空间信息网公钥安全技术研究
|
摘要
随着通信技术的快速发展和用户需求的不断提高,各种新型的网络不断涌现,其中空间信息网已经成为近年来的研究热点。空间信息网是以卫星网络作为骨干网络,包含具有空间通信能力的各类航天设备、航空设备以及相关地面设备所组成的异构式网络体系。由于空间通信的开放性,空间信息网的节点很容易遭受到各种类型的攻击,因此需要建立合适的安全机制以保证空间信息网的通信安全。
目前空间信息网还没有成熟的公钥安全架构,本文针对这一问题,就空间信息网的公钥证书管理体制、CA架构形式、证书撤销机制以及访问控制等具有重要地位的公钥安全技术进行了研究,取得了以下主要成果。
1、研究了空间信息网的体系结构。分析了组成空间信息网的不同节点的特点,提出了一种分层式的体系结构。其中卫星网络作为骨干网承担主要的数据处理与通信任务,其余航天、航空设备以及地面用户作为网络的接入节点。
2、研究了空间信息网基于证书的公钥安全机制。针对分层式的空间信息网体系结构,提出了一种分层混合式的证书管理方案。其中网络的核心卫星层采用分布式CA对节点证书进行管理以提高核心网络的安全性,而接入节点层则采用集中式CA以实现节点可靠和有效的接入。该方案将空间信息网的安全划分为不同的层次,有效地提高了网络的抗毁性,还可以随着网络规模的扩大而方便的接入更多的节点,具有良好的可扩展性。
3、研究了安全性更高的分布式CA模型。针对现有分布式CA模型中存在的安全隐患,提出了一种自适应分布式的CA模型。该模型中保管CA私钥的管理者节点不再是传统模型中的静态选择,而是随着网络运行由全体节点动态的进行选择。为节点引入信用值的概念,信用值随着网络中节点之间发起的有效的指控信息而改变,其中信用值最高的n个节点将自动成为CA私钥的管理者。该模型可以有效地防止攻击者获取证书管理权限,用于空间信息网的核心卫星层能够提高整个网络的安全性。
4、研究了分布式的证书撤销机制。针对空间信息网的特点,提出了一种高效的分布式证书撤销机制。该机制基于自适应分布式CA模型中的节点监督与指控,引入撤销份额以标识节点证书是否被撤销。该机制中节点之间只需要较少的数据通信,有效地降低了通信负载,比较适合于空间信息网高时延的场合。理论分析和仿真实验表明,本文给出的机制更符合实时性的要求,并且能够更好的抵抗恶意节点的合谋攻击,具有更高的安全性。
5、研究了空间信息网的访问控制机制。根据空间信息网的特点,在两种不同的服务场景下为其分别构建了基于用户属性的访问控制机制。该机制中卫星节点用属性加密密钥加密数据并发送给用户,而用户根据门限原则用所持有的属性解密密钥解密数据,可以实现细粒度的访问控制。该机制中卫星节点与用户之间的信息交互次数达到了最小,卫星节点承担的运算负担也较小,还可以方便的实现用户对于网络数据的匿名性访问。
With the rapid growth of communication technology and the increasing userdemand, many new types of network have been emerging, in which space informationnetworks has become a research hotspot in recent years. The space informationnetworks, as a heterogeneous type of network system, which take satellite network asthe backbone network, include various types of space equipment, aerospace equipmentand associated ground equipment. The nodes in the space information networks arevulnerable to various types of attacks because of the open space communication, sothere is a need to establish suitable security mechanisms to ensure the communicationsafety in space information networks.
As there is no proven public key security architecture in space informationnetworks currently, this paper focus on the most important public key securitytechnology such as the management system of public key certificate, organization ofcertificate authority, certificate revocation mechanism and access control mechanism.
The main contributions of this thesis are as follows:
Firstly, the architecture of the space information networks is considered. Accordingto the features of different nodes in it, we propose a layered architecture for spaceinformation networks in which the satellite network performs main tasks of dataprocessing and communication and other equipments in space and the users on theground have been taken as the access nodes.
Secondly, the public key security architecture based on certificate is given. Wepropose a hierarchical hybrid certificate management solution in accordance with thelayered architecture of space information networks. In this solution, the core satellitelayer uses distributed CA model in order to improve the security of the core network,but the access node layer uses centralized CA model so as to achieve reliable andefficient access. The solution which divides the security of the space informationnetworks into different levels, effectively improves the network survivability.Furthermore, the solution has a good scalability because it will include more accessnodes conveniently with the expansion of network size.
Thirdly, a more secure distributed CA model is proposed. We propose an adaptivedistributed CA model in order to avoid security risks in the existing distributed CAmodel. In our model, the nodes which keep shares of CA private key are no longer beselected statically as in traditional model, but selected dynamically by all the nodes inthe networks. We introduce the credit value which changes with effective accusations for the nodes in networks, and the credit values of share-keepers are always the top n.The model can effectively prevent an attacker from obtaining a certificate managementauthority, and can improve the security of the entire network when used in the core
satellite layer of the space information networks.Fourthly, distributed certificate revocation mechanisms are studied. An efficientdistributed certificate revocation mechanism based on node monitoring and charges inadaptive distributed CA model is proposed. Share of revocation is labeled in every nodewhich identify whether the node’s certificate is revoked. This mechanism whichrequires less data communication between nodes effectively reduces the traffic load, soit is more suitable for space information network. Theoretical analysis and simulationexperiments indicate that the mechanism presented in this paper are more in line withreal-time requirements and can resist the collusion attacks between malicious nodes, a
higher security.Fifthly, the access control mechanisms in space information networks areconsidered. The access control mechanisms based on user’s attributes are constructed intwo different service scenarios. In our schemes, satellite node encrypts data with theattributes encryption keys and sends the cipher to user, while the user decrypts thecipher text with the attributes decryption keys according to the principle of threshold.These schemes can achieve fine-grained access control and reach a minimum number ofinformation exchanges between satellite node and user. Furthermore, the satellite nodebears a smaller burden of computation and the user can easily achieve anonymity fornetwork data access.
