电子政务安全工程若干关键技术研究
|
摘要
电子政务是国家政府机关利用现代信息技术,将管理与服务通过信息化集成,在网络上实现政府组织结构和工作流程的优化重组,超越时间、空间与部门分割的限制,全方位地向社会提供优质、高效、规范、透明的管理和服务。网络信息安全作为国家安全的重要内容,是制约电子政务建设中的关键性问题之一。我国电子政务安全工程建设虽然已经建立起一套可供参考的技术规范体系,但面对日新月异的信息技术发展,仍然存在一些关键问题需要解决,比如,传统信息安全基础设施的瓶颈定位与突破,在安全基础设施中引入基于身份密码学及其安全性评估,复杂多域环境下的安全应用集成,应用系统中的公平责任认定,基于协议的密钥恢复机制,基于SSL/TLS的应用系统的安全认证技术等。
本文深入地研究了电子政务安全工程中突出的几个关键技术,包括PKI/PMI撤销管理优化技术、基于身份的公钥基础设施、复杂域环境联合身份管理、电子交易公平防抵赖、网络层基于协议的密钥恢复方案、传输层的基于协议密钥恢复方案以及中间人攻击与防护方案。具体地讲,本文成果包括以下几个方面:
1、分析传统公钥基础设施PKI/授权管理基础设施PMI在应用中存在的瓶颈,针对撤销管理问题,提出了面向分布式环境的D-OCSP服务模式与简明在线证书状态协议S-OCSP国标草案。前者采用离线密码学的思想,通过将秘密信息从处于在线状态的RTC应答器中抽取出来,置于处于离线状态的RTCA服务器中,由RTCA针对CA所签发的所有证书的状态列表产生OCSP应答证据集合,并发布给RTC应答器,供其在处理依赖方OCSP请求时使用,从根本上解决了"Trusted OCSP"在可扩展性、可用性、安全性方面存在的问题。后者作为标准OCSP的补充,旨在解决特定环境下数字证书状态查询的性能问题。实验证明S-OCSP协议具备明显优于标准OCSP协议的性能,显著降低应用服务器证书撤销检查的开销。
2、研究基于身份的PKI,对其进行安全性评估,与传统PKI进行对比分析,包括系统公共参数可信分发、私钥安全签发、密钥托管、多域支持、与传统PKI集成等方面。面向内容分发系统的实际安全需求,采用基于身份PKI提出了一种新的面向群组的安全内容分发方案,满足接收方访问控制、发送方鉴别与防抵赖、策略加密等安全要求,将发送方的计算和通信代价降为O(1),同时具有密钥管理简单、计算和通信代价低、易于实现等特点,能方便地应用于商业的组播内容分发系统。
3.、针对基于面向服务架构的虚拟组织中存在的服务联合安全问题,对跨域服务联合的关键安全需求进行分析,研究现有联合身份管理技术,提出跨域服务联合安全框架,通过一个实例清晰阐述跨域服务联合中的安全功能,包括信任拓扑管理、联合登录/退出、基于属性的访问控制、委托授权等和隐私保护等。最后探讨了不同联合身份管理机制的互操作问题。
4、提出面向传统B/S架构Web应用的公平防抵赖协议与面向Web服务应用环境的公平防抵赖协议,二者均是基于Online-TTP模式。前者能将公平防抵赖功能嵌入到一次HTTP请求与应答交互中,后者能嵌入到一次Web服务调用实现中。均采用证据链接思想减轻了证书撤销检查和签名时间戳生成的开销,从而整体上提高证据验证和管理的效率。协议具备强公平性、及时性、高效和实用性强等特点。
5、对基于协议的密钥恢复机制进行分析,探讨了应用基于身份加密算法的优缺点;给出IPSec密钥恢复机制的设计与实现,针对预共享密钥/签名认证/公钥加密/改进型公钥加密四种认证方式,以及主模式和野蛮模式所涉及的各种情况,给出密钥恢复实现机制,并分析前向安全性和IKEv2的适用性,通过实验证实在采用自动密钥协商的IPSec通信中嵌入密钥恢复是容易的,并同样可以满足不可过滤、可与标准协议实现互操作、实时密钥恢复要求。
6、在对SSL/TLS协议与SSLVPN国标进行安全性分析的基础上,给出基于协议的SSL/TLS密钥恢复方案,分析其实用性;提出一种基于代理实现的SSL/TLS中间人攻击方案,分析其安全威胁,给出安全增强建议,并研究会话感知的SSL/TLS中间人攻击防护方案;从正面角度分析其在内容安全过滤、防基于协议的密钥恢复、协议定制方面的应用。提出集成化的会话感知S-ZTIC解决方案,同时抵御中间人攻击与恶意软件攻击。
E-government is promoting our state to perform information-based integration of management and service via modern information technology, achieving optimized reengineering of network-based organization structures and workflows, breaking through time, space and department limitation, providing high-quality, effective, formal, and transparent management and service to society in every aspect. Information security, being a core for state security, has always been one of the crucial issues restraining e-government construction and development. Although a set of technological architectures for e-government security engineering have been developed, there are still some fundamental issues worth looking into, such as bottleneck analysis and reduction for traditional security infrastructure, the application and security evaluation of identity-based cryptography in security infrastructure, security integration for applications in complicated multi-domain environment, duty tracing in transactions, protocol-based key recovery mechanism, secure authentication in SSL/TLS-based system and etc.
This thesis is in depth concerned with the research on several key technologies in e-government security engineering, including the optimization for revocation management in traditional public key infrastructure PKI and privilege management infrastructure PMI, security evaluation of identity-based public key infrastructure, complicated multi-domain federated identity management, fair non-repudiation for online transaction, protocol-based key recovery and its application in network-layer and transport layer virtual private networks, and SSL/TLS man-in-the-middle attack and protection.
The thesis makes several contributions, including:
1. We analyze the application bottlenecks of traditional public key infrastructure and privilege management infrastructure; Aiming at revocation problem, an D-OCSP service mode for distributed environment and an Chinese standard draft-Simple online certificate status protocol S-OCSP-are proposed; the former exploits the idea of offline cryptography, removes secret information from online RTC responder and places them in RTCA server which stays offline. RTCA generates OCSP response proof set according to the status set of all the certificates issued by CA and publishes the proof set to all the RTC responders which use them to process OCSP requests sent from relying parties. By this way, distributed OCSP solves the issues in scalability, availability and security brought by "Trusted OCSP" radically and OCSP service is optimized as a whole; the latter, as a supplement for standard OCSP, is used to provide high performance for revocation checking in application servers. Experiments manifest that S-OCSP owns better performance than standard OCSP and reduces the cost of certificate revocation in application servers.
2. Compared with traditional PKI, identity-based PKI is introduced and a comprehensive security evaluation is done, including trusted delivery of system parameters, secure private key issuing, key escrow, multi-domain support, integration with traditional PKI and etc. A new secure group-oriented content distribution scheme is presented, exploiting identity-based PKI. The scheme meets many essential requirements which include receiver access control, source authentication and non-repudiation, policy-driven encryption, obtains an O(1) cost for sender-side computation and communication, and owns properties such as simple group key management, low computation and communication cost, ease for implementation. It can be used to deploy commercial multicast content distribution system.
3. Aiming at security issues of service federation in SOA-Based virtual organization, this paper discusses service federation by cross-domain service orchestration and choreography, analyzes critical security requirements of service federation for virtual organization, surveys the dominant technologies on federated identity management, proposes a security framework suitable for cross-domain service federation, and clarifies several fundamental security functions, such as trust topology management, federated sign-on/sign-out, attributed-based access control and delegation authorization and privacy protection. Finally, the interoperation of different federated identity management technologies is introduced.
4. Two fair non-repudiation protocols are proposed based on Online-TTP mode. The former is used in traditional web applications based B/S architecture, and can be embedded in one round exchange for HTTP request and response. The latter applies to web services transactions and can be embedded into single web service call. Both protocols adopt evidence chaining to decrease the overhead of evidence verification and management and alleviate the overhead of certificate revocation checking and time-stamp generation for signatures. The protocols own properties of strong fairness, timeliness, efficiency and practicability.
