Dissertations / Theses on the topic 'Broadcast encryption'

Broadcast encryption is a fairly new area in cryptology. It was first addressed in 1992, and the research in this area has been large ever since. In short, broadcast encryption is used for efficient and secure broadcasting to an authorized group of users. This group can change dynamically, and in some cases only one-way communication between the sender and receivers is available. An example of this is digital TV transmissions via satellite, in which only the paying customers can decrypt and view the broadcast.

The purpose of this thesis is to develop a general Java framework for implementation and performance analysis of broadcast encryption algorithms. In addition to the actual framework a few of the most common broadcast encryption algorithms (Complete Subtree, Subset Difference, and the Logical Key Hierarchy scheme) have been implemented in the system.

This master’s thesis project was defined by and carried out at the Information Theory division at the Department of Electrical Engineering (ISY), Linköping Institute of Technology, during the first half of 2004.

In a world that is increasingly relying on digital technologies, the ability to securely communicate and distribute information is of crucial importance. Cryptography plays a key role in this context and the research presented in this thesis focuses on developing cryptographic primitives whose properties address more closely the needs of users. We start by considering the notion of robustness in public-key encryption, a property which models the idea that a ciphertext should not decrypt to a valid mes- sage under two different keys. In contexts where anonymity is relevant, robustness is likely to be needed as well, since a user cannot tell from the ciphertext if it is intended for him or not. We develop and study new notions of robustness, relating them to one another and showing how to achieve them. We then consider the important issue of protecting users' privacy in broadcast encryption. Broadcast encryption (BE) is a cryptographic primitive designed to efficiently broadcast an encrypted message to a target set of users that can decrypt it. Its extensive real-life application to radio, television and web-casting renders BE an extremely interesting area. However, all the work so far has striven for efficiency, focusing in particular on solutions which achieve short ciphertexts, while very little attention has been given to anonymity. To address this issue, we formally define anonymous broadcast encryption, which guarantees recipient-anonymity, and we provide generic constructions to achieve it from public-key, identity-based and attribute-based encryption. Furthermore, we present techniques to improve the efficiency of our constructions. Finally, we develop a new primitive, called time-specific encryption (TSE), which allows us to include the important element of time in the encryption and decryption processes. In TSE, the sender is able to specify during what time interval a ciphertext can be decrypted by a receiver. This is a relevant property since information may become useless after a certain point, sensitive data may not be released before a particular time, or we may wish to enable access to information for only a limited period. We define security models for various flavours of TSE and provide efficient instantiations for all of them. These results represent our efforts in developing public-key encryption schemes with enhanced properties, whilst maintaining the delicate balance between security and efficiency.