目前空间信息网还没有成熟的公钥安全架构,本文针对这一问题,就空间信息网的公钥证书管理体制、CA架构形式、证书撤销机制以及访问控制等具有重要地位的公钥安全技术进行了研究,取得了以下主要成果。
1、研究了空间信息网的体系结构。分析了组成空间信息网的不同节点的特点,提出了一种分层式的体系结构。其中卫星网络作为骨干网承担主要的数据处理与通信任务,其余航天、航空设备以及地面用户作为网络的接入节点。
2、研究了空间信息网基于证书的公钥安全机制。针对分层式的空间信息网体系结构,提出了一种分层混合式的证书管理方案。其中网络的核心卫星层采用分布式CA对节点证书进行管理以提高核心网络的安全性,而接入节点层则采用集中式CA以实现节点可靠和有效的接入。该方案将空间信息网的安全划分为不同的层次,有效地提高了网络的抗毁性,还可以随着网络规模的扩大而方便的接入更多的节点,具有良好的可扩展性。
3、研究了安全性更高的分布式CA模型。针对现有分布式CA模型中存在的安全隐患,提出了一种自适应分布式的CA模型。该模型中保管CA私钥的管理者节点不再是传统模型中的静态选择,而是随着网络运行由全体节点动态的进行选择。为节点引入信用值的概念,信用值随着网络中节点之间发起的有效的指控信息而改变,其中信用值最高的n个节点将自动成为CA私钥的管理者。该模型可以有效地防止攻击者获取证书管理权限,用于空间信息网的核心卫星层能够提高整个网络的安全性。
4、研究了分布式的证书撤销机制。针对空间信息网的特点,提出了一种高效的分布式证书撤销机制。该机制基于自适应分布式CA模型中的节点监督与指控,引入撤销份额以标识节点证书是否被撤销。该机制中节点之间只需要较少的数据通信,有效地降低了通信负载,比较适合于空间信息网高时延的场合。理论分析和仿真实验表明,本文给出的机制更符合实时性的要求,并且能够更好的抵抗恶意节点的合谋攻击,具有更高的安全性。
5、研究了空间信息网的访问控制机制。根据空间信息网的特点,在两种不同的服务场景下为其分别构建了基于用户属性的访问控制机制。该机制中卫星节点用属性加密密钥加密数据并发送给用户,而用户根据门限原则用所持有的属性解密密钥解密数据,可以实现细粒度的访问控制。该机制中卫星节点与用户之间的信息交互次数达到了最小,卫星节点承担的运算负担也较小,还可以方便的实现用户对于网络数据的匿名性访问。
With the rapid growth of communication technology and the increasing userdemand, many new types of network have been emerging, in which space informationnetworks has become a research hotspot in recent years. The space informationnetworks, as a heterogeneous type of network system, which take satellite network asthe backbone network, include various types of space equipment, aerospace equipmentand associated ground equipment. The nodes in the space information networks arevulnerable to various types of attacks because of the open space communication, sothere is a need to establish suitable security mechanisms to ensure the communicationsafety in space information networks.
As there is no proven public key security architecture in space informationnetworks currently, this paper focus on the most important public key securitytechnology such as the management system of public key certificate, organization ofcertificate authority, certificate revocation mechanism and access control mechanism.
The main contributions of this thesis are as follows:
Firstly, the architecture of the space information networks is considered. Accordingto the features of different nodes in it, we propose a layered architecture for spaceinformation networks in which the satellite network performs main tasks of dataprocessing and communication and other equipments in space and the users on theground have been taken as the access nodes.
Secondly, the public key security architecture based on certificate is given. Wepropose a hierarchical hybrid certificate management solution in accordance with thelayered architecture of space information networks. In this solution, the core satellitelayer uses distributed CA model in order to improve the security of the core network,but the access node layer uses centralized CA model so as to achieve reliable andefficient access. The solution which divides the security of the space informationnetworks into different levels, effectively improves the network survivability.Furthermore, the solution has a good scalability because it will include more accessnodes conveniently with the expansion of network size.
Thirdly, a more secure distributed CA model is proposed. We propose an adaptivedistributed CA model in order to avoid security risks in the existing distributed CAmodel. In our model, the nodes which keep shares of CA private key are no longer beselected statically as in traditional model, but selected dynamically by all the nodes inthe networks. We introduce the credit value which changes with effective accusations for the nodes in networks, and the credit values of share-keepers are always the top n.The model can effectively prevent an attacker from obtaining a certificate managementauthority, and can improve the security of the entire network when used in the core
satellite layer of the space information networks.Fourthly, distributed certificate revocation mechanisms are studied. An efficientdistributed certificate revocation mechanism based on node monitoring and charges inadaptive distributed CA model is proposed. Share of revocation is labeled in every nodewhich identify whether the node’s certificate is revoked. This mechanism whichrequires less data communication between nodes effectively reduces the traffic load, soit is more suitable for space information network. Theoretical analysis and simulationexperiments indicate that the mechanism presented in this paper are more in line withreal-time requirements and can resist the collusion attacks between malicious nodes, a
higher security.Fifthly, the access control mechanisms in space information networks areconsidered. The access control mechanisms based on user’s attributes are constructed intwo different service scenarios. In our schemes, satellite node encrypts data with theattributes encryption keys and sends the cipher to user, while the user decrypts thecipher text with the attributes decryption keys according to the principle of threshold.These schemes can achieve fine-grained access control and reach a minimum number ofinformation exchanges between satellite node and user. Furthermore, the satellite nodebears a smaller burden of computation and the user can easily achieve anonymity fornetwork data access.
引文
[1] Ian F A, Eylem E, Michael D B. MLSR: a novel routing algorithm formultilayered satellite IP networks [J]. IEEE/ACM Transactions on Networking,2002,10(3):411–424.
[2] Asvial M, Tafazolli R, Evans B G. Satellite constellation design and radioresource management using genetic algorithm [J]. IEE Communications,2004,151(3):204-208
[3] Chao C, Eylem E, Ian F A. Satellite grouping and routing protocol for LEO/MEOsatellite IP networks [J]. Proc. of the5th ACM International Workshop onWireless Mobile Multimedia2002:109-116.
[4] Vatalaro F, Corazza G E, Caini C, et al. Analysis of LEO, MEO and GEO GlobalMobile Satellite Systems in the Presence of Interference and Fading [J]. IEEEJournal on Selected Areas In Communications,1995.13(2):291~300.
[5] Maral G, Riddder J D, Evans B G, et al. Low Earth Orbit Satellite Systems forCommunications [J]. International Journal of Satellite Communications.1991,9:209~225.
[6] Hu Yu-rong, Li V.O.K. Satellite-based internet: a tutorial [J]. IEEECommunications Magazine. March2001,39(3):154-162.
[7]孙利民,卢泽新,吴志美. LEO卫星网络的路由技术[J].计算机学报,2004,27(5):659-667.
[8] Genevie`ve A, Claude C, Carlton R D. A localized certificate revocation schemefor mobile ad hoc networks [J]. Ad Hoc Networks,2008,6(1):17-31.
[9] Claude C, Carlton R.D. A certificate revocation scheme for wireless Ad Hocnetworks[C]//1st ACM Workshop on Security of Ad Hoc and Security of Ad Hocand Sensor Networks. New York: Association for Computing Machinery,2003.
[10] Alejandro A Z, High-Altitude Platforms for wireless communications [M]. AJohn Wiley and Sons, Ltd, Publication,2008.5-17.
[11] Del R E, Pierucci L. Next-Generation Mobile Satellite Networks [J]. IEEECommunication Magazine.2002,9:150~159.
[12]闵士权.国外卫星通信现状与发展趋势[J].航天器工程,2007,16(1):58-62.
[13] NASA Space Communication Architecture Working Group. NASA SpaceCommunication and Navigation Architecture Recommendations or2005-2030.SCAWG Final Report, May2006.
[14] Bhasin K,Hayden J L.Space Internet architecture and technologies for NASAenterprises [J]. International Journal of Satellite Communications.2002,20(5):31l一332.
[15] Balasubramanian A, Mishra S, Sridhar R. Secure Key Management for NASASpace Communication. ICNS’05
[16] Hilland D H, Phipps G S, Jingle C M, et al. Satellite threat warning and attackreporting. IEEE Aerospace Conference,1998:207-213.
