网络责任认定研究与实现
|
摘要
随着计算机技术、网络应用的发展,人们开始在虚拟世界中完成各种活动,如电子商务、政务、网络多媒体数字信息共享等。各种安全框架和软件为网络活动提供了良好的基础。在电子商务中,统一的、全国性的认证中心保障了电子商务安全。但是如果没有相应的基于认证中心的责任认定体系,当电子商务中出现造成损失的安全问题时,这些安全问题将难以解决,它会严重制约电子商务的发展。由于人们在网络中的行为难以有效的追踪,导致人们对网络的信任程度下降。网络欺诈和大量的虚假信息是互联网的另一问题。因此当前急切需要有效的责任认定技术来解决网络中遇到的这些问题。为保证互联网有序良好的发展,需要对网络世界中的责任认定技术做深入地研究。
本文围绕国内外与网络责任相关的研究做出分析总结,其主要贡献总结如下:
(1)通过分析和研究抗抵赖性、可审计性、可追溯性,以及电子认证、电子证据等一些关键技术,对广义的网络责任认定和狭义的责任认定内涵给予了阐述,并界定其外延。
(2)在研究了时间戳和证据保全技术的基础上,提出了电子见证协议。该协议为构建网络责任认定体系提供了一种可能的解决方案。
(3)针对具体的应用场景,提出了不同形式的责任认定框架。如电子商务中包含责任认定功能的安全交易模型、可追溯的网络内容发布体系、数字媒体版权保护方国。并对该框架做了部分验证性开发。
As the development of the computer technology and Internet, people begin to run all kinds of activities on the Internet, such as e-commerce, e-governance, digital multimedia online sharing and so on.. Security frameworks and software provide the foundation for Internet application. A unified national Certificate Authority (CA) provides security in e-commerce. If there is no responsibility cognizance technology based on the CA, it will be difficult to solve security problems which cause losses in e-commerce. It has seriously hampered the development of electronic commerce. The difficult to trace people’s activities in the network causes people to untrusting. Fraud and so many of false information are another problem of network. It urgently needs the effectively Responsibility Cognizance Technology to solve these problems. To ensure a orderly development of the Internet, we need to do some In-depth study about the Responsibility Cognizance technology based on web.
The dissertation studies the technology of the Responsibility Cognizance. The main contributions of the dissertation are summarized as follows:
(1)The conception of non-repudiation, auditability, accountability are given based on electronic authentication, electronic evidence, The definition for web-based Responsibility Cognizance is presented.
(2)A third-party witness method is proposed to perform the Responsibility Cognizance. By studying the time-stamp protocol and evidence-preservation this dissertation proposes a safety electronic witness protocol. It provides a possible solution for building a Responsibility Cognizance system.
(3) Some Responsibility Cognizance frameworks for different scenes, such as a security transaction model that include responsibility cognizance, the content delivery systems of auditability, security distribution method for digital works, are proposed. It also does some software development to validate these proposals.
本文围绕国内外与网络责任相关的研究做出分析总结,其主要贡献总结如下:
(1)通过分析和研究抗抵赖性、可审计性、可追溯性,以及电子认证、电子证据等一些关键技术,对广义的网络责任认定和狭义的责任认定内涵给予了阐述,并界定其外延。
(2)在研究了时间戳和证据保全技术的基础上,提出了电子见证协议。该协议为构建网络责任认定体系提供了一种可能的解决方案。
(3)针对具体的应用场景,提出了不同形式的责任认定框架。如电子商务中包含责任认定功能的安全交易模型、可追溯的网络内容发布体系、数字媒体版权保护方国。并对该框架做了部分验证性开发。
As the development of the computer technology and Internet, people begin to run all kinds of activities on the Internet, such as e-commerce, e-governance, digital multimedia online sharing and so on.. Security frameworks and software provide the foundation for Internet application. A unified national Certificate Authority (CA) provides security in e-commerce. If there is no responsibility cognizance technology based on the CA, it will be difficult to solve security problems which cause losses in e-commerce. It has seriously hampered the development of electronic commerce. The difficult to trace people’s activities in the network causes people to untrusting. Fraud and so many of false information are another problem of network. It urgently needs the effectively Responsibility Cognizance Technology to solve these problems. To ensure a orderly development of the Internet, we need to do some In-depth study about the Responsibility Cognizance technology based on web.
