隨著網際網路、行動與無線通信的蓬勃發展，對網路安全的需求亦日益增加，無論在網路上的電子交易或資訊的安全問題，莫不期望更具效率的公開金錀系統。公開金錀系統又名非對稱加密系統，在公開金錀加密系統之中，橢圓曲線密碼以較小的金鑰長度達成相同的安全強度，受到廣泛的重視與期盼，橢圓曲線密碼系統的優點是其被廣泛應用於智慧卡、無線/行動通信之重要因素。在本文中，我們嘗試以橢圓曲線密碼與橢圓曲線的雙線性配對特性，設計出一些機制與方法並將其應用在身分鑑別與群體安全通信上，以因應網路、通信與資訊在安全要求上的提昇，我們涉及的主題主要有下列四項：遠端身分鑑別、群體導向存取控制系統、金鑰處理及無線/行動通信上的身分匿名。
在遠端身分鑑別方面，我們提出允許使者自由選定及修改其通行碼，以達人性化的目的；而在開放分散式系統的環境下，若各遠端主機擁有金鑰資訊中心的機密以對使用者作身分鑑別，此將危害整個系統，基於橢圓曲線密碼、橢圓曲線雙線性配對與智慧卡，我們提出適合開放分散式系統的遠端身分鑑別方法，以提高遠端身分鑑別的適應性。其次，我們擴展橢圓曲線密碼的存取控制系統，融合機密分享、欺騙偵測及欺騙者辨認，提出基於橢圓曲線密碼的群體導向存取控制系統，此方法可應用於群體導向控制之機密性門禁管制，如金庫、主控室等。在金鑰處理方面，我們的研究主題先是放在安全群播，當群播成員加入或離開，群播的金鑰需加以更新，在我們提出的安全群播裏，其所必需更新的金鑰只限於加入者/離開者所屬的子群，此特性提昇了安全群播的可擴充性。此外，基於相同的理念，我們將之應用於所提出基於橢圓曲線雙線性配對之同儕通信身分鑑別的群體金鑰協議，其群體金鑰的更新只需金鑰路徑上的金鑰要更新而已，使其較具效率。最後述及的主題是無線／行動通信的匿名問題，我們以橢圓曲線密碼、橢圓曲線雙線性配對及具時戳的身分鑑別來提昇匿名服務的效率。
本論文中，我們提出有關身分鑑別及群體安全通信的方法皆基於橢圓曲線密碼與橢圓曲線的雙線性配對特性，而其所具的特色與優點，不僅歸因於橢圓曲線密碼，同時也歸因於所提之方法本身。

With the explosion of the Internet as well as the wireless and mobile communications, it faces a growing need for security. Both for secure web transaction and for secure messaging, an efficient public key system is required. The Elliptic Curve Cryptography delivers the highest security strength per bit of key in any known public key system. It well suits to the applications such as the smart card systems and the wireless/mobile communications. In this thesis, we apply the ECC and the bilinear pairings on elliptic curve to the authentication and the group secure communications. The body of this thesis is divided into four main topics, i.e., remote authentication, group oriented access, key management and anonymous issue in wireless/mobile communications.
On the remote authentication, we first propose a scheme that allows the users to choose and change their passwords freely to achieve the aim of the user-friendly. In open distributed system, we sense that if the distributed remote hosts require and possess the knowledge of the secret of the key information center to authenticate the users, it will crack the system easily. Then, we propose a remote authentication scheme with smart card for open distributed system and it enhances the flexibility of remote authentication scheme. Next, extending ECC based access schemes, we merge shared-secret scheme, cheating detection and cheater identification, and propose an ECC-based group-oriented smart card access scheme. It could be applied to group oriented access for some confidential places. On the key management, we first propose a key management mechanism for the secure multicast. When members join or leave a group, the key renewing will be confined to a local subgroup. That is, only the members in the same subgroup need to renew the subgroup key. This property improves the scalability of secure multicast. The proposed scheme is endowed with the authentication for the transmitted message and the sender. In addition, we extend the similar concept to the key agreement for peer group communication. Our key agreement scheme is endowed with the authentication from pairings. The key renewing is much efficient because it is only confined to the keys of the key-path. At last, on the anonymous issue in wireless/mobile communications, we employ the concept of elliptic curve cryptography as well as the timestamp-based authentication, and promote the efficiency of the anonymous channel service in wireless communication.