[17]吴勤,高雁翎.美国反卫星武器的新进展.国际太空[J],2007,4:22-25.
[18] Warner J S, Johnston R G. A simple demonstration that the Global PositioningSystem (GPS) Is Vulnerable to Spoofing [J]. Journal of Security Administration,2002,25:19-28.
[19] Gao X Grace, David De Lorenzo, Todd Walter, et al. Acquisition and Trackingof GIOVE-A Broadcast L1/E5/E6Signals and Analysis of DME/TACANInterference on Receiver Design. Proc. of ENC Global Navigation SatelliteSystems Conference,2007.
[20] Gao X Grace, Spilker J, Todd Walter, et al. Code Generation Scheme andProperty Analysis of Broadcast Galileo L1and E6Signals. ION Proceedings of19th International Technical Meeting of the Satellite Division FortWorth, Texas:ION,2006:1526-1534.
[21] Gao X Grace, Alan Chen, Sherman Lo, David De Lorenzo, et al. Compass-M1Broadcast Codes in E2, E5b and E6Frequency Bands [J]. IEEE Journal ofSelected Topics in Signal Processing, Special Issue on Advanced SignalProcessing for GNSS and Robust Navigation,2009,3:599-612.
[22] Diffie W, Hellman M. New directions in cryptography [J]. IEEE Transactions onInformation Theory,1976,22(6):644–654.
[23] Rivest R L, Shamir A, and Adleman L M. A Method for Obtaining DigitalSignatures and Public-Key Cryptosystems [J]. In Proceedings ofCommunications. ACM.1978:120-126.
[24]毛文波.现代密码学理论与实践[M].北京:电子工业出版社,2004.
[25]冯登国,裴定一.密码学导引[M].北京:科学出版社,1999.
[26] Stallings W. Cryptography and Network Security: Principles and Practice [M].Prentice-Hall,2nd edition,1999.
[27] Housley R, Ford W, Polk W, et al. Internet X509public key infrastructurecertificate and CRL profile [EB/OL]. http://www.ietf.org/rfc/rfc2459.txt.
[28] ITU-T. ITU-T Recommendation X.509. ITU-T,2005.
[29] Zhou L D, Haas Z J. Securing ad hoc networks [J]. IEEE Networks Special Issueon Network Security,1999,13(6):24-30..
[30]荆继武,冯登国.一种入侵容忍的CA方案[J].软件学报,2002,13(8):1417-1422
[31]曹正军,刘木兰.唯签名的数字签名模型的分类[J].中国科学E辑:信息科学.2008,38(2):223-235.
[32] Shamir A. How to share a secret [J]. Communications of the ACM,1979,22(11):612-613.
[33] Desmedt Y, Frankel Y. Threshold cryptosystems [J]. In Proceedings of CRYPTO.1989,307-315.
[34] Desmedt Y, Frankel Y. Shared Generation of Authenticators and Signatures(Extended Abstract). In Proceedings of CRYPTO.1991,457-469.
[35] Reiter M K. Distributed Trust with the Rampart Toolkit [J]. Communications ofthe ACM,1996,39(4):71–74.
[36] Shoup V. Practical Threshold Signatures [J]. In Proceedings of EUROCRYPT.2000,207-220.
[37]许春香,董庆宽,肖国镇.矢量空间秘密恭喜-多重签名方案[J].电子学报,2003,31(1):48-50.
[38] Gennaro R, Halevi S, Krawczyk H, et al. Threshold RSA for Dynamic andAd-Hoc Groups [J]. In Proceedings of EUROCRYPT.2008,88-107.
[39] Delerablée C, Pointcheval D. Dynamic Threshold Public-Key Encryption [J]. InProceedings of CRYPTO.2008,317-334.
[40] Sandhu R, Samarati P. Access control: principles and practice [J]. IEEECommunications Magazine,1994,32(9):40-48.
[41] Sandhu R, Coyne E J, Feinstein H L et al. Role-Based access control models [J].IEEE Computers,1996,29(2):38-47.
[42] Zhang X, Li Y, Nalla D. An attribute-based access matrix model [C]//Proceedings of the2005ACM Symposium on Applied Computing. New Mexico:ACM Press,2005:359-363.
[43] Wang L Y, Wijesekera D, Jajodia S. A logic-based framework for attribute basedaccess control [C]//Proceedings of the2004ACM Workshop on Formal Methodsin Security Engineering. Washington DC: ACM Press,2004:45-55.
[44] Shamir A. Identity-Based Cryptosystems and Signature Schemes [J]. InProceedings of CRYPTO.1984,47-53.
[45] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [C]//InProceedings of the21st Annual International Cryptology Conference onAdvances in Cryptology, Berlin, Heidelberg: Springer-Verlag,2001:213–229.
[46] Cocks C. An Identity based encryption scheme based on quadratic residues. Proc.of the8th IMA International Conference on Cryptography and Coding,Cirencester, U.K.,2001:360-363.
[47] Boneh D, Boyen X. Efficient selective-ID secure identity based encryptionwithout random oracles [J]. Proc. of EUROCRYPT2004, Interlaken, Switzerland,2004:223-238.
[48] Boneh D, Boyen X. Secure Identity Based Encryption without Random Oracles[J]. Proc. of CRYPTO2004:443-459.
[49] Sakai R, Ohgishi K, Kasahara M. Cryptosystems based on pairing over ellipticcurve (in japanese). Proceedings of the Symposium on Cryptography andInformation Security,2001:8c-1.
[50] Waters B. Efficient Identity-Based Encryption without Random Oracles [J]. InProceedings of EUROCRYPT.2005,114-127.
[51] Gentry C. Practical identity-based encryption without random oracles [J]. Proc. ofEurocrypt2006, St. Petersburg, Russia, May28-June1,2006:445-464.
[52] Horwitz J, Lynn B. Toward Hierarchical Identity-Based Encryption [J]. InProceedings of EUROCRYPT.2002,466-481.
[53] Gentry C, Silverberg A. Hierarchical ID-Based Cryptography [J]. In Proceedingsof ASIACRYPT.2002,548-566.
[54] Canetti R, Halevi S, Katz J. A Forward-Secure Public-Key Encryption Scheme[J]. In Proceedings of EUROCRYPT.2003,255-271.
[55] Baek J, Zheng Y. Identity-Based Threshold Decryption [J]. In Proceedings ofPublic Key Cryptography.2004,262-276.
[56] Sahai A, Waters B. Fuzzy Identity-Based Encryption [J]. In Proceedings ofEUROCRYPT.2005,457-473.
[57] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grainedaccess control of encrypted data. In Proceedings of ACM Conference onComputer and Communications Security.2006,89-98.
[58] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy Attribute-Based Encryption.In Proceedings of IEEE Symposium on Security and Privacy.2007,321-334.
[59] Chase M. Multi-authority Attribute Based Encryption. In Proceedings of TCC.2007,515-534.
[60] Ayan R C, John S B. A Lightweight certificate-based source authenticationprotocol for group communications in hybrid wireless/satellite networks[R].IEEE GLOBECOM2008:1-6.
