发布/订阅系统安全传输模型的研究与设计
|
摘要
发布/订阅系统技术能够使得信息交互的双方在时间、空间和控制流三个方面都完全解耦,所以越来越受到人们的关注。而目前各研究者对发布/订阅技术的研究主要集中在匹配算法和路由算法的优化上,而对安全方面的考虑甚少。本文在详细分析了发布/订阅系统中事件传输缺乏安全性保障这一现状的基础上,针对发布/订阅系统中主要存在的安全隐患,提出了一个可以实现事件安全传输的安全策略模型。
在安全模型中,主要使用了三个关键技术解决了事件传输的安全问题。首先,由于传统的基于订阅者分组的组密钥管理方法不能同时支持在网络中的匹配和安全事件路由。针对这个缺陷,采用了一种独立于订阅者分组的密钥管理方法。该方法的主要思想是将订阅消息过滤器和授权密钥相结合,秘密事件和加密密钥相结合,同时将授权密钥和加密密钥映射到公共密钥空间中,这样密钥就从基于订阅者相关的关系中分离出来,使得密钥管理的方法独立于整个订阅者的分组,增加了系统的扩展性和安全性。其次,考虑到授权密钥的传输可能经历一个不安全的网络,而独立于订阅者分组的密钥管理方法又没有涉及这一问题,将移动代理引入到密钥传输中,通过使用可验证秘密共享算法,将授权密钥进行分拆,然后由不同的分代理携带不同的秘密份额,来保证密钥安全分发给用户。最后,在路由安全方面,在使用独立于订阅者分组的密钥管理方法的基础上,为了防止好奇节点的频繁推断攻击,采用概率的多路径事件路由方法,这样使得发布者到订阅者之间存在着多条独立的路径,发布者发布事件时可以随机选择多条路径中的一条来发送,使得好奇合谋的路由节点通过先验知识推断秘密事件的可能性降低。
通过实验证明,本文所采用的安全传输模型在保持系统地性能和扩展性的基础上,在一定程度上使得发布/订阅系统达到了安全。
The publish/subscribe paradigm can make the information producers and consumers fully decoupled in time, space and control flow, so it was received an increasingly attention from people. Now, the researches of the publish/subscribe system are almost focus on the optimization of matching algorithms and routing algorithm but the security of publish/subscribe system was neglect. Based on the particular analysis of the phenomena which is lacking security guarantee in event transmission of publish/subscribe system, and according to the safety problems of publish/subscribe system, an ensure event security transmission of security policy for model was put forward.
In this model, three major techniques were used to solve the securing problem of event transmission. First, tradition key management solutions based on the group key management protocols can’t simultaneously support in-network and secure content-based routing. Aimed at this deficiency, a key management independent of subscriber group method was presented. The main idea of this method was to associate an authorization key with a subscription filter and an encryption key with an event, and then map the authorization keys and the encryption keys into a common key space. So that the keys were separated from the relation of subscriber group, and the key management was also independent of the number of subscribers, thereby the scalability and security of publish/subscribe system have been increased. Second, considered that the transmission of authenticated key may transit an insecurity network, but key management independent of subscribe group method wasn’t referring this problem. By introduced mobile agents into key transmission model, and used the verifiable secret sharing algorithm to split the authenticated key into different secret sharing, to be taken by different slave agents, so that it ensured the security of key transmission. At last, on the aspect of the secure routing, , in order to thwart the frequency inference attack curious node, probabilistic multi-path event routing method was presented based on the key management independent of subscribe group method. The method constructed multiple independent paths from a publisher to its subscribers, so the publisher could randomly choose only one from all paths to route the event. It reduced the possibility of inferring attack by curios node based on priori knowledge.
The results of experiments show that the model ensured the security of publish/subscribe system while maintaining the performance and scalability of a publish/subscribe network.
