黃冠寰Hwang, Gwan-Hwan黃鯤義Huang, Kun-Yih2024-12-172024-01-172024https://etds.lib.ntnu.edu.tw/thesis/detail/17094030debddf1fc68418386b99d93c/http://rportal.lib.ntnu.edu.tw/handle/20.500.12235/123743在大數據（big data）的網路時代，由於各種原因，無論是人為造成的或意外發生的情況，都可能導致有價值的資訊遭受損壞、竄改或竊取等危害。因此，確認各種活動或資訊交易的身份正確性，以及保障其內容、結果的安全性、以及日後追查稽核或即時稽核與驗證的相互不可否認性與可歸責性，成為大數據網路時代資訊安全的核心工作。公有區塊鏈（public blockchains）憑藉其去中心化的分散式架構，具有不可竄改性與透明性，透過共識協定使得網路節點能夠相互監督，進而達到資料的可信任性。然而，受限於區塊鏈高額礦工費與每秒交易筆數（TPS）的低限制，大量的資訊難以儲存於區塊鏈中。因此，本論文採用了Hwang等人提出的定位摩克樹（transaction positioned Merkle tree）[ 83, 97, 98, 100]作為存證的基礎技術。在對定位摩克樹的效能進行一般性測試之後，筆者選擇了兩個代表性的情境進行深入研究。第一項研究提出了雲端服務執行環境完整性即時稽核的架構，這不僅可以避免執行環境因遭攻擊、竄改或損壞所造成的意外，同時也能夠在系統運作時即時發現是否有遭受攻擊、竄改、遺失檔案或惡意軟體的植入，例如電腦病毒或木馬程式。第二項研究模擬了如何在真實人類情境中，利用定位摩克樹與公有區塊鏈，實現基於公有區塊鏈的自動給付與申訴賠償機制。結果證明了利用定位摩克樹的證據存證技術可以完全解決情境中的信任問題，且不受限於公有區塊鏈效能瓶頸。總結而言，本研究提供了一個具體而有效的方法，結合定位摩克樹與公有區塊鏈，以應對大數據網路時代資訊安全的挑戰。這些方法不僅具有實用性，同時突破了公有區塊鏈效能的桎梏。In the era of big data in the Internet, various factors, whether intentional or accidental, have led to valuable information being damaged, altered, or stolen. Therefore, ensuring the correctness of identities in various activities or information transactions, the security of their content and results, as well as the mutual non-repudiation and accountability of tracing or real-time auditing in the future, are the primary tasks of information security in the big data network era. Due to the decentralized and distributed architecture of public blockchains, which possess immutability and transparency, the network nodes can supervise each other through consensus protocols, thereby achieving data trustworthiness.However, due to the high transaction fees (miner fees) and the low transaction per second (TPS) of blockchains, a large amount of information cannot be attested on the blockchain. Therefore, this dissertation adopts the transaction positioned Merkle tree (tp-Merkle tree) [ 83, 97, 98, 100] proposed by Hwang et al. as the foundational technology for evidence preservation. After conducting general performance tests on the tp-Merkle Tree, the author chose two representative scenarios for in-depth research.The first study proposes an architecture for real-time auditing of the integrity of cloud service runtime environments. This can not only prevent accidents caused by attacks, tampering, or damage to the execution environment but also detect in real-time whether the system is under attack, being tampered with, has lost files, or has been implanted with malicious software, such as computer viruses or Trojan horses.The second study simulates how to implement an automatic payment and complaint compensation mechanism based on public blockchains and tp-Merkle trees in real human scenarios. The results demonstrate that the evidence preservation technology using tp-Merkle tree can completely solve trust issues in the scenario and is not limited by the performance bottleneck of public blockchains.In conclusion, these researches provide a concrete and effective method that combines tp-Merkle trees with public blockchains to manage and deal with the challenges of information security in the big data network era. These methods are not only practical but they also overcome the limitations of public blockchain.nonepublic blockchainsmart contractdecentralized data attestationtp-Merkle treecloud computingcloud auditingdecentralized auditingblockchain based automatic reward學術論文