Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/125046


Title: 加密貨幣交易平台之私鑰管理
Key management for cryptocurrency exchange platform
Authors: 李依珊
Lee, Yi-Shan
Contributors: 左瑞麟
Tso, Ray-Lin
李依珊
Lee, Yi-Shan
Keywords: 加密貨幣交易平台
金鑰管理
秘密分享
Cryptocurrency exchange platform
Key management
Secret sharing
FIDO
Date: 2019
Issue Date: 2019-08-07 17:08:09 (UTC+8)
Abstract: 近幾年加密貨幣與區塊鏈的話題倍受矚目,國內外加密貨幣交易平台亦紛紛設立,但其安全性問題也逐漸浮上檯面,由於現行有許多加密貨幣交易平台是中心化運作,除了扮演了資金託管的角色,甚至也保管了用戶錢包金鑰,因此而造成國內外多起駭客攻擊盜取金鑰之案件,導致用戶的加密貨幣遭移轉而損失慘重。另一方面,因私鑰遺失造成損失的消息也是不時出現在新聞媒體中,故金鑰保管在此領域中是相當重要的議題。
本研究將先針對加密貨幣、交易所及交易平台之資訊進行蒐集,並針對金鑰保管之流程進行改良,使用秘密分享(Secret Sharing)方法,設計結合FIDO標準之身分辨識機制,讓用戶能夠使用密碼或FIDO之辨識機制登入或轉帳,避免因密碼遺失而造成損失。此外,本研究透過密碼延伸PBKDF2方法,將用戶密碼複雜化後再用於金鑰加密,可確保交易平台管理者無法取得或使用用戶之金鑰,以強化金鑰保管的隱私性與安全性。
研究實作主要開發註冊、登入與密碼變更等功能,實際驗證將金鑰進行秘密分享、加密與還原等流程,皆能如設計運作完成。
In recent years, the topic of cryptocurrency and blockchain has attracted much attention. Domestic and foreign cryptocurrency exchange platforms have been set up, but their security issues have gradually surfaced. There are many cryptocurrency exchange platforms that are centralized, in addition to providing cryptocurrency hosting services, and also keeping the user's wallet private key, thus causing many hackers to attack and steal keys. The user's cryptocurrency was transferred and suffered heavy losses. On the other hand, the message of loss due to the loss of the private key is also frequently found in the news media, so key management is a very important issue.
This research will first collect information on cryptocurrencies, exchanges and platforms, then improve the key management process, and use the Secret Sharing method to design an identity identification mechanism that combines the FIDO standard to enable users to use a password or FIDO identification mechanism to login or transfer to avoid loss due to lost password. In addition, this research uses "PBKDF2" method to protect the user's password and then use it for key encryption to ensure that the exchange platform administrator cannot obtain and use the user's private key to enhance the privacy and security of private key management.
We successfully completed the secret sharing, encryption and recovery process of the key according to the design, and implemented functions such as registration, login and password change of the system in this research.
Reference: [1] 北美智權報213期,ICO監管,關鍵得靠業者自律,Retrieved February 16 2019, from: http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_180613_0703.htm
[2] 金融監督管理委員會重要公告, 金管會107年重要施政成果及108年工作重點, Retrieved February 16 2019, from: https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=201901280001&dtable=Bulletin&aplistdn=ou=bulletin,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw
[3] ABC News, Retrieved March 9 2019, from: https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056?pfmredir=sm
[4] CCN News, Retrieved March 9 2019, from: https://www.ccn.com/17-million-nano-xrb-lost-on-bitgrail-exchange
[5] Business Korea, Retrieved March 9 2019, from: http://www.businesskorea.co.kr/news/articleView.html?idxno=29374
[6] The Wall Street Journal, Retrieved March 9 2019, from: https://www.wsj.com/articles/a-crypto-mystery-is-140-million-stuck-or-missing-11549449001
[7] Satoshi Nakamoto, (2008), Bitcoin-A Peer-to-Peer Electronic Cash System, Retrieved February 16 2019, from: https://bitcoin.org/bitcoin.pdf
[8] 商業周刊1600期,2018.07,區塊鏈活用指南,page 80-81.
[9] 科學人雜誌No.192,2018.02,鑄造全新貨幣秩序特別報導,page 32-35.
[10] Scott Vanstone, (July 1992), Responses to NIST's Proposal, Communications of the ACM, Retrieved February 16 2019, from: https://dl.acm.org/citation.cfm?id=129905
