Dissertations / Theses on the topic 'SECRET SHARING SYSTEM'

<p>Finnegan Lab System is a graphical computer program for learning how secret sharing works. With its focus on the algorithms and the data streams, the user does not have to consider machine-specific low-level details. It is highly modularised and is not restricted to secret sharing, but can easily be extended with new functions, such as building blocks for Feistel networks or signal processing. </p><p>This thesis describes what secret sharing is, the development of a new lab system designed for secret sharing and how it can be used.</p>

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.

Multiparty computation is a computation between multiple players which want to compute a common function based on private input. It was first proposed over 20 years ago and has since matured into a well established science. The goal of this thesis has been to develop efficient protocols for different operations used in multiparty computation and to propose uses for multiparty computation in real world systems. This thesis therefore gives the reader an overview of multiparty computation from the simplest primitives to the current state of software frameworks for multiparty computation, and provides ideas for future applications. Included in this thesis is a proposed model of multiparty computation based on a model of communication complexity. This model provides a good foundation for the included papers and for measuring the efficiency of multiparty computation protocols. In addition to this model, a more practical approach is also included, which examines different secret sharing schemes and how they are used as building blocks for basic multiparty computation operations. This thesis identifies five basic multiparty computation operations: sharing, recombining, addition, multiplication and negation, and shows how these five operations can be used to create more complex operations. In particular two operations “less-than” and “bitwise decomposition” are examined in detail in the included papers. “less-than” performs the “&lt;” operator on two secret shared values with a secret shared result and “bitwise decomposition” takes a secret shared value and transforms it into a vector of secret shared bitwise values. The overall goal of this thesis has been to create efficient methods for multiparty computation so that it might be used for practical applications in the future.

Network-based Intrusion Detection Systems (NIDSs) monitor network traffic for signs of malicious activities that have the potential to disrupt entire network infrastructures and services. NIDS can only operate when the network traffic is available and can be extracted for analysis. However, with the growing use of encrypted networks such as Virtual Private Networks (VPNs) that encrypt and conceal network traffic, a traditional NIDS can no longer access network traffic for analysis. The goal of this research is to address this problem by proposing a detection framework that allows a commercial off-the-shelf NIDS to function normally in a VPN without any modification. One of the features of the proposed framework is that it does not compromise on the confidentiality afforded by the VPN. Our work uses a combination of Shamir’s secret-sharing scheme and randomised network proxies to securely route network traffic to the NIDS for analysis. The detection framework is effective against two general classes of attacks – attacks targeted at the network hosts or attacks targeted at framework itself. We implement the detection framework as a prototype program and evaluate it. Our evaluation shows that the framework does indeed detect these classes of attacks and does not introduce any additional false positives. Despite the increase in network overhead in doing so, the proposed detection framework is able to consistently detect intrusions through encrypted networks.

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design.

The project aims at solving the problem of non-repudiation, integrity and confidentiality of data when digitally exchanging sensitive resources between parties that need to be able to trust each other without the need for a trusted third party. This is done in the framework of answering to what extent digital resources can be shared securely in a decentralized public ledger-based system compared to trust-based alternatives. A background of existing resource sharing solutions is explored which shows an abundance third party trust-based systems, but also an interest in public ledger solutions in the form of the Storj network which uses such technology, but focuses on storage rather than sharing. The proposed solution, called SecuRES, is a communication protocol based on public ledger technology which acts similar to Bitcoin. A prototype based on the protocol has been implemented which proves the ability to share encrypted files with one or several recipients through a decentralized public ledger-based network. It was concluded that the SecuRES solution could do away with the requirement of trust in third parties for all but some optional operations using external authentication services. This is done while still maintaining data integrity of a similar or greater degree to trust-based solutions and offers the additional benefits of non-repudiation, high confidentiality and high transparency from the ability to make source code and protocol documentation openly available without endangering the system. Further research is needed to investigate whether the system can scale up for widespread adoption while maintaining security and reasonable performance requirements.<br>Projektet ämnar lösa problemen med oförnekbarhet, integritet och konfidentialitet när man delar känsligt data mellan parter som behöver lita på varandra utan inblanding av betrodd tredje part. Detta diskuteras för att besvara till vilken omfattning digitala resurser kan delas säkert i ett decentraliserat system baserat på publika liggare jämfört med existerande tillitsbaserade alternativ. En undersökning av nuvarande resursdelningslösningar visar att det existerar många tillitsbaserade system men även en växande andel lösningar baserade på publika liggare. En intressant lösning som lyfts fram är Storj som använder sådan teknologi men fokuserar på resurslagring mer är delning. Projektets föreslagna lösning, kallad SecuRES, är ett kommunikationsprotokoll baserat på en publik liggare likt Bitcoin. En prototyp baserad på protokollet har tagits fram som visar att det är möjligt att dela krypterade filer med en eller flera mottagare genom ett decentraliserat nätverk baserat på publika liggare. Slutsatsen som dras är att SecuRES klarar sig utan betrodda tredje parter för att dela resurser medan vissa operationer kan göras mer användarvänliga genom externa autentiseringstjänster. Själva lösningen garanterar integritet av data och medför ytterligare fördelar såsom oförnekbarhet, konfidentialitet och hög transparens då man kan göra källkoden och protocoldokumentation fritt läsbar utan att utsätta systemet för fara. Vidare forskning behövs för att undersöka om systemet kan skalas upp för allmän användning och alltjämt bibehålla säkerhets- samt prestandakrav.

