组密钥管理技术研究及其在IPSec VPN中的应用
|
摘要
近年来,安全可靠的组通信已成为研究领域的热点问题,尤其是在基于组的应用和合作领域,组安全通信越来越受到人们的关注。组安全通信的设计关键点在于如何在不可靠的网络环境维护组通信的机密性。数据加密是实现安全组通信的实际途径,即使是IP分组被泄露到整个网络,也能保证只有经过认证的用户才能解密组播数据。
在安全组通信中,数据发送者用组密钥来加密业务,并且组内每个成员都共享同样的组密钥用于解密数据。为了保证后向与前向机密性,在整个组播会话过程中,每当有用户加入或退出时都必须改变组密钥。这一过程称为密钥更新(Rekey),它保证了一个新加入的用户无法访问之前的组播数据,并且一个退出的用户无法继续解读在它离开之后组播的数据。这就是密钥管理问题,设计安全高效的密钥管理协议面临着许多挑战。其主要难点在于组的动态性,即组成员可以在任意时刻加入或退出组。
本文的研究主要包括组密钥管理的系统结构,动态对等组密钥协商和更新协议,在此基础上实现了一个组密钥管理系统并将其应用于IPSec VPN,实现网关组的安全关联。具体地说,本文的工作内容包括以下几个方面:
根据组密钥管理系统的密钥控制模型的差异,将其分为三类:集中式密钥分发,分散式密钥分发,对等密钥协商。其中基于对等组密钥协商的密钥管理系统具有以下特点:(1)组成员为平等关系,无逻辑或物理的层次关系,因此不存在性能和安全的瓶颈结点,没有单点失效问题,可用性高;(2)组密钥由组内各成员贡献的随机数生成,因此组密钥的随机性比其它两类系统更为健壮。该类密钥管理系统是本文研究的重点。现有的对等组密钥管理系统建立在组通信基础上,存在的结构复杂,效率低,鲁棒性低等问题,制约了组密钥管理系统的应用。本文针对IPSec VPN中组密钥管理的需求,提出了一种模块化对等组密钥管理结构,在可靠多播服务和基于中心节点的简单成员关系服务上建立组密钥协商。
安全性和协商效率是评价组密钥管理协议的关键指标,在保证相同安全性的基础上,如何提高协商效率是一个关键课题,对组密钥的应用具有现实意义。本文首先就安全性和协商效率两个指标对现有的动态对等组密钥管理协议进行系统的分析和比较。利用降低密钥协商的轮数、通信量和计算量作为提高协商效率的途径,提出了一系列的高效动态组密钥协商协议。该系列协议具有以下特点:(1)引入配对(Pairing)运算和基于身份的公钥基础设施(Identity Based
In recent years, the research on group communication has focused on the security and reliability of group communication. In particular, the fields of the application and cooperation based on group, the secure group communication has become more and more important. The confidentiality of communications is the key to design the secure group communication in unreliable networking environment. Data encryption is a practical means of achieving security group communications. Only authenticated user can be ensured to decrypt the multicast data, even if the data could be received by other users connected the multicast network.
In the security group communication, data was encrypted by the group key. Each group member shared the same key for decrypting data. To ensure forward and backward security, the group key has to be updated whenever members joining or leaving the group. This process is known as rekeying. It guarantees that the new joining members can not decrypt the data which encrypted the earlier group key. It also guarantees the leaved members can not decrypt the group data received after it leaved the group. This is major challenge to design a secure and effective key agreement protocol. The difficulty lies in the dynamic group that the members can join or leave a group at any time.
The structure of group key management system and dynamics group key agreement protocol was studied in this thesis. And this group key management system was implemented and it is applied to IPSec VPN. The group security association was implemented among VPN gateway. Specifically, this study includes the following contents:
According to the differences among key control models, the group key management could be divided into three categories: centralized model, distributed model and combined model. The dynamic distributed key management system has the following features. (1) Each member of the group is equal. So there is no performance and security bottleneck, no single point of failure with high availability. (2)The group Key is produced by the random numbers which were shared by all members. So the randomicity of the group key in this model was stronger than other models. Therefore, such group key management system is the focus of this thesis.
在安全组通信中,数据发送者用组密钥来加密业务,并且组内每个成员都共享同样的组密钥用于解密数据。为了保证后向与前向机密性,在整个组播会话过程中,每当有用户加入或退出时都必须改变组密钥。这一过程称为密钥更新(Rekey),它保证了一个新加入的用户无法访问之前的组播数据,并且一个退出的用户无法继续解读在它离开之后组播的数据。这就是密钥管理问题,设计安全高效的密钥管理协议面临着许多挑战。其主要难点在于组的动态性,即组成员可以在任意时刻加入或退出组。
本文的研究主要包括组密钥管理的系统结构,动态对等组密钥协商和更新协议,在此基础上实现了一个组密钥管理系统并将其应用于IPSec VPN,实现网关组的安全关联。具体地说,本文的工作内容包括以下几个方面:
根据组密钥管理系统的密钥控制模型的差异,将其分为三类:集中式密钥分发,分散式密钥分发,对等密钥协商。其中基于对等组密钥协商的密钥管理系统具有以下特点:(1)组成员为平等关系,无逻辑或物理的层次关系,因此不存在性能和安全的瓶颈结点,没有单点失效问题,可用性高;(2)组密钥由组内各成员贡献的随机数生成,因此组密钥的随机性比其它两类系统更为健壮。该类密钥管理系统是本文研究的重点。现有的对等组密钥管理系统建立在组通信基础上,存在的结构复杂,效率低,鲁棒性低等问题,制约了组密钥管理系统的应用。本文针对IPSec VPN中组密钥管理的需求,提出了一种模块化对等组密钥管理结构,在可靠多播服务和基于中心节点的简单成员关系服务上建立组密钥协商。
安全性和协商效率是评价组密钥管理协议的关键指标,在保证相同安全性的基础上,如何提高协商效率是一个关键课题,对组密钥的应用具有现实意义。本文首先就安全性和协商效率两个指标对现有的动态对等组密钥管理协议进行系统的分析和比较。利用降低密钥协商的轮数、通信量和计算量作为提高协商效率的途径,提出了一系列的高效动态组密钥协商协议。该系列协议具有以下特点:(1)引入配对(Pairing)运算和基于身份的公钥基础设施(Identity Based
In recent years, the research on group communication has focused on the security and reliability of group communication. In particular, the fields of the application and cooperation based on group, the secure group communication has become more and more important. The confidentiality of communications is the key to design the secure group communication in unreliable networking environment. Data encryption is a practical means of achieving security group communications. Only authenticated user can be ensured to decrypt the multicast data, even if the data could be received by other users connected the multicast network.