[11] 國家發展委員會重大政策,智慧政府推動策略計畫,Retrieved February 16 2019, from: https://www.ndc.gov.tw/Content_List.aspx?n=589F7971894A9B51&upn=4ACC9949162C6856
[12] Trade Tech–A New Age for Trade and Supply Chain Finance, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_White_Paper_Trade_Tech_.pdf
[13] Building Block(chain)s for a Better Planet, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_Building-Blockchains.pdf
[14] iThome News, Retrieved March 9 2019, from: https://www.ithome.com.tw/news/115341
[15] Business Insider News, Retrieved March 9 2019, from: https://www.businessinsider.com/dao-hacked-ethereum-crashing-in-value-tens-of-millions-allegedly-stolen-2016-6
[16] Nick Szabo, (1994). Smart Contracts, Retrieved February 16 2019, from: https://web.archive.org/web/20011102030833/http://szabo.best.vwh.net:80/smart.contracts.html
[17] Vitalik Buterin, (2013), Ethereum White Paper - A Next Generation Smart Contract & Decentralized Application Platform, Retrieved February 16 2019, from: http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
[18] 經濟日報, Retrieved March 9 2019,from: https://money.udn.com/money/story/5613/3675743
[19] LocalEthereum Witepaper, Retrieved April 14 2019, From: https://whitepaper.localethereum.com/
[20] 橢圓曲線Diffie-Hellman, Retrieved April 14 2019, From: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[21] Alliance Overview, Retrieved February 16 2019, from: https://fidoalliance.org/overview/
[22] FIDO UAF Architectural Overview(Draft 02), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-overview-v1.1-id-20170202.html
[23] FIDO2 Project, Retrieved February 16 2019, from: https://fidoalliance.org/fido2/
[24] Web Authentication: An API for accessing Public Key Credentials Level 1, Retrieved February 16 2019, from: https://www.w3.org/TR/webauthn/
[25] Client to Authenticator Protocol (CTAP), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
[26] W3C and FIDO Alliance Finalize Web Standard for Secure, Retrieved April 20 2019, From: https://www.w3.org/2019/03/pressrelease-webauthn-rec.html
[27] G. R. Blakley, (1979), Safeguarding Cryptographic Keys, in Proc. AFIPS 1979 NCC, vol. 48, pp. 313-317.
[28] A. Shamir, (1979), How to Share a Secret, Communications of the ACM, vol. 22, pp. 612-613.
[29] RONG Hui-gui, MO Jin-xia, CHANG Bing-guo, SUN Guang, LONG Fei, (2015), Key distribution and recovery algorithm based on Shamir's secret sharing, Journal on Communications, vol. 36, page 1-6.
[30] F. Yao, Frances & Lisa Yin, Yiqun. (2005). Design and Analysis of Password-Based Key Derivation Functions. IEEE Transactions on Information Theory - TIT. 51. 245-261. 10.1109/TIT.2005.853307.
[31] 比特幣-台灣 Bitcoin-tw.com, Retrieved February 24 2019, from: http://www.bitcoin-tw.com/bitcoin-risks.html
[32] 趨勢科技2019年資安預測, Retrieved April 20 2019 , From: https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelligence/research/reports/rpt_2019-Security-Prediction-Mapping-the-Future_C.pdf
[33] FIDO Alliance FIDO的工作原理, Retrieved April 20 2019 , From: https://fidoalliance.org/fido-%E7%9A%84%E4%B8%8E%E4%BC%97%E4%B8%8D%E5%90%8C%E4%B9%8B%E5%A4%84/?lang=zh-hans
[34] White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations, Retrieved April 20 2019 , From: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations/?lang=zh-hans
Description: 碩士
國立政治大學
資訊科學系碩士在職專班
106971006
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106971006
Data Type: thesis
Appears in Collections:[資訊科學系碩士在職專班] 學位論文

Files in This Item:

File SizeFormat
100601.pdf5271KbAdobe PDF272View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing