近年來，由於網路應用之快速發展，安全(security)與隱私保護(privacy preservation)的問題已成為在開放式網路中通訊時必須同時考量且日益重要的一個議題。一個具身分鑑別之金鑰協議協定(authenticated key agreement protocol)可以確保通訊個體在開放式網路中通訊時的安全性，然而，具身分鑑別之金鑰協議協定在設計時並未考量隱私保護的問題。如果一個合法使用者在協定執行時洩漏了身分，那麼敵人可以據以追蹤該使用者並發動某些攻擊。為達到隱私保護之目的，在協定中提供使用者匿名(user anonymity)的保護機制是一個有效的解決方案。
本論文提出二個具隱私保護及身分鑑別之金鑰協議協定：第一個協定適用於資源有限的行動裝置，同時能提供隱私保護及身分鑑別之二層次群體金鑰協議協定；第二個協定是適用於多伺服系統，同時具隱私保護及身分鑑別之金鑰協議協定。在我們提出的第一個協定中，一個群體管理者可以在公開的網路上輕易的建立一個安全的協定，讓參與金鑰協議的群體成員在不洩漏自已身分的前提下分享一把具身分鑑別之密鑰，用來達到後續的安全通訊。在我們提出的第二個協定中，一個合法的使用者可以在不洩漏自已身分的前提下安全的存取多台伺服器，而且每次使用者在登入伺服器時，他們會互相鑑別對方的身分，並且產生一把共同密鑰。我們提出的二個金鑰協議協定皆使用自我驗證公開金鑰系統和橢圓曲線密碼系統，不只能滿足完美前推安全(perfect forward secrecy)、已知金鑰安全(known key security)、內隱金鑰驗證(implicit key authentication)及外顯金鑰驗證(explicit key authentication)等安全需求外，同時也能達到實務上的效率要求。與之前其他研究者所提出的方法比較，我們的方法需要較少的通訊成本與運算量，因此具有較高的效率，非常適合使用在資源有限的行動裝置上。

In recent years, since the popularity of network applications, the security and privacy preservation for communication on the open network has become an increasing concern. An authenticated key agreement protocol (AKAP) ensures that entities communicate with each other securely through open channels. However, an authenticated key agreement protocol is designed without consideration of privacy preservation. If a valid user's identity is disclosed during the protocol execution, an adversary can trace the user and launch some attacks. To protect privacy, providing the user anonymity is an effective solution.
In this dissertation, we present two authenticated key agreement protocols with privacy preservation: (1) Two level extended multi-party AKAP with privacy preservation for resource-limited mobile devices, and (2) Enhanced AKAP with privacy preservation for multiple servers. In the first proposed protocol, a group manager can easily setup a secure protocol in a public network to let the intended group members share an authenticated session key without disclosing their identities in the subsequent communication. In the second proposed protocol, a valid user can access multiple servers securely without disclosing his identity, but the user and server will authenticate each other and generate a common session key in each login process. By using self-certified public keys and based on the elliptic curve cryptosystems (ECC), the proposed protocols not only satisfy the security requirements of perfect forward secrecy, known key security (resistance to known key attacks), implicit key authentication, and key confirmation (explicit key authentication), but also achieve performance efficiency in practices. The proposed protocols can gain much efficiency in saving both the communicational cost and the computational effort as compared to previous works implemented by modular exponentiation, so they are quite suitable to be used for resource-limited mobile devices.

[AST98] Ateniese, G., Steiner, M., and Tsudik, G., “Authenticated group key agreement and friends,” ACM Conference on Computer and Communications Security, 1998, pp. 17-26.
[AST00] Ateniese, G., Steniner, M., and Tsudik, G., “New multiparty authentication services and key agreement protocols,” IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, 2000, pp. 628-639.
[BCEP04] Bresson, E., Chevassut, O., Essiari, A., and Pointcheval, D., “Mutual authentication and group key agreement for low-power mobile devices,” Computer Communications, Vol. 27, No. 17, 2004, pp. 1730-1737.
[BCP01] Bresson, E., Chevassut, O., and Pointcheval, D., “Provably authenticated group Diffie-Hellman key exchange – the dynamic case,” Advances in Cryptology:ASIACRYPT’01, Springer-Verlag, 2001, pp. 290-309.
[BM98] Blake-Wilson, S. and Menezes, A., “Authenticated Diffie- Hellman key agreement protocols,” Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography: SAC’98, Springer-Verlag, 1998, pp. 339-361.
[BPR00] Bellare, M., Pointcheval, D., and Rogaway, P., “Authen- ticated key exchange secure against dictionary attacks,” Advances in Cryptology:EUROCRYPT’00, Springer- Verlag, 2000, pp. 139-155.
[CC07] Chow, S.S.M. and Choo, K.K.R., “Strongly-Secure Identity-Based Key Agreement and Anonymous Exten- sion,” Information Security, LNCS 4779, 2007, pp. 203-220.
