具鑑別性之群體金鑰協議(authenticated group key agreement)可以確保通訊個體在開放式的網路中通訊之安全性，如通訊機密性(confidentiality)、資料完整性(data integrity)、身分鑑別性(identity authentication)。避免惡意的攻擊者所使出的竊聽(eavesdropping)、竄改(modification)或假冒(impersonator)之行為。具匿名性(anonymity)之群體鑑別金鑰協議除了可提供通訊個體建立安全的通訊管道之外，同時也可達到保護隱私(privacy)的目的。2008年，Wan等人提出第一個具匿名性之群體鑑別金鑰協議協定[WRL08]，但其方法有清單管理的疑慮的存在與未達到完全匿名性。本論文所提出的方法不需要管理清單且達到完全匿名性，同時也滿足金鑰協議協定的安全目標與安全需求，如內隱之金鑰驗證(implicit key authentication)、外顯之金鑰驗證(explicit key authentication)、已知金鑰安全(known key security)、完美前推安全(perfect forward secrecy)、可抵抗金鑰遺失假冒攻擊(key-compromise impersonation)、可抵抗控制金鑰攻擊(key control)、不知分享金鑰攻擊(unknown key-share)以及可抵抗合法通訊個體之欺騙。

An authenticated group key agreement ensure that entity communicates with each other secure from open channel. It privades some security of properties, such as confidentiality of communication, data integrity and identity authentication. It can also avoid eavesdropping, modification or impersonator attack. An group authenticated key agreement with anonymity provides entities with not only a secure channel but also defence of privacy. In 2008, Wan et al. proposed the first group authenticated key agreement with anonymity protocol. The proposed scheme needs to manage the list of true name and pseudonym. And it doesn’t achieve complete anonymity. In this paper, we propose a group authenticated key agreement with anonymity. The proposed mechanism satisfies some properties, such as complete anonymity, implicit key authentication, explicit key authentication, known key security, perfect forward secrecy, key-compromise impersonation, no key control, unknown key-share and legal cheating.

[AST00] G. Ateniese, M. Steniner and G. Tsudik, “New multiparty authentication services and key agreement protocols”, IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, 2000, pp. 628-639.
[AST98] G. Ateniese, M. Steiner and G. Tsudik, “Authenticated group key agreement and friends,” ACM Conference on Computer and Communications Security, 1998, pp.17-26.
[BCE04] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval, “Mutual authentication and group key agreement for low-power mobile devices,” Computer Communications, Vol. 27, No. 17, 2004, pp. 1730-1737.
[BCP01] E. Bresson, O. Chevassut and D.Pointcheval, “Provably authenticated group Diffie-Hellman key exchange – the dynamic case”, Advances in Cryptology: ASIACRYPT 2001, Springer-Verlag, 2001, pp. 290-309.
[BCP02] E. Bresson, O. Chevassut and D.Pointcheval, “Dynamic group Diffie-Hellman key exchange under standard assumptions”, Advances in Cryptology: ASIACRYPT 2002.
[BCPQ01] E. Bresson, O. Chevassut, D.Pointcheval and J. J. Quisquater, “Provably authenticated group Diffie-Hellman key exchange”, Proceedings of 8th ACM Conference on Computer and Communications Security: CCS2001, Philadelphia, Pennsylvania, 2001, pp 255-264.
[BD94] M. Burmester and Y. Desmedt, “A secure and efficient conference key distribution system,” Advances in Cryptology – Eurocrypt’94, LNCS 950, 1994, pp. 275-286.
[BM98] S. Blake-Wilson and A. Menezes, “Authenticated Diffie-Hellman key agreement protocols”, Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography: SAC’98, Springer-Verlag, 1998, pp.339-361.
[BPR00] M. Bellare , D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, Advances in Cryptology: EUROCRYPT 2000, Springer-Verlag, 2000, pp.139-155.
[CC07] S. S. M. Chow and K. K. R. Choo, “Strongly-Secure Identity-Based Key Agreement and Anonymous Extension,” Information Security, LNCS 4779, 2007, pp. 203-220.
[Chi07] H. Y. Chien, “ID-Based Key Agreement with Anonymity for Ad HocNetworks,” International Federation for Information Processing, LNCS 4808, 2007, pp. 333-345.
[CWH00] Y. S. Chang, T. C. Wu and S. J. Hwang, “ElGamal-like signature and multisignature schemes using self-certified public keys,” The Journal of Systems and Software, Vol. 50, No. 2, 2000, pp. 99-105.
[DH76] W. Diffie and M. E. Hellman, “New directions in Cryptography”, IEEE Transaction On Information Theory, Vol. IT-22, No.6, 1976, pp.644-654
[DOW92] W. Diffie, P. C. V. Oorschot and M. J. Wiener, “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, Springer-Verlag, 1992, pp.107-125.
[ElG85] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Transactions on Information Theory, Vol. IT-31, No. 4, pp. 469-472, 1985.
[FIPS 46] FIPS PUB 46, “Data Encryption Standard”, National Bureau of Standards, U. S. Department of Commerce, 1977.
[FR01] B. Feng and H. D. Robert, “Privacy Protection for Transactions of Digital Goods,” Proceedings of the Third International Conference on Information and Communications Security, LNCS 2229, 2001, pp. 202-213.
[Har94] L. Harn, “New digital signature scheme based on discrete logarithm”, Electronics Letters, Vol. 30, No. 5, 1994, pp. 396-398.
