為了在行動通訊網路的環境中，可以安全的舉行會議，亟須一個允許會議成員加入與離開的動態會議金鑰分配法。在之前學者所發表適用於行動通訊網路的動態匿名會議金鑰分配法，並沒有完全滿足會議金鑰的前向安全與後向安全之安全要求，而且這些方法也無法抵擋共謀攻擊。為了移除這兩項缺點，本論文研究適用於行動通訊網路的動態匿名會議金鑰分配法。而在動態部份，為了降低會議成員加入和離開所導致的成本，方法中採取批次會議金鑰更新的方式，以提供方法的實用性。另外為了保護會議成員的隱私，先提出一個適用於行動通訊網路之具有交互認證的共同密鑰產生協定，隨後加入使用者匿名性而提出具有匿名性的版本。我們的具有交互認證之共同密鑰產生協定，不但滿足必要的安全特性，並且移除了張與張兩位學者所提出的平行猜測攻擊所造成的弱點。而在我們的具有匿名與交互認證的共同密鑰產生協定中，因為使用者的身分是不可追蹤的，所以提供了較匿名的使用者，更強的匿名保護。最後，對於新的動態匿名會議金鑰分配法，在整合了具有匿名與交互認證的共同密鑰產生協定之後，我們的方法比之前學者所提出的動態會議金鑰分配法，對於會議成員匿名性，提供了更完整的保護。

To hold a secure conference in mobile communication networks, a dynamic conference key distribution protocol allowing conferees’ joint and leave is necessary.  In the proposed dynamic conference protocols with anonymity for mobile communication networks, the conference keys do not satisfy the forward or backward secrecy.  Moreover, some proposed protocols are vulnerable by active colluding attacks.  To remove the two disadvantages, a dynamic conference key distribution protocol with anonymity for mobile communication networks is proposed.  Our new protocol adopts batch conference key renew protocol to reduce the cost caused by conferees’ join and leave.  Due to the consideration of conferees’ privacy, a new authentication key agreement protocol and an anonymous variant are constructed for mobile communication networks.  Our new authentication key agreement protocol not only satisfies the necessary security requirements but also removes Chang and Chang’s parallel guessing attack.  In our anonymous authentication key agreement protocol, user untraceability is used to protect the users’ identities.  After adopting our anonymous authentication key agreement protocol, our new dynamic conference key distribution protocol provides more anonymity protection for conferees than the other proposed dynamic conference key distribution protocols.

Chapter 1 Introduction	P. 1
Chapter 2 Preliminary	P. 5
2.1 Notatioons	P. 5
2.2 Parallel Guessing Attacks on Lu et al.’s and Chang and Chang’s Protocols	P. 6
Chapter 3 Our Authenticated Key Agreement Protocol and a Variant with Anonymity for Mobile Communication Networks	P. 9
3.1 New Authenticated Key Agreement Protocol for Mobile Communication Networks	P. 9
3.1.1 Proposed Authentication Key Agreement Protocol	P. 9
3.1.2 Security Analysis	P. 10
3.1.3 Performance Analysis	P. 13
3.2 Ours Variant with Anonymity	P. 14
3.2.1 Our Protocol with Anonymity	P. 14
3.2.2 Security and Performance Analysis	P. 16
Chapter 4 A Secure Dynamic Conference Protocol with Anonymity for Mobile Communication Netwroks	P. 19
4.1 A New Protocol	P. 19
4.2 Security Analysis and Discussions	P. 25
Chapter 5 Discussions and Conclusions	P. 28
References	P. 29
Appendix  	P. 32

Fig. 1: Conference Initialization Protocol 	   P. 22
Fig. 2: Batch Conference Key Renewing Protocol   P. 24

Table 1:	Security Comparisons among Lu et al.'s, Chang and Chang's, and Our Protocols                       P. 13
Table 2:	Performance Comparison among Lu et al.'s, Chang and Chang's, and Our Protocol                    P. 14
Table 3:	Security Comparison between Wang et al.'s and Our Protocols                                        P. 25

References
[1]	F. Bao, “Analysis of a Secure Conference Scheme for Mobile Communication,” IEEE Transactions on Wireless Communications, Vol. 5, No. 8, pp. 1984-1986, August 2006.
[2]	K.-K. R. Choo, C. Boyd, and Y. Hitchcock, “The Importance of Proofs of Security for Key Establishment Protocols: Formal Analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun Protocols,” Computer Communications, Vol. 29, 2006, pp. 2788-2797
[3]	C. C. Chang and S. C. Chang, “An Improved Authentication Key Agreement Protocol Based on Elliptic Curve for Wireless Mobile Networks,” International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Harbin, China, 2008, pp. 1375- 1378.
[4]	M. S. Hwang, “Dynamic Participation in a Secure Conference Scheme for Mobile Communications,” IEEE Transactions on Vehicular Technology, Vol. 48, No. 5, pp. 1469-1474, September 1999.
[5]	K. F. Hwang and C. C. Chang, “A Self-encryption Mechanism for Authentication of Roaming and Teleconference Services,” IEEE Transactions on Wireless Communications, Vol. 2, No. 2, pp. 400-407, March 2003.
[6]	M. S. Hwang and W. P. Yang, “Conference Key Distribution Schemes for Secure Digital Mobile Communications,” IEEE Journal on Selected Areas in Communications, Vol. 13, No.2, pp. 416-425, February 1995.
[7]	Y. Jiang, C. Lin, X. Shen, and M. Shi, “Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks,” IEEE Transactions on Wireless Communications, Vol. 5, No. 9, pp. 2569-2577, September 2006.
[8]	R. Lu and Z. Cao, “Off-line Password Guessing Attack on an Efficient Key Agreement Protocol for Secure Authentication,” International Journal of Networks Security, Vol. 3, 2006, pp. 35-38
[9]	R. Lu, Z. Cao, and H. Zhu, “An Enhanced Authenticated Key Agreement Protocol for Wireless Mobile Communication,” Computer Standards and Interfaces, Elsevier Science, Netherlands, Vol. 29, 2007, pp. 647-652
[10]	S. L. Ng, “Comments on Dynamic Participation in a Secure Conference Scheme for Mobile Communications,” IEEE Transactions on Vehicular Technology, Vol. 50, pp. 334-335, January 2001.
[11]	A. Sui, L. Hui, S. Yiu, K. Chow, W. Tsang, C. Chong, K. Pun, and H. Chan, “An Improved Authenticated Key Agreement Protocol with Perfect Forward Secrecy for Wireless Mobile Communication,” IEEE Wireless Communications and Networking Conference (WCNC 2005), New Orleans, LA USA, Vol. 4, Mar. 13-17, 2005, pp. 2088-2093
[12]	D. Seo and P. Sweeney, “Simple Authenticated Key Agreement Algorithm,” Electronics Letters, Vol. 35, 1999, pp. 1073-1074.
[13]	M. Shi, X. Shen, and J. W. Mark, “A Light Weight Authentication Scheme for Mobile Wireless Internet Applications,” Wireless Communications and Networking, Vol. 3, pp. 2126-2131, March 2003.
[14] M. Shi, X. Shen, J. W. Mark, D. Zhao, and Y. Jiang, “User Authentication and Undeniable Billing Support for Agent-Based Roaming Service in WLAN/Cellar Integrated Mobile Networks,” Computer Networks, Vol. 52, Issue 9, pp. 1693-1702, June 2008.
[15]	C. Tang and D. O. Wu, “An Efficient Mobile Authentication Scheme for Wireless Networks,” IEEE Transactions on Wireless Communication, Vol. 7, No. 4, pp. 1408-1416, April 2008.
[16]	J. Wang, N. Jiang, H. Li, X. Niu, and Y. Yang, “A Simple Authentication and Key Distribution Protocol in Wireless Mobile Networks,” Wireless Communications, Networking and Mobile Computing, pp. 2282-2285, September 2007.
[17]	Y. Wei and H. Qiu, “A Novel Wireless Authentication Protocol Preserving User Anonymity and Untraceability,” International Conference on Communication Technology (ICCT 2006), Guilin, China, Nov. 27-30, 2006, pp. 1-4.
[18]	X. Yi, C. K. Siew, and C. H. Tan, “A Secure and Efficient Conference Scheme for Mobile Communications,” IEEE Transactions on Vehicular Technology, Vol. 52, No. 4, pp. 784-793, July 2003.
[19]	X. Yi, C. K. Siew, C. H. Tan, and Y. Ye, “A Secure Conference Scheme for Mobile Communications,” IEEE Transactions on Wireless Communications, Vol. 2, No. 6, pp. 1168-1177, November 2003.
[20]	J. Zhu and J. Ma, “A New Authentication Scheme with Anonymity for Wireless Environments,” IEEE Transactions on Consumer Electronics, Vol. 50, pp. 231-235, February 2004.