Fault tolerant and secure distributed data storage systems typically require that only up to a threshold of storage nodes can ever be compromised or fail. In proactively-secure systems, this requirement is modified to hold only in a time interval (also called epoch), resulting in increased security. An attacker or adversary could compromise distinct sets of nodes in any two time intervals. This attack model is also called the mobile adversary model. Proactively-secure systems require all nodes to "refresh" themselves periodically to a clean state to maintain the availability, integrity, and confidentiality properties of the data storage service. This dissertation investigates the design of a proactively-secure distributed data storage system. Data can be stored at storage servers using encoding schemes called secret sharing, or encryption-with-replication. The primary challenge is that the protocols that the servers run periodically to maintain integrity and confidentiality must scale with large amounts of stored data. Determining how much data can be proactively-secured in practical settings is an important objective of this dissertation. The protocol for maintain the confidentiality of stored data is developed in the context of data storage using secret sharing. We propose a new technique called the GridSharing framework that uses a combination of XOR secret sharing and replication for storing data efficiently. We experimentally show that the algorithm can secure several hundred GBs of data. We give distributed protocols run periodically by the servers for maintaining the integrity of replicated data under the mobile adversary model. This protocol is integrated into a document repository to make it proactively-secure. The proactively-secure document repository is implemented and evaluated on the Emulab cluster (http://www.emulab.net). The experimental evaluation shows that several 100 GBs of data can be proactively-secured. This dissertation also includes work on fault and intrusion detection - a necessary component in any secure system. We give a novel Byzantine-fault detection algorithm for quorum systems, and experimentally evaluate its performance using simulations and by deploying it in the AgileFS distributed file system.

The broadcast nature of wireless medium has made information security as one of the most important and critical issues in wireless systems. Physical layer security, which is based on information-theoretic secrecy concepts, can be used to secure the wireless channels by exploiting the noisiness and imperfections of the channels. Massive multiple-input multiple-output (MIMO) systems, which are equipped with very large antenna arrays at the base stations, have a great potential to boost the physical layer security by generating the artificial noise (AN) with the exploitation of excess degrees-of-freedom available at the base stations. In this thesis, we investigate physical layer security provisions in the presence of passive/active eavesdroppers for single-hop massive MIMO, dual-hop relay-assisted massive MIMO and underlay spectrum-sharing massive MIMO systems. The performance of the proposed security provisions is investigated by deriving the achievable rates at the user nodes, the information rate leaked into the eavesdroppers, and the achievable secrecy rates. Moreover, the effects of active pilot contamination attacks, imperfect channel state information (CSI) acquisition at the base-stations, and the availability of statistical CSI at the user nodes are quantified. The secrecy rate/performance gap between two AN precoders, namely the random AN precoder and the null-space based AN precoder, is investigated. The performance of hybrid analog/digital precoding is compared with the full-dimensional digital precoding. Furthermore, the physical layer security breaches in underlay spectrum-sharing massive MIMO systems are investigated, and thereby, security provisions are designed/analyzed against active pilot contamination attacks during the channel estimation phase. A power-ratio based active pilot attack detection scheme is investigated, and thereby, the probability of detection is derived. Thereby, the vulnerability of uplink channel estimation based on the pilots transmitted by the user nodes in time division duplexing based massive MIMO systems is revealed, and the fundamental trade-offs among physical layer security provisions, implementation complexity and performance gains are discussed.

