在現今科技盛行的時代中，網路越來越為人們所依賴，也提供人們越來越多的功能，如電子郵件、傳送訊息、線上交談、電子郵件、進行影像傳輸、電子新聞等等。而在網路所提供的眾多服務項目中需要仰賴群播技術的服務也日漸增加，如線上會議、網路購物、數位電視等等。群播技術中最為學者們所致力研究的在於更換會議金鑰時的效率問題。過去曾有學者提出以階層式架構結合單向函數而形成單向函數樹的方法，此種方法可以有效降低在有成員加入或離開群體時更換會議金鑰的訊息量。然而此種方法無法抵擋共謀攻擊，因此本文以單向函數樹的方法為基礎，改善其對於共謀攻擊方面的弱點，以提供一更具安全性並兼顧效率的群播技術。

Multicast is an efficient technique to communicate with specific members. Sherman and McGrew proposed a new scalable algorithm called one way function tree for establishing session key in large and dynamic group. The number of messages broadcasted after a member is added or evicted is about proportional to the logarithm of group size. However, the scheme is vulnerable to the collusion attack. We will analysis the possible collusion attack on the scheme proposed by Sherman and McGrew and improve the weakness to provide a more secure scheme in this paper.

第1章　緒論................................................1
 第1.1節　研究動機及目的...................................1
 第1.2節　論文組織與架構...................................6
第2章　相關研究............................................8
 第2.1節　Sherman和McGrew 2003年的方法.....................8
 第2.2節　Sherman和McGrew 2003年方法的弱點................22
  第2.2.1節　共謀攻擊類型一...............................23
  第2.2.2節　共謀攻擊類型二...............................25
  第2.2.3節　共謀攻擊類型三...............................26
第3章　以單向函數樹為基礎的安全群播技術...................29
第4章　安全性分析.........................................49
第5章　效能分析...........................................53
第6章　結論與未來研究方向.................................58
參考文獻..................................................59
英文論文稿................................................61

[1]I. Chang, R. Engel, D. Kandlur, D. Pendarakis and D. Saha, “Key Management for Secure Internet Multicast Using Boolean Function Minimization Techniques,” INFOCOM’99, 1999.
[2]R. Cnetti, J. Gary, G. Itkis, D. Micciancio, M. Naor and B. Pinks, “Multicast Security: A Taxonomy and Some Efficient Constructions,” IEEE INFOCOM ’99, 1999, pp. 708-716.
[3]S. M. Ghanem, H. A. Wahab, “A Simple XOR-Based Technique for Distributing Group Key in Secure Multicasting,” Fifth IEEE Symposium on Computers and Communications (ISCC 2000), 2000, pp. 166-171.
[4]D. Harkins and D. Carrel, “The Internet Key Exchange (IKE),” Internet Draft (work in progress), Draft-ietf-ipsec-isakmp-oakley-08. txt, Internet Eng. Task Force, 1998.
[5]S. Mittra, “Iolus: A Framework for Scalable Secure Multicasting,” Proceedings of the ACM Computer Communications, Vol. 27, No. 3, 1997, pp. 277-288.
[6]R. Molva and A. Pannetrat, “Scalable Multicast Security with Dynamic Recipient Groups,” ACM Transactions on Information and System Security, Vol. 3, 2000, pp. 136-160.
[7]A. Sherman and D. McGrew, “Key Establishment in Large Dynamic Groups Using One-Way Function Trees,” IEEE Transactions on Software Engineering, Vol. 29, No. 5, 2003, pp. 444-458.
[8]M. Steiner, G. Tsudik, M. Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication,” Proc. 3rd ACM conference on computer and communications security, 1996, pp. 31-37.
[9]M. Wallner, E. J. Harder and R. C. Agee, “Key Management for Multicast: Issues and architectures,” RFC 2627, 1999.
[10]C. Wong, M. Gouda and S. Lam, “Secure Group Communications Using Key Graphs,” Proceedings of CM SIGCOMM’98, 1998, pp. 68-79.