本論文提出一套應用在雲端運算中，使階層式結構中群組間進行資料授權能夠簡單快速方法。本方法中，結構中群組有一把公開金鑰PK及私密金鑰SK，並且將群組私密金鑰SK，用直接上級群組公開金鑰加密產生公開參數R。利用直屬結構表公開各群組公開金鑰，相對公開參數R及直接上級群組等資訊。
群組會將資料用群組私密金鑰SK所導出的加密金鑰，加密該文件，並將其上傳至雲端中。當被授權的群組(即上級群組們)，則透過對直屬結構表中公開數值，遞迴路徑運算出該群組私密金鑰SK進而解密該資料。本論文所提機制亦與AKL、Lo-Hwang-Liu、Chu-Hsing Lin三位所提機制在多個面向(運作成員、效率、新成員加入及離開等)做比較，本論文具不用CA(Certificate Authority，憑證授權中心)、運算簡單、具當階層式結構擴大較少公開參數改變的優點。

This study proposes a simple and fast data authorization in hierarchical structure between groups for cloud computing. Within this method, each group in hierarchical organization gets a pair key, naming the public key ’PK’and the private key ‘SK’. The group use its direct ancestor groups’ public keys ’PK’ to encrypt its own private key ’SK’ to generate the open parameters R. All these parameters(public keys PK, open parameters R) and their relationship are to open public by using an open table called RAP (Relation-And-Parameter) table.
When comes to data encryption, groups derive the encryption key from its private key ‘SK’ by using a open function called F function, encrypt the files and upload them to the cloud. When the group is authorized (groups that are the ancestor groups’ ), they look the RAP table and find the path between his group and the authorized group, recursively computed the group’s private key ‘SK’ in the path, and finally use the F function to derive the decrypt encryption key. We also compared the proposed mechanisms with those by AKL, Lo-Hwang-Liu, and Chu-Hsing Lin in multiple faces like operation of member, efficiency, new members join and leave, etc.. As a result, the proposed one provides little CA (Certificate Authority), simple operation, fewer public parameters changes when come to a hierarchical structure expansion.

目錄
 第一章 緒論	1
1.1研究背景	1
1.2研究動機與目的	2
 第二章 相關文獻探討	5
2.1使用質數運算做階層式金鑰推論	5
2.2公開金鑰系統	6
2.2.1RSA公開金鑰密碼系統	6
2.2.2ElGamal公開金鑰密碼系統	7
2.3雲端運算	8
2.4相關研究	10
2.4.1Akl & Taylor所提機制	10
2.4.2Lo, Hwang & Liu等人所提機制	12
2.4.3 Chu-Hsinh Lin所提機制	16
 第三章 所提機制	19
3.1簡介	19
3.2研究架構	20
3.3系統流程	21
3.3.1基本運作	22
3.3.2系統啟始設定	23
3.3.3公開參數的產生	24
3.3.4下級加密金鑰推導程序	24
3.3.5加入新成員	27
3.3.6成員離開時	29
 第四章 相關階層式金鑰比較	32
4.1效率及安全性分析	32
4.1.1反向攻擊	32
4.1.2資料收集攻擊	32
4.1.3群組之間互相攻擊	33
4.1.4群組聯合攻擊	33
4.2 比較面向特點的說明	33
4.2.1 Akl & Taylor(1983)所提機制	33
4.2.2 Lo, Hwang & Liu等人所提機制	34
4.2.3 Chu-Hsinh Lin所提機制	35
 第五章 結論與建議	39
參考文獻	41

表目錄
表 2 1：Akl & Taylor所提機制-符號定義	10
表 2 2：Lo, Hwang & Liu等人所提機制-符號定義	12
表 2 3：Chu-Hsinh Lin所提機制-符號定義	16
表 3 1：本論文所提機制-符號定義	21
表 3 2：群組之間關係定義	22
表 3 3：直屬結構表(對圖3-1)	23
表 4 1：相關研究之比較功能表	37
表 4 2：組織內成員加入及離開比較表	38

圖目錄
圖 3 1：組織階層架構圖	20
圖 3 2：加入新成員-末端節點時(結構不變)	27
圖 3 3：加入新成員-末端節點時(結構改變)	28
圖 3 4：加入新成員-中間節點時	29
圖 3 5：成員離開-末端節點時(結構不變)	29
圖 3 6：成員離開-末端節點時(結構改變)	30
圖 3 7：成員離開時-中間節點時	31

參考文獻
[1]	Akl, S. G., & Taylor, P. D. (1983). Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems (TOCS), 1(3), 239-248.
[2]	Cacic, B. J., & Wei, R. (2007). Improving Indirect Key Management Scheme of Access Hierarchies. IJ Network Security, 4(2), 128-137.
[3]	Chen, H. Y. (2004). Efficient time-bound hierarchical key assignment scheme.Knowledge and Data Engineering, IEEE Transactions on, 16(10), 1301-1304.
[4]	Denning, D. E., Akl, S. G., Heckman, M., Lunt, T. F., Morgenstern, M., Neumann, P. G., & Schell, R. R. (1987). Views for multilevel database security. Software Engineering, IEEE Transactions on, (2), 129-140.
[5]	Diffie, W., & Hellman, M. E. (1976). New directions in cryptography.Information Theory, IEEE Transactions on, 22(6), 644-654.
[6]	ElGamal, T. (1985, January). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology (pp. 10-18). Springer Berlin Heidelberg.
[7]	Hwang, M. S., & Yang, W. P. (2003). Controlling access in large partially ordered hierarchies using cryptographic keys. Journal of Systems and Software, 67(2), 99-107.
[8]	Jaeger, T., & Schiffman, J. (2010). Outlook: Cloudy with a chance of security challenges and improvements. Security & Privacy, IEEE, 8(1), 77-80.
[9]	Lin, C. H. (1997). Dynamic key management schemes for access control in a hierarchy. Computer communications, 20(15), 1381-1385.
[10]	Lo, J. W., Hwang, M. S., & Liu, C. H. (2011). An efficient key assignment scheme for access control in a large leaf class hierarchy. Information Sciences, 181(4), 917-925.
[11]	MacKinnon, S. J., Taylor, P. D., Meijer, H., & Akl, S. G. (1985). An Optimal Algorithm for Assigning Cryptographic. IEEE Transactions on computers,100(34).
[12]	Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital  signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
[13]	Wang, Shyh-Yih, and Chi-Sung Laih. "Cryptanalysis of Hwang–Yang scheme for controlling access in large partially ordered hierarchies." Journal of Systems and Software 75.1 (2005): 189-192.
[14]	陳正鎔(2013年11月)。階層式金鑰產生之方法-以乘法反元素為研究基礎「2013企業架構與資訊科技國際研討會」