Дисертація присвячена математичному моделюванню задач криптографії та обробки сигналів з використанням неканонічних гіперкомплексних числових систем, застосування яких зменшує кількість обчислень при функціонуванні таких моделей та дозволяє оптимізувати їх за окремими характеристиками. Результати моделювання задачі розділення секрету показали, що застосування неканонічних гіперкомплексних числових систем, починаючи з вимірності 4, зменшує кількість потрібних обчислень у порівнянні із застосуванням канонічних гіперкомплексних числових систем. Розроблено методи побудови структур неканонічних гіперкомплексних числових систем, що задовольняють критеріям побудови цифрового фільтра. Побудовано цифровий фільтр з коефіцієнтами у неканонічних гіперкомплексних числових системах та проведена його оптимізація за параметричною чутливістю.<br>The thesis is devoted to mathematical modeling of cryptography and signal problems using non-canonical hypercomplex numerical systems, which reduces the calculations amount during these models functioning and allows their optimization by individual characteristics. The modelling results of secret sharing scheme have shown that the use of non-canonical hypercomplex numerical systems starting from dimension 4 reduces the computation amount required in comparison with the use of canonical hypercomplex numerical systems. The methods for synthesis the noncanonical hypercomplex numerical system structures that satisfy the criteria for building a digital filter are developed. The digital filter is developed with the coefficients in noncanonical hypercomplex numerical systems and optimized by the parametric sensitivity.<br>Диссертация посвящена математическому моделированию задач криптографии и обработки сигналов с использованием неканонических гиперкомплексных числовых систем (ГЧС). Разработаны методы и способы представления и обработки данных в неканонических ГЧС, применение которых упрощает вид математических моделей, уменьшает количество вычислений при их функционировании и позволяет производить их оптимизацию по отдельным признакам. Анализ результатов работ последнего десятилетия по применению гиперкомплексных числовых систем в решении задач криптографии и обработки сигналов показал следущее: 1) применение канонических ГЧС к задаче разделения секрета повышает криптографическую стойкость, но вместе с тем увеличивает количество операций, требуемых для реализации такой задачи. Применение неканонических ГЧС дает возможность минимизировать количество вычислений за счет меньшей размерности системы; 2) синтез цифрового фильтра с использованием канонических ГЧС дает результаты по оптимизации его параметрической чувствительности, но поскольку выбор таких систем ограничен, неканонические ГЧС дают большие возможности по оптимизации чувствительности. В работе совершенствуются методы построения структур ГЧС заданной размерности, в том числе получения множества структур неканонических ГЧС, заданных в общем виде и неканонических гиперкомплексных числовых систем, изоморфных диагональной системе. Эти методы учитывают заданные ограничения представления данных в неканонических ГЧС для моделирования практических задач. Предлагается метод построения некоторых классов изоморфизма для неканонических ГЧС размерности 2. Изоморфные системы используются для минимизации вычислений при таком представления данных. В работе совершенствуются методы определения единичного элемента, нормы, сопряжения и делителей нуля для неканонических гиперкомплексных числовых систем; методы выполнения операций в таких системах. Впервые предлагается метод вычисления вычетов в неканонических ГЧС, который применяется в моделировании задачи разделения секрета и учитывает структурные особенности неканонических гиперкомплексных числовых систем. Предлагается модификация модулярной схемы разделения секрета, которая отличается от существующей представлением информации остатками в неканонических ГЧС по совокупности неканонических гиперкомплексных модулей. Реализована компьютерная модель задачи разделения секрета для неканонических ГЧС третьей и четвертой размерности в системе символьных вычислений MAPLE. Приведены результаты работы такой модели и сравнительные характеристики количества операций в части преобразования данных, непосредственно разделения секрета и восстановления данных. Анализ полученных результатов показал, что в целом, применение неканонических ГЧС к данной модели позволяет использовать меньшую размерность в зависимости от выбора констант при структурных единицах в таблице умножения системы, для обеспечения такой же криптостойкости, как и с использованием канонических ГЧС. Использование неканонической ГЧС размерности 3 для обеспечения такой же криптостойкости, как и при использовании канонической ГЧС размерности 4, не дает нужного эффекта для уменьшения количества вычислений, так как среднее количество операций увеличивается на 92%. Но уже при использовании неканонической ГЧС размерности 4 с 9-ю составными ячейками в таблице умножения с целыми коэффициентами из диапазона {-4,4}, для обеспечения такой же криптостойкости, как и при использовании канонической ГЧС размерности 6, количество требуемых вычислений уменьшается в среднем на 44%. Для успешного восстановления секрета, необходимо использовать числовые системы без делителей нуля и обладающих свойством мультипликативности нормы. В диссертационной работе впервые предлагается метод синтеза неканонических ГЧС, которые могут быть использованы при построении цифрового фильтра. Создана математическая модель рекурсивного цифрового фильтра с гиперкомплексными коэффициентами в полученных неканонических ГЧС третьей размерности. Впервые предлагается метод оптимизации суммарной параметрической чувствительности фильтра, построенного с использованием неканонических ГЧС который позволяет существенно уменьшить параметрическую чувствительность эквивалентного фильтра с вещественными коэффициентами (до ~50%) и существующих фильтров с гиперкомплексными коэффициентами (до ~40%). В работе описано расширение аналитически-программного инструментария в системе символьных вычислений MAPLE, который реализует предложенные модели и методы с учетом структурных особенностей неканонических ГЧС, а именно: определение основных свойств и выполнение операций над неканоническими гиперкомплексными числами; выполнение модулярных операций над неканоническими гиперкомплексными числами; построение структур неканонических ГЧС согласно заданным критериям, в том числе, критерию построения цифрового фильтра; реализация модели задачи разделения секрета в неканонических ГЧС и метода оптимизации параметрической чувствительности цифрового фильтра. Листинги кода приведены в приложениях.

