密钥建立协议及其云存储应用研究
|
摘要
现代密码体制为在不可信、开放的网络上实现通信的机密性、数据完整性和认证性提供了重要保障。由于现代密码体制和协议均需要公开,密钥安全性是上述三个基本安全服务得以实现的根本。因此,进行安全通信的用户希望通过运行能生成密钥的安全协议实现此目标,该安全协议称为密钥建立/管理/交换协议。论文围绕密钥建立协议理论及其在云存储中的应用展开。
利用因特网上指定的路由器充当密钥原料传送节点,构造一棵密钥原料传送树,提出了一种新颖的基于密钥原料传送树的密钥建立协议。该协议将组成员划分为子组分别依附在密钥原料传送节点上。密钥生成中心利用密钥原料传送树传送生成会话加密密钥的相关信息,而会话密钥最终只能由合法成员计算得出,而密钥原料传送节点和非法成员不能计算出会话密钥。提出的密钥建立方案具有:良好的可扩展性,适用英特网高动态、大规模的通信组;更新会话密钥时,密钥原料传送节点分担了密钥生成中心的负载,无论组规模多大,密钥生成中心的通信、计算开销均为不变的常量;密钥更新只需在很小的范围内对系统参数进行重新配置;在不需信任密钥原料传送节点的情况下进行密钥原料的安全传送。
在设计具有认证功能的密钥建立协议过程中,利用易记忆的口令实现通信用户的相互认证是一种理想的方法。用户可利用共享的低熵口令协商出一个高熵的会话密钥,再用该会话密钥实现加解密和认证等安全操作。但低熵的特点导致基于口令认证的协议容易遭受敌手的词典攻击。设计了一种基于口令认证的两方密钥协商TPAKA协议,该协议采用计算复杂度低的口令技术实现认证功能,避开了棘手的公钥基础设施PKI。采用形式化的BR安全模型,在CGDH假定和随机预言模型下,证明了设计的协议能抵抗敌手的在线和离线词典攻击。
提出的基于口令的两方密钥协商协议对C/S体系结构非常实用,但并不适合大规模的C2C通信环境。提出了一种适合大规模的C2C通信环境的隐式密钥认证的TTP-TPAKE协议,协议中的每个通信实体和可信中心共享一个可记忆的口令,然后在该可信第三方的帮助下,每对通信实体生成他们的会话密钥。该协议只需四轮通信,且不需棘手的公钥基础设施作为支撑,具有较高的计算和通信效率。然后再将提出的协议扩充到显式密钥认证的情形,实现生成会话密钥的同时进行通信双方的相互认证。在随机预言模型和理想密文系统下,形式化地证明了提出的TTP-TPAKE协议具备AKE安全和MA安全。
随着信息化进程的不断推进,数据资源管理越来越受到企业的重视,但经常会碰到以下几个问题:文件安全缺乏保障,存在被窃取或者丢失的隐患;海量文件的存储,给服务器造成负担,导致效率低下;文件存取操作麻烦、管理举步维艰等。在此背景下,开发了一款基于云计算的网络虚拟磁盘系统。该系统充分运用前面提出的密钥建立技术,结合身份认证、SHA-2散列函数、AES透明加解密、文件指纹、云平台管理、容灾备份和基于权限控制的共享审批等关键技术,集成了本地虚拟磁盘数据加密、数据远程备份及共享审批等多种功能,保障了用户的数据安全。并对开发的基于云计算的网络虚拟磁盘系统的功能和安全性进行全面测试。
In all kinds of network applications, the realization of communication of confidentiality, data integrity and the authentication sex in suspect and open network is the most popular concern. The fundamental guarantee of the realization the three security service is the safety of the secret key, because of the openness of modern password system and agreement. We hope to establish safe channel communications subject which should be able to run safe agreement. The safe agreement, which called secret key management agreement, can generate the secret key. Many scholars initiated a great deal of research work and have made great achievements in secret key management, but there are still Problems that need to be resolved, and we should do further research. This Report focuses on secret key management technology and its application in the network-based virtual disk. Paper main research works are as follows:
In dynamic and large-scale groups, the overhead of key generating and key updating is usually relevant to the group size, which becomes a performance bottleneck in achieving scalability. Therefore, scalable group key management protocol, which is independent from group size, is the basis for wide applications of group communication. The paper proposes a novel key management protocol, which designates un-trusted routers of Internet as transmitting nodes to organize a hierarchical key material transmitting tree for transmitting information that can generate Session Encryption Key (SEK). Members of group that are partitioned into subgroups attach to different transmitting nodes, and compute SEK using received key material and own secret parameter. The load of key management can be shared by the transmitting nodes which can not reveal the content of group communications, and the overhead for key management of each transmitting node is independent of the group size. In addition, the new protocol conduces to constant computation and communication overhead during key updating.
Group key agreement protocols provide efficient security mechanisms for distributed applications which are spread across multiple computing resources. Existing protocols are limited by the use of Public Key Infrastructures (PKI), which needs more computation overhead or by their scalability, requiring more communication rounds linear in the number of group members. In order to overcome these shortcomings, this paper proposes a two-party passwore-based authenticated key agreement (TPAKA) protocol which against dictionary attacks. The proposed protocol achieves authentication using password-based encryption, and is provably secure under the Computational Gap Diffie-Hellman (CGDH) assumption. By analysis and comparison, the protocol achieves efficiency in terms of both computation complexity and communication overhead.
TPAKA protocol is quite practical for client-server architecture. However, it is not suitable for large-scale client-to-client communication environments. TPAKA protocol requires each pair of communicating entities to share a password, which is very inconvenient in key management for large-scale client-to-client communication environments. To avoid this inconvenience, a TTP-based two-party authenticated key exchange (TTP-TPAKE) protocol is proposed. This protocol can be completed in five steps and three rounds, and communicating entities can authenticate each other and establish a session key through a trusted third-party. A formal proof was presented to demonstrate the AKE security and the MA security of the proposed TTP-TPAKE protocol in the ideal cipher model and random oracle model.