在安全模型中,主要使用了三个关键技术解决了事件传输的安全问题。首先,由于传统的基于订阅者分组的组密钥管理方法不能同时支持在网络中的匹配和安全事件路由。针对这个缺陷,采用了一种独立于订阅者分组的密钥管理方法。该方法的主要思想是将订阅消息过滤器和授权密钥相结合,秘密事件和加密密钥相结合,同时将授权密钥和加密密钥映射到公共密钥空间中,这样密钥就从基于订阅者相关的关系中分离出来,使得密钥管理的方法独立于整个订阅者的分组,增加了系统的扩展性和安全性。其次,考虑到授权密钥的传输可能经历一个不安全的网络,而独立于订阅者分组的密钥管理方法又没有涉及这一问题,将移动代理引入到密钥传输中,通过使用可验证秘密共享算法,将授权密钥进行分拆,然后由不同的分代理携带不同的秘密份额,来保证密钥安全分发给用户。最后,在路由安全方面,在使用独立于订阅者分组的密钥管理方法的基础上,为了防止好奇节点的频繁推断攻击,采用概率的多路径事件路由方法,这样使得发布者到订阅者之间存在着多条独立的路径,发布者发布事件时可以随机选择多条路径中的一条来发送,使得好奇合谋的路由节点通过先验知识推断秘密事件的可能性降低。
通过实验证明,本文所采用的安全传输模型在保持系统地性能和扩展性的基础上,在一定程度上使得发布/订阅系统达到了安全。
The publish/subscribe paradigm can make the information producers and consumers fully decoupled in time, space and control flow, so it was received an increasingly attention from people. Now, the researches of the publish/subscribe system are almost focus on the optimization of matching algorithms and routing algorithm but the security of publish/subscribe system was neglect. Based on the particular analysis of the phenomena which is lacking security guarantee in event transmission of publish/subscribe system, and according to the safety problems of publish/subscribe system, an ensure event security transmission of security policy for model was put forward.
In this model, three major techniques were used to solve the securing problem of event transmission. First, tradition key management solutions based on the group key management protocols can’t simultaneously support in-network and secure content-based routing. Aimed at this deficiency, a key management independent of subscriber group method was presented. The main idea of this method was to associate an authorization key with a subscription filter and an encryption key with an event, and then map the authorization keys and the encryption keys into a common key space. So that the keys were separated from the relation of subscriber group, and the key management was also independent of the number of subscribers, thereby the scalability and security of publish/subscribe system have been increased. Second, considered that the transmission of authenticated key may transit an insecurity network, but key management independent of subscribe group method wasn’t referring this problem. By introduced mobile agents into key transmission model, and used the verifiable secret sharing algorithm to split the authenticated key into different secret sharing, to be taken by different slave agents, so that it ensured the security of key transmission. At last, on the aspect of the secure routing, , in order to thwart the frequency inference attack curious node, probabilistic multi-path event routing method was presented based on the key management independent of subscribe group method. The method constructed multiple independent paths from a publisher to its subscribers, so the publisher could randomly choose only one from all paths to route the event. It reduced the possibility of inferring attack by curios node based on priori knowledge.
The results of experiments show that the model ensured the security of publish/subscribe system while maintaining the performance and scalability of a publish/subscribe network.
引文
[1] 郑俊辉, 许雷. Web Service 与 CORBA 的比较及分析[J]. 西南民族大学学报,(自然科学版), 2005, 31(1): 134-137
[2] 王剑, 王智, 李艳霞. 网格技术及其应用[J]. 网络通讯与安全, 2007, 14(2): 389-390
[3] 朱涛. 语义 Web 的现状与发展趋势[J]. 开发研究与设计技术, 2007, 14(1): 497-498
[4] 石硕, 杨宝华, 张筱丹. P2P 技术的发展与探讨[J]. 网络通讯与安全, 2007, 14(2): 366-367
[5] B.OKI, M.Fluegl, A.Siegel, et al. The Information Bus: An Architecture for Extensible Distributed Systems[J]. ACM Operating Systems Review, 1993, 27(5): 58-68
[6] F.Brasch, G.T.Carey, Colyer A, et al. Internet Application Development with MQSeries and Java[M]. USA:Vervante Corporate Publishing, 1997
[7] TIBCO Corp. TIB/Rendezvous White Paper [EB/OL]. http://www.tibco.com/software/enterprise_backbone/rendezvous.jsp, 2000
