通訊最佳化之可認證式金鑰交換

李添福

3.232.96.22，Hello！

Close
Search Quick Search Advanced Search Publication Search	Personal Service Member Login Searching History Use Bonus Card SYMSKAN
Browse Browse by University of Graduate Thesis Browse by Pinyin of Graduate Thesis Browse by Conference Proceedings Topic Browse by Conference Proceedings Publisher Browse by Pinyin of Conference Proceedings Browse by eBook Category Browse by eBook Topic Browse by eBook Publisher
Customer Services Authorize Airiti Recommend a Journal

Search Symbol (Half-width)	Description of Search Symbols
Space	"AND" indicates the intertwining of key terms used in a search
Double Quotation Marks ("") ( " " )	Double quotation marks indicate the beginning and end of a phrase, and the search will only include terms that appear in the same order of those within the quotations. Example: "image process" ： " image process "
?	Indicates a variable letter. Entering two ? will indicate two variable letters, and so on. Example: "Appl?", search results will yield apple, apply… e , appl y … ( (often used to English word searches) )
*	Indicates an unlimited number of variable letters to follow, from 1~n. Example: Enter "appl*", search results will yield apple, apples, apply, applied, application…(often used in English word searches) e , appl es , appl y , appl ied , appl ication … ( (often used to English word searches) )
AND、OR、NOT	Boolean logic combinations of key words is a skill used to expand or refine search parameters. (1) AND (1) AND: Refines search parameters (2) OR (2) OR: Expands search parameters (3) NOT: Excludes irrelevant parameters

DOI stands for Digital Object Identifier （ D igital O bject I dentifier ） ,
and is the unique identifier for objects on the internet. It can be used to create persistent link and to cite articles.

Using DOI as a persistent link

To create a persistent link, add「http://dx.doi.org/」「 http://dx.doi.org/ 」 before a DOI.
For instance, if the DOI of an article is 10.5297/ser.1201.002 , you can link persistently to the article by entering the following link in your browser: http://dx.doi.org/ 10.5297/ser.1201.002 。
The DOI link will always direct you to the most updated article page no matter how the publisher changes the document's position, avoiding errors when engaging in important research.

Cite a document with DOI

When citing references, you should also cite the DOI if the article has one. If your citation guideline does not include DOIs, you may cite the DOI link.

DOIs allow accurate citations, improve academic contents connections, and allow users to gain better experience across different platforms. Currently, there are more than 70 million DOIs registered for academic contents. If you want to understand more about DOI, please visit airiti DOI Registration （ doi.airiti.com ）。

Data Source

Basic & Applied Sciences > Information Science
College of Electrical Engineering & Computer Science > Department of Information Engineering and Computer Science

Bibliography Management Tool

Related Links

Report an Issue

Search in Library

There is no full-text available at the moment. Airiti would like to request author's authorization. I would like to provide authorization.

通訊最佳化之可認證式金鑰交換

Communication Optimal Authenticated Key Agreements

李添福 , Ph.D　　Advisor：黃宗立　　

英文

金鑰交換；網路安全；通訊協定； network security ； authentication ； key agreement

Abstract │ Reference (54) │ Altmetrics

Abstract 〈TOP〉

網路的認證與保密對網路通訊安全而言是非常重要的議題。為達到使用者身份的認證與資料傳輸的保密之目的，近幾年來已有許多對於認證與金鑰協議 (Authentication and Key Agreement) 之網路通訊研究陸陸續續被提出。從Bellovin 與Merritt在1992年首先提出兩方認證金鑰交換協定後，已有許多安全有效的兩方認證金鑰交換協定已被提出。此外，認證金鑰交換協定之正規安全性證明的提出，使得兩方認證金鑰交換的研究更加成熟。隨著電腦通訊與網路技術的發展，三方與多方通訊也逐漸成為網路安全上的重要研究主題。直接利用既有的兩方認證金鑰交換協定去建構三方或多方通訊認證金鑰交換協定的方法固然可行，但往往使得整個協定的通訊效能大幅度的降低。因此，本論文將著重於三方與多方認證金鑰交換協定的設計，並探討其通訊效能。
    三方 (Three-Party，包含一被信任的server以及兩個欲通訊的用戶端clients) 認證金鑰交換 (Authenticated Key Agreement or Authenticated Key Exchange) 之通訊協定為：與server分別共享一把長久的金鑰 (a long-lived key) 以作為身分認證之兩個欲通訊的用戶端，透過server的協助能在不安全的網路上交換保密而且可認證的資訊。在1993年，Gong針對此方面 (三方認證金鑰交換通訊協定) 提出通訊所需之訊息數與回合數的下界 (lower bounds on the numbers of messages and rounds)，並提出通訊次數達到下界的三方認證金鑰交換之通訊協定。然而，Gong所提的通訊所需之下界，並不適用於會議金鑰 (session key) 植基於Diffie-Hellman問題之三方認證金鑰交換通訊協定，由於此種通訊協定，用戶端無須透過server的協助便能直接交換產生會議金鑰的組成因子。因此，通訊所需之訊息數與回合數便能減少。本論文將針對三方認證金鑰交換之通訊協定，提出新的通訊所需之訊息數與回合數的下界，其值皆比Gong所題之下界還低。此外，本論文亦提出三方認證金鑰交換之通訊協定，其通訊所需之訊息數與回合數比Gong所提出的下界還少。更進一步，我們依據Bellare與Rogaway於1995年及Bellare、Pointcheval與Rogaway於2000年所提出之證明安全性的模式，來證明我們所提出的三方認證金鑰交換之通訊協定的安全性。
	群體認證金鑰交換之通訊協定 (group authenticated key agreement protocols) 為：一群通訊者彼此身分認證後，產生一把共同的秘密金鑰，藉此金鑰，參與者可於不安全的網路上安全地傳遞訊息。本論文亦針對群體認證金鑰交換，提出一植基於bilinear pairing、高效率且具容錯能力的通訊協定。在所提出的通訊協定中，所有成員僅需要在一次回合 (one round) 中，將用來產生一把共同的秘密金鑰的因子廣播給其他成員後，所有成員便能同時計算出這把共同的秘密金鑰，並且運用bilinear pairing中Gap Diffie-Hellman的特性來有效地偵測並排除有問題的成員。因此，所提出的群體認證金鑰交換之通訊協定具有公平 (fairness) 與容錯 (fault-tolerance) 之特性。
	此外，本論文亦討論Boyd 與 Nieto於2003年，所提出的群體認證金鑰交換之通訊協定，該協定在通訊上僅需一次回合，即達通訊回合數之最佳化 (round-optimal)。儘管Boyd 與 Nieto所提出的群體認證金鑰交換之通訊協定已利用Bellare與Rogaway所提出之證明安全性的模式下證明其安全性，然而，此通訊協定在安全上仍有下列缺點：一、惡意的成員偽冒經授權的成員，無法被偵測出來；二、惡意的成員企圖孤立其他部分成員，亦無法被察覺出來。本論文將分析以上所述的缺點，提出改進的群體認證金鑰交換之通訊協定，而此改進通訊協定可以避免原通訊協定所遭受的攻擊。

