本研究提出了一個具機密性與身份認證之即時資訊分享系統，旨在透過結合前端框架 Vue.js 與後端框架 Spring Boot ，提供安全且高效率的通訊協定與應用功能。隨著資訊科技的迅速發展，即時通訊與檔案傳輸工具已成為人們日常生活與工作中的重要部分。然而，現有的檔案儲存網站如Google Drive、OneDrive與Dropbox雖提供便捷的檔案共享功能，但在使用者登入過程中仍存在顯著侷限性，即時通訊系統在資料機密性與身份認證方面也存在安全隱患。
為解決上述問題，本研究設計並實作了一種基於多方 Diffie-Hellman 密鑰交換算法與 AES-GCM 對稱加密技術的演算法。多方Diffie-Hellman 算法用於安全地產生與交換密鑰，確保訊息在多人聊天室及傳輸過程中的機密性與完整性；AES-GCM 技術則提供高效率的資料加密與完整性驗證。除此之外，系統的基礎登入登出功能採用了 Spring Security 與 JSON Web Token (JWT) 進行身份認證與授權管理，確保只有合法使用者能夠存取特定的資源，這些安全措施有效的防止未經授權的存取與資料篡改。
系統利用Vue.js與Spring Boot框架進行建構，採用前後端分離的架構設計。前端使用 Vue.js 框架提供了動態且響應迅速的使用者介面，並透過 Web Worker 技術提升大容量檔案上傳的效能。後端則使用 Spring Boot 框架，負責處理業務邏輯與資料庫的交互，並確保服務的高效能與安全運行。系統功能模塊包括檔案上傳與下載、即時聊天、佈告欄與作業版功能，滿足了使用者對安全性與便利性的需求。
實驗結果表明，該系統在資料加密、身份驗證與使用者體驗方面均達到了預期目標，為實現安全的即時資訊分享提供了一個可行的解決方案。此系統不僅適用於教育領域的師生交流，亦可廣泛應用於其他需要高安全性即時通訊的場景。

This research proposes and implements a real-time information sharing system with confidentiality and identity authentication, combining the front-end framework Vue.js and the back-end framework Spring Boot to provide secure and efficient communication protocols and application functionalities. With the rapid advancement of information technology, real-time communication and file transfer tools have become an essential part of daily life and work. However, existing file storage websites such as Google Drive, OneDrive, and Dropbox, while providing convenient file sharing features, still have significant limitations during the user login process. Additionally, real-time communication systems face security risks regarding data confidentiality and identity authentication.
To address these issues, this study designs and implements a method based on the Diffie-Hellman key exchange algorithm and AES-GCM symmetric encryption technology. The Diffie-Hellman algorithm is used to securely generate and exchange encryption keys, ensuring the confidentiality of messages during transmission. The AES-GCM technology provides efficient data encryption and integrity verification. Moreover, the system employs Spring Security and JSON Web Token (JWT) for identity authentication and authorization management, ensuring that only authorized users can access specific resources. These security measures effectively prevent unauthorized access and data tampering.
The system is constructed using the Vue.js and Spring Boot frameworks, adopting a front-end and back-end separation architecture. The front end uses the Vue.js framework to provide a dynamic and responsive user interface, enhancing the efficiency of large file uploads through Web Worker technology. The back end employs the Spring Boot framework to handle business logic and database interactions, ensuring high performance and secure operation of the services. The system's functional modules include file uploading and downloading, real-time chatting, bulletin board, and assignment module features, meeting users' needs for security and convenience.
Experimental results demonstrate that the system achieves the expected goals in terms of data encryption, identity authentication, and user experience, providing a viable solution for secure real-time information sharing. This system is not only suitable for teacher-student interactions in the educational field but also widely applicable to other scenarios requiring high-security real-time communication.

