標題: 電腦網路密鑰分享之機率模型
Probability Modeling in a Secret Sharing Computer Environment
作者: 李清雲
Lee, Ching-Yun
陳登吉
Chen, Deng-Jyi
資訊科學與工程研究所
關鍵字: 網際網路,秘密分享,;或然率,網路安全,;擴展樹,;圖形理論。;Internet, Secret Sharing,;Probability,;Network Security,;Spanning Tree,;Graph Theory
公開日期: 1999
摘要: 由於資源共享、相互通連等特性,造成資訊網路的驚人成長,但也潛在著安全威脅等問題,那就是當使用者可以很方便的透過電腦網路,隨時隨地存取連接在網路上之其他電腦資訊時,儲存在本身電腦的機密資料及當一些重要資料在電腦網路傳輸時,會受到什麼樣的威脅且該如何的保護?對於此一發展趨勢,資訊保密與網路安全已成為很重要的課題。本篇論文探討密鑰分享方式,以確保資料儲存與傳輸的安全性。首先,在開放式的電腦網路環境中,我們嘗試提出新的機率模型來評估密鑰恢復的或然率,並提出演算法來計算在不可靠的網路系統中密鑰恢復之或然率。 其次,針對階層式授權及團體導向的密鑰分享策略應用,提出兩個密鑰分享方法,稱為複式分配法和複式密鑰分享方法,是廣義的密鑰分享方式,不受限於一個固定的門檻值且可實現預定的分享策略;同時,配合上述密鑰分享方法,我們提出次密鑰配置法則,利用次密鑰加權衡量及參與者的重要性等觀念,可獲得密鑰恢復或然率最佳解之逼近值,由模擬結果得到其平均絕對誤差小於0.01。
Information technologies have ushered in a new era for computer-related communications. Use of the Internet for commercial applications and resource sharing has accelerated in recent years as well. Individuals can use the Internet to instantly access information from anywhere in the world. Owing to such developments, computer security has become a critical issue nowadays. Much research has been conducted on areas involving network security such as user authentication, data confidentiality, and data integrity. In some applications, a critical message can be divided into pieces and allocated at several different sites over the Internet for security access concern. To secure the applications and data transmission over the Internet, we examine the secret sharing schemes. A secret sharing scheme could be very helpful in the management of secret messages. In this dissertation, we first attempt to present a novel probability model for reconstructing a secret in a computer environment. Algorithm to estimate the probability of secret sharing reconstruction is presented as well. Next, we propose two secret sharing schemes called multiple assignment scheme and multiple secret sharing scheme for sharing a secret. These schemes provide generalized secret sharing which allow multiple threshold access structure for a shared secret and can realize predefined sharing policies. We also propose two assignment methods, called WSA (weighted share assignment) and RSHA (ranked share-holder assignment), for assigning shares on hosts in such a way that the probability to be able to reconstruct the secret becomes the highest with regards to failure in unreliable computer networks. From the simulation results, we can see that in almost each case the proposed algorithms find suboptimal solution efficiently.
URI: http://140.113.39.130/cdrfb3/record/nctu/#NT880392087
http://hdl.handle.net/11536/65487
顯示於類別:畢業論文