植基於橢圓曲線密碼學的群組通訊安全系統

Abstract

現今有許多新興的應用程式建立在群組通訊的模組上，例如: 車載網路即時通訊、視訊會議或群組資料分享等應用。本論文以橢圓曲線密碼學為基礎，開發出一個群組通訊安全系統 (Group Communication Security System, GCSS)。此系統包含“群組成員的加入”、“一對多資料傳輸”、“一對一資料傳輸”與“群組成員的離開”的安全機制。在“群組成員加入”方面，GCSS利用預先共享金鑰認證以及橢圓曲線上的Diffie-Hellman金鑰交換協定，提供一套友善的成員加入機制與安全的金鑰分配。在“一對多資料分享”的應用，GCSS採用混合式密碼學系統來保護資料，以Fuzzy Identity-Based Cryptography (Fuzzy-IBE)提供精緻的存取控制，利用AES提供有效率的資料加密。在“一對一的資料分享”的應用，我們提出個人屬性金鑰協商協定(Individual-Attribute based Key Exchange protocol, IAKE)的機制，產生通訊金鑰，不需第三方的介入，就可達成成員之間安全的資料傳輸。此外，我們並針對“群組成員離開”，提出一個簡易的金鑰廢止機制，以確保成員離開後的群組通訊安全。 另外，本論文將IAKE與其他同類型的協定做比較，證明IAKE具有較好的安全性與較低的運算成本。我們也測試了GCSS在行動裝置上的效能，實驗結果也顯示，GCSS在行動裝置上的執行效能也極佳。

Many emerging applications, such as Instant Communication in Vehicular Networks and Video Conferencing, adopt group communication model. In this thesis, we use Elliptic Curve Cryptography (ECC) as the basis to develop a Group Communication Security System (GCSS). The GCSS system provides security mechanisms for “Group Member Join”, “One-to-Many Data Transmission”, “One-to-One Data Transmission” and “Group Member Leave”. In “Group Member Join”, GCSS integrates Pre-Shared Key (PSK) authentication with Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol to provide user-friendly member join and secure key distribution. In “One-to-Many Data Transmission”, GCSS adopts hybrid cryptosystem to protect data transmission. It uses Fuzzy Identity-Based Encryption (Fuzzy-IBE) to provide granular access control and uses AES to provide efficient data encryption. In “One-to-One Data Transmission”, we propose an Individual-Attribute based Key Exchange (IAKE) protocol to generate session keys to enforce secure data transmission among members without the intervention of a third party. In “Group Member Leave”, a simple key revocation mechanism is proposed to assure the security of group communication after members leaving. Comparing with other similar security mechanisms, IAKE can achieve better security with lower computation cost. Moreover, we have implemented GCSS on mobile devices. The experimental results show that GCSS is very effective on the mobile devices as well.