[8] A.Carzaniga, D.S.Rosenblum, A.L.Wolf. Design and evaluation of a wide-area event notification service[J]. ACM Transactions on Computer Systems, 2001, 19(3): 332-383
[9] M.K.Aguilera, R.E.Strom, D.C.Sturman, M.Astley, and Chandra T D. Matching events in a content-based subscription system[C]. ACM Symposium on Principles of Distributed Computing, 1999: 53-61
[10] 白利红, 王宝树. 一种基于 SOAP 安全的网络中心发布/订阅机制[J]. 指挥控制与彷真, 2006, 28(5): 86-89
[11] 薛涛, 冯博琴. 使用 Gossip 算法实现可靠的基于内容的发布订阅系统[J]. 小型微型计算机系统, 2006, 27(1): 185-189
[12] Gupta, Indranil, Birman et al. Fighting fire with fire: Using randomized gossip to combat stochastic scalability limits [J]. Quality and Reliability Engineering International, 2002, 18 (3): 165-184
[13] 潘慧芳, 周兴社, 杨刚. 基于混合通信模式的消息中间件设计与实现[J]. 计算机工程, 2006, 32(3): 116-118
[14] C.Wang, A.Carzaniga, D.Evans, and A.L.Wolf. Security issues and requirements for internet-scale publish-subscribe systems[C]. Hawaii International Conferenceon System Sciences, 2002:7-10
[15] K.Aguilera and R.Strom. Efficient atomic broadcast using deterministic merge[C]. 19th ACMPODC, 2000: 209-218
[16] M.Waldvogel, G.Caronni., D.Sun, N.Weiler, and B.Plattner. The versakey framework: Versatile group key management[J]. In IEEE Journal on Selected Areas in Communications (Special Issue on Middle-Ware), 1999, 17(9): 1614-1631
[17] RFC 2627. Key management for multicast: Issues and architectures [S] .
[18] C.K.Wong, M.G.Gouda, and S.S.Lam. Secure group communications using key graphs[J]. IEEE/ACM Transactions on Networking, 2000, 8 (1): 16-30
[19] D.A.Mc Grew and A.T.Sherman. Key establishment in large dynamic groups using one-way function trees[J]. IEEE Transactions on Software Engineering, 2003, 29 (5): 444-458
[20] R.Canetti, J.Garay, G.Itkis, and D.Micciancio. Multicast security: A taxonomy and some efficient constructions[C]. IEEE INFOCOM, 1999, vol 2: 708-716
[21] R.Canetti, T.Malkin, and K.Nissim. Efficient communication-storage tradeoffs for multicast encryption[C]. In Advances in Cryptology-EUROCRYPT. J.Stem, Ed. Lecture Notes in Computer Science, Springer Verlag, 1999, vol 1599: 459-474
[22] S.Rafaeli and D.Hutchison. A survey of key management for secure group communication[J]. ACM Computing Surveys, 2003, 35(3): 309-329
[23] G..Perng, M.K.Reiter, and C.Wang. M2: Multicasting mixes for efficient and anonymous communication[C]. IEEE ICDCS, 2006: 59-59.
[24]L.Opyrchal and A.Prakash. Secure distribution of events in content-based publish subscribe system[C]. In Proceedings of the 10th USENIX Security Symposium, 2001: 21-21
[25] M.Atallah, K.Frikken, and M.Blanton. Dynamic and efficient key management for access hierarchies[C]. In Proceedings of ACM CCS, 2005: 190-202
[26] M.Aguilera, R.Strom, D.Sturman, M.Astley, and T.Chandra. Matching events in a content-based subscription system[C]. In Proceedings of the 18th ACM PODC, 1999: 53-61
[27] S.R.Qin Lv and S.Shenker. Can heterogeneity make gnutella scalable? [C]. In Proceedings of the first International Workshop on Peer-to-Peer Systems, 2002: 94-103
[28] T.Wong, R.Katz, and S.McCanne. An evaluation of preference clustering in large-scale multicast applications[C]. IEEE INFOCOM, 2000, vol 3: 451-460
[29] Mudhakar Srivatsa and Ling Liu. Securing decentralized reputation management using TrustGuard[J]. J.Parallel Distrib.Comput, 2006, 66(9): 1217-1232
[30] 徐晶, 许炜. 消息中间件综述[J]. 计算机工程, 2005, 31(16): 73-76.
[31] P.Tran, P.Greenfield, I.Gorton. Behavior and performance of message-oriented middleware systems[C]. Proceedings of the 22nd International Conference on Distributed Computing Systems Workshops, IEEE Computer Society, 2002: 645-650.
[32] Sun Microsystems Inc. JMS specification version 1.1, 2002. URL. [EB/OL] http://java.sun.com/products/jms.