[HMV93] G. Harper, A. Menezes and S. Vanstone, “Public-Key Cryptosystems with Very Small Key Lengths,” Advances in Cryptology – EUROCRYPT’ 92, LNCS 658, 1993, pp. 163-173.
[HX94] L. Harn and Y. Xu, “Design of generalised ElGamal type digital signature schemes basedon discrete logarithm”, Electronics Letters, Vol. 30, No. 24, 1994, pp. 2025-2026.
[IEEE 1363] IEEE 1363 Working Group, “IEEE P1363 standard specifications for public key cryptography”.
[ITW82] I. Ingemarsson, D. Tang and C. Wong, “A conference key distribution system,” IEEE Transactions on Information Theory, Vol.28, No.5, 1982, pp. 714-720.
[Jou04] A. Joux, “A one round protocol for tripartite Diffie-Hellman,” Journal of Cryptology, Vol.17, No.4, 2004, pp.263-276.
[JV96] M. Just and S. Vaudenay, “Authenticated multi-party key agreement”, Advances in Cryptology: ASIACRYPT ’96, Springer-Verlag, 1996, pp. 36-49.
[Kob85] Koblitz N., “Elliptic curve cryptosystems”, Mathematics of Computation, Vol. 48, No.177, 1985, pp. 203-209.
[KRC05] M. H. Kang, H. B. Ryou and W. C. Choi, “Design of Anonymity-Preserving User Authentication and Key Agreement Protocol for Ubiquitous Computing Environments,” Internet and Network Economicsg, LNCS 3828, 2005, pp. 491-499.
[KRI05]
W. H. Kim, E. K. Ryu, J. Y. Im and K. Y. Yoo, “New conference key agreement protocol with user anonymity,” Computer Standards & Interfaces, 27, 2005 pp.185–190.
[KY03] J. Katz and M. Yung, “Scalable Protocols for Authenticated Group Key Exchange,” Advances in Cryptology – CRYPTO’03, LNCS 2729, 2003, pp. 110-125.
[MB05] N. McCullagh and P. S. L. M. Barreto, “A new two-party identity-based authenticated key agreement,” CT-RSA, LNCS 3376, 2005, pp.262-274.
[Mil85] Miller V., “Uses of elliptic curves in cryptography”, Advances in Cryptology - CRYPTO'85, 1985, pp. 417-426.
[MK06] K. Mangipudi1 and R. Katti “A Secure Identification and Key agreement protocol with user Anonymity (SIKA),” Computers & Security, Vol.25, No.6, 2006, pp.420-425.
[MOI90] S. Miyaguchi, K. Ohta, and M. Iwata, “128-bit hash function (N-Hash)”, Proceedings of SECURICOM ’90, pp. 127-137, 1990.
[MOV96] A. J. Menezes, P. C. V. Oorschot, and S. A. Vanstone, “Handbook of applied cryptography,” CRC Press, 1996.
[NIST 180] NIST, Fed. Inf. Proc. Standards, “Secure Hash Standard,” Pub.180, May 1993.
[NKW05] J. Nam, S. Kim and D. Won “A weakness in the Bresson-Chevassut-Essiari-Pointcheval’s group key agreement scheme for low-power mobile devices,” IEEE Communications Letters, Vol. 9, No. 5, 2005, pp. 429-431.
[NLK05] J. Nam, J. Lee, S. Kim and D. Won “DDH-based group key agreement protocols for mobile environment,” The Journal of System and Software, 78, 2005, pp. 73-83.
[OTO05] T. Okamoto, R. Tso and E. Okamoto, “One-Way and Two-Party Authenticated ID-Based Key Agreement Protocols Using Pairing,” Modeling Decisions for Artificial Intelligence, LNCS 3558, 2005, pp.122-133.
[PH97] H. Petersen and P. Horster, “Self-certified keys concepts and applications”, Proceeding of Communications and Multimedia Security’97, 1997, pp.102-116.
[RFC 1321] R.L. Rivest, “The MD5 message digest algorithm”, Request for comment RFC1321, 1992
[RSA78] R.L. Rivest, A. Shamir and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystem”, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120-126.
[Sch96] B. Schneier, “Applied Cryptography,” Second Edition, John Wiley & Sons, 1996
[Sha84] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes”, Advances in Cryptology – CRYPTO’84, Springer-Verlag, 1984, pp.47-53.
[STW00] M. Steniner, G. Tsudik and M. Waidner, “ Key agreement in dynamic peer groups”, IEEE Transaction on Parallel and Distributed Systems, Vol. 11, No. 8, 2000, pp. 769-780.
[STW97] M. Steniner, G. Tsudik and M. Waidner, “ CLIQUES: A new approach to group key agreement”, Technical Report RZ 2984, IBM Research, December 1997.
[Tse07] Y. M. Tseng, “A secure authenticated group key agreement protocol for resource-limited mobile devices,” The Computer Journal, Vol. 50, No. 1, 2007.
[WJW07] R. C. Wang; W. S. Juang; C. C. Wu and C. L. Lei, “A lightweight key agreement protocol with user anonymity in ubiquitous computing environments,” Multimedia and Ubiquitous Engineering, Vol.26, No.28, 2007, pp. 313-318.
[WRL08] Z. Wan, K. Ren, W. Lou and B. Preneel, “Anonymous ID-based Group Key Agreement for Wireless Networks,” Wireless Communications and Networking Conference , 2008, pp. 2615-2620.
[Wu97] T. C. Wu, “Conference key distribution system with user anonymity based on algebraic approach”, IEE Proceedings Computers and Digital Techniques, Vol. 14, No. 2, 1997, pp. 145-148.