English  |  正體中文  |  简体中文  |  Post-Print筆數 : 11 |  Items with full text/Total items : 88668/118332 (75%)
Visitors : 23507112      Online Users : 244
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://nccur.lib.nccu.edu.tw/handle/140.119/125046


    Title: 加密貨幣交易平台之私鑰管理
    Key management for cryptocurrency exchange platform
    Authors: 李依珊
    Lee, Yi-Shan
    Contributors: 左瑞麟
    Tso, Ray-Lin
    李依珊
    Lee, Yi-Shan
    Keywords: 加密貨幣交易平台
    金鑰管理
    秘密分享
    Cryptocurrency exchange platform
    Key management
    Secret sharing
    FIDO
    Date: 2019
    Issue Date: 2019-08-07 17:08:09 (UTC+8)
    Abstract: 近幾年加密貨幣與區塊鏈的話題倍受矚目,國內外加密貨幣交易平台亦紛紛設立,但其安全性問題也逐漸浮上檯面,由於現行有許多加密貨幣交易平台是中心化運作,除了扮演了資金託管的角色,甚至也保管了用戶錢包金鑰,因此而造成國內外多起駭客攻擊盜取金鑰之案件,導致用戶的加密貨幣遭移轉而損失慘重。另一方面,因私鑰遺失造成損失的消息也是不時出現在新聞媒體中,故金鑰保管在此領域中是相當重要的議題。
    本研究將先針對加密貨幣、交易所及交易平台之資訊進行蒐集,並針對金鑰保管之流程進行改良,使用秘密分享(Secret Sharing)方法,設計結合FIDO標準之身分辨識機制,讓用戶能夠使用密碼或FIDO之辨識機制登入或轉帳,避免因密碼遺失而造成損失。此外,本研究透過密碼延伸PBKDF2方法,將用戶密碼複雜化後再用於金鑰加密,可確保交易平台管理者無法取得或使用用戶之金鑰,以強化金鑰保管的隱私性與安全性。
    研究實作主要開發註冊、登入與密碼變更等功能,實際驗證將金鑰進行秘密分享、加密與還原等流程,皆能如設計運作完成。
    In recent years, the topic of cryptocurrency and blockchain has attracted much attention. Domestic and foreign cryptocurrency exchange platforms have been set up, but their security issues have gradually surfaced. There are many cryptocurrency exchange platforms that are centralized, in addition to providing cryptocurrency hosting services, and also keeping the user's wallet private key, thus causing many hackers to attack and steal keys. The user's cryptocurrency was transferred and suffered heavy losses. On the other hand, the message of loss due to the loss of the private key is also frequently found in the news media, so key management is a very important issue.
    This research will first collect information on cryptocurrencies, exchanges and platforms, then improve the key management process, and use the Secret Sharing method to design an identity identification mechanism that combines the FIDO standard to enable users to use a password or FIDO identification mechanism to login or transfer to avoid loss due to lost password. In addition, this research uses "PBKDF2" method to protect the user's password and then use it for key encryption to ensure that the exchange platform administrator cannot obtain and use the user's private key to enhance the privacy and security of private key management.
    We successfully completed the secret sharing, encryption and recovery process of the key according to the design, and implemented functions such as registration, login and password change of the system in this research.
    Reference: [1] 北美智權報213期,ICO監管,關鍵得靠業者自律,Retrieved February 16 2019, from: http://www.naipo.com/Portals/1/web_tw/Knowledge_Center/Industry_Economy/IPNC_180613_0703.htm
    [2] 金融監督管理委員會重要公告, 金管會107年重要施政成果及108年工作重點, Retrieved February 16 2019, from: https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=201901280001&dtable=Bulletin&aplistdn=ou=bulletin,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw
    [3] ABC News, Retrieved March 9 2019, from: https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056?pfmredir=sm
    [4] CCN News, Retrieved March 9 2019, from: https://www.ccn.com/17-million-nano-xrb-lost-on-bitgrail-exchange
    [5] Business Korea, Retrieved March 9 2019, from: http://www.businesskorea.co.kr/news/articleView.html?idxno=29374
    [6] The Wall Street Journal, Retrieved March 9 2019, from: https://www.wsj.com/articles/a-crypto-mystery-is-140-million-stuck-or-missing-11549449001
    [7] Satoshi Nakamoto, (2008), Bitcoin-A Peer-to-Peer Electronic Cash System, Retrieved February 16 2019, from: https://bitcoin.org/bitcoin.pdf
    [8] 商業周刊1600期,2018.07,區塊鏈活用指南,page 80-81.
    [9] 科學人雜誌No.192,2018.02,鑄造全新貨幣秩序特別報導,page 32-35.
    [10] Scott Vanstone, (July 1992), Responses to NIST's Proposal, Communications of the ACM, Retrieved February 16 2019, from: https://dl.acm.org/citation.cfm?id=129905
