臺灣博碩士論文加值系統

三方金鑰交換協定其環境為每位通訊者透過一個可信賴的伺服器共享一組密鑰，使用此組密鑰達成彼此之間的身分驗證。近年來，許多的學者紛紛提出三方驗證金鑰交換協定，大致上可分為兩種類型。其一，通訊方與伺服器共享一組密鑰，伺服器透過密鑰驗證通訊方身分，進而完成金鑰交換。其二，通訊方使用伺服器的公鑰對欲傳送的訊息做加密，即可確保傳送訊息的機密性。
在第一種類型中，較為著名的協定為Steiner 等人在1995年所提出的三方驗證金鑰交換協定，但其協定安全性卻不足；到了2010年還是有學者提出改善的方案。而第二種類型中，通訊方必須保有伺服器的公鑰對其傳輸的資料進行加密，相對的也增加通訊方的計算成本。因此許多學者也紛紛提出不需要伺服器公鑰的三方金鑰交換協定。
有鑑於此，在本篇論文中，我們將設計兩組三方驗證金鑰交換協定，皆不需使用伺服器的公鑰進行金鑰交換。第一組協定中，其安全性上可抵擋多種類型攻擊，並與其它三方金鑰交換協定比較起來，更具有效率；並且在延伸出一個通訊者註冊時，不需建置安全通道。在第二組協定中，其特色為伺服器將不存放通訊者的任何資料，並且能驗證通訊者的身分，防範攻擊者對驗證表的窺視；在安全性上，則能夠抵擋多種類型攻擊。

In a three-party key agreement protocol, the communicating parties share a key through a trusted server, which is used to authenticate the identity of both parties. In recent years, many studies have suggested that three-party authenticated key exchange agreements could be broadly classified into two categories. In the first category, the communicating parties share a key, which the server uses to verify the identities of the communicating parties. In the second category, the communicating parties use the server''s public key to encrypt the messages they send, thereby ensuring confidentiality.
The more well known of the protocols fits into the first category, which was originally proposed by Steiner et al. in 1995. The security of this protocol, however, is somewhat lacking, and scholars have continually proposed suggestions for its improvement, even as recently as 2010. The second type requires communicating parties to encrypt transmitted data using the server''s public key, but this process increases the costs incurred by all parties involved. A number of researchers have therefore proposed three-party key agreement protocols that do not require public server keys.
To address these problems, we propose two three-party key agreement protocols that do not require the use of public server keys for authentication. Our first protocol is able to withstand multiple forms of attack, despite offering increased computational efficiency beyond that of other three-party key agreement protocols. In addition, communicating parties can enjoy the benefits of full security coverage without having to establish a secure channel. In our second protocol, the server does not have to store any information from the communicating parties to verify their identities. From the standpoint of security, such a system would help prevent attackers from gaining access to verification charts, thereby ensuring resistance to a wide variety of threats.

目錄
中文摘要 I
ABSTRACT II
目錄 IV
表目錄 VII
圖目錄 VIII
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 3
1.2.1 有效率的三方金鑰交換協定 3
1.2.2 植基於身分的三方金鑰交換協定 4
1.3 論文架構 4
第二章 相關知識和文獻探討 6
2.1 三方金鑰交換協定概觀 6
2.2 Diffie-Hellman金鑰交換協定 8
2.3 無碰撞的單向雜湊函數 (Collision-free One Way Hash Function) 9
2.4 暗門雜湊函數 (Trapdoor Hash Functions) 11
2.5 對稱式密碼系統 (Symmetric Cryptosystem) 12
2.6 非對稱式密碼系統 (Asymmetric Cryptosystem) 13
第三章 有效率的三方驗證金鑰協定 15
3.1 前言 15
3.1.2 參數設定 15
3.2我們的協定(一) 16
3.2.1 註冊階段 16
3.2.2 金鑰交換階段 17
3.3 我們的協定(二) 20
3.3.1註冊階段 20
3.3.2金鑰交換階段 21
3.4 安全性分析 25
第四章 植基於身分的三方金鑰交換 28
4.1 前言 28
4.1.1 參數設定 28
4.2 我們的協定 29
4.2.1 兩方金鑰交換協定 29
4.2.2 三方金鑰交換協定 34
4.3 總結 41
第五章 效能分析 42
5.1 計算成本 42
5.2 性能分析 44
第六章 結論 46
參考文獻 47
附錄 51
附錄A：作者簡介 51
附錄B：口試委員意見修正 52