The dissertation studies the technology of the Responsibility Cognizance. The main contributions of the dissertation are summarized as follows:
(1)The conception of non-repudiation, auditability, accountability are given based on electronic authentication, electronic evidence, The definition for web-based Responsibility Cognizance is presented.
(2)A third-party witness method is proposed to perform the Responsibility Cognizance. By studying the time-stamp protocol and evidence-preservation this dissertation proposes a safety electronic witness protocol. It provides a possible solution for building a Responsibility Cognizance system.
(3) Some Responsibility Cognizance frameworks for different scenes, such as a security transaction model that include responsibility cognizance, the content delivery systems of auditability, security distribution method for digital works, are proposed. It also does some software development to validate these proposals.
引文
[1] Rajashekar Kailar, Accountability in Electronic Commerce Protocols, SOFTWARE ENGINEERING,1996, VOL. 22:313~328
[2] Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le, Accountability Logic for Mobile Payment Protocols,Information Technology:Coding and Computing,2004,Volume 1:40~44
[3] Bhattacharya,S.,Paul,R., Accountability Issues in Multihop Message Communication, Application-Specific Systems and Software Engineering and Technology,1999,24-27 March 1999:74~81
[4]Adrian McCullagh, William Caelli, Non-Repudiation in the Digital Environment, First Monday, August 2000,volume 5,number 8, http://firstmonday.org/issues/issue5_8/mccullagh/index.html.
[5]冯登国,这阳,这玉清,信息安全风险评估综述,通信学报,2004 ,25(07): 10~18
[6] CEN(European Committee for Standardization), CWA 14167-1 ,Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures, European : 2003
[7] Saikat Chakrabarti, Santosh Chandrasekhar, Kenneth L. Calvert and Mukesh Singhal, Efficient Blind Signatures for Accountability, Secure Network Protocols, 2007,16-16 Oct:1–6
[8] Xiaowei Yang, David Wetherall, Thomas Anderson, A DoS-limiting network architecture,Networking,2008,Volume PP:1~14
[9] A. Bender,N. Spring,D. Levin,et al, Accountability as a service, Workshop on Steps to Reducing Unwanted Traffic in the Internet (part of USENIX '07), June 2007 : 1~6
[10] Turcan, E., Graham, R.L., Getting the most from accountability in P2PPeer-to-Peer Computing,2001,27-29 ( Aug. 2001 ) :95~96
[11] Robinson, P.,Cook, N., Shrivastava, S., Implementing Fair Non-repudiable Interactions with Web Services EDOC Enterprise Computing Conference,2005,19-23 ( Sept. 2005 ) :195~206
[12] Crispo, B. ,Delegation Protocols for Electronic Commerce Computers and Communications, 2001,3-5 ( July 2001 ) :674~679
[13] Bo Meng, Huanguo Zhang, Research on Accountability in Electronic Transaction, Computer Supported Cooperative Work in Design, 2005,Volume 2,24-26 ( May 2005):745~749
[14] Schultz, R.D.,Cardenas, A.F.,An Approach and Mechanism for Auditable and TestableAdvanced Transaction Processing Systems Software Engineering, 1987,Volume SE-13, Issue 6, ( June 1987 Page)666~676
[15]全国人大会议,电子签名国, 2004年8月28日第国届全国人民代表大会常务委员会第国一次会议通过
[16] CEN(European Committee for Standardization),CWA 14170,Security requirements for signature creation applications, European : 2004
[17]王冬梅,试析网络权利及侵权责任认定,信息技术,2003,VOL.27 ( NO.11 Nov.2003 ): 82~84
[18] Omura, J.K.,A SMART CARD TO CREATE ELECTRONIC SIGNATURES Communications. ICC 89, 1989, vol.3 (11-14 June 1989):1160 - 1164
[19] Pisko, E., Mobile Electronic Signatures Progression from Mobile Service to Mobile Application Unit, Sixth International Conference on the Management of Mobile Business, 2007,9-11(July 2007):1~6
[20] Yi-Hsuan Hung, Constructing Auditing Rules from erp System A Business process flow Approach, Security Technology, 2003,14-16 (Oct. 2003):341~348
[21] CEN(European Committee for Standardization),CWA 14355-00,Guidelines for the implementation of Secure Signature-Creation Devices, European : 2004
[22] ISO/IEC,iso13888-1,Information technology - Security techniques - Non-repudiation - Part 1: General, ISO/IEC:1997.