In the security group communication, data was encrypted by the group key. Each group member shared the same key for decrypting data. To ensure forward and backward security, the group key has to be updated whenever members joining or leaving the group. This process is known as rekeying. It guarantees that the new joining members can not decrypt the data which encrypted the earlier group key. It also guarantees the leaved members can not decrypt the group data received after it leaved the group. This is major challenge to design a secure and effective key agreement protocol. The difficulty lies in the dynamic group that the members can join or leave a group at any time.
The structure of group key management system and dynamics group key agreement protocol was studied in this thesis. And this group key management system was implemented and it is applied to IPSec VPN. The group security association was implemented among VPN gateway. Specifically, this study includes the following contents:
According to the differences among key control models, the group key management could be divided into three categories: centralized model, distributed model and combined model. The dynamic distributed key management system has the following features. (1) Each member of the group is equal. So there is no performance and security bottleneck, no single point of failure with high availability. (2)The group Key is produced by the random numbers which were shared by all members. So the randomicity of the group key in this model was stronger than other models. Therefore, such group key management system is the focus of this thesis.
引文
[1] G. Chaddoud, I. Chrisment and A. Schaff, Secure Multicasting Survey, in Proceedings of SEC2000, IFIP World Computer Congress 2000, Bejing, China, August 21-25, 2000.
[2] T. Hardjono, R. Canetti, M. Baugher and P. Dinsmore. Secure Muiticast: Problem Areas, Framework, and Building Blocks. Interact Engineering Task Force, October, 1999, draft-irtf-smug-framework-00, txt (Draft).
[3] G. Caronni, K. Waldvogel, D. sun, and H. Planner. "Efficient security for large and dynamic multicast groups", Proceedings Seventh IEEE International Workshop on Enabling Technologies Infrastucture for Collaborative Enterprises(WETICE'98), 376-383,1998
[4] Dinsmore.PT, Balenson D. M, Heyman et al. "Policy-based security management for large dynamic groups: An overview of the DCCM project", In Proc the DARPA Information Survivability Conference& Exposition, SC, USA, 64-73, 2000.
[5] G. Caronni, K. Waldvogel, D. sun, and B. Plattner. "The VersaKey framework: Versatile group key management." IEEE Journal on Selected Areas in Communications, 17(9), Sept. 1999.
[6] G. H. Chiou and W. T. Chen. "Secure broadcasting using the secure lock." IEEE Transaction on Software Engineering, 15(8): 929-934,1989
[7] F Du, L. M. Ni, and A. H. Esfahanian. "Towards solving multicast key management problem." ICCCN'99 Eighth International Conference on Computer Communications and Networks, Boston, MA, USA, 1999.
[8]C. K. Wong, M. Gouda, and S. S. Lam. "Secure group communications using key groups." SIGCOMM'98.Also University of Texas at Austin, Computer Science Technical report TR 97-23 pp. 68-79, December 1998.
[9]M. Steiner, G. Tsudik, and M. Waidner. "Cliques: A new approach to group key agreement." IEEE Transactions on Parallel and Distributed Systems, August 2000.
[10]Y Amir, G. Ateniese, D Hasse, et al. "Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments." IEEE ICDCS 330-343, 2000.
[11]M. Steiner, G.Tsudik, and M. Waidner. "Key agreement in dynamic peer groups." IEEE Transactions on Parallel and Distributed Systems, August 2000.
[12]M. Burmester and Y Desmedt. "Efficient and secure conference-key distribution security Protocols workshop." 119-129,1996.
[13]M. Burmester and Y Desmedt. "A secure and efficient conference key distribution system." Advances in Cryptology-EUROCRYPT'94, number 950 in Lecture Notes in Computer Science, 275-286. International Association for Cryptology Research, Springer-Verlag, Berlin Germany, 1995.
[14]Y. Kim, A. perrig, and G Tsudik. "Simple and fault-tolerant key agreement for dynamic collaborative group." In 7th ACM Conference on Computer and Communications Security. 235-244, Athens, Greece, Nov. 2000. ACM Press.
[15]Mittra S. "Iolus: A framework for scalable secure multicasting", In SIGCOMM Computer Communication Review, Volume 27, Issue 4. New York: Press, 277-288,1997.
[16] S. Kent, R. Atkinson, "Security Architecture for the Internet Protocol" RFC 2401. November 1998
[17]IP Authentication Header [S] .November 1998
[18].IP Encpsulating Security Paylod (ESP) [S].November 1998
[19]The Internet IP Security Domain of Interpretation for ISAKMP [S].November1998
[20] Maughhan, D., Schertler, M., Schneider, M., and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)" [S]. November 1998
[21]The Internet Key Exchange (IKE) [S].November 1998
[1] Cristina, Nita-Rotaru, High-Performance Secure Group Communication, PHD thesis 2003.
[2] J.Snoeyink,. S.Suri, G.Varghese. A Lower Bound for Multicast Key Distribution In Proceedings of IEEE Infocom 2001 .IEEE, April 2001.
[3] R.Canetti, J.Garay, G.Itkis, D.Micciancio, M.Naor, B. Pinkas. Multicast Security: A Taxonomy and Efficient Constructions. In Proceedings of IEEE Infocom 1999, volume 2, pages 708-716 IEEE, March 1999, New York.
[4] R. Canetti and B. Pinkas. A Taxonomy of multicast security issues, May 1998. Internet Engineering Task Force, August 2000. draf irtf-smug-taxonomy-01.txt.
[5] T. Hardjono, R. Canetti, M. Baugher and P. Dinsmore. Secure Multicast: Problem Areas, Framework, and Building Blocks. Internet Engineering Task Force, October, 1999, draft-irtf-smug-framework-00, txt (Draft)
[6] 徐明伟,董晓虎.组播密钥管理的研究进展,软件学报 2004-15-01
[7] Harney H, Muckenhirn C. Group key management protocol (GKMP) specification. RFC2093, 1997.
[8] Harney H, Muckenhirn C. Group key management protocol (GKMP) architecture. RFC2094, 1997.
[9] Setiner M, Taudik G, Waidnet.M. Cliques: A new approach to group key agreement Technical Report, RZ 2984, IBM Research, 1997.
[10] Diffie W, Hellman ME. New directions in cryptography. IEEE Trans, on Information Theory, 1976, IT-22 (6):644-654.
[11] Mittra S. Iolus: A framework for scalable secure multicasting. In: SIGCOMM Computer Communication Review, Volume 27, Issue 4. New York: Press, 1997. 277-288.
[12] Wallner D, Harder E, Agee R. Key management for multicast: Issues and architectures. RFC2627,1999.
[13] K. P. Birman and R. V. Renesse, Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, March 1994.
[14]Y. Amir, D. Dolev, S. Kramer, and D. Malki, Transis: A communication sub-system for high availability," Digest of Papers, The 22nd International Symposium on Fault-Tolerant Computing Systems, pp. 76-84, 1992.
[15]R. V. Renesse, K. Birman, and S. Ma_eis, Horus: A exible group communication system," Communications of the ACM, vol. 39, pp. 76-83, April 1996.
[16]Y. Amir, L. E. Moser, P. M. Mel liar-Smith, D. Agarwal, and P. Ciarfella, The Totem single ring ordering and membership protocol, " ACM Transactions on Computer Systems, vol. 13, pp. 311-342, November 1995.
[17]Y. Amir and J. Stanton, \The Spread wide area group communication system, " Tech. Rep. 98-4, Johns Hopkins University, Center of Networking and Distributed Systems, 1998.
[18]B. Whetten, T. Montgomery, and S. Kaplan, \A high performance totally ordered multicast protocol," in Theory and Practice in Distributed Systems, International Workshop, Lecture Notes in Computer Science, p. 938, September 1994.
[19]K. P. Birman and T. Joseph, Exploiting virtual synchrony in distributed systems, in 11th annual Symposium on Operating Systems Principles, pp. 123-138, November1987.
[20]L E. Moser, Y. Amir, P. M. Mel liar-Smith, and D. A. Agarwal, Extended virtual synchrony, in Proceedings of the IEEE 14th International Conference on Distributed Computing Systems, pp. 56-65, IEEE Computer Society Press, Los Alamitos, CA, June 1994.
[21]T. Anker, G. V. Chockler, D. Dolev, and I. Keidar, Scalable group membership services for novel applications, " in Proceedings of the workshop on Networks in Distributed Computing, 1998.
[22]I. Keidar, K. Marzullo, J. Sussman, and D. Dolev, A client-server oriented algorithm for virtually synchronous group membership in WANs, " in 20th International Conference on Distributed Computing Systems, pp. 356-365, April 2000.
[23]K. P. Kihlstrom, L. E. Moser, and P. M. Melliar-Smith, The SecureRing protocols for securing group communication," in Proceedings of the IEEE 31st Hawaii International Conference on System Sciences, vol. 3, (Kona, Hawaii), pp. 317-326, January 1998.
[24]O. Rodeh, K. Birman, and D. Dolev, The architecture and performance of security protocols in the Ensemble Group Communication System," ACM Transactions on Information and System Security, vol. 4, pp. 289-319, August 2001.
[25]M. K. Reiter, Secure agreement protocols: reliable and atomic group multicast in Rampart, " in Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 68-80, ACM, November 1994.
[26]T. Woo and S. Lam. Authorization in Distributed Systems: A New Approach, Journal of Computer Security, 2(2-3):107-136,1993.
[27]M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173. November 1996. Los Alamitos.
[28]L. Cholvy and F. Cuppens. Analyzing Consistancy of Security Policies. In 1997 IEEE Symposium on Security and Privacy, pages 103-112. IEEE, May 1997.0akland, CA.
[29]T. Woo and S. Lam. Designing a Distributed Authorization Service. In Proceedings of INFOCOM'98 .IEEE, San Francisco, March 1998.
[30]T. Ryutov and C. Neuman. Representation and Evaluation of Security Policies for Distributed System Services. In Proceedings of DARPA Information Survivability Conference and Exposition, pages 172-183. DARPA, Hilton Head, South Carolina, January 2000.
[31]J.Zao, L.Sanchez, et al. Domain Based Internet Security Policy Management. In Proceedings of DARPA Information Survuvability Conference and Exposition, pages 41-53. DARPA, Hilton Head, South Carolina, .Tanuary 2000.D. C. Blight and T. Hamada. Policy-Based Networking Architecture for QoS Interworking in IP Management. In Proceedings of Integrated network management VI, Distributed Management for the Networked Millennium, pages 811 -826. IEEE, 1999.
[32]A. Westerinen, J. Schnizlein, J. et al. Terminology for Policy-Based Management".RFC3198. November 2001.
[33]H. Harney, U. Meth, A. Colegrove, G. Gross. GSAKMP. Internet Engineering Task Force, February 2004, draft-ietf-msec-gsakmp-sec-05.txt
[35]H. Harney, A. Colegrove, and P. McDaniel. Principles of Policy in Secure Groups. In Proceedings of Network and Distributed Systems Security 2001, Internet Society, February 2001. URL http://www.eecs.umich.edu/pdmcdan/docs/ndss01.pdf.
[36]S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. Internet Engineering Task Force, November 1998. RFC 2401.
[37]T.Hardjono, H.Harney, P.McDaniel, A.Colgrove, P.Dinsmore. Group Security Policy Token, draft-ietf-msec-gspt-O0.txt, September 2001.
[38]P. McDaniel, and A. Prakash. Methods and Limitations of Security Policy Reconciliation. 2002 IEEE Symposium on Security and Privacy, IEEE, MAY 2002. Oakland, California.
[39]H. B. Wang, S. Jha, P. D. McDaniel, M. Livny, Security Policy Reconciliation in Distributed Computing Environments, IEEE 5th International Workshop on Policies for Distributed Systems and Networks. June 7-9, 2004 IBM Thomas J Watson Research Center, Yorktown Heights, New York
[40]L. Sanchez and M. Condell. Security Policy System (Draft).Internet Engineering Task Force, November 1998. draft-ietf-ipsec-sps.txt.
[41]M. Baugher, T. Hardjono, H. Harney, and B. Weis. Domain of Interpretation for ISAKMP (Draft).Internet Engineering Task Force, February 2001. Draft-ietf-msec-gdoi-00. txt.