Along with the development of the process of information, data resource management gets more and more attention of the enterprise. But it often meets the following questions:firstly, as the lack of safety security, file would be stolen or lost. Secondly, mass file storage, which burden the server, lead to low efficiency. Finally, it is not easy to operate and manage file access. So we developed the network virtual disk system based on cloud computing, the system used the Key agreement technology, combined identity authentication, SHA-2 hash function, AES Transparent encryption, file fingerprint, cloud platform management, disaster tolerance with the sharing the examination and approval, which based on authority control. The system has a variety of functions, such as local virtual disk data encryption, Data remote backup and sharing the examination, and guarantees the security of user data. It comprehensively tested the function and safety, which designed based on cloud computing network virtual disk.
利用因特网上指定的路由器充当密钥原料传送节点,构造一棵密钥原料传送树,提出了一种新颖的基于密钥原料传送树的密钥建立协议。该协议将组成员划分为子组分别依附在密钥原料传送节点上。密钥生成中心利用密钥原料传送树传送生成会话加密密钥的相关信息,而会话密钥最终只能由合法成员计算得出,而密钥原料传送节点和非法成员不能计算出会话密钥。提出的密钥建立方案具有:良好的可扩展性,适用英特网高动态、大规模的通信组;更新会话密钥时,密钥原料传送节点分担了密钥生成中心的负载,无论组规模多大,密钥生成中心的通信、计算开销均为不变的常量;密钥更新只需在很小的范围内对系统参数进行重新配置;在不需信任密钥原料传送节点的情况下进行密钥原料的安全传送。
在设计具有认证功能的密钥建立协议过程中,利用易记忆的口令实现通信用户的相互认证是一种理想的方法。用户可利用共享的低熵口令协商出一个高熵的会话密钥,再用该会话密钥实现加解密和认证等安全操作。但低熵的特点导致基于口令认证的协议容易遭受敌手的词典攻击。设计了一种基于口令认证的两方密钥协商TPAKA协议,该协议采用计算复杂度低的口令技术实现认证功能,避开了棘手的公钥基础设施PKI。采用形式化的BR安全模型,在CGDH假定和随机预言模型下,证明了设计的协议能抵抗敌手的在线和离线词典攻击。
提出的基于口令的两方密钥协商协议对C/S体系结构非常实用,但并不适合大规模的C2C通信环境。提出了一种适合大规模的C2C通信环境的隐式密钥认证的TTP-TPAKE协议,协议中的每个通信实体和可信中心共享一个可记忆的口令,然后在该可信第三方的帮助下,每对通信实体生成他们的会话密钥。该协议只需四轮通信,且不需棘手的公钥基础设施作为支撑,具有较高的计算和通信效率。然后再将提出的协议扩充到显式密钥认证的情形,实现生成会话密钥的同时进行通信双方的相互认证。在随机预言模型和理想密文系统下,形式化地证明了提出的TTP-TPAKE协议具备AKE安全和MA安全。
随着信息化进程的不断推进,数据资源管理越来越受到企业的重视,但经常会碰到以下几个问题:文件安全缺乏保障,存在被窃取或者丢失的隐患;海量文件的存储,给服务器造成负担,导致效率低下;文件存取操作麻烦、管理举步维艰等。在此背景下,开发了一款基于云计算的网络虚拟磁盘系统。该系统充分运用前面提出的密钥建立技术,结合身份认证、SHA-2散列函数、AES透明加解密、文件指纹、云平台管理、容灾备份和基于权限控制的共享审批等关键技术,集成了本地虚拟磁盘数据加密、数据远程备份及共享审批等多种功能,保障了用户的数据安全。并对开发的基于云计算的网络虚拟磁盘系统的功能和安全性进行全面测试。
In all kinds of network applications, the realization of communication of confidentiality, data integrity and the authentication sex in suspect and open network is the most popular concern. The fundamental guarantee of the realization the three security service is the safety of the secret key, because of the openness of modern password system and agreement. We hope to establish safe channel communications subject which should be able to run safe agreement. The safe agreement, which called secret key management agreement, can generate the secret key. Many scholars initiated a great deal of research work and have made great achievements in secret key management, but there are still Problems that need to be resolved, and we should do further research. This Report focuses on secret key management technology and its application in the network-based virtual disk. Paper main research works are as follows:
In dynamic and large-scale groups, the overhead of key generating and key updating is usually relevant to the group size, which becomes a performance bottleneck in achieving scalability. Therefore, scalable group key management protocol, which is independent from group size, is the basis for wide applications of group communication. The paper proposes a novel key management protocol, which designates un-trusted routers of Internet as transmitting nodes to organize a hierarchical key material transmitting tree for transmitting information that can generate Session Encryption Key (SEK). Members of group that are partitioned into subgroups attach to different transmitting nodes, and compute SEK using received key material and own secret parameter. The load of key management can be shared by the transmitting nodes which can not reveal the content of group communications, and the overhead for key management of each transmitting node is independent of the group size. In addition, the new protocol conduces to constant computation and communication overhead during key updating.
Group key agreement protocols provide efficient security mechanisms for distributed applications which are spread across multiple computing resources. Existing protocols are limited by the use of Public Key Infrastructures (PKI), which needs more computation overhead or by their scalability, requiring more communication rounds linear in the number of group members. In order to overcome these shortcomings, this paper proposes a two-party passwore-based authenticated key agreement (TPAKA) protocol which against dictionary attacks. The proposed protocol achieves authentication using password-based encryption, and is provably secure under the Computational Gap Diffie-Hellman (CGDH) assumption. By analysis and comparison, the protocol achieves efficiency in terms of both computation complexity and communication overhead.
TPAKA protocol is quite practical for client-server architecture. However, it is not suitable for large-scale client-to-client communication environments. TPAKA protocol requires each pair of communicating entities to share a password, which is very inconvenient in key management for large-scale client-to-client communication environments. To avoid this inconvenience, a TTP-based two-party authenticated key exchange (TTP-TPAKE) protocol is proposed. This protocol can be completed in five steps and three rounds, and communicating entities can authenticate each other and establish a session key through a trusted third-party. A formal proof was presented to demonstrate the AKE security and the MA security of the proposed TTP-TPAKE protocol in the ideal cipher model and random oracle model.