[23] ISO/IEC,iso13888-2,Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques, ISO/IEC:1998
[24] ISO/IEC,iso13888-3,Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric techniques, ISO/IEC:1997.
[25]国家标准化管理委员会,GB/T 17903.1– 1999,信息技术安全技术抗抵赖第一部分:概述:1999
[26]国家标准化管理委员会,GB/T 17903.2– 1999,信息技术安全技术抗抵赖第二部分:使用对称技术的机制:1999
[27]国家标准化管理委员会,GB/T 17903.3– 1999,信息技术安全技术抗抵赖第三部分:使用非对称技术的机制:1999
[28] J. Zhou, D. Gollmann, A fair non-repudiation protocol Proceedings of 1996 IEEE Symposium on Security and Privacy,1996, 6-8 (May 1996): 55~61
[29] Seokwon Yang,Su, S.Y.W., Lam, H., A non-repudiation message transfer protocol for e-commerce, E-Commerce, 2003,24-27(June 2003):320~327
[30] Bo Meng, Qianxing Xiong, A Securely Fair Non-repudiation Protocol with TTP Load Lightly, The 8th International Conference on Computer Supported Cooperative Work in Design, 2004,Volume 2(26-28 May 2004):13~17
[31] Nenadic,A., Ning Zhang, Barton,S.A,Security Protocol for Certified E-Goods Delivery,Information Technology: Coding and Computing, 2004,Volume 1:22~28
[32] Sung woo Tak, Yugyung Lee, Eun Kyo Park, A Software Framework for Non-repudiation Service in Electronic Commerce based on the Internet ,Computer Communications and Networks, Oct. 2002:182~189
[33] Jianying Zhou,Gollmann, D,An Efficient Non-repudiation Protocol Computer Security Foundations Workshop, 10-12 June 1997:126 ~132
[34] European Telecommunication Standardization Institute , ETSI TS 101 733 V1.7.3,CMS Advanced Electronic Signatures:(2007-01)
[35] American Bar Association Section of Science and Technology Information Security Committee, Digital Signature Guidelines. August 1996. http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html
[36] Internet Engineering Task Force.IETF,RFC3161,Time-Stamp Protocol : August 2001
[37] Organization for the Advancement of Structured Information Standards. OASIS,XML Time stamping Profile of the OASIS Digital Signature Services,11 April 2007
[38]赵妤,P2P技术引发的互联网版权侵权的国律适用问题,[硕士学位论文],大连:大连海事大学,2006
[39] European Telecommunication Standardization Institute. ETSI,TS 102 023 V1.2.1,Technical Specification Electronic Signatures and Infrastructures (ESI);Policy requirements for time-stamping authorities : (2003-01)