[42]P.Dinsmore, D. Balenson, M. Heyman, P. Kruus, C.Scace, and A.Sherman. Policy-Based Security Management for Large Dynamic Groups: A Overview of the DCCM Project. In Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX'00), pages 64-73. DARPA, January 2000. Hilton Head, S. C.
[43]M. Stevens, W. Weiss, et al.. Policy Framework (Draft). Internet Engineering Task Force, September 1999. draft-ietf-policy-framework-00.txt.
[44]F.Cristian. Reaching Agreement on Processor Group Membership in Synchronous Distributed Systems. Research Report TJ5964,IBM Almaden Research Center, Mar 1988.
[45]S. Mishra, L. Peterson, and R. D. Schlichting. A Membership Protocol Based on Partial Order. In Proceedings of International Working Conference on Dependable Computing far Critical Applications, Feb 1991.
[46]Y.Amir, D.Dolev, S.Kramer, and Dmalki. Membership Algorithms for Multicast Communication Groups. In 6th Int. Workshop on Distributed Algorithms, pp.292-312. Springer-Verlag, Nov 1992.
[47]R.Rajkumar, S.Fakhouri, and F.Jahanian. Processor Group Membership Protocols: Specifiction, Design, and Implementation. In Proceedings of the 12th Symposium on Reliable Distributed System, (Princeton, NJ), pages 2-11, Oct 1993.
[48]Matti A. Hiltunen and Richard D. Schlichting. A Configurable Membership Service. IEEE Transactions on Computers, vol. 47, no. 5, pp. 573-586, May1998.
[49]K. Birman and T. Joseph. Reliable Communication in the Presence of Failures. ACM Transactions on Computer Systems, 5(1):47-76, Feb 1987.
[50]P. McDaniel and A. Prakash. Lightweight Failure Detection in Secure Group Communication. Technical Report CSE-TR-428-00, Electrical Engineering and Computer Science, University of Michigan, June 2000.
[51]O. Babaoglu, R. Davoli, and A. Montresor. Failure Detectors, Group membership and View Synchronous Communication in Partionable Asynchronous Systems. Tech. Rep. UCBLCS-95-18, Department of Computer Sciences, University of Bologna, Nov 1995.
[52]W. Vogels. World wide failures. In Proc. of the 7th ACM SIGOPS Workshop, 1996.
[53]M. Reiter. Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart. In Proceedings of 2nd ACM Conference on Computer and Communications Security, pages 68-80. ACM, November 1994.
[54]D. Dolev and D. Malki. "The Transis Approach to High Availibility Cluster Communication. Communications of the ACM, 39(4), April 1996.
[55]O. Rodeh, K. Virman, M. Hayden, Z. Xiao, and D. Dolev. Ensemble Security. Technical Report TR98-1703, Cornell University, September 1998.
[56]Matti A. Hiltunen and Richard D. Schlichting. Understanding Membership. Technical Report TR95-07, Department of Computer Science, University of Arizona, Jul 1995.
[57]曾韵,组成员管理的研究与实现,硕士学位论文, 2002
[58]V. Roca, A. ESayed. A Host-based Multicast (HBM) Solution for Group Communication, in IEEE International Conference on Networking, Colmar, France, July, 2001.
[59]D. Pendarakis, S. Shi, D. Verma, M. Waldvogel. ALMI: An application level multicast infrastructure, in 3rd USENIX Symposium on Internet Technologies and Systems, Washington University, St. Louis,2001.
[60]Y.h. Chawathe, S.G. Rao, H. Zhang. A case for end system multicast, in ACM SIGMETRICS, June 2000.
[61]Yh. Chawathe, S.G. Rao, S. Seshan, H. Zhang. Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture, in Proceedings of ACM SIGCOMM, August 2001.
[62]Y. Chawathe, Scattercast: An architecture for Internet broadcast distribution as an infrastructure service, University of California at Berkeley, September 2000.
[63]J. Liebeherr, M. Nahas, W Si. Application-layer multicast with delaunay triangulations., in IEEE Global Internet Symposium (Globecom'01), 2001.
[64]J. Liebeherr, M. Nahas, W Si, Application-Layer multicasting with delaunay triangulation overlays, IEEE Journal on Selected Areas in Communications, 20(&), October 2002.
[65]S. Ratnasamy, M. Handley, R.i. Karp, S. Shenker. Application-multicast using content-addressable networks, in Third International Workshop Networked Group Communication (NGC 2001), London, UK, November 2001.
[66]S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker. A Scalable Content-Addressable Network, in SIGCOMM'O1, August 2001.
[67]S. Q.Zhuang, B. YZhao, A.D. Joseph, R.H. Katz, J.D. Kubiatowicz. Bayeux: An architecture for scalable and fault-tolerant wide-area data dissemination, in In 11~(th) International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV 2001), June 2001.
[68]S. Banerjee, B. Bhattacharjee. C. Kommareddy. Scalable application layer multicast, in Proceedings of ACM SIGCOMM'02, Pittsburgh, USA, August 2002.
[69]D.A. Tran, K.A. Hua, T.T. Do. Zigzag: An efficient peer-to-peer scheme for media streaming, in IEEE INFOCOM'03, April 2003.
[1]Miller. V. Uses of elliptic curves in cryptography. Advances in Cryptology, CRYPTO'85, Lecture Notes in Computer Science Springer-Verlag, 1986, 218: 417-426
[2]Koblitz. N. Elliptic curve crypto systems Mathematics of Computation. 1987, 48: 203-209.
[3]Diffie, W., Hellman, M. E. New Directions in Cryptography, IEEE Trans. Informal. Theory, Vol. IT 22, pp. 644-654, Nov. 1976
[4]ElGamal, T. A Public Key Cryptosystem and Signature Scheme Base on Discrete Logarithm, IEEE Trans on Information Theory, Vol. 31, pp. 469-472, 1985.
[5]A. Joux, A one round protocol for tripartite Diffe-Hellman. In W.Bosma, editor, Proceedings of Algorithm Number Theory Symposium. ANTS 以volume 1838 of LNCS, pages 385-394. Springer- Verlag, 2002
[6] STEINER, M., TSUDIK, G, AND WAIDNER, M.. Diffie-Hellman key distribution extended to group communication. In SIGSAC Proceedings of the 3rd ACM Conference on Computer and Communications Security. (New Delhi, India, Mar.). ACM, New York, pp. 31 - 37. 1996
[7]M. Burmester and Y. Desmedt. A Secure and Efficient Conference Key Distribution System. In proceedings of Eurocrypt 1994, LNCS 950, pp. 275-286, Springer-Verlag, 1995.