Finally, the proposed schemes are based on the Elliptic Curve Cryptosystem and the pairings on elliptic curve. The advantages of our schemes result from not only the Elliptic Curve Cryptosystem but also the schemes themselves.

[AC99] Giuseppe Ateniese, Oliver Chevassut, “The Design of a Group Agreement API,” Proceedings of DRAPA Information Survivability Conference and Exposition, Vol. 1, pp. 115-126, 1999.
[AST00] Giuseppe Ateniese, “Michael Steiner and Gene Tsudik, New multiparty Authentication Services and Key Agreement Protocols,” IEEE Journal on Selected Area in Communications, Vol. 18, No. 4, pp. 628-639, April 2000.
[Ba96] A. Ballardie, Scalable multicast key distribution, FRC 1949, May 1996.
[BF01] Dan Boneh, Matthew Franklin, “Identity-Based Encryption from the Weil Pairing,” Advances in Cryptology – CRYPTO 2001, Springer- Verlag, pp. 312-229, 2001.
[BKLS02] P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott, “Efficient algorithms for pairing-based cryptosystems, Advances in Cryptology-Crypto 2002, LNCS 2442, pp.354-368, Springer-Verlag, 2002.
[BLS01] Dan Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” Advances in Cryptology – ASIACRYPT ‘01, LNCS 2248, Springer- Verlag, pp. 514-532, 2001.
[Br89] Brickell, E. F, “Some ideal secret sharing schemes,” J. Combinatorial Mathematics Combinatorial Computing, Vol.6, pp.105-113, 1989.
[CC89] Guang-Huei Chiou and Wen-Tsuen Chen, “Secure Broadcasting Using the Secure Lock,” IEEE Transaction on Software Engineering, Vol.15, No.8, 929-934, 1989.
[CCS00] G. Chaddoud, I. Chrisment, and A. Schaff, “Secure Multicast Survey,” Proceedings of 16th Word Computer Congress 2000, Beijing, China, pp.49-56, 2000.
[CDR99] Willian J Caelli, Edward P Dawson and Scott A Rea, “PKI, elliptic curve cryptography, and digital signatures,” Computers & Security, Vol. 18, No. 1,pp. 47-66, 1999.
[Ch81] D. Chaum, “Untraceable electronic mail, return addresses, and digital pseudonyms,” Commun. ACM, vol.24, no.2, pp. 84-88, 1981.
[CH93] Chang, C. C. and S. J. Hwang, “Using smart cards to authenticate remote passwords,” Computers and Mathematical Applications, Vol. 26, No.7, pp.19-27, 1993.
[CJT02] Hung-Yu Chien, Jinn-Ke Jan and Yuh-Min Tseng, “An efficient and practical solution to remote authentication: smart card,” Computers & Security, Vol.21, No.4, pp.372-375, 2002.
[CL93] C. C. Chang, H. C. Lee, “A new generalized group-oriented cryptoscheme without trusted centers,” IEEE Journal on Selected Areas in Communication, Vol.11, No.5, pp. 725-729, 1993.
[CW91] Chang, C. C. and T. C. Wu, “Remote password authentication with smart cards,” IEE Proceeding-E, Vol. 138, No.3, pp.165-168, 1991.
[DH76] W. Diffie, and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. on Information Theory, vol. 22, no. 6, pp. 644-654, 1976.
[GHS02] Steven D. Galbraith, Keith Harrison and David Soldera, “Implementing the Tate Pairing,” Proceedings of the 5th International Symposium on Algorithmic Number Theory, ANTS-V, Sydney, Australia, pp. 324-337, July 7-12, 2002.
[GW94] Gerald, C. F. and P. O. Wheatley, “Applied numerical analysis,” Harlow, UK: Addison – Wesley, 1994.
[Ha93] Harn, L., “Digital signature with (t, n) shared verification based on discrete logarithms,” Electronic Lett., 29, (24), pp. 2094-2095, 1993.
[HC98] Thomas Hardjono and Brad Cain, “Secure and Scalable Inter-Domain Group Key management for N-to-N Multicast,” Proceedings of 1998 International Conference on Parallel and Distributed Systems, pp. 478-485, 1998.
[HL00] Min-Shiang Hwang and Li-Hua Li, “A new remote user authentication scheme using cards,” IEEE Trans. on Consumer Electronics, Vol.46, pp.28-30, February, 2000.
[HM97a] H. Harney and C. Muckenhirn, “Group key management protocol (gkmp) architecture,” RFC 2093, July 1997.
[HM97b] H. Harney and C. Muckenhirn, “Group key management protocol (gkmp) specification,” RFC 2093, July 1997.
[HMP95] Hoster, P., Michels, M., and Peterson, H., “Comment: Digital signature with (t, n) shared verification based on discrete logarithms,” Electronic Lett., 31, (14), pp. 1137, 1995.
[Hw92] T. Hwang, “Protocols for group oriented secret sharing,” Information Processing Letters 42 (4), pp. 179-182, 1992.
[HW98] Hsu, C.L., Wu, T.-C. , “Authenticated encryption scheme with (t, n) shared verification,” IEE Proc. -Comput. Digit. Tech., Vol.145, No.2, pp. 117-120, 1998.
[JL01] Jinn-Ke Jan and Whe-Der Lin, “An efficient anonymous channel protocol in wireless communications,” IEICE Trans. Commun., vol.E84-B, no.3, pp. 484-491, 2001.
[JLC99] W.-S. Juang, C.-L. Lei, C.-Y. Chang, “Anonymous channel and authentication in wireless communications,” Computer Communications, vol.22, pp. 1502-1511, 1999.
[IEEE00] P1363 Working Group IEEE, IEEE P1363, standard specifications for public key cryptography, 2000.
[Ko87] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computat., Vol.48, pp.203-209, 1987.
[KPT00] Y. Kim, A. Perrig, and G. Tsudik, “Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups,” Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 235-244, November 2000.
[La81] Lamport, L., “Password authentication with insecure communication,” Communication of ACM, Vol.24, pp.770-772, 1981.
[La04] Kristin Lauter, “The advantages of elliptic curve cryptography for wireless security,” IEEE Wireless Communications, pp. 62-67, February 2004.
[LC95] Lee, W.B., and Chang, C.C., “Comment: Digital signature with (t, n) shared verification based on discrete logarithms,” Electronic Lett., Vol.31, No.3, pp. 176-177, 1995.
[LHY02] Cheng-Chi Lee, Min-Shiang Hwang, and Wei-Pang Yang, “A Flexible Remote Authentication Scheme Using Smart Cards,” ACM Operating Systems Review, Vol.36, No.3, pp. 46-52, 2002.
[LJ01] Whe-Der Lin, Jinn-Ke Jan, “A wireless-based authentication and anonymous channels for large scale area,” in Sixth IEEE Symposium on Computers and Communications (ISCC’01), 3-5 July, Tunisia, pp. 36-41, 2001.
[LKKR03] Sangwon Lee, Yongdae Kim, Kwangjo Kim and Dae-Hyun Ryu, “An Efficient Tree-Based Group Key Agreement Using Bilinear Map,” ACNS 2003, pp.357-371, 2003.
[LT00] Leong, P. C. and E. C. Tan, “Implement of smart-card access control with threshold scheme,” Int. J. Electronics, Vol.87, No.6, pp.649-657, 2000.
[LWSCC01] Liu, Joseph K., Vivtor K. Wei, C. Siu, Roy L. Chan, T. Choi, “Multi-application smart card with elliptic curve cryptosystem certificate,” EUROCON’2001, International Conference on Trends in Communications, No.2, pp.381-384, 2001.
[MEE01] Monhammed, Elsayed, A. E. Emarah and Kh. El-shennawy, “Elliptic curve cryptosystems on smart card,” 2001 IEEE 35th International Carnahan Conference on Security Technology, pp.213-222, 2001.
[Mi86] V.S. Miller, “Use of Ellptic Curves in Cryptography,” Advances in Cryptology-Crypto’85, LNCS 218, Springer-Verlag, pp. 417-426, 1986.
[NR93] Nyberg, K., and Rueppel, R. A., “A new signature scheme based on the DSA given message recovery,” Proceeding of 1st ACM Conference on Computer and Communications Security, Fairfax, pp.58-61, 1993.
[OA96] R. Oppliger and A. Albanese, “Distributed registration and key distribution (DiRK),” Proceedings of the 12th international Conference on Information Security (IFIP SEC ’96), Island of Samos (Greece), Chapman & Hall, Landon, pp. 199-208, May 21-24, 1996.
[OBA96] R. Oppliger, M. Bracher, and A. Albanese, “Distributed Registration and Key Distribution for Online Universities,” Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS ’96), Chapman & Hall, Essen (Germany), 23-24, 1996.
[OT89] Okamoto, E., and K. Tanka, “Identity-based information security managements system for personal computer networks,” IEEE Journal on Selected Areas in Communications, Vol.7, No.2, pp. 290-294, 1989.