5. The paper analyzes protocol-based key recovery, discusses the advantages and disadvantages of identity based encryption, designs and implements protocol-based key recovery mechanism for IPSec, including four authentication methods-preshared key, signature, public key encryption and revised public key encryption, and two working mode-main mode and aggressive mode. Analysis on perfect forward security and IKEv2 is given. Experiments prove that it is easy to embed key recovery in IPSec VPN with valuable properties such as unfilterability, inter-operability, hidden key recovery and real time key recovery.
6. Based on a comprehensive security analysis on SSL/TLS protocol and Chinese SSL VPN standard, a protocol-based key recovery scheme for SSL/TLS is given and its practicability is discussed. We present a proxy-based MITM attack scheme, give a dedicated analysis of security threat, and propose mechanisms for security enhancement, with a main focus on the session-aware MITM protection scheme. From the positive point of view, application of this attack in content filtering security, key recovery prevention and protocol customization is illustrated. A conclusion is that proxy-based MITM for SSL/TLS can be adopted to implement valuable function for positive security protection while it indeed brings us the noticeable security threat. An integrated session-aware S-ZTIC solution is designed, which can defend against both the MITM attack and malicious software attack.
本文深入地研究了电子政务安全工程中突出的几个关键技术,包括PKI/PMI撤销管理优化技术、基于身份的公钥基础设施、复杂域环境联合身份管理、电子交易公平防抵赖、网络层基于协议的密钥恢复方案、传输层的基于协议密钥恢复方案以及中间人攻击与防护方案。具体地讲,本文成果包括以下几个方面:
1、分析传统公钥基础设施PKI/授权管理基础设施PMI在应用中存在的瓶颈,针对撤销管理问题,提出了面向分布式环境的D-OCSP服务模式与简明在线证书状态协议S-OCSP国标草案。前者采用离线密码学的思想,通过将秘密信息从处于在线状态的RTC应答器中抽取出来,置于处于离线状态的RTCA服务器中,由RTCA针对CA所签发的所有证书的状态列表产生OCSP应答证据集合,并发布给RTC应答器,供其在处理依赖方OCSP请求时使用,从根本上解决了"Trusted OCSP"在可扩展性、可用性、安全性方面存在的问题。后者作为标准OCSP的补充,旨在解决特定环境下数字证书状态查询的性能问题。实验证明S-OCSP协议具备明显优于标准OCSP协议的性能,显著降低应用服务器证书撤销检查的开销。
2、研究基于身份的PKI,对其进行安全性评估,与传统PKI进行对比分析,包括系统公共参数可信分发、私钥安全签发、密钥托管、多域支持、与传统PKI集成等方面。面向内容分发系统的实际安全需求,采用基于身份PKI提出了一种新的面向群组的安全内容分发方案,满足接收方访问控制、发送方鉴别与防抵赖、策略加密等安全要求,将发送方的计算和通信代价降为O(1),同时具有密钥管理简单、计算和通信代价低、易于实现等特点,能方便地应用于商业的组播内容分发系统。
3.、针对基于面向服务架构的虚拟组织中存在的服务联合安全问题,对跨域服务联合的关键安全需求进行分析,研究现有联合身份管理技术,提出跨域服务联合安全框架,通过一个实例清晰阐述跨域服务联合中的安全功能,包括信任拓扑管理、联合登录/退出、基于属性的访问控制、委托授权等和隐私保护等。最后探讨了不同联合身份管理机制的互操作问题。
4、提出面向传统B/S架构Web应用的公平防抵赖协议与面向Web服务应用环境的公平防抵赖协议,二者均是基于Online-TTP模式。前者能将公平防抵赖功能嵌入到一次HTTP请求与应答交互中,后者能嵌入到一次Web服务调用实现中。均采用证据链接思想减轻了证书撤销检查和签名时间戳生成的开销,从而整体上提高证据验证和管理的效率。协议具备强公平性、及时性、高效和实用性强等特点。
5、对基于协议的密钥恢复机制进行分析,探讨了应用基于身份加密算法的优缺点;给出IPSec密钥恢复机制的设计与实现,针对预共享密钥/签名认证/公钥加密/改进型公钥加密四种认证方式,以及主模式和野蛮模式所涉及的各种情况,给出密钥恢复实现机制,并分析前向安全性和IKEv2的适用性,通过实验证实在采用自动密钥协商的IPSec通信中嵌入密钥恢复是容易的,并同样可以满足不可过滤、可与标准协议实现互操作、实时密钥恢复要求。
6、在对SSL/TLS协议与SSLVPN国标进行安全性分析的基础上,给出基于协议的SSL/TLS密钥恢复方案,分析其实用性;提出一种基于代理实现的SSL/TLS中间人攻击方案,分析其安全威胁,给出安全增强建议,并研究会话感知的SSL/TLS中间人攻击防护方案;从正面角度分析其在内容安全过滤、防基于协议的密钥恢复、协议定制方面的应用。提出集成化的会话感知S-ZTIC解决方案,同时抵御中间人攻击与恶意软件攻击。
E-government is promoting our state to perform information-based integration of management and service via modern information technology, achieving optimized reengineering of network-based organization structures and workflows, breaking through time, space and department limitation, providing high-quality, effective, formal, and transparent management and service to society in every aspect. Information security, being a core for state security, has always been one of the crucial issues restraining e-government construction and development. Although a set of technological architectures for e-government security engineering have been developed, there are still some fundamental issues worth looking into, such as bottleneck analysis and reduction for traditional security infrastructure, the application and security evaluation of identity-based cryptography in security infrastructure, security integration for applications in complicated multi-domain environment, duty tracing in transactions, protocol-based key recovery mechanism, secure authentication in SSL/TLS-based system and etc.
This thesis is in depth concerned with the research on several key technologies in e-government security engineering, including the optimization for revocation management in traditional public key infrastructure PKI and privilege management infrastructure PMI, security evaluation of identity-based public key infrastructure, complicated multi-domain federated identity management, fair non-repudiation for online transaction, protocol-based key recovery and its application in network-layer and transport layer virtual private networks, and SSL/TLS man-in-the-middle attack and protection.
The thesis makes several contributions, including:
1. We analyze the application bottlenecks of traditional public key infrastructure and privilege management infrastructure; Aiming at revocation problem, an D-OCSP service mode for distributed environment and an Chinese standard draft-Simple online certificate status protocol S-OCSP-are proposed; the former exploits the idea of offline cryptography, removes secret information from online RTC responder and places them in RTCA server which stays offline. RTCA generates OCSP response proof set according to the status set of all the certificates issued by CA and publishes the proof set to all the RTC responders which use them to process OCSP requests sent from relying parties. By this way, distributed OCSP solves the issues in scalability, availability and security brought by "Trusted OCSP" radically and OCSP service is optimized as a whole; the latter, as a supplement for standard OCSP, is used to provide high performance for revocation checking in application servers. Experiments manifest that S-OCSP owns better performance than standard OCSP and reduces the cost of certificate revocation in application servers.
2. Compared with traditional PKI, identity-based PKI is introduced and a comprehensive security evaluation is done, including trusted delivery of system parameters, secure private key issuing, key escrow, multi-domain support, integration with traditional PKI and etc. A new secure group-oriented content distribution scheme is presented, exploiting identity-based PKI. The scheme meets many essential requirements which include receiver access control, source authentication and non-repudiation, policy-driven encryption, obtains an O(1) cost for sender-side computation and communication, and owns properties such as simple group key management, low computation and communication cost, ease for implementation. It can be used to deploy commercial multicast content distribution system.
3. Aiming at security issues of service federation in SOA-Based virtual organization, this paper discusses service federation by cross-domain service orchestration and choreography, analyzes critical security requirements of service federation for virtual organization, surveys the dominant technologies on federated identity management, proposes a security framework suitable for cross-domain service federation, and clarifies several fundamental security functions, such as trust topology management, federated sign-on/sign-out, attributed-based access control and delegation authorization and privacy protection. Finally, the interoperation of different federated identity management technologies is introduced.