Thesis (MScEng)--Stellenbosch University, 2013.
ENGLISH ABSTRACT: A secure product entitlement system allows one party, such as a pay-TV operator, to broadcast the same collection of information to several receiving parties while only allowing a certain subset of the receiving parties to access the information. This system must still be secure in the scenario where all receiving parties who are not allowed access to the information, pool their resources in an attempt to gain access to the information. Such a product entitlement system must also be bandwidth e cient since it can be deployed in networks where bandwidth is at a premium. The foundations of modern encryption techniques is reviewed and a survey of existing techniques, used to secure content in broadcast environments, is studied. From this collection of techniques two were identi ed as bandwidth e cient and are discussed in more detail before being implemented. An attempt is then made to design a new secure bandwidth e cient encryption scheme for protecting content in a broadcast environment. Several iterations of the design is detailed, including the security aw which makes each design insecure. The nal design was implemented and compared in several metrics to the two previously selected bandwidth e cient schemes. A framework to test the correctness of the schemes over a network is also designed and implemented. Possible future avenues of research are identi ed with regards to creating a secure broadcast encryption scheme and improving the software solution in which to use such a scheme.
AFRIKAANSE OPSOMMING: 'n Veilige produk-aanspraak-stelsel stel een party, soos byvoorbeeld 'n betaal-TV-operateur, in staat om dieselfde versameling inligting na verskeie partye uit te saai, terwyl slegs 'n bepaalde deelversameling van die ontvangende partye toegelaat sal word om toegang tot die inligting te bekom. Hierdie stelsel moet steeds die inligting beskerm in die geval waar al die ontvangende partye wat toegang geweier word, hul hulpbronne saamsmee in 'n poging om toegang te verkry. So 'n produk-aanspraak-stelsel moet ook bandwydte doeltre end benut, aangesien dit gebruik kan word in netwerke waar bandwydte baie duur is. Die fondamente van die moderne enkripsietegnieke word hersien. 'n Opname van bestaande tegnieke wat gebruik word om inligting te beskerm in 'n uitsaai omgewing word bestudeer. Uit hierdie versameling tegnieke word twee geïdenti seer as tegnieke wat bandwydte doeltre end benut en word meer volledig bespreek voordat dit geïmplementeer word. 'n Poging word dan aangewend om 'n nuwe veilige bandwydte doeltre ende enkripsietegniek te ontwerp vir die beskerming van inligting wat uitgesaai word. Verskeie iterasies van die ontwerp word uiteengesit, met 'n bespreking van die sekuriteitsfout wat elke ontwerp onveilig maak. Die nale ontwerp is geïmplementeer en aan die hand van verskeie maatstawwe vergelyk met die twee bandwydte doeltre ende tegnieke, wat voorheen gekies is. 'n Raamwerk om die korrektheid van die tegnieke oor 'n netwerk te toets, is ook ontwerp en geïmplementeer. Moontlike toekomstige rigtings van navorsing word geïdenti seer met betrekking tot die skep van 'n veilige uitsaai enkripsietegniek en die verbetering van die sagtewareoplossing wat so 'n tegniek gebruik.

The first line of defence against wireless attacks in Radio Frequency Identi cation (RFID) systems is authentication of tags and readers. RFID tags are very constrained in terms of power, memory and size of circuit. Therefore, RFID tags are not capable of performing sophisticated cryptographic operations. In this dissertation, we have designed light-weight authentication schemes to securely identify the RFID tags to readers and vice versa. The authentication schemes require simple binary operations and can be readily implemented in resource-constrained Radio Frequency Identi cation (RFID) tags. We provide a formal proof of security based on the di culty of solving the Syndrome Decoding (SD) problem. Authentication veri es the unique identity of an RFID tag making it possible to track a tag across multiple readers. We further protect the identity of RFID tags by a light-weight privacy protecting identifi cation scheme based on the di culty of the Learning Parity with Noise (LPN) complexity assumption. To protect RFID tags authentication against the relay attacks, we have designed a resistance scheme in the analog realm that does not have the practicality issues of existing solutions. Our scheme is based on the chaos-suppression theory and it is robust to inconsistencies, such as noise and parameters mismatch. Furthermore, our solutions are based on asymmetric-key algorithms that better facilitate the distribution of cryptographic keys in large systems. We have provided a secure broadcast encryption protocol to effi ciently distribute cryptographic keys throughout the system with minimal communication overheads. The security of the proposed protocol is formally proven in the adaptive adversary model, which simulates the attacker in the real world.

The master thesis is solving a problem of physical security of documents in Document Management System (DMS) in the company Icontio CR s.r.o. This fact will improve the security of the whole system and also the security of data placed in it. The main purpose of this thesis is a proposal of a security module, methods of coding and other functionalities which are going to be neccesarily implemented. Side purpose is a creation of the Access management, structures of data libraries in the DMS system, structures of users in the Active Directory and a suggestion of multilevel workflow. Introduction of these changes should bring the physical security of data, new view on data and simplifying the work with them in all fields of interest.