[33] Rao, B.R.Making the Most of Middleware. Data Communications International[J]. 1995, 12(9): 89-96
[34] 童蕾. 事件驱动的消息发布订阅研究和实现[D]. 北京: 中国科学院研究生院(软件研究所), 2005
[35] M.Altherr, M.Erzberg, and S.Maffeis.i Bus-a software bus middleware for the java platform[C]. Proceedings of the International Workshop on Reliable Middleware Systems, 1999, vol 11: 49-65
[36] M.Castro, P.Druschel, A.Kermarrec, andA.Rowston. Scribe: A large-scale and decentralized application-level multicast infrastructure[J]. IEEE Journal on Selected Areas in Communications. 2002, 20(8): 1489-1499
[37] Object Management Group. CORBA event service specification, version 1.1. OMG Document formal. 2000, 03, 01
[38] 王化群, 张力军, 赵君喜. Ad Hoc 网络中基于环 Z 以上椭圆曲线和 RSA 的密钥管理[J]. 通讯学报, 2006, 27(3): 1-6
[39] 李光松, 韩文报. 分簇 Ad Hoc 网络的密钥管理[J]. 计算机科学, 2006, 33(2): 79-82
[40] 傅坚, 陈斌. 一种基于组控制器的组播密钥管理方案[J]. 计算机工程与应用, 2005, 14: 149-152
[41] A.Campailla, S.Chaki, E.Clarke, et al. Efficient filtering in publish-subscribe systems using binary decision diagrams[C]. In Proceedings of the 23rd International Conference on Software Engineering. Toronto, 2001: 443-452
[42] 薛涛, 冯博琴, 李波等. 基于内容的发布订阅系统中快速匹配算法的研究[J].小型微型计算机系统, 2006, 27(3): 529-533
[43] M.Altinel, M.J.Franklin. Efficient Filtering of XML Documents for Selective Dissemination of Information[C]. In: Proceedings of 26th International Conference on Very Large Data Bases (VLDB 2000). Cairo, 2000, vol 9: 53-64
[44] Y.Diao, M.Altinel, M.J.Franklin. Path Sharing and Predicate Evaluation for High-Performance XML Filtering[J]. ACM Transactions on Database Systems, 2003, 28(4): 467-516
[45] F.Y.Cao, J.P.Singh. Efficient event routing in content-based publish-subscribe service networks[C]. In Proc IEEE INFOCOM. HongKong, 2004: 929-940
[46] G..Cugola, E.Di Nitto, A.Fuggetta. The JEDI Event-based Infrastructure and its Application to the Development of the OPSS WFMS[J]. IEEE Transactions on Software Engineering, 2001, 27(9): 827-850
[47] R.Shah, Z.Ramzan, R.Jain, et al. Efficient Dissemination of Personalized Information Using Content-Based Multicast[J]. IEEE Transactions on Mobile Computing, 2004, 3(4): 394-40
[48] 薛涛, 冯博琴. 内容发布订阅系统路由算法和自配置策略研究[J]. 软件学报, 2005,16(2): 251-259
[49] Y.K.Dalal and R.Metcalfe, Reverse path forwarding of broadcast packets[J], Communications of the ACM, 1978, 21(12): 1040-1048
[50] S.Viktor, Frank Eliassen and Olav Lysne. Extending Content-based Publish Subscribe Systems with Multicast support[R]. In Simulate Research Laboratory Technical Report, 2003.
