網路通訊的發展下，物聯網裝置的應用逐漸增加，尤其物聯網 應用中，大多為低資源裝置所組成，使得如何建立低資源裝置下的 安全群體通訊成為重要的議題。在低資源裝置的群體通訊下，由於 裝置資源受限，不適合基於離散對數特性等方法來進行鑑別與金 鑰交換，且? 個裝置間使用傳統的 個體對個體鑑別與金鑰交換協 定，需要O(n^2) 的時間。因此本論文提出一個適用於低資源裝置的 鑑別式群體金鑰交換機制，利用向量外積運算、邏輯運算、算術運 算即可完成鑑別式群體金鑰交換，滿足身分鑑別性與訊息秘密性。 同時基於二元樹的特性，降低鑑別與金鑰交換之時間至O(log n)。 考慮群體的動態性，亦提出節點加入或離開的群體金鑰更新階段， 滿足金鑰前推安全性和後推安全性。

With the advances in network communication, the application for Internet-connected devices increases gradually. Most connected devices in IoT are low-resource, so it becomes an important research topic in cryptography for secure group communications between low-resource devices nowadays. In a group communication for low-resource devices, authentication protocols with key exchange based on discrete algorithm are not suitable for low-resource devices due to computation limitation and require O(n^2) completion time for n devices. In this paper, we propose a computation-efficient authenticated group key exchange for low-resource devices. It only needs cross product operation, simple logic operations and arithmetic operations in implementation and reduces the completion time for n devices to O(log n). The proposed scheme satisfies some properties, such as identity authenticity, message confidentiality. When a device joins/leaves, the group key needs to be changed. The proposed key-updating method satisfies forward and backward secrecy.

[1] Diffie, W. and Hellman, M.E., “New Directions in cryptography,” IEEE Trans. On Information Theory, Vol. IT-22, No. 6, pp. 644-654, 1976

[2] Mihir Bellare and Phillip Rogaway, “Entity Authentication and Key Distribution,” Advances in Cryptology Crypto '93 Proceedings, 1993

[3] Kevin Ashton, “That ‘Inernet of Things’ Thing,” RFID Journal, 2009

[4] Ingemarsson, Donald T. Tang and C. K. Wong, “A Conference Key Distribution System,” IEEE Trans. On Information Theory, Vol. IT-28, No. 5, pp. 714-760, 1982

[5] Michael Steiner, Gene Tsudik and Michael Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication,” Proceeding CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security, pp. 31-37, 1996

[6] Giuseppe Ateniese, Michael Steiner and Gene Tsudik, “Authenticated Group Key Agreement and Friends,” Proceedings of the ACM Conference on Computer and Communications Security, pp. 17-26, 1998

[7] Yuh-Shihng Chang and Tzong-Chen Wu, “Group-oriented authentication mechanism with key exchange,” Computer Communications, Vol. 21, No. 5, pp.485-497, 1997

[8] Tzong-Chen Wu, Thsia-Tzu Huang, Chien-Lung Hsu, Kuo-Yu Tsai, “Recursive protocol for group-oriented authentication with key distribution,” Journal of Systems and Software, Vol. 81, No. 7, pp. 1227-1239, 2008

[9] Lein Harn and Changlu Lin, “Authenticated Group Key Transfer Protocol Based on Secret Sharing,” IEEE Transactions on Computers, Vol. 59, No. 6, pp. 842-846, 2010

[10] Lein Harn, “Group Authentication,” IEEE Transactions on Computers, Vol. 62, No. 9, pp. 1893-1898, 2013

[11] G. Usha Devi, E. Vishnu Balan, M. K. Priyan and C. Gokulnath, “Mutual Authentication Scheme for IoT Application,” Indian Journal of Science and Technology, Vol. 8, 2015

[12] Collins Mtita, Maryline Laurent and Pascal Daragon, “Serverless Lightweight Mutual Authentication Protocol for small mobile Computing Devices,” New Technologies, 7th International Conference on Mobility and Security, 2015

[13] Namje Park, Marie Kim and Hyo-Chan Bang, “Symmetric Key-Based Authentication and the Session Key Agreement Scheme in IoT Environment,” Springer, Berlin, Heidelberg, Vol. 330, 2015

[14] Ching-Fang Hsu, Lein Harn, Yi Mu ,Maoyuan Zhang and Xuan Zhu, “Computation-efficient key establishment in wireless group communications,” Springer Science+Business Media New York 2016, Vol. 23, No. 1, pp. 289-297, 2016