    [11] 國家發展委員會重大政策,智慧政府推動策略計畫,Retrieved February 16 2019, from: https://www.ndc.gov.tw/Content_List.aspx?n=589F7971894A9B51&upn=4ACC9949162C6856
    [12] Trade Tech–A New Age for Trade and Supply Chain Finance, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_White_Paper_Trade_Tech_.pdf
    [13] Building Block(chain)s for a Better Planet, Retrieved February 16 2019, from: http://www3.weforum.org/docs/WEF_Building-Blockchains.pdf
    [14] iThome News, Retrieved March 9 2019, from: https://www.ithome.com.tw/news/115341
    [15] Business Insider News, Retrieved March 9 2019, from: https://www.businessinsider.com/dao-hacked-ethereum-crashing-in-value-tens-of-millions-allegedly-stolen-2016-6
    [16] Nick Szabo, (1994). Smart Contracts, Retrieved February 16 2019, from: https://web.archive.org/web/20011102030833/http://szabo.best.vwh.net:80/smart.contracts.html
    [17] Vitalik Buterin, (2013), Ethereum White Paper - A Next Generation Smart Contract & Decentralized Application Platform, Retrieved February 16 2019, from: http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
    [18] 經濟日報, Retrieved March 9 2019,from: https://money.udn.com/money/story/5613/3675743
    [19] LocalEthereum Witepaper, Retrieved April 14 2019, From: https://whitepaper.localethereum.com/
    [20] 橢圓曲線Diffie-Hellman, Retrieved April 14 2019, From: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
    [21] Alliance Overview, Retrieved February 16 2019, from: https://fidoalliance.org/overview/
    [22] FIDO UAF Architectural Overview(Draft 02), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-overview-v1.1-id-20170202.html
    [23] FIDO2 Project, Retrieved February 16 2019, from: https://fidoalliance.org/fido2/
    [24] Web Authentication: An API for accessing Public Key Credentials Level 1, Retrieved February 16 2019, from: https://www.w3.org/TR/webauthn/
    [25] Client to Authenticator Protocol (CTAP), Retrieved February 16 2019, from: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
    [26] W3C and FIDO Alliance Finalize Web Standard for Secure, Retrieved April 20 2019, From: https://www.w3.org/2019/03/pressrelease-webauthn-rec.html
    [27] G. R. Blakley, (1979), Safeguarding Cryptographic Keys, in Proc. AFIPS 1979 NCC, vol. 48, pp. 313-317.
    [28] A. Shamir, (1979), How to Share a Secret, Communications of the ACM, vol. 22, pp. 612-613.
    [29] RONG Hui-gui, MO Jin-xia, CHANG Bing-guo, SUN Guang, LONG Fei, (2015), Key distribution and recovery algorithm based on Shamir's secret sharing, Journal on Communications, vol. 36, page 1-6.
    [30] F. Yao, Frances & Lisa Yin, Yiqun. (2005). Design and Analysis of Password-Based Key Derivation Functions. IEEE Transactions on Information Theory - TIT. 51. 245-261. 10.1109/TIT.2005.853307.
    [31] 比特幣-台灣 Bitcoin-tw.com, Retrieved February 24 2019, from: http://www.bitcoin-tw.com/bitcoin-risks.html
    [32] 趨勢科技2019年資安預測, Retrieved April 20 2019 , From: https://www.trendmicro.com/content/dam/trendmicro/global/zh_tw/security-intelligence/research/reports/rpt_2019-Security-Prediction-Mapping-the-Future_C.pdf
    [33] FIDO Alliance FIDO的工作原理, Retrieved April 20 2019 , From: https://fidoalliance.org/fido-%E7%9A%84%E4%B8%8E%E4%BC%97%E4%B8%8D%E5%90%8C%E4%B9%8B%E5%A4%84/?lang=zh-hans
    [34] White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations, Retrieved April 20 2019 , From: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations/?lang=zh-hans
    Description: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    106971006
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106971006
    Data Type: thesis
    DOI: 10.6814/NCCU201900275
    Appears in Collections:[資訊科學系碩士在職專班] 學位論文

    Files in This Item:

    File SizeFormat
    100601.pdf5271KbAdobe PDF0View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback