面向3G-WLAN互联网络的安全协议研究
|
摘要
近几年来,随着技术的不断发展和网络的日趋演进,各种无线技术在相互角逐的同时,也正在逐步走向互补融合。未来无线网络的发展趋势必然是在保留现有各种无线技术的基础上,通过一种统一的移动管理机制进行整合,从而为用户提供无时无刻、无所不在的网络接入服务。3G移动通信网络作为移动通信技术的代表,能在广域范围内提供较好的漫游服务,但是它提供的数据传输速率以及网络带宽较小,费用较高。WLAN作为另一种常见的无线接入网络,能提供相对较高的速率,适合于多媒体信息的传输,并且价格较低,但是它的网络覆盖范围较小。3G和WLAN的互联能充分发挥两者的互补特性,为用户提供更好的网络接入服务。
实现3G和WLAN的互联是一个非常复杂的系统工程,需要考虑许多关键性问题,其中安全是需要重点考虑的问题之一。3G-WLAN互联网络需要一种与底层技术无关的接入认证和计费机制,在用户初次接入网络时,需要对用户进行合法性验证,在用户接受服务过程中,需要对用户安全地进行计费。本文主要基于对匿名认证和非否认性计费的研究,提出了对现有3GPP规范中的接入认证和计费协议的改进,取得了以下研究成果:
(1)提出了一个针对3G-WLAN互联网络的WLAN匿名接入认证协议。协议基于代理签名和椭圆曲线加密技术,通过让部分用户设备随机地共享由归属网络分配的代理签名密钥对,实现了用户设备和3GPP AAA Server的相互认证,用户设备和3GPP AAA Server之间的主密钥协商,以及UE和WLAN接入网之间的会话主密钥安全分发,同时解决了原协议中存在的用户身份泄露、拒绝服务攻击和虚假接入点攻击等安全问题。
(2)提出了一个针对3G-WLAN互联网络的WLAN接入快速重认证协议。协议采用双哈希链机制不但实现了用户设备和3GPP AAA Server之间的双向认证以及用户设备和WLAN接入网之间的会话密钥安全分发,还解决了原协议中WLAN接入网无法过滤非法认证请求、不能抵抗对归属网络的拒绝服务攻击的问题。接着针对重认证最大次数受限于哈希链链长的问题,提出了一种朴素可再生哈希链技术。与基于一次性签名的可再生哈希链技术相比,朴素可再生哈希链技术能有效降低哈希链再生引起的额外计算和通信负载。
(3)提出了一种快速3GPP接入认证协议。协议在3GPP接入认证过程中充分利用了之前WLAN接入认证的结果,减少了用户设备和3GPP AAA Server之间的消息交互,降低了通信负载和能量消耗。同时由于省略了EAP-AKA过程,没有消耗认证矢量,因此也减轻了HSS/HLR的工作负担。
(4)提出了一种基于哈希链的非否认性在线计费协议。解决了原在线计费协议中存在的用户设备和WLAN接入网之间计费纠纷的问题。针对长哈希链的高计算、存储负载,提出了基于二叉树的高效哈希链遍历算法,并实现了在任意链长下的遍历复杂度分析。分析结果表明,对长为n的哈希链进行遍历时,只需要[log2 n]+1大小的辅助空间,并且全部遍历所需的计算次数不大于n[log2 n]/2。此外算法还提供了时空复杂度转化机制,从而能在需要时进一步降低计算负载或存储空间。
In recent years, as the growing of the technology and the evolution of the network, various wireless networks are gradually moving towards integration of complementary when at the same time compete with each other. It is the trend of the future wireless networks that providing a unified mobility management system to integrate these wireless network in order to provide ubiquitous network access services to the mobile users all the time. As the representative of mobile communication systems, the 3G mobile communication network can provide a good range of wide-area roaming, but it provides low data transfer rates and network bandwidth, and is expensive. As the most common wireless access technology, WLAN can provide a higher rate, is suitable to transmit large amounts of multimedia information, and is inexpensive, but the network coverage is small. The integration of 3G and WLAN can take full advantage of them, and provide users with better services.
It is a very complicated system engineering to integrate 3G and WLAN network, needs to consider many key issues, one of which is security. In the network integrating 3G and WLAN, it is necessary to provide common authentication and billing mechanisms independent of the underlying wireless technology.
In this dissertation, we studied anonymous authentication and undenial charging protocols in 3G-WLAN integrated networks, and several improvements to the standard proposed by 3GPP were put forward as follow.
(1) An anonymous authentication protocol for WLAN Direct IP Access was proposed, which is based on proxy signature and the elliptic curve encryption, allows a pair of proxy signature keys to be shared among some mobile devices randomly, not only archives mutual authentication and master key agreement between user equipment and 3GPP AAA Server, distribution of the session master key between user and WLAN, but also addressing the security holes in the original protocol such as identity leak, DoS attacks and false AP attacks.
(2) A new fast re-authentication protocol for WLAN Direct IP Access was proposed based on dual hash chains mechanism, which not only realizes the mutual authentication between user equipment and 3GPP AAA Server, the secure distribution of the session master key between user and WLAN, and anti-replay attack, but also achieves anti-DoS attack which can't be provided by the original protocol. To resolve the issue that the maximum times of re-authentication is limited to the length of hash chain, we proposed a simple algorithm for hash chain regeneration, compared to one-time-signature-based algorithm, the proposed algorithm greatly reduces the computational load and communication load.
(3) An efficient WLAN 3GPP IP access authentication protocol was proposed, which makes full use of the result of WLAN direct IP access authentication to avoid the duplicated mutual authentication between UE and the 3GPP AAA Server, reduces the computational load and communication load. At the same time, as EAP-AKA procedure is omitted, the proposed protocol does not require authentication vectors from HSS/HLR, which reduces the workload of HSS/HLR.
(4) A non-repudiation offline charging protocol was proposed based on hash chain, which settles the matter that the original off-line charging protocol can't resolve the billing dispute which would happen between the UE and WLAN or between the UE and the visited network. As the computing load or storage load will be high when the length of hash chain is long, we proposed an efficient hash chain traversal algorithm based on binary tree, and realized the complexity analysis. The analysis results show that, when the length of the hash chain is n, the auxiliary space that the proposed algorithm needs is |log2 n|+1, and the number of hash calculations that the proposed algorithm needs during traverse is not larger than n|log2 n|/2. Further more, the algorithm can reduce time complexity by increasing space complexity, visa verse.
实现3G和WLAN的互联是一个非常复杂的系统工程,需要考虑许多关键性问题,其中安全是需要重点考虑的问题之一。3G-WLAN互联网络需要一种与底层技术无关的接入认证和计费机制,在用户初次接入网络时,需要对用户进行合法性验证,在用户接受服务过程中,需要对用户安全地进行计费。本文主要基于对匿名认证和非否认性计费的研究,提出了对现有3GPP规范中的接入认证和计费协议的改进,取得了以下研究成果:
(1)提出了一个针对3G-WLAN互联网络的WLAN匿名接入认证协议。协议基于代理签名和椭圆曲线加密技术,通过让部分用户设备随机地共享由归属网络分配的代理签名密钥对,实现了用户设备和3GPP AAA Server的相互认证,用户设备和3GPP AAA Server之间的主密钥协商,以及UE和WLAN接入网之间的会话主密钥安全分发,同时解决了原协议中存在的用户身份泄露、拒绝服务攻击和虚假接入点攻击等安全问题。
(2)提出了一个针对3G-WLAN互联网络的WLAN接入快速重认证协议。协议采用双哈希链机制不但实现了用户设备和3GPP AAA Server之间的双向认证以及用户设备和WLAN接入网之间的会话密钥安全分发,还解决了原协议中WLAN接入网无法过滤非法认证请求、不能抵抗对归属网络的拒绝服务攻击的问题。接着针对重认证最大次数受限于哈希链链长的问题,提出了一种朴素可再生哈希链技术。与基于一次性签名的可再生哈希链技术相比,朴素可再生哈希链技术能有效降低哈希链再生引起的额外计算和通信负载。
(3)提出了一种快速3GPP接入认证协议。协议在3GPP接入认证过程中充分利用了之前WLAN接入认证的结果,减少了用户设备和3GPP AAA Server之间的消息交互,降低了通信负载和能量消耗。同时由于省略了EAP-AKA过程,没有消耗认证矢量,因此也减轻了HSS/HLR的工作负担。
(4)提出了一种基于哈希链的非否认性在线计费协议。解决了原在线计费协议中存在的用户设备和WLAN接入网之间计费纠纷的问题。针对长哈希链的高计算、存储负载,提出了基于二叉树的高效哈希链遍历算法,并实现了在任意链长下的遍历复杂度分析。分析结果表明,对长为n的哈希链进行遍历时,只需要[log2 n]+1大小的辅助空间,并且全部遍历所需的计算次数不大于n[log2 n]/2。此外算法还提供了时空复杂度转化机制,从而能在需要时进一步降低计算负载或存储空间。
In recent years, as the growing of the technology and the evolution of the network, various wireless networks are gradually moving towards integration of complementary when at the same time compete with each other. It is the trend of the future wireless networks that providing a unified mobility management system to integrate these wireless network in order to provide ubiquitous network access services to the mobile users all the time. As the representative of mobile communication systems, the 3G mobile communication network can provide a good range of wide-area roaming, but it provides low data transfer rates and network bandwidth, and is expensive. As the most common wireless access technology, WLAN can provide a higher rate, is suitable to transmit large amounts of multimedia information, and is inexpensive, but the network coverage is small. The integration of 3G and WLAN can take full advantage of them, and provide users with better services.
It is a very complicated system engineering to integrate 3G and WLAN network, needs to consider many key issues, one of which is security. In the network integrating 3G and WLAN, it is necessary to provide common authentication and billing mechanisms independent of the underlying wireless technology.
In this dissertation, we studied anonymous authentication and undenial charging protocols in 3G-WLAN integrated networks, and several improvements to the standard proposed by 3GPP were put forward as follow.
(1) An anonymous authentication protocol for WLAN Direct IP Access was proposed, which is based on proxy signature and the elliptic curve encryption, allows a pair of proxy signature keys to be shared among some mobile devices randomly, not only archives mutual authentication and master key agreement between user equipment and 3GPP AAA Server, distribution of the session master key between user and WLAN, but also addressing the security holes in the original protocol such as identity leak, DoS attacks and false AP attacks.
(2) A new fast re-authentication protocol for WLAN Direct IP Access was proposed based on dual hash chains mechanism, which not only realizes the mutual authentication between user equipment and 3GPP AAA Server, the secure distribution of the session master key between user and WLAN, and anti-replay attack, but also achieves anti-DoS attack which can't be provided by the original protocol. To resolve the issue that the maximum times of re-authentication is limited to the length of hash chain, we proposed a simple algorithm for hash chain regeneration, compared to one-time-signature-based algorithm, the proposed algorithm greatly reduces the computational load and communication load.
(3) An efficient WLAN 3GPP IP access authentication protocol was proposed, which makes full use of the result of WLAN direct IP access authentication to avoid the duplicated mutual authentication between UE and the 3GPP AAA Server, reduces the computational load and communication load. At the same time, as EAP-AKA procedure is omitted, the proposed protocol does not require authentication vectors from HSS/HLR, which reduces the workload of HSS/HLR.
(4) A non-repudiation offline charging protocol was proposed based on hash chain, which settles the matter that the original off-line charging protocol can't resolve the billing dispute which would happen between the UE and WLAN or between the UE and the visited network. As the computing load or storage load will be high when the length of hash chain is long, we proposed an efficient hash chain traversal algorithm based on binary tree, and realized the complexity analysis. The analysis results show that, when the length of the hash chain is n, the auxiliary space that the proposed algorithm needs is |log2 n|+1, and the number of hash calculations that the proposed algorithm needs during traverse is not larger than n|log2 n|/2. Further more, the algorithm can reduce time complexity by increasing space complexity, visa verse.
引文
[1]彭林,朱小敏,朱凌霄.WCDMA无线通信技术及演化[M].北京:中国铁道出版社,2003.
[2]王文博,彭木根.TD-SCDMA移动通信系统.第2版[M].北京:机械工业出版社,2007.
[3]顾曼霞,张智江,刘申建.CDMA2000 1x EV-DO网络技术[M].北京:机械工业出版社,2005.
[4]文志成.GPRS网络技术[M].北京:电子工业出版社,2005.
[5]彭木根,刘萍.GSM. GRPS和EDGE系统及其关键技术——向3G/UMTS系统演化[M].北京:中国铁道出版社,2004.
[6]IEEE Std 802.11-1997, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications[S].1997.
[7]IEEE Std 802.11a-1999, Supplement to IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications:High-Speed Physical Layer in the 5 GHz Band[S].1999.
[8]IEEE Std 802.11 b-1999, Supplement to IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications:Higher-Speed Physical Layer Extension in the 2.4 GHz Band[S].1999.
[9]IEEE Std 802.11d-2001, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirement. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification. Amendment 3:Specifications for Operation in Additional Regulatory Domains[S],2001.
[10]IEEE Std 802.11g-2005, Wireless LAN Medium Access Control(MAC) and Physical Layer(PHY) specifications Amendment 4:Further Higher Data Rate Extension in the 2.4 GHz Band[S].2005.
[11]IEEE Std 802.11f-2003, IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation[S].2003.
[12]IEEE Std 802.11e-2005, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 8:Medium Access Control (MAC) Quality of Service Enhancements[S].2005.
[13]IEEE Std 802.11h-2003, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Networks-Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications-Spectrum and Transmit Power Management Extensions in the 5 GHz Band in Europe[S].2003.
[14]IEEE Std 802.11i-2004, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Medium Access Control (MAC) Security Enhancements[S].2004.
[15]IEEE Std 802.11j-2004, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 7: 4.9 GHz-5 GHz Operation in Japan[S].2004.
[16]IEEE Std 802.11k-2008, IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems Local and Metropolitan Area Networks Specific Requirements Part 11:Wireless Lan Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 1: Radio Resource Measurement of Wireless Lans[S].2008.
[17]IEEE Std 802.11n-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 5: Enhancements for Higher Throughput[S].2009.
[18]IEEE Std 802.11r-2008, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Fast Basic Service Set (BSS)[S].2008.
[19]IEEE Std 802.11w-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer(PHY) Specifications Amendment 4: Protected Management Frames[S].2009.
[20]IEEE Std 802.11y-2008, IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems Local and Metropolitan Area Networks Specific Requirements[S]. 2008.
[21]IEEE Std 802.16-2001, IEEE Standard for Local and Metropolitan Area Networks Part 16:Air Interface for Fixed Broadband Wireless Access Systems[S].2001.
[22]IEEE Std 802.16a-2003, IEEE Standard for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 2:Medium Access Control Modifications and Additional Physical Layer Specifications for 2-11 GHz[S].2003.
[23]IEEE Std 802.16c-2002, IEEE Standard for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 1:Detailed System Profiles for 10-66 GHz[S].2002.
[24]IEEE Std 802.16f-2005, IEEE Standard for Local and Metropolitan Area Networks Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 1:Management Information Base[S].2005.
[25]IEEE Std 802.16g-2007, IEEE Standards for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed and Mobile Broadband Wireless Access Systems-Amendment 3:Management PLANe Procedure and Services[S].2007.
[26]IEEE Std 802.16j-2009, IEEE Standard for Local and metropolitan area networks Part 16:Air Interface for Broadband Wireless Access Systems Amendment 1:Multiple Relay Specification[S].2009.
[27]IEEE Std 802.16k-2007, IEEE Standard for Local and Metropolitan Area Networks Media Access Control (MAC) Bridges Amendment 5:Bridging of IEEE 802.16[S].2007.
[28]IEEE Std 802.15.1-2002, IEEE Standard for Information Technology-Telecommunications and Information Exchange[S].2002.
[29]IEEE Std 802.15.2-2003, IEEE Recommended Practice for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.2:Coexistence of Wireless Personal Area Networks With Other Wireless Devices Operating in Unlicensed Frequency Bands[S].2003.
[30]IEEE Std 802.15.3-2003. IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs)[S].2003.
[31]IEEE Std 802.15.3b-2005, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs) Amendment 1:Mac Sublayer[S].2005.
[32]IEEE Std 802.15.3c-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements. Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs) Amendment 2:Millimeter-wave-based Alternative Physical Layer Extension[S].2009.
[33]IEEE Std 802.15.4-2006, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.4:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S].2006.
[34]IEEE Std 802.15.4a-2007, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirement Part 15.4:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S].2007.
[35]IEEE Std 802.15.4c-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs) Amendment 2:Alternative Physical Layer Extension to support one or more of the Chinese 314-316 MHz,430-434 MHz, and 779-787 MHz bands[S].2009.
[36]IEEE Std 802.15.4d-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs) Amendment 3:Alternative Physical Layer Extension to support the Japanese 950 MHz bands[S].2009.
[37]IEEE Std 802.15.5-2009, IEEE Recommended Practice for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.5:Mesh Topology Capability in Wireless Personal Area Networks (WPANs)[S].2009.
[38]IEEE Draft P802.11s/D4.0, Dec 2009, IEEE Draft STANDARD for Information Technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 10:Mesh Networking[S].2009.
[39]Akyildiz I. F., Mohanty S., Jiang Xie. A ubiquitous mobile communication architecture for next-generation heterogeneous wireless systems[J]. Communications Magazine, IEEE,2005,43(6):S29-S36.
[40]Gang Wu, Mizuno M., Havinga P. J. M. MIRAI architecture for heterogeneous network[J]. Communications Magazine, IEEE,2002,40(2):126-134.
[41]Gustafsson E., Jonsson A. Always best connected[J]. Wireless Communications, IEEE, 2003,10(1):49-55.
[42]Buddhikot M. M., Chandranmenon G., Seungjae Han,等.Design and implementation of a WLAN/cdma2000 interworking architecture[J]. Communications Magazine, IEEE,2003,41(11):90-100.
[43]Salkintzis A. K., Fors C., Pazhyannur R. WLAN-GPRS integration for next-generation mobile data networks[J]. Wireless Communications, IEEE,2002,9(5):112-124.
[44]Buddhikot M., Chandranmenon G., Han S.,等.Integration of 802.11 and third-generation wireless data networks:Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, IEEE INFOCOM 2003.,2003[C].
[45]Hui Luo, Zhimei Jiang, Byoung-Jo Kim,等.Integrating wireless LAN and cellular data for the enterprise[J]. Internet Computing, IEEE,2003,7(2):25-33.
[46]Ahmavaara K., Haverinen H., Pichna R. Interworking architecture between 3GPP and WLAN systems[J]. Communications Magazine, IEEE,2003,41(11):74-81.
[47]Haverinen H., Mikkonen J., Takamaki T. Cellular access control and charging for mobile operator wireless local area networks[J]. Wireless Communications, IEEE,2002,9(6):52-60.
[48]原玲.3G与WiMAX联合组网研究[J].计算机工程与应用,2007,43(3):153-156.
[49]赵耀,尹浩,林闯.3G与WLAN互连的安全协议和分析[J].计算机工程与应用,2006,42(2):103-107.
[50]Buddhikot M., Chandranmenon G., Han S.,等.Integration of 802.11 and third-generation wireless data networks:INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies,2003[C].
[51]IETF RFC 3748, Extensible Authentication Protocol(EAP)[S].2004.
[52]IETF RFC 4186, Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)[S].2006.
[53]IETF RFC 4187, Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)[S].2006.
[54]IETF RFC 2865, Remote Authentication Dial In User Service (RADIUS)[S].2000.
[55]IETF RFC 3588, Diameter Base Protocol[S].2003.
[56]3GPP TR 22.934 V9.0.0, Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking[S].2009.
[57]纪阳,阮征,张平.基于全IP的3GPP-WLAN网络互通体系结构[J].电信工程技术与标准化,2004,””(3).
[58]刘学锋.安全协议形式化分析及其应用[D].湘潭大学计算机应用,2004.
[59]王倩.BAN类逻辑的研究[D].山东大学系统分析与集成,2007.
[60]丛士佺.网络化制造平台的两种认证协议及安全性分析[D].吉林大学计算机系统结构,2006.
[61]卿斯汉.安全协议20年研究进展[J].软件学报,2003,14(10):1740-1752.
[62]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安电子科技大学计算机应用技术,2008.
[63]刘红.异构无线网络密钥协商和认证向量研究[D].山东大学计算机应用技术,2009.
[64]刘琪.IMS下WAPI安全接入的研究与实现[D].北京邮电大学电磁场与微波技术,2008.
[65]左伯茹.IMS网络接入安全方案研究[D].北京邮电大学电磁场与微波技术,2006.
[66]张帆.无线网络安全协议的形式化分析方法[D].西安电子科技大学计算机应用技术,2007.
[67]朱建明.无线网络安全方法与技术研究[D].马建峰计算机应用技术,2004.
[68]Kesdogan D., Palmer C. Technical challenges of network anonymity[J]. COMPUTER COMMUNICATIONS,2006,29(3):306-324.
[69]Raymond D. R., Midkiff S. F. Denial-of-Service in Wireless Sensor Networks:Attacks and Defenses[J]. Pervasive Computing, IEEE,2008,7(1):74-81.
[70]Carl G., Kesidis G., Brooks R. R.,等.Denial-of-service attack-detection techniques[J]. Internet Computing, IEEE,2006,10(1):82-89.
[71]Changwang Zhang, Jianping Yin, Zhiping Cai,等.RRED:robust RED algorithm to counter low-rate denial-of-service attacks[J]. Communications Letters, IEEE,2010,14(5):489-491.
[72]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18.
[73]Jianming Zhu, Jianfeng Ma. A new authentication scheme with anonymity for wireless environments[J]. Consumer Electronics, IEEE Transactions on,2004,50(1):231-235.
[74]Wong D. S. Security analysis of two anonymous authentication protocols for distributed wireless networks:Third IEEE International Conference on Pervasive Computing and Communications Workshops, 2005. PerCom 2005 Workshops.,2005[C].
[75]Peng Zeng, Zhenfu Cao, Kim-kwang Choo,等.On the anonymity of some authentication schemes for wireless communications[J]. Communications Letters, IEEE,2009,13(3):]70-171.
[76]Ji-seon Lee, Jik Chang, Dong Lee. Security flaw of authentication scheme with anonymity for wireless communications[J]. Communications Letters, IEEE,2009,13(5):292-293.
[77]Yongzhuang Wei, Hongbing Qiu, Yupu Hu. Security Analysis of Authentication Scheme with Anonymity for Wireless Environments:International Conference on Communication Technology,2006. ICCT'06.,2006[C].
[78]Chia-Chun Wu, Wei-Bin Lee, Woei-Jiunn Tsaur. A Secure Authentication Scheme with Anonymity for Wireless Communications[J]. Communications Letters, IEEE,2008,12(10):722-723.
[79]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85.
[80]Ateniese G., Herzberg A., Krawczyk H.,等.Untraceable mobility or how to travel incognito[J]. COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING,1999,31(8):871-884.
[81]Molva R., Samfat D., Tsudik G. Authentication of mobile users[J]. Network, IEEE,1994,8(2):26-34.
[82]Neuman B. C., Ts'O T. Kerberos:an authentication service for computer networks[J]. Communications Magazine, IEEE,1994,32(9):33-38.
[83]Samfat Didier, Molva Refik, Asokan N. Untraceability in mobile networks:Proceedings of the 1995 1st Annual International Conference on Mobile Computing and Networking, November 13,1995-November 15, 1995, Berkeley, CA, USA,1995[C]. ACM.
[84]Qi He, Dapeng Wu, Khosla P. The quest for personal control over mobile location privacy[J]. Communications Magazine, IEEE,2004,42(5):130-136.
[85]Wei-Bin Lee, Chang-Kuo Yeh. A new delegation-based authentication protocol for use in portable communication systems[J]. Wireless Communications, IEEE Transactions on,2005,4(1):57-64.
[86]Caimu Tang, Wu D. O. An Efficient Mobile Authentication Scheme for Wireless Networks[J]. Wireless Communications, IEEE Transactions on,2008,7(4):1408-1416.
[87]CAIMU T, WU D O. Mobile privacy in wireless networks-revisited[J]. IEEE Transactions on Wireless Communications,2008,7(3):1035-1042.
[88]Jianqing Fu, Jian Chen, Rong Fan,等.An Efficient Delegation-Based Anonymous Authentication Protocol:Computer Science and Engineering,2009. WCSE '09. Second International Workshop on,2009[C].
[89]Lamport L. Constructing digital signatures from a one-way function, Technical Report SRI-CSL-98[R].SRI International Computer Science Laboratory,1979.
[90]Lamport Leslie. PASSWORD AUTHENTICATION WITH INSECURE COMMUNICATION.[J]. Communications of the ACM,1981,24(11):770-772.
[91]IETF. RFC 2289, A One-Time Password System[S].1998.
[92]Ramkumar M., Memon N. An efficient key predistribution scheme for ad hoc network security[J]. Selected Areas in Communications, IEEE Journal on,2005,23(3):611-621.
[93]Vishwas Patil, Shyamasundar R. K. An efficient, secure and delegable micro-payment system: e-Technology, e-Commerce and e-Service,2004. EEE '04.2004 IEEE International Conference on,2004[C].
[94]赵玉娟,张浩军,秦兴桥.无线局域网密钥协商协议安全性分析与改进[J].通信技术,2007,40(11).
[95]Deng J., Han R., Mishra S. Secure code distribution in dynamically programmable wireless sensor networks:The Fifth International Conference on Information Processing in Sensor Networks,2006. IPSN 2006.,2006[C].
[96]Tseng Y. M., Yang C. C., Su J. H. Authentication and billing protocols for the integration of WLAN and 3G networks[J]. WIRELESS PERSONAL COMMUNICATIONS,2004,29(3-4):351-366.
[97]Bicakci K., Baykal N. Infinite length hash chains and their applications:Eleventh IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises,2002. WET ICE 2002., 2002[C].
[98]Di Pietro Roberto, Mancini Luigi V., Durante Antonio,等.Addressing the shortcomings of one-way chains:2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS '06, March 21,2007-March 24,2007, Taipei, Taiwan,2006[C]. Association for Computing Machinery.
[99]Chung Yu-Fang, Huang Kuo-Hsuan. Chameleon signature with conditional open verification[J]. International Journal of Innovative Computing, Information and Control,2009,5(9):2829-2836.
[100]Ateniese Giuseppe, De Medeiros Breno. On the key exposure problem in chameleon hashes:4th International Conference on Security in Communication Networks, SCN 2004, September 8,2004-September 10,2004, Amalfi, Italy,2005[C]. Springer Verlag.
[101]Du Xin-Jun, Wang Ying, Ge Jian-Hua,等.Chameleon signature from bilinear pairing[J]. Chinese Journal of Software,2007,18(10):2662-2668.
[102]Gao Wei, Wang Xue-Li, Xie Dong-Qing. Chameleon hashes without key exposure based on factoring[J]. Journal of Computer Science and Technology,2007,22(1):109-113.
[103]Goyal V. How to re-initialize a hash chain:IACR 2004,2004[C].
[104]Zhao Y., Li D. An Improved Elegant Method to Re-initialize Hash Chains[Z].2005.
[105]Zhang Haojun, Zhu Yuefei. Self-Updating Hash Chains and Their Implementations[J]. Web Information Systems-WISE 2006,2006:387-397.
[106]Celentano D., Fresa A., Longer M.,等.Improved Authentication for IMS Registration in 3G/WLAN Interworking:Personal, Indoor and Mobile Radio Communications,2007. PIMRC 2007. IEEE 18th International Symposium on,2007[C].
[107]Ntantogian Christoforos, Xenakis Christos. One-Pass EAP-AKA Authentication in 3G-WLAN Integrated Networks[J]. Wireless Personal Communications,2009,48(4):569-584.
[108]Ntantogian Christoforos, Xenakis Christos, Stavrakakis Ioannis. A generic mechanism for efficient authentication in B3G networks[J]. Computers & Security,2009,In Press, Corrected Proof.
[109]Ntantogian C., Xenakis C. Reducing Authentication Traffic in 3G-WLAN Integrated Networks:IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications,2007. PIMRC 2007., 2007[C].
[110]Yi-Bing Lin, Ming-Feng Chang, Meng-Ta Hsu,等.One-pass GPRS and IMS authentication procedure for UMTS[J]. Selected Areas in Communications, IEEE Journal on,2005,23(6):1233-1239.
[111]Chung-Ming Huang Jian-Wei Li. Efficient and Provably Secure IP Multimedia Subsystem Authentication for UMTS[J]. The Computer Journal,2007,10:1093.
[112]Huang C. M., Li J. W. One-Pass Authentication and Key Agreement Procedure in IP Multimedia Subsystem for UMTS:Advanced Information Networking and Applications,2007. AINA '07. 21st International Conference on,2007[C].
[113]Huang Chung-Ming, Li Jian-Wei. Reducing Signaling Traffic for the Authentication and Key Agreement Procedure in an IP Multimedia Subsystem[J]. Wireless Personal Communications, 2009,51(1):95-107.
[114]Lightweight Efficient and Feasible IP Multimedia Subsystem Authentication:2010 International Conference on Networking and Information Technology, ICNIT 2010, to be published,2010[C].
[115]Jianying Zhou Kwok-Yan Lam. Undeniable billing in mobile communications:Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and networking, Dallas, Texas, United States,1998[C]. ACM.
[116]Zhu H, Lin X., Shi M.,等.PPAB:A Privacy-Preserving Authentication and Billing Architecture for Metropolitan Area Sharing Networks[J]. Vehicular Technology, IEEE Transactions on Vehicular Technology, IEEE Transactions on Vehicular Technology, IEEE Transactions on,2009,58(5):2529-2543.
[117]Li Shiqun, Wang Guilin, Zhou Jianying,等.Undeniable Mobile Billing Schemes[J]. Lecture Notes in Computer Science,2007:338-345.
[118]Jakobsson Markus. Fractal hash sequence representation and traversal:2002 IEEE International Symposium on Information Theory, June 30,2002-July 5,2002, Lausanne, Switzerland,2002[C]. Institute of Electrical and Electronics Engineers Inc..
[119]Hu Yih-Chun, Jakobsson Markus, Perrig Adrian. Efficient Constructions for One-Way Hash Chains[J]. Applied Cryptography and Network Security,2005:423-441.
[120]Yum Dae, Seo Jae, Eom Sungwook,等.Single-Layer Fractal Hash Chain Traversal with Almost Optimal Complexiry[J]. Topics in Cryptology-CT-RSA 2009,2009:325-339.
[121]Dolev D., Yao A. On the security of public key protocols[J]. Information Theory, IEEE Transactions on, ] 983,29(2):198-208.
[122]Dolev D., Yao A. C. On the security of public key protocols:22nd Annual Symposium on Foundations of Computer Science,1981. SFCS'81.,1981[C].
[123]3GPP TS 23.234 V8.0.0,3GPP system to Wireless Local Area Network (WLAN) interworking, System description[S].2008.
[124]3GPP TS 33.234 V9.0.0,3G Security, Wireless Local Area Network (WLAN) interworking security[S]. 2009.
[125]3GPP TS 23.003 V9.1.0, Numbering, addressing and identification[S].2009.
[126]IETF RFC4306, Internet Key Exchange (IKEv2) Protocol[S].2005.
[127]IETF RFC2401, Security Architecture for the Internet Protocol[S].1998.
[128]Diffie W., Hellman M. New directions in cryptography[J]. Information Theory, IEEE Transactions on, 1976,22(6):644-654.
[129]Maurer Ueli M., Wolf Stefan. The Diffie-Hellman Protocol[J].2000,19(2):147-171.
[130]3GPP TS 33.102 V9.1.0,3G Security, Security architecture[S].2009.
[131]蒋军.异构无线网络互联的认证和密钥协商研究[D].上海:上海交通大学通信与信息系统,2006.
[132]IEEE Std 802.1X-2010, IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control [S].2010.
[133]Mambo Masahiro, Usuda Keisuke, Okamoto Eiji. Proxy signatures for delegating signing operation: Proceedings of the 1996 3rd ACM Conference on Computer and Communications Security, March 14,1996-March 16,1996, New Delhi, India,1996[C]. ACM.
[134]Mambo Masahiro, Usuda Keisuke, Okamoto Eiji. Proxy signatures:Delegation of the power to sign messages[J]. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1996,E79-A(9):1338-1354.
[135]Miller V. S. Use of Elliptic Curves in Cryptography:Proceedings of Crypto 85, Berlin,1986[C].
[136]Koblitz N. Elliptic Curve Cryptosystems[J]. Mathematics of Computation,1987,48:203-209.
[137]Botes J. J., Penzhorn W. T. Public-key cryptosystems based on elliptic curves:Proceedings of the 1993 IEEE South African Symposium on Communications and Signal Processing,1993.,1993[C].
[138]Munoz A., Mana A., Serrano D. AVISPA in the Validation of Ambient Intelligence Scenarios: Availability, Reliability and Security,2009. ARES'09. International Conference on,2009[C].
[139]Armando A., Basin D., Boichut Y.,等.The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications[J].2005:281-285.
[140]Armando Alessandro, Basin David, Bouallagui Mehdi,等. The AVISS Security Protocol Analysis Tool[J].2002:349-354.
[141]Bozga L., Lakhnech Y., Perin M. HERMES:An automatic tool for verification of secrecy in security protocols[M]//2003:219-222.
[142]Chevalier Y., Compagna L., Cuellar J.,等.A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols:Austrian Computer Society 2004,2004[C].
[143]Basin D., Modersheim S., Vigano L. OFMC:A Symbolic Model-Checker for Security Protocols[J]. International Journal of Information Security,2005,4(3):181-208.
[144]Chevalier Y., Vigneron L. Strategy for Verifying Security Protocols with Unbounded Message Size[J]. 2004,11(2):141-166.
[145]Armando Alessandro, Compagna Luca. SATMC:A SAT-based model checker for security protocols:9th European Conference JELIA 2004:Logics in Artificial Intelligence, September 27,2004-September 30, 2004, Lisbon, Portugal,2004[C]. Springer Verlag.
[146]Boichut Y., Heam P. C., Kouchnarenko O.,等.Improvements on the Genet and Klay Technique to Automatically Verify Security Protocols:Automated Verification of Infinite States Systems 2004,2004[C].
[147]Potlapally N. R., Ravi S., Raghunathan A.,等.Analyzing the energy consumption of security protocols: Proceedings of the 2003 International Symposium on Low Power Electronics and Design,2003. ISLPED '03. 2003[C].
[148]MERKLE R. C. A DIGITAL SIGNATURE BASED ON A CONVENTIONAL ENCRYPTION FUNCTION[J]. LECTURE NOTES IN COMPUTER SCIENCE,1988,293:369-378.
[149]RSA Laboratories, RSA Laboratories'Frequently Asked Questions About Today's Cryptography, V4.1 [M/OL]. http://www.rsa.com/rsalabs/node.asp?id=3120.
[2]王文博,彭木根.TD-SCDMA移动通信系统.第2版[M].北京:机械工业出版社,2007.
[3]顾曼霞,张智江,刘申建.CDMA2000 1x EV-DO网络技术[M].北京:机械工业出版社,2005.
[4]文志成.GPRS网络技术[M].北京:电子工业出版社,2005.
[5]彭木根,刘萍.GSM. GRPS和EDGE系统及其关键技术——向3G/UMTS系统演化[M].北京:中国铁道出版社,2004.
[6]IEEE Std 802.11-1997, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications[S].1997.
[7]IEEE Std 802.11a-1999, Supplement to IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications:High-Speed Physical Layer in the 5 GHz Band[S].1999.
[8]IEEE Std 802.11 b-1999, Supplement to IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications:Higher-Speed Physical Layer Extension in the 2.4 GHz Band[S].1999.
[9]IEEE Std 802.11d-2001, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirement. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification. Amendment 3:Specifications for Operation in Additional Regulatory Domains[S],2001.
[10]IEEE Std 802.11g-2005, Wireless LAN Medium Access Control(MAC) and Physical Layer(PHY) specifications Amendment 4:Further Higher Data Rate Extension in the 2.4 GHz Band[S].2005.
[11]IEEE Std 802.11f-2003, IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation[S].2003.
[12]IEEE Std 802.11e-2005, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 8:Medium Access Control (MAC) Quality of Service Enhancements[S].2005.
[13]IEEE Std 802.11h-2003, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Networks-Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications-Spectrum and Transmit Power Management Extensions in the 5 GHz Band in Europe[S].2003.
[14]IEEE Std 802.11i-2004, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Medium Access Control (MAC) Security Enhancements[S].2004.
[15]IEEE Std 802.11j-2004, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 7: 4.9 GHz-5 GHz Operation in Japan[S].2004.
[16]IEEE Std 802.11k-2008, IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems Local and Metropolitan Area Networks Specific Requirements Part 11:Wireless Lan Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 1: Radio Resource Measurement of Wireless Lans[S].2008.
[17]IEEE Std 802.11n-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 5: Enhancements for Higher Throughput[S].2009.
[18]IEEE Std 802.11r-2008, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Fast Basic Service Set (BSS)[S].2008.
[19]IEEE Std 802.11w-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer(PHY) Specifications Amendment 4: Protected Management Frames[S].2009.
[20]IEEE Std 802.11y-2008, IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems Local and Metropolitan Area Networks Specific Requirements[S]. 2008.
[21]IEEE Std 802.16-2001, IEEE Standard for Local and Metropolitan Area Networks Part 16:Air Interface for Fixed Broadband Wireless Access Systems[S].2001.
[22]IEEE Std 802.16a-2003, IEEE Standard for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 2:Medium Access Control Modifications and Additional Physical Layer Specifications for 2-11 GHz[S].2003.
[23]IEEE Std 802.16c-2002, IEEE Standard for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 1:Detailed System Profiles for 10-66 GHz[S].2002.
[24]IEEE Std 802.16f-2005, IEEE Standard for Local and Metropolitan Area Networks Part 16:Air Interface for Fixed Broadband Wireless Access Systems-Amendment 1:Management Information Base[S].2005.
[25]IEEE Std 802.16g-2007, IEEE Standards for Local and Metropolitan Area Networks-Part 16:Air Interface for Fixed and Mobile Broadband Wireless Access Systems-Amendment 3:Management PLANe Procedure and Services[S].2007.
[26]IEEE Std 802.16j-2009, IEEE Standard for Local and metropolitan area networks Part 16:Air Interface for Broadband Wireless Access Systems Amendment 1:Multiple Relay Specification[S].2009.
[27]IEEE Std 802.16k-2007, IEEE Standard for Local and Metropolitan Area Networks Media Access Control (MAC) Bridges Amendment 5:Bridging of IEEE 802.16[S].2007.
[28]IEEE Std 802.15.1-2002, IEEE Standard for Information Technology-Telecommunications and Information Exchange[S].2002.
[29]IEEE Std 802.15.2-2003, IEEE Recommended Practice for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.2:Coexistence of Wireless Personal Area Networks With Other Wireless Devices Operating in Unlicensed Frequency Bands[S].2003.
[30]IEEE Std 802.15.3-2003. IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs)[S].2003.
[31]IEEE Std 802.15.3b-2005, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs) Amendment 1:Mac Sublayer[S].2005.
[32]IEEE Std 802.15.3c-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements. Part 15.3:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for High Rate Wireless Personal Area Networks (WPANs) Amendment 2:Millimeter-wave-based Alternative Physical Layer Extension[S].2009.
[33]IEEE Std 802.15.4-2006, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements Part 15.4:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S].2006.
[34]IEEE Std 802.15.4a-2007, IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirement Part 15.4:Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S].2007.
[35]IEEE Std 802.15.4c-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs) Amendment 2:Alternative Physical Layer Extension to support one or more of the Chinese 314-316 MHz,430-434 MHz, and 779-787 MHz bands[S].2009.
[36]IEEE Std 802.15.4d-2009, IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs) Amendment 3:Alternative Physical Layer Extension to support the Japanese 950 MHz bands[S].2009.
[37]IEEE Std 802.15.5-2009, IEEE Recommended Practice for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.5:Mesh Topology Capability in Wireless Personal Area Networks (WPANs)[S].2009.
[38]IEEE Draft P802.11s/D4.0, Dec 2009, IEEE Draft STANDARD for Information Technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 10:Mesh Networking[S].2009.
[39]Akyildiz I. F., Mohanty S., Jiang Xie. A ubiquitous mobile communication architecture for next-generation heterogeneous wireless systems[J]. Communications Magazine, IEEE,2005,43(6):S29-S36.
[40]Gang Wu, Mizuno M., Havinga P. J. M. MIRAI architecture for heterogeneous network[J]. Communications Magazine, IEEE,2002,40(2):126-134.
[41]Gustafsson E., Jonsson A. Always best connected[J]. Wireless Communications, IEEE, 2003,10(1):49-55.
[42]Buddhikot M. M., Chandranmenon G., Seungjae Han,等.Design and implementation of a WLAN/cdma2000 interworking architecture[J]. Communications Magazine, IEEE,2003,41(11):90-100.
[43]Salkintzis A. K., Fors C., Pazhyannur R. WLAN-GPRS integration for next-generation mobile data networks[J]. Wireless Communications, IEEE,2002,9(5):112-124.
[44]Buddhikot M., Chandranmenon G., Han S.,等.Integration of 802.11 and third-generation wireless data networks:Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, IEEE INFOCOM 2003.,2003[C].
[45]Hui Luo, Zhimei Jiang, Byoung-Jo Kim,等.Integrating wireless LAN and cellular data for the enterprise[J]. Internet Computing, IEEE,2003,7(2):25-33.
[46]Ahmavaara K., Haverinen H., Pichna R. Interworking architecture between 3GPP and WLAN systems[J]. Communications Magazine, IEEE,2003,41(11):74-81.
[47]Haverinen H., Mikkonen J., Takamaki T. Cellular access control and charging for mobile operator wireless local area networks[J]. Wireless Communications, IEEE,2002,9(6):52-60.
[48]原玲.3G与WiMAX联合组网研究[J].计算机工程与应用,2007,43(3):153-156.
[49]赵耀,尹浩,林闯.3G与WLAN互连的安全协议和分析[J].计算机工程与应用,2006,42(2):103-107.
[50]Buddhikot M., Chandranmenon G., Han S.,等.Integration of 802.11 and third-generation wireless data networks:INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies,2003[C].
[51]IETF RFC 3748, Extensible Authentication Protocol(EAP)[S].2004.
[52]IETF RFC 4186, Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)[S].2006.
[53]IETF RFC 4187, Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)[S].2006.
[54]IETF RFC 2865, Remote Authentication Dial In User Service (RADIUS)[S].2000.
[55]IETF RFC 3588, Diameter Base Protocol[S].2003.
[56]3GPP TR 22.934 V9.0.0, Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking[S].2009.
[57]纪阳,阮征,张平.基于全IP的3GPP-WLAN网络互通体系结构[J].电信工程技术与标准化,2004,””(3).
[58]刘学锋.安全协议形式化分析及其应用[D].湘潭大学计算机应用,2004.
[59]王倩.BAN类逻辑的研究[D].山东大学系统分析与集成,2007.
[60]丛士佺.网络化制造平台的两种认证协议及安全性分析[D].吉林大学计算机系统结构,2006.
[61]卿斯汉.安全协议20年研究进展[J].软件学报,2003,14(10):1740-1752.
[62]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安电子科技大学计算机应用技术,2008.
[63]刘红.异构无线网络密钥协商和认证向量研究[D].山东大学计算机应用技术,2009.
[64]刘琪.IMS下WAPI安全接入的研究与实现[D].北京邮电大学电磁场与微波技术,2008.