[Chi07] Chien, H.Y., “ID-Based Key Agreement with Anonymity for Ad Hoc Networks,” International Federation for Information Processing, LNCS 4808, 2007, pp. 333-345.
[CJT02] Chien, H.Y., Jan, J.K., and Tseng, Y.M., “An efficient and practical solution to remote authentication smart card,” Computers & Security, Vol. 21, No. 4, 2002, pp. 372–375.
[CL08] Chen, T.H., and Lee, W.H., “A new method for using hash functions to solve remote user authentication,” Computers and Electrical Engineering, Vol. 34, No. 1, 2008, pp. 53–62.
[CW91] Chang, C.C., and Wu, T.C., “Remote password authentication with smart cards,” IEE Proceedings. Part E. Computers and Digital Techniques, Vol. 38, No. 3, 1991, pp. 165-168.
[DH76] Diffie, W. and Hellman, M.E., “New directions in Cryptography”, IEEE Transaction On Information Theory, Vol. 22, No. 6, 1976, pp. 644-654.
[DOW92] Diffie, W., Oorschot, P.C.V., and Wiener, M.J., “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, Springer-Verlag, 1992, pp. 107-125.
[DSG04] Das, M.L., Saxena, A., and Gulati, V.P., “A dynamic ID- based remote user authentication scheme”, IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, May 2004, pp. 629-631.
[ElG85] ElGamal, T., “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, Vol. 31, No. 4, 1985, pp. 469-472.
[Gir91] Girault, M., “Self-certified public keys,” Advances in Cryptology:EUROCRYPT’91, Springer Verlag, 1991, pp. 491-497.
[Har94] Harn, L., “New digital signature scheme based on discrete logarithm,” Electronics Letters, Vol. 30, No. 5, 1994, pp. 396–398.
[HL00] Hwang, M.S., and Li, L.H., “A new remote user authenti- cation scheme using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 46, No. 1, 2000, pp. 28–30.
[HS09] Hsiang, H.C. and Shih, W.K., “Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, Vol. 31, No. 6, 2009, pp. 1118–1123.
[Hsu04] Hsu, C.L., “Security of Chien et al.’s remote user authentication scheme using smart cards,” Computer Standards & Interfaces, Vol. 26, 2004, pp. 167–169.
[HY02] Hwang, J.J., and Yeh, T.C., “Improvement on Peyravian– Zunic’s password authentication schemes,” IEICE Transactions and Communications, Vol. 85, No. 4, 2002, pp. 823–825.
[Jua04] Juang, W.S., “Efficient password authenticated key agreement using smartcards, ” Computers and Security, Vol. 23, No. 2, Mar. 2004, pp. 167-173.
[Juan04] Juang, W.S., “Efficient multi-server password authen- ticated key agreement using smart cards,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 1, 2004, pp. 251-255.
[KCL03] Ku, W.C., Chen, C.M., and Lee, H.L., “Cryptanalysis of a variant of Peyravian–Zunic’s password authentication scheme,” IEICE Transactions and Communications, Vol. 86, No. 5, 2003, pp. 1682-1684.
[Kob87] Koblitz, N., “Elliptic curve cryptosystems,” Mathematics of Computation, Vol. 48, No. 177, 1987, pp. 203-209.
[KRIY05]
Kim, W.H., Ryu, E.K., Im, J.Y., and Yoo, K.Y., “New conference key agreement protocol with user anonymity,” Computer Standards & Interfaces, Vol. 27, 2005, pp. 185–190.
[Ku04]
Ku, W.C., “A hash-based strong-password authentication scheme without using smart cards,” ACM Operating Systems Review, Vol. 38, No. 1, 2004, pp. 29–34.
[KW00]
Ku, W.C., and Wang, S.D., “Cryptanalysis of modified authenticated key agreement protocol,” IEE Electronics Letters, Vol. 36, No. 21, 2000, pp. 1770-1771.
[KZ05]
Khan, M.K., and Zhang, J.S., “Cryptanalysis and comments on A dynamic ID-based remote user authentication scheme,” International Journal of Computer Science and Network Security, Vol. 5, No. 11, 2005 pp. 106–110.
[KZ07]
Khan, M.K., and Zhang, J.S., “Improving the security of A Flexible Remote User Authentication Scheme,” Computer Standards & Interfaces, Vol. 29, 2007 pp. 82–85.
[Lam81] Lamport, L., “Password authentication with insecure communication,” Communications of the ACM, Vol. 24, No. 11, Nov. 1981, pp. 770-772.
[LKKY03] Lee, S.W., Kim, W.H., Kim, H.S., and Yoo K.Y., “Parallizable simple authenticated key agreement protocol,” ACM Operating Systems Review, Vol. 37, No. 3, 2003, pp. 17-22.
[LLH02] Lee, C.C., Li, L.H., and Hwang, M.S., “A remote user authentication scheme using hash functions,” ACM Operating Systems Review, Vol. 36, No. 4, 2002, pp. 23-29.
[LW09] Liao, Y.P. and Wang, S.S., “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, Vol. 31, No. 1, 2009, pp. 24-29.