The fourth generation cellular mobile broadband, Long-Term Evolution (LTE), provides high speed Internet via Internet Protocol (IP). Today’s wireless infrastructure paves the way to a connected society where high speed Internet is seamlessly available at all times for anyone to use. To achieve this, a mobile service subscriber can no longer be bound to a single network provided by a single operator. Thus, roaming constitutes a key pillar in shaping the connected society Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) roaming enables a mobile service subscriber to breakout from its home network, and to use network services in a visited network. LBO requires control signalling and user data to be routed over several Public Land Mobile Networks (PLMNs), thus making mobile service subscriber’s the subject of Lawful Intercept (LI) across multiple networks. This thesis project investigates the possibility of using Multimedia Internet KEYing (MIKEY) and Secure Real-Time Transport Protocol (SRTP) to encrypt the payload of VoLTE media packets. More specifically, a Law Enforcement Monitoring Provider (LEMP) is designed, implemented, and evaluated. LEMP is deployed within a cell phone and serves to distribute cryptographic key shares to Trusted Third Parties (TTPs), i.e. multiple escrow agents, entrusted to store these cryptographic key shares. The result preserves the requirements for LI despite the fact that there may be multiple network operators involved. Moreover, the experiments show that the distribution time depends primarily on network latency rather than the time required to split the cryptographic key in chunks; hence the approach is usable in practice.<br>Den fjärde generationens mobila bredband, Long-Term Evolution (LTE), möjliggör användandet av höghastighetsinternet över Internet Protocol (IP). Dagens trådlösa infrastrukturer banar väg för ett fritt och lättillgängligt digitalt samhälle där alla kan vara uppkopplade samtidigt. För att uppnå global trådlös infrastruktur måste mobilabonnenten ha möjlighet att utnyttja flera andra trådlösa nätverk än det nätverk som teleoperatören binder dem till. Därför utgör fri roaming en viktig del i utvecklingen av framtidens globala trådlösa infrastrukturer. Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) är en roamingarkitektur som gör det möjligt för en mobilabonnent att kopplas upp från en teleoperatörs nät till en annans. LBO kräver att kontrollsignaler och användardata skickas mellan flera operatörer innan trafiken når sitt mål, och därmed utsätts mobilabonnenten för laglig avlyssning av elektronisk information på flera platser samtidigt. Det här examensarbetet undersöker möjligheten att använda Multimedia Internet KEYing (MIKEY) och Secure Real-Time Transport Protocol (SRTP) för att kryptera mediatrafik i VoLTE. Under arbetets gång utvecklas och utvärderas en Law Enforcement Monitoring Provider (LEMP). LEMP är placerad i en mobiltelefon och distribuerar delar av krypteringsnycklar till flera betrodda tredje parter (till flera escrow agents). Detta gör det möjligt att uppfylla kraven för laglig avlyssning av elektronisk information även när flera teleoperatörer avlyssnar användardata och kontrollsignaler. Resultatet visar att distribueringstiden primärt beror på nätverkslatens, och inte på den tid det tar att fördela krypteringsnyckeln i mindre delar. Därför kan den här metoden användas i praktiken.