[65]左伯茹.IMS网络接入安全方案研究[D].北京邮电大学电磁场与微波技术,2006.
[66]张帆.无线网络安全协议的形式化分析方法[D].西安电子科技大学计算机应用技术,2007.
[67]朱建明.无线网络安全方法与技术研究[D].马建峰计算机应用技术,2004.
[68]Kesdogan D., Palmer C. Technical challenges of network anonymity[J]. COMPUTER COMMUNICATIONS,2006,29(3):306-324.
[69]Raymond D. R., Midkiff S. F. Denial-of-Service in Wireless Sensor Networks:Attacks and Defenses[J]. Pervasive Computing, IEEE,2008,7(1):74-81.
[70]Carl G., Kesidis G., Brooks R. R.,等.Denial-of-service attack-detection techniques[J]. Internet Computing, IEEE,2006,10(1):82-89.
[71]Changwang Zhang, Jianping Yin, Zhiping Cai,等.RRED:robust RED algorithm to counter low-rate denial-of-service attacks[J]. Communications Letters, IEEE,2010,14(5):489-491.
[72]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18.
[73]Jianming Zhu, Jianfeng Ma. A new authentication scheme with anonymity for wireless environments[J]. Consumer Electronics, IEEE Transactions on,2004,50(1):231-235.
[74]Wong D. S. Security analysis of two anonymous authentication protocols for distributed wireless networks:Third IEEE International Conference on Pervasive Computing and Communications Workshops, 2005. PerCom 2005 Workshops.,2005[C].
[75]Peng Zeng, Zhenfu Cao, Kim-kwang Choo,等.On the anonymity of some authentication schemes for wireless communications[J]. Communications Letters, IEEE,2009,13(3):]70-171.
[76]Ji-seon Lee, Jik Chang, Dong Lee. Security flaw of authentication scheme with anonymity for wireless communications[J]. Communications Letters, IEEE,2009,13(5):292-293.
[77]Yongzhuang Wei, Hongbing Qiu, Yupu Hu. Security Analysis of Authentication Scheme with Anonymity for Wireless Environments:International Conference on Communication Technology,2006. ICCT'06.,2006[C].
[78]Chia-Chun Wu, Wei-Bin Lee, Woei-Jiunn Tsaur. A Secure Authentication Scheme with Anonymity for Wireless Communications[J]. Communications Letters, IEEE,2008,12(10):722-723.
[79]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85.
[80]Ateniese G., Herzberg A., Krawczyk H.,等.Untraceable mobility or how to travel incognito[J]. COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING,1999,31(8):871-884.
[81]Molva R., Samfat D., Tsudik G. Authentication of mobile users[J]. Network, IEEE,1994,8(2):26-34.
[82]Neuman B. C., Ts'O T. Kerberos:an authentication service for computer networks[J]. Communications Magazine, IEEE,1994,32(9):33-38.
[83]Samfat Didier, Molva Refik, Asokan N. Untraceability in mobile networks:Proceedings of the 1995 1st Annual International Conference on Mobile Computing and Networking, November 13,1995-November 15, 1995, Berkeley, CA, USA,1995[C]. ACM.
[84]Qi He, Dapeng Wu, Khosla P. The quest for personal control over mobile location privacy[J]. Communications Magazine, IEEE,2004,42(5):130-136.
[85]Wei-Bin Lee, Chang-Kuo Yeh. A new delegation-based authentication protocol for use in portable communication systems[J]. Wireless Communications, IEEE Transactions on,2005,4(1):57-64.
[86]Caimu Tang, Wu D. O. An Efficient Mobile Authentication Scheme for Wireless Networks[J]. Wireless Communications, IEEE Transactions on,2008,7(4):1408-1416.
[87]CAIMU T, WU D O. Mobile privacy in wireless networks-revisited[J]. IEEE Transactions on Wireless Communications,2008,7(3):1035-1042.
[88]Jianqing Fu, Jian Chen, Rong Fan,等.An Efficient Delegation-Based Anonymous Authentication Protocol:Computer Science and Engineering,2009. WCSE '09. Second International Workshop on,2009[C].
[89]Lamport L. Constructing digital signatures from a one-way function, Technical Report SRI-CSL-98[R].SRI International Computer Science Laboratory,1979.
[90]Lamport Leslie. PASSWORD AUTHENTICATION WITH INSECURE COMMUNICATION.[J]. Communications of the ACM,1981,24(11):770-772.
[91]IETF. RFC 2289, A One-Time Password System[S].1998.
[92]Ramkumar M., Memon N. An efficient key predistribution scheme for ad hoc network security[J]. Selected Areas in Communications, IEEE Journal on,2005,23(3):611-621.
[93]Vishwas Patil, Shyamasundar R. K. An efficient, secure and delegable micro-payment system: e-Technology, e-Commerce and e-Service,2004. EEE '04.2004 IEEE International Conference on,2004[C].
[94]赵玉娟,张浩军,秦兴桥.无线局域网密钥协商协议安全性分析与改进[J].通信技术,2007,40(11).
[95]Deng J., Han R., Mishra S. Secure code distribution in dynamically programmable wireless sensor networks:The Fifth International Conference on Information Processing in Sensor Networks,2006. IPSN 2006.,2006[C].
[96]Tseng Y. M., Yang C. C., Su J. H. Authentication and billing protocols for the integration of WLAN and 3G networks[J]. WIRELESS PERSONAL COMMUNICATIONS,2004,29(3-4):351-366.
[97]Bicakci K., Baykal N. Infinite length hash chains and their applications:Eleventh IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises,2002. WET ICE 2002., 2002[C].
[98]Di Pietro Roberto, Mancini Luigi V., Durante Antonio,等.Addressing the shortcomings of one-way chains:2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS '06, March 21,2007-March 24,2007, Taipei, Taiwan,2006[C]. Association for Computing Machinery.
[99]Chung Yu-Fang, Huang Kuo-Hsuan. Chameleon signature with conditional open verification[J]. International Journal of Innovative Computing, Information and Control,2009,5(9):2829-2836.
[100]Ateniese Giuseppe, De Medeiros Breno. On the key exposure problem in chameleon hashes:4th International Conference on Security in Communication Networks, SCN 2004, September 8,2004-September 10,2004, Amalfi, Italy,2005[C]. Springer Verlag.
[101]Du Xin-Jun, Wang Ying, Ge Jian-Hua,等.Chameleon signature from bilinear pairing[J]. Chinese Journal of Software,2007,18(10):2662-2668.
[102]Gao Wei, Wang Xue-Li, Xie Dong-Qing. Chameleon hashes without key exposure based on factoring[J]. Journal of Computer Science and Technology,2007,22(1):109-113.
[103]Goyal V. How to re-initialize a hash chain:IACR 2004,2004[C].
[104]Zhao Y., Li D. An Improved Elegant Method to Re-initialize Hash Chains[Z].2005.
[105]Zhang Haojun, Zhu Yuefei. Self-Updating Hash Chains and Their Implementations[J]. Web Information Systems-WISE 2006,2006:387-397.
[106]Celentano D., Fresa A., Longer M.,等.Improved Authentication for IMS Registration in 3G/WLAN Interworking:Personal, Indoor and Mobile Radio Communications,2007. PIMRC 2007. IEEE 18th International Symposium on,2007[C].
[107]Ntantogian Christoforos, Xenakis Christos. One-Pass EAP-AKA Authentication in 3G-WLAN Integrated Networks[J]. Wireless Personal Communications,2009,48(4):569-584.