[8]Y. Kim, A. perrig, and G Tsudik. Simple and fault-tolerant key agreement for dynamic collaborative group. In S. Jajodia, editor, 7~(th) ACM Conference on Computer and Communications Security, pp.235-244, Athens, Greece, Nov. 2000. ACM Press.
[9]Y Kim, A. Perrig, and C.Tsudik. Communication efficient group key agreement. In Information Systems Security. Proceedings of the 17~(th) International Security Conference IFIP SEC'Ol, 2001.
[10] Sangwon Lee, Yongdae Kim, Kwangjo Kim, Dae-Hyun Ryu: An Efficient Tree-Based Group Key Agreement Using Bilinear Map. ACNS 2003: 357-371
[11] C. Boyd and J. M. G. Nieto. Round-optimal Contributory Conference Key Agreement. In proceedings of PKC 2003, LNCS 2567, pp. 161-174, Springer-Verlag, 2003.
[12] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval. Mutual Authentication and Group Key Agreement for Low-power Mobile Devices. Computer Communication, 27(17), pp. 1730-1737, 2004. A preliminary version appeared in proceedings of the 5th IFIP-TC6/IEEE ,MWCN 2003, pp. 59-62, 2003. Full version available at http://www.di.ens.fr/ bresson.
[13]J. Nam, S. Kim and D. Won. Attacks on Bresson-Chevassut-Essiari-Pointcheval's Group Key Agreement Scheme for Low-Power Mobile Devices. Available at http://eprint.iacr.org/2004/251.
[14] J. Nam, S. Kim, S. Kim and D.Won. Provably-Secure and Communication-Efficient Scheme for Dynamic Group Key Exchange. Available at http://eprint.iacr.Org/2004/115.
[15] H. J. Kim, S. M. Lee and D. H. Lee. Constant-Round Authenticated Group Key Exchange for Dynamic Groups. In proceedings of Asiacrypt 2004, LNCS 3329, pp. 245-259, Sringer-Verlag, 2004.
[16]DU Xin-jun, WANG Y, GE J. ID-based authenticated two round multi-party key agreement [R/OL]. [2004-01-18].http://eprint.iacr.org/2003/247.
[17] Kyu Young Choi, Jung Yeon Hwang, and Dong Hoon Lee. Efficient ID-based Group Key Agreement with Bilinear Maps. PKC 2004, LNCS 2947, pp. 130 - 144, 2004.
[18]C. Becker and U. Welle. Communication complexity of group key distribution." In 5th ACM Conference on Computer and Communications Security, November 1998.
[19]Dan Boneh and Alice Silverberg. "Applications of multilinear forms to cryptography." To appear in Contemporary Mathematics, American Mathematical Society.
[20]SAKAI R, OHGISHI K, KASAHARA M. Cryptosystems based on pairing [C]// In Proceedings of Symposium on Cryptography and information Security (SCIS 2000). Okinawa, Japan: IEEE, 2000: 26-28.
[21] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval. Mutual Authentication and Group Key Agreement for Low-Power Mobile Devices. In The Fifth IEEE International Conference on Mobile and Wireless Communications Networks, 2003.
[22] Hyun-Jeong Kim, Su-Mi Lee, and Dong Hoon Lee. Constant-Round Authenticated Group Key Exchange for Dynamic Groups. ASIACRYPT 2004, LNCS 3329, pp. 245-259,2004.
[23] PBC library v0.4.2, Standford University, http://crvpto.stanford.edu/pbc
[24]MIRACL library v5.20, Shamus software Ltd, http://indigo.ie/~mscott/
[1] 蒋晓宁等,“高速VPN网关概要设计”,2005,杭州信雅达股份有限公司内部资料。
[2] 蒋晓宁等,“VPN集中管理服务器概要设计”,2006,杭州信雅达股份有限公司内部资料.
[2] T. Hardjono, R. Canetti, M. Baugher and P. Dinsmore. Secure Muiticast: Problem Areas, Framework, and Building Blocks. Interact Engineering Task Force, October, 1999, draft-irtf-smug-framework-00, txt (Draft).
[3] G. Caronni, K. Waldvogel, D. sun, and H. Planner. "Efficient security for large and dynamic multicast groups", Proceedings Seventh IEEE International Workshop on Enabling Technologies Infrastucture for Collaborative Enterprises(WETICE'98), 376-383,1998
[4] Dinsmore.PT, Balenson D. M, Heyman et al. "Policy-based security management for large dynamic groups: An overview of the DCCM project", In Proc the DARPA Information Survivability Conference& Exposition, SC, USA, 64-73, 2000.
[5] G. Caronni, K. Waldvogel, D. sun, and B. Plattner. "The VersaKey framework: Versatile group key management." IEEE Journal on Selected Areas in Communications, 17(9), Sept. 1999.
[6] G. H. Chiou and W. T. Chen. "Secure broadcasting using the secure lock." IEEE Transaction on Software Engineering, 15(8): 929-934,1989
[7] F Du, L. M. Ni, and A. H. Esfahanian. "Towards solving multicast key management problem." ICCCN'99 Eighth International Conference on Computer Communications and Networks, Boston, MA, USA, 1999.
[8]C. K. Wong, M. Gouda, and S. S. Lam. "Secure group communications using key groups." SIGCOMM'98.Also University of Texas at Austin, Computer Science Technical report TR 97-23 pp. 68-79, December 1998.
[9]M. Steiner, G. Tsudik, and M. Waidner. "Cliques: A new approach to group key agreement." IEEE Transactions on Parallel and Distributed Systems, August 2000.
[10]Y Amir, G. Ateniese, D Hasse, et al. "Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments." IEEE ICDCS 330-343, 2000.
[11]M. Steiner, G.Tsudik, and M. Waidner. "Key agreement in dynamic peer groups." IEEE Transactions on Parallel and Distributed Systems, August 2000.
[12]M. Burmester and Y Desmedt. "Efficient and secure conference-key distribution security Protocols workshop." 119-129,1996.
[13]M. Burmester and Y Desmedt. "A secure and efficient conference key distribution system." Advances in Cryptology-EUROCRYPT'94, number 950 in Lecture Notes in Computer Science, 275-286. International Association for Cryptology Research, Springer-Verlag, Berlin Germany, 1995.