[Mil85] Miller, V., “Uses of elliptic curves in cryptography,” Advances in Cryptology:CRYPTO'85, 1985, pp. 417-426.
[MK06] Mangipudi, K. and Katti, R. “A Secure Identification and Key agreement protocol with user Anonymity (SIKA),” Computers & Security, Vol. 25, No. 6, 2006, pp. 420-425.
[MOV97] Menezes, A.J., Oorschot, P.C., and Vanstone, S.A., Hand- book of applied cryptography, CRC Press, Boca Raton, Florida, 1997.
[NIST00] NIST FIPS PUB 186-2, Digital Signature Standard (DSS), Federal Information Processing Standards Publication, 2000.
[NIST09] NIST FIPS PUB 186-3, Digital Signature Standard (DSS), Federal Information Processing Standards Publication, 2009.
[NKW05] Nam, J., Kim, S., and Won, D. “A weakness in the Bresson – Chevassut – Essiari – Pointcheval’s group key agreement scheme for low-power mobile devices,” IEEE Communications Letters, Vol. 9, No. 5, 2005, pp. 429-431.
[PH97] Petersen, H. and Horster, P., “Self-certified keys concepts and applications,” Proceeding of Communications and Multimedia Security’97, 1997, pp. 102-116.
[PKK09] Park, H., Kim, Z., and Kim, K., “Forward Secure ID- based Group Key Agreement Protocol with Anonymity,” Proc. IEEE SECURWARE, Athens, Jun. 2009, pp. 274-279.
[PZ00] Peyravian, M., and Zunic, N., “Methods for protecting password transmission,” Computers & Security, Vol. 19, No. 5, 2000, pp. 466–469.
[SS99] Seo, D., and Sweeney, P., “Simple authenticated key agreement algorithm,” IEE Electronics Letters, Vol. 35, No. 13, 1999, pp. 1073-1074.
[Tsa05] Tsaur, W.J., “Several security schemes constructed using ECC-based self-certified public key cryptosystems,” Applied Mathematics and Computation,” Vol. 168, 2005, pp. 447–464.
[Tsa08] Tsai, J.L., “Efficient multi-server authentication scheme based on one-way hash function without verification table,” Computers & Security, Vol. 27, 2008, pp. 115–121.
[Tse00] Tseng, Y.M., “Weakness in simple authenticated key agreement protocol,” Electronics Letters, Vol. 36, No. 1, 2000, pp. 48–49.
[Tse07] Tseng, Y.M., “A secure authenticated group key agree- ment protocol for resource-limited mobile devices,” The Computer Journal, Vol. 50, No. 1, 2007, pp. 41–52.
[TWL04] Tsaur, W.J., Wu, C.C., and Lee, W.B., “A smart card- based remote scheme for password authentication in multi-server Internet services,” Computer Standards and Interfaces, Vol. 27, No. 1, 2004, pp. 39–51.
[TWL05] Tsaur, W.J., Wu, C.C., and Lee, W.B., “An enhanced user authentication scheme for multi-server Internet services,” Applied Mathematics and Computation, Vol. 170, 2005, pp. 258–266.
[WJWL07] Wang, R.C., Juang, W.S., Wu, C.C., and Lei, C.L., “A lightweight key agreement protocol with user anonymity in ubiquitous computing environments,” Multimedia and Ubiquitous Engineering, Vol. 26, No. 28, 2007, pp. 313-318.
[WJL09] Wang, R.C., Juang, W.S., and Lei, C.L., “User Authenti- cation Scheme with Privacy-Preservation for Multi-Server Environment,” IEEE Communications Letters, Vol. 13, No. 2, 2009, pp. 157-159.
[WRLP08] Wan, Z., Ren, K., Lou, W., and Preneel, B., “Anonymous ID-based Group Key Agreement for Wireless Networks,” IEEE Wireless Communications and Networking Conference, Las Vegas, Mar. 2008, pp. 2615-2620.
[WS96] Wu, T.C., and Sung, H.S., “Authentication passwords over an insecure channel,” Computer and Security, Vol. 15, No. 5, 1996, pp. 431-439.
[YHVK08] Yeun, C.Y., Han, K., Vo, D.L., and Kim, K., “Secure authenticated group key agreement protocol in the MANET environment,” Information Security Technical Report, Vol. 13, 2008, pp. 158-164.
[YRY04] Yoon, E.J., Ryu, E.K., and Yoo, K.Y., “A secure user authentication scheme using hash functions,” ACM Operating Systems Review, Vol. 38, No. 2, 2004, pp. 62-68.
[YS99] Yang, W.H., and Shieh, S.P., “Password authentication schemes with smart card,” Computer and Security, Vol. 18, No. 8, 1999, pp. 727-733.
[YS02] Yeh, H.T., and Sun, H.M., “Simple authenticated key agreement protocol resisant to password guessing attacks,” ACM Operating Systems Review, Vol. 36, No. 4, 2002, pp. 14-22.