[61] Liang L, Iyengar S, Cruickshank H. Security for FLUTE over satellite networks
[R]. WRI International Conference on Communications and Mobile Computing,2009.(CMC’09). Volume3:485-491.
[62] Cruickshank H.S. A security system for satellite networks[R]. Fifth InternationalConference on Satellite Systems for Mobile Communications andNavigation,1996:187-190.
[63]冯涛,马建峰. UC安全的移动卫星通信系统认证密钥交换协议[J].宇航学报,2008,29(6):1959-1964.
[64]王宇,卢均,吴忠望.空间信息网络的组密钥管理[J].宇航学报,2006,27(3):553-555.
[65] Shahriar A, Atiquzzaman M, Rahman S. Mobility management protocols fornext-generation all-IP satellite networks [J]. IEEE Wireless Communications.2008:46-54.
[66] Lee J, Lee J, Kim T, Kim D. Satellite over Satellite (SOS) Network: A NovelConcept of Hierarchical Architecture and Routing in Satellite Network [J]. InProceedings of LCN.2000:392-399.
[67]张民,罗光春,王俊峰等.空间信息网络可靠传输协议研究[J].通信学报,2008,29(6):63-68
[68]徐志博,马恒太.一种用于卫星网络安全认证的协议设计与仿真[J].计算机工程与应用,2007,43(17):130-132.
[69] Eylem E, Ian F A, Michael D B. A distributed routing algorithm for datagramtraffic in LEO satellite networks [J]. IEEE/ACM Transactions on Networking,2001,9(2):137~147.
[70] Ayan R C, John S B, Michael H. Security Issues in Hybrid Networks with aSatellite Component [J]. IEEE Wireless Communications,2005:50-61.
[71] Papoutsis E, Howells G, Hopkins A, McDonald M. Key Generation for SecureInter-satellite Communication. In Proceedings of AHS.2007:671-681.
[72] Chang Y F, Chang C C. An efficient authentication protocol for mobile satellitecommunication systems [J]. Operating Systems Review,2005:70~84.
[73] Sastri L K. Broadband Satellite Networks: Trends and Challenges [J]. IEEECommunications Society/WCNC,2005:1472-1478.
[74] Zheng W, Meng X, Jiang L Z. Security Issue For Space Internet. InternationalConference on Intelligent Computation Technology and Automation (ICICTA),2008:194-198.
[75] Arslan M G, Alag z F. Security issues and performance study of key managementtechniques over satellite links. In Proceedings of CAMAD.2006:122-128.
[76] Shave N. Space systems and Internet integration: security considerations. IEESeminar on Satellite Services and the Internet,2000:7/1-7/4.
[77] Wang K, Zhao Z W, Yao L. An Agile Reconfigurable Key Distribution Scheme inSpace Information Network. IEEE Conference on Industrial Electronics andApplications,2007:2742-2747.
[78] Zhou L D, Haas Z J. Securing ad hoc networks [J]. IEEE Networks Special Issueon Network Security,1999,13(6):24-30.
[79] Luo H, Zerfos P,Kong J, et al. Self-securing Ad Hoc wireless networks[A]. Procof the7th IEEE Symposiumon Computers and Communications (ISCC’02)[C].Italy,2002:567-574.
[80] Kong J,Zerfos P,Luo H,et al. Providing robust and ubiquitous security supportfor mobile Ad Hoc networks [A]. IEEE9th International Conference on NetworkProtocols (ICNP’01)[C]. Riverside,California,2001:251-260.
[81]欧阳自远,李春来,邹永廖,等.深空探测的进展与我国深空探测的发展战略[J].中国航天,2002,(12):28-32.
[82]姜昌,黄宇民,胡勇.研究与开发天基深空通信跟踪(C&T)网的倡议[J].飞行器测控学报,1999,18(4):28-37.
[83] Hooke A. The interplanetary internet [J]. Communication of theACM,2001,44(9):38-40.
[84] Akyildiz I F, Akan B, Chen C, et al. Interplanetary internet: state-of-the-art andresearch challenges [J]. Computer Networks,2003,43(2):75-112.
[85] Werner M, Delucchi C, Vogel H, et al. ATM-based Routing in LEO/MEOSatellite Networks with Intersatellite Links [J]. IEEE Journal on Selected Areasin Communications,1997,15(1):69-82.
[86] Ozgur E, Michael O B, Leandros T. Next generation satellite systems foraeronautical communications [J]. Int. J. Satell. Commun. Network.2004,22:157–179.
[87] Noles J, Scott K, Kukoski M J, Weiss H. Next Generation Space Internet.2ndESA Workshop on Tracking Telemetry and Command Systems for SpaceApplications,2001.
[88]李喆,李冬妮,王光兴. LEO/MEO卫星网络中运用自组网思想的动态路由算法[J].通信学报,2005,26(5):50-56.
[89]万鹏,曹志刚,王京林. LEO星座网络动态源路由算法[J].宇航学报,2007,28(5):1295-1303.
[90]王宇,卢昱,吴忠望等.构建多级多层的空间信息系统安全基础设施[J].宇航学报,2007,28(5):1081-1085.
[91] Balasubramanian A, Mishra S and Sridhar R. Analysis of a Hybrid KeyManagement Solution for MANETs. IEEE Wireless Communication andNetworking Conference, New Orleans, LA, March,2005.
[92] Gutmann P. PKI: It's Not Dead, Just Resting [J]. In Proceedings of IEEEComputer.2002,41-49.
[93] Blakley G R. Safeguarding cryptographic keys. In: Proceedings of the NationalComputer Conference1979,48:313-317
[94]易平,蒋嶷川,张世永等.移动ad hoc网络安全综述[J].电子学报,2005,33(5):893-899.
[95] Kong J, Luo H, Xu K, et al. Adaptive security for multilevel ad hoc networks.In Proceedings of Wireless Communications and Mobile Computing.2002(2):533-547.
[96] Zheng P. Tradeoffs in certificate revocation schemes. In Proceedings of ComputerCommunication Review.2003,103-112.
[97]钟欢,许春香,秦志光. Ad Hoc网络中的分布式证书撤销机制[J].电子科技大学学报,2007,36(3):496-499.
[98]宁红宙,刘云,何德全.一种用于Ad Hoc网络的分布式证书撤销算法[J].北京交通大学学报,2005,29(2):44-68.
[99] International Telecommunication Union. ITU Internet Reports2005: The Internetof Things [R/OL].[2010-12-10].http://www.itu.int/osg/spu/publications/internetofthings/InternetofThings_summary.pdf.
[100]武传坤.物联网安全架构初探[J].中国科学院院刊,2010,25(04):411-419.
[101]顾晶晶,陈松灿,庄毅.基于无线传感器网络拓扑结构的物联网定位模型[J].计算机学报,2010,33(9):1548-1556.
[102] Wang Yong, Attebury G, Ramamurthy B. A Survey of Security Issues in WirelessSensor Networks [J]. IEEE In Communications Surveys&Tutorials,2006,8(2):2-23.
[103]裴庆琪,沈玉龙,马建峰.无线传感器网络安全技术综述[J].通信学报,2007,28(8):113-122.
[104]刘云,裴庆琪.一种传感器网络访问控制机制[J].西安电子科技大学学报,2010,37(3):507-512.