[108]Ntantogian Christoforos, Xenakis Christos, Stavrakakis Ioannis. A generic mechanism for efficient authentication in B3G networks[J]. Computers & Security,2009,In Press, Corrected Proof.
[109]Ntantogian C., Xenakis C. Reducing Authentication Traffic in 3G-WLAN Integrated Networks:IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications,2007. PIMRC 2007., 2007[C].
[110]Yi-Bing Lin, Ming-Feng Chang, Meng-Ta Hsu,等.One-pass GPRS and IMS authentication procedure for UMTS[J]. Selected Areas in Communications, IEEE Journal on,2005,23(6):1233-1239.
[111]Chung-Ming Huang Jian-Wei Li. Efficient and Provably Secure IP Multimedia Subsystem Authentication for UMTS[J]. The Computer Journal,2007,10:1093.
[112]Huang C. M., Li J. W. One-Pass Authentication and Key Agreement Procedure in IP Multimedia Subsystem for UMTS:Advanced Information Networking and Applications,2007. AINA '07. 21st International Conference on,2007[C].
[113]Huang Chung-Ming, Li Jian-Wei. Reducing Signaling Traffic for the Authentication and Key Agreement Procedure in an IP Multimedia Subsystem[J]. Wireless Personal Communications, 2009,51(1):95-107.
[114]Lightweight Efficient and Feasible IP Multimedia Subsystem Authentication:2010 International Conference on Networking and Information Technology, ICNIT 2010, to be published,2010[C].
[115]Jianying Zhou Kwok-Yan Lam. Undeniable billing in mobile communications:Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and networking, Dallas, Texas, United States,1998[C]. ACM.
[116]Zhu H, Lin X., Shi M.,等.PPAB:A Privacy-Preserving Authentication and Billing Architecture for Metropolitan Area Sharing Networks[J]. Vehicular Technology, IEEE Transactions on Vehicular Technology, IEEE Transactions on Vehicular Technology, IEEE Transactions on,2009,58(5):2529-2543.
[117]Li Shiqun, Wang Guilin, Zhou Jianying,等.Undeniable Mobile Billing Schemes[J]. Lecture Notes in Computer Science,2007:338-345.
[118]Jakobsson Markus. Fractal hash sequence representation and traversal:2002 IEEE International Symposium on Information Theory, June 30,2002-July 5,2002, Lausanne, Switzerland,2002[C]. Institute of Electrical and Electronics Engineers Inc..
[119]Hu Yih-Chun, Jakobsson Markus, Perrig Adrian. Efficient Constructions for One-Way Hash Chains[J]. Applied Cryptography and Network Security,2005:423-441.
[120]Yum Dae, Seo Jae, Eom Sungwook,等.Single-Layer Fractal Hash Chain Traversal with Almost Optimal Complexiry[J]. Topics in Cryptology-CT-RSA 2009,2009:325-339.
[121]Dolev D., Yao A. On the security of public key protocols[J]. Information Theory, IEEE Transactions on, ] 983,29(2):198-208.
[122]Dolev D., Yao A. C. On the security of public key protocols:22nd Annual Symposium on Foundations of Computer Science,1981. SFCS'81.,1981[C].
[123]3GPP TS 23.234 V8.0.0,3GPP system to Wireless Local Area Network (WLAN) interworking, System description[S].2008.
[124]3GPP TS 33.234 V9.0.0,3G Security, Wireless Local Area Network (WLAN) interworking security[S]. 2009.
[125]3GPP TS 23.003 V9.1.0, Numbering, addressing and identification[S].2009.
[126]IETF RFC4306, Internet Key Exchange (IKEv2) Protocol[S].2005.
[127]IETF RFC2401, Security Architecture for the Internet Protocol[S].1998.
[128]Diffie W., Hellman M. New directions in cryptography[J]. Information Theory, IEEE Transactions on, 1976,22(6):644-654.
[129]Maurer Ueli M., Wolf Stefan. The Diffie-Hellman Protocol[J].2000,19(2):147-171.
[130]3GPP TS 33.102 V9.1.0,3G Security, Security architecture[S].2009.
[131]蒋军.异构无线网络互联的认证和密钥协商研究[D].上海:上海交通大学通信与信息系统,2006.
[132]IEEE Std 802.1X-2010, IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control [S].2010.
[133]Mambo Masahiro, Usuda Keisuke, Okamoto Eiji. Proxy signatures for delegating signing operation: Proceedings of the 1996 3rd ACM Conference on Computer and Communications Security, March 14,1996-March 16,1996, New Delhi, India,1996[C]. ACM.
[134]Mambo Masahiro, Usuda Keisuke, Okamoto Eiji. Proxy signatures:Delegation of the power to sign messages[J]. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 1996,E79-A(9):1338-1354.
[135]Miller V. S. Use of Elliptic Curves in Cryptography:Proceedings of Crypto 85, Berlin,1986[C].
[136]Koblitz N. Elliptic Curve Cryptosystems[J]. Mathematics of Computation,1987,48:203-209.
[137]Botes J. J., Penzhorn W. T. Public-key cryptosystems based on elliptic curves:Proceedings of the 1993 IEEE South African Symposium on Communications and Signal Processing,1993.,1993[C].
[138]Munoz A., Mana A., Serrano D. AVISPA in the Validation of Ambient Intelligence Scenarios: Availability, Reliability and Security,2009. ARES'09. International Conference on,2009[C].
[139]Armando A., Basin D., Boichut Y.,等.The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications[J].2005:281-285.
[140]Armando Alessandro, Basin David, Bouallagui Mehdi,等. The AVISS Security Protocol Analysis Tool[J].2002:349-354.
[141]Bozga L., Lakhnech Y., Perin M. HERMES:An automatic tool for verification of secrecy in security protocols[M]//2003:219-222.
[142]Chevalier Y., Compagna L., Cuellar J.,等.A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols:Austrian Computer Society 2004,2004[C].
[143]Basin D., Modersheim S., Vigano L. OFMC:A Symbolic Model-Checker for Security Protocols[J]. International Journal of Information Security,2005,4(3):181-208.
[144]Chevalier Y., Vigneron L. Strategy for Verifying Security Protocols with Unbounded Message Size[J]. 2004,11(2):141-166.
[145]Armando Alessandro, Compagna Luca. SATMC:A SAT-based model checker for security protocols:9th European Conference JELIA 2004:Logics in Artificial Intelligence, September 27,2004-September 30, 2004, Lisbon, Portugal,2004[C]. Springer Verlag.
[146]Boichut Y., Heam P. C., Kouchnarenko O.,等.Improvements on the Genet and Klay Technique to Automatically Verify Security Protocols:Automated Verification of Infinite States Systems 2004,2004[C].
[147]Potlapally N. R., Ravi S., Raghunathan A.,等.Analyzing the energy consumption of security protocols: Proceedings of the 2003 International Symposium on Low Power Electronics and Design,2003. ISLPED '03. 2003[C].
[148]MERKLE R. C. A DIGITAL SIGNATURE BASED ON A CONVENTIONAL ENCRYPTION FUNCTION[J]. LECTURE NOTES IN COMPUTER SCIENCE,1988,293:369-378.
[149]RSA Laboratories, RSA Laboratories'Frequently Asked Questions About Today's Cryptography, V4.1 [M/OL]. http://www.rsa.com/rsalabs/node.asp?id=3120.