Along with the development of the process of information, data resource management gets more and more attention of the enterprise. But it often meets the following questions:firstly, as the lack of safety security, file would be stolen or lost. Secondly, mass file storage, which burden the server, lead to low efficiency. Finally, it is not easy to operate and manage file access. So we developed the network virtual disk system based on cloud computing, the system used the Key agreement technology, combined identity authentication, SHA-2 hash function, AES Transparent encryption, file fingerprint, cloud platform management, disaster tolerance with the sharing the examination and approval, which based on authority control. The system has a variety of functions, such as local virtual disk data encryption, Data remote backup and sharing the examination, and guarantees the security of user data. It comprehensively tested the function and safety, which designed based on cloud computing network virtual disk.
引文
[1]Katz J, Yung M. Scalable protocols for authenticated group key exchange. In proceeding of Crypto'03, LNCS 2729, Springer-Verlag, Berlin,2003,110-125
[2]Yooni E J. A new elliptic sure Diffie-Hellman two-party key agreement protocol. Proc. of Service System and Service Management’10, IEEE society,2010,1-4
[3]Boyd C, Mathuria A. Protocols for authentication and key establishment. Springer-Verlag, Berlin,2003:173-199
[4]Holbl M, Welzer T, and Brumen B. Two proposed identity-based three-party authenticated key agreement protocols for pairings. Computers and Security.2010, 29(2):244-252
[5]Zeng Y M. An efficient two-party identity-based key exchange protocol. Informatica,2007,18(1):125-136
[6]Clark J, Jacob J. A survey of authentication protocol literature:version 1.0. November 2003. Available at http://www.cs.york.ac.uk/jac/papers/drareview. ps.gz
[7]Dolev D, Yan A C. On the security of public-key protocols. IEEE Transaction on Information Theory,1983,2(29):198-208
[8]Minghui Z, Guohua C, Jun L. Scalable group key management protocol based on key material transmitting tree. ISPEC'07, LNCS 4464, Springer-Verlag, Berlin, 2007,301-313
[9]Wang Y. Efficient identity-based and authenticated key agreement protocol. Cryptology ePrint Archive Report2005/108,2005
[10]Sandro R, David H. A survey of key management for secure group communication. ACM Computing Surveys,2005,35(3):309-329
[11]Challal Y, Seba H. Group key management protocols:a novel taxonomy. International Journal of Information Technology,2005,2(2):105-118
[12]Wang S, Tsai Y, Shen C, and Chen P. Hierarchical key derivation scheme for group-oriented communication systems. International Journal of Information Technology, Communications and Convergence,2010,1(1):66-76
[13]Chu H H, Qiao L, and Nahratedt K. A secure multicast protocol with copyright protection. ACM SIGCOMM Computer Communications Review,2002,32(2): 42-60
[14]Wong K, Gouda M, Lam S. Secure group communications using key graphs. IEEE/ACM Transactions on Networking,2000,8(1):16-30
[15]Wallner D, Harder J, and Agee R C. Key management for multicast:issues and architecture. RFC 2627, June 1999
[16]Balenson D, McGrew D, and Sherman A. Key management for large dynamic groups:one-way function trees and amortized initialization, draft-balenson-groupkeymgmt-oft-00.txt, February 1999
[17]朱文涛,熊继平,李津生,洪佩琳.安全组播中密钥分配问题的研究.软件学报,2003,14(12):2053-2059
[18]李先贤,怀进鹏,刘旭东.群密钥分配的动态安全性及其方案.计算机学报,2002,25(4):337-345
[19]Xie B, Anup K, Zhao D, Ranga R, and He B. On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence,2010,1(1):4-23
[20]Mohsen I, Mahdi T, Naderi M. Security enhanced routing protocol for ad hoc networks. Journal of Convergence,2010,1(1):43-48
[21]Yang W, Fan K W, and Shieh S P. A secure multicast protocol for the Internet's multicast backbone. ACM/PH International Journal Network Management,2001, 11(2):129-136
[22]Minghui Zheng, Guohua Cui, Muxiang Yang, Jun Li. Scalable group key management protocol based on key material transmitting tree. Proceeding of ISPEC'07, LNCS 4464, Springer-Verlag, Berlin.2007,301-313
[23]Zheng M H, Zhu J H, Cui G H. A hybrid group key management scheme for two-layered ad hoc networks. In proceedings of ICIT'06, IEEE Computer Society Press,2006,83-84
[24]Diffie W, Hellman M E. New directions in cryptography. IEEE Transaction on Information Theory,1976,22(6):644-654
[25]Matsumoto T, Takashima Y, and Imai H. On seeking smart public key distribution system. Transaction of the IEICE,1986, E69:99-106
[26]Wang R, Juang W, Lei C. Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications,2011, 34(3):274-2808
[27]Joux A. A one round protocol for tripartite Diffie-Hellman. In proceedings of ANTS’00, LNCS 1838, Springer-Verlag, Berlin,2000,385-394
[28]Chang T Y, Hwang M S, Yang W P. A communication-efficient three-party password authenticated key exchange protocol. Information Sciences,2011,181(1): 217-226
[29]Hess F. Efficient identity based signature schemes based on pairings. In proceedings of SAC'02, LNCS 2595, Springer-Verlag, Berlin,2002,310-324
[30]Zhao X, Xu Q, Wei D. Security Analysis Approaches for Group Key Agreement Protocols. Computer Science.2011,38(6):145-146