表目錄
表1. 我們的協定與近年來協定的效能分析 43
表2. 我們的協定與近年來協定的性能分析 44


圖目錄
圖1. Diffie-Hellman金鑰交換協定 9
圖2. 對稱式加密系統 13
圖3. 非對稱式加密系統 14
圖4. 我們協定(一)之金鑰交換階段 19
圖5. 我們協定(二)之註冊階段 21
圖6. 我們協定(二)之金鑰交換階段 24
圖7. 二方金鑰註冊階段 30
圖8. 二方金鑰交換階段 32
圖9. 我們協定(三)之金鑰交換階段 38

[1] W. Diffie, M. Hellman, New directions in cryptography. IEEE Transactions on Information Theory, 22(6), pp. 644–54, 1976.
[2] S.M. Bellovin, M. Merrit, Encrypted key exchanged: password-based protocols secure against dictionary attacks. IEEE Symp. On Research in Security and Privacy, pp. 72–84, 1992.
[3] M. Steiner, G. Tsudik, M. Waidner, Refinement and extension of encrypted key exchange. ACM Operating Systems Review, 29(3), pp. 22–30, 1995.
[4] Y. Ding, P. Horster, Undetectable on-line password guessing attacks. ACM Operating Systems Review, 29(4), pp. 77–86, 1995.
[5] C.-L. Lin, H.-M. Sun, T. Hwang, Three party-encrypted key exchange: attacks and a solution. ACM Operating Systems Review, 34(4), pp. 12–20, 2000.
[6] H.-T. Yeh, H.-M. Sun, T. Hwang, Efficient three-party authentication and key agreement protocols resistant to password guessing attacks. International Journal of Information and System Engineering 19 (6), pp. 1059–1070, 2003.
[7] H.-M. Sun, B.-C. Chen, T. Hwang, Secure key agreement protocols for three-party against guessing attacks. The Journal of Systems and Software 75, pp. 63–68, 2005.
[8] T.-F. Lee, T. Hwang, C.-L. Lin, Enhanced three-party encrypted key exchange without server public keys. Computer and Security 23 (7), pp. 571–577, 2004.
[9] S.-W. Lee, H.-S. Kim, K.-Y. Yoo, Efficient verifier-based key agreement protocol for three parties without server’s public key. Applied Mathematics and Computation 167 (2), pp. 996–1003, 2005.
[10] M. Abdalla, D. Pointcheval, Simple password-based authenticated key protocols, Topics in Cryptology – CT-RSA 2005, Lecture Notes in Computer Science, vol. 3376, pp. 191–208, 2005.
[11] R. Lu, Z. Cao, Simple three-party key exchange protocol, Computers and Security 26 (1), pp. 94–97, 2007.
[12] R.C.-W. Phan, W.-C. Yau, B.-M. Goi, Cryptanalysis of simple three-party key exchange protocol (S-3PAKE), Information Sciences 178 (13), pp. 2849–2856, 2008.
[13] H. Guo, Z. Li, Y. Mu, X. Zhang, Cryptanalysis of simple three-party key exchange protocol, Computers and Security 27, pp. 16–21, 2008.
[14] T.-F. Lee, T. Hwang, Simple password-based three-party authenticated key exchange without server public keys, Information Sciences 180, pp. 1702–1714, 2010.
[15] R. Rivest, “The MD5 Message Digest Algoritm,” RFC 1321, 1992.
[16] FIPS PUB 180-3, “Secure Hash Standard,” National Institute of Standards and Technology, U.S. Department of Commerce, October 2008.
[17] W. Stallings, Cryptography and Network Security: Principles and Practice. Prentice Hall International, Inc., third edition, 2003.
[18] H. Krawczyk, T. Rabin, Chameleon signatures, Symposium on Network and Distributed Systems Security (NDSS’00), pp. 143-154, 2000.
[19] A. Shamir, Y. Tauman, Improved online / offline signature schemes, Advances in Cryptology-CRYPTO’01, LNCS 2139, pp. 355-367, 2001.
[20] F. Y. Yang, Improvement on a trapdoor hash function, International Journal of Network Security, Vol. 9, No. 1, July, pp. 17-21, 2009.
[21] F. Y. Yang, Efficient trapdoor hash function for digital signatures, Chaoyang Journal, Vol. 12, pp. 351- 357, 2007.
[22] F. Y. Yang, S. H. Chiu, C. M. Liao, Trapdoor Hash Functions with Efficient Online Computations, The Proceedings of Multimedia and Networking Systems Conference 2006 (MNSC 2006), Kaohsiung City, Taiwan, Session G1, 2006.
[23] T.-F. Lee, J.-L. Liu, M.-J. Sung, S.-B. Yang, C.-M. Chen, Communication-efficient three-party protocols for authentication and key agreement, Computers and Mathematics with Applications 58, pp. 641-648, 2009.