臺灣博碩士論文加值系統

本研究主旨在現有傳統環境中，顧客要在不同銀行開戶時都需要填寫許多類似表格的資料，因此造成許多顧客的不悅以致成為銀行在招攬客戶時的阻礙，而在區塊鏈的幫助之下，此類資料可以進行仔細的資料分類後，將某些固定的客戶資料進行「跨銀行分享」節省顧客及銀行的時間、人力成本。基於區塊鏈的三大特性：一、分散式帳本；二、不可竄改性；三、智慧合約，滿足本研究的快速開戶系統的「完整性、安全性、自動化」。本研究將顧客的資料透過智慧合約，紀錄在銀行間的區塊鏈分散式帳本上，並透過Zero-Knowledge Proof的驗證機制，得以安全的搜尋以及證明其用戶的正確性。本論文將客戶的開戶資料透過IPFS，安全的儲存在分散式資料庫，進而跨銀行分享資料。最終在本論文最後將本研究與其他論文以及現有網路銀行做效能比較。證實本研究在分散式資料庫分享客戶開戶資料，效能上優越於其他現有網路銀行。並探討以現有攻擊手法套入本研究情境，在最後章節做完整的安全性分析。使金融科技結合區塊鏈實現本研究之安全快速開戶系統。

The purpose of this study provide customers with many similar forms of information when opening accounts in different banks of the existing traditional financial environment. As a result, the dissatisfaction of many customers has become a hindrance to banks in attracting customers, with the blockchain. Such information can be carefully classified to share "information across the bank" to save customer and bank time and labor costs for certain fixed customer data. Based on the three feature of the blockchain: First, distributed ledger; Second, Incorruptible; Third, the smart contract, to meet the "integrity, security, automation" of the rapid account opening system of this study. In this thesis, the customer's data was recorded on the blockchain decentralized ledger of the bank through the smart contract, and through Zero-Knowledge Proof's verification mechanism was used to securely search and prove the correctness of the user. In addition, the system stores the customer's account opening information through the IPFS (InterPlanetary File System), and therefore can securely shares the information in a decentralized database across banks. Through relevant analyses and experiments, this study can confirm that when customer account information is shared in a decentralized database, the proposed system cannot only better than existing online banking of the performance, but also greatly improve the security of the proposed rapid account opening system.

Abstract II
Contents III
List of Figures VI
List of Tables VIII
Chapter 1 Introduction 1
1.1 Background 1
1.2 Research Motivation 2
1.3 Research Purposes 3
1.4 Thesis Organization 4
Chapter 2 Related Work 5
2.1 Blockchain Technology Background 5
2.1.1 Public-key Cryptography 5
2.1.2 Hash Function 7
2.1.3 Merkle Tree 8
2.1.4 P2P Network 9
2.2 Blockchain Architecture 11
2.2.1 Block 11
2.2.2 Mining 12
2.2.3 Ledger 12
2.2.4 Consensus 12
2.3 Blockchain characteristics 14
2.3.1 Decentralization 14
2.3.2 Anti-Tampering 15
2.3.3 Anonymity 15
2.4 Famous blockchain platform 16
2.4.1 Bitcoin 16
2.4.2 Ethereum 17
2.4.3 HyperLedger Fabric 20
2.4.4 Discussion on blockchain security 22
2.5 Blockchain Technology Application 23
2.5.1 DLT 23
2.5.3 DApp 25
2.5.3 Zcash 26
2.6 Fintech 28
2.6.1 Online Banking 28
2.6.2 KYC 29
Chapter 3 Proposed Architecture and Mechanism 31
3.1 Research Architecture 31
3.2 Proposed Method 32
3.2.1 Rapid Account Opening Scenario of Centralized Database 33
3.2.2 Rapid Account Opening Scenario of Decentralized Database 34
3.2.3 Zero-knowledge Proof Based Searching Scheme 36
3.2.4 Smart Contract Algorithm for Rapid Account Opening 37
3.2.5 Process Flow for Blockchain-Based Rapid Account Opening 39
Chapter 4 Evaluation and Analysis 43
4.1 Blockchain System Construction 43
4.1.1 Private Chain Construction 43
4.1.2 IPFS Construction 46
4.2 Rapid Account Opening System Implementation 50
4.2.1 System Development 50
4.2.2 System Evaluation 53
4.2.3 Verification Time Comparison 54
4.2.4 Security Analysis 56
Chapter 5 Conclusion 60
Bibliography 61

