Basic Search / Detailed Display

Author: 洪谷官
Ku-kuan Hung
Thesis Title: 具匿名性之群體鑑別金鑰協議協定
Group Authenticated Key Agreement Protocol with Anonymity
Advisor: 吳宗成
Tzong-chen Wu
Committee: 查士朝
Shi-cho Cha
何煒華
Wei-hua He
Degree: 碩士
Master
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2008
Graduation Academic Year: 96
Language: 中文
Pages: 76
Keywords (in Chinese): 橢圓曲線自我驗證匿名性群體金鑰協議
Keywords (in other languages): elliptic curve, self-certified, anonymity, group key agreement
Reference times: Clicks: 365Downloads: 5
Share:
School Collection Retrieve National Library Collection Retrieve Error Report

具鑑別性之群體金鑰協議(authenticated group key agreement)可以確保通訊個體在開放式的網路中通訊之安全性,如通訊機密性(confidentiality)、資料完整性(data integrity)、身分鑑別性(identity authentication)。避免惡意的攻擊者所使出的竊聽(eavesdropping)、竄改(modification)或假冒(impersonator)之行為。具匿名性(anonymity)之群體鑑別金鑰協議除了可提供通訊個體建立安全的通訊管道之外,同時也可達到保護隱私(privacy)的目的。2008年,Wan等人提出第一個具匿名性之群體鑑別金鑰協議協定[WRL08],但其方法有清單管理的疑慮的存在與未達到完全匿名性。本論文所提出的方法不需要管理清單且達到完全匿名性,同時也滿足金鑰協議協定的安全目標與安全需求,如內隱之金鑰驗證(implicit key authentication)、外顯之金鑰驗證(explicit key authentication)、已知金鑰安全(known key security)、完美前推安全(perfect forward secrecy)、可抵抗金鑰遺失假冒攻擊(key-compromise impersonation)、可抵抗控制金鑰攻擊(key control)、不知分享金鑰攻擊(unknown key-share)以及可抵抗合法通訊個體之欺騙。


An authenticated group key agreement ensure that entity communicates with each other secure from open channel. It privades some security of properties, such as confidentiality of communication, data integrity and identity authentication. It can also avoid eavesdropping, modification or impersonator attack. An group authenticated key agreement with anonymity provides entities with not only a secure channel but also defence of privacy. In 2008, Wan et al. proposed the first group authenticated key agreement with anonymity protocol. The proposed scheme needs to manage the list of true name and pseudonym. And it doesn’t achieve complete anonymity. In this paper, we propose a group authenticated key agreement with anonymity. The proposed mechanism satisfies some properties, such as complete anonymity, implicit key authentication, explicit key authentication, known key security, perfect forward secrecy, key-compromise impersonation, no key control, unknown key-share and legal cheating.

中文摘要 I 英文摘要 II 誌謝 III 目錄 IV 圖目錄 VII 表目錄 VIII 第一章 緒論 1 1.1 研究背景與動機 2 1.2 研究目的 6 1.3 論文架構 10 第二章 相關研究文獻探討 11 2.1橢圓曲線密碼系統 11 2.2 Petersen等人所提出之自我驗證密碼系統 13 2.2.1系統符號定義 14 2.2.2系統設置階段 14 2.2.3金鑰發佈階段 15 2.3 Diffie-Hellman金鑰交換協議 16 2.4 Katz與Yung之群體金鑰協議 18 2.4.1系統符號定義 18 2.4.2金鑰協議階段 19 第三章 我們所提出的方法 21 3.1符號定義與系統模型 22 3.2系統設置階段 24 3.3系統註冊階段 25 3.4兩方通訊個體參與之金鑰協議階段 27 3.5多方通訊個體參與之金鑰協議階段 30 3.5.1金鑰協議階段 31 3.5.2新成員加入之交談金鑰更新階段-Un+1加入 36 3.5.3舊成員離開之交談金鑰更新階段-Ui離開 39 3.6金鑰協議階段-以四位通訊個體為例 41 3.6.1金鑰協議階段 42 3.6.2新成員加入之交談金鑰更新階段-U5加入 43 3.6.3舊成員離開之交談金鑰更新階段-U3離開 46 第四章 安全與效率分析 49 4.1安全分析 49 4.2效率分析 56 第五章 結論與未來研究方向 60 參考文獻 61 附錄A 重要名詞之英、中文對照表 65 圖目錄 圖2.1 橢圓曲線之圖形 12 圖2.2 橢圓曲線之運算 12 圖2.3 Petersen等人提出的方法之金鑰發佈階段 16 圖2.4 Diffie-Hellman金鑰交換協議 18 圖2.5 Katz與Yung的方法之金鑰協議階段 20 圖3.1系統模型-系統註冊階段 24 圖3.2系統模型-金鑰協議階段 24 圖3.3系統註冊階段 27 圖3.4兩方通訊個體參與之金鑰協議 30 圖3.5多方通訊個體參與之金鑰協議階段 35 圖3.6新成員加入之交談金鑰更新階段-Un+1加入 38 圖3.7舊成員離開之交談金鑰更新階段-Ui離開 41 圖3.8金鑰協議階段-以四位通訊個體為例 43 圖3.9新成員加入之交談金鑰更新階段-U5加入 46 圖3.10舊成員離開之交談金鑰更新階段-U3離開 48 表目錄 表4.1系統各角色在各階段的計算複雜度 57 表4.2通訊個體在兩方金鑰協議階段的計算複雜度 57 表4.3.1通訊個體在多方金鑰協議階段的計算複雜度 57 表4.3.2通訊個體在多方金鑰協議之成員加入階段的計算複雜度 58 表4.3.3通訊個體在多方金鑰協議之成員離開階段的計算複雜度 58 表4.4系統各階段之資料傳輸量 59