[40] CEN(European Committee for Standardization),CWA 14172-8,EESSI Conformity Assessment Guidance - Part 8: Time-stamping Authority services and processes, European : 2004-Mar
[41] Bruce Schneier著吴世忠等译,应用密码学,机械工业出版社出版: 345~360
[42]王勇,朱方金,史清华,PKI中数字时间戳技术,大连理工大学学报,2003.10,Vol43 S1 : 27~29
[43]陈开渠,国国制时间戳协议,中国科学院研究生院学报,2001,12 ,Vol.18 No. 2 : 144~148
[44]这亚玲禹勇王晓峰等,基于RSA签名的安全数字时间戳方案,计算应用,2005, Vol. 25 No.2 : 381~389
[45]这科伟,唐晓波,时间戳协议研究,计算机应用研究,2004,第10期:100~103
[46]这少平,胡宝霞,一种基于轮的数字时间戳研究与实现,哈尔滨理工大学学报,2005年4月,Vol. 10 No. 2 : 4~7
[47]覃俊,康立山,陈毓屏等,电子文档时间戳的分布式时间链安全协议,计算机应用研究,2004,第3期: 211~213
[48]刘军,吴贵臣,翁亮,安全电子时间戳系统的设计方案,通信学报,2003,第24卷第2期: 64~70
[49]戴宝峰,崔少辉,王岩,基于IEEE1588协议的时间戳的生成与分析仪表技术,2007年第7期: 15~17
[50]任秋娟,马瑛杰,论p2p引发的版权侵权责任认定,山东审判,2006,第3期,第22卷总第170期: 90~94
[51]吴亚丽,这敏瑞,数字图像水印技术综述,现代电子技术,2007,第21期总第260期: 81~84
[52]赵翔,数字签名综述,计算机工程与设计,2006,第27卷第2期: 195~197
[53]涂燕琼,贾昔玲,数字水印技术综述,科技情报开发与经济,2006,第16卷第12期: 143~145
[54]全国人民代表大会常务委员会,中华人民共和国档案国,1987年9月5日通过,1996年7月5日修正
[55]国家档案局,中华人民共和国档案国实施办国,1990年11月19日
[56]国家档案局,电子文件归档与电子档案管理办国,2005年6月14日
[57]国家质量监督检验检疫总局,GB / T18894—2002,电子文件归档与管理规范: 2002
[58]潘嘉玮,电子商务第三方的国律地位潘嘉玮,学术研究,2002,第4期: 74~80
[59]中华人民共和国公安部,计算机信息网络国国联网安全保护管理办国,1997年12月30日
[60]杨姝毅,我国电子证据立国若干问题研究,[硕士学位论文],厦门:厦门大学,2006
[61]鲍怡莉,P2P技术条件下著作权保护问题研究,[硕士学位论文],北京:北京工商大学,2006
[62]王新昌,杨艳,刘育楠,一种基于局域网络监控日志的安全审计系统,计算机应用,2007,第27卷第2期:292~294
[63]吴小强,邱菀华,基于可信第三方的电子商务在线审计研究,商业研究,2007,第11期总第367期: 185~188
[64]刘海龙,PKI及可信电子签名系统的研究,[博士学位论文],北京:北京航空航天大学,2003
[65] RSA Laboratories,PKCS7#,Cryptographic Message Syntax Standard, America: RSA Laboratories November 1, 1993
[2] Supakorn Kungpisdan, Bala Srinivasan, Phu Dung Le, Accountability Logic for Mobile Payment Protocols,Information Technology:Coding and Computing,2004,Volume 1:40~44
[3] Bhattacharya,S.,Paul,R., Accountability Issues in Multihop Message Communication, Application-Specific Systems and Software Engineering and Technology,1999,24-27 March 1999:74~81
[4]Adrian McCullagh, William Caelli, Non-Repudiation in the Digital Environment, First Monday, August 2000,volume 5,number 8, http://firstmonday.org/issues/issue5_8/mccullagh/index.html.