 
List of Figures

Fig. 2.1.1: Public-key Cryptography 6
Fig. 2.1.2: Hash Function Encryption Process 8
Fig. 2.1.3: Merkle Tree 8
Fig. 2.1.4: Mekle Tree Transaction Hash Value 9
Fig. 2.1.5: Server-Based and P2P-Network 10
Fig. 2.1.6: Centralization and Decentralization 11
Fig. 2.2.1: The Process of Block 11
Fig. 2.2.2: The Ledger of Blockchain 12
Fig. 2.3.1: Decentralization 14
Fig. 2.3.2: Anti-Tampering 15
Fig. 2.4.1: Bitcoin 17
Fig. 2.4.2: Ethereum 19
Fig. 2.4.3: Hyperledger 21
Fig. 3.1:　　Rapid Account Opening System Architecture 32
Fig. 3.2.1: Rapid Account Opening Scenario of Centralized Database 34
Fig. 3.2.2: Rapid Account Opening Scenario of Decentralized Database 36
Fig. 3.2.3: Zero-knowledge Proof Based Searching Scheme 37
Fig. 3.2.4: Rapid Account Opening Algorithm 39
Fig. 3.2.5: Process Flow for Blockchain-Based Rapid Account Opening 42
Fig. 4.1.1: Genesis Block Construction 43
Fig. 4.1.2: Initialize the Private Chain 44
Fig. 4.1.3: Rapid Account Opening System is Setup on This Small Private Chain 44
Fig. 4.1.4: Ethereum Explorer 45
Fig. 4.1.5: Ethereum Network Status 46
Fig. 4.1.6: IPFS Node Status 47
Fig. 4.1.7: Launching IPFS Node 47
Fig. 4.1.8: The KYC Information Stored in IPFS 48
Fig. 4.1.9: Check The KYC File on IPFS 49
Fig. 4.2.1: Opening Account at The First Bank 50
Fig. 4.2.2: Create Customer Personal Information 51
Fig. 4.2.3: The Second Bank Searches for The Existence of The Customer 51
Fig. 4.2.4: Send a Request to The First Bank 52
Fig. 4.2.5: The First Bank Saw The Request from The Second Bank and Verify 52
Fig. 4.2.6: The Second Bank Receives Information 53
Fig. 4.2.7: Identity Verification Failure 53
Fig. 4.2.8: Verification Time Comparison 55


 
List of Tables
Table 1: Methods Comparison 54

Bibliography
[1]Dong He et al., “Fintech and Financial Services: Initial Considerations,” International Monetary Fund, 2017.
[2]Marko Jakšič1 and Matej Marinč2, “The Future of Banking: The Role of Information Technology,” Forthcoming in Bančni vestnik: Banging Scetor at the Crossroads: Challenges for the Future,2015.
[3]Hoang Giang Do and Wee Keong Ng, “Blockchain-Based System for Secure Data Storage with Private Keyword Search,” 2017 IEEE World Congress on Services (SERVICES), 2017, pp. 90 - 93.
[4]Prakash Chandra Mondal, Rupam Deb, and Mohammad Nurul Huda, “Know Your Customer (KYC) Based Authentication Method for Financial Services through the Internet,” 2016 19th International Conference on Computer and Information Technology (ICCIT), 2016, pp. 535 - 540.
[5]Prakash Chandra Mondal, Rupam Deb, and Mohammad Nurul Huda, “Transaction Authorization from Know Your Customer (KYC) Information in Online Banking,” 2016 9th International Conference on Electrical and Computer Engineering (ICECE), 2016, pp. 523 - 526.
[6]Martin Schaffer and Peter Schartner, “Anonymous Authentication with Optional Shared Anonymity Revocation and Linkability,” International Conference on Smart Card Research and Advanced Applications, 2006, pp. 206-221
[7]Ilya Sukhodolskiy and Sergey Zapechnikov, “A Blockchain-Based Access Control System for Cloud Storage,” 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering, 2018, pp. 1575 - 1578.
[8]Debiao He et al., “Certificateless Public Key Authenticated Encryption with Keyword Search for Industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, 2017, pp. 3618 – 3627.
[9]Hironao Takahashi, Shinji Nakano, and Uzair Lakhani, “SHA256d Hash Rate Enhancement by L3 Cache,” 2018 IEEE 7th Global Conference on Consumer Electronics (GCCE), 2018, pp. 849 – 850.
[10]Pinyaphat Tasatanattakool and Chian Techapanupreeda, “Blockchain: Challenges and Applications” 2018 International Conference on Information Networking (ICOIN), 2018, pp. 473 – 475.
[11]Qi Liu and Kenli Li, “Decentration Transaction Method Based on Blockchain Technology,” 2018 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), 2018, pp. 416 - 419.
[12]Yongle Chen, Hui Li, Kejiao Li, and Jiyang Zhang, “An Improved P2P File System Scheme Based on IPFS and Blockchain,” 2017 IEEE International Conference on Big Data (Big Data), 2017, pp. 2652 - 2657.
[13]Michele D'Aliessi, ”How Does the Blockchain Work? ,” https://medium.com/s/story/how-does-the-blockchain-work-98c8cd01d2ae, 2016.
[14]Ari Juels and Burton S. Kaliski Jr, “PORs: Proofs of Retrievability for Large Files,” in Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 584-597.
[15]Satoshi Nakamoto, “Bitcoin: A Peer-to-peer Electronic Cash System,” https://bitcoin.org/bitcoin.pdf, 2008.
[16]Gavin Wood, “Ethereum: A Secure Decentralized Generalized Transaction ledger,” Ethereum Project Yellow Paper, 2014.
[17]Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli, “A Survey of Attacks on Ethereum Smart Contracts,” International Conference on Principles of Security and Trust, pp. 164-186, 2017.
[18]Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia, “Dissecting Ponzi Schemes on Ethereum: Identification, Analysis, and Impact,” arXiv preprint, 2017.
[19]Elli Androulaki et al., “Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains,” EuroSys 2018 conference, 2018.
[20] Mohammad Wazid, Sherali Zeadally, and Ashok Kumar Das, “Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions,” IEEE Consumer Electronics Magazine, vol. 8, no. 2, 2019, pp. 56 - 60.
[21]Jiin-Chiou Cheng et al., “Blockchain and Smart Contract for Digital Certificate,” 2018 IEEE International Conference on Applied System Invention (ICASI), 2018, pp. 1046 - 1051.
[22]Woo Young Moon and Soo Dong Kim, “A Payment Mediation Platform for Heterogeneous FinTech Schemes,” 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), 2016, pp. 511 - 516.
[23]Sara Rouhani and Ralph Deters, “Performance Analysis of Ethereum Transactions in Private Blockchain,” 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 70 - 74.
[24]Eli Ben Sasson et al., “Zerocash: Decentralized Anonymous Payments from Bitcoin”, 2014 IEEE Symposium on Security and Privacy, 2014, pp. 459 - 474.
[25]Chun I Fan et al., “Anonymous Credential Scheme Supporting Active Revocation,” 2014 Ninth Asia Joint Conference on Information Security, 29 January, 2014, pp. 127 - 132.
[26]Ruhui Ma et al., “EnDAS: Efficient Encrypted Data Search as a Mobile Cloud Service,” IEEE Transactions on Emerging Topics in Computing, vol. 3, no. 3, 12 June, 2015, pp. 372 - 383.
[27]Jiazhi Li and Lei Zhang, “Attribute-Based Keyword Search and Data Access Control in Cloud,” 2014 Tenth International Conference on Computational Intelligence and Security, 2014, pp. 382 - 386.
[28] Zhiquan Lv, Min Zhang, and Dengguo Feng, “Multi-User Searchable Encryption with Efficient Access Control for Cloud Storage,” 2014 IEEE 6th International Conference on Cloud Computing Technology and Science, 2014, pp. 366 - 373.
[29]Zhirong Shen, Jiwu Shu, and Wei Xue, “Keyword Search With Access Control Over Encrypted Cloud Data,” IEEE Sensors Journal, vol. 17, no. 3, 2016, pp. 858 - 868.
[30]Qiang Tang “Nothing is for Free: Security in Searching Shared and Encrypted Data,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 11, 2014, pp. 1943 - 1952.
[31]Yong Ho Hwang et al., “Encrypted Keyword Search Mechanism Based on Bitmap Index for Personal Storage Services,” 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 2014, pp. 140 - 147.
[32]Jian Li, Ruhui Ma, and Haibing Guan, “TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud,” IEEE Transactions on Cloud Computing, vol. 5, no. 1, 2015, pp. 126 - 139.
[33] Ence Zhou et al., “Security Assurance for Smart Contract,” 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2018, pp. 2157-4960.
[34] Yao Ma and Jinjuan Feng, “Evaluating Usability of Three Authentication Methods in Web-Based Application,” 2011 Ninth International Conference on Software Engineering Research, Management and Applications, 2011, pp. 978 – 1028.