摘要...i
Abstract...ii
誌謝...iv
目錄...v
表目錄...vii
圖目錄...viii
第一章 緒論...1
1.1 研究背景與動機...1
1.2 研究目的...2
1.3 研究範圍與限制...3
1.4 研究架構與流程...4
1.4.1 研究架構...4
1.4.2 研究流程...4
第二章 文獻探討...6
2.1 聊天室與即時通訊技術概述...6
2.1.1 聊天室概述...6
2.1.2 即時通訊技術概述...6
2.2 加密技術概述...8
2.2.1 對稱式加密(Symmetric Encryption)...9
2.2.2 非對稱式加密(Asymmetric Cryptography)...10
2.2.3 AES-GCM對稱加密算法...11
2.3 Diffie-Hellman密鑰交換算法...12
2.4 前後端技術開發相關概述...13
2.4.1 Vue.js框架概述...13
2.4.2 Web Worker API概述...14
2.4.3 Spring Boot框架概述...15
2.4.4 IPFS(Inter Planetary File System)檔案儲存系統概述...15
2.4.5 JWT技術概述...16
第三章 研究方法...18
3.1 研究架構與軟體框架...18
3.1.1 前端技術選擇...18
3.1.2 伺服器與性能優化...18
3.1.3 後端技術選擇...18
3.1.4 資料庫設計...19
3.1.5 檔案存取與加密技術...19
3.1.6 架構設計與使用者體驗...19
3.2 系統設計...20
3.2.1 系統技術架構...20
3.2.2 系統模組...20
3.3 功能模塊設計...21
3.3.1 即時資訊分享模塊...21
3.3.2 即時聊天模塊...23
3.3.3 佈告欄模塊...24
3.3.4 作業板模塊...26
3.4 使用案例...26
3.5 預期成效與驗證方法...29
第四章 系統設計與實作...31
4.1 系統架構環境...31
4.2 系統架構設計...31
4.2.1 系統架構...31
4.2.2 前端架構設計...32
4.2.3 後端架構設計...33
4.2.4 安全架構設計...34
4.2.5 系統整合...35
4.3 資料庫設計...35
4.4 加密技術的實施...42
4.4.1 Diffie-Hellman密鑰交換算法...42
4.4.2 AES-GCM 對稱加密算法...43
4.5 功能模塊的實作與展示...44
4.5.1 登入功能展示...44
4.5.2 即時資訊分享模塊...47
4.5.3 即時聊天模塊...53
4.5.4 佈告欄與作業版模塊...58
4.6 實驗設計與測試...68
4.6.1 實驗設計...68
4.6.2 實驗測試...70
第五章 結論與建議...71
5.1 結論...71
5.2 建議...72
參考文獻...73
Extended Abstract...76

英文文獻
[1] Bidgoli, H. (2004). Computer Literacy. The Internet Encyclopedia/Bidgoli, H.(Ed.). Hoboken: John Wiley & Sons, Inc, 1(1), 229-241.
[2] Mubarak, A. R., Rohde, A., & Pakulski, P. (2009). The social benefits of online chat rooms for university students: An explorative study. Journal of higher education policy and management, 31(2), 161-174.
[3] Shuang, K., & Feng, K. (2013). Research on Server Push Methods in Web Browser based Instant Messaging Applications. J. Softw., 8(10), 2644-2651.
[4] Wang, V., Salim, F., Moskovits, P., Wang, V., Salim, F., & Moskovits, P. (2013). Building Instant Messaging and Chat over WebSocket with XMPP. The Definitive Guide to HTML5 WebSocket, 61-83.
[5] Thambiraja, E., Ramesh, G., & Umarani, D. R. (2012). A survey on various most common encryption techniques. International journal of advanced research in computer science and software engineering, 2(7).
[6] Caffery, L. J., & Smith, A. C. (2010). A transmission security framework for email-based telemedicine. In Global Telehealth (pp. 35-48). IOS Press.
[7] Rathidevi, M., Yaminipriya, R., & Sudha, S. V. (2017, March). Trends of cryptography stepping from ancient to modern. In 2017 International Conference on Innovations in Green Energy and Healthcare Technologies (IGEHT) (pp. 1-9). IEEE.
[8] Abd Elminaam, D. S., Abdual-Kader, H. M., & Hadhoud, M. M. (2010). Evaluating The Performance of Symmetric Encryption Algorithms. International Journal of Network Security, 10(3), 216-222.
[9] Blaze, M., Diffie, W., Rivest, R. L., Schneier, B., Shimomura, T., Thompson, E., & Wiener, M. (1996). Minimal key lengths for symmetric ciphers to provide adequate commercial security: A report by an ad hoc group of cryptographers and computer scientists. Technical report, January 1996.
[10] Delfs, H., Knebl, H., Delfs, H., & Knebl, H. (2015). Symmetric-key cryptography. Introduction to Cryptography: Principles and Applications, 11-48.
[11] Weerasinghe, T. B. (2014). Secrecy and performance analysis of symmetric key encryption algorithms. Cryptology ePrint Archive.
[12] Pandey, C. (2020). Design and analysis of a secure hardware implementation for cryptography applications. Journal of Contemporary Research Review, 7(8), 3935-3942.