[5]冯登国,这阳,这玉清,信息安全风险评估综述,通信学报,2004 ,25(07): 10~18
[6] CEN(European Committee for Standardization), CWA 14167-1 ,Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures, European : 2003
[7] Saikat Chakrabarti, Santosh Chandrasekhar, Kenneth L. Calvert and Mukesh Singhal, Efficient Blind Signatures for Accountability, Secure Network Protocols, 2007,16-16 Oct:1–6
[8] Xiaowei Yang, David Wetherall, Thomas Anderson, A DoS-limiting network architecture,Networking,2008,Volume PP:1~14
[9] A. Bender,N. Spring,D. Levin,et al, Accountability as a service, Workshop on Steps to Reducing Unwanted Traffic in the Internet (part of USENIX '07), June 2007 : 1~6
[10] Turcan, E., Graham, R.L., Getting the most from accountability in P2PPeer-to-Peer Computing,2001,27-29 ( Aug. 2001 ) :95~96
[11] Robinson, P.,Cook, N., Shrivastava, S., Implementing Fair Non-repudiable Interactions with Web Services EDOC Enterprise Computing Conference,2005,19-23 ( Sept. 2005 ) :195~206
[12] Crispo, B. ,Delegation Protocols for Electronic Commerce Computers and Communications, 2001,3-5 ( July 2001 ) :674~679
[13] Bo Meng, Huanguo Zhang, Research on Accountability in Electronic Transaction, Computer Supported Cooperative Work in Design, 2005,Volume 2,24-26 ( May 2005):745~749
[14] Schultz, R.D.,Cardenas, A.F.,An Approach and Mechanism for Auditable and TestableAdvanced Transaction Processing Systems Software Engineering, 1987,Volume SE-13, Issue 6, ( June 1987 Page)666~676
[15]全国人大会议,电子签名国, 2004年8月28日第国届全国人民代表大会常务委员会第国一次会议通过
[16] CEN(European Committee for Standardization),CWA 14170,Security requirements for signature creation applications, European : 2004
[17]王冬梅,试析网络权利及侵权责任认定,信息技术,2003,VOL.27 ( NO.11 Nov.2003 ): 82~84
[18] Omura, J.K.,A SMART CARD TO CREATE ELECTRONIC SIGNATURES Communications. ICC 89, 1989, vol.3 (11-14 June 1989):1160 - 1164
[19] Pisko, E., Mobile Electronic Signatures Progression from Mobile Service to Mobile Application Unit, Sixth International Conference on the Management of Mobile Business, 2007,9-11(July 2007):1~6
[20] Yi-Hsuan Hung, Constructing Auditing Rules from erp System A Business process flow Approach, Security Technology, 2003,14-16 (Oct. 2003):341~348
[21] CEN(European Committee for Standardization),CWA 14355-00,Guidelines for the implementation of Secure Signature-Creation Devices, European : 2004
[22] ISO/IEC,iso13888-1,Information technology - Security techniques - Non-repudiation - Part 1: General, ISO/IEC:1997.
[23] ISO/IEC,iso13888-2,Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques, ISO/IEC:1998
[24] ISO/IEC,iso13888-3,Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric techniques, ISO/IEC:1997.
[25]国家标准化管理委员会,GB/T 17903.1– 1999,信息技术安全技术抗抵赖第一部分:概述:1999
[26]国家标准化管理委员会,GB/T 17903.2– 1999,信息技术安全技术抗抵赖第二部分:使用对称技术的机制:1999
[27]国家标准化管理委员会,GB/T 17903.3– 1999,信息技术安全技术抗抵赖第三部分:使用非对称技术的机制:1999
[28] J. Zhou, D. Gollmann, A fair non-repudiation protocol Proceedings of 1996 IEEE Symposium on Security and Privacy,1996, 6-8 (May 1996): 55~61
[29] Seokwon Yang,Su, S.Y.W., Lam, H., A non-repudiation message transfer protocol for e-commerce, E-Commerce, 2003,24-27(June 2003):320~327