[31]Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution extended to group communication. In proceeding of CCS'96, ACM Press,1996,31-37
[32]Ateniese G, Steiner M, and Tsudik G New Multi-party authenticated services and key agreement protocols. Journal of Selected Areas in Communications,2000, 18(4):1-13
[33]Steiner M, Tsudik G, Waidner M. Cliques:a new approach to group key agreement. In proceedings of Conference on Distribution Computing Systems, IEEE Press, 1998,280-286
[34]Pereira O, Quisquater J. A security analysis of the Cliques protocol suite. In proceedings of CSFM'01, IEEE Computer Society Press,2003,73-81
[35]Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman key exchange under standard assumptions. In proceedings of EUROCRYPT'02, LNCS 2332, Springer-Verlag, Berlin,2002,321-336
[36]Bresson E, Chevassut O, Pointcheval D. Probably authenticated group Diffie-Hellman key exchange-the dynamic case. In proceedings of ASIA-CRYPT’05, LNCS 2248, Springer-Verlag, Berlin,2005,290-309
[37]Nalla Y, Reddy G Tree based group key agreement. ACM Transactions on Information and System Security.2004,7(1):60-96
[38]Barua R, Dutta R, Sarkar P. Extending Joux protocol to multi-party key agreement. In proceedings of INDOCRYPT'03, LNCS 2904, Springer-Verlag, Berlin,2003, 205-217
[39]Barua R, Dutta R, Sarkar P. Provably secure authenticated tree based group key agreement. In proceedings of ICICS'04, LNCS 3269, Springer-Verlag, Berlin,2004, 92-104
[40]Dutta R, Barua R. Dynamic Group Key Agreement in Tree-Based Setting. In proceedings of Information Security and Privacy, LNCS 3574, Springer-Verlag, Berlin,2005,101-112
[41]Zhang F, Wang W, Hu N. Identity-based key agreement protocols in wireless sensor networks. Energy Procedia,2011,13:5676-5680
[42]Burmester M, Desmedt Y. A secure and efficient conference key distribution system. In proceedings of Eurocrypt'94, LNCS 950, Springer-Verlag, Berlin,1994,275-286
[43]Burmester M, Desmedt Y. A secure and scalable group key exchange system. Information Processing Letters,2005,94(3):137-143
[44]郑明辉,崔国华,祝建华.一种抗阻断攻击的多方密钥协商协议.电子学报,2008,36(7):1368-1372
[45]Xie M, Wang L. One-round identity-based key exchange with perfect forward security. Information Processing Letters,2012,112(14-15):587-591
[46]Bresson E, Catalano D. Constant round authenticated group key agreement via distributed computing. In proceeding of PKC'05, LNCS 2947, Springer-Verlag, Berlin,2005,115-129
[47]Bresson E, Chevassut O, Essiari A. et al. Mutual authentication and group key agreement for Low-power mobile devices. Computer Communication,2005,27(17): 1730-1737
[48]Lee S, Hwang J Y, and Lee D H. Efficient password-based group key exchange. In proceeding of TrustBus'04, LNCS 3184, Springer-Verlag, Berlin,2004,191-199
[49]Abdalla M, Bresson E, Chevassut O, and Pointcheval D. Password-based Group Key Exchange in a Constant Number of Rounds. In proceeding of PKC'06, LNCS 3958. Springer- Verlag, Berlin,2006,427-442
[50]Minghui Zheng, Huihua Zhou, Jun Li, Guohua Cui. Efficient and Provably Secure Password-based Group Key Agreement Protocol. Computer standards and Interfaces.2009,31(5):948-953
[51]Wang M H, Pan J, Wang J. Password-based group authenticated key exchange protocol:from 3-party to group. Proceedings of NCIS'11, IEEE Computer Society, 2011,239-241
[52]Wen-Min Li, Qiao-Yan Wen. Efficient verifier-based password-authentication key exchange protocol via elliptic curves. CSSE (3) 2008:1003-1006
[53]郑明辉,周慧华,崔国华,韩兰胜.一种故障容忍的可证安全组密钥协商协议,电子学报,2009,37(11):2396-2402
[54]Qianhong Wu, Yi Mu, Willy Susilo, Bo Qin and Jospe Domingo-Ferrer. Asymmetric group key agreement. In Proc. of Eurocrypt 2009, LNCS 5479, Springer-Verlag,2009,153-170
[55]冯登国.可证明安全性理论与方法研究.软件学报,2007,16(10):1743-1756
[56]卿斯汉.安全协议的设计与逻辑分析.软件学报,2003,14(7):1300-1309
[57]Dolev D, Yao A C. On the security of public-key protocols. IEEE Transaction on Information Theory,1983,2(29):198-208
[58]Cervesato I, Durgin N, Lincoln P D. et al. A Meta-Notation for Protocol Analysis. In 12th IEEE Computer Security Foundations Workshop-CSFW'99,1999:55-71
[59]Burrows M, Abadi M, and Needham R. A Logic of Authentication.Acm Transactions on Computer Systems,1990.8(1):18-36
[60]Burrows M, Abadi M and Needham R M. A Logic of Authentication. Proceedings of the Royal Society of London Series a-Mathematical Physical and Engineering Sciences,1989,426(1871):233-271
[61]Kailar R. Accountability in electronic commerce protocols. IEEE Transactions on Software Engineering,1996,22(5):313-328
[62]Gong L, Needham R and Yahalom R. Reasoning about belief in cryptographic protocols. In IEEE Computer Society Symposium in Security and Privacy,1990,5: 234-248
[63]Abadi M, and Tuttle R. A semantics for a logic of authentication. In the 10th ACM Symposium on Principles of Distributed Computing.1991:ACM Press
[64]Oorschot P. Extending cryptographic logics of belief to key agreement protocols, In the 1st ACM conference on Computer and communications security.1993
[65]Syverson P F, and Oorschot P C. On unifying some cryptographic protocol logics. In IEEE Computer Society Symposium on Research in Security and Privacy,1994: 14-28
[66]Deng F, Li Y. Provable secure authenticated key exchange protocol under standard model. Computer Engineering and Applications,2011,47(13):106-109
[67]SMV Manual http://www-2.cs.cmu.edu/-modelcheck/smv/smvmanual.ps