Les données, y compris les données privées, jouent aujourd'hui un rôle prépondérant dans notre quotidien. Les recherches actuelles se concentrent principalement sur le stockage de ces données, en mettant l'accent sur la possibilité de les traiter de manière sécurisée même lorsqu'elles sont chiffrées. Cependant, au-delà de leur conservation, ces données doivent également être partagées de diverses manières : soit entre un individu et un groupe d'individus, parfois unis par des caractéristiques communes qui définissent les règles de partage, soit simplement entre deux individus. À l'heure actuelle, ces différents modes de partage ne sont pas encore bien maîtrisés, que ce soit en raison de leur coût élevé en termes de performance ou de leurs fonctionnalités limitées. Cette thèse se penche sur divers schémas de chiffrement adaptés au partage de données sensibles, en proposant de nouvelles constructions. Tout d'abord, nous examinons deux primitives cryptographiques : les schémas de chiffrement basés sur l'identité avec caractère générique et les accumulateurs cryptographiques, qui serviront de point de départ pour nos nouvelles constructions. En ce qui concerne les schémas de chiffrement basés sur l'identité avec caractère générique, nous introduisons une nouvelle propriété de sécurité et proposons deux nouvelles instanciations, dont l'une satisfait cette nouvelle propriété de sécurité que nous avons définie. Pour les accumulateurs cryptographiques, nous présentons un nouveau type d'accumulateur, ainsi qu'un schéma amélioré par rapport à l'état de l'art, et un deuxième schéma illustrant notre nouvelle fonctionnalité. Nous introduisons également une nouvelle propriété de sécurité pour cette primitive et soulevons de nombreuses questions concernant différentes propriétés de cette dernière. Enfin, nous explorons la construction de schémas de chiffrement adaptés au partage de données en utilisant les deux primitives précédentes. Nous proposons une construction générique de schéma de chiffrement de groupe (y compris le chiffrement de groupe "augmenté") à partir de schémas de chiffrement basés sur l'identité avec caractère générique. Grâce à nos instanciations de la primitive, nous obtenons un nouveau schéma de chiffrement de groupe qui améliore l'état de l'art en offrant une sécurité adaptative plutôt que simplement sélective, tout en préservant l'efficacité des meilleurs schémas grâce à une taille de chiffré constante. Pour les schémas de chiffrement de groupe "augmentés", la combinaison d'une de nos instanciations de schémas de chiffrement basés sur l'identité avec caractère générique et notre construction générique nous permet d'obtenir un nouveau schéma, le premier à garantir une sécurité adaptative dans le modèle standard. Malheureusement, en termes d'efficacité, notre schéma n'est pas plus efficace qu'une solution "triviale". Cependant, grâce à nos constructions génériques, une amélioration de la primitive sous-jacente contribuera à l'amélioration des schémas de chiffrement de groupe "augmentés". Nous proposons également un schéma de chiffrement basé sur les attributs en utilisant notre nouveau type d'accumulateurs. Ce schéma est le premier à offrir une taille constante pour la clé secrète et le chiffré, indépendamment du nombre d'attributs dans le schéma, tout en garantissant une sécurité adaptative. Cependant, cette efficacité est obtenue au détriment de la taille exponentielle de la clé publique, et notre construction, reposant sur des spécificités propres à l'instanciation de notre nouvel accumulateur avec des couplages, ne peut pas être généralisée. Enfin, à travers un cas d'usage concret, nous proposons une nouvelle approche du contrôle d'accès grâce aux schémas de chiffrement basés sur l'identité avec caractère générique
Data, including private information, plays a pivotal role in our daily lives today. Current research predominantly focuses on data storage, with an emphasis on the ability to securely process data even when it is encrypted. However, beyond mere preservation, data must also be shared in various ways: either among an individual and a group of individuals, sometimes bound by common characteristics defining sharing rules, or simply between two individuals. Currently, these different modes of sharing are not yet well-mastered, either due to their high performance cost or limited functionalities. This thesis delves into various encryption schemes tailored for sharing sensitive data, proposing new constructions. Firstly, we investigate two cryptographic primitives: identity-based encryption schemes with wildcards and cryptographic accumulators, which serve as a starting point for our new constructions. Regarding identity-based encryption schemes with wildcards, we introduce a new security property and propose two new instantiations, one of which satisfies this new security property that we have defined. For cryptographic accumulators, we present a new type of accumulator, an improved scheme compared to the state of the art, and a second scheme illustrating our new functionality. We also introduce a new security property for this primitive and raise numerous questions concerning various properties of the latter. Finally, we explore the construction of encryption schemes suited for data sharing using the two aforementioned primitives. We propose a generic construction of a group encryption scheme (including "augmented" group encryption) based on identity-based encryption schemes with wildcards. With our instantiations of the primitive, we achieve a new group encryption scheme that enhances the state of the art by offering adaptive security rather than just selective, while preserving the efficiency of the best schemes due to a constant ciphertext size. For "augmented" group encryption schemes, the combination of one of our instantiations of identity-based encryption schemes with wildcards and our generic construction enables us to obtain a new scheme, the first to guarantee adaptive security in the standard model. Unfortunately, in terms of efficiency, our scheme is no more efficient than a "trivial" solution. However, thanks to our generic constructions, an enhancement of the underlying primitive will contribute to improving "augmented" group encryption schemes. We also propose an attribute-based encryption scheme using our new type of accumulators. This scheme is the first to offer a constant size for the secret key and ciphertext, regardless of the number of attributes in the scheme, while guaranteeing adaptive security. However, this efficiency comes at the cost of an exponential size for the public key, and our construction, relying on specific features of our new accumulator instantiation with pairings, cannot be generalized. Finally, through a concrete use case, we introduce a novel approach to access control using identity-based encryption schemes with wildcards

