為因應群組使用的軟體成長需求，安全又可倚賴的群組通訊已在行動網路中普及。為了使群組通訊安全無虞，一些根據憑證公開金鑰密碼系統的群體認證金鑰交換之通訊協定 已被提出來。群體認證金鑰交換之通訊協定確保群組成員能夠在不安全的網絡中安全地通訊。然而，大多數的群體認證金鑰交換之通訊協定在使用雙線性函數的情形及不認證使用者身分下被實行。
在此論文中，作者提出不具鑑別性群體認證金鑰交換之通訊協定，並因計算複雜性的緣故在資源有限的行動裝置中不使用雙線性函數。此協定也提供了加入及離開群組的流程讓群組運作更有彈性，並採納了霍夫曼密鑰樹去使交涉回合降到最低，並減少電腦運算的成本。
此論文分析了此方案的安全性及此方案想獲得的安全性及使用者。除此之外，此方案的安全性也用BAN邏輯來評估，它讓每個群組成員都能產生一個新的、共同的、安全分享的密碼。最後，此方案與現存的群體認證金鑰交換之通訊協定相比，在通訊及計算複雜性也有較好的效率。因此，此方案適合應用在資源有限的行動裝置上。

Because of growing demand of the group-oriented applications, the secure and reliable group communication increases popularity in mobile networks. For securing group communications, a number of authenticated group key agreement (AGKA) schemes have been proposed based on certificateless public key cryptography (CL-PKC). AGKA scheme ensures group members to communicate with each other securely over insecure networks. However, the most of the AGKA schemes are implemented using bilinear pairing and without consideration of the user anonymity feature.
In this thesis, the author proposed an anonymous certificateless authenticated group key agreement scheme without using bilinear pairing for resource-limited mobile devices due to the heavy computational overhead. The proposed scheme also provides join and leave procedures to enable the dynamic group operations by adopting Huffman key tree in order to minimize the negotiation rounds and reduce computational costs.
This thesis analyzed the security of the proposed scheme and the proposed scheme obtains the desired security attributes with anonymity. Moreover, the security of proposed scheme was also evaluated by using BAN logic which shows that each group members generate a fresh, common and secure shared group key. Finally, the proposed scheme has relatively efficient performance in terms of communication and computation overheads than the others existing CL-PKC schemes. Hence, the proposed scheme is suitable to be used for resource-limited mobile devices.

[1] S. S. Al-Riyami and K. G. Paterson, "Certificateless public key cryptography," in Advances in cryptology - asiacrypt 2003: 9th international conference on the theory and application of cryptology and information security, taipei, taiwan, november 30 – december 4, 2003. Proceedings, Laih, C.-S., Ed., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 452-473.
[2] F. Bao and R. Deng, "Privacy protection for transactions of digital goods," in Information and communications security: Third international conference, icics 2001 xian, china, november 13–16, 2001 proceedings, Qing, S., Okamoto, T., and Zhou, J., Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2001, pp. 202-213.
[3] E. Bresson, O. Chevassut, and D. Pointcheval, "Provably secure authenticated group diffie-hellman key exchange," ACM Trans. Inf. Syst. Secur., vol. 10, p. 10, 2007.
[4] M. Burrows, M. Abadi, and R. Needham, "A logic of authentication," ACM Trans. Comput. Syst., vol. 8, pp. 18-36, 1990.
[5] L. Butty, "A simple logic for authentication protocol design," presented at the Proceedings of the 11th IEEE workshop on Computer Security Foundations, 1998.
[6] C. Cao, J. Ma, and S. Moon, "Provable efficient certificateless group key exchange protocol," Wuhan University Journal of Natural Sciences, vol. 12, pp. 41-45, 2007.
[7] L. Chen, Z. Cheng, and N. P. Smart, "Identity-based key agreement protocols from pairings," International Journal of Information Security, vol. 6, pp. 213-241, 2007.