[68]Paulson L C. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security,1998,6(1):85-128
[69]Fabrega F T, Herzog J C and Guttman J D. Strand spaces:why is a security protocol correct. In IEEE Symposium on Security and Privacy,1998:160-171
[70]Minghui Zheng. Game Theory Used for Reliable Routing Modeling in Wireless Sensor Networks. The 11th International Conference on Parallel and Distributed Computing, Applications and Technologies, IEEE Computer Society, China,2010, 280-284
[71]Bellare M, Rogaway P. Entity authentication and key distribution. In proceedings of Cryptology-Crypto'93, LNCS 773, Springer-Verlag, Berlin,1994,232-249
[72]Bellare M, Rogaway P. Provably secure session key distribution:the three-party case. In proceedings of 27th ACM Symposium on the Theory of Computing,1995, 57-66
[73]Bellare M, Pointcheval D, and Rogaway P. Authenticated key exchange secure against dictionary attacks. In proceedings of Cryptology-Eruocrypt'00, LNCS 1807, Springer-Verlag, Berlin,2000,139-155
[74]Bresson E, Chevassut O, and Pointcheval D. Group Diffie-Hellman key exchange secure against dictionary attacks. In proceedings of Asiacrypt'02, LNCS 2501, Springer-Verlag, Berlin,2002,497-514
[75]Diffie W, Hellman M E. New directions in cryptography. IEEE Transaction on Information Theory,1976,22(6):644-654
[76]Abdalla M, Fouque P A, Pointcheval D. Password-based authenticated key exchange in the three-party setting. In proceedings of PKC’05, LNCS 3386, Springer-Verlag, Berlin,2005,65-84
[77]Canetti R, and Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology-Eurocrypt 2001,453-474
[78]Canetti R, and Krawczyk H. Universally compassable notions of key exchange and secure channels. Advances in Cryptology-Eurocrypt'02, Proceedings, 2002:337-351
[79]Mao W B著,王继林,伍前红等译.现代密码理论与实践/(英).北京:电子工业出版社,2004
[80]Abdalla M, Chevassut O, and Pointcheval D. One-time verifier-based encrypted key exchange. In proceedings of PKC'05, LNCS 3386, Springer-Verlag, Berlin,2005, 47-64
[81]Quinn B, Almeroth K. IP multicast applications:Challenges and solutions. IEFT RFC3170,2002
[82]Cain B, Deering S, Kouvelas I, Thyagarajan A. Internet group management protocol, version 3. IEFT RFC3376,2002
[83]Harney H, and Muckenhirn C. Group Key Management Protocol (GKMP) Architecture, July 1997. RFC 2093
[84]Huang J, Yeh L, Chien H. ABAKA:An anonymous batch authenticated and key agreement scheme for value-a Added services in vehicular ad hoc networks. IEEE Transactions on Vehicular Technology,2011,60(1):248-262
[85]Truong T, Tran M, Duong A. Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. Proceedings of WAINA'12,2012,698-703
[86]Yang J H. An efficient mutual authentication with key agreement protocol for mobile devices. Proceedings of intelligent information hiding and multimedia signal processing, IEEE Computer Society,2011,145-148
[87]Mohsen Imani, Mahdi Taheri, M. Naderi, Security enhanced routing protocol for ad hoc networks. Journal of Convergence,2000,1(1):43-48
[88]Lee H. Analysis of business attributes in information technology environments. Journal of information Processing Systems,2011,7(2):385-396
[89]Xie B, Anup Kumar, Zhao D, Ranga R, and He B. On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence,2005,1(1):4-23
[90]Andreeva E. Mennink, B. and Preneel, B., Security properties of domain extenders for cryptographic hash functions. Journal of Information Processing Systems,2010, 6(4):453-480
[91]He D, Chen J, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion,2012,13(3):223-230
[92]Boneh D, Franklin M. Identity-Based Encryption from the Weil Pairing. In Crypto'01, LNCS, Springer-Verlag.2001,2139,231-229
[93]Huihua Z, Tianjiang W, Minghui Z. Provably secure two-party password-based key agreement protocol. Proc. of HumanCom & EMC 11, LNEE, Springer-Verlin, Berlin,2011,102:213-223
[94]Effekhari, Mohammad. A Diffie-Hellman key exchange protocol using matrices over noncommutative rings. Groups Complexity Cryptology,2012,4(1):167-176
[95]Kwak D J, Moon S J. Efficient distributed signcryption scheme as group signcryption. In proceedings of ACNS'03, LNCS 2846, Springer-Verlag, Berlin, 2003,403-418
[96]郑明辉.可证安全的组密钥协商协议研究.华中科技大学博士学位论文,2008
[97]Boneh D, Franklin M. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology-CRYPTO 2001, Springer-Verlag, Berlin,2001:213-229
[98]Shannon C E. Communications theory of secrecy systems. Bell Systems Technical Journal,1949,28(4):656-715
[99]Kwak D J, Moon S J. Efficient distributed signcryption scheme as group signcryption. In proceedings of ACNS’03, LNCS 2846, Springer-Verlag, Berlin, 2003,403-418
[100]Bellare M, Rogaway P. Provably secure session key distribution:the three-party case. In proceedings of 27th ACM Symposium on the Theory of Computing,1995, 57-66
[101]Bellare M, Pointcheval D, and Rogaway P. Authenticated key exchange secure against dictionary attacks, In proceedings of Cryptology-Eruocrypt'OO, LNCS 1807, Springer-Verlag, Berlin,2000,139-155
[102]Byun J W, Lee D H, and Lim J I. EC2C-PAKA:An efficient client-to-client password-authenticated key agreement. Information Sciences,2007,177(19): 3995-4013
[103]C. L. Lin, H. M. Sun, and T. Hwang. Three-party encrypted key exchange:Attacks and a solution. ACM Operating Systems Review,2005,34(4); 12-20
