網路會議是網際網路常見的服務之一。2005年,Ryu等學者提出了一個網路會議密鑰分配協定。他們聲稱,他們的方法是有效率且安全的。然而,我們發現Ryu等人的方法,有一個安全漏洞:只要有會議參與者的公鑰和會議密鑰分配時廣播的訊息,就可以計算出該次會議之密鑰。在本研究中,我們利用中國餘式定理(Chinese Remainder Theorem),設計一種全新的會議金鑰產生機制,它可以有效地解決了安全問題。另外,本研究得到三個成果:(1)未註冊的使用者不可能參與已認可的任何會議。(2)未經某會議參與者的同意,一個已註冊的使用者不得參加該會議,也不可能得到該會議的內容。(3)伺服器不能得知任何一場會議的密鑰,也不能得知該會議的參與者有那些人。在未來,我們希望利用這個方法,可以做到當參與會議人數增加時,能夠更有效率。 Network conference is one of the most popular services on the Internet. In 2005, Ryu et al. proposed a conference key distribution protocol. They claimed their scheme is efficient and secure. However, we found that their protocol has a secure loophole: without applying any private information, the conference key can be recovered only using both the broadcast message of the protocol and the public keys of the participants. In this paper, we employ the Chinese Remainder Theorem to design a novel conference key distribution scheme, which can effectively solve the security problem raised in Ryu et al.’s work. In addition, there are three outcomes of this research. First, it is impossible that an unregistered user could attend an approved conference. Second, without the agreement of all participants in a meeting, no one could obtain the conference key and the content of the conference. Third, the conference server cannot know who participates in a particular conference and cannot compute any conference key. In the future, we hope to improve our scheme which can more efficiently accommodate more users in a meeting at the same time.
