若干无线嵌入式系统的安全技术研究
|
摘要
嵌入式系统是促进信息化与工业化融合的核心技术,是信息产业中发展最快、应用最广的技术。系统设计者和生产者开始越来越多地关注嵌入式系统的安全,尤其是无线嵌入式系统的安全问题。
随着反向工程技术的发展,版图重构、总线微探测等手段越来越易于实施,获取底层硬件中传输或处理的数据变得更加容易。如何保护如总线传输过程中、易失性存储器工作过程中、以及其他硬件中的数据,是嵌入式系统乃至整个计算机系统安全中的根本问题。微处理器(MPU)芯片是嵌入式系统运行的核心,由于MPU芯片的集成度日益提高,制造和封装工艺不断改进,而且自身也往往增加了一些防探测和篡改的措施,从而使得对MPU成功实施反向工程的可能性微乎其微,因此,人们通常把MPU作为嵌入式系统的信任源。从微处理器系统结构出发,研究者设计并集成相应的安全方案,解决嵌入式底层硬件的安全问题,从而保证硬件系统的安全性。
在嵌入式安全体系结构的基础上,现实中一些重要和敏感的嵌入式网络应用也要求提供必要的安全支撑。随着无线嵌入式设备的迅猛普及和普适计算概念的推进,无线网络安全已经成为迫切的系统设计需求。无线嵌入式系统的网络安全问题主要关注两个方面:一是网络成员之间的信任建立;二是安全协议本身运行的高效性和安全性。本文中我们选取无线传感器网络和低成本RFID系统作为无线嵌入式系统网络安全的研究对象。无线传感器网络的特点是大规模无线通信,研究重点在于网络节点之间的信任建立;RFID系统具有低成本及极低的计算能力,研究重点在于认证方案的轻量级和安全性。
基于以上考虑,本文将嵌入式系统安全划分为两个层次进行研究,“系统结构安全”和“通信安全”。在“系统结构安全”层次上,我们从通用计算机系统结构和多处理器系统结构两个方面,分析了现有安全系统结构框架和存储器保护技术,归纳了系统安全方案设计需要解决的关键问题,取得了以下研究结果:
第一,针对嵌入式微处理器系统结构的特点,设计了一个安全高效的存储器加密和完整性校验方案。该方案为MPU片内数据在片外运行和存储提供了安全保护,使片外存储器中的数据以不可理解的密文形式存储。同时,该方案采用了GCM工作模式,有效提高了数据加密和验证的速度。在同类方案对系统性能降低均高达25%以上的情况下,仿真实验显示我们的方案仅造成系统性能下降了20%或更低。
第二,针对一类典型的嵌入式多处理器系统——片上多处理器CMP结构——中的安全系统结构,提出了高速计数缓存(counter Cache)一致性优化方案AOW。AOW方案是一个“写—无效”方式的监听协议,在总线监听的共享缓存一致性协议——MESI协议的基础上,为counter增加1bit标记,通过若干总线信息保持多个counter副本在若干处理器核心中的一致。该协议能有效提高此类系统中counter Cache访问命中率,减少因counter缺失而引发的存储器访问次数,从而加快数据进出微处理器时的加解密速度,并显著提高系统性能。仿真实验结果显示,多种多处理器安全方案在部署AOW协议之后,总体性能均能得到提升,最高可达8%。
我们在“通信安全”层次上,重点研究了无线传感器网络的密钥建立协议和低成本RFID系统的双向认证协议,主要研究成果为:
第一,针对无线传感器网络中常见的单向链路大量存在,却未被有效利用于密钥建立过程中的情况,我们提出了基于单向链路的无线传感器网络密钥建立协议。协议可应用于大规模分簇无线网络,也可适用于以随机密钥预分配协议为基本协议的中小型无线网络。实验结果表明,该协议能提高网络中可用节点比例,减少因单向链路覆盖而退出网络活动的节点数量。我们在典型传感器器件—XBOW的MICAz上实现了各类密码原语(包括SHA-1、AES和ECC),并对运行时间和能耗进行了分析和比较。
第二,针对低成本RFID系统,我们从成本控制、计算能力和能耗等方面,比较了现有的若干轻量级安全协议,设计了一个仅采用伪随机函数(PRF)的“标签-阅读器”双向认证协议,通过三次信息交互达到双向认证。该协议具有抗重放攻击、抗中间人攻击、前向安全性等诸多安全性能。
Being a reprentative technology in the fusion of computer science and industrial technology, embedded system security issues, especially wireless embedded system security are paid much more attention on by designers and producers.
With the progress of reverse engineering techniques, remapping and microprobing become easier to implement, and eavesdropping of data in hardware layer is feasible. Therefore, how to protect system bus, volatile memory and other hardwares is a vital problem in embedded system. MPU is the core part of an embedded system. With the increase of the degree of integration, improvement of manufacture and packaging, anti-probing and tampering measures, the reverse engineering on MPU is quite impossible. Therefore, MPU is suitable place to reserve overall system secret, so designing and integrating a security scheme into the architecture is the best way to derive the security from MPU to whole system.
Besides the security assurance by physical layer, embedded systems require robust and secure applications in upper layers. With the drive of commercial applications, popularization of wireless networks and the concept of ubiquitous computing expedite security towards integrity system design. Wireless embedded system networks focus on two issues: (1) establishing trust among network members, and (2) efficiency and security of protocol itself. Therefore, we select two representative scnarios; wireless sensor networks (WSNs) and low-cost RFID systems. We put a hot research topic on wireless sensor networks because they involve complex network communications and how to establish trust among network members are challenging. Low-cost RFID systems’s less power and computation ability also bring a tricky situation which implies that standard cryptographic premitives are impossible to be deployed, so the lightweight and efficiency of security resolution must be prerequisite.