[14]Y. Kim, A. perrig, and G Tsudik. "Simple and fault-tolerant key agreement for dynamic collaborative group." In 7th ACM Conference on Computer and Communications Security. 235-244, Athens, Greece, Nov. 2000. ACM Press.
[15]Mittra S. "Iolus: A framework for scalable secure multicasting", In SIGCOMM Computer Communication Review, Volume 27, Issue 4. New York: Press, 277-288,1997.
[16] S. Kent, R. Atkinson, "Security Architecture for the Internet Protocol" RFC 2401. November 1998
[17]IP Authentication Header [S] .November 1998
[18].IP Encpsulating Security Paylod (ESP) [S].November 1998
[19]The Internet IP Security Domain of Interpretation for ISAKMP [S].November1998
[20] Maughhan, D., Schertler, M., Schneider, M., and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)" [S]. November 1998
[21]The Internet Key Exchange (IKE) [S].November 1998
[1] Cristina, Nita-Rotaru, High-Performance Secure Group Communication, PHD thesis 2003.
[2] J.Snoeyink,. S.Suri, G.Varghese. A Lower Bound for Multicast Key Distribution In Proceedings of IEEE Infocom 2001 .IEEE, April 2001.
[3] R.Canetti, J.Garay, G.Itkis, D.Micciancio, M.Naor, B. Pinkas. Multicast Security: A Taxonomy and Efficient Constructions. In Proceedings of IEEE Infocom 1999, volume 2, pages 708-716 IEEE, March 1999, New York.
[4] R. Canetti and B. Pinkas. A Taxonomy of multicast security issues, May 1998. Internet Engineering Task Force, August 2000. draf irtf-smug-taxonomy-01.txt.
[5] T. Hardjono, R. Canetti, M. Baugher and P. Dinsmore. Secure Multicast: Problem Areas, Framework, and Building Blocks. Internet Engineering Task Force, October, 1999, draft-irtf-smug-framework-00, txt (Draft)
[6] 徐明伟,董晓虎.组播密钥管理的研究进展,软件学报 2004-15-01
[7] Harney H, Muckenhirn C. Group key management protocol (GKMP) specification. RFC2093, 1997.
[8] Harney H, Muckenhirn C. Group key management protocol (GKMP) architecture. RFC2094, 1997.
[9] Setiner M, Taudik G, Waidnet.M. Cliques: A new approach to group key agreement Technical Report, RZ 2984, IBM Research, 1997.
[10] Diffie W, Hellman ME. New directions in cryptography. IEEE Trans, on Information Theory, 1976, IT-22 (6):644-654.
[11] Mittra S. Iolus: A framework for scalable secure multicasting. In: SIGCOMM Computer Communication Review, Volume 27, Issue 4. New York: Press, 1997. 277-288.
[12] Wallner D, Harder E, Agee R. Key management for multicast: Issues and architectures. RFC2627,1999.
[13] K. P. Birman and R. V. Renesse, Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, March 1994.
[14]Y. Amir, D. Dolev, S. Kramer, and D. Malki, Transis: A communication sub-system for high availability," Digest of Papers, The 22nd International Symposium on Fault-Tolerant Computing Systems, pp. 76-84, 1992.
[15]R. V. Renesse, K. Birman, and S. Ma_eis, Horus: A exible group communication system," Communications of the ACM, vol. 39, pp. 76-83, April 1996.
[16]Y. Amir, L. E. Moser, P. M. Mel liar-Smith, D. Agarwal, and P. Ciarfella, The Totem single ring ordering and membership protocol, " ACM Transactions on Computer Systems, vol. 13, pp. 311-342, November 1995.
[17]Y. Amir and J. Stanton, \The Spread wide area group communication system, " Tech. Rep. 98-4, Johns Hopkins University, Center of Networking and Distributed Systems, 1998.
[18]B. Whetten, T. Montgomery, and S. Kaplan, \A high performance totally ordered multicast protocol," in Theory and Practice in Distributed Systems, International Workshop, Lecture Notes in Computer Science, p. 938, September 1994.
[19]K. P. Birman and T. Joseph, Exploiting virtual synchrony in distributed systems, in 11th annual Symposium on Operating Systems Principles, pp. 123-138, November1987.
[20]L E. Moser, Y. Amir, P. M. Mel liar-Smith, and D. A. Agarwal, Extended virtual synchrony, in Proceedings of the IEEE 14th International Conference on Distributed Computing Systems, pp. 56-65, IEEE Computer Society Press, Los Alamitos, CA, June 1994.
[21]T. Anker, G. V. Chockler, D. Dolev, and I. Keidar, Scalable group membership services for novel applications, " in Proceedings of the workshop on Networks in Distributed Computing, 1998.
[22]I. Keidar, K. Marzullo, J. Sussman, and D. Dolev, A client-server oriented algorithm for virtually synchronous group membership in WANs, " in 20th International Conference on Distributed Computing Systems, pp. 356-365, April 2000.
[23]K. P. Kihlstrom, L. E. Moser, and P. M. Melliar-Smith, The SecureRing protocols for securing group communication," in Proceedings of the IEEE 31st Hawaii International Conference on System Sciences, vol. 3, (Kona, Hawaii), pp. 317-326, January 1998.
[24]O. Rodeh, K. Birman, and D. Dolev, The architecture and performance of security protocols in the Ensemble Group Communication System," ACM Transactions on Information and System Security, vol. 4, pp. 289-319, August 2001.
[25]M. K. Reiter, Secure agreement protocols: reliable and atomic group multicast in Rampart, " in Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 68-80, ACM, November 1994.
[26]T. Woo and S. Lam. Authorization in Distributed Systems: A New Approach, Journal of Computer Security, 2(2-3):107-136,1993.
[27]M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 164-173. November 1996. Los Alamitos.
[28]L. Cholvy and F. Cuppens. Analyzing Consistancy of Security Policies. In 1997 IEEE Symposium on Security and Privacy, pages 103-112. IEEE, May 1997.0akland, CA.
[29]T. Woo and S. Lam. Designing a Distributed Authorization Service. In Proceedings of INFOCOM'98 .IEEE, San Francisco, March 1998.
[30]T. Ryutov and C. Neuman. Representation and Evaluation of Security Policies for Distributed System Services. In Proceedings of DARPA Information Survivability Conference and Exposition, pages 172-183. DARPA, Hilton Head, South Carolina, January 2000.