[51] H.Krawczyk, M.Bellare, and R.Canetti. HMAC: Keyed-hashing for message authentication [EB/OL]. http://www.faqs.org/rfcs/rfc2104.html
[52] D.Song, D.Wagner, and A.Perrig. Practical techniques for searches over encrypted data[C]. In IEEE S & P Symposium, 2000: 44-44
[2] 王剑, 王智, 李艳霞. 网格技术及其应用[J]. 网络通讯与安全, 2007, 14(2): 389-390
[3] 朱涛. 语义 Web 的现状与发展趋势[J]. 开发研究与设计技术, 2007, 14(1): 497-498
[4] 石硕, 杨宝华, 张筱丹. P2P 技术的发展与探讨[J]. 网络通讯与安全, 2007, 14(2): 366-367
[5] B.OKI, M.Fluegl, A.Siegel, et al. The Information Bus: An Architecture for Extensible Distributed Systems[J]. ACM Operating Systems Review, 1993, 27(5): 58-68
[6] F.Brasch, G.T.Carey, Colyer A, et al. Internet Application Development with MQSeries and Java[M]. USA:Vervante Corporate Publishing, 1997
[7] TIBCO Corp. TIB/Rendezvous White Paper [EB/OL]. http://www.tibco.com/software/enterprise_backbone/rendezvous.jsp, 2000
[8] A.Carzaniga, D.S.Rosenblum, A.L.Wolf. Design and evaluation of a wide-area event notification service[J]. ACM Transactions on Computer Systems, 2001, 19(3): 332-383
[9] M.K.Aguilera, R.E.Strom, D.C.Sturman, M.Astley, and Chandra T D. Matching events in a content-based subscription system[C]. ACM Symposium on Principles of Distributed Computing, 1999: 53-61
[10] 白利红, 王宝树. 一种基于 SOAP 安全的网络中心发布/订阅机制[J]. 指挥控制与彷真, 2006, 28(5): 86-89
[11] 薛涛, 冯博琴. 使用 Gossip 算法实现可靠的基于内容的发布订阅系统[J]. 小型微型计算机系统, 2006, 27(1): 185-189
[12] Gupta, Indranil, Birman et al. Fighting fire with fire: Using randomized gossip to combat stochastic scalability limits [J]. Quality and Reliability Engineering International, 2002, 18 (3): 165-184
[13] 潘慧芳, 周兴社, 杨刚. 基于混合通信模式的消息中间件设计与实现[J]. 计算机工程, 2006, 32(3): 116-118
[14] C.Wang, A.Carzaniga, D.Evans, and A.L.Wolf. Security issues and requirements for internet-scale publish-subscribe systems[C]. Hawaii International Conferenceon System Sciences, 2002:7-10
[15] K.Aguilera and R.Strom. Efficient atomic broadcast using deterministic merge[C]. 19th ACMPODC, 2000: 209-218
[16] M.Waldvogel, G.Caronni., D.Sun, N.Weiler, and B.Plattner. The versakey framework: Versatile group key management[J]. In IEEE Journal on Selected Areas in Communications (Special Issue on Middle-Ware), 1999, 17(9): 1614-1631
[17] RFC 2627. Key management for multicast: Issues and architectures [S] .
[18] C.K.Wong, M.G.Gouda, and S.S.Lam. Secure group communications using key graphs[J]. IEEE/ACM Transactions on Networking, 2000, 8 (1): 16-30
[19] D.A.Mc Grew and A.T.Sherman. Key establishment in large dynamic groups using one-way function trees[J]. IEEE Transactions on Software Engineering, 2003, 29 (5): 444-458
[20] R.Canetti, J.Garay, G.Itkis, and D.Micciancio. Multicast security: A taxonomy and some efficient constructions[C]. IEEE INFOCOM, 1999, vol 2: 708-716
[21] R.Canetti, T.Malkin, and K.Nissim. Efficient communication-storage tradeoffs for multicast encryption[C]. In Advances in Cryptology-EUROCRYPT. J.Stem, Ed. Lecture Notes in Computer Science, Springer Verlag, 1999, vol 1599: 459-474
[22] S.Rafaeli and D.Hutchison. A survey of key management for secure group communication[J]. ACM Computing Surveys, 2003, 35(3): 309-329
[23] G..Perng, M.K.Reiter, and C.Wang. M2: Multicasting mixes for efficient and anonymous communication[C]. IEEE ICDCS, 2006: 59-59.
[24]L.Opyrchal and A.Prakash. Secure distribution of events in content-based publish subscribe system[C]. In Proceedings of the 10th USENIX Security Symposium, 2001: 21-21
[25] M.Atallah, K.Frikken, and M.Blanton. Dynamic and efficient key management for access hierarchies[C]. In Proceedings of ACM CCS, 2005: 190-202
[26] M.Aguilera, R.Strom, D.Sturman, M.Astley, and T.Chandra. Matching events in a content-based subscription system[C]. In Proceedings of the 18th ACM PODC, 1999: 53-61
[27] S.R.Qin Lv and S.Shenker. Can heterogeneity make gnutella scalable? [C]. In Proceedings of the first International Workshop on Peer-to-Peer Systems, 2002: 94-103
[28] T.Wong, R.Katz, and S.McCanne. An evaluation of preference clustering in large-scale multicast applications[C]. IEEE INFOCOM, 2000, vol 3: 451-460
[29] Mudhakar Srivatsa and Ling Liu. Securing decentralized reputation management using TrustGuard[J]. J.Parallel Distrib.Comput, 2006, 66(9): 1217-1232
[30] 徐晶, 许炜. 消息中间件综述[J]. 计算机工程, 2005, 31(16): 73-76.
