雷欽隆臺灣大學：電機工程學研究所徐彰健Hsu, Chang-ChienChang-ChienHsu2007-11-262018-07-062007-11-262018-07-062004http://ntur.lib.ntu.edu.tw//handle/246246/53271我們在這裡提出一個在點對點環境上可以提供完整公開金鑰基礎建設功能的架構以及一個可以把私鑰儲存於點對點網路上的子系統。我們把這個系統稱為 PPPKI。點對點的環境有許多優點，例如它不易遭到阻斷式的攻擊，而且幾乎不會停止運作。另外，公開金鑰基礎建設是個非常重要的架構，它是許多網路應用的重要基礎。 為了提供公開金鑰基礎建設所需的完整功能，我們在PPPKI 裡設計了建立憑證、散佈憑證、註銷憑證、以及更新憑證內容的方法。除此之外，我們設計了一個可以把私鑰存放在點對點網路上的方法。讓我們不需要攜帶任何的東西，也可以進行各種活動。傳統上，要逹到這個目的，通常是把私鑰加密後存放在伺服器端，但這很容遭到離線攻擊。與之不同的是，我們所設計出來的架構下，除了原擁有者外，沒有任何人可以得到完整的加密過後的私鑰，所以他無法對加密私鑰用的密碼做字典或暴力攻擊。 除了公開金鑰基礎建設的基本功能外，為了解決中間人的問題，我們提出了一個協助者的機制，可以在沒有任何可共同信任的單位的情況下，要進行安全的通訊。中間人問題一直是純分散式系統一個很大的威脅。 最後我們做了一些模擬，來驗證 PPPKI 的效率和可靠性。結果顯示，在有限的資源下，PPPKI 也能有很好的表現。We would like to introduce a scheme to provide complete functions to operate a public key infrastructure (PKI) on a peer-to-peer environment and a subsystem to store private keys in a peer-to-peer system, and we would use PPPKI for this peer-to-peer PKI scheme. Peer-to-peer systems have many advantages, for example, they withstand DoS attacks and can not be shutdown easily. Therefore, there are many possibilities on peer-to-peer systems. Besides, PKI is a very important infrastructure, which is the base of many electronic applications. PPPKI provides complete functions to operate a PKI system. The functions we design are to create a certificate, to insert a certificate into a peer-to-peer system, to revoke a certificate, and to change the information in a certificate (rekey). Moreover, a scheme to store private keys in the peer-to-peer system is proposed in this paper as a subsystem of PPPKI. If private keys are encrypted and stored in a central database, a manager of the database can use brute-force and dictionary attacks to compromise the private key in a off-line manner. In contrast, any cracker can only try constant times to get encrypted private keys in PPPKI’s subsystem. This probability is almost negligible. Besides the basic functions, we suggest a helper mechanism to prevent a man in the middle (MITM) attack. In a pure peer-to-peer environment, there is no centralized authority, like KDC, to provide a secure communication method between two arbitrary nodes. Consequently, MITM is a serious threat in such an environment. At last, we design a simulation to estimate the resource needed by PPPKI and the performance presented by PPPKI. We found that we can have PPPKI work well with limited resources.Chapter 1. Introduction 1 1.1 PKI 1 1.2 Peer-to-Peer Architectures 2 1.3 Centralized and Distributed 3 1.4 Our System Goal 4 Chapter 2. Related Works 5 2.1 Anwitaman’s Work 5 2.1.1 Scheme 6 2.1.2 Problems 8 2.2 Hierarchical PKI 9 2.3 Web of trust 10 2.4 Single Sign On 10 Chapter 3. Constructing a Distributed PKI 12 3.1 Definitions 12 3.1.1 Certificate Format 12 3.1.2 Notations 14 3.1.3 Helper 16 3.1.4 Messages 17 3.2 Certificate and Public Key 18 3.2.1 Certificate Creation and Insertion 18 3.2.2 Certificate Duplication 20 3.2.3 Certificate Retrieving 21 3.2.4 Forward Request 23 3.2.5 Revoke 24 3.2.6 Rekey 24 3.3 Private Key 25 3.3.1 Inserting 25 3.3.2 Duplication 26 3.3.3 Retrieving 27 3.3.4 Access Control 27 3.4 Maintenance 28 3.4.1 Hash Number and Duplicate Number 28 3.4.2 Hash Query 29 3.4.3 Duplicate Query 29 3.4.4 New Node Created in the Peer-to-Peer System 31 3.4.5 Garbage Collection 31 Chapter 4. Analyses 32 4.1 Security Properties 32 4.1.1 MITM 32 4.1.2 Brute Force or Dictionary Attack 32 4.1.3 Malicious Nodes 33 4.1.4 DoS 33 4.1.5 OS Hole 33 4.2 Availability 34 4.2.1 Simple Probability Model 34 4.2.2 Queuing model 36 Chapter 5. Simulation 38 5.1 Parameters 39 5.2 Simulation Structure 40 5.3 Simulation Flows 41 5.4 Result 43 Chapter 6. Conclusions 47 References 481017461 bytesapplication/pdfen-US點對點公開金鑰基礎建設peer-too-peerPKIthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/53271/1/ntu-93-R91921082-1.pdf