[AST00] G. Ateniese, M. Steniner and G. Tsudik, “New multiparty authentication services and key agreement protocols”, IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, 2000, pp. 628-639.
[AST98] G. Ateniese, M. Steiner and G. Tsudik, “Authenticated group key agreement and friends,” ACM Conference on Computer and Communications Security, 1998, pp.17-26.
[BCE04] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval, “Mutual authentication and group key agreement for low-power mobile devices,” Computer Communications, Vol. 27, No. 17, 2004, pp. 1730-1737.
[BCP01] E. Bresson, O. Chevassut and D.Pointcheval, “Provably authenticated group Diffie-Hellman key exchange – the dynamic case”, Advances in Cryptology: ASIACRYPT 2001, Springer-Verlag, 2001, pp. 290-309.
[BCP02] E. Bresson, O. Chevassut and D.Pointcheval, “Dynamic group Diffie-Hellman key exchange under standard assumptions”, Advances in Cryptology: ASIACRYPT 2002.
[BCPQ01] E. Bresson, O. Chevassut, D.Pointcheval and J. J. Quisquater, “Provably authenticated group Diffie-Hellman key exchange”, Proceedings of 8th ACM Conference on Computer and Communications Security: CCS2001, Philadelphia, Pennsylvania, 2001, pp 255-264.
[BD94] M. Burmester and Y. Desmedt, “A secure and efficient conference key distribution system,” Advances in Cryptology – Eurocrypt’94, LNCS 950, 1994, pp. 275-286.
[BM98] S. Blake-Wilson and A. Menezes, “Authenticated Diffie-Hellman key agreement protocols”, Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography: SAC’98, Springer-Verlag, 1998, pp.339-361.
[BPR00] M. Bellare , D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, Advances in Cryptology: EUROCRYPT 2000, Springer-Verlag, 2000, pp.139-155.
[CC07] S. S. M. Chow and K. K. R. Choo, “Strongly-Secure Identity-Based Key Agreement and Anonymous Extension,” Information Security, LNCS 4779, 2007, pp. 203-220.
[Chi07] H. Y. Chien, “ID-Based Key Agreement with Anonymity for Ad HocNetworks,” International Federation for Information Processing, LNCS 4808, 2007, pp. 333-345.
[CWH00] Y. S. Chang, T. C. Wu and S. J. Hwang, “ElGamal-like signature and multisignature schemes using self-certified public keys,” The Journal of Systems and Software, Vol. 50, No. 2, 2000, pp. 99-105.
[DH76] W. Diffie and M. E. Hellman, “New directions in Cryptography”, IEEE Transaction On Information Theory, Vol. IT-22, No.6, 1976, pp.644-654
[DOW92] W. Diffie, P. C. V. Oorschot and M. J. Wiener, “Authentication and Authenticated Key Exchanges”, Designs, Codes and Cryptography, Springer-Verlag, 1992, pp.107-125.
[ElG85] T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Transactions on Information Theory, Vol. IT-31, No. 4, pp. 469-472, 1985.
[FIPS 46] FIPS PUB 46, “Data Encryption Standard”, National Bureau of Standards, U. S. Department of Commerce, 1977.
[FR01] B. Feng and H. D. Robert, “Privacy Protection for Transactions of Digital Goods,” Proceedings of the Third International Conference on Information and Communications Security, LNCS 2229, 2001, pp. 202-213.
[Har94] L. Harn, “New digital signature scheme based on discrete logarithm”, Electronics Letters, Vol. 30, No. 5, 1994, pp. 396-398.
[HMV93] G. Harper, A. Menezes and S. Vanstone, “Public-Key Cryptosystems with Very Small Key Lengths,” Advances in Cryptology – EUROCRYPT’ 92, LNCS 658, 1993, pp. 163-173.
[HX94] L. Harn and Y. Xu, “Design of generalised ElGamal type digital signature schemes basedon discrete logarithm”, Electronics Letters, Vol. 30, No. 24, 1994, pp. 2025-2026.
[IEEE 1363] IEEE 1363 Working Group, “IEEE P1363 standard specifications for public key cryptography”.
[ITW82] I. Ingemarsson, D. Tang and C. Wong, “A conference key distribution system,” IEEE Transactions on Information Theory, Vol.28, No.5, 1982, pp. 714-720.
[Jou04] A. Joux, “A one round protocol for tripartite Diffie-Hellman,” Journal of Cryptology, Vol.17, No.4, 2004, pp.263-276.
[JV96] M. Just and S. Vaudenay, “Authenticated multi-party key agreement”, Advances in Cryptology: ASIACRYPT ’96, Springer-Verlag, 1996, pp. 36-49.
