隨著網際網路的蓬勃發展，群組通訊的廣泛盛行，使得通訊個體加入的群組數量日漸增多。以往進行群組金鑰交換機制時，通訊個體需產生金鑰提供給該群組，然而，若通訊個體加入的群組數量增多，產生的金鑰數量也隨之增加。因此，本論文設計一套群組金鑰交換機制，此機制以Ryan-Schneider鑑別協定為基礎，通訊個體採用輪流註冊的方式，於註冊階段選擇欲加入群組。本論文所提出的方法具有以下優點：(1)通訊個體只需產生一組金鑰對；(2)通訊個體皆以同一組金鑰對與加入的群組進行身分鑑別、群組金鑰交換；(3)群組金鑰更新時，不會影響到通訊個體的金鑰對以及其他群組之群組金鑰。最後，可達到身分鑑別性、訊息完整性、通訊機密性、前推安全、後推安全、不可否認性以及不可偽造等安全需求。

With the vigorous development of the Internet, the widespread of group communication have increased. So far, there is more and more common that an individual device joins many groups in the same period. However, in order to achieve group key exchange, each device has to generate and store a key pair for the group. Therefore, with the increased of the group rate which causes the number of group key increased as well.
In this thesis, we propose an authenticated group key exchange mechanism for interdisciplinary groups. This scheme uses Ryan-Schneider authentication protocol as the basis. In addition, each device will register itself one by one and choose which group they are going to join in the same time. This scheme has the following advantages:
1. The individual device can join many groups with one key pair.
2. The individual device only needs to generate one key pair at the first, and then each device uses their key pair to achieve the identity authentication and group key exchange.
3. When update one of the group keys, it will not affect each individual key pairs or other group keys.
Last but not the least, the proposed scheme can achieve the following security requirements: identity authentication, integrity, confidentiality, forward secrecy, backward secrecy, non-repudiation and non-forgeability.

[1] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, November 1976, pp. 644-654.
[2] I. Ingemarsson, D. Tang and C. Wong, “A conference key distribution system,” IEEE Transactions on Information Theory, Vol. 28, September 1982, pp. 714-720.
[3] C. C. Chang, T. C. Wu and C. P. Chen, “The design of a conference key distribution system,” Advances in Cryptology — AUSCRYPT, May 1992, pp. 457-466.
[4] M. Steiner, G. Tsudik and M. Waidner, “Diffie-Hellman key distribution extended to group communication,” Proceedings of the 3rd ACM conference on Computer and communications security, March 1996, pp. 31-37.
[5] G. Ateniese, M. Steiner and G. Tsudik, “Authenticated group key agreement and friends,” Proceedings of the 5th ACM conference on Computer and communications security, November 1998, pp. 17-26.
[6] L. Harn and C. Lin, “Authenticated group key transfer protocol based on secret sharing,” IEEE transactions on computers, Vol. 59, June 2010, pp. 842-846.
[7] A. Shamir, “How to share a secret,” Communications of ACM, Vol. 22, No. 11, November 1979, pp. 612-613.
[8] Y. Liu, C. Cheng, J. Cao and T. Jiang, “An Improved Authenticated Group Key Transfer Protocol Based on Secret Sharing,” IEEE Transactions on Computers, Vol. 62, November 2013, pp. 2335-2336.
[9] Y. Piao, J. Kim, U. Tariq and M. Hong, “Polynomial-based key management for secure intra-group and inter-group communication,” Computers & Mathematics with Applications, Vol. 65, May 2012, pp. 1300-1309.
[10] Abdel Alim Kamal, “Cryptanalysis of a Polynomial-based Key Management Scheme for Secure Group Communication,” International Journal of Network Security, Vol. 15, January 2013, pp. 68-70.
[11] R. Lavanya, K. Sundarakantham and S. Mercy Shalinie, “Cost Effective Rekeying Approach for Dynamic Membership Changes in Group Key Management,” Computational Intelligence, Cyber Security and Computational Models, 2016, pp. 439-448.
[12] Roger M. Needham and Michael D. Schroeder, “Using encryption for authentication in large networks of computers,” Communications of the ACM, Vol. 21, December 1978, pp. 993-999.
[13] Y. Desmedt, “Society and group oriented cryptography: A new concept,” Advances in Cryptology — CRYPTO, December 1987, Berlin, pp. 120-127.
[14] L. Harn, “Group Authentication,” IEEE Transactions on Computers, Vol. 62, September 2013, pp. 1893-1898.
[15] C. Boyd, “On key agreement and conference key agreement,” Second Australasian Conference on Information Security and Privacy, vol. 1270, Springer-Verlag, July 1997, pp. 294-302.
[16] M. Burmester and Y. Desmedt, “A secure and efficient conference key distribution system,” Advances in Cryptology — EUROCRYPT, 1994, pp. 175-286.
[17] Yuh-Shihng Chang and Tzong-Chen Wu, “Group-oriented authentication mechanism with key exchange,” Computer Communications, Vol. 21, May 1998, pp. 485-497.
[18] W. Diffie, Paul C. Van Oorschot and Michael J. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, Vol. 2, June 1992, pp. 107-125.
[19] P.Y.A. Ryan and S.A. Schneider, “An attack on a recursive authentication protocol A cautionary tale,” Information Processing Letters, Vol. 65, January 1998, pp. 7-10.
[20] J. Bell, “The authentication protocol,” APM Report, March 1997.