由於無線環境易遭側錄與非平衡等特性，在無線網路中提供群體通訊的安全及隱私保護就更加值得關切。本論文分別針對無線區域網路以及行動通訊網路的群體通訊應用所面臨的相關議題，提出多種安全且有效率的可鑑別群體金鑰協議機制，使群體通訊可達到相互鑑別、抵抗假冒攻擊、金鑰確認及群體金鑰更新等需求與特性。

本論文首先提出一個適用於非平衡無線網路的無憑證可鑑別群體金鑰協議(wAGKA)機制。接下來，再根據wAGKA機制提出一個具隱私保護的無憑證可鑑別群體金鑰協議(wAGKA-PP)機制。wAGKA及wAGKA-PP機制結合無憑證公開金鑰及橢圓曲線密碼學，所以不需要任何公開金鑰憑證，可以在單一的邏輯步驟內同時完成個體鑑別及驗證預期的公開金鑰之正確性。與過去其他學者所提出的相關機制比較，在相同的安全等級下，wAGKA及wAGKA-PP機制所需之金鑰與訊息長度均較小，並具有較少的通訊負載及計算複雜度，此外，wAGKA-PP機制具有使用者匿名性，更適用於傳統的無線網路環境。

欲將既行的群體金鑰協議機制實作應用於通用移動通訊系統(Universal Mobile Telecommunications System，縮寫：UMTS)，則仍須在既行的UMTS架構中增加許多額外的密碼函數或模組，因此實作上較不可行。有鑑於此，本論文基於既行的UMTS架構提出一個可鑑別群體金鑰協議(uAGKA)機制，該機制可以同時建立三種會談金鑰，其中群體金鑰可運用於群體機密通訊，另兩種金鑰則可運用於子群體應用服務或群體金鑰更新。本論文提出的uAGKA機制因為僅須使用既行的UMTS安全功能函數及互斥或運算，所以可以直接相容於既行的UMTS架構，並在設計上也可滿足既行的UMTS標準之合法監聽需求與特性。

Due to the vulnerable to eavesdropping and unbalance properties of the wireless environments, the security and privacy protection for group communication on the open wireless networks has become an increasing concern. This dissertation considers the subjects of group communication applications for wireless local area networks and mobile communication networks to propose secure and efficient authenticated group key agreement schemes. They can achieve the security requirements of mutual authentication, impersonation attack resistance, explicit key confirmation, and group key updating for group communications.

This dissertation first presents a wireless authenticated group key agreement scheme (wAGKA) for general wireless networks. Then we propose a wireless authenticated group key agreement scheme with privacy-preservation (wAGKA-PP) based on the proposed wAGKA scheme. Elaborating on merits of the certificateless public keys and elliptic curve cryptography, the entity authentication and the authenticity of the intended public keys can be simultaneously verified in a logically single step without requiring any public key certificates. And, bit sizes of the keys and the related messages are relatively smaller than those of the previously proposed schemes for the same security level. They save the required communication overheads, and computational complexities. Furthermore, the proposed wAGKA-PP scheme provides the property of user anonymity. The proposed wAGKA and wAGKA-PP schemes are more secure and efficient than previously proposed schemes for general wireless networks.

In order to implement the current group key agreement schemes into the UMTS, it needs to increase some extra security functions or modules to the existing UMTS framework but that is non-feasible. Hence, this dissertation proposes a UMTS authenticated group key agreement scheme (uAGKA) based on UMTS framework. The proposed uAGKA scheme can establish three types of secret keys shared by the participant users. One key is used for secure group communication and the other keys can be used for group key updating or subgroup applications. The proposed uAGKA scheme is compatible to UMTS architecture since it exploits only the existing UMTS security functions and exclusive-or (XOR) operation. And, it can achieve the lawful interception requirement and recommendations in existing UMTS standards.

[3GPP01] 3GPP TS 33.103, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Integration Guidelines,” V4.2.0 (2001).