[Kob85] Koblitz N., “Elliptic curve cryptosystems”, Mathematics of Computation, Vol. 48, No.177, 1985, pp. 203-209.
[KRC05] M. H. Kang, H. B. Ryou and W. C. Choi, “Design of Anonymity-Preserving User Authentication and Key Agreement Protocol for Ubiquitous Computing Environments,” Internet and Network Economicsg, LNCS 3828, 2005, pp. 491-499.
[KRI05]
W. H. Kim, E. K. Ryu, J. Y. Im and K. Y. Yoo, “New conference key agreement protocol with user anonymity,” Computer Standards & Interfaces, 27, 2005 pp.185–190.
[KY03] J. Katz and M. Yung, “Scalable Protocols for Authenticated Group Key Exchange,” Advances in Cryptology – CRYPTO’03, LNCS 2729, 2003, pp. 110-125.
[MB05] N. McCullagh and P. S. L. M. Barreto, “A new two-party identity-based authenticated key agreement,” CT-RSA, LNCS 3376, 2005, pp.262-274.
[Mil85] Miller V., “Uses of elliptic curves in cryptography”, Advances in Cryptology - CRYPTO'85, 1985, pp. 417-426.
[MK06] K. Mangipudi1 and R. Katti “A Secure Identification and Key agreement protocol with user Anonymity (SIKA),” Computers & Security, Vol.25, No.6, 2006, pp.420-425.
[MOI90] S. Miyaguchi, K. Ohta, and M. Iwata, “128-bit hash function (N-Hash)”, Proceedings of SECURICOM ’90, pp. 127-137, 1990.
[MOV96] A. J. Menezes, P. C. V. Oorschot, and S. A. Vanstone, “Handbook of applied cryptography,” CRC Press, 1996.
[NIST 180] NIST, Fed. Inf. Proc. Standards, “Secure Hash Standard,” Pub.180, May 1993.
[NKW05] J. Nam, S. Kim and D. Won “A weakness in the Bresson-Chevassut-Essiari-Pointcheval’s group key agreement scheme for low-power mobile devices,” IEEE Communications Letters, Vol. 9, No. 5, 2005, pp. 429-431.
[NLK05] J. Nam, J. Lee, S. Kim and D. Won “DDH-based group key agreement protocols for mobile environment,” The Journal of System and Software, 78, 2005, pp. 73-83.
[OTO05] T. Okamoto, R. Tso and E. Okamoto, “One-Way and Two-Party Authenticated ID-Based Key Agreement Protocols Using Pairing,” Modeling Decisions for Artificial Intelligence, LNCS 3558, 2005, pp.122-133.
[PH97] H. Petersen and P. Horster, “Self-certified keys concepts and applications”, Proceeding of Communications and Multimedia Security’97, 1997, pp.102-116.
[RFC 1321] R.L. Rivest, “The MD5 message digest algorithm”, Request for comment RFC1321, 1992
[RSA78] R.L. Rivest, A. Shamir and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystem”, Communications of the ACM, Vol. 21, No. 2, 1978, pp. 120-126.
[Sch96] B. Schneier, “Applied Cryptography,” Second Edition, John Wiley & Sons, 1996
[Sha84] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes”, Advances in Cryptology – CRYPTO’84, Springer-Verlag, 1984, pp.47-53.
[STW00] M. Steniner, G. Tsudik and M. Waidner, “ Key agreement in dynamic peer groups”, IEEE Transaction on Parallel and Distributed Systems, Vol. 11, No. 8, 2000, pp. 769-780.
[STW97] M. Steniner, G. Tsudik and M. Waidner, “ CLIQUES: A new approach to group key agreement”, Technical Report RZ 2984, IBM Research, December 1997.
[Tse07] Y. M. Tseng, “A secure authenticated group key agreement protocol for resource-limited mobile devices,” The Computer Journal, Vol. 50, No. 1, 2007.
[WJW07] R. C. Wang; W. S. Juang; C. C. Wu and C. L. Lei, “A lightweight key agreement protocol with user anonymity in ubiquitous computing environments,” Multimedia and Ubiquitous Engineering, Vol.26, No.28, 2007, pp. 313-318.
[WRL08] Z. Wan, K. Ren, W. Lou and B. Preneel, “Anonymous ID-based Group Key Agreement for Wireless Networks,” Wireless Communications and Networking Conference , 2008, pp. 2615-2620.
[Wu97] T. C. Wu, “Conference key distribution system with user anonymity based on algebraic approach”, IEE Proceedings Computers and Digital Techniques, Vol. 14, No. 2, 1997, pp. 145-148.

無法下載圖示 Full text public date 2010/07/25 (Intranet public)
Full text public date This full text is not authorized to be published. (Internet public)
Full text public date 2010/07/25 (National library)
QR CODE