| Abstract: | 在現今以電腦網路作為人與人之間主要通訊媒介的時代,我們隨時面臨著駭客、病毒以及竊聽等安全上的威脅,因此如何確保訊息傳輸以及資料的的機密性、可靠性與完整性等機制,儼然已成為網路安全的重要課題。然而,使用者身份認證則是解決網路安全問題機制的第一步,在確認過使用者身份之後,接著就是如何有效地保護通訊雙方所傳遞資料的安全性。最有效的方法就是通訊雙方共同協定產生一把共有的秘密金鑰,隨後可用它來加解密欲傳送的資料,以保持資料的私密性及完整性。因此,一個能夠同時提供使用者身份認證又可達到秘密金鑰分配的安全協定,稱之為「具鑑別性金鑰交換協定」(Authenticated Key Agreement ? AKA)。傳統的金鑰交換協定大都建立在解離散對數的困難度上,然而,近年來由於橢圓曲線(Elliptic Curve)所衍生出的雙線性配對(Bilinear Pairings)密碼機制,提供了另一種新的金鑰交換協定的方法。因此,如何利用Weil pairing之雙線性特性為基礎,以達到安全及有效的多方身份認證與金鑰交換正是本論文所探討的主題。Diffiem與Hellman 在1976年首先提出了一個眾所周知的金鑰交換協定,稱之為 Diffie-Hellman金鑰交換協定;每一位使用者可以使用自己的秘密金鑰與另一通訊方的公開金鑰來計算他們共享的秘密金鑰。然而,在Diffie-Hellman的方法中僅提供通訊雙方金鑰交換的協定,卻沒有提供對於彼此身份之鑑別,因此會遭受到中間人攻擊 (Man-in-the middle attack)。有鑑於此,Joux在2000年首先利用Weil pairing的雙線性特性提出了三方的Diffie-Hellman金鑰交換協定,在Joux的協定中,參與通訊的每個人僅需廣播一次公開的訊息,便可協議出一把共同的通訊密鑰。很不幸地,就像Diffie-Hellman一樣,仍然無法提供通訊者的身份認證。在2003年,Kyungah Shim為了解決Joux協定中所遭遇的問題,於是便提出了一個具有身份鑑別之三方金鑰交換協定,在Shim的協定中,其主要的概念是利用憑證來作為身份的驗證,並將Weil pairing運用在羃次方的運算。本論文證明了在Shim的協定中,仍然存在某些安全上的問題,進而提出一個基於Weil pairing之更有效且具安全性的三方金鑰交換協定,以解決該金鑰協定的安全缺失。並且充分利用Weil pairing的雙線性特性,有效地改善Shim協定中金鑰產生函數的運算量。此外,為了符合現實生活中實際應用上的需求,多方參與會議的情況時為常見,因此不可能只侷限在通訊者只有三方之金鑰協定上。在2004年,Barua首先利用Joux金鑰交換協定,將三方的金鑰協定延伸至多方的會議金鑰協定上,實際上是架構在一個三元樹的基礎上,一層接著一層循序來產生最後的秘密金鑰。所以在Barua的金鑰協定中,通訊次數是一個和參與人數成正比的函數 ?log3n?,由此可見,參與的人數愈多,通訊次數也就愈多,這是一個非常差的現象。基於上述原因,我門同樣利用Weil pairing的雙線性特性,提出一個低計算成本及低通訊資料量的多方金鑰協定,同時並滿足金鑰協定所需之一般安全性要求。
Nowadays, people communicate and transmit data over the Internet, where they face the threat of hacker, virus and eavesdropping. It is an important problem on communication security to ensure the confidentiality, reliability and integrity of transmitted data. However, user authentication is the first step in ensuring a secure service. In open distributed network environments, the extended problem after authenticating each other is how to protect the sensitive information transmitted between a user and a server (or another user). The most effective method to solve this problem is negotiating a shared session key, and then using the secret key to encrypt/decrypt the transmitted data to provide data privacy and integrity. A protocol that involves user authentication and key establishment can fit in with the security requirements mentioned above, and is referred to as authenticated key exchange protocol. Many of the most widely used key agreement protocols are based on the assumption that discrete logarithm problem is indeed hard to be solved. Recently, based on the bilinear pairing from elliptic curve cryptosystem new key agreement protocols are proposed. Diffie and Hellman proposed a well-known key exchange protocol in 1976, namely Diffie- Hellman key exchange protocol. Each user can use the owner secret key and communication partner’s public key to compute a common session key. However, it is only a two-party key exchange protocol and does not authenticate the two communication entities, hence suffers from the man-in- the-middle attack. In 2000, the first work done by Joux showed how to implement an elegant tripartite key agreement protocol using pairing: only one broadcast is required for each entity. However, just like the basic Diffie-Hellman protocol, Joux's protocol did not authenticate the three communicating entities, and is still vulnerable to the man-in-the-middle attack. To provide authenticity to tripartite key agreement, in 2003, Kyungah Shim proposed an efficient one-round tripartite authenticated key agreement protocol based on Weil pairing to overcome the defect in Joux’s. In this thesis, shows that Shim’s protocol suffers from some attacks, such as the insider attack and the key-compromise impersonation attack. We point out the weakness of Shim’s protocol, and then propose a secure tripartite key agreement protocol with authentication to solve the problems and propose an efficient way of key generation, simultaneously.Furthermore, in order to improve the practicability of key agreement, multi-party conference is a common solution. Barua first extended the tripartite key agreement to multi-party key agreement and proposed a multiparty key agreement protocol by using Weil pairing. The protocol is based on ternary trees and the Joux’s tripartite key agreement. However, in Barua’s protocol the communication round for n entities is ?log3n?, which is proportional to the number of participants. In this thesis, w also propose a new multiparty key agreement protocol from Weil pairing that greatly enhances the computational and communicational performances and maintains the same security level as Barua’s protocol, simultaneously. |