[3GPP09a] 3GPP TS 33.102, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture,” V9.1.0 (2009).
[3GPP09b] 3GPP TS 33.105, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Cryptographic Algorithm Requirements,” V9.0.0 (2009).
[3GPP09c] 3GPP TS 33.106, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful Interception Requirements,” V9.0.0 (2009).
[3GPP09d] 3GPP TS 33.107, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful Interception Architecture and Functions,” V9.0.0 (2009).
[3GPP09e] 3GPP TS 33.108, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Handover Interface for Lawful Interception (LI),” V9.1.0 (2009).
[AST00] Ateniese, G., Steniner, M., and Tsudik, G., “New Multiparty Authentication Services and Key Agreement Protocols,” IEEE Journal on Selected Areas in Communications, Vol.18, No.4, pp.628-639 (2000).
[AST98] Ateniese, G., Steiner, M., and Tsudik, G., “Authenticated Group Key Agreement and Friends,” Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, pp.17-26 (1998).
[BCEP04] Bresson, E., Chevassut, O., Essiari A., and Pointcheval, D., “Mutual Authentication and Group Key Agreement for Low-Power Mobile Devices,” Computer Communications, Vol.27, No.17, pp. 1730-1737 (2004).
[BCP01] Bresson, E., Chevassut, O., and Pointcheval, D., “Provably Authenticated Group Diffie-Hellman Key Exchange – the Dynamic Case,” Advances in Cryptology - ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, pp.290-309 (2001).
[BM98] Blake-Wilson, S., and Menezes, A., “Authenticated Diffie-Hellman Key Agreement Protocols,” Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography:SAC’98, Kingston, Ontario, Canada, pp.339-361 (1998).
[BPR00] Bellare, M., Pointcheval, D., and Rogaway, P., “Authenticated Key Exchange Secure Against Dictionary Attacks,” Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, pp.139-155 (2000).
[BSS99] Blake, I., Seroussi, G., and Smart, N., “Elliptic Curves in Cryptography,” Cambridge University Press, Cambridge, UK. (1999).
[CC07] Chow, S.S.M., and Choo, K.K.R., “Strongly-Secure Identity-Based Key Agreement and Anonymous Extension,” proceedings of the 10th Information Security Conference (ISC 2007), Delft, Netherlands, pp.203-220 (2007).
[Chi07] Chien, H.Y., “ID-Based Key Agreement with Anonymity for Ad Hoc Networks,” Proceedings of the 2007 international conference on Embedded and ubiquitous computing, Taipei, Taiwan, pp.333-345 (2007).
[CHY06] Chen, T.S., Hsu, E.T., and Yu, Y.L., “A New Elliptic Curve Undeniable Signature Scheme,” International mathematical Journal, Vol.1, No.31, pp. 1529-1536 (2006).
[CLS06] Contini, S., Lenstra, A.K., and Steinfeld, R., “VSH, an Efficient and Provable Collision-Resistant Hash Function,” Advances in Cryptology - EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, pp. 165-182 (2006).
[DH76] Diffie, W., and Hellman, M., “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol.22, No.6, pp. 644-654 (1976).
[DOW92] Diffie, W., van Oorschot, P.C., and Wiener, M.J., “Authentication and Authenticated Key Exchange,” Designs, Codes, and Cryptography, Vol.2, No.2, pp. 107-125 (1992).
[ElG85] ElGamal, T., “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, Vol.31, No.4, pp. 469-472 (1985).
[Gir91] Girault, M., “Self-certified Public Keys,” Advances in Cryptology - EUROCRYPT '91, Workshop on the Theory and Application of Cryptographic Techniques, Brighton, UK, pp.490-497 (1991).
[HHM00] Hankerson, D., Hernandez, J.L., and Menezes, A., “Software Implementation of Elliptic Curve Cryptography over Binary Fields,” Proceedings of Second Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '00), C.K. Koc and C. Paar, eds., pp. 1-24 (2000).