4. Two fair non-repudiation protocols are proposed based on Online-TTP mode. The former is used in traditional web applications based B/S architecture, and can be embedded in one round exchange for HTTP request and response. The latter applies to web services transactions and can be embedded into single web service call. Both protocols adopt evidence chaining to decrease the overhead of evidence verification and management and alleviate the overhead of certificate revocation checking and time-stamp generation for signatures. The protocols own properties of strong fairness, timeliness, efficiency and practicability.
5. The paper analyzes protocol-based key recovery, discusses the advantages and disadvantages of identity based encryption, designs and implements protocol-based key recovery mechanism for IPSec, including four authentication methods-preshared key, signature, public key encryption and revised public key encryption, and two working mode-main mode and aggressive mode. Analysis on perfect forward security and IKEv2 is given. Experiments prove that it is easy to embed key recovery in IPSec VPN with valuable properties such as unfilterability, inter-operability, hidden key recovery and real time key recovery.
6. Based on a comprehensive security analysis on SSL/TLS protocol and Chinese SSL VPN standard, a protocol-based key recovery scheme for SSL/TLS is given and its practicability is discussed. We present a proxy-based MITM attack scheme, give a dedicated analysis of security threat, and propose mechanisms for security enhancement, with a main focus on the session-aware MITM protection scheme. From the positive point of view, application of this attack in content filtering security, key recovery prevention and protocol customization is illustrated. A conclusion is that proxy-based MITM for SSL/TLS can be adopted to implement valuable function for positive security protection while it indeed brings us the noticeable security threat. An integrated session-aware S-ZTIC solution is designed, which can defend against both the MITM attack and malicious software attack.
引文
[1]国家信息工程技术研究中心.电子政务总体设计与技术实.北京:电子工业出版社,2003.
[2]秦天保.电子政务信息安全体系结构研究.计算机系统应用.2006,1期,pp.6-9
[3]ITU-T, ITU-T Recommendation X.509, http://www.itu.int/rec/recommendati on.asp?type=folders&lang=e&parent=T-REC-X.509
[4]ITU-T, ISO/IEC 10181-3ITU-T Rec.X.812, http://www.itu.int/rec/recommendati on.asp?type=items&lang=e&parent=T-REC-X.812-199511-I
[5]NIST, the NIST Model for RBAC. http://csrc.nist.gov/rbac
[6]Clarke R.. The Fundamental Inadequacies of Conventional Public Key Infrast ructure. In Proc. of ECIS'2001, June 2001. http://www.anu.edu.au/people/Roge r.Clarke/Ⅱ/ECIS2001.html.
[7]Guttman P.. PKI:It's Not Dead, Just Resting. http://www.cs.auckland.ac.nz/~p gut001/pubs/notdead.pdf.
[8]Hanna S., ed.. Analysis of August 2003 Follow-up Survey on Obstacles to P KI Deployment and Usage. OASIS PKI Technical Committee, http://www.oasi s-open.org/committees/pki/pkiobstaclesaugust2003surveyreport.pdf.
[9]Ellison C., Schneier B.. Ten Risks of PKI:What You're Not Being Told abo ut Public Key Infrastructure. Computer Security Journal,2000, Vol. ⅩⅥ, No. 1.
[10]RFC 2459:Internet X.509 public key infrastructure certificate and CRL profil e. http://www.ietf.org/rfc/rfc2459.txt
[11]Kocher P. C.. On certificate revocation and validation. In Proc. of Internation al Conference on Financial Cryptography. LNCS, Springer-Verlag,1998.
[12]RFC2560:Online Certificate Status Protocol-OCSP. http://www.ietf.org/rfc/rfc2 560.txt
[13]RFC 5055:Server-Based Certificate Validation Protocol (SCVP) (December 2 007 Proposed Standard)
[14]XML Key Management Specification (XKMS):http://www.w3.org/TR/xkms/
[15]周永彬,卿斯汉.一种高效和可扩展的OCSP系统.通信学报,2003,24卷,11期,pp.93-99.
[16]Shamir A.. Identity-Based Cryptosystems and Signature Schemes. In Proc. of Crypto' 84,1984, pp.47-53.
[17]Feige U., Fiat A. and Shamir A.. Zero-Knowledge Proofs of Identity. Journal of Cryptology.1998, Vol.1, pp.77-94.
[18]Fiat A. and Shamir A.. How to Prove Yourself:Practical Solutions to Ident ification and Signature Problems. In Proc. of Crypto'86, LNCS 263,1987, p p.186-194.
[19]Desmedt Y. and Quisquater J.-J.. Public-key systems based on the difficulty of tampering. In Proc. of Crypto'86, LNCS263,1986, pp.111-117.
[20]Tanaka H.. A realization scheme for the identity based cryptosystem. In Proc. of Crypto'87, LNCS 293,1987, pp.341-349.
[21]Tsuji S. and Itoh T.. An ID-based cryptosystem based on the discrete logarit hm problem. IEEE Journal on Selected Areas in Communication.1989, vol.7, no.4, pp.467-473.
[22]Huhnlein D., Jacobson M. and Weber D.. Towards Practical Non-interactive Public Key Cryptosystems Using Non-maximal Imaginary Quadratic Orders. I n Proc. of SAC 2000, LNCS 2021,2000, pp.275-287.
[23]Maurer U. and Yacobi Y. Non-interactive public-key cryptosystem. In Proc. of Eurocrypt'91, LNCS 547,1991, pp.498-507.
[24]Boneh D. and Franklin M.. Identity-Based encryption from Weil pairing. In Proc. of CRYPTO 2001,2001, pp.213-229.
[25]Cocks C.. An identity based encryption scheme based on quadratic residues. In Proc. of Cryptography and Coding, LNCS 2260,2001, pp.360-363.
[26]Martin Gagne. Identity-Based Encryption:a Survey. RSA Laboratories Crypto bytes,2003, Vol.6, No.1.
[27]Menezes A., Okamoto T. and Vantone S.. Reducing Elliptic Curve Logarithm s to Logarithms in a Finite Field. IEEE Transactions on Information Theory. 1993, vol.39, pp.1639-1646.
[28]Menezes A. J. and Vanstone S. A.. Elliptic curve cryptosystems and their im plementations. Journal of Cryptology.1993, vol.6, no.4, pp.209-223.
[29]Sakai R., Ohgishi K. and Kasahara M.. Cryptosystems Based on Pairing, In Proc. SCIS 2000, January 2000.
[30]Joux A.. A One Round Protocol for Tripartite Diffie-Hellman. In Proc. of A NTS-IV, LNCS 1838,2000, pp.385-394.
[31]Gentry C. and Silverberg A.. Hierarchical ID-Based Cryptography. Cryptology ePrint Archive, Report 2002/056,2002. http://eprint.iacr.org/2002/056.
[32]Horwitz J. and Lynn B.. Toward Hierarchical Identity-Based Encryption. In P roc. of Eurocrypt 2002, LNCS 2332,2002, pp.466-481.
[33]Lynn B.. Authenticated Identity-Based Encryption. Cryptology ePrint Archive Report 2002/072,2002. http://eprint.iacr.org/2002/072/.
[34]Cha J. and Cheon J.. An Identity-Based Signature from Gap Diffie-Hellman Groups. Cryptology ePrint Archive, Report 2002/018,2002. http://eprint.iacr.or g/2002/018/.
[35]Hess F.. Exponent Group Signature Schemes and Efficient Identity Based sig nature Schemes Based on Pairings. Cryptology ePrint Archive, Report 2002/0 12,2002. http://eprint.iacr.org/2002/012/
[36]Paterson K.. ID-Based Signature from Pairings on Elliptic Curves, Cryptology ePrint Archive. Report 2002/004,2002. http://eprint.iacr.org/2002/004/.
[37]Al-Riyami S.S., Paterson K.G., Authenticated three party key agreement proto cols from pairing. In Proc. of IMA'03, Cryptography and Coding, LNCS,20 03, vol.2898, pp.332-359.
[38]Bellare M., Desai A., Pointcheval D. and Rogaway P.. Relations among noti ons of security for public-key encryption schemes. In Proc. of Crypto'98,19 98, pp.26-45.
[39]RFC5091:Identity-Based Cryptography Standard (IBCS)#1:Supersingular Cu rve Implementations of the BF and BB1 Cryptosystems. http://www.ietf.org/rf c/rfc5091.txt
[40]IEEE P1363.3:Identity-Based Public Key Cryptography
[41]ISO/IEC 14888 Information technology -- Security techniques -- Digital signa tures with appendix.