[31]J.Zao, L.Sanchez, et al. Domain Based Internet Security Policy Management. In Proceedings of DARPA Information Survuvability Conference and Exposition, pages 41-53. DARPA, Hilton Head, South Carolina, .Tanuary 2000.D. C. Blight and T. Hamada. Policy-Based Networking Architecture for QoS Interworking in IP Management. In Proceedings of Integrated network management VI, Distributed Management for the Networked Millennium, pages 811 -826. IEEE, 1999.
[32]A. Westerinen, J. Schnizlein, J. et al. Terminology for Policy-Based Management".RFC3198. November 2001.
[33]H. Harney, U. Meth, A. Colegrove, G. Gross. GSAKMP. Internet Engineering Task Force, February 2004, draft-ietf-msec-gsakmp-sec-05.txt
[35]H. Harney, A. Colegrove, and P. McDaniel. Principles of Policy in Secure Groups. In Proceedings of Network and Distributed Systems Security 2001, Internet Society, February 2001. URL http://www.eecs.umich.edu/pdmcdan/docs/ndss01.pdf.
[36]S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. Internet Engineering Task Force, November 1998. RFC 2401.
[37]T.Hardjono, H.Harney, P.McDaniel, A.Colgrove, P.Dinsmore. Group Security Policy Token, draft-ietf-msec-gspt-O0.txt, September 2001.
[38]P. McDaniel, and A. Prakash. Methods and Limitations of Security Policy Reconciliation. 2002 IEEE Symposium on Security and Privacy, IEEE, MAY 2002. Oakland, California.
[39]H. B. Wang, S. Jha, P. D. McDaniel, M. Livny, Security Policy Reconciliation in Distributed Computing Environments, IEEE 5th International Workshop on Policies for Distributed Systems and Networks. June 7-9, 2004 IBM Thomas J Watson Research Center, Yorktown Heights, New York
[40]L. Sanchez and M. Condell. Security Policy System (Draft).Internet Engineering Task Force, November 1998. draft-ietf-ipsec-sps.txt.
[41]M. Baugher, T. Hardjono, H. Harney, and B. Weis. Domain of Interpretation for ISAKMP (Draft).Internet Engineering Task Force, February 2001. Draft-ietf-msec-gdoi-00. txt.
[42]P.Dinsmore, D. Balenson, M. Heyman, P. Kruus, C.Scace, and A.Sherman. Policy-Based Security Management for Large Dynamic Groups: A Overview of the DCCM Project. In Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX'00), pages 64-73. DARPA, January 2000. Hilton Head, S. C.
[43]M. Stevens, W. Weiss, et al.. Policy Framework (Draft). Internet Engineering Task Force, September 1999. draft-ietf-policy-framework-00.txt.
[44]F.Cristian. Reaching Agreement on Processor Group Membership in Synchronous Distributed Systems. Research Report TJ5964,IBM Almaden Research Center, Mar 1988.
[45]S. Mishra, L. Peterson, and R. D. Schlichting. A Membership Protocol Based on Partial Order. In Proceedings of International Working Conference on Dependable Computing far Critical Applications, Feb 1991.
[46]Y.Amir, D.Dolev, S.Kramer, and Dmalki. Membership Algorithms for Multicast Communication Groups. In 6th Int. Workshop on Distributed Algorithms, pp.292-312. Springer-Verlag, Nov 1992.
[47]R.Rajkumar, S.Fakhouri, and F.Jahanian. Processor Group Membership Protocols: Specifiction, Design, and Implementation. In Proceedings of the 12th Symposium on Reliable Distributed System, (Princeton, NJ), pages 2-11, Oct 1993.
[48]Matti A. Hiltunen and Richard D. Schlichting. A Configurable Membership Service. IEEE Transactions on Computers, vol. 47, no. 5, pp. 573-586, May1998.
[49]K. Birman and T. Joseph. Reliable Communication in the Presence of Failures. ACM Transactions on Computer Systems, 5(1):47-76, Feb 1987.
[50]P. McDaniel and A. Prakash. Lightweight Failure Detection in Secure Group Communication. Technical Report CSE-TR-428-00, Electrical Engineering and Computer Science, University of Michigan, June 2000.
[51]O. Babaoglu, R. Davoli, and A. Montresor. Failure Detectors, Group membership and View Synchronous Communication in Partionable Asynchronous Systems. Tech. Rep. UCBLCS-95-18, Department of Computer Sciences, University of Bologna, Nov 1995.
[52]W. Vogels. World wide failures. In Proc. of the 7th ACM SIGOPS Workshop, 1996.
[53]M. Reiter. Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart. In Proceedings of 2nd ACM Conference on Computer and Communications Security, pages 68-80. ACM, November 1994.
[54]D. Dolev and D. Malki. "The Transis Approach to High Availibility Cluster Communication. Communications of the ACM, 39(4), April 1996.
[55]O. Rodeh, K. Virman, M. Hayden, Z. Xiao, and D. Dolev. Ensemble Security. Technical Report TR98-1703, Cornell University, September 1998.
[56]Matti A. Hiltunen and Richard D. Schlichting. Understanding Membership. Technical Report TR95-07, Department of Computer Science, University of Arizona, Jul 1995.
[57]曾韵,组成员管理的研究与实现,硕士学位论文, 2002
[58]V. Roca, A. ESayed. A Host-based Multicast (HBM) Solution for Group Communication, in IEEE International Conference on Networking, Colmar, France, July, 2001.
[59]D. Pendarakis, S. Shi, D. Verma, M. Waldvogel. ALMI: An application level multicast infrastructure, in 3rd USENIX Symposium on Internet Technologies and Systems, Washington University, St. Louis,2001.
[60]Y.h. Chawathe, S.G. Rao, H. Zhang. A case for end system multicast, in ACM SIGMETRICS, June 2000.
[61]Yh. Chawathe, S.G. Rao, S. Seshan, H. Zhang. Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture, in Proceedings of ACM SIGCOMM, August 2001.
[62]Y. Chawathe, Scattercast: An architecture for Internet broadcast distribution as an infrastructure service, University of California at Berkeley, September 2000.
[63]J. Liebeherr, M. Nahas, W Si. Application-layer multicast with delaunay triangulations., in IEEE Global Internet Symposium (Globecom'01), 2001.