Parallel Abstract 〈TOP〉

Network authentication and confidentiality are relevant issues in network communication and security.  Numerous communication approaches for authentication and key agreement have been developed in recent years to authenticate users and protect data confidentiality.  Since Bellovin and Merritt first proposed two-party authenticated key agreement protocols in 1992, many secure and efficient two-party authentication and key agreement protocols have been presented.  In addition, the formal security proofs for authenticated key agreement were provided in recent years such that research on two-party authentication and key agreement was quite advanced.  With the development of computer, communications and network technology, three-party and group authenticated key agreement protocols are gradually relevant issues in network communications and security.  Three-party and group authenticated key agreement protocols can be built on existing secure and efficient two-party authenticated key agreement protocol.  However, this method will increase authenticated key agreement protocols overheads on communications.  Therefore, this thesis mainly focuses on designing three-party and group authenticated key agreement protocols and discussing their efficiency in communications.
A three-party authenticated key agreement enables each client to securely communicate with another client over an insecure network via a server.  In 1993, Gong provided lower bounds on the numbers of messages and rounds for a three-party authenticated key agreement and developed key agreement protocols in order to achieve these lower bounds.  However, the lower bounds of communications provided by him are not suitable for three-party authenticated key agreement protocols whose session key security is based on the Diffie-Hellman problem.  This is because the clients in these protocols can directly exchange the information for generating the session key without using the server.  Thus, the numbers of messages and rounds in communication can be reduced.  This study provides new lower bounds for the three-party authenticated key agreement, which are lower than those indicated by Gong.  In addition, provably secure three-party authenticated key agreement protocols for realizing the new lower bounds are proposed.
A group authenticated key agreement protocol enables a group of participants to establish a secure common key that can be adopted to encrypt all communications over an insecure channel.  This dissertation also proposes a bilinear pairing-based round-efficient and fault-tolerant group key agreement protocol for communication networks.  In the proposed protocol, all participants broadcast their components of the common key only once, and can then derive the common key simultaneously.  The proposed protocol has fault-tolerance and fairness.  All successful participants can certainly obtain a common key, and any failed participant is automatically detected and excluded in the group.
Additionally, this investigation considers the group authenticated key agreement protocol proposed by Boyd and Nieto, which provides round-optimal communication.  Although the proposed protocol has been proven secure using Bellare and Rogaway's model, it still suffers several weaknesses, such the inability to identify a malicious participant who impersonates the authorized participant or attempts to isolate some participants.  This study investigates these weaknesses, and proposes an improved group authenticated key agreement approach that can avoid the attacks on the original approach.

Reference ( 54 ) 〈TOP〉

[1] L. Gong, “Lower bounds on messages and rounds for network authentication Protocols,” Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 26-37, Fairfax, Virginia, November 1993.
連結：
[2] L. Gong, “Efficient network authentication protocols: Lower bounds and implementations,” Distributed Computing, vol. 9, no. 3, pp. 131-145, 1995.
連結：
[4] L. Gong, “Optimal authentication protocols resistant to password guessing attacks,” Proceedings of the 8th IEEE Computer Security Foundation Workshop, pp. 24-29, 1995.
連結：
[5] T. Kwon and J. Song, “Authenticated key exchange protocols resistant to password guessing attacks,” IEE Proc.-Commun., vol. 145, no. 5, pp.304-308, 1998.
連結：
[6] T. Kwon, M. Kang and J. Song, “An adaptable and reliable authentication protocol for communication networks,” Proc. IEEE INFOCOM 97, Kobe, Japan, pp738-745, 1997.
連結：

Altmetrics

〈TOP〉

E-mail ：

When an article is available to download, a notice will be sent to your mailbox address.

E-mail ：