This research addresses the concept of radio resource allocation for cellular communications systems operating in congested and contested environments with an emphasis on end-to-end quality of service (QoS). The radio resource allocation is cast under a proportional fairness formulation which translates to a convex optimization problem. Moreover, the resource allocation scheme considers subscription-based and traffic differentiation in order to meet the QoS requirements of the applications running on the user equipment in the system. The devised resource allocation scheme is realized through a centralized and a distributed architecture and solution algorithms for the aforementioned architectures is derived and implemented in the mobile devices and the base stations. The sensitivity of the resource allocation scheme to the temporal dynamics of the quantity of the users in the system is investigated. Furthermore, the sensitivity of the resource allocation scheme to the temporal dynamics in the application usage percentages is accounted for. In addition, a transmission overhead of the centralized and distributed architectures for the resource allocation schemes is performed. Furthermore, the resource allocation scheme is modified to account for a possible additive bandwidth done through spectrum sharing in congested and contested environments, in particular spectrally coexistent radar systems. The radar-spectrum additive portion is devised in a way to ensure fairness of the allocation, high bandwidth utilization, and interference avoidance. In order to justify the aforesaid modification, the interference from radar systems into the Long Term Evolution (LTE) as the predominant 4G technology is studies to confirm the possibility of the spectrum sharing. The preceding interference analysis contains a detailed simulation of radar systems, propagation path loss models, and a third generation partnership project compliant LTE system. The propagation models are Free Space Path Loss (FSPL) and Irregular Terrain Model (ITM). The LTE systems under consideration are macro cell, outdoor small cells, and indoor small cells. Furthermore, the resource allocation under channel consideration is formalized such that the resources are allocated under a congested environment and based on the quality of channel the users have in the network as well as the quality of service requirements of the applications running on the mobile devices.<br>Ph. D.

碩士<br>國立成功大學<br>電機工程學系<br>88<br>Visual secret sharing (VSS) scheme was proposed by Noar and Shamir in 1994. This is a technique that divided the secret image that will be transformed into several meaningless shadows and certain qualified subsets of shadows enable to recover the secret image by "eyes". The main characteristic of the VSS scheme is in its decoding process that the original secret can be perceived directly by the human visual system without the knowledge of cryptography and the cryptographic computations. It possesses a special meaning and effect that "the secret codes are visible". In this thesis, our main objective is to use the VSS scheme in our daily life and to implement an application system. The whole system is divided into five parts: magic card, lottery, arithmetic quiz, electronic mail, and fax. Our system is suitable for entertainment, information education, and secret message sending. And we also combine VSS scheme with E-mail and fax to be used on commerce. We implement the VSS scheme into software, so as to convey the importance of privacy safeguarded. In theory, we propose a new VSS scheme, top-down VSS scheme. The characteristic of the scheme is that it can conceal two secret messages (P1 and P2) on two shadows (T1 and T2) at the same time. When T1 and T2 stacked together, P 1 is recovered. By reversing T1 and covering it on T2, P 2 is revealed. In real application of VSS scheme, we discuss the distortion about using fax function. And we propose our solution for this question.