[104]M. Steiner, G. Tsudik, and M. Waidner. Refinement and extension of encrypted key exchange. ACM Operating Systems Review,2000,29(3); 22-30
[105]T. Wang, W. Chen. Three-party strong password authenticated key exchange protocols. International Journal of Advancements in Computing Technology,2011, 3(11):39-46
[106]沈昌祥,张焕国,冯登国等.信息安全综述.中国科学E辑:信息科学,2007,37(2):1-22
[107](美)怀特著,曾大聃,周傲英译.Hadoop权威指南(中文版).北京:科学出版社,2010
[108]施海昕.基于内核模式驱动的文件系统监控.电子科技大学,2006
[109](美)Jeffrey Richter,(法)Christophe Nasarre. Windows核心编程(第5版)[M].北京:清华大学出版社,2009
[2]Yooni E J. A new elliptic sure Diffie-Hellman two-party key agreement protocol. Proc. of Service System and Service Management’10, IEEE society,2010,1-4
[3]Boyd C, Mathuria A. Protocols for authentication and key establishment. Springer-Verlag, Berlin,2003:173-199
[4]Holbl M, Welzer T, and Brumen B. Two proposed identity-based three-party authenticated key agreement protocols for pairings. Computers and Security.2010, 29(2):244-252
[5]Zeng Y M. An efficient two-party identity-based key exchange protocol. Informatica,2007,18(1):125-136
[6]Clark J, Jacob J. A survey of authentication protocol literature:version 1.0. November 2003. Available at http://www.cs.york.ac.uk/jac/papers/drareview. ps.gz
[7]Dolev D, Yan A C. On the security of public-key protocols. IEEE Transaction on Information Theory,1983,2(29):198-208
[8]Minghui Z, Guohua C, Jun L. Scalable group key management protocol based on key material transmitting tree. ISPEC'07, LNCS 4464, Springer-Verlag, Berlin, 2007,301-313
[9]Wang Y. Efficient identity-based and authenticated key agreement protocol. Cryptology ePrint Archive Report2005/108,2005
[10]Sandro R, David H. A survey of key management for secure group communication. ACM Computing Surveys,2005,35(3):309-329
[11]Challal Y, Seba H. Group key management protocols:a novel taxonomy. International Journal of Information Technology,2005,2(2):105-118
[12]Wang S, Tsai Y, Shen C, and Chen P. Hierarchical key derivation scheme for group-oriented communication systems. International Journal of Information Technology, Communications and Convergence,2010,1(1):66-76
[13]Chu H H, Qiao L, and Nahratedt K. A secure multicast protocol with copyright protection. ACM SIGCOMM Computer Communications Review,2002,32(2): 42-60
[14]Wong K, Gouda M, Lam S. Secure group communications using key graphs. IEEE/ACM Transactions on Networking,2000,8(1):16-30
[15]Wallner D, Harder J, and Agee R C. Key management for multicast:issues and architecture. RFC 2627, June 1999
[16]Balenson D, McGrew D, and Sherman A. Key management for large dynamic groups:one-way function trees and amortized initialization, draft-balenson-groupkeymgmt-oft-00.txt, February 1999
[17]朱文涛,熊继平,李津生,洪佩琳.安全组播中密钥分配问题的研究.软件学报,2003,14(12):2053-2059
[18]李先贤,怀进鹏,刘旭东.群密钥分配的动态安全性及其方案.计算机学报,2002,25(4):337-345
[19]Xie B, Anup K, Zhao D, Ranga R, and He B. On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence,2010,1(1):4-23
[20]Mohsen I, Mahdi T, Naderi M. Security enhanced routing protocol for ad hoc networks. Journal of Convergence,2010,1(1):43-48
[21]Yang W, Fan K W, and Shieh S P. A secure multicast protocol for the Internet's multicast backbone. ACM/PH International Journal Network Management,2001, 11(2):129-136
[22]Minghui Zheng, Guohua Cui, Muxiang Yang, Jun Li. Scalable group key management protocol based on key material transmitting tree. Proceeding of ISPEC'07, LNCS 4464, Springer-Verlag, Berlin.2007,301-313
[23]Zheng M H, Zhu J H, Cui G H. A hybrid group key management scheme for two-layered ad hoc networks. In proceedings of ICIT'06, IEEE Computer Society Press,2006,83-84
[24]Diffie W, Hellman M E. New directions in cryptography. IEEE Transaction on Information Theory,1976,22(6):644-654
[25]Matsumoto T, Takashima Y, and Imai H. On seeking smart public key distribution system. Transaction of the IEICE,1986, E69:99-106
[26]Wang R, Juang W, Lei C. Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications,2011, 34(3):274-2808
[27]Joux A. A one round protocol for tripartite Diffie-Hellman. In proceedings of ANTS’00, LNCS 1838, Springer-Verlag, Berlin,2000,385-394
[28]Chang T Y, Hwang M S, Yang W P. A communication-efficient three-party password authenticated key exchange protocol. Information Sciences,2011,181(1): 217-226
[29]Hess F. Efficient identity based signature schemes based on pairings. In proceedings of SAC'02, LNCS 2595, Springer-Verlag, Berlin,2002,310-324
[30]Zhao X, Xu Q, Wei D. Security Analysis Approaches for Group Key Agreement Protocols. Computer Science.2011,38(6):145-146
[31]Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution extended to group communication. In proceeding of CCS'96, ACM Press,1996,31-37
[32]Ateniese G, Steiner M, and Tsudik G New Multi-party authenticated services and key agreement protocols. Journal of Selected Areas in Communications,2000, 18(4):1-13
[33]Steiner M, Tsudik G, Waidner M. Cliques:a new approach to group key agreement. In proceedings of Conference on Distribution Computing Systems, IEEE Press, 1998,280-286
[34]Pereira O, Quisquater J. A security analysis of the Cliques protocol suite. In proceedings of CSFM'01, IEEE Computer Society Press,2003,73-81