[IEEE09] IEEE P1363, “Standard Specifications for Public Key Cryptography,” IEEE Working Group, http://grouper.ieee.org/groups/1363/ (2009).
[JKC09] Jing, D., Kurt, A., and Cristina, N.R., “Secure Group Communication in Wireless Mesh Networks,” Ad Hoc Networks, Vol.7, No.8, pp. 1563-1576 (2009).
[Jua04] Juang, W.S., “Efficient Password Authenticated Key Agreement Using Smart Cards,” Computers and Security, Vol.23, No.2, pp. 167-173 (2004)
[KMV00] Koblitz, N., Menezes, A., and Vanstone, S., “The State of Elliptic Curve Cryptography,” Designs, Codes and Cryptography, Vol.19, No.2, pp.173-193 (2000).
[Kob87] Koblitz, N., “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol.48, No.177, pp. 203-209 (1987).
[KRIY05] Kim, W.H., Ryu, E.K., Im, J.Y., and Yoo, K.Y., “New Conference Key Agreement Protocol with User Anonymity,” Computer Standards & Interfaces, Vol.27, No.2, pp.185-190 (2005).
[KW00] Ku, W.C., and Wang, S.D., “Cryptanalysis of Modified Authenticated Key Agreement Protocol,” IEE Electronics Letters, Vol.36, No.21, pp. 1770-1771 (2000).
[LKKY03] Lee, S.W., Kim, W.H., Kim, H.S., and Yoo, K.Y., “Parallizable Simple Authenticated Key Agreement Protocol,” ACM Operating Systems Review, Vol.37, No.3, pp. 17-22 (2003).
[LLT09] Lee, C.C., Lin, T.H., and Tsai, C.S., “A New Authenticated Group Key Agreement in a Mobile Environment,” Annals of Telecommunications, Vol.64, No.11-12, pp. 735-744 (2009).
[LWH09] Lu, C.F., Wu, T.C., and Hsu, C.L., “Certificateless Authenticated Group Key Agreement Protocol for Unbalanced Wireless Mobile Networks,” WSEAS Transactions on Communications, Vol.11, No.8, pp.1145-1159 (2009).
[Men93] Menezes, A., “Elliptic Curve Public Key Cryptosystems,” Kluwer Academic Publishers, Boston, MA. (1993).
[Mil85] Miller, V., “Use of Elliptic Curves in Cryptography,” Advances in Cryptology- CRYPTO’85, Santa Barbara, California, USA, pp. 417-426 (1985).
[MK06] Mangipudi1, K., and Katti, R., “A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) “, Computers & Security, Vol.25, No.6, pp.420-425 (2006).
[MOV97] Menezes, A., van Oorschot, P.C., and Vanstone, S., “Handbook of Applied Cryptography,” CRC Press, Boca Raton (1997).
[MS10] Manulis, M., Sadeghi, A.R., “Key Agreement for Heterogeneous Mobile Ad-Hoc Groups,” International Journal of Wireless and Mobile Computing, Vol.4, No.1, pp. 17-30 (2010).
[NIST00] NIST FIPS 186-2, “Digital Signature Standard (DSS),” NIST, Gaithersburg, MD, USA (2000).
[NIST07] NIST FIPS 180-3, “Secure Hash Standard (SHS),” NIST, Gaithersburg, MD, USA (2007).
[NKW05] Nam, J., Kim, S., and Won, D., “A Weakness in The Bresson-Chevassut-Essiari-Pointcheval’s Group Key Agreement Scheme for Low-Power Mobile Devices,” IEEE Communications Letters, Vol.9, No.5, pp.429-431 (2005).
[NLKW05] Nam, J., Lee, J., Kim, S., and Won, D., “DDH-Based Group Key Agreement in a Mobile Environment,” The Journal of System and Software, Vol.78, No.1, pp. 73-83 (2005).
