Hanyang University, 2011.
[22] W. C. Ku and S. M. Chen, “An Improved Key Management Scheme for Large Dynamic Groups Using One-Way Function Trees,” IEEE International Conference on Parallel Processing Workshops, pp. 391-396, 2003.
[23] R. C. Merkle, “One way hash functions and DES, ” Proceedings of Advances in Cryptology—CRYPTO’89, pp. 428-446, Springer-Verlag, 1990.
[24] Y. C. Moon, J. H. Noh, A. R. Kim and S. R. Kim, “Design of Copy Protection System for Android Platform,” International Conference on Information Technology IJARCSSE, System and Management, Dubai, 2012.
[25] M. Naor and B. Pinkas, “Threshold Traitor Tracing,” Proceedings of Advances in Cryptology – Crypto’98, Springer-Verlag, pp. 502-517, 1998.
[26] M. Noar, D. Naor, and J. Lotspiech, “Revocation and Tracing Schemes for Stateless Receivers,” Proceedings of Advances in Cryptology -CRYPTO’99, Springer -Verlag, pp. 41-62, 2001.
[27] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn, “Information Hiding - A Survey,” Proceedings of the IEEE, Vol. 87, No. 7, pp. 1062-1078, 1999.
[28] R. Safavi-Naini and Y. Wang, “Sequential Traitor Tracing”, IEEE Transactions on Information Theory, Vol. 49, No. 5, pp. 1319-1326, 2003.
[29] A. Shamir, “How to Share a Secret,” Communications of ACM, Vol. 22, No. 11, pp. 612-613, 1979.
[30] Statista Inc., Statista Statistical Reports, “Worldwide mobileApp revenues from 2011 to 2017 (in billion U.S. dollars),” http://www.statista.com/statistics/269025/worldwide-mobile-App -revenue-forecast/
[31] K. Y. Tsai, Y. H. Chiu and T. C. Wu, “Android App Copy Protection Mechanism based on Dynamic Loading,” The 18th IEEE International Symposium on Consumer Electronics (ISCE 2014) , pp. 1-3, June 2014.
[32] F. K. Tu, C. S. Laih, and H. H. Tung, “On Key Distribution Management for Conditional Access System on Pay-TV System,” IEEE Transactions on Consumer Electronics, Vol. 45, Issue 1, pp. 151-158, 1999.
[33] W. G. Tzeng and Z. J. Tzeng, “A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares,” Public Key Cryptography — PKC 2001, Vol. 1992, pp. 207-224, Springer-Verlag, 2001.
[34] D. Wallner, E. Harder and R. Agee, “Key Management for Multicast: Issues and Architecture,” RFC 2627, September, 1998
[35] L. Zhang, Y. Hu, and N. Mu, “An Identity-based broadcast encryption protocol for Ad hoc networks,” The 9th International Conference for Young Computer Scientists (ICYCS), Computer Society, Vol. 194, pp.1619-1623, 2009.
[36] Y. L Zhang, Y. K. Zhang, and J. Zhang, “An ID-based broadcast encryption scheme for collaborative design,” International Conference on Networks Security, Wireless Communications and Trusted Computing, IEEE Computer Society, Vol. 346, pp. 699-702 , 2009.