碩士
國立臺灣科技大學
資訊管理系
92
A broadcast encryption allows a digital content provider to transmit an encrypted digital content securely over a broadcast channel to authorized users who use their own decryption key to decrypt the encrypted digital content and get the same digital content when they receive the encrypted digital content. A broadcast encryption that previously concentrated on the problems of the transmission rate of ciphertext and the key management cannot apply to a time-bound digital content. When a digital content used by an authorized user is expired, a digital content provider has to revoke the usage license of the authorized user. But if revoked user is too many, it will result in burden with computational cost of the digital content provider. We proposed a time-bound broadcast encryption mechanism that authorized users cannot decrypt to get a digital content used by them when it is expired, and a digital content provider has not to perform the revoking decryption keys. When a digital content is disseminated illegally, a system authority can use the algorithm of traitor tracing to revoke the usage license of the traitor. The proposed scheme based on bilinear pairings uses the secret sharing scheme to achieve the goal of dynamic revoking the set of authorized users and revoked key reusability. Besides, the proposed scheme satisfies the secure requirements of effectiveness, integrity, binding, semantically secure and traceability, and also provides key reusability.

博士
國立臺灣科技大學
資訊管理系
98
A broadcast encryption scheme enables a broadcaster to distribute an encrypted message block to a set of receivers via public network such that only the authorized receivers can decrypt it and recover the message block. In the past decades, broadcast encryption has been successfully deployed to several practical applications, such as the pay-TV systems and the secure multicast systems for distribution of copyrighted materials. In this thesis, we propose a new secure broadcasting scheme realizing the property of “information granularity” to achieve the receivers’ different requirements for the broadcasted message block. That is, a receiver with a higher security clearance level has the natural capability to recover a larger amount of information from the broadcasted message block. On the other hand, heterogeneous sensor networks are plausible in several practical applications, such as remotely monitoring patients for healthcare, pre-alarming environmental disasters, and sensing and tracking military missions due to their convenience and mobility in essence. Secure group communication is one of the important services in heterogeneous sensor networks for efficient transmission and rapid response in the case that certain sensitive or emergent applications are required. For secure group communication in heterogeneous sensor networks, we present an ECC-based group key management scheme in this thesis. In the proposed new secure broadcasting scheme realizing information granularity, we consider the case that a broadcasted message block consists of a set of disjoint message sub-blocks, and each of the receivers and each of the broadcasted message sub-blocks are respectively associated with a security clearance level pre-defined by the broadcaster. A receiver can recover the broadcasted message sub-blocks if and only if his/her security clearance level is greater than or equal to those of the message sub-blocks. The proposed scheme achieves the following features: (i) the length of the enabling block is independent of the number of receivers and the number of security clearance levels; (ii) each receiver holds only one small fixed-size decryption key corresponding to his/her security clearance level; (iii) it is computationally feasible for any receiver to derive a session key of a lower but never a higher security clearance level, even taking into account collusion with other receivers; (iv) any receiver can dynamically join or leave the system without resolving the re-keying problem for the existing receivers. In the proposed ECC-based group key management scheme for heterogeneous sensor networks, the sensor nodes face the challenge of power-exhaustion problem caused by running out of battery. They also face the threats of being compromised by adversaries. To resolve the challenges mentioned above, the base station of a heterogeneous sensor network should have the ability to easily handle the case of adding/revoking several sensor nodes in the deployed network if necessary. Thus, group key management is one of the crucial considerations for secure group communication in heterogeneous sensor networks. The proposed scheme achieves the following features: (i) each sensor node only stores one secret key that is used to efficiently derive the session key without extra communication overhead; (ii) as compared to previous work, the proposed scheme can easily handle the case of adding/revoking several sensor nodes in the deployed network if necessary; (iii) the proposed scheme is secure in the random oracle model and resilient against the node capture attack and the masquerade attack.