[8] K. Y. Choi, J. Y. Hwang, and D. H. Lee, "Efficient id-based group key agreement with bilinear maps," in Public key cryptography – pkc 2004: 7th international workshop on theory and practice in public key cryptography, singapore, march 1-4, 2004. Proceedings, Bao, F., Deng, R., and Zhou, J., Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 130-144.
[9] W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Inf. Theor., vol. 22, pp. 644-654, 2006.
[10] R. Dutta and R. Barua, "Provably secure constant round contributory group key agreement in dynamic setting," IEEE Transactions on Information Theory, vol. 54, pp. 2007-2025, 2008.
[11] M. Geng, F. Zhang, and M. Gao, "A secure certificateless authenticated group key agreement protocol," in 2009 International Conference on Multimedia Information Networking and Security, 2009, pp. 342-346.
[12] X. Gu, J. Yang, J. Lan, and Z. Cao, "Huffman-based join-exit-tree scheme for contributory key management," Comput. Secur., vol. 28, pp. 29-39, 2009.
[13] D. He and Y. Chen, "An efficient certificateless authenticated key agreement protocol without bilinear pairings," arXiv preprint arXiv:1106.3898, 2011.
[14] S. Heo, Z. Kim, and K. Kim, "Certificateless authenticated group key agreement protocol for dynamic groups," in IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference, 2007, pp. 464-468.
[15] C.-L. Hsu and Y.-H. Chuang, "A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks," Information Sciences, vol. 179, pp. 422-429, 2/1/ 2009.
[16] J. Katz and M. Yung, "Scalable protocols for authenticated group key exchange," in Advances in cryptology - crypto 2003: 23rd annual international cryptology conference, santa barbara, california, USA, august 17-21, 2003. Proceedings, Boneh, D., Ed., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2003, pp. 110-125.
[17] H.-J. Kim, S.-M. Lee, and D. H. Lee, "Constant-round authenticated group key exchange for dynamic groups," in Advances in cryptology - asiacrypt 2004: 10th international conference on the theory and application of cryptology and information security, jeju island, korea, december 5-9, 2004. Proceedings, Lee, P. J., Ed., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2004, pp. 245-259.
[18] Y.-J. Kim, Y.-M. Kim, and Y.-J. Choe, "An efficient bilinear pairing-free certificateless two-party authenticated key agreement protocol in the eck model," arXiv preprint arXiv:1304.0383, 2013.
[19] Y. Kim, A. Perrig, and G. Tsudik, "Simple and fault-tolerant key agreement for dynamic collaborative groups," presented at the Proceedings of the 7th ACM conference on Computer and communications security, Athens, Greece, 2000.
[20] E. Konstantinou, "An efficient constant round id-based group key agreement protocol for ad hoc networks," in Network and system security: 7th international conference, nss 2013, madrid, spain, june 3-4, 2013. Proceedings, Lopez, J., Huang, X., and Sandhu, R., Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 563-574.
[21] A. Kumar and S. Tripathi, "A pairing free anonymous certificateless group key agreement protocol for dynamic group," Wireless Personal Communications, vol. 82, pp. 1027-1045, 2015.
[22] A. Kumar, S. Tripathi, and P. Jaiswal, "A pairing free certificateless group key agreement protocol with constant round," in Advanced computing, networking and informatics- volume 2: Wireless networks and security proceedings of the second international conference on advanced computing, networking and informatics (icacni-2014), Kumar Kundu, M., Mohapatra, P. D., Konar, A., and Chakraborty, A., Eds., ed Cham: Springer International Publishing, 2014, pp. 341-349.
[23] E. J. Lee, S. E. Lee, and K. Y. Yoo, "A certificateless authenticated group key agreement protocol providing forward secrecy," in Ubiquitous Multimedia Computing, 2008. UMC '08. International Symposium on, 2008, pp. 124-129.