[105]杜志强,沈玉龙,马建峰等.基于信息覆盖的无线传感器网络访问控制机制[J].通信学报,2010,31(2):113-119.
[106] Yan J, Ma J, Liu H. Key hierarchies for hierarchical access control in securegroup communications [J]. In Proceedings of Computer Networks.2009,353-364.
[107] Banerjee S, Mukhopadhyay D. Symmetric key based authenticated querying inwireless sensor networks [C]//Proceedings of the First International Conferenceon Integrated Internet Ad Hoc and Sensor Networks. New York: ACM Press,2006.
[108] Maccari L, Mainardi L, Marchitt M A, et al. Lightweight, distributed accesscontrol for wireless sensor networks supporting mobility [C]//InternationalConference on Communications2008(ICC '08). BeiJing: IEEE,2008:1441-1445.
[109] Benenson Z, Gartner F C, Kesdogan D. An Algorithmic Framework for RobustAccess Control in Wireless Sensor Networks [C]//Second European Workshopo n Wireless Sensor Networks (EWSN). Germary: Computer Science,2005:158-165.
[110] Benenson Z, Gedicke N, Raivio O. Realizing robust user authentication in sensornetworks [C]//Workshop on Real-World Wireless Sensor Networks. StockholmSweden: Swedish Insitute of Computer Science,2005:135-142.
[111] Watro R, Kong D, Cuti S fen, et al. TinyPK: securing sensor networks with publickey technology.[C]//In Proceedings of the2nd ACM workshop on Security of adhoc and sensor networks. Washington DC: ACM Press,2004:59-64.
[112]李晓峰,冯登国,陈朝武等.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98.
[113]王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667.
[114]林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414.
[115] Lin H, Cao Z, Liang X, et al. Secure threshold multi authority attribute basedencryption without a central authority [J]. In Proceedings of INDOCRYPT2008,426-436.
[116] Chase M, Chow S S M. Improving privacy and security in multi-authorityattribute-based encryption. In Proceedings of ACM Conference on Computer andCommunications Security [J].2009,121-130.
[117] Pirretti M, Traynor P, McDaniel P, et al. Secure attribute-based systems [J]. InProceedings of Journal of Computer Security.2010,799-837.
[118] Baek J, Susilo W, Zhou J. New constructions of fuzzy identity-based encryption.In Proceedings of ASIACCS.2007,368-370.
[119] Li J, Kim K. Hidden attribute-based signatures without anonymity revocation [J].In Proceedings of Information Sciences.2010,1681-1689.
[120] Huang D, Verma M. ASPE: Attribute-based secure policy enforcement invehicular ad hoc networks. Ad Hoc Networks [J].2009,1526-1535.
[121] Herranz J, Laguillaumie F, Ràfols C. Constant Size Ciphertexts in ThresholdAttribute-Based Encryption [J]. In Proceedings of Public Key Cryptography.2010,19-34.
[122] Cheung L,Newport C. Provably secure ciphertext policy ABE [J]. Proc. of ACMConference on Computer and Communications Security,2007:456-465.
[123] Goyal V, Jain A, Pandey O, et al. Bounded ciphertext policy attribute basedencryption [J]. Proc. of Automata, Languages and Programming,2008:579-591.
[124] Katz J, Sahai A, Waters B. Predicate Encryption Supporting Disjunctions,Poly-nomial Equations, and Inner Products [J]. Proc. of EUROCRYPT,2008:146-162.
[125] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonicaccess structures [J]. Proc. of ACM Conference on Computer andCommunications Security,2007:195-203.
[126] Waters B. Ciphertext-Policy Attribute-Based Encryption: An Expressive,Efficient, and Provably Secure Realization. Cryptology ePrint Archive2008/290.
[127] Gorantla M, Boyd C, Juan M G. Attribute-based Authenticated Key Exchange [J].Proc. of ACISP2010, Sydney,2010.
[128] Goldwasser S, Micali S, Rivest R L. A Digital Signature Scheme Secure AgainstAdaptive Chosen-Message Attacks [J]. In Proceedings of SIAM J. Comput..1988,281-308.
[129] Desmedt Y. Society and Group Oriented Cryptography: A New Concept [J]. InProceedings CRYPTO,1987,120–127.
[130] Fiat A, Shamir A. How to Prove Yourself: Practical Solutions to Identificationand Signature Problems [J]. In Proceedings of CRYPTO.1986,186-194.
[131] Frankel Y, Gemmell P, MacKenzie P D, et al. Proactive RSA [J]. In Proceedingsof CRYPTO.1997,440-454.
[132] Herzberg A, Jakobsson M, Jarecki S, et al. Proactive Public Key and SignatureSystems[J]. In Proceedings of ACM Conference on Computer andCommunications Security.1997,100-110.
[133] Herzberg A, Jarecki S, Krawczyk H, et al. Proactive Secret Sharing Or: How toCope With Perpetual Leakage [J]. In Proceedings of CRYPTO.1995,339-352.
[134] Desmedt Y, Jajodia S. Redistributing secret shares to new access structures andits applications. Technical Report ISSE TR-97-01, George Mason University,1997.
[135] Bellur B. Certificate Assignment Strategies for a PKI-Based Security Architecturein a Vehicular Network. In Proceedings of GLOBECOM.2008,1836-1841.
[136] Ahmet M E, Edward J D. A key transport protocol based on secret sharingapplications to information security [J]. IEEE Transactions on ConsumerElectronics,2002,48(4):816-824.
[137] Wu Q, Mu Y, Susilo W, et al. Asymmetric group key agreement [J]. In:Proceedings of Eurocrypt'2009.153-170.
[138] Wu Q, Qin B, Zhang L, et al. Ad hoc broadcast encryption [J]. In: Proceedings ofACM Conference on Computer and Communications Security.2010:741-743.
[2] Asvial M, Tafazolli R, Evans B G. Satellite constellation design and radioresource management using genetic algorithm [J]. IEE Communications,2004,151(3):204-208
[3] Chao C, Eylem E, Ian F A. Satellite grouping and routing protocol for LEO/MEOsatellite IP networks [J]. Proc. of the5th ACM International Workshop onWireless Mobile Multimedia2002:109-116.
[4] Vatalaro F, Corazza G E, Caini C, et al. Analysis of LEO, MEO and GEO GlobalMobile Satellite Systems in the Presence of Interference and Fading [J]. IEEEJournal on Selected Areas In Communications,1995.13(2):291~300.
[5] Maral G, Riddder J D, Evans B G, et al. Low Earth Orbit Satellite Systems forCommunications [J]. International Journal of Satellite Communications.1991,9:209~225.
[6] Hu Yu-rong, Li V.O.K. Satellite-based internet: a tutorial [J]. IEEECommunications Magazine. March2001,39(3):154-162.
[7]孙利民,卢泽新,吴志美. LEO卫星网络的路由技术[J].计算机学报,2004,27(5):659-667.
[8] Genevie`ve A, Claude C, Carlton R D. A localized certificate revocation schemefor mobile ad hoc networks [J]. Ad Hoc Networks,2008,6(1):17-31.
