在本篇論文中，我們提出一種非常安全、可靠的自我備份私鑰方法。近年來，公鑰加密認證(Public Key Authentication，PKA) 已被確認是最可行且安全的網路認證方法，然而，遺失私鑰造成的帳戶遺失成為了關鍵問題。現有的基於利用使用者自己擁有的東西(something-you)，譬如自己的擁有物(something-you-have)、自己所知物(something-you-know)以及自己本身(something-you-are)來保護私鑰的備份方式會造成用新的秘密來保護舊的秘密的迴圈困境，只是轉換保護目標，並無法徹底解決問題。舉例來說，把私鑰放進一個保險箱，則保險箱的鑰匙就成為了新的保護目標。以往的學者提出直接託管(direct escrow)的方法把私鑰託管給信任的伺服器獲信任人(trustee)，然而這些受託的第三方因為擁有私鑰的所有權限，只要他們串通則使用者的私鑰就會遭竊。為了解決這迴圈困境且提供真正安全可靠的備份方法，我們提出把備份的所有權跟存取權分開保管，並把存取權利用公鑰加密託管給信任人，我們稱之為「非直接託管」。當要取回密鑰時，使用者利用社會認證拿回備份的存取權來解密備份。這樣做的好處是使用者不必再保管備份的權限，當使用者需要回復私鑰時，他只需要去聯繫他之前所選的信任人，保管權限的任務跟遺失風險則被分散到這些信任人上，且我們可以設計錯誤容忍，來達到非常安全可靠的備份。根據我們的分析，我們的非直接權限法比其他已知的方法有1000000倍的安全性和可靠性。

In this paper, we propose a very secure and reliable owner self-managed private key recovery method. In recent years, Public Key Authentication (PKA) method has been identified to be the most feasible solution for online security. However, a critical issue occurs if private keys are lost, then the owners are disabled from all transactions. The existing commonly adopted something-you solutions, which basically use a new secret to protect the target secret, fall into a circular protection issue as the new secret has to be protected too. To resolve the circular protection issue and provide a truly secure and reliable solution, we propose separating the permission and possession of the private key and create secrete shares of the encrypted permission using the open public keys of selected trustees. Then by applying the social authentication method, one may easily retrieve the permission to recover the private key. Our analysis shows that our proposed indirect permission method is 1000000 times more secure and reliable than other known approaches.

ABSTRACT.........................................3
Contents.........................................4
List of Tables...................................5
List of Figures..................................6
I. Introduction.............................7
II. Related work............................12
A. The alternative-authenticator approach..12
B. The original-authenticator approach.....15
III. THE PROPOSED INDIRECT ESCROW AND PERMISSION SECRET BACKUP APPROACHES......................................18
A. Notations...............................18
B. Assumptions.............................19
C. The direct escrow method................20
D. Our Proposed Algorithms.................20
IV. SECURITY AND RELIABILITY ANALYSIS.......26
A. Security Analysis.......................26
B. Reliability Analysis....................28
C. Recovery Failure Rate Analysis..........29
D. Parameters in Real World Numbers........29
E. Optimization of (k,n)...................30
V. COMPARISON..............................32
VI. CONCLUSION..............................35
References......................................36
APPENDIX........................................39