碩士
國立臺灣海洋大學
資訊工程學系
97
In this thesis, a generalized, anonymous, and identity-based broadcast encryption scheme is proposed. In a public key broadcast encryption scheme, every user can broadcast arbitrary message to any selected subset if user without being tapped by an unauthorized person. Unlike previous broadcast encryption schemes, the proposed scheme is generalized in a sense that not only a user in the upper hierarchy of a hierarchical identity-based scheme can delegate his subordinate users to do the broadcast encryption, but any unrelated user can delegate his capacity to other users; and anonymous in that both the encrypting party and the destination parties are not known to a third party. The security is proved in the standard model and a specific implementation of this scheme is designed.

碩士
國立臺北大學
資訊工程學系
100
In the first part of this thesis,we proposed an RSA-based broadcast encryption scheme.In this scheme we can solve the problem on traitor tracing.Under some conditions we can identify each traitor.Furthermore,without updating whole system,we can revoke at most k users conveniently. In the second part of this thesis,we proposed a modified attribute-based encryption scheme.Based on the scheme of Sahai and Waters ,we encrypt the attribute which can be eavesdropped in the original scheme of Sahai and Waters by using broadcast encryption.As a result, our scheme gets better privacy than the one of Sahai and Waters.

碩士
國立交通大學
資訊科學系所
93
Broadcast encryption scheme is a method let manager center broadcast digital content to large number of users efficiently and guarantees that only legal users have the ability to get the content. Broadcast encryption schemes have vast applications such as broadcasting movies, news on networks, and paid TV. There are stateful and stateless broadcast encryption schemes. Although stateless schemes need more message complexity, they don’t need users to keep online all the time. Among all of the stateless broadcast encryption schemes, subset difference method is the most practical. In this paper, we researched subset difference method, and found some inefficient covers. In the practical applications, we don’t need to revoke all illegal users immediately. Thus, we propose a new method that reduces its message complexity to 2/3 of SD’s. Our method can have the perfect revocation in the help of special routers.

碩士
國立臺灣科技大學
資訊管理系
93
Broadcast encryption scheme can solve the prevent problems of digital content protection and authorization. In existing broadcast applied environment, digital content providers provide too many information, and most of subscribers need different digital content. Providers ignore real requirements of subscribers, but subscribers need to pay all charge. It does not conform to the consumer sovereign rights. So we aim at these problems which occurred, and provide a new broadcast encryption scheme which realizing the different charge model by different digital content. In this method, broadcaster classifies authorization by digital content and different level by information granularity. Subscribers can order some authorized level. They need to pay charge merely to the authorization which they subscribed. After paying the charge, subscribers can obtain digital content through broadcasting. This paper possesses several characteristics as following : (1) Subscribers only pay charge for level of information granularity; (2) When dynamically updating subscribers, broadcaster does not need redistribute decrypted keys for original subscribers; (3) Key size 192 bits can achieve secure level as same as key size 1024 bits of RSA; (4) Subscribers store only one key; (5) Broadcast data size has no relationship with number of subscribers; (6) Because of characteristics of bilinear mapping can make complex and hard problems to be simplified and have effective solution; (7) This paper satisfies the requirements of unforgeability of decrypted key, unforgeability of session key, continuity of session key, forward secrecy and backward secrecy of digital content.