[64]J. Liebeherr, M. Nahas, W Si, Application-Layer multicasting with delaunay triangulation overlays, IEEE Journal on Selected Areas in Communications, 20(&), October 2002.
[65]S. Ratnasamy, M. Handley, R.i. Karp, S. Shenker. Application-multicast using content-addressable networks, in Third International Workshop Networked Group Communication (NGC 2001), London, UK, November 2001.
[66]S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker. A Scalable Content-Addressable Network, in SIGCOMM'O1, August 2001.
[67]S. Q.Zhuang, B. YZhao, A.D. Joseph, R.H. Katz, J.D. Kubiatowicz. Bayeux: An architecture for scalable and fault-tolerant wide-area data dissemination, in In 11~(th) International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV 2001), June 2001.
[68]S. Banerjee, B. Bhattacharjee. C. Kommareddy. Scalable application layer multicast, in Proceedings of ACM SIGCOMM'02, Pittsburgh, USA, August 2002.
[69]D.A. Tran, K.A. Hua, T.T. Do. Zigzag: An efficient peer-to-peer scheme for media streaming, in IEEE INFOCOM'03, April 2003.
[1]Miller. V. Uses of elliptic curves in cryptography. Advances in Cryptology, CRYPTO'85, Lecture Notes in Computer Science Springer-Verlag, 1986, 218: 417-426
[2]Koblitz. N. Elliptic curve crypto systems Mathematics of Computation. 1987, 48: 203-209.
[3]Diffie, W., Hellman, M. E. New Directions in Cryptography, IEEE Trans. Informal. Theory, Vol. IT 22, pp. 644-654, Nov. 1976
[4]ElGamal, T. A Public Key Cryptosystem and Signature Scheme Base on Discrete Logarithm, IEEE Trans on Information Theory, Vol. 31, pp. 469-472, 1985.
[5]A. Joux, A one round protocol for tripartite Diffe-Hellman. In W.Bosma, editor, Proceedings of Algorithm Number Theory Symposium. ANTS 以volume 1838 of LNCS, pages 385-394. Springer- Verlag, 2002
[6] STEINER, M., TSUDIK, G, AND WAIDNER, M.. Diffie-Hellman key distribution extended to group communication. In SIGSAC Proceedings of the 3rd ACM Conference on Computer and Communications Security. (New Delhi, India, Mar.). ACM, New York, pp. 31 - 37. 1996
[7]M. Burmester and Y. Desmedt. A Secure and Efficient Conference Key Distribution System. In proceedings of Eurocrypt 1994, LNCS 950, pp. 275-286, Springer-Verlag, 1995.
[8]Y. Kim, A. perrig, and G Tsudik. Simple and fault-tolerant key agreement for dynamic collaborative group. In S. Jajodia, editor, 7~(th) ACM Conference on Computer and Communications Security, pp.235-244, Athens, Greece, Nov. 2000. ACM Press.
[9]Y Kim, A. Perrig, and C.Tsudik. Communication efficient group key agreement. In Information Systems Security. Proceedings of the 17~(th) International Security Conference IFIP SEC'Ol, 2001.
[10] Sangwon Lee, Yongdae Kim, Kwangjo Kim, Dae-Hyun Ryu: An Efficient Tree-Based Group Key Agreement Using Bilinear Map. ACNS 2003: 357-371
[11] C. Boyd and J. M. G. Nieto. Round-optimal Contributory Conference Key Agreement. In proceedings of PKC 2003, LNCS 2567, pp. 161-174, Springer-Verlag, 2003.
[12] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval. Mutual Authentication and Group Key Agreement for Low-power Mobile Devices. Computer Communication, 27(17), pp. 1730-1737, 2004. A preliminary version appeared in proceedings of the 5th IFIP-TC6/IEEE ,MWCN 2003, pp. 59-62, 2003. Full version available at http://www.di.ens.fr/ bresson.
[13]J. Nam, S. Kim and D. Won. Attacks on Bresson-Chevassut-Essiari-Pointcheval's Group Key Agreement Scheme for Low-Power Mobile Devices. Available at http://eprint.iacr.org/2004/251.
[14] J. Nam, S. Kim, S. Kim and D.Won. Provably-Secure and Communication-Efficient Scheme for Dynamic Group Key Exchange. Available at http://eprint.iacr.Org/2004/115.
[15] H. J. Kim, S. M. Lee and D. H. Lee. Constant-Round Authenticated Group Key Exchange for Dynamic Groups. In proceedings of Asiacrypt 2004, LNCS 3329, pp. 245-259, Sringer-Verlag, 2004.
[16]DU Xin-jun, WANG Y, GE J. ID-based authenticated two round multi-party key agreement [R/OL]. [2004-01-18].http://eprint.iacr.org/2003/247.
[17] Kyu Young Choi, Jung Yeon Hwang, and Dong Hoon Lee. Efficient ID-based Group Key Agreement with Bilinear Maps. PKC 2004, LNCS 2947, pp. 130 - 144, 2004.
[18]C. Becker and U. Welle. Communication complexity of group key distribution." In 5th ACM Conference on Computer and Communications Security, November 1998.
[19]Dan Boneh and Alice Silverberg. "Applications of multilinear forms to cryptography." To appear in Contemporary Mathematics, American Mathematical Society.
[20]SAKAI R, OHGISHI K, KASAHARA M. Cryptosystems based on pairing [C]// In Proceedings of Symposium on Cryptography and information Security (SCIS 2000). Okinawa, Japan: IEEE, 2000: 26-28.
[21] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval. Mutual Authentication and Group Key Agreement for Low-Power Mobile Devices. In The Fifth IEEE International Conference on Mobile and Wireless Communications Networks, 2003.
[22] Hyun-Jeong Kim, Su-Mi Lee, and Dong Hoon Lee. Constant-Round Authenticated Group Key Exchange for Dynamic Groups. ASIACRYPT 2004, LNCS 3329, pp. 245-259,2004.
[23] PBC library v0.4.2, Standford University, http://crvpto.stanford.edu/pbc
[24]MIRACL library v5.20, Shamus software Ltd, http://indigo.ie/~mscott/
[1] 蒋晓宁等,“高速VPN网关概要设计”,2005,杭州信雅达股份有限公司内部资料。
[2] 蒋晓宁等,“VPN集中管理服务器概要设计”,2006,杭州信雅达股份有限公司内部资料.