[9] Claude C, Carlton R.D. A certificate revocation scheme for wireless Ad Hocnetworks[C]//1st ACM Workshop on Security of Ad Hoc and Security of Ad Hocand Sensor Networks. New York: Association for Computing Machinery,2003.
[10] Alejandro A Z, High-Altitude Platforms for wireless communications [M]. AJohn Wiley and Sons, Ltd, Publication,2008.5-17.
[11] Del R E, Pierucci L. Next-Generation Mobile Satellite Networks [J]. IEEECommunication Magazine.2002,9:150~159.
[12]闵士权.国外卫星通信现状与发展趋势[J].航天器工程,2007,16(1):58-62.
[13] NASA Space Communication Architecture Working Group. NASA SpaceCommunication and Navigation Architecture Recommendations or2005-2030.SCAWG Final Report, May2006.
[14] Bhasin K,Hayden J L.Space Internet architecture and technologies for NASAenterprises [J]. International Journal of Satellite Communications.2002,20(5):31l一332.
[15] Balasubramanian A, Mishra S, Sridhar R. Secure Key Management for NASASpace Communication. ICNS’05
[16] Hilland D H, Phipps G S, Jingle C M, et al. Satellite threat warning and attackreporting. IEEE Aerospace Conference,1998:207-213.
[17]吴勤,高雁翎.美国反卫星武器的新进展.国际太空[J],2007,4:22-25.
[18] Warner J S, Johnston R G. A simple demonstration that the Global PositioningSystem (GPS) Is Vulnerable to Spoofing [J]. Journal of Security Administration,2002,25:19-28.
[19] Gao X Grace, David De Lorenzo, Todd Walter, et al. Acquisition and Trackingof GIOVE-A Broadcast L1/E5/E6Signals and Analysis of DME/TACANInterference on Receiver Design. Proc. of ENC Global Navigation SatelliteSystems Conference,2007.
[20] Gao X Grace, Spilker J, Todd Walter, et al. Code Generation Scheme andProperty Analysis of Broadcast Galileo L1and E6Signals. ION Proceedings of19th International Technical Meeting of the Satellite Division FortWorth, Texas:ION,2006:1526-1534.
[21] Gao X Grace, Alan Chen, Sherman Lo, David De Lorenzo, et al. Compass-M1Broadcast Codes in E2, E5b and E6Frequency Bands [J]. IEEE Journal ofSelected Topics in Signal Processing, Special Issue on Advanced SignalProcessing for GNSS and Robust Navigation,2009,3:599-612.
[22] Diffie W, Hellman M. New directions in cryptography [J]. IEEE Transactions onInformation Theory,1976,22(6):644–654.
[23] Rivest R L, Shamir A, and Adleman L M. A Method for Obtaining DigitalSignatures and Public-Key Cryptosystems [J]. In Proceedings ofCommunications. ACM.1978:120-126.
[24]毛文波.现代密码学理论与实践[M].北京:电子工业出版社,2004.
[25]冯登国,裴定一.密码学导引[M].北京:科学出版社,1999.
[26] Stallings W. Cryptography and Network Security: Principles and Practice [M].Prentice-Hall,2nd edition,1999.
[27] Housley R, Ford W, Polk W, et al. Internet X509public key infrastructurecertificate and CRL profile [EB/OL]. http://www.ietf.org/rfc/rfc2459.txt.
[28] ITU-T. ITU-T Recommendation X.509. ITU-T,2005.
[29] Zhou L D, Haas Z J. Securing ad hoc networks [J]. IEEE Networks Special Issueon Network Security,1999,13(6):24-30..
[30]荆继武,冯登国.一种入侵容忍的CA方案[J].软件学报,2002,13(8):1417-1422
[31]曹正军,刘木兰.唯签名的数字签名模型的分类[J].中国科学E辑:信息科学.2008,38(2):223-235.
[32] Shamir A. How to share a secret [J]. Communications of the ACM,1979,22(11):612-613.
[33] Desmedt Y, Frankel Y. Threshold cryptosystems [J]. In Proceedings of CRYPTO.1989,307-315.
[34] Desmedt Y, Frankel Y. Shared Generation of Authenticators and Signatures(Extended Abstract). In Proceedings of CRYPTO.1991,457-469.
[35] Reiter M K. Distributed Trust with the Rampart Toolkit [J]. Communications ofthe ACM,1996,39(4):71–74.
[36] Shoup V. Practical Threshold Signatures [J]. In Proceedings of EUROCRYPT.2000,207-220.
[37]许春香,董庆宽,肖国镇.矢量空间秘密恭喜-多重签名方案[J].电子学报,2003,31(1):48-50.
[38] Gennaro R, Halevi S, Krawczyk H, et al. Threshold RSA for Dynamic andAd-Hoc Groups [J]. In Proceedings of EUROCRYPT.2008,88-107.
[39] Delerablée C, Pointcheval D. Dynamic Threshold Public-Key Encryption [J]. InProceedings of CRYPTO.2008,317-334.
[40] Sandhu R, Samarati P. Access control: principles and practice [J]. IEEECommunications Magazine,1994,32(9):40-48.
[41] Sandhu R, Coyne E J, Feinstein H L et al. Role-Based access control models [J].IEEE Computers,1996,29(2):38-47.
[42] Zhang X, Li Y, Nalla D. An attribute-based access matrix model [C]//Proceedings of the2005ACM Symposium on Applied Computing. New Mexico:ACM Press,2005:359-363.
[43] Wang L Y, Wijesekera D, Jajodia S. A logic-based framework for attribute basedaccess control [C]//Proceedings of the2004ACM Workshop on Formal Methodsin Security Engineering. Washington DC: ACM Press,2004:45-55.
[44] Shamir A. Identity-Based Cryptosystems and Signature Schemes [J]. InProceedings of CRYPTO.1984,47-53.
[45] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [C]//InProceedings of the21st Annual International Cryptology Conference onAdvances in Cryptology, Berlin, Heidelberg: Springer-Verlag,2001:213–229.
[46] Cocks C. An Identity based encryption scheme based on quadratic residues. Proc.of the8th IMA International Conference on Cryptography and Coding,Cirencester, U.K.,2001:360-363.
[47] Boneh D, Boyen X. Efficient selective-ID secure identity based encryptionwithout random oracles [J]. Proc. of EUROCRYPT2004, Interlaken, Switzerland,2004:223-238.
[48] Boneh D, Boyen X. Secure Identity Based Encryption without Random Oracles[J]. Proc. of CRYPTO2004:443-459.
[49] Sakai R, Ohgishi K, Kasahara M. Cryptosystems based on pairing over ellipticcurve (in japanese). Proceedings of the Symposium on Cryptography andInformation Security,2001:8c-1.
[50] Waters B. Efficient Identity-Based Encryption without Random Oracles [J]. InProceedings of EUROCRYPT.2005,114-127.
[51] Gentry C. Practical identity-based encryption without random oracles [J]. Proc. ofEurocrypt2006, St. Petersburg, Russia, May28-June1,2006:445-464.
[52] Horwitz J, Lynn B. Toward Hierarchical Identity-Based Encryption [J]. InProceedings of EUROCRYPT.2002,466-481.
