Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 加密貨幣交易平台之私鑰管理
Key management for cryptocurrency exchange platform
作者 李依珊
Lee, Yi-Shan
貢獻者 左瑞麟
Tso, Ray-Lin
李依珊
Lee, Yi-Shan
關鍵詞 加密貨幣交易平台
金鑰管理
秘密分享
Cryptocurrency exchange platform
Key management
Secret sharing
FIDO
日期 2019
上傳時間 7-Aug-2019 17:08:09 (UTC+8)
摘要 近幾年加密貨幣與區塊鏈的話題倍受矚目,國內外加密貨幣交易平台亦紛紛設立,但其安全性問題也逐漸浮上檯面,由於現行有許多加密貨幣交易平台是中心化運作,除了扮演了資金託管的角色,甚至也保管了用戶錢包金鑰,因此而造成國內外多起駭客攻擊盜取金鑰之案件,導致用戶的加密貨幣遭移轉而損失慘重。另一方面,因私鑰遺失造成損失的消息也是不時出現在新聞媒體中,故金鑰保管在此領域中是相當重要的議題。
本研究將先針對加密貨幣、交易所及交易平台之資訊進行蒐集,並針對金鑰保管之流程進行改良,使用秘密分享(Secret Sharing)方法,設計結合FIDO標準之身分辨識機制,讓用戶能夠使用密碼或FIDO之辨識機制登入或轉帳,避免因密碼遺失而造成損失。此外,本研究透過密碼延伸PBKDF2方法,將用戶密碼複雜化後再用於金鑰加密,可確保交易平台管理者無法取得或使用用戶之金鑰,以強化金鑰保管的隱私性與安全性。
研究實作主要開發註冊、登入與密碼變更等功能,實際驗證將金鑰進行秘密分享、加密與還原等流程,皆能如設計運作完成。
In recent years, the topic of cryptocurrency and blockchain has attracted much attention. Domestic and foreign cryptocurrency exchange platforms have been set up, but their security issues have gradually surfaced. There are many cryptocurrency exchange platforms that are centralized, in addition to providing cryptocurrency hosting services, and also keeping the user`s wallet private key, thus causing many hackers to attack and steal keys. The user`s cryptocurrency was transferred and suffered heavy losses. On the other hand, the message of loss due to the loss of the private key is also frequently found in the news media, so key management is a very important issue.
This research will first collect information on cryptocurrencies, exchanges and platforms, then improve the key management process, and use the Secret Sharing method to design an identity identification mechanism that combines the FIDO standard to enable users to use a password or FIDO identification mechanism to login or transfer to avoid loss due to lost password. In addition, this research uses "PBKDF2" method to protect the user`s password and then use it for key encryption to ensure that the exchange platform administrator cannot obtain and use the user`s private key to enhance the privacy and security of private key management.
We successfully completed the secret sharing, encryption and recovery process of the key according to the design, and implemented functions such as registration, login and password change of the system in this research.
參考文獻 [1] 北美智權報213期,ICO監管,關鍵得靠業者自律,Retrieved February 16 2019, from: http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_180613_0703.htm
[2] 金融監督管理委員會重要公告, 金管會107年重要施政成果及108年工作重點, Retrieved February 16 2019, from: https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=201901280001&dtable=Bulletin&aplistdn=ou=bulletin,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw
[3] ABC News, Retrieved March 9 2019, from: https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056?pfmredir=sm
[4] CCN News, Retrieved March 9 2019, from: https://www.ccn.com/17-million-nano-xrb-lost-on-bitgrail-exchange
[5] Business Korea, Retrieved March 9 2019, from: http://www.businesskorea.co.kr/news/articleView.html?idxno=29374
[6] The Wall Street Journal, Retrieved March 9 2019, from: https://www.wsj.com/articles/a-crypto-mystery-is-140-million-stuck-or-missing-11549449001
[7] Satoshi Nakamoto, (2008), Bitcoin-A Peer-to-Peer Electronic Cash System, Retrieved February 16 2019, from: https://bitcoin.org/bitcoin.pdf
[8] 商業周刊1600期,2018.07,區塊鏈活用指南,page 80-81.
[9] 科學人雜誌No.192,2018.02,鑄造全新貨幣秩序特別報導,page 32-35.