碩士<br>淡江大學<br>資訊工程學系資訊網路與通訊碩士班<br>101<br>This study presents an (s, t, n) progressive method for sharing an audio. In an (s, t, n) progressive audio sharing scheme, n shared audios are generated from the secret audio, gathering s shared audios acquires coarse resolution of secret audio, and using t shared audios can reconstruct the original secret audio losslessly. The Chinese Remainder Theorem is adopted in the proposed scheme to share coefficients acquired from 1-D integer wavelet transform with different thresholds. First, the maximum wavelet level number needed in 1-D integer wavelet transform is determined from thresholds s and t. Then, the proposed scheme applies the secret audio to 1-D integer wavelet transform for acquiring coefficients under different levels. At last, all wavelet coefficients are partitioned to (t-s+1) groups and share each group with different thresholds under inverse wavelet transform. Experimental results demonstrate that the proposed scheme can share secret audios efficiently and progressively.

碩士<br>淡江大學<br>資訊工程學系碩士班<br>101<br>This study presents an (s, t, n) progressive method for sharing a secret image. In which n shared images are generated from the secret image, collecting s shared images acquires coarse resolution of secret image, and collecting t or more shared images losslessly recovers the secret image. The proposed method employs the Chinese Remainder Theorem to share subimages acquired from integer wavelet transform with different thresholds for satisfying the progressive property. First, the proposed scheme applies the secret image to integer wavelet subimages. The maximum subimage number needed in wavelet transform is obtained from threshold s and t. Then, all subimages are partitioned to (t-s+1) groups and share each group with different thresholds to reconstruct the secret image progressively. Experimental results demonstrate that the proposed scheme based on Chinese Remainder Theorem preserves efficiency and progressive properties.

碩士<br>國立中山大學<br>資訊工程學系研究所<br>104<br>In recent years, at an era of information explosion, cloud storage system is wide-spread used in our daily life. However, cloud storage system include many information security issues. The technical of secret sharing is applied to solve these problem include data privacy, data integrity and computational cost. Nevertheless, applying Shamir’s secret sharing scheme to cloud storage system, there are two fetal problems. When we upload the file to the cloud storage system, the size of each share equals to the file such that it waste amount of storage to save these shares; furthermore, a heavy computational cost is required to make shares which is going to be saved in the cloud servers. Therefore, we then proposed a secret-sharing-based method by generating pseudo-random number to replace the real shares such that it reduces the storage cost; in addition, we use just EXCLUSIVE-OR (XOR) operation to reduce the computational cost when computing the shares for each cloud servers.

碩士<br>逢甲大學<br>資訊工程所<br>98<br>Internet protocol television (IPTV) and multimedia application not only provide entertainment, but also create tremendous business opportunities and attract to illegal pretenders. Digital rights management mechanisms prevent the illegal access, but these mechanisms are still some inherent shortcomings. However, the protection of encryption algorithms only can sustain before decrypt. After decryption, malicious user can obtain the high-quality multimedia content without any protection mechanisms by using record technology and further threat the copyright of the original media. In our research, we propose a traceable video watermark system that attempt to provide protection for video after decryption. The system applies the different characteristics of video and image not only to achieve the above ability, but also make already existing video watermarking scheme to improve effectiveness of fault tolerance, hiding capability and better image quality in part of our scheme.

碩士<br>中央警察大學<br>資訊管理研究所<br>95<br>The secret sharing is used the (t, n) secret sharing scheme, which is a so-called (t, n) threshold scheme, where t denotes the threshold value to reveal the secret and n is the total number of holding shadows. In essence, the secret is asked to be divided into n shadows, and the secret can be reconstructed by t or more shadows, but no information can be obtained by fewer than t shadows. Therefore, this method can has more security and considerably efficiency in the cryptography operation. In the chapter 3 of this thesis, we provide a novel approach to Multi-secret image sharing based on a (s, t, n)-threshold scheme with pattern least significant bit (LSB for short), cyclic redundancy check and hash function. The proposed scheme enhances the authentication ability and improves the quality of stego-image. In the chapter 4 of this thesis, the high-capacity secret image sharing and high authentication ability are our research subjects. We present robust authentication in detecting the stego-images but remaining the same high information embedding capacity, were the cyclic redundancy check and hash function are both applied in the detecting manner of authentication. In this thesis, we found an authentication-based steganography in a secret sharing system. Our proposed solution includes more authentication ability, in order to prevent honest participant recover the disordered message or fake image by cheaters. In the meantime, the stego-images detection is designed such as to prevent any possible alteration. In this way, our proposed scheme is suitable for applications where detect the malicious participants constantly, such as in law enforcement agencies, military departments, and intelligence bureaus, etc.