[53] Gentry C, Silverberg A. Hierarchical ID-Based Cryptography [J]. In Proceedingsof ASIACRYPT.2002,548-566.
[54] Canetti R, Halevi S, Katz J. A Forward-Secure Public-Key Encryption Scheme[J]. In Proceedings of EUROCRYPT.2003,255-271.
[55] Baek J, Zheng Y. Identity-Based Threshold Decryption [J]. In Proceedings ofPublic Key Cryptography.2004,262-276.
[56] Sahai A, Waters B. Fuzzy Identity-Based Encryption [J]. In Proceedings ofEUROCRYPT.2005,457-473.
[57] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grainedaccess control of encrypted data. In Proceedings of ACM Conference onComputer and Communications Security.2006,89-98.
[58] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy Attribute-Based Encryption.In Proceedings of IEEE Symposium on Security and Privacy.2007,321-334.
[59] Chase M. Multi-authority Attribute Based Encryption. In Proceedings of TCC.2007,515-534.
[60] Ayan R C, John S B. A Lightweight certificate-based source authenticationprotocol for group communications in hybrid wireless/satellite networks[R].IEEE GLOBECOM2008:1-6.
[61] Liang L, Iyengar S, Cruickshank H. Security for FLUTE over satellite networks
[R]. WRI International Conference on Communications and Mobile Computing,2009.(CMC’09). Volume3:485-491.
[62] Cruickshank H.S. A security system for satellite networks[R]. Fifth InternationalConference on Satellite Systems for Mobile Communications andNavigation,1996:187-190.
[63]冯涛,马建峰. UC安全的移动卫星通信系统认证密钥交换协议[J].宇航学报,2008,29(6):1959-1964.
[64]王宇,卢均,吴忠望.空间信息网络的组密钥管理[J].宇航学报,2006,27(3):553-555.
[65] Shahriar A, Atiquzzaman M, Rahman S. Mobility management protocols fornext-generation all-IP satellite networks [J]. IEEE Wireless Communications.2008:46-54.
[66] Lee J, Lee J, Kim T, Kim D. Satellite over Satellite (SOS) Network: A NovelConcept of Hierarchical Architecture and Routing in Satellite Network [J]. InProceedings of LCN.2000:392-399.
[67]张民,罗光春,王俊峰等.空间信息网络可靠传输协议研究[J].通信学报,2008,29(6):63-68
[68]徐志博,马恒太.一种用于卫星网络安全认证的协议设计与仿真[J].计算机工程与应用,2007,43(17):130-132.
[69] Eylem E, Ian F A, Michael D B. A distributed routing algorithm for datagramtraffic in LEO satellite networks [J]. IEEE/ACM Transactions on Networking,2001,9(2):137~147.
[70] Ayan R C, John S B, Michael H. Security Issues in Hybrid Networks with aSatellite Component [J]. IEEE Wireless Communications,2005:50-61.
[71] Papoutsis E, Howells G, Hopkins A, McDonald M. Key Generation for SecureInter-satellite Communication. In Proceedings of AHS.2007:671-681.
[72] Chang Y F, Chang C C. An efficient authentication protocol for mobile satellitecommunication systems [J]. Operating Systems Review,2005:70~84.
[73] Sastri L K. Broadband Satellite Networks: Trends and Challenges [J]. IEEECommunications Society/WCNC,2005:1472-1478.
[74] Zheng W, Meng X, Jiang L Z. Security Issue For Space Internet. InternationalConference on Intelligent Computation Technology and Automation (ICICTA),2008:194-198.
[75] Arslan M G, Alag z F. Security issues and performance study of key managementtechniques over satellite links. In Proceedings of CAMAD.2006:122-128.
[76] Shave N. Space systems and Internet integration: security considerations. IEESeminar on Satellite Services and the Internet,2000:7/1-7/4.
[77] Wang K, Zhao Z W, Yao L. An Agile Reconfigurable Key Distribution Scheme inSpace Information Network. IEEE Conference on Industrial Electronics andApplications,2007:2742-2747.
[78] Zhou L D, Haas Z J. Securing ad hoc networks [J]. IEEE Networks Special Issueon Network Security,1999,13(6):24-30.
[79] Luo H, Zerfos P,Kong J, et al. Self-securing Ad Hoc wireless networks[A]. Procof the7th IEEE Symposiumon Computers and Communications (ISCC’02)[C].Italy,2002:567-574.
[80] Kong J,Zerfos P,Luo H,et al. Providing robust and ubiquitous security supportfor mobile Ad Hoc networks [A]. IEEE9th International Conference on NetworkProtocols (ICNP’01)[C]. Riverside,California,2001:251-260.
[81]欧阳自远,李春来,邹永廖,等.深空探测的进展与我国深空探测的发展战略[J].中国航天,2002,(12):28-32.
[82]姜昌,黄宇民,胡勇.研究与开发天基深空通信跟踪(C&T)网的倡议[J].飞行器测控学报,1999,18(4):28-37.
[83] Hooke A. The interplanetary internet [J]. Communication of theACM,2001,44(9):38-40.
[84] Akyildiz I F, Akan B, Chen C, et al. Interplanetary internet: state-of-the-art andresearch challenges [J]. Computer Networks,2003,43(2):75-112.
[85] Werner M, Delucchi C, Vogel H, et al. ATM-based Routing in LEO/MEOSatellite Networks with Intersatellite Links [J]. IEEE Journal on Selected Areasin Communications,1997,15(1):69-82.
[86] Ozgur E, Michael O B, Leandros T. Next generation satellite systems foraeronautical communications [J]. Int. J. Satell. Commun. Network.2004,22:157–179.
[87] Noles J, Scott K, Kukoski M J, Weiss H. Next Generation Space Internet.2ndESA Workshop on Tracking Telemetry and Command Systems for SpaceApplications,2001.
[88]李喆,李冬妮,王光兴. LEO/MEO卫星网络中运用自组网思想的动态路由算法[J].通信学报,2005,26(5):50-56.
[89]万鹏,曹志刚,王京林. LEO星座网络动态源路由算法[J].宇航学报,2007,28(5):1295-1303.
[90]王宇,卢昱,吴忠望等.构建多级多层的空间信息系统安全基础设施[J].宇航学报,2007,28(5):1081-1085.
[91] Balasubramanian A, Mishra S and Sridhar R. Analysis of a Hybrid KeyManagement Solution for MANETs. IEEE Wireless Communication andNetworking Conference, New Orleans, LA, March,2005.
[92] Gutmann P. PKI: It's Not Dead, Just Resting [J]. In Proceedings of IEEEComputer.2002,41-49.
[93] Blakley G R. Safeguarding cryptographic keys. In: Proceedings of the NationalComputer Conference1979,48:313-317
[94]易平,蒋嶷川,张世永等.移动ad hoc网络安全综述[J].电子学报,2005,33(5):893-899.
[95] Kong J, Luo H, Xu K, et al. Adaptive security for multilevel ad hoc networks.In Proceedings of Wireless Communications and Mobile Computing.2002(2):533-547.
[96] Zheng P. Tradeoffs in certificate revocation schemes. In Proceedings of ComputerCommunication Review.2003,103-112.
[97]钟欢,许春香,秦志光. Ad Hoc网络中的分布式证书撤销机制[J].电子科技大学学报,2007,36(3):496-499.
