不可否認與依法取用機制之研究

Abstract

隨著網際網路技術與電子商務市場的快速成長，資訊安全相關技術也變得日漸重要。其中身份鑑別、私密性、真確性與不可否認性等四項安全服務被視為網路安全的基本要素。本論文以不可否認性為中心思想，探討兩個相關的主題：不可否認安全協定以及依法取用機制。 不可否認安全協定為本論文的第一個主題，本論文提出三個適用於不同效率與安全需求的不可否認安全協定，並提出集中式證據管理的概念，具有以下優點：首先，本文提出的協定降低對被信賴第三者的信賴程度；其次，集中式證據管理可以減輕證據使用者管理證據的負擔；最後，由於證據的集中保管，可增加對證據本身的安全保護。 依法取用安全機制為本論文的第二個主題，本論文提出兩個分別適用於對稱式金鑰密碼系統與非對稱式金鑰密碼系統的金鑰回復系統。金鑰回復是網路安全中被廣為討論的問題。在金鑰回復系統中，解密金鑰以適當的方式，儲存於金鑰代管機關中，而經由法律程序，可取得解密金鑰，以防止密碼系統被用於犯罪行為。本論文提出的金鑰回復系統能夠同時限制監聽範圍與監聽時間。 不可否認安全服務提供事前的證據管理；依法取用機制則提供事後的證據蒐集。以上述兩項研究為基礎，本論文對網際網路虛擬社會行為的證據力及可追跡性提出解決方案，其主要目的在避免電腦犯罪的發生。

Due to the explosive growth of electronic businesses on the Internet, security has become increasingly important. Four security services are conducted as fundamental requirements for information security. These are authentication, confidentiality, integrity, and non-repudiation. In this dissertation, the author focuses on two subjects of the non-repudiation service requirement: non-repudiation protocols, and lawful access mechanisms. Focusing on the first subject-non-repudiation protocols, the author proposes three non-repudiation protocols with different security and effective issues. Furthermore, the author introduces a centralized evidence management scheme that could improve the following properties. First, the author alleviates the assumption that trusted delivery agents are unconditionally trusted by all entities involved in the transaction. Second, the author reduces the overhead for users in managing evidence. Finally, the proposed scheme strengthens the ability of preventing evidence from being forged. Focusing on the second subject-lawful access mechanisms, the author proposes two key recovery protocols, which are suitable for symmetric and asymmetric key cryptosystems . Key recovery systems have been widely studied in network security. In such systems, a copy of the decryption key for each user is escrowed by one or more trusted parties, and is available if a warrant is issued for it. In this study, the author proposes two novel key recovery systems. Furthermore, this method could resolve the time span problem in the conventional key recovery systems at the same time. Based on the results obtained from these two research subjects , the author has contributed innovative ideas to the non-repudiation service. The purpose of the schemes in this dissertation is to maintain evidence and track behavior in the Internet virtual society to prevent computer crimes. Based on the results obtained from the two research subjects aforementioned, the author has contributed innovative ideas to the non-repudiation service. The purport of schemes in this dissertation is to keep the evidence and the tracks of behavior in the Internet virtual sociality for preventing computer crimes.