碩士<br>朝陽科技大學<br>資訊工程系碩士班<br>96<br>Family quarrels over inheritance, while not new, have featured prominently in the news in recent years. Thus the issue of executing wills for the purpose of dividing inheritance is worth investigating. Acrimony caused by family disputes or distribution of inheritance has a negative impact on society. Thus, we seek to construct a method of constructing a secure and private escrow will. The concept of secret sharing was proposed by Adi Shamir and George Blakley in 1979. Our method seeks to alleviate problems associated with secret sharing. We divide secret S into n pieces, and distribute those pieces to n specific objects. We call the n owners the shadows. We then reconstruct these shadows and retrieve the original main key. Our method functions on the basis of the secret sharing mechanism. The proposed scheme combines the convenience of the Internet with cryptology technologies to solve the security problems of the online wills. It not only reduces cost and improves performance, but also prevents family infighting.

碩士<br>國立成功大學<br>資訊工程學系碩博士班<br>101<br>In the era of information explosion, people usually share various kinds of information through networks. As more information is going to be shared and stored, the maintenance costs of data also increase. Since cloud storage systems have large storage space, high transmission bandwidth, and the supports of data maintenance, the management costs of clients can further be reduced, and therefore more companies would like to outsource their data into cloud storage systems. However, because of the lacks of physical controls of data, the data security and the data availability are always concerned. Hence, this thesis mainly focuses on proposing a method to leverage between the data security, the data availability, the access performance, and the client cost. Nevertheless, clients often cannot be served with what they actually want because the Service Level Agreement (SLA) provided by existing cloud storage systems is not customized. Therefore, this thesis first defines the corresponding SLA elements according to the four major concerns of clients. Based on the customized SLA negotiated with clients, their actual requirements can be discovered and exploited to adjust the system parameters for completing services. Among existing cloud storage systems with the data security support, Short-Secret-Sharing (SSS) cloud storage system has the characteristics including the smallest storage consumption, the highest performance and key management supports. By adjusting the parameters (n, k) of SSS, the cloud storage system can provide different levels of protection in the data security and the data availability whereas obtaining different access performance and client costs. This thesis would like to propose a method to obtain the optimal result by adjusting the parameters (n, k) based on the customized SLA of clients. Finally, by analyzing several scenarios, the customized SLAs negotiated with different clients are obtained. Moreover, optimal results are presented when clients are served by different cloud storage systems.

碩士<br>臺北市立教育大學<br>資訊科學系碩士班<br>99<br>Secret sharing is an elegant approach for safeguarding information. Since the first schemes invented by Shamir and Blakley independently in 1979, the research of secret sharing has attracted much attention. Skills including polynomial interpolation by Shamir, finite geometries by Blakley and combinatorial designs by Schellenberg and Stinson (1989), to name a few, are so classical that inspire many researchers in this research area. In this thesis, we intend to explore the feasibilities of the constructions of secret sharing schemes in threshold and general access structures using linear codes and linear systems respectively. The proposed linear codes-based schemes are generalized from Mseesy’s and Karnin’s schemes; whereas those by linear systems are innovative. We not only design algorithms but also analyze the security for these schemes. It is expected that this study might enrich the diversity and practicality of secret sharing.

Many e-voting techniques have been proposed but not widely used in reality. One of the problems associated with most of existing e-voting techniques is the lack of transparency, leading to a failure to deliver voter assurance. In this work, we propose a transparent, auditable, end-to-end verifiable, and mutual restraining e-voting protocol that exploits the existing multi-party political dynamics such as in the US. The new e-voting protocol consists of three original technical contributions -- universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement -- that, along with a public real time bulletin board, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent to voters and any third party, which allow any voter to verify that his vote is indeed counted and also allow any third party to audit the tally. For the environment requiring receipt-freeness and coercion-resistance, we introduce additional approaches to counter vote-selling and voter-coercion issues. Our interactive voting protocol is suitable for small number of voters like boardroom voting where interaction between voters is encouraged and self-tallying is necessary; while our non-interactive protocol is for the scenario of large number of voters where interaction is prohibitively expensive. Equipped with a hierarchical voting structure, our protocols can enable open and fair elections at any scale.

碩士<br>國立清華大學<br>通訊工程研究所<br>97<br>The bilinear mapping function used in the elliptic curve cryptography has been a new trend of cryptosystem. Because the cryptosystem bases on the elliptic curve cryptography will achieve higher level of security comparing with the original discrete logarithm problem in the same bits length. We propose two different kinds of application in communication and cryptography. First one is about the secret sharing. Some secrets are protected by distributing them among many participants, whereby only an authorized group of participants can reconstruct the secrets. In our scheme, the secret will change periodically and the dealer will periodically publish some of the information, in addition, the participants can verify the information which they have received. Each participant holds only one permanent, private secret, and some of them use it during different time periods to reconstruct the corresponding shared secrets without revealing their own private information. Because some public information is renewed in our scheme, the old information has nothing to do with the next secret. The second one is about the hierarchical key derivation. When constructing the network, the key management is the most important problem that each system has to solve. There are many key agreement protocols which are non-hierarchical. We have achieved a verifiable hierarchical key derivation scheme using the elliptic curve cryptography and the bilinear mapping function. The character of this scheme is that the user who has higher rank can derive the keys kept by the users who are in lower rank. The third one, final part, is to propose a secret sharing application to the varied oblivious transfer. We extend the 1-on-1 oblivious transfer to be 1-on-n where n is larger than or equal to 1. Our proposed scheme is subject to the scenario of multi-receiver. Following up the requests, we design the protocols which not only achieve the basic requirements of oblivious transfer but also make the intended recipients can only retrieve the individual information with them. It is next applied to two real cases to fit in with security concerns at the communications of CDMA (Code Division Multiple Access) and electronic commerce transaction systems.

Secret sharing-based distributed storage systems can provide long-term protection of confidentiality and integrity of stored data. This is achieved by periodically refreshing the stored shares and by checking the validity of the generated shares through additional audit data. However, in most real-life environments (e.g. companies), this type of solution is not optimal for three main reasons. Firstly, the access rules of state of the art secret sharing-based distributed storage systems do not match the hierarchical organization in place in these environments. Secondly, data owners are not supported in selecting the most suitable storage servers while first setting up the system nor in maintaining it secure in the long term. Thirdly, state of the art approaches require computationally demanding and unpractical and expensive building blocks that do not scale well. In this thesis, we mitigate the above mentioned issues and contribute to the transition from theory to more practical secret sharing-based long-term secure distributed storage systems. Firstly, we show that distributed storage systems can be based on hierarchical secret sharing schemes by providing efficient and secure algorithms, whose access rules can be adapted to the hierarchical organization of a company and its future modifications. Secondly, we introduce a decision support system that helps data owners to set up and maintain a distributed storage system. More precisely, on the one hand, we support data owners in selecting the storage servers making up the distributed storage system. We do this by providing them with scores that reflect their actual performances, here used in a broad sense and not tied to a specific metric. These are the output of a novel performance scoring mechanism based on the behavioral model of rational agents as opposed to the classical good/bad model. On the other hand, we support data owners in choosing the right secret sharing scheme parameters given the performance figures of the storage servers and guide them in updating them accordingly with the updated performance figures so as to maintain the system secure in the long term. Thirdly, we introduce efficient and affordable distributed storage systems based on a trusted execution environment that correctly outsources the data and periodically computes valid shares. This way, less information-theoretically secure channels have to be established for confidentiality guarantees and more efficient primitives are used for the integrity safeguard of the data. We present a third-party privacy-preserving mechanism that protects the integrity of data by checking the validity of the shares.