【作者】 王青龙；

【导师】 杨波；

【作者基本信息】 北京交通大学 ， 信息安全， 2009， 博士

【摘要】 广播加密为数字内容的安全分发提供了一种机制,保证只有授权用户才能得到广播的数字内容。针对授权用户可能的侵权行为(称为盗版),叛逆者追踪提供了一种保护机制使得在有侵权发生时能够追踪出实施侵权行为的授权用户。由于授权用户可以通过多种方式实施侵权行为,相应的也就有多种不同的叛逆者追踪技术。本文主要研究针对共享密钥方式侵权行为的叛逆者追踪技术。共享密钥方式的侵权过程是授权用户非法复制自己的解密钥给非授权用户,使得非授权用户也能得到广播分发的数据内容。叛逆者追踪可以确保在发现非授权用户拥有解密钥时,追踪出至少一个参与此解密钥复制的叛逆用户。针对这一研究领域,本文取得了如下成果:(1)对抗共谋性进行了深入研究,提出了两个完全抗共谋的公钥叛逆者追踪方案。作为叛逆者追踪研究的一个关键内容,设计满足完全抗共谋的叛逆者追踪方案是本文要解决的第一个问题。通过对原有存在共谋门限的公钥叛逆者追踪方案的深入分析,发现这些方案不能满足完全抗共谋性的主要原因是不同用户拥有的个人解密钥之间存在有相关性。基于这种分析,作者提出一种完全抗共谋的叛逆者追踪方案:一种免共谋的公钥叛逆者追踪方案,使用的方法是为每个用户分配一个互相之间不存在相关性的解密钥。方案同时满足传输开销和存储开销与用户数量无关。基于有限域上的多项式构造叛逆者追踪方案是叛逆者追踪研究中广泛采用的一种方法,但是,这类方案绝大多数都存在共谋门限。通过深入分析,发现存在共谋门限的主要原因是因为每个用户获得的解密钥为对应多项式曲线上的一个直接份额(对应多项式曲线上的一个点)。基于此分析,作者提出了另一种完全抗共谋的叛逆者追踪方案:一种完全抗共谋公钥叛逆者追踪方案,使用的方法是为每个用户分配一个间接信息作为其解密钥,而不是为用户分配一个直接份额作为其解密钥。(2)撤销性是叛逆者追踪研究的另一个关键内容,设计不存在撤销门限的公钥叛逆者追踪方案是本文要解决的第二个问题。满足完全撤销性的叛逆者追踪方案内在蕴含了广播加密的完备性。已有的满足完全撤销性的叛逆者追踪方案中广播分组长度或(和)用户解密钥长度与用户数量有关。经过深入研究,作者提出一个基于双线性映射构造的具有完全撤销性的公钥叛逆者追踪方案。方案只需对公开钥进行更新,而不需要对用户解密钥进行任何更新即可实现完全撤销性,并且传输开销和存储开销都与用户数量无关。(3)隐私性是叛逆者追踪研究需要考虑的又一个重要内容。设计满足隐私性的叛逆者追踪方案是本文要解决的第三个问题。从目前的研究来看,关于隐私性的研究还不多,且主要集中在保护用户的身份匿名性方面,也就是数据提供者不应了解用户的真实身份。关于被撤销用户的匿名性还没有方案明确提到。实际上,大多数叛逆者追踪方案在撤销用户时,需要在广播分组数据中给出与其身份有关的信息,使得被撤销用户的隐私得不到保护。作者提出的基于双线性映射构造的公钥叛逆者追踪方案同时实现了被撤销用户的匿名性。此外,作者还提出了一种无第三方参与的匿名指纹方案,方案在没有任何形式第三方参与的情况下,实现了信息提供者对订购用户的匿名认证并同时保证了对叛逆者的追踪。方案满足非对称性、不可联系性和防诬陷性。(4)其它方面,关于叛逆者追踪研究另提出了一种能够抵抗选择密文攻击的非对称公钥叛逆者追踪方案。关于广播加密,提出了两个分别基于RSA的广播加密方案和基于类身份的广播加密方案。基于RSA的广播加密方案中用户存储的解密钥长度为1,广播的分组信息长度与用户数量无关,方案满足完备性。基于类身份的广播加密同样满足完备性,并与同类方案相比有更高的效率。更多还原

【Abstract】 In digital content distribution systems,broadcast encryption brings a secure distribution mechanism.This mechanism assures that only legitimate/authorized users (called as subscribers) are able to extract the plaintext datum from received data which is transmitted in the way of broadcast.Meanwhile,traitor tracing introduced a copyright protection mechanism in order to deter piracy conducted by legitimate users who are called as traitor.As the mean of piracy might be implemented in different ways,variety traitor tracing mechanisms are being researched at present.The mechanism researched in this dissertation is mainly oriented to this situation where piracy is conducted in the way of sharing traitor’s decryption keys to illegal users.By this mechanism,at least one subscriber will be revealed if he/she is a traitor who took part in constructing the confiscated illegal decoder.In the field of broadcast encryption and traitor tracing,the author achieves the following contributions:1.As a main property of traitor tracing,collusion resistance is the first problem we researched,and two fully collusion resistant public key traitor tracing schemes are presented.By detailed research on existing traitor tracing schemes,we found the reason why these schemes cannot satisfy fully collusion resistant property is the linear correlation in subscriber’s decryption keys.On the ground of this analysis,we proposed a fully collusion resistant public key traitor tracing scheme by using a new method that a subscriber’s decryption key is independent of others.A widely used method for constructing traitor tracing scheme in traitor tracing research is using polynomial in finite field.However,the most schemes constructed based on polynomial do not satisfy property of fully collusion resistance because users held a direct share(a point) of the polynomial as his/her decryption key.Based on this analysis,we proposed another fully collusion resistant public key traitor tracing scheme in which the Data Supplier gives each subscriber indirect information as his/her decryption key rather a direct share.2.Revocation as another important property in traitor tracing scheme is the second problem we researched.We focus on designing a fully revoke public key traitor tracing scheme because a traitor tracing scheme with fully revoke implies the completeness of broadcast encryption. After deep research,we presented a fully revoke public key traitor tracing scheme by using bilinear map.To implement the fully revoke,it is enough to update public key and the decryption keys of subscribers need not any change.3.Privacy is the third important problem we researched.So far,little attention has been paid on privacy in the research of traitor tracing.Existing traitor tracing schemes that gave an eye on privacy only focused on the anonymity of subscribers. That is how to prevent Data Supplier from learning the real identity of subscribers. However,the privacy of revoked subscribers should also be considered in traitor tracing research.At present,most proposed traitor tracing schemes have to give out the revoked subscriber’s or traitor’s identity information in order to revoke these subscribers.The same traitor tracing scheme constructed based on bilinear map as depicted above also implements the anonymity of traitors.About privacy,we also presented an anonymous fingerprinting scheme without third party.It provides simultaneously the protection of both the merchant’s copyright and the usres’ anonymity without the help of any third party.Moreover, this scheme is of asymmetry,unlinkability and non-repudiation.4.In addition,we presented an asymmetric public key traitor tracing scheme secure against chosen cipher attack.Further we proposed two broadcast encryption schemes,one is constructed based on ID-Based encryption with completeness,and the other is designed based on RSA encryption with completeness in which the storage overhead is minimal 1 and the translation overhead is independent of the number of subscribers.更多还原