為了在行動通訊網路的環境中,可以安全的舉行會議,亟須一個允許會議成員加入與離開的動態會議金鑰分配法。在之前學者所發表適用於行動通訊網路的動態匿名會議金鑰分配法,並沒有完全滿足會議金鑰的前向安全與後向安全之安全要求,而且這些方法也無法抵擋共謀攻擊。為了移除這兩項缺點,本論文研究適用於行動通訊網路的動態匿名會議金鑰分配法。而在動態部份,為了降低會議成員加入和離開所導致的成本,方法中採取批次會議金鑰更新的方式,以提供方法的實用性。另外為了保護會議成員的隱私,先提出一個適用於行動通訊網路之具有交互認證的共同密鑰產生協定,隨後加入使用者匿名性而提出具有匿名性的版本。我們的具有交互認證之共同密鑰產生協定,不但滿足必要的安全特性,並且移除了張與張兩位學者所提出的平行猜測攻擊所造成的弱點。而在我們的具有匿名與交互認證的共同密鑰產生協定中,因為使用者的身分是不可追蹤的,所以提供了較匿名的使用者,更強的匿名保護。最後,對於新的動態匿名會議金鑰分配法,在整合了具有匿名與交互認證的共同密鑰產生協定之後,我們的方法比之前學者所提出的動態會議金鑰分配法,對於會議成員匿名性,提供了更完整的保護。 To hold a secure conference in mobile communication networks, a dynamic conference key distribution protocol allowing conferees’ joint and leave is necessary. In the proposed dynamic conference protocols with anonymity for mobile communication networks, the conference keys do not satisfy the forward or backward secrecy. Moreover, some proposed protocols are vulnerable by active colluding attacks. To remove the two disadvantages, a dynamic conference key distribution protocol with anonymity for mobile communication networks is proposed. Our new protocol adopts batch conference key renew protocol to reduce the cost caused by conferees’ join and leave. Due to the consideration of conferees’ privacy, a new authentication key agreement protocol and an anonymous variant are constructed for mobile communication networks. Our new authentication key agreement protocol not only satisfies the necessary security requirements but also removes Chang and Chang’s parallel guessing attack. In our anonymous authentication key agreement protocol, user untraceability is used to protect the users’ identities. After adopting our anonymous authentication key agreement protocol, our new dynamic conference key distribution protocol provides more anonymity protection for conferees than the other proposed dynamic conference key distribution protocols.