[35]Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman key exchange under standard assumptions. In proceedings of EUROCRYPT'02, LNCS 2332, Springer-Verlag, Berlin,2002,321-336
[36]Bresson E, Chevassut O, Pointcheval D. Probably authenticated group Diffie-Hellman key exchange-the dynamic case. In proceedings of ASIA-CRYPT’05, LNCS 2248, Springer-Verlag, Berlin,2005,290-309
[37]Nalla Y, Reddy G Tree based group key agreement. ACM Transactions on Information and System Security.2004,7(1):60-96
[38]Barua R, Dutta R, Sarkar P. Extending Joux protocol to multi-party key agreement. In proceedings of INDOCRYPT'03, LNCS 2904, Springer-Verlag, Berlin,2003, 205-217
[39]Barua R, Dutta R, Sarkar P. Provably secure authenticated tree based group key agreement. In proceedings of ICICS'04, LNCS 3269, Springer-Verlag, Berlin,2004, 92-104
[40]Dutta R, Barua R. Dynamic Group Key Agreement in Tree-Based Setting. In proceedings of Information Security and Privacy, LNCS 3574, Springer-Verlag, Berlin,2005,101-112
[41]Zhang F, Wang W, Hu N. Identity-based key agreement protocols in wireless sensor networks. Energy Procedia,2011,13:5676-5680
[42]Burmester M, Desmedt Y. A secure and efficient conference key distribution system. In proceedings of Eurocrypt'94, LNCS 950, Springer-Verlag, Berlin,1994,275-286
[43]Burmester M, Desmedt Y. A secure and scalable group key exchange system. Information Processing Letters,2005,94(3):137-143
[44]郑明辉,崔国华,祝建华.一种抗阻断攻击的多方密钥协商协议.电子学报,2008,36(7):1368-1372
[45]Xie M, Wang L. One-round identity-based key exchange with perfect forward security. Information Processing Letters,2012,112(14-15):587-591
[46]Bresson E, Catalano D. Constant round authenticated group key agreement via distributed computing. In proceeding of PKC'05, LNCS 2947, Springer-Verlag, Berlin,2005,115-129
[47]Bresson E, Chevassut O, Essiari A. et al. Mutual authentication and group key agreement for Low-power mobile devices. Computer Communication,2005,27(17): 1730-1737
[48]Lee S, Hwang J Y, and Lee D H. Efficient password-based group key exchange. In proceeding of TrustBus'04, LNCS 3184, Springer-Verlag, Berlin,2004,191-199
[49]Abdalla M, Bresson E, Chevassut O, and Pointcheval D. Password-based Group Key Exchange in a Constant Number of Rounds. In proceeding of PKC'06, LNCS 3958. Springer- Verlag, Berlin,2006,427-442
[50]Minghui Zheng, Huihua Zhou, Jun Li, Guohua Cui. Efficient and Provably Secure Password-based Group Key Agreement Protocol. Computer standards and Interfaces.2009,31(5):948-953
[51]Wang M H, Pan J, Wang J. Password-based group authenticated key exchange protocol:from 3-party to group. Proceedings of NCIS'11, IEEE Computer Society, 2011,239-241
[52]Wen-Min Li, Qiao-Yan Wen. Efficient verifier-based password-authentication key exchange protocol via elliptic curves. CSSE (3) 2008:1003-1006
[53]郑明辉,周慧华,崔国华,韩兰胜.一种故障容忍的可证安全组密钥协商协议,电子学报,2009,37(11):2396-2402
[54]Qianhong Wu, Yi Mu, Willy Susilo, Bo Qin and Jospe Domingo-Ferrer. Asymmetric group key agreement. In Proc. of Eurocrypt 2009, LNCS 5479, Springer-Verlag,2009,153-170
[55]冯登国.可证明安全性理论与方法研究.软件学报,2007,16(10):1743-1756
[56]卿斯汉.安全协议的设计与逻辑分析.软件学报,2003,14(7):1300-1309
[57]Dolev D, Yao A C. On the security of public-key protocols. IEEE Transaction on Information Theory,1983,2(29):198-208
[58]Cervesato I, Durgin N, Lincoln P D. et al. A Meta-Notation for Protocol Analysis. In 12th IEEE Computer Security Foundations Workshop-CSFW'99,1999:55-71
[59]Burrows M, Abadi M, and Needham R. A Logic of Authentication.Acm Transactions on Computer Systems,1990.8(1):18-36
[60]Burrows M, Abadi M and Needham R M. A Logic of Authentication. Proceedings of the Royal Society of London Series a-Mathematical Physical and Engineering Sciences,1989,426(1871):233-271
[61]Kailar R. Accountability in electronic commerce protocols. IEEE Transactions on Software Engineering,1996,22(5):313-328
[62]Gong L, Needham R and Yahalom R. Reasoning about belief in cryptographic protocols. In IEEE Computer Society Symposium in Security and Privacy,1990,5: 234-248
[63]Abadi M, and Tuttle R. A semantics for a logic of authentication. In the 10th ACM Symposium on Principles of Distributed Computing.1991:ACM Press
[64]Oorschot P. Extending cryptographic logics of belief to key agreement protocols, In the 1st ACM conference on Computer and communications security.1993
[65]Syverson P F, and Oorschot P C. On unifying some cryptographic protocol logics. In IEEE Computer Society Symposium on Research in Security and Privacy,1994: 14-28
[66]Deng F, Li Y. Provable secure authenticated key exchange protocol under standard model. Computer Engineering and Applications,2011,47(13):106-109
[67]SMV Manual http://www-2.cs.cmu.edu/-modelcheck/smv/smvmanual.ps
[68]Paulson L C. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security,1998,6(1):85-128
[69]Fabrega F T, Herzog J C and Guttman J D. Strand spaces:why is a security protocol correct. In IEEE Symposium on Security and Privacy,1998:160-171
[70]Minghui Zheng. Game Theory Used for Reliable Routing Modeling in Wireless Sensor Networks. The 11th International Conference on Parallel and Distributed Computing, Applications and Technologies, IEEE Computer Society, China,2010, 280-284