[98]宁红宙,刘云,何德全.一种用于Ad Hoc网络的分布式证书撤销算法[J].北京交通大学学报,2005,29(2):44-68.
[99] International Telecommunication Union. ITU Internet Reports2005: The Internetof Things [R/OL].[2010-12-10].http://www.itu.int/osg/spu/publications/internetofthings/InternetofThings_summary.pdf.
[100]武传坤.物联网安全架构初探[J].中国科学院院刊,2010,25(04):411-419.
[101]顾晶晶,陈松灿,庄毅.基于无线传感器网络拓扑结构的物联网定位模型[J].计算机学报,2010,33(9):1548-1556.
[102] Wang Yong, Attebury G, Ramamurthy B. A Survey of Security Issues in WirelessSensor Networks [J]. IEEE In Communications Surveys&Tutorials,2006,8(2):2-23.
[103]裴庆琪,沈玉龙,马建峰.无线传感器网络安全技术综述[J].通信学报,2007,28(8):113-122.
[104]刘云,裴庆琪.一种传感器网络访问控制机制[J].西安电子科技大学学报,2010,37(3):507-512.
[105]杜志强,沈玉龙,马建峰等.基于信息覆盖的无线传感器网络访问控制机制[J].通信学报,2010,31(2):113-119.
[106] Yan J, Ma J, Liu H. Key hierarchies for hierarchical access control in securegroup communications [J]. In Proceedings of Computer Networks.2009,353-364.
[107] Banerjee S, Mukhopadhyay D. Symmetric key based authenticated querying inwireless sensor networks [C]//Proceedings of the First International Conferenceon Integrated Internet Ad Hoc and Sensor Networks. New York: ACM Press,2006.
[108] Maccari L, Mainardi L, Marchitt M A, et al. Lightweight, distributed accesscontrol for wireless sensor networks supporting mobility [C]//InternationalConference on Communications2008(ICC '08). BeiJing: IEEE,2008:1441-1445.
[109] Benenson Z, Gartner F C, Kesdogan D. An Algorithmic Framework for RobustAccess Control in Wireless Sensor Networks [C]//Second European Workshopo n Wireless Sensor Networks (EWSN). Germary: Computer Science,2005:158-165.
[110] Benenson Z, Gedicke N, Raivio O. Realizing robust user authentication in sensornetworks [C]//Workshop on Real-World Wireless Sensor Networks. StockholmSweden: Swedish Insitute of Computer Science,2005:135-142.
[111] Watro R, Kong D, Cuti S fen, et al. TinyPK: securing sensor networks with publickey technology.[C]//In Proceedings of the2nd ACM workshop on Security of adhoc and sensor networks. Washington DC: ACM Press,2004:59-64.
[112]李晓峰,冯登国,陈朝武等.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98.
[113]王小明,付红,张立臣.基于属性的访问控制研究进展[J].电子学报,2010,38(7):1660-1667.
[114]林莉,怀进鹏,李先贤.基于属性的访问控制策略合成代数[J].软件学报,2009,20(2):403-414.
[115] Lin H, Cao Z, Liang X, et al. Secure threshold multi authority attribute basedencryption without a central authority [J]. In Proceedings of INDOCRYPT2008,426-436.
[116] Chase M, Chow S S M. Improving privacy and security in multi-authorityattribute-based encryption. In Proceedings of ACM Conference on Computer andCommunications Security [J].2009,121-130.
[117] Pirretti M, Traynor P, McDaniel P, et al. Secure attribute-based systems [J]. InProceedings of Journal of Computer Security.2010,799-837.
[118] Baek J, Susilo W, Zhou J. New constructions of fuzzy identity-based encryption.In Proceedings of ASIACCS.2007,368-370.
[119] Li J, Kim K. Hidden attribute-based signatures without anonymity revocation [J].In Proceedings of Information Sciences.2010,1681-1689.
[120] Huang D, Verma M. ASPE: Attribute-based secure policy enforcement invehicular ad hoc networks. Ad Hoc Networks [J].2009,1526-1535.
[121] Herranz J, Laguillaumie F, Ràfols C. Constant Size Ciphertexts in ThresholdAttribute-Based Encryption [J]. In Proceedings of Public Key Cryptography.2010,19-34.
[122] Cheung L,Newport C. Provably secure ciphertext policy ABE [J]. Proc. of ACMConference on Computer and Communications Security,2007:456-465.
[123] Goyal V, Jain A, Pandey O, et al. Bounded ciphertext policy attribute basedencryption [J]. Proc. of Automata, Languages and Programming,2008:579-591.
[124] Katz J, Sahai A, Waters B. Predicate Encryption Supporting Disjunctions,Poly-nomial Equations, and Inner Products [J]. Proc. of EUROCRYPT,2008:146-162.
[125] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonicaccess structures [J]. Proc. of ACM Conference on Computer andCommunications Security,2007:195-203.
[126] Waters B. Ciphertext-Policy Attribute-Based Encryption: An Expressive,Efficient, and Provably Secure Realization. Cryptology ePrint Archive2008/290.
[127] Gorantla M, Boyd C, Juan M G. Attribute-based Authenticated Key Exchange [J].Proc. of ACISP2010, Sydney,2010.
[128] Goldwasser S, Micali S, Rivest R L. A Digital Signature Scheme Secure AgainstAdaptive Chosen-Message Attacks [J]. In Proceedings of SIAM J. Comput..1988,281-308.
[129] Desmedt Y. Society and Group Oriented Cryptography: A New Concept [J]. InProceedings CRYPTO,1987,120–127.
[130] Fiat A, Shamir A. How to Prove Yourself: Practical Solutions to Identificationand Signature Problems [J]. In Proceedings of CRYPTO.1986,186-194.
[131] Frankel Y, Gemmell P, MacKenzie P D, et al. Proactive RSA [J]. In Proceedingsof CRYPTO.1997,440-454.
[132] Herzberg A, Jakobsson M, Jarecki S, et al. Proactive Public Key and SignatureSystems[J]. In Proceedings of ACM Conference on Computer andCommunications Security.1997,100-110.
[133] Herzberg A, Jarecki S, Krawczyk H, et al. Proactive Secret Sharing Or: How toCope With Perpetual Leakage [J]. In Proceedings of CRYPTO.1995,339-352.
[134] Desmedt Y, Jajodia S. Redistributing secret shares to new access structures andits applications. Technical Report ISSE TR-97-01, George Mason University,1997.
[135] Bellur B. Certificate Assignment Strategies for a PKI-Based Security Architecturein a Vehicular Network. In Proceedings of GLOBECOM.2008,1836-1841.
[136] Ahmet M E, Edward J D. A key transport protocol based on secret sharingapplications to information security [J]. IEEE Transactions on ConsumerElectronics,2002,48(4):816-824.
[137] Wu Q, Mu Y, Susilo W, et al. Asymmetric group key agreement [J]. In:Proceedings of Eurocrypt'2009.153-170.
[138] Wu Q, Qin B, Zhang L, et al. Ad hoc broadcast encryption [J]. In: Proceedings ofACM Conference on Computer and Communications Security.2010:741-743.