[42]John P. Jones, Daniel F. Berger, Chinya V. Ravishankar. Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. In Proc. of 21st Annual Computer Security Applications Conference (ACSAC'05).2005, pp.409-418.
[43]DNSSEC. http://www.dnssec.net/rfc
[44]Smetters, D. K.. Durfee, G. E.. Domain-based administration of identity-based cryptosystems for secure email and IPSEC. In Proc. of 12th Usenix Securit y Symposium.2003.
[45]RFC 4322:Opportunistic Encryption using the Internet Key Exchange (IKE). http://www.ietf.org/rfc/rfc4322.txt
[46]冯登国,周永彬等译.密码工程实践指南[M].北京:清华大学出版社,2001.
[47]Chen L., Harrison K., Moss A., Soldera D., and Smart N.P.. Certification of public keys within an identity based system. In Prco. Of 5th International Conference, ISC,2002, pp.322-333.
[48]Almeroth K. and Ammar M.. Multicast Group Behavior in the Internet's Mul ticast Backbone (Mbone). IEEE Communications, June 1997.
[49]Banerjee S., Bhattacharjee B., Kommareddy C.. Scalable Application Layer Multicast. In Proc. of ACM Sigcomm,2002.
[50]Banerjee S., Kommareddy C., Kar K., Bhattacharjee B., and Khuller S.. Con struction of an Efficient Overlay Multicast Infrastructure for Realtime Applica tions. In Proc. of IEEE Infocom 2003, April 2003.
[51]Paul Judge and Mostafa Ammar. Security Issues and Solutions in Multicast Content Distribution:A Survey. IEEE Network. January/February 2003.
[52]Rafaeli S. and Hutchison D., A survey of key management for secure group communication. ACM Computing Surveys.2009, vol.35, no.3, pp.309-32 9.
[53]RFC2627:Key management for multicast:Issues and architectures. http://ww w.ietf.org/rfc/rfc2627.txt
[54]Wong, C.K., and Lam, S.. Secure group communications using key graphs. I n Proc. of SIGCOMM'98,1998, pp.68-79.
[55]Canetti, R., Garay, J., Itkis, G.; Micciancio, K., Naor, M., and Pinkas, B.. M ulticast security:a taxonomy and some efficient constructions. In Proc. of IN FOCOM 99,1999, pp.708-716.
[56]Perrig, A., Song, D., and Tygar, J.D.. ELK, a new protocol for efficient larg e group key distribution. IEEE Symp. Security and Privacy 2001, pp.247-2 62.
[57]Wang L. and Wu C.-K.. Efficient Identity-Based Multicast Scheme from Bili near Pairing. IEE Proceedings Communications.2005, Vol.152, No.6, pp.87 7-882.
[58]Lu L. and Hu L.. Pairing-Based Multi-Recipient Public Key Encryption. In Proc. of the 2006 International Conference on Security and Management,200 6, pp.159-165
[59]Yang C., Cheng X., Ma W., and Wang X.. A New Id-based Broadcast Encry ption Scheme. In Proc. of Autonomic and Trusted Computing 2006, Lecture Notes in Computer Science,2006, Vol.4158, pp.487-492.
[60]Foster I., Kesselman C., and Tuecke S.. The Anatomy of the Grid:Enabling Scalable Virtual Organizations. Int. Journal of High Performance Computing. 2001.
[61]Endrei M, et al. Patterns:Service-Oriented Architecture and Web Services. ht tp://ibm.com/redbooks.2004.24.
[62]Chris Peltz. Web Services Orchestration and Choreography. Computer.2003, vol.36, no.10, pp.46-52.
[63]OASIS Security Assertion Markup Language (SAML) 2.0 (2005). http://www. oasisopen.org/specs/index.php#samlv2.0
[64]Liberty Alliance Project. http://www.projectliberty.org/
[65]WS-Federation. http://www-106.ibm.com/developerworks/webservices/library/ws-fed/
[66]Shibboleth. http://shibboleth.internet2.edu
[67]WS-Security. http://www.oasis-open.org/committees/tc home.php?wg abbrev=ws s
[68]WS-Policy. http://www-106.ibm.com/developerworks/library/specification/ws-polf ram/
[69]WS-Trust. http://www-106.ibm.com/developerworks/library/specification/ws-trust/
[70]OASIS eXtensible Access Control Markup Language Technical Committee. e Xtensible Access Control Markup Language (XACML). http://www.oasis-open. org/committees/tc_home.php?wg_abbrev=xacml
[71]Roosdiana Wonohoesodo, Zahir Tari. A Role based Access Control for Web Services. In Proc. of the 2004 IEEE International Conference on Services C omputing.2004, pp.49-56.
[72]Yuan E. and Tong J., Attribute Based Access Control (ABAC) for Web Serv ices. In Proc. of 3rd International Conference on Web Services (ICWS 2005), July 2005, pp.561-569.
[73]ITU-T X.1250. Capabilities for global identity management trust and interope rability.
[74]《中华人民共和国电子签名法》.2004.
[75]ISO/IEC.1997.2nd CD 13888-3. Information Technology—Security Techniqu es—non-repudiation—Part3:Using Asymmetric Techniques. JTC1/SC27 N1379. ISO/IEC.
[76]ISO/IEC.1991.1st WD 13888-2. non-repudiation Using a Symmetric Key A lgorithm. JTC1/SC27/WG2 N83. ISO/IEC.
[77]ISO/IEC.1997.2nd CD 13888-3. Information Technology—Security Techniqu es—non-repudiation—Part3:Using Asymmetric Techniques. JTC1/SC27 N1379. ISO/IEC.
[78]ISO/IEC.1998.3rd CD 13888-2. Information Technology—Security Techniqu es—non-repudiation—Part2:Using Symmetric Encipherment Algorithms. JTC1 /SC27 N1276. ISO/IEC.
[79]ISO/IEC.2004.13888-1. Information Technology—Security Techniques—non-r epudiation—Part 1:General Model. JTC1/SC27. ISO/IEC.
[80]ITU-T,X.813 Security frameworks for open systems:Non-repudiation framewo rk.
[81]Zhou, J. Non-Repudiation in Electronic Commerce. Computer Security Series. Artech House.2001.
[82]Zhou J., Gollmann D.. A fair non-repudiation protocol. In Proc. of IEEE Sy mposium on Security and Privacy, Research in Security and Privacy, IEEE C omputer Society.1996, pp.55-61.
[83]Kremer, S., Markowitch,O., and Zhou, J. An intensive survey of fair non-re pudiation protocols. Computer Communications.2002, vol.25, no.17, pp.16 06--1621.
[84]Zhou J. and Lam K. Y.. Securing digital signatures for non-repudiation. (man uscript)
[85]You C., Zhou J., Lam K.. On the efficient implementation of fair non-repudi ation. Computer Communication Review.1998, vol.28, no.5, pp.50-60.
[86]Markowitch O., Kremer S.. An optimistic non-repudiation protocol with trans parent trusted third party. In Proc. of Information Security Conference 2001, Lecture Notes in Computer Science, Springer-Verlag,2001.
[87]Kremer S, Markowitch O. Optimistic non-repudiable information exchange. In Proc. of 21st Symp. on Information Theory in the Benelux.2000, pp.139-146.
[88]Fu K.. Dos and Don'ts of Client Authentication on the Web. In Proc. of the 10th USENIX Security Symposium,2001.
[89]Austin D., Barbin A., Ferris C., et al. Web Service Architecture Requirement s, W3C. http://www.w.3.org/TR/2004/NOTE-wsa-reqs-20040211.
[90]Nadalin A., Kaler C., Phillip Hallam-Baker, eds. OASIS Web Services Securi ty:SOAP Message Security 1.0 (WS-Security 2004). http://docs.oasis-open.org /wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
[91]Eric L. Gravengaard. Web Services Security:Non-Repudiation Proposal Draft. http://schemas.reactivity.com/2003/04/web-services-non-repudiation-05.pdf.