碩士
國立臺灣科技大學
資訊管理系
92
The selective subscription service is both facilitate and the economical subscription model for non-regular or the temporary subscribers. The service provider can reduce the computational cost and the transmission overhead using the broadcast mechanism. However, the present broadcast mechanisms are unable effectively to prevent the service provider from knowing, disclosing, and selling the sensitive information of subscribers, simultaneously solve the massive subscription and the unsubscription problems in the environment of selective subscription service. In this thesis, we propose an anonymous broadcast encryption mechanism for selective subscription service; and further, we present the discrete subscription and the continuous subscription schemes for realizing this mechanism. The former can reduce the length of decoding key held by the non-regular or the temporary subscribers and the computational cost of the subscribers during decoding the pay program; the latter can reduce the size of decoding key held by the regular subscribers that persistently watch the pay programs. Our proposed schemes satisfy the following properties: (1) achieve anonymity of the subscriber and non-repudiation of both service provider and subscriber; (2) achieve the forward secrecy and backward secrecy of decoding key; (3) the service provider does not require to decide an a-priori bound on the number of subscribers and consequently allows unlimited number of subscribers to subscribe pay programs; (4) the processes of subscription and unsubscription accomplish without updating any decoding key of the remaining subscribers; (5) the size of the enabling block for broadcasting pay program is independent of the number of subscribers; (6) satisfy the requirements of selective subscription such as scalability, selectivity and unsubscription.

碩士
國立臺灣科技大學
資訊管理系
96
The broadcast encryption scheme with user/digital content grouping and classing is applying correspondingly to this customer-oriented era. Therefore, our scheme based on XML data structure designs the number of information granularity by tree structure. It achieves grouping and classing of users by combining the grouping broadcast encryption scheme with layered-access control based on ECC :(1)achieve the selectivity of users;(2)dynamic digital content is grouping and classing management;(3)dynamic users management that users can add or leave ;(4)dynamic key management ;(5)the content provider does not need to decide an a-priori bound of the number of users;(6)resist user collusion;(7)achieve forward and backward secrecy;(8) the legal right of an user limit selectively of content and the session key is not continuity ;(9)the users’ storage achieve O(1) and the broadcast content is O(2l-1).

abstract: Broadcast Encryption is the task of cryptographically securing communication in a broadcast environment so that only a dynamically specified subset of subscribers, called the privileged subset, may decrypt the communication. In practical applications, it is desirable for a Broadcast Encryption Scheme (BES) to demonstrate resilience against attacks by colluding, unprivileged subscribers. Minimal Perfect Hash Families (PHFs) have been shown to provide a basis for the construction of memory-efficient t-resilient Key Pre-distribution Schemes (KPSs) from multiple instances of 1-resilient KPSs. Using this technique, the task of constructing a large t-resilient BES is reduced to finding a near-minimal PHF of appropriate parameters. While combinatorial and probabilistic constructions exist for minimal PHFs with certain parameters, the complexity of constructing them in general is currently unknown. This thesis introduces a new type of hash family, called a Scattering Hash Family (ScHF), which is designed to allow for the scalable and ingredient-independent design of memory-efficient BESs for large parameters, specifically resilience and total number of subscribers. A general BES construction using ScHFs is shown, which constructs t-resilient KPSs from other KPSs of any resilience ≤w≤t. In addition to demonstrating how ScHFs can be used to produce BESs , this thesis explores several ScHF construction techniques. The initial technique demonstrates a probabilistic, non-constructive proof of existence for ScHFs . This construction is then derandomized into a direct, polynomial time construction of near-minimal ScHFs using the method of conditional expectations. As an alternative approach to direct construction, representing ScHFs as a k-restriction problem allows for the indirect construction of ScHFs via randomized post-optimization. Using the methods defined, ScHFs are constructed and the parameters' effects on solution size are analyzed. For large strengths, constructive techniques lose significant performance, and as such, asymptotic analysis is performed using the non-constructive existential results. This work concludes with an analysis of the benefits and disadvantages of BESs based on the constructed ScHFs. Due to the novel nature of ScHFs, the results of this analysis are used as the foundation for an empirical comparison between ScHF-based and PHF-based BESs . The primary bases of comparison are construction efficiency, key material requirements, and message transmission overhead.
Dissertation/Thesis
M.S. Computer Science 2012