[Pe99] A. Perrig, “Efficient Collaborative Key Management Protocols for Secure Autonomous Group Communications,” International Workshop on Cryptographic Techniques and E-Commerce, 1999.
[PIK93] C. Park, K. Itoh, K. Kurosawa, “Efficient anonymous channel and all/nothing election scheme,” Advances in Cryptology: Proc. EuroCrypt’93, Lecture Notes in Computer Science, vol. 765, Springer, Berlin, pp. 248-259, 1993.
[PS98] G. Poupard and J. Stern, “A practical and provably secure design for on the fly authentication and signature generation,” Advances in Cryptology – EUROCRYPY’98, LNCS 1043, Springer, pp. 422-436, 1998.
[RSA78] R. Rivest, A. Shamir and L. Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of the ACM, 1978.
[Sh79] Shamir, A., “How to share a secret,” Communications of the Association for Computing Machinery, vol.22, pp.612-613, 1979.
[Sh84] A. Shamir, “Identity-based cryptosystem and signature scheme, in Proc.Crypto-84, Santa Barbara, CA, pp. 47-53, 1984.
[Sm02] N.P. Smart, “Identity-based Authenticated Key Agreement Protocol Based on Weil Pairing, ” Electronic Letter, Vol.38, No.13, pp. 630-632, 2002.
[SMA95] D. Samfat, R. Molva, N. Asokan, “Untraceablity in mobile networks, ” Proc. First ACM international Conference on Mobile Computing and Network, pp. 26-36, November 1995.
[SOK00] Sakai R., K. Ohgishi and M. Kasahara, “Cryptosystems Based on Pairing, In the 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26-28, 2000.
[Su00] Hung-Min Sun, “An efficient remote use authentication scheme using smart card, ” IEEE Transactions on Consumer Electronics, Vol. 46, pp.958-961, November, 2000.
[St03] Stallings, William, Cryptography and Network Security: Principles and Practice, third Edition, Prentice-Hall, Inc. 2003.
[STW00] Michael Steiner, Gene Tsudik and Michael Waidner, “Key Agreement in Dynamic Peer Groups,” IEEE Trans. on Parallel and Distributed Systems, vol. 11, nNo. 8, pp. 769-780, August 2000.
[SYS97] S. P. Shieh, W. H. Yang, and H. M. Sun, “An authentication protocol without trusted party,” IEEE Commun. ACM, vol. 21, pp. 120-126, 1997.
[TIK78] Tsujii, S., T. Ihto, and K. Kurosawa, “ID-based cryptosystem using discrete logarithm problem,” Electronics Letters, Vol. 23, pp. 1318-1320, 1978.
[TW88] Tompa, M., H. Woll, “How to sharing a secret with cheaters,” J. Crytol., vol.1, no.2 , pp.133-138, 1988.
[WC04] Shyi-Tsong Wu and Bin-Chang Chieu, “A Note on a User Friendly Remote Authentication Scheme with Smart Cards,” IEICE Trans. Fundamentals, vol. E87-A, no.8, pp.2180-2181, 2004.
[WGL98] C. K. Wang, M. Gouda and S. S. Lam, “Secure Group Communications Using Key Graphs,” Proceedings of ACM SIGCOMM’98, pp.68-79, 1998.
[WGL00] Chung Kei Wong, Mohamed Gouda and Simon S. Lam, “Secure Group Communications Using Key Graphs,” IEEE Trans. on Networking, Vol. 8, No. 1, pp. 16-30, Feb. 2000.
[WRLT00] Kuen-Pin Wu, Shanq-Jang Ruan, Feipei Lai, Chih-Kuang Tseng, “On Key Distribution in Secure Multicasting,” Proceedings of the 25th Annual IEEE Conference on Local Computer Network, LCN2000, 208-212, 2000.
[WW95] Wu, T.-C. and T.-S. Wu, “Cheating detection and cheater identification in secret sharing schemes,” IEE Proc.-Comput. Digit. Tech., Vol.142, No.5, pp.367-369, 1995.
[Yen98] S. M. Yen, “Cryptanalysis of an authentication and key distribution protocol,” IEEE Commun. Letters, Vol. 3, No. 1, 1998.
[YS99] Wen-Her Yang and Shiuh-Pyng Shieh, “Password Authentication Scheme with Smart Cards,” Computers & Security, Vol.18, No.8, pp.727-733, 1999.