[92]Paul Robinson, Nick Cook, and Santosh Shrivastava. Implementing Fair Non-repudiable Interactions with Web Services. Technical Report CSTR, School of Computing Science, Univ. Newcastle,2005.
[93]David B., Hugo H., Francis M. C:, et al. Web Service Architecture. http://w ww.w3c.org/TR/ws-arch/, February 2004.
[94]Naor M., Nissim K. Certificate revocation and certificate update. In Proc. of the 7th USENIX Security Symposium,1998, pp.217-228.
[95]Haber S., Stornetta W. S.. How to time-stamp a digital document. Journal of Cryptology.1991, vol.3, no.2, pp.99-111.
[96]VPN Consortium. VPN Technologies:Definitions and Requirements. http://ww w.vpnc.org/vpn-technologies.html, July 2008
[97]RFC 4302:IP Authentication Header. http://www.ietf.org/rfc/rfc4302.txt
[98]RFC4303:IP Encapsulating Security Payload (ESP). http://www.ietf.org/rfc/rfc 4303.txt
[99]RFC4304:Extended Sequence Number Addendum to IPsec DOI for ISAKMP. http://www.ietf.org/rfc/rfc4304.txt
[100]RFC4835:Cryptographic Algorithm Implementation Requirements For ES P And AH. http://www.ietf.org/rfc/rfc4835.txt
[101]RFC 2408:Internet Security Association and Key Management Protocol (ISAKMP). http://www.ietf.org/rfc/rfc2408.txt
[102]RFC 2407:Internet IP Security Domain of Interpretation for ISAKMP. ht tp://www.ietf.org/rfc/rfc2407.txt
[103]RFC2409:Internet Key Exchange Protocol. http://www.ietf.org/rfc/rfc2409. txt
[104]Perlman, R. and Kaufman, C.. Key Exchange in IPSec:Analysis of IKE. IEEE Internet Computing. Nov/Dec 2000, vol.4, no.6, pp.50-56.
[105]C. Meadows. Analysis of the internet key exchange protocol using the N RL Protocol Analyzer. In Proceedings of IEEE Symposium on Security and Privacy, pages 216-231. IEEE Computer Society Press, May 1999.
[106]Ferguson N. and Schneier B.. A cryptographic evaluation of IPsec. Count erpane Labs,2000. http://www.counterpane.com/ipsec.pdf.
[107]Paterson, Kenneth G., Yau, Arnold K.L.. Cryptography in theory and pra ctice:The case of encryption in IPsec. In Proc. Eurocrypt 2006, Lecture Not es in Computer Science.2005, Vol.4004. pp.12-29.
[108]Degabriele, Jean Paul, Paterson, Kenneth G. Attacking the IPsec Standard s in Encryption-only Configurations. In Proc. IEEE Symposium on Security a nd Privacy, IEEE Computer Society.2007, pp.335-349.
[109]深信服、华为等.IPSec VPN国家标准——《IPSec VPN技术规范》
[110]Denning D. and Smid M.. Key escrowing today. IEEE communications. 1994, vol.32, no.9, pp.58-68.
[111]Goh E., Boneh D., Golle P., and Pinkas B.. The Design and Implementa tion of Protocol-based Hidden Key Recovery. In Proc. of the 6th Information Security Conference 2003, LNCS 2851.2003, pp.165-179.
[112]Menezes A. J., Vanstone S. A.. Elliptic curve cryptosystems and their im plementations. Journal of Cryptology.1993, vol.6, no.4, pp.209-224.
[113]The Stanford IBE system. http://crypto.stanford.edu/ibe/
[114]RFC4306:Internet Key Exchange (IKEv2) Protocol. http://www.ietf.org/rfc /rfc4306.txt
[115]Openswan, http://www.openswan.org/
[116]RFC3947:Negotiation of NAT-Traversal in the IKE. http://www.ietf.org/rf c/rfc3947.txt
[117]Netscape. SSL 2.0 PROTOCOL SPECIFICATION. http://www.mozilla.org/ proj ects/security/pki/nss/ssl/draft02.html
[118]Freier A O, Karlton P, Kocher P C. The SSL/TLS Protocol Version 3.0. 1996. ftp://ftp.netscape.com/pub/review/ssl-spec.tar.Z.
[119]RFC2246:The TLS protocol. http://www.ietf.org/rfc/rfc2246.txt
[120]RFC4346:The Transport Layer Security (TLS) Protocol Version 1.1. http: //www.ietf.org/rfc/rfc4346.txt
[121]RFC5246:The Transport Layer Security (TLS) Protocol Version 1.2. http: //www.ietf.org/rfc/rfc5246.txt
[122]SSL VPN Security. http://www.cisco.com/web/about/security/intelligence/05_08_SSL-VPN-Security.html
[123]深信服、华为等SSL VPN国家标准——《SSL VPN技术规范》
[124]Mitchell J., Shmatikov V, Stern U.. Finite-state analysis of SSL/TLS 3.0. In:Proc. of the Seventh USENIX Security Symposium, USENIX.1998, pp. 201-216.
[125]Paulson L.C.. Inductive analysis of the Internet protocol TLS. ACM Tran sactions on Computer and System Security.1999, vol.2, no.3, pp.332-35 1.
[126]Wagner D., Schneier B.. Analysis of the SSL/TLS 3.0 Protocol. USENIX Security Symposium.1996, pp.29-40.
[127]Burkholder P. SSL/TLS man-in-the-middle attacks. SANS Reading Room. February 2002.
[128]Asokan N., Niemi V., and Nyberg K.. Man-in-the-Middle in Tunneled A uthentication Protocols. In Proc. of Int'l Workshop Security Protocols. Spring er-Verlag,2003, pp.15-24.
[129]Hines, M. Malware flood driving new AV:Infro World. December,2007, http://www.inforworld.eom/article/07/12/14/Malware-flood-driving-new-AV_1.ht ml
[130]Alain Hiltgen, Thorsten Kramp, Thomas Weigold. Secure Internet Bankin g Authentication. IEEE Security and Privacy. Mar./Apr.2006, vol.4, no.2, pp.21-29
[131]Lamport L.. Password authentication with insecure communication. Comm unications of the ACM.1981, no.24, pp.770-772.
[132]RSA Laboratories. PKCS #11 v2.20:cryptographic token interface standar d. June 28,2004.
[133]Andreas Fuchsberger. Microsoft CryptoAPI. Information Security Technica 1 Report.1997, Vol.2, Issue 2, pp.74-77.
[134]Carl Ellison, Bruce Schneier. Ten Risks of PKI:What You're not being Told about Public Key Infrastructure. COMPUT SECUR J.2000, Vol.16, no. 1, pp.1-7.
[135]Fiat A., Shamir A., How to prove yourself:practical solutions to identifi cation and signature problems. In Proc. of CRYPTO'86, Lecture Notes in C omputer Science, Springer, Berlin,1987, vol.263, pp.186-194.
[136]Guillou L.C., Quisquater J.. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In Proc. of EUROCRYPT'88, Lecture Notes in Computer Science, Springer, Berlin, 1988, vol.330, pp.112-123.
[137]RFC2616. Hypertext Transfer Protocol--HTTP/1.1, http://www.ietf.org/rfc /rfc2616.txt
[138]RFC2817. Upgrading to TLS Within HTTP/1.1.http://www.ietf.org/rfc/rfc28 17.txt
[139]Soghoian, Christopher and Stamm, Sid. Certified Lies:Detecting and Def eating Government Interception Attacks Against SSL. http://files.cloudprivacy.n et/ssl-mitm.pdf
[140]Ye Z.E., Smith S.. Trusted paths for browsers. In Proc. of the USENIX Security Symposium,2002, pp.263-279.
[141]Andre Adelsbach, Sebastian Gajek, and Jorg Schwenk. Visual Spoofing o f SSL Protected Web Sites and Effective Countermeasures. In Proc. of Infor mation Security Practice and Experience 2005, LNCS 3469,2005, pp.204-21 6.
[142]Oppliger R., Hauser R. and Basin D.. SSL/TLS session-aware user auth entication-or how to effectively thwart the man-in-the-middle. Computer C ommunications.2006, August,29 (12), pp.2238-2246.
[143]Oppliger R.. Contemporary Cryptography. Norwood, MA:Artech House Publishers,2005.