[1] Siadati, Hossein, et al. "Mind your SMSes: Mitigating social engineering in second factor authentication." computers & security 65 (2017): 14-28.
[2] Siadati, Hossein, Toan Nguyen, and Nasir Memon. "Verification Code Forwarding Attack (Short Paper)." International Conference on Passwords. Springer International Publishing, 2015.
[3] https://fidoalliance.org/
[4] https://nymi.com/
[5] Han, Aaron L-F., Derek F. Wong, and Lidia S. Chao. "Password cracking and countermeasures in computer security: A survey." arXiv preprint arXiv:1411.7803 (2014).
[6] https://bitcoinpaperwallet.com/
[7] https://bitcoin.org/en/bitcoin-core/
[8] https://brainwallet.io/
[9] Brainard, John, et al. "Fourth-factor authentication: somebody you know." Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006.
[10] https://www.facebook.com/notes/facebook-security/introducing-trusted-contacts/10151362774980766/
[11] Schechter, Stuart, Serge Egelman, and Robert W. Reeder. "It's not what you know, but who you know: a social approach to last-resort authentication." Proceedings of the sigchi conference on human factors in computing systems. ACM, 2009.
[12] Shamir, Adi. "How to share a secret." Communications of the ACM 22.11 (1979): 612-613.
[13] Bonneau, Joseph, et al. "Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at google." Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 2015.
[14] https://www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf
[15] Ylonen, Tatu, and Chris Lonvick. "The secure shell (SSH) protocol architecture." (2006).
[16] Foster, Kenneth R., and Jan Jaeger. "RFID inside." IEEE Spectrum 44.3 (2007): 24-29.
[17] https://cointelegraph.com/news/bitcoin-investor-loses-50000-as-his-wallet-backups-get-damaged-by-fire
[18] Maqbali, Fatma Al, and Chris J. Mitchell. "Web password recovery---a necessary evil?." arXiv preprint arXiv:1801.06730 (2018).
[19] Gelernter, Nethanel, et al. "The password reset mitm attack." Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 2017.
[20] Engel, Tobias. "Ss7: Locate. track. manipulate." Talk at 31st Chaos Communication Congress. 2014.
[21] N. Z.Gong and D.Wang, “On the Security of Trustee-Based Social Authentications,” IEEE Trans. Inf. Forensics Secur., vol. 9, no. 8, pp. 1251–1263, Aug.2014.
[22] https://cryptosteel.com/
[23] Melicher, William, et al. "Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks." USENIX Security Symposium. 2016.
[24] https://blockchain.info/wallet/#/
[25] https://blog.talosintelligence.com/2018/02/coinhoarder.html
[26] S.Jarecki, A.Kiayias, H.Krawczyk, andJ.Xu, “Highly-efficient and composable password-protected secret sharing (Or: How to Protect Your Bitcoin Wallet Online),” Proc. - 2016 IEEE Eur. Symp. Secur. Privacy, EURO S P 2016, pp. 276–291, 2016.
[27] https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
[28] T.Krivoruchko, J.Diamond, andJ.Hooper, “Storing RSA private keys in your head,” Proc. - 12th Pacific Rim Int. Symp. Dependable Comput. PRDC 2006, pp. 129–136, 2006.
[29] M.Vasek, J.Bonneau, R.Castellucci, C.Keith, and T.Moore, “The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9603 LNCS, pp. 609–618, 2017.
[30] Lanitis, Andreas. "A survey of the effects of aging on biometric identity verification." International Journal of Biometrics 2.1 (2009): 34-52.
[31] Rathgeb, Christian, and Andreas Uhl. "A survey on biometric cryptosystems and cancelable biometrics." EURASIP Journal on Information Security 2011.1 (2011): 3.
[32] https://www.amazon.com/Allcomponents-FINGERPRINTID-Thumbprint-Security-Reader/dp/B000HHHP7C
[33] Vu, Le-Hung, et al. "Enabling secure secret sharing in distributed online social networks." Computer Security Applications Conference, 2009. ACSAC'09. Annual. IEEE, 2009.
[34] https://www.cnbc.com/2017/09/04/alibaba-launches-smile-to-pay-facial-recognition-system-at-kfc-china.html
[35] https://techcrunch.com/2017/09/29/facebook-face-id/
[36] Vu, Le-Hung, et al. "Enabling secure secret sharing in distributed online social networks." Computer Security Applications Conference, 2009. ACSAC'09. Annual. IEEE, 2009.
[37] https://support.google.com/accounts/answer/1187538?hl=en
[38] Herzberg, Amir, et al. "Proactive secret sharing or: How to cope with perpetual leakage." Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1995.
[39] Nojoumian, Mehrdad, Douglas R. Stinson, and Morgan Grainger. "Unconditionally secure social secret sharing scheme." IET information security 4.4 (2010): 202-211.
[40] Xu, Yi, et al. "Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos." USENIX security symposium. 2016.
[41] https://ucr.fbi.gov/crime-in-the-u.s/2016/crime-in-the-u.s.-2016/topic-pages/tables/table-1
[42] Jin, Lei, James BD Joshi, and Mohd Anwar. "Mutual-friend based attacks in social network systems." Computers & security 37 (2013): 15-30.
[43] http://www.pewresearch.org/fact-tank/2014/02/03/what-people-like-dislike-about-facebook/
[44] Florencio, Dinei, and Cormac Herley. "A large-scale study of web password habits." Proceedings of the 16th international conference on World Wide Web. ACM, 2007.
[45] https://arxiv.org/abs/1803.05210