[10] Scott Vanstone, (July 1992), Responses to NIST`s Proposal, Communications of the ACM, Retrieved February 16 2019, from: https://dl.acm.org/citation.cfm?id=129905
[11] 國家發展委員會重大政策,智慧政府推動策略計畫,Retrieved February 16 2019, from: https://www.ndc.gov.tw/Content_List.aspx?n=589F7971894A9B51&upn=4ACC9949162C6856
[12] Trade Tech–A New Age for Trade and Supply Chain Finance, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_White_Paper_Trade_Tech_.pdf
[13] Building Block(chain)s for a Better Planet, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_Building-Blockchains.pdf
[14] iThome News, Retrieved March 9 2019, from: https://www.ithome.com.tw/news/115341
[15] Business Insider News, Retrieved March 9 2019, from: https://www.businessinsider.com/dao-hacked-ethereum-crashing-in-value-tens-of-millions-allegedly-stolen-2016-6
[16] Nick Szabo, (1994). Smart Contracts, Retrieved February 16 2019, from: https://web.archive.org/web/20011102030833/http://szabo.best.vwh.net:80/smart.contracts.html
[17] Vitalik Buterin, (2013), Ethereum White Paper - A Next Generation Smart Contract & Decentralized Application Platform, Retrieved February 16 2019, from: http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
[18] 經濟日報, Retrieved March 9 2019,from: https://money.udn.com/money/story/5613/3675743
[19] LocalEthereum Witepaper, Retrieved April 14 2019, From: https://whitepaper.localethereum.com/
[20] 橢圓曲線Diffie-Hellman, Retrieved April 14 2019, From: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[21] Alliance Overview, Retrieved February 16 2019, from: https://fidoalliance.org/overview/
[22] FIDO UAF Architectural Overview(Draft 02), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-overview-v1.1-id-20170202.html
[23] FIDO2 Project, Retrieved February 16 2019, from: https://fidoalliance.org/fido2/
[24] Web Authentication: An API for accessing Public Key Credentials Level 1, Retrieved February 16 2019, from: https://www.w3.org/TR/webauthn/
[25] Client to Authenticator Protocol (CTAP), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
[26] W3C and FIDO Alliance Finalize Web Standard for Secure, Retrieved April 20 2019, From: https://www.w3.org/2019/03/pressrelease-webauthn-rec.html
[27] G. R. Blakley, (1979), Safeguarding Cryptographic Keys, in Proc. AFIPS 1979 NCC, vol. 48, pp. 313-317.
[28] A. Shamir, (1979), How to Share a Secret, Communications of the ACM, vol. 22, pp. 612-613.
[29] RONG Hui-gui, MO Jin-xia, CHANG Bing-guo, SUN Guang, LONG Fei, (2015), Key distribution and recovery algorithm based on Shamir`s secret sharing, Journal on Communications, vol. 36, page 1-6.
[30] F. Yao, Frances & Lisa Yin, Yiqun. (2005). Design and Analysis of Password-Based Key Derivation Functions. IEEE Transactions on Information Theory - TIT. 51. 245-261. 10.1109/TIT.2005.853307.
[31] 比特幣-台灣 Bitcoin-tw.com, Retrieved February 24 2019, from: http://www.bitcoin-tw.com/bitcoin-risks.html
[32] 趨勢科技2019年資安預測, Retrieved April 20 2019 , From: https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelligence/research/reports/rpt_2019-Security-Prediction-Mapping-the-Future_C.pdf
[33] FIDO Alliance FIDO的工作原理, Retrieved April 20 2019 , From: https://fidoalliance.org/fido-%E7%9A%84%E4%B8%8E%E4%BC%97%E4%B8%8D%E5%90%8C%E4%B9%8B%E5%A4%84/?lang=zh-hans
[34] White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations, Retrieved April 20 2019 , From: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations/?lang=zh-hans
描述 碩士
國立政治大學
資訊科學系碩士在職專班
106971006
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0106971006
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray-Linen_US
dc.contributor.author (Authors) 李依珊zh_TW
dc.contributor.author (Authors) Lee, Yi-Shanen_US
dc.creator (作者) 李依珊zh_TW
dc.creator (作者) Lee, Yi-Shanen_US
dc.date (日期) 2019en_US
dc.date.accessioned 7-Aug-2019 17:08:09 (UTC+8)-
dc.date.available 7-Aug-2019 17:08:09 (UTC+8)-
dc.date.issued (上傳時間) 7-Aug-2019 17:08:09 (UTC+8)-
dc.identifier (Other Identifiers) G0106971006en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/125046-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學系碩士在職專班zh_TW
dc.description (描述) 106971006zh_TW
dc.description.abstract (摘要) 近幾年加密貨幣與區塊鏈的話題倍受矚目,國內外加密貨幣交易平台亦紛紛設立,但其安全性問題也逐漸浮上檯面,由於現行有許多加密貨幣交易平台是中心化運作,除了扮演了資金託管的角色,甚至也保管了用戶錢包金鑰,因此而造成國內外多起駭客攻擊盜取金鑰之案件,導致用戶的加密貨幣遭移轉而損失慘重。另一方面,因私鑰遺失造成損失的消息也是不時出現在新聞媒體中,故金鑰保管在此領域中是相當重要的議題。
本研究將先針對加密貨幣、交易所及交易平台之資訊進行蒐集,並針對金鑰保管之流程進行改良,使用秘密分享(Secret Sharing)方法,設計結合FIDO標準之身分辨識機制,讓用戶能夠使用密碼或FIDO之辨識機制登入或轉帳,避免因密碼遺失而造成損失。此外,本研究透過密碼延伸PBKDF2方法,將用戶密碼複雜化後再用於金鑰加密,可確保交易平台管理者無法取得或使用用戶之金鑰,以強化金鑰保管的隱私性與安全性。
研究實作主要開發註冊、登入與密碼變更等功能,實際驗證將金鑰進行秘密分享、加密與還原等流程,皆能如設計運作完成。
zh_TW
dc.description.abstract (摘要) In recent years, the topic of cryptocurrency and blockchain has attracted much attention. Domestic and foreign cryptocurrency exchange platforms have been set up, but their security issues have gradually surfaced. There are many cryptocurrency exchange platforms that are centralized, in addition to providing cryptocurrency hosting services, and also keeping the user`s wallet private key, thus causing many hackers to attack and steal keys. The user`s cryptocurrency was transferred and suffered heavy losses. On the other hand, the message of loss due to the loss of the private key is also frequently found in the news media, so key management is a very important issue.