[144]Oppliger R., Hauser R., Basin D., Rodenhaeuser A. and B. Kaiser. A p roof of concept implementation of SSL/TLS session-aware user authentication. In Proc. of the 15th GI/ITG conference on "Kommunikation in Verteilten S ystemen" KiVS'07, Berne, Switzerland, LNCS, Springer-Verlag, Berlin (Febr uary 26-March 2,2007), pp.225-236.
[145]OpenSSL Project. http://www.openssl.org
[146]Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Horing, Peter B uhler, Michael Baentsch. The Zurich Trusted Information Channel-An Effic ient Defence against Man-in-the-Middle and Malicious Software Attacks. In P roc. of TRUST 2008, LNCS 4968,2008, pp.75-91.
[2]秦天保.电子政务信息安全体系结构研究.计算机系统应用.2006,1期,pp.6-9
[3]ITU-T, ITU-T Recommendation X.509, http://www.itu.int/rec/recommendati on.asp?type=folders&lang=e&parent=T-REC-X.509
[4]ITU-T, ISO/IEC 10181-3ITU-T Rec.X.812, http://www.itu.int/rec/recommendati on.asp?type=items&lang=e&parent=T-REC-X.812-199511-I
[5]NIST, the NIST Model for RBAC. http://csrc.nist.gov/rbac
[6]Clarke R.. The Fundamental Inadequacies of Conventional Public Key Infrast ructure. In Proc. of ECIS'2001, June 2001. http://www.anu.edu.au/people/Roge r.Clarke/Ⅱ/ECIS2001.html.
[7]Guttman P.. PKI:It's Not Dead, Just Resting. http://www.cs.auckland.ac.nz/~p gut001/pubs/notdead.pdf.
[8]Hanna S., ed.. Analysis of August 2003 Follow-up Survey on Obstacles to P KI Deployment and Usage. OASIS PKI Technical Committee, http://www.oasi s-open.org/committees/pki/pkiobstaclesaugust2003surveyreport.pdf.
[9]Ellison C., Schneier B.. Ten Risks of PKI:What You're Not Being Told abo ut Public Key Infrastructure. Computer Security Journal,2000, Vol. ⅩⅥ, No. 1.
[10]RFC 2459:Internet X.509 public key infrastructure certificate and CRL profil e. http://www.ietf.org/rfc/rfc2459.txt
[11]Kocher P. C.. On certificate revocation and validation. In Proc. of Internation al Conference on Financial Cryptography. LNCS, Springer-Verlag,1998.
[12]RFC2560:Online Certificate Status Protocol-OCSP. http://www.ietf.org/rfc/rfc2 560.txt
[13]RFC 5055:Server-Based Certificate Validation Protocol (SCVP) (December 2 007 Proposed Standard)
[14]XML Key Management Specification (XKMS):http://www.w3.org/TR/xkms/
[15]周永彬,卿斯汉.一种高效和可扩展的OCSP系统.通信学报,2003,24卷,11期,pp.93-99.
[16]Shamir A.. Identity-Based Cryptosystems and Signature Schemes. In Proc. of Crypto' 84,1984, pp.47-53.
[17]Feige U., Fiat A. and Shamir A.. Zero-Knowledge Proofs of Identity. Journal of Cryptology.1998, Vol.1, pp.77-94.
[18]Fiat A. and Shamir A.. How to Prove Yourself:Practical Solutions to Ident ification and Signature Problems. In Proc. of Crypto'86, LNCS 263,1987, p p.186-194.
[19]Desmedt Y. and Quisquater J.-J.. Public-key systems based on the difficulty of tampering. In Proc. of Crypto'86, LNCS263,1986, pp.111-117.
[20]Tanaka H.. A realization scheme for the identity based cryptosystem. In Proc. of Crypto'87, LNCS 293,1987, pp.341-349.
[21]Tsuji S. and Itoh T.. An ID-based cryptosystem based on the discrete logarit hm problem. IEEE Journal on Selected Areas in Communication.1989, vol.7, no.4, pp.467-473.
[22]Huhnlein D., Jacobson M. and Weber D.. Towards Practical Non-interactive Public Key Cryptosystems Using Non-maximal Imaginary Quadratic Orders. I n Proc. of SAC 2000, LNCS 2021,2000, pp.275-287.
[23]Maurer U. and Yacobi Y. Non-interactive public-key cryptosystem. In Proc. of Eurocrypt'91, LNCS 547,1991, pp.498-507.
[24]Boneh D. and Franklin M.. Identity-Based encryption from Weil pairing. In Proc. of CRYPTO 2001,2001, pp.213-229.
[25]Cocks C.. An identity based encryption scheme based on quadratic residues. In Proc. of Cryptography and Coding, LNCS 2260,2001, pp.360-363.
[26]Martin Gagne. Identity-Based Encryption:a Survey. RSA Laboratories Crypto bytes,2003, Vol.6, No.1.
[27]Menezes A., Okamoto T. and Vantone S.. Reducing Elliptic Curve Logarithm s to Logarithms in a Finite Field. IEEE Transactions on Information Theory. 1993, vol.39, pp.1639-1646.
[28]Menezes A. J. and Vanstone S. A.. Elliptic curve cryptosystems and their im plementations. Journal of Cryptology.1993, vol.6, no.4, pp.209-223.
[29]Sakai R., Ohgishi K. and Kasahara M.. Cryptosystems Based on Pairing, In Proc. SCIS 2000, January 2000.
[30]Joux A.. A One Round Protocol for Tripartite Diffie-Hellman. In Proc. of A NTS-IV, LNCS 1838,2000, pp.385-394.
[31]Gentry C. and Silverberg A.. Hierarchical ID-Based Cryptography. Cryptology ePrint Archive, Report 2002/056,2002. http://eprint.iacr.org/2002/056.
[32]Horwitz J. and Lynn B.. Toward Hierarchical Identity-Based Encryption. In P roc. of Eurocrypt 2002, LNCS 2332,2002, pp.466-481.
[33]Lynn B.. Authenticated Identity-Based Encryption. Cryptology ePrint Archive Report 2002/072,2002. http://eprint.iacr.org/2002/072/.
[34]Cha J. and Cheon J.. An Identity-Based Signature from Gap Diffie-Hellman Groups. Cryptology ePrint Archive, Report 2002/018,2002. http://eprint.iacr.or g/2002/018/.
[35]Hess F.. Exponent Group Signature Schemes and Efficient Identity Based sig nature Schemes Based on Pairings. Cryptology ePrint Archive, Report 2002/0 12,2002. http://eprint.iacr.org/2002/012/
[36]Paterson K.. ID-Based Signature from Pairings on Elliptic Curves, Cryptology ePrint Archive. Report 2002/004,2002. http://eprint.iacr.org/2002/004/.
[37]Al-Riyami S.S., Paterson K.G., Authenticated three party key agreement proto cols from pairing. In Proc. of IMA'03, Cryptography and Coding, LNCS,20 03, vol.2898, pp.332-359.
[38]Bellare M., Desai A., Pointcheval D. and Rogaway P.. Relations among noti ons of security for public-key encryption schemes. In Proc. of Crypto'98,19 98, pp.26-45.
[39]RFC5091:Identity-Based Cryptography Standard (IBCS)#1:Supersingular Cu rve Implementations of the BF and BB1 Cryptosystems. http://www.ietf.org/rf c/rfc5091.txt
[40]IEEE P1363.3:Identity-Based Public Key Cryptography
[41]ISO/IEC 14888 Information technology -- Security techniques -- Digital signa tures with appendix.
[42]John P. Jones, Daniel F. Berger, Chinya V. Ravishankar. Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. In Proc. of 21st Annual Computer Security Applications Conference (ACSAC'05).2005, pp.409-418.
[43]DNSSEC. http://www.dnssec.net/rfc
[44]Smetters, D. K.. Durfee, G. E.. Domain-based administration of identity-based cryptosystems for secure email and IPSEC. In Proc. of 12th Usenix Securit y Symposium.2003.
[45]RFC 4322:Opportunistic Encryption using the Internet Key Exchange (IKE). http://www.ietf.org/rfc/rfc4322.txt
[46]冯登国,周永彬等译.密码工程实践指南[M].北京:清华大学出版社,2001.