[13] Lalem, F., Laouid, A., Kara, M., Al-Khalidi, M., & Eleyan, A. (2023). A novel digital signature scheme for advanced asymmetric encryption techniques. Applied Sciences, 13(8), 5172.
[14] Tian, Q., Kang, H., Ai, T., & Fei, L. (2018, May). Analysis and Comparison of Network Information Security Encryption Technology. In 2018 3rd International Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 2018) (pp. 678-682). Atlantis Press.
[15] Simmons, G. J. (1979). Symmetric and asymmetric encryption. ACM Computing Surveys (CSUR), 11(4), 305-330.
[16] Naik, K., & Wei, D. S. (2001). Software implementation strategies for power-conscious systems. Mobile Networks and Applications, 6, 291-305.
[17] Nadeem, A., & Javed, M. Y. (2005, August). A performance comparison of data encryption algorithms. In 2005 international Conference on information and communication technologies (pp. 84-89). IEEE.
[18] Sung, B. Y., Kim, K. B., & Shin, K. W. (2018, January). An AES-GCM authenticated encryption crypto-core for IoT security. In 2018 International Conference on Electronics, Information, and Communication (ICEIC) (pp. 1-3). IEEE.
[19] Wang, S. (2006). An architecture for the AES-GCM security standard (Master's thesis, University of Waterloo).
[20] Kaushik, A. (2013). Extended Diffie-Hellman algorithm for key exchange and management. International Journal of Advanced Engineering Sciences, 3(3), 67-70.
[21] Avestro, J. E., Sison, A. M., & Medina, R. P. (2019, November). Hybrid Algorithm Combining Modified Diffie Hellman and RSA. In 2019 IEEE 4th International Conference on Technology, Informatics, Management, Engineering & Environment (TIME-E) (pp. 100-104). IEEE.
[22] Flores-Carapia, R., Silva-García, V. M., & Cardona-López, M. A. (2023). A dynamic hybrid cryptosystem using chaos and diffie–hellman protocol: An image encryption application. Applied Sciences, 13(12), 7168.
[23] Harn, L., & Lin, C. (2010). Authenticated group key transfer protocol based on secret sharing. IEEE transactions on computers, 59(6), 842-846.
[24] The Vue.js Team. (n.d.). Vue.js. Retrieved from https://vuejs.org/
[25] Kumpulainen, T. (2021). Web application development with Vue. js.
[26] Song, J., Zhang, M., & Xie, H. (2019). Design and implementation of a vue. js-based college teaching system. International Journal of Emerging Technologies in Learning (Online), 14(13), 59.
[27] Anderson, C. (2012). The model-view-viewmodel (mvvm) design pattern. In Pro Business Applications with Silverlight 5 (pp. 461-499). Berkeley, CA: Apress.
[28] Li, N., & Zhang, B. (2021, April). The research on single page application front-end development based on Vue. In Journal of Physics: Conference Series (Vol. 1883, No. 1, p. 012030). IOP Publishing.
[29] Hickson, I., Berjon, R., Faulkner, S., Leithead, T., Navara, E. D., O’Connor, E., & Pfeiffer, S. (2014). Html5 specification. World Wide Web Consortium.
[30] Verdú, J., & Pajuelo, A. (2015). Performance scalability analysis of javascript applications with web workers. IEEE Computer Architecture Letters, 15(2), 105-108.
[31] Okamoto, S., & Kohana, M. (2010, November). Load distribution by using web workers for a real-time web application. In Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services (pp. 592-597).
[32] Guntupally, K., Devarakonda, R., & Kehoe, K. (2018, December). Spring boot based REST API to improve data quality report generation for big scientific data: ARM data center example. In 2018 IEEE International Conference on Big Data (Big Data) (pp. 5328-5329). IEEE.
[33] Singhal, R. (2022). Spring boot backend development. Int. J. Adv. Res. Sci. Commun. Technol.(IJARSCT), 2(5).
[34] Benet, J. (2014). Ipfs-content addressed, versioned, p2p file system. arXiv preprint arXiv:1407.3561.
[35] Guidi, B., Michienzi, A., & Ricci, L. (2021, January). Data persistence in decentralized social applications: The ipfs approach. In 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-4). IEEE.
[36] IPFS. (n.d.). Retrieved from https://docs.ipfs.tech/
[37] Vimal, S., & Srivatsa, S. K. (2019). A new cluster P2P file sharing system based on IPFS and blockchain technology. Journal of Ambient Intelligence and Humanized Computing, 1-7.
[38] Jones, M., Bradley, J., & Sakimura, N. (2015). Json web token (jwt) (No. rfc7519).