This research will first collect information on cryptocurrencies, exchanges and platforms, then improve the key management process, and use the Secret Sharing method to design an identity identification mechanism that combines the FIDO standard to enable users to use a password or FIDO identification mechanism to login or transfer to avoid loss due to lost password. In addition, this research uses "PBKDF2" method to protect the user`s password and then use it for key encryption to ensure that the exchange platform administrator cannot obtain and use the user`s private key to enhance the privacy and security of private key management.
We successfully completed the secret sharing, encryption and recovery process of the key according to the design, and implemented functions such as registration, login and password change of the system in this research.
en_US
dc.description.tableofcontents 摘要 i
Abstract ii
圖目錄 vi
表目錄 viii
第1章 前言 1
1.1 研究動機 1
1.2 研究方法及目標 2
1.3 論文架構 3
第2章 技術背景 4
2.1 區塊鏈(BLOCKCHAIN) 4
2.2 以太坊(ETHEREUM) 7
2.2.1 智能合約(Smart Contract) 8
2.2.2 智能合約(Smart Contract)的運作 9
2.3 DAPP(DECENTRALIZED APPLICATION) 10
2.4 加密貨幣與交易平台 12
2.4.1 加密貨幣簡介與現況 12
2.4.2 加密貨幣交易平台 14
2.5 LOCALETHEREUM介紹 19
2.5.1 用戶密碼管理 20
2.5.2 點對點安全通訊 20
2.5.3 託管交易 21
2.6 FIDO標準 22
2.6.1 FIDO 1.0 22
2.6.2 FIDO運作 23
2.6.3 FIDO2 26
2.7 秘密分享(SECRET SHARING) 26
2.8 PBKDF2 27
2.9 TRUFFLE 29
第3章 相關研究 31
3.1 私鑰保護機制 31
3.2 FIDO標準之原理與延伸 34
第4章 研究方法與架構 37
4.1 設計概要 37
4.2 流程設計 38
4.3 系統介面設計 43
4.4 資料庫設計 45
第5章 研究結果與實作 47
5.1 開發環境 47
5.2 實作驗證畫面 47
5.2.1 用戶輸入註冊資料畫面 47
5.2.2 用戶完成註冊畫面 48
5.2.3 用戶輸入登入資料畫面 48
5.2.4 用戶E-Mail驗證信畫面 49
5.2.5 用戶登入成功畫面 50
5.2.6 用戶變更密碼輸入畫面 50
5.2.7 用戶變更密碼成功畫面 51
5.3 金鑰管理的安全性分析 51
第6章 結論與未來研究 53
參考文獻 54
zh_TW
dc.format.extent 5397697 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0106971006en_US
dc.subject (關鍵詞) 加密貨幣交易平台zh_TW
dc.subject (關鍵詞) 金鑰管理zh_TW
dc.subject (關鍵詞) 秘密分享zh_TW
dc.subject (關鍵詞) Cryptocurrency exchange platformen_US
dc.subject (關鍵詞) Key managementen_US
dc.subject (關鍵詞) Secret sharingen_US
dc.subject (關鍵詞) FIDOen_US
dc.title (題名) 加密貨幣交易平台之私鑰管理zh_TW
dc.title (題名) Key management for cryptocurrency exchange platformen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) [1] 北美智權報213期,ICO監管,關鍵得靠業者自律,Retrieved February 16 2019, from: http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_180613_0703.htm
[2] 金融監督管理委員會重要公告, 金管會107年重要施政成果及108年工作重點, Retrieved February 16 2019, from: https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=201901280001&dtable=Bulletin&aplistdn=ou=bulletin,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw
[3] ABC News, Retrieved March 9 2019, from: https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056?pfmredir=sm
[4] CCN News, Retrieved March 9 2019, from: https://www.ccn.com/17-million-nano-xrb-lost-on-bitgrail-exchange
[5] Business Korea, Retrieved March 9 2019, from: http://www.businesskorea.co.kr/news/articleView.html?idxno=29374
[6] The Wall Street Journal, Retrieved March 9 2019, from: https://www.wsj.com/articles/a-crypto-mystery-is-140-million-stuck-or-missing-11549449001
[7] Satoshi Nakamoto, (2008), Bitcoin-A Peer-to-Peer Electronic Cash System, Retrieved February 16 2019, from: https://bitcoin.org/bitcoin.pdf
[8] 商業周刊1600期,2018.07,區塊鏈活用指南,page 80-81.