[47]Chen L., Harrison K., Moss A., Soldera D., and Smart N.P.. Certification of public keys within an identity based system. In Prco. Of 5th International Conference, ISC,2002, pp.322-333.
[48]Almeroth K. and Ammar M.. Multicast Group Behavior in the Internet's Mul ticast Backbone (Mbone). IEEE Communications, June 1997.
[49]Banerjee S., Bhattacharjee B., Kommareddy C.. Scalable Application Layer Multicast. In Proc. of ACM Sigcomm,2002.
[50]Banerjee S., Kommareddy C., Kar K., Bhattacharjee B., and Khuller S.. Con struction of an Efficient Overlay Multicast Infrastructure for Realtime Applica tions. In Proc. of IEEE Infocom 2003, April 2003.
[51]Paul Judge and Mostafa Ammar. Security Issues and Solutions in Multicast Content Distribution:A Survey. IEEE Network. January/February 2003.
[52]Rafaeli S. and Hutchison D., A survey of key management for secure group communication. ACM Computing Surveys.2009, vol.35, no.3, pp.309-32 9.
[53]RFC2627:Key management for multicast:Issues and architectures. http://ww w.ietf.org/rfc/rfc2627.txt
[54]Wong, C.K., and Lam, S.. Secure group communications using key graphs. I n Proc. of SIGCOMM'98,1998, pp.68-79.
[55]Canetti, R., Garay, J., Itkis, G.; Micciancio, K., Naor, M., and Pinkas, B.. M ulticast security:a taxonomy and some efficient constructions. In Proc. of IN FOCOM 99,1999, pp.708-716.
[56]Perrig, A., Song, D., and Tygar, J.D.. ELK, a new protocol for efficient larg e group key distribution. IEEE Symp. Security and Privacy 2001, pp.247-2 62.
[57]Wang L. and Wu C.-K.. Efficient Identity-Based Multicast Scheme from Bili near Pairing. IEE Proceedings Communications.2005, Vol.152, No.6, pp.87 7-882.
[58]Lu L. and Hu L.. Pairing-Based Multi-Recipient Public Key Encryption. In Proc. of the 2006 International Conference on Security and Management,200 6, pp.159-165
[59]Yang C., Cheng X., Ma W., and Wang X.. A New Id-based Broadcast Encry ption Scheme. In Proc. of Autonomic and Trusted Computing 2006, Lecture Notes in Computer Science,2006, Vol.4158, pp.487-492.
[60]Foster I., Kesselman C., and Tuecke S.. The Anatomy of the Grid:Enabling Scalable Virtual Organizations. Int. Journal of High Performance Computing. 2001.
[61]Endrei M, et al. Patterns:Service-Oriented Architecture and Web Services. ht tp://ibm.com/redbooks.2004.24.
[62]Chris Peltz. Web Services Orchestration and Choreography. Computer.2003, vol.36, no.10, pp.46-52.
[63]OASIS Security Assertion Markup Language (SAML) 2.0 (2005). http://www. oasisopen.org/specs/index.php#samlv2.0
[64]Liberty Alliance Project. http://www.projectliberty.org/
[65]WS-Federation. http://www-106.ibm.com/developerworks/webservices/library/ws-fed/
[66]Shibboleth. http://shibboleth.internet2.edu
[67]WS-Security. http://www.oasis-open.org/committees/tc home.php?wg abbrev=ws s
[68]WS-Policy. http://www-106.ibm.com/developerworks/library/specification/ws-polf ram/
[69]WS-Trust. http://www-106.ibm.com/developerworks/library/specification/ws-trust/
[70]OASIS eXtensible Access Control Markup Language Technical Committee. e Xtensible Access Control Markup Language (XACML). http://www.oasis-open. org/committees/tc_home.php?wg_abbrev=xacml
[71]Roosdiana Wonohoesodo, Zahir Tari. A Role based Access Control for Web Services. In Proc. of the 2004 IEEE International Conference on Services C omputing.2004, pp.49-56.
[72]Yuan E. and Tong J., Attribute Based Access Control (ABAC) for Web Serv ices. In Proc. of 3rd International Conference on Web Services (ICWS 2005), July 2005, pp.561-569.
[73]ITU-T X.1250. Capabilities for global identity management trust and interope rability.
[74]《中华人民共和国电子签名法》.2004.
[75]ISO/IEC.1997.2nd CD 13888-3. Information Technology—Security Techniqu es—non-repudiation—Part3:Using Asymmetric Techniques. JTC1/SC27 N1379. ISO/IEC.
[76]ISO/IEC.1991.1st WD 13888-2. non-repudiation Using a Symmetric Key A lgorithm. JTC1/SC27/WG2 N83. ISO/IEC.
[77]ISO/IEC.1997.2nd CD 13888-3. Information Technology—Security Techniqu es—non-repudiation—Part3:Using Asymmetric Techniques. JTC1/SC27 N1379. ISO/IEC.
[78]ISO/IEC.1998.3rd CD 13888-2. Information Technology—Security Techniqu es—non-repudiation—Part2:Using Symmetric Encipherment Algorithms. JTC1 /SC27 N1276. ISO/IEC.
[79]ISO/IEC.2004.13888-1. Information Technology—Security Techniques—non-r epudiation—Part 1:General Model. JTC1/SC27. ISO/IEC.
[80]ITU-T,X.813 Security frameworks for open systems:Non-repudiation framewo rk.
[81]Zhou, J. Non-Repudiation in Electronic Commerce. Computer Security Series. Artech House.2001.
[82]Zhou J., Gollmann D.. A fair non-repudiation protocol. In Proc. of IEEE Sy mposium on Security and Privacy, Research in Security and Privacy, IEEE C omputer Society.1996, pp.55-61.
[83]Kremer, S., Markowitch,O., and Zhou, J. An intensive survey of fair non-re pudiation protocols. Computer Communications.2002, vol.25, no.17, pp.16 06--1621.
[84]Zhou J. and Lam K. Y.. Securing digital signatures for non-repudiation. (man uscript)
[85]You C., Zhou J., Lam K.. On the efficient implementation of fair non-repudi ation. Computer Communication Review.1998, vol.28, no.5, pp.50-60.
[86]Markowitch O., Kremer S.. An optimistic non-repudiation protocol with trans parent trusted third party. In Proc. of Information Security Conference 2001, Lecture Notes in Computer Science, Springer-Verlag,2001.
[87]Kremer S, Markowitch O. Optimistic non-repudiable information exchange. In Proc. of 21st Symp. on Information Theory in the Benelux.2000, pp.139-146.
[88]Fu K.. Dos and Don'ts of Client Authentication on the Web. In Proc. of the 10th USENIX Security Symposium,2001.
[89]Austin D., Barbin A., Ferris C., et al. Web Service Architecture Requirement s, W3C. http://www.w.3.org/TR/2004/NOTE-wsa-reqs-20040211.
[90]Nadalin A., Kaler C., Phillip Hallam-Baker, eds. OASIS Web Services Securi ty:SOAP Message Security 1.0 (WS-Security 2004). http://docs.oasis-open.org /wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
[91]Eric L. Gravengaard. Web Services Security:Non-Repudiation Proposal Draft. http://schemas.reactivity.com/2003/04/web-services-non-repudiation-05.pdf.
[92]Paul Robinson, Nick Cook, and Santosh Shrivastava. Implementing Fair Non-repudiable Interactions with Web Services. Technical Report CSTR, School of Computing Science, Univ. Newcastle,2005.
[93]David B., Hugo H., Francis M. C:, et al. Web Service Architecture. http://w ww.w3c.org/TR/ws-arch/, February 2004.
[94]Naor M., Nissim K. Certificate revocation and certificate update. In Proc. of the 7th USENIX Security Symposium,1998, pp.217-228.
[95]Haber S., Stornetta W. S.. How to time-stamp a digital document. Journal of Cryptology.1991, vol.3, no.2, pp.99-111.
