在現今網路快速發展的世界裡,資訊大量的公開交換取得,造成有心人士可以輕易的竊取、偽造他人訊息,因此為保障重要資訊交換的安全性,人們常採取許多的安全措施,其中常見的有加密及模糊傳輸這兩種技術。首先以金鑰協商技術來說,溝通兩方在傳輸重要訊息前先行協議建立一把共享的秘密金鑰,在 2005 年時 Zhou 他們提出一個應用憑證以達到遠端使用者身份相互認證及會議金鑰協議。不過他的架構存在著安全上的弱點,也就是無法阻擋攻擊者的偽裝攻擊。其次,在 n 個訊息中挑選 k 個的模糊傳輸的技術來說,接收端只能從 n 個訊息中獲得到 k 個,而傳送端無法得知接收端所挑選的 k 個訊息,在 2006 年時 Kim 他們發展出一個使用RSA加密方式的安全驗證非交換作用的糊模傳輸,不過我們發現他們的架構存在著安全上的弱點,無法抵擋攻擊者的偽裝攻擊。 因此,在本篇論文我們將個別的分析 Zhou 和 Kim 的架構,指出其安全上的弱點,並提出偽裝攻擊的演算法。我們將提出一個基於橢圓雙曲線的 n 選 k 模糊傳輸,以達到使用者相互身份驗證及有效率溝通的安全性需求,同時在安全性和溝通效率上與現存的其它方法提出比較。 The key agreement and oblivious transfer (OT) is an important primitive for designing secure protocols. At first, in the method of key agreement, two parties can establish a common secret session key over an insecure. In 2005, Zhou et al. proposed an end-to-end security protocol with certificate-based authentication to mutually authentication and session key agreement. But their scheme is suffers from the impersonation attack, it cannot achieve the claimed security. Secondly, in the oblivious transfer protocol, the sender has n encrypted messages to be sending to the receiver while the receiver only intends to get k messages among the n transmitted messages, the sender cannot figure out which messages the receiver selected. In 2006, Kim et al. proposed secure verifiable non-interactive oblivious transfer protocol using RSA. However, we found that their protocol suffers from impersonation attack. We will take cryptanalysis of Zhou et al. scheme and Kim et al. scheme and propose impersonation attack for Zhou et al. scheme and Kim et al. scheme. We present an efficient mutual authentication k-out-of-n oblivious transfer protocol based on bilinear pairing, which offers the security requirements of mutual authentication and is communicationally efficient while compared with all of the existing schemes.