[31] P.Tran, P.Greenfield, I.Gorton. Behavior and performance of message-oriented middleware systems[C]. Proceedings of the 22nd International Conference on Distributed Computing Systems Workshops, IEEE Computer Society, 2002: 645-650.
[32] Sun Microsystems Inc. JMS specification version 1.1, 2002. URL. [EB/OL] http://java.sun.com/products/jms.
[33] Rao, B.R.Making the Most of Middleware. Data Communications International[J]. 1995, 12(9): 89-96
[34] 童蕾. 事件驱动的消息发布订阅研究和实现[D]. 北京: 中国科学院研究生院(软件研究所), 2005
[35] M.Altherr, M.Erzberg, and S.Maffeis.i Bus-a software bus middleware for the java platform[C]. Proceedings of the International Workshop on Reliable Middleware Systems, 1999, vol 11: 49-65
[36] M.Castro, P.Druschel, A.Kermarrec, andA.Rowston. Scribe: A large-scale and decentralized application-level multicast infrastructure[J]. IEEE Journal on Selected Areas in Communications. 2002, 20(8): 1489-1499
[37] Object Management Group. CORBA event service specification, version 1.1. OMG Document formal. 2000, 03, 01
[38] 王化群, 张力军, 赵君喜. Ad Hoc 网络中基于环 Z 以上椭圆曲线和 RSA 的密钥管理[J]. 通讯学报, 2006, 27(3): 1-6
[39] 李光松, 韩文报. 分簇 Ad Hoc 网络的密钥管理[J]. 计算机科学, 2006, 33(2): 79-82
[40] 傅坚, 陈斌. 一种基于组控制器的组播密钥管理方案[J]. 计算机工程与应用, 2005, 14: 149-152
[41] A.Campailla, S.Chaki, E.Clarke, et al. Efficient filtering in publish-subscribe systems using binary decision diagrams[C]. In Proceedings of the 23rd International Conference on Software Engineering. Toronto, 2001: 443-452
[42] 薛涛, 冯博琴, 李波等. 基于内容的发布订阅系统中快速匹配算法的研究[J].小型微型计算机系统, 2006, 27(3): 529-533
[43] M.Altinel, M.J.Franklin. Efficient Filtering of XML Documents for Selective Dissemination of Information[C]. In: Proceedings of 26th International Conference on Very Large Data Bases (VLDB 2000). Cairo, 2000, vol 9: 53-64
[44] Y.Diao, M.Altinel, M.J.Franklin. Path Sharing and Predicate Evaluation for High-Performance XML Filtering[J]. ACM Transactions on Database Systems, 2003, 28(4): 467-516
[45] F.Y.Cao, J.P.Singh. Efficient event routing in content-based publish-subscribe service networks[C]. In Proc IEEE INFOCOM. HongKong, 2004: 929-940
[46] G..Cugola, E.Di Nitto, A.Fuggetta. The JEDI Event-based Infrastructure and its Application to the Development of the OPSS WFMS[J]. IEEE Transactions on Software Engineering, 2001, 27(9): 827-850
[47] R.Shah, Z.Ramzan, R.Jain, et al. Efficient Dissemination of Personalized Information Using Content-Based Multicast[J]. IEEE Transactions on Mobile Computing, 2004, 3(4): 394-40
[48] 薛涛, 冯博琴. 内容发布订阅系统路由算法和自配置策略研究[J]. 软件学报, 2005,16(2): 251-259
[49] Y.K.Dalal and R.Metcalfe, Reverse path forwarding of broadcast packets[J], Communications of the ACM, 1978, 21(12): 1040-1048
[50] S.Viktor, Frank Eliassen and Olav Lysne. Extending Content-based Publish Subscribe Systems with Multicast support[R]. In Simulate Research Laboratory Technical Report, 2003.
[51] H.Krawczyk, M.Bellare, and R.Canetti. HMAC: Keyed-hashing for message authentication [EB/OL]. http://www.faqs.org/rfcs/rfc2104.html
[52] D.Song, D.Wagner, and A.Perrig. Practical techniques for searches over encrypted data[C]. In IEEE S & P Symposium, 2000: 44-44