[30] Bo Meng, Qianxing Xiong, A Securely Fair Non-repudiation Protocol with TTP Load Lightly, The 8th International Conference on Computer Supported Cooperative Work in Design, 2004,Volume 2(26-28 May 2004):13~17
[31] Nenadic,A., Ning Zhang, Barton,S.A,Security Protocol for Certified E-Goods Delivery,Information Technology: Coding and Computing, 2004,Volume 1:22~28
[32] Sung woo Tak, Yugyung Lee, Eun Kyo Park, A Software Framework for Non-repudiation Service in Electronic Commerce based on the Internet ,Computer Communications and Networks, Oct. 2002:182~189
[33] Jianying Zhou,Gollmann, D,An Efficient Non-repudiation Protocol Computer Security Foundations Workshop, 10-12 June 1997:126 ~132
[34] European Telecommunication Standardization Institute , ETSI TS 101 733 V1.7.3,CMS Advanced Electronic Signatures:(2007-01)
[35] American Bar Association Section of Science and Technology Information Security Committee, Digital Signature Guidelines. August 1996. http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html
[36] Internet Engineering Task Force.IETF,RFC3161,Time-Stamp Protocol : August 2001
[37] Organization for the Advancement of Structured Information Standards. OASIS,XML Time stamping Profile of the OASIS Digital Signature Services,11 April 2007
[38]赵妤,P2P技术引发的互联网版权侵权的国律适用问题,[硕士学位论文],大连:大连海事大学,2006
[39] European Telecommunication Standardization Institute. ETSI,TS 102 023 V1.2.1,Technical Specification Electronic Signatures and Infrastructures (ESI);Policy requirements for time-stamping authorities : (2003-01)
[40] CEN(European Committee for Standardization),CWA 14172-8,EESSI Conformity Assessment Guidance - Part 8: Time-stamping Authority services and processes, European : 2004-Mar
[41] Bruce Schneier著吴世忠等译,应用密码学,机械工业出版社出版: 345~360
[42]王勇,朱方金,史清华,PKI中数字时间戳技术,大连理工大学学报,2003.10,Vol43 S1 : 27~29
[43]陈开渠,国国制时间戳协议,中国科学院研究生院学报,2001,12 ,Vol.18 No. 2 : 144~148
[44]这亚玲禹勇王晓峰等,基于RSA签名的安全数字时间戳方案,计算应用,2005, Vol. 25 No.2 : 381~389
[45]这科伟,唐晓波,时间戳协议研究,计算机应用研究,2004,第10期:100~103
[46]这少平,胡宝霞,一种基于轮的数字时间戳研究与实现,哈尔滨理工大学学报,2005年4月,Vol. 10 No. 2 : 4~7
[47]覃俊,康立山,陈毓屏等,电子文档时间戳的分布式时间链安全协议,计算机应用研究,2004,第3期: 211~213
[48]刘军,吴贵臣,翁亮,安全电子时间戳系统的设计方案,通信学报,2003,第24卷第2期: 64~70
[49]戴宝峰,崔少辉,王岩,基于IEEE1588协议的时间戳的生成与分析仪表技术,2007年第7期: 15~17
[50]任秋娟,马瑛杰,论p2p引发的版权侵权责任认定,山东审判,2006,第3期,第22卷总第170期: 90~94
[51]吴亚丽,这敏瑞,数字图像水印技术综述,现代电子技术,2007,第21期总第260期: 81~84
[52]赵翔,数字签名综述,计算机工程与设计,2006,第27卷第2期: 195~197
[53]涂燕琼,贾昔玲,数字水印技术综述,科技情报开发与经济,2006,第16卷第12期: 143~145
[54]全国人民代表大会常务委员会,中华人民共和国档案国,1987年9月5日通过,1996年7月5日修正
[55]国家档案局,中华人民共和国档案国实施办国,1990年11月19日
[56]国家档案局,电子文件归档与电子档案管理办国,2005年6月14日
[57]国家质量监督检验检疫总局,GB / T18894—2002,电子文件归档与管理规范: 2002
[58]潘嘉玮,电子商务第三方的国律地位潘嘉玮,学术研究,2002,第4期: 74~80
[59]中华人民共和国公安部,计算机信息网络国国联网安全保护管理办国,1997年12月30日
[60]杨姝毅,我国电子证据立国若干问题研究,[硕士学位论文],厦门:厦门大学,2006
[61]鲍怡莉,P2P技术条件下著作权保护问题研究,[硕士学位论文],北京:北京工商大学,2006
[62]王新昌,杨艳,刘育楠,一种基于局域网络监控日志的安全审计系统,计算机应用,2007,第27卷第2期:292~294
[63]吴小强,邱菀华,基于可信第三方的电子商务在线审计研究,商业研究,2007,第11期总第367期: 185~188
[64]刘海龙,PKI及可信电子签名系统的研究,[博士学位论文],北京:北京航空航天大学,2003
[65] RSA Laboratories,PKCS7#,Cryptographic Message Syntax Standard, America: RSA Laboratories November 1, 1993