[24] W. B. Lee and C. C. Chang, "User identification and key distribution maintaining anonymity for distributed computer networks," Computer Systems Science and Engineering, vol. 15, pp. 211-214, 2000.
[25] G. Lippold, C. Boyd, and J. Gonzalez Nieto, "Strongly secure certificateless key agreement," in Pairing-based cryptography – pairing 2009: Third international conference palo alto, ca, USA, august 12-14, 2009 proceedings, Shacham, H. and Waters, B., Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 206-230.
[26] C.-F. Lu, T.-C. Wu, and C.-L. Hsu, "Certificateless authenticated group key agreement scheme with privacy-preservation for resource-limited mobile devices," International Journal of Inovative Computing Information and Control, vol. 8, pp. 599-615, 2012.
[27] T. K. Mandt and C. H. Tan, "Certificateless authenticated two-party key agreement protocols," in Advances in computer science-asian 2006. Secure software and related issues, ed: Springer, 2006, pp. 37-44.
[28] K. Mangipudi and R. Katti, "A secure identification and key agreement protocol with user anonymity (sika)," Computers & Security, vol. 25, pp. 420-425, 9// 2006.
[29] Y. Mao, Y. Sun, M. Wu, and K. J. R. Liu, "Jet: Dynamic join-exit-tree amortization and scheduling for contributory key management," IEEE/ACM Trans. Netw., vol. 14, pp. 1128-1140, 2006.
[30] H. Mengbo and X. Qiuliang, "A two-party certificateless authenticated key agreement protocol without pairing," in Computer Science and Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference on, 2009, pp. 412-416.
[31] N. A. F. Mohamed, M. H. A. Hashim, E. B. M. Bashier, and M. E. H. Hassouna, "Fully-secure and efficient pairing-free certificateless authenticated key agreement protocol," in Internet Security (WorldCIS), 2012 World Congress on, 2012, pp. 167-172.
[32] H. Park, Z. Kim, and K. Kim, "Forward secure id-based group key agreement protocol with anonymity," in 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, pp. 274-279.
[33] K. C. Reddy and D. Nalla, "Identity based authenticated group key agreement protocol," in Progress in cryptology — indocrypt 2002: Third international conference on cryptology in india hyderabad, india, december 16–18, 2002 proceedings, Menezes, A. and Sarkar, P., Eds., ed Berlin, Heidelberg: Springer Berlin Heidelberg, 2002, pp. 215-233.
[34] J. Teng and C. Wu, "A provable authenticated certificateless group key agreement with constant rounds," Journal of Communications and Networks, vol. 14, pp. 104-110, 2012.
[35] W. Trappe, W. Yuke, and K. J. R. Liu, "Resource-aware conference key establishment for heterogeneous networks," IEEE/ACM Transactions on Networking, vol. 13, pp. 134-146, 2005.
[36] J. L. Tsai, "A new efficient certificateless short signature scheme using bilinear pairings," IEEE Systems Journal, vol. PP, pp. 1-8, 2015.
[37] Z. Wan, K. Ren, W. Lou, and B. Preneel, "Anonymous id-based group key agreement for wireless networks," in 2008 IEEE Wireless Communications and Networking Conference, 2008, pp. 2615-2620.
[38] G. Xiaozhuo, X. Taizhong, Z. Weihua, and W. Yongming, "A pairing-free certificateless authenticated group key agreement protocol," in High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014 IEEE Intl Conf on, 2014, pp. 510-513.
[39] L. Xie and M. He, "A dynamic id-based authenticated group key exchange protocol without pairings," Wuhan University Journal of Natural Sciences, vol. 15, pp. 255-260, 2010.
[40] Y. Yang, S. Wang, F. Bao, J. Wang, and R. H. Deng, "New efficient user identification and key distribution scheme providing enhanced security," Computers & Security, vol. 23, pp. 697-704, 12// 2004.
[41] G. Yao and D. Feng, "A complete anonymous group key agreement protocol," in Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on, 2010, pp. 357-360.