碩士
長庚大學
資訊管理研究所
95
With the progress of wireless network techniques and the spread of all kinds of wireless communication devices, they make the physical content transform to digital content, such as the videos, musics, books, and video games. On the contrary, since those are easy to be duplicated and shared with others, it will violate the intellectual property rights and ruin the growth of whole digital content industries. Digital right management (DRM) system provides the digital content owner to protect and manage their resources. In this thesis, we propose three broadcast encryption schemes with selective and classifiable subscription: continual, selective and continual, and selective and discrete classifiable subscriptions. Those schemes are enough to satisfy various applications. Besides, selective subscription allows the customers subscribe the service or digital content arbitrarily and classifiable subscription provides the providers and users to manage the digital content rights effectively, such as the period of subscription and the classification of TV programs. Furthermore, the proposed schemes satisfy several properties: traitor tracing, revocation property, selective subscription, classifiable subscription, forward secrecy, backward secrecy, user scalability, provider scalability, and holding property. So far as the efficiency is concerned, the proposed schemes require lower costs in transmission and storage. In the other words, the number of transmitted ciphertexts to users is independent of the number of users, and the number of keys stored by users is independent of the number of channels they ordered. Finally, we propose an application of digital right management using our schemes.

碩士
國立交通大學
資訊科學與工程研究所
96
We propose a fully collusion resistant public key broadcast encryption scheme that achieves O(1) public key size, O(log n) private key size, O(r) ciphertext size, and O(1) decryption time where n is the number of users in the system and r is the number of the revoked users. To the best of our knowledge, our scheme is the most efficient scheme in the existing broadcast encryption schemes. Our scheme also achieves the IND-CCA2 security in the random oracle model. It is based on the idea of [LT08] and the result of [Boy07]. We provide a key derivation method that reduces the private key size to O(log n) while [LT08] is O(log2 n). We apply the method of [Boy07] to enhance the security to IND-CCA2 without redundancy.

碩士
國立交通大學
資訊科學與工程研究所
95
We proposed two public-key broadcast encryption schemes. The first scheme, called the BE-PI scheme, has O( r ) header size, O( r ) computation cost, O( 1 ) public keys and O( 1 )private keys, where r is the number of revoked users and n is the number of users. This is the first public-key BE(broadcast encryption) scheme that with O(logn) private keys under O( r ) header size. The other scheme, we call it PK-SD-PI scheme, has O( r ) header size, O( 1 ) public keys,O(logn^2) private keys and only O( 1 ) computation cost. By using similar technique in LSD. We can convert it to PK-LSD-PI scheme, has O( 1 ) public keys and O(logn^1+1/k) private keys with kr header size tradeoff. Using our method, it also can reduce public key size to O( 1 ) in public traitor tracing scheme. Our BE system is static full-collusion resistant secure under chosen plain attack (CPA). With little modification, it can also against chosen cipher attack (CCA).

碩士
國立中央大學
資訊工程學系碩士在職專班
100
Most of online examination systems only provided textual mode questions like multiple choice/choices questions, short answer questions. In order to improve this issue, we integrated a variety of online edit components into our online examination system including UML(Unified Modeling Language), mathematical equations, programming code, data sheet editors…etc. With this various types of examination edit components, online examination no longer limited to textual mode examination. During the online examinations, demonstration for students about how to operate this system is necessary. In order to fit this need. Our system integrates Red5 Media Server streaming platform. Teacher can broadcast the streaming of the desktop operations to those students who is doing their online examination. For the compatibility of communication across different platforms, we apply Symmetric Key Encryption, Asymmetric Key Encryption, Hash Function and Digital Signature on our online examination query services that enhances information security in online examination system.

Content distribution systems are essentially content protection systems that protect premium multimedia content from being illegally distributed. Physical content distribution systems form a subset of content distribution systems with which the content is distributed via physical media such as CDs, Blu-ray discs, etc. This thesis studies physical content distribution systems. Specifically, we concentrate our study on the design and analysis of three key components of the system: broadcast encryption for stateless receivers, mutual authentication with key agreement, and traitor tracing. The context in which we study these components is the Advanced Access Content System (AACS). We identify weaknesses present in AACS, and we also propose improvements to make the original system more secure, flexible and efficient.