[71]Bellare M, Rogaway P. Entity authentication and key distribution. In proceedings of Cryptology-Crypto'93, LNCS 773, Springer-Verlag, Berlin,1994,232-249
[72]Bellare M, Rogaway P. Provably secure session key distribution:the three-party case. In proceedings of 27th ACM Symposium on the Theory of Computing,1995, 57-66
[73]Bellare M, Pointcheval D, and Rogaway P. Authenticated key exchange secure against dictionary attacks. In proceedings of Cryptology-Eruocrypt'00, LNCS 1807, Springer-Verlag, Berlin,2000,139-155
[74]Bresson E, Chevassut O, and Pointcheval D. Group Diffie-Hellman key exchange secure against dictionary attacks. In proceedings of Asiacrypt'02, LNCS 2501, Springer-Verlag, Berlin,2002,497-514
[75]Diffie W, Hellman M E. New directions in cryptography. IEEE Transaction on Information Theory,1976,22(6):644-654
[76]Abdalla M, Fouque P A, Pointcheval D. Password-based authenticated key exchange in the three-party setting. In proceedings of PKC’05, LNCS 3386, Springer-Verlag, Berlin,2005,65-84
[77]Canetti R, and Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. Advances in Cryptology-Eurocrypt 2001,453-474
[78]Canetti R, and Krawczyk H. Universally compassable notions of key exchange and secure channels. Advances in Cryptology-Eurocrypt'02, Proceedings, 2002:337-351
[79]Mao W B著,王继林,伍前红等译.现代密码理论与实践/(英).北京:电子工业出版社,2004
[80]Abdalla M, Chevassut O, and Pointcheval D. One-time verifier-based encrypted key exchange. In proceedings of PKC'05, LNCS 3386, Springer-Verlag, Berlin,2005, 47-64
[81]Quinn B, Almeroth K. IP multicast applications:Challenges and solutions. IEFT RFC3170,2002
[82]Cain B, Deering S, Kouvelas I, Thyagarajan A. Internet group management protocol, version 3. IEFT RFC3376,2002
[83]Harney H, and Muckenhirn C. Group Key Management Protocol (GKMP) Architecture, July 1997. RFC 2093
[84]Huang J, Yeh L, Chien H. ABAKA:An anonymous batch authenticated and key agreement scheme for value-a Added services in vehicular ad hoc networks. IEEE Transactions on Vehicular Technology,2011,60(1):248-262
[85]Truong T, Tran M, Duong A. Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. Proceedings of WAINA'12,2012,698-703
[86]Yang J H. An efficient mutual authentication with key agreement protocol for mobile devices. Proceedings of intelligent information hiding and multimedia signal processing, IEEE Computer Society,2011,145-148
[87]Mohsen Imani, Mahdi Taheri, M. Naderi, Security enhanced routing protocol for ad hoc networks. Journal of Convergence,2000,1(1):43-48
[88]Lee H. Analysis of business attributes in information technology environments. Journal of information Processing Systems,2011,7(2):385-396
[89]Xie B, Anup Kumar, Zhao D, Ranga R, and He B. On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence,2005,1(1):4-23
[90]Andreeva E. Mennink, B. and Preneel, B., Security properties of domain extenders for cryptographic hash functions. Journal of Information Processing Systems,2010, 6(4):453-480
[91]He D, Chen J, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion,2012,13(3):223-230
[92]Boneh D, Franklin M. Identity-Based Encryption from the Weil Pairing. In Crypto'01, LNCS, Springer-Verlag.2001,2139,231-229
[93]Huihua Z, Tianjiang W, Minghui Z. Provably secure two-party password-based key agreement protocol. Proc. of HumanCom & EMC 11, LNEE, Springer-Verlin, Berlin,2011,102:213-223
[94]Effekhari, Mohammad. A Diffie-Hellman key exchange protocol using matrices over noncommutative rings. Groups Complexity Cryptology,2012,4(1):167-176
[95]Kwak D J, Moon S J. Efficient distributed signcryption scheme as group signcryption. In proceedings of ACNS'03, LNCS 2846, Springer-Verlag, Berlin, 2003,403-418
[96]郑明辉.可证安全的组密钥协商协议研究.华中科技大学博士学位论文,2008
[97]Boneh D, Franklin M. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology-CRYPTO 2001, Springer-Verlag, Berlin,2001:213-229
[98]Shannon C E. Communications theory of secrecy systems. Bell Systems Technical Journal,1949,28(4):656-715
[99]Kwak D J, Moon S J. Efficient distributed signcryption scheme as group signcryption. In proceedings of ACNS’03, LNCS 2846, Springer-Verlag, Berlin, 2003,403-418
[100]Bellare M, Rogaway P. Provably secure session key distribution:the three-party case. In proceedings of 27th ACM Symposium on the Theory of Computing,1995, 57-66
[101]Bellare M, Pointcheval D, and Rogaway P. Authenticated key exchange secure against dictionary attacks, In proceedings of Cryptology-Eruocrypt'OO, LNCS 1807, Springer-Verlag, Berlin,2000,139-155
[102]Byun J W, Lee D H, and Lim J I. EC2C-PAKA:An efficient client-to-client password-authenticated key agreement. Information Sciences,2007,177(19): 3995-4013
[103]C. L. Lin, H. M. Sun, and T. Hwang. Three-party encrypted key exchange:Attacks and a solution. ACM Operating Systems Review,2005,34(4); 12-20
[104]M. Steiner, G. Tsudik, and M. Waidner. Refinement and extension of encrypted key exchange. ACM Operating Systems Review,2000,29(3); 22-30
[105]T. Wang, W. Chen. Three-party strong password authenticated key exchange protocols. International Journal of Advancements in Computing Technology,2011, 3(11):39-46
[106]沈昌祥,张焕国,冯登国等.信息安全综述.中国科学E辑:信息科学,2007,37(2):1-22
[107](美)怀特著,曾大聃,周傲英译.Hadoop权威指南(中文版).北京:科学出版社,2010
[108]施海昕.基于内核模式驱动的文件系统监控.电子科技大学,2006
[109](美)Jeffrey Richter,(法)Christophe Nasarre. Windows核心编程(第5版)[M].北京:清华大学出版社,2009