[9] 科學人雜誌No.192,2018.02,鑄造全新貨幣秩序特別報導,page 32-35.
[10] Scott Vanstone, (July 1992), Responses to NIST`s Proposal, Communications of the ACM, Retrieved February 16 2019, from: https://dl.acm.org/citation.cfm?id=129905
[11] 國家發展委員會重大政策,智慧政府推動策略計畫,Retrieved February 16 2019, from: https://www.ndc.gov.tw/Content_List.aspx?n=589F7971894A9B51&upn=4ACC9949162C6856
[12] Trade Tech–A New Age for Trade and Supply Chain Finance, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_White_Paper_Trade_Tech_.pdf
[13] Building Block(chain)s for a Better Planet, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_Building-Blockchains.pdf
[14] iThome News, Retrieved March 9 2019, from: https://www.ithome.com.tw/news/115341
[15] Business Insider News, Retrieved March 9 2019, from: https://www.businessinsider.com/dao-hacked-ethereum-crashing-in-value-tens-of-millions-allegedly-stolen-2016-6
[16] Nick Szabo, (1994). Smart Contracts, Retrieved February 16 2019, from: https://web.archive.org/web/20011102030833/http://szabo.best.vwh.net:80/smart.contracts.html
[17] Vitalik Buterin, (2013), Ethereum White Paper - A Next Generation Smart Contract & Decentralized Application Platform, Retrieved February 16 2019, from: http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
[18] 經濟日報, Retrieved March 9 2019,from: https://money.udn.com/money/story/5613/3675743
[19] LocalEthereum Witepaper, Retrieved April 14 2019, From: https://whitepaper.localethereum.com/
[20] 橢圓曲線Diffie-Hellman, Retrieved April 14 2019, From: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[21] Alliance Overview, Retrieved February 16 2019, from: https://fidoalliance.org/overview/
[22] FIDO UAF Architectural Overview(Draft 02), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-overview-v1.1-id-20170202.html
[23] FIDO2 Project, Retrieved February 16 2019, from: https://fidoalliance.org/fido2/
[24] Web Authentication: An API for accessing Public Key Credentials Level 1, Retrieved February 16 2019, from: https://www.w3.org/TR/webauthn/
[25] Client to Authenticator Protocol (CTAP), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
[26] W3C and FIDO Alliance Finalize Web Standard for Secure, Retrieved April 20 2019, From: https://www.w3.org/2019/03/pressrelease-webauthn-rec.html
[27] G. R. Blakley, (1979), Safeguarding Cryptographic Keys, in Proc. AFIPS 1979 NCC, vol. 48, pp. 313-317.
[28] A. Shamir, (1979), How to Share a Secret, Communications of the ACM, vol. 22, pp. 612-613.
[29] RONG Hui-gui, MO Jin-xia, CHANG Bing-guo, SUN Guang, LONG Fei, (2015), Key distribution and recovery algorithm based on Shamir`s secret sharing, Journal on Communications, vol. 36, page 1-6.
[30] F. Yao, Frances & Lisa Yin, Yiqun. (2005). Design and Analysis of Password-Based Key Derivation Functions. IEEE Transactions on Information Theory - TIT. 51. 245-261. 10.1109/TIT.2005.853307.
[31] 比特幣-台灣 Bitcoin-tw.com, Retrieved February 24 2019, from: http://www.bitcoin-tw.com/bitcoin-risks.html
[32] 趨勢科技2019年資安預測, Retrieved April 20 2019 , From: https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelligence/research/reports/rpt_2019-Security-Prediction-Mapping-the-Future_C.pdf
[33] FIDO Alliance FIDO的工作原理, Retrieved April 20 2019 , From: https://fidoalliance.org/fido-%E7%9A%84%E4%B8%8E%E4%BC%97%E4%B8%8D%E5%90%8C%E4%B9%8B%E5%A4%84/?lang=zh-hans
[34] White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations, Retrieved April 20 2019 , From: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations/?lang=zh-hans
zh_TW
dc.identifier.doi (DOI) 10.6814/NCCU201900275en_US