[96]VPN Consortium. VPN Technologies:Definitions and Requirements. http://ww w.vpnc.org/vpn-technologies.html, July 2008
[97]RFC 4302:IP Authentication Header. http://www.ietf.org/rfc/rfc4302.txt
[98]RFC4303:IP Encapsulating Security Payload (ESP). http://www.ietf.org/rfc/rfc 4303.txt
[99]RFC4304:Extended Sequence Number Addendum to IPsec DOI for ISAKMP. http://www.ietf.org/rfc/rfc4304.txt
[100]RFC4835:Cryptographic Algorithm Implementation Requirements For ES P And AH. http://www.ietf.org/rfc/rfc4835.txt
[101]RFC 2408:Internet Security Association and Key Management Protocol (ISAKMP). http://www.ietf.org/rfc/rfc2408.txt
[102]RFC 2407:Internet IP Security Domain of Interpretation for ISAKMP. ht tp://www.ietf.org/rfc/rfc2407.txt
[103]RFC2409:Internet Key Exchange Protocol. http://www.ietf.org/rfc/rfc2409. txt
[104]Perlman, R. and Kaufman, C.. Key Exchange in IPSec:Analysis of IKE. IEEE Internet Computing. Nov/Dec 2000, vol.4, no.6, pp.50-56.
[105]C. Meadows. Analysis of the internet key exchange protocol using the N RL Protocol Analyzer. In Proceedings of IEEE Symposium on Security and Privacy, pages 216-231. IEEE Computer Society Press, May 1999.
[106]Ferguson N. and Schneier B.. A cryptographic evaluation of IPsec. Count erpane Labs,2000. http://www.counterpane.com/ipsec.pdf.
[107]Paterson, Kenneth G., Yau, Arnold K.L.. Cryptography in theory and pra ctice:The case of encryption in IPsec. In Proc. Eurocrypt 2006, Lecture Not es in Computer Science.2005, Vol.4004. pp.12-29.
[108]Degabriele, Jean Paul, Paterson, Kenneth G. Attacking the IPsec Standard s in Encryption-only Configurations. In Proc. IEEE Symposium on Security a nd Privacy, IEEE Computer Society.2007, pp.335-349.
[109]深信服、华为等.IPSec VPN国家标准——《IPSec VPN技术规范》
[110]Denning D. and Smid M.. Key escrowing today. IEEE communications. 1994, vol.32, no.9, pp.58-68.
[111]Goh E., Boneh D., Golle P., and Pinkas B.. The Design and Implementa tion of Protocol-based Hidden Key Recovery. In Proc. of the 6th Information Security Conference 2003, LNCS 2851.2003, pp.165-179.
[112]Menezes A. J., Vanstone S. A.. Elliptic curve cryptosystems and their im plementations. Journal of Cryptology.1993, vol.6, no.4, pp.209-224.
[113]The Stanford IBE system. http://crypto.stanford.edu/ibe/
[114]RFC4306:Internet Key Exchange (IKEv2) Protocol. http://www.ietf.org/rfc /rfc4306.txt
[115]Openswan, http://www.openswan.org/
[116]RFC3947:Negotiation of NAT-Traversal in the IKE. http://www.ietf.org/rf c/rfc3947.txt
[117]Netscape. SSL 2.0 PROTOCOL SPECIFICATION. http://www.mozilla.org/ proj ects/security/pki/nss/ssl/draft02.html
[118]Freier A O, Karlton P, Kocher P C. The SSL/TLS Protocol Version 3.0. 1996. ftp://ftp.netscape.com/pub/review/ssl-spec.tar.Z.
[119]RFC2246:The TLS protocol. http://www.ietf.org/rfc/rfc2246.txt
[120]RFC4346:The Transport Layer Security (TLS) Protocol Version 1.1. http: //www.ietf.org/rfc/rfc4346.txt
[121]RFC5246:The Transport Layer Security (TLS) Protocol Version 1.2. http: //www.ietf.org/rfc/rfc5246.txt
[122]SSL VPN Security. http://www.cisco.com/web/about/security/intelligence/05_08_SSL-VPN-Security.html
[123]深信服、华为等SSL VPN国家标准——《SSL VPN技术规范》
[124]Mitchell J., Shmatikov V, Stern U.. Finite-state analysis of SSL/TLS 3.0. In:Proc. of the Seventh USENIX Security Symposium, USENIX.1998, pp. 201-216.
[125]Paulson L.C.. Inductive analysis of the Internet protocol TLS. ACM Tran sactions on Computer and System Security.1999, vol.2, no.3, pp.332-35 1.
[126]Wagner D., Schneier B.. Analysis of the SSL/TLS 3.0 Protocol. USENIX Security Symposium.1996, pp.29-40.
[127]Burkholder P. SSL/TLS man-in-the-middle attacks. SANS Reading Room. February 2002.
[128]Asokan N., Niemi V., and Nyberg K.. Man-in-the-Middle in Tunneled A uthentication Protocols. In Proc. of Int'l Workshop Security Protocols. Spring er-Verlag,2003, pp.15-24.
[129]Hines, M. Malware flood driving new AV:Infro World. December,2007, http://www.inforworld.eom/article/07/12/14/Malware-flood-driving-new-AV_1.ht ml
[130]Alain Hiltgen, Thorsten Kramp, Thomas Weigold. Secure Internet Bankin g Authentication. IEEE Security and Privacy. Mar./Apr.2006, vol.4, no.2, pp.21-29
[131]Lamport L.. Password authentication with insecure communication. Comm unications of the ACM.1981, no.24, pp.770-772.
[132]RSA Laboratories. PKCS #11 v2.20:cryptographic token interface standar d. June 28,2004.
[133]Andreas Fuchsberger. Microsoft CryptoAPI. Information Security Technica 1 Report.1997, Vol.2, Issue 2, pp.74-77.
[134]Carl Ellison, Bruce Schneier. Ten Risks of PKI:What You're not being Told about Public Key Infrastructure. COMPUT SECUR J.2000, Vol.16, no. 1, pp.1-7.
[135]Fiat A., Shamir A., How to prove yourself:practical solutions to identifi cation and signature problems. In Proc. of CRYPTO'86, Lecture Notes in C omputer Science, Springer, Berlin,1987, vol.263, pp.186-194.
[136]Guillou L.C., Quisquater J.. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In Proc. of EUROCRYPT'88, Lecture Notes in Computer Science, Springer, Berlin, 1988, vol.330, pp.112-123.
[137]RFC2616. Hypertext Transfer Protocol--HTTP/1.1, http://www.ietf.org/rfc /rfc2616.txt
[138]RFC2817. Upgrading to TLS Within HTTP/1.1.http://www.ietf.org/rfc/rfc28 17.txt
[139]Soghoian, Christopher and Stamm, Sid. Certified Lies:Detecting and Def eating Government Interception Attacks Against SSL. http://files.cloudprivacy.n et/ssl-mitm.pdf
[140]Ye Z.E., Smith S.. Trusted paths for browsers. In Proc. of the USENIX Security Symposium,2002, pp.263-279.
[141]Andre Adelsbach, Sebastian Gajek, and Jorg Schwenk. Visual Spoofing o f SSL Protected Web Sites and Effective Countermeasures. In Proc. of Infor mation Security Practice and Experience 2005, LNCS 3469,2005, pp.204-21 6.
[142]Oppliger R., Hauser R. and Basin D.. SSL/TLS session-aware user auth entication-or how to effectively thwart the man-in-the-middle. Computer C ommunications.2006, August,29 (12), pp.2238-2246.
[143]Oppliger R.. Contemporary Cryptography. Norwood, MA:Artech House Publishers,2005.
[144]Oppliger R., Hauser R., Basin D., Rodenhaeuser A. and B. Kaiser. A p roof of concept implementation of SSL/TLS session-aware user authentication. In Proc. of the 15th GI/ITG conference on "Kommunikation in Verteilten S ystemen" KiVS'07, Berne, Switzerland, LNCS, Springer-Verlag, Berlin (Febr uary 26-March 2,2007), pp.225-236.
[145]OpenSSL Project. http://www.openssl.org
[146]Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Horing, Peter B uhler, Michael Baentsch. The Zurich Trusted Information Channel-An Effic ient Defence against Man-in-the-Middle and Malicious Software Attacks. In P roc. of TRUST 2008, LNCS 4968,2008, pp.75-91.