[NM04] Ng, S.L., and Mitchell, C., “Comments on Mutual Authentication and Key Exchange Protocols for Low Power Wireless Communications,” IEEE Communications Letters, Vol.8, No.4, pp. 262-263 (2004).
[PH97] Petersen, H., and Horster, P., “Self-Certified Keys Concepts and Applications,” Communications and Multimedia Security: Volume 3: Proceedings of the 3rd Joint Working Conference of IFIP TC6 and TC11, Athens, Greece, pp.102-116 (1997).
[PKK09] Park, H., Kim, Z., and Kim, K., “Forward Secure ID-Based Group Key Agreement Protocol with Anonymity,” Proceedings of of the Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009), Athens/Glyfada, Greece, pp.274-279 (2009).
[RFC06] RFC 4992, “Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS),” TLS Working Group, Internet Engineering Task Force (IETF) (2006).
[Rom01] Romer, K., “Time Synchronization in Ad Hoc Networks,” Proceedings of the 2nd ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 01), Long Beach, CA, USA, pp. 173-182 (2001).
[SS99] Seo, D., and Sweeny P., “Simple Authenticated Key Agreement Algorithm,” IEE Electronics Letter, Vol.35, No.13, pp. 1073-1074 (1999).
[ST01] Shamir, A., and Tauman, Y., “Improved On-Line/Off-Line Signature Schemes,” Proceedings of Advances in Cryptology - Crypto’01, LNCS 2139, pp. 355-367 (2001).
[SY09] Sun, B., and Yu, B., “The Three-Layered Group Key Management Architecture for MANET,” Proceedings of the 11th International Conference on Advanced Communication Technology, Phoenix Park, Gangwon-do, South Korea, pp.1378-1381 (2009).
[Tsa05] Tsaur, W.J., “Several Security Schemes Constructed Using ECC-Based Self-Certified Public Key Cryptosystems,” Applied Mathematics and Computation, Vol.168, No.1, pp.447-464 (2005).
[Tse00] Tseng, Y.M., “Weakness in Simple Authenticated Key Agreement Protocol,” IEE Electronics Letter, Vol.36, No.1, pp. 48-49 (2000).
[Tse06] Tseng, Y.M., “On the Security of Two Group Key Agreement Protocols for Mobile Devices,” In International Workshop on Future Mobile and Ubiquitous Information Technologies (FMUIT2006), Nara, Japan, pp.59-62 (2006).
[Tse07] Tseng, Y.M., “A Secure Authenticated Group Key Agreement Protocol for Resource-Limited Mobile Devices,” The Computer Journal, Vol.50, No.1, pp. 41-52 (2007).
[UD06a] Um, H., and Delp, E.J., “A Secure Group Key Management Scheme for Wireless Cellular Networks,” Proceedings of the Third International Conference on Information Technology: New Generations (ITNG’06), Las Vegas, Nevada, USA, pp. 414-419 (2006).
[UD06b] Um, H., and Delp, E.J., “A New Secure Group Key Management Scheme for Multicast over Wireless Cellular Networks,” Proceedings of the 25th IEEE International Performance Computing and Communications Conference (IPCCC’06), Phoenix, Arizona, USA, pp. 23-30 (2006).
[WJWL07] Wang, R.C., Juang, W.S., Wu, C.C., and Lei, C.L., “A Lightweight Key Agreement Protocol with User Anonymity in Ubiquitous Computing Environments,” Proceedings of International Conference on Multimedia and Ubiquitous Engineering, Seoul, South Korea, pp.313-318 (2007).
[WRLP08] Wan, Z., Ren, K., Lou, W., and Preneel, B., “Anonymous ID-Based Group Key Agreement for Wireless Networks,” Proceedings of IEEE Wireless Communications and Networking Conference, Las Vegas, USA, pp.2615-2620 (2008).
[Ys02] Yeh, H.T., and Sun H.M., “Simple Authenticated Key Agreement Protocol Resistant to Password Guessing Attacks,” ACM Operating Systems Review, Vol.36, No.4, pp. 14-22 (2002).