Therefore, we compartmentalize security issues on embedded systems into two layers, one is Architectural Security, and the other one is Communication Security. On the Architectural Security layer, we start our research on common computer architecture. After analyzing existing secure architecture framework and memory protection techniques, we obtain the following achievements:
First, according to the feature of microprocessor architecture, we designed an efficient memory encryption and verification scheme. This scheme provides architecture support for data encryption outside MPU chip and data verification while accessing main memory. Meanwhile, it adopts GCM encryption mode, the speed of data encryption/decryption and verification is improved, which makes our scheme more efficient than others, and more suitable for embedded system microprocessor architecture. The simulation results reveal that our scheme slows down the system 20% and less, while other schemes cause more than 25% performance slow down.
Second, considering the popularization of Chip Multi-Processor (CMP) architecture, we proposed counter Cache coherence optimiazation method AOW for CMP adopting secure architecture. AOW is a“write-invalid”snooping protocol as MESI. It provides 1bit onto MESI protocol to identify the status and keep the freshness of counters. The aim of AOW is to advance the hit rate of counter Cache, so that the times of memory access for missing counter will be obviously reduced. The results of system simulations reveal that AOW protocol promots the system performance at least 8% under SPEC2000 benchmarks.
On the Communication Security layer, we choose two representative wireless networks, wireless sensor networks and RFID systems. We obtain the achievements as follows:
First, focusing on large amount of unidirectional links in sensor networks, our researches include key establishment protocols which exploit these links in WSNs. We realize that unidirectional links are neglected by most security protocols so that nodes covered by only unidirectional links are no longer available in network activities. We propose IntraKey and InterKey Protcol exploiting unidirectional links in WSNs. These protocols promots the proportion of available nodes in network, and the simulation results prove that. Later on, we implement several cryptographic premitives including an asymmetric key algorithm ECC on XBOW MICAz, and measure the time and energy consuming.
Second, for low-cost RFID system, our researches include analyzing the relation between circuit and cryptographic premitive complexity, and compare several lightweight authentication protocols. After the realization of the impossibility of standard cryptographic premitives, we propose a lightweight mutual authentication protocol for low-cost RFID systems adopting only Pesudo-Random Function (PRF), and authenticate each other through three message flows. It also provides forward security and the ability of anti-replay attack and man-in-the-middle attack.
随着反向工程技术的发展,版图重构、总线微探测等手段越来越易于实施,获取底层硬件中传输或处理的数据变得更加容易。如何保护如总线传输过程中、易失性存储器工作过程中、以及其他硬件中的数据,是嵌入式系统乃至整个计算机系统安全中的根本问题。微处理器(MPU)芯片是嵌入式系统运行的核心,由于MPU芯片的集成度日益提高,制造和封装工艺不断改进,而且自身也往往增加了一些防探测和篡改的措施,从而使得对MPU成功实施反向工程的可能性微乎其微,因此,人们通常把MPU作为嵌入式系统的信任源。从微处理器系统结构出发,研究者设计并集成相应的安全方案,解决嵌入式底层硬件的安全问题,从而保证硬件系统的安全性。
在嵌入式安全体系结构的基础上,现实中一些重要和敏感的嵌入式网络应用也要求提供必要的安全支撑。随着无线嵌入式设备的迅猛普及和普适计算概念的推进,无线网络安全已经成为迫切的系统设计需求。无线嵌入式系统的网络安全问题主要关注两个方面:一是网络成员之间的信任建立;二是安全协议本身运行的高效性和安全性。本文中我们选取无线传感器网络和低成本RFID系统作为无线嵌入式系统网络安全的研究对象。无线传感器网络的特点是大规模无线通信,研究重点在于网络节点之间的信任建立;RFID系统具有低成本及极低的计算能力,研究重点在于认证方案的轻量级和安全性。
基于以上考虑,本文将嵌入式系统安全划分为两个层次进行研究,“系统结构安全”和“通信安全”。在“系统结构安全”层次上,我们从通用计算机系统结构和多处理器系统结构两个方面,分析了现有安全系统结构框架和存储器保护技术,归纳了系统安全方案设计需要解决的关键问题,取得了以下研究结果:
第一,针对嵌入式微处理器系统结构的特点,设计了一个安全高效的存储器加密和完整性校验方案。该方案为MPU片内数据在片外运行和存储提供了安全保护,使片外存储器中的数据以不可理解的密文形式存储。同时,该方案采用了GCM工作模式,有效提高了数据加密和验证的速度。在同类方案对系统性能降低均高达25%以上的情况下,仿真实验显示我们的方案仅造成系统性能下降了20%或更低。
第二,针对一类典型的嵌入式多处理器系统——片上多处理器CMP结构——中的安全系统结构,提出了高速计数缓存(counter Cache)一致性优化方案AOW。AOW方案是一个“写—无效”方式的监听协议,在总线监听的共享缓存一致性协议——MESI协议的基础上,为counter增加1bit标记,通过若干总线信息保持多个counter副本在若干处理器核心中的一致。该协议能有效提高此类系统中counter Cache访问命中率,减少因counter缺失而引发的存储器访问次数,从而加快数据进出微处理器时的加解密速度,并显著提高系统性能。仿真实验结果显示,多种多处理器安全方案在部署AOW协议之后,总体性能均能得到提升,最高可达8%。
我们在“通信安全”层次上,重点研究了无线传感器网络的密钥建立协议和低成本RFID系统的双向认证协议,主要研究成果为:
第一,针对无线传感器网络中常见的单向链路大量存在,却未被有效利用于密钥建立过程中的情况,我们提出了基于单向链路的无线传感器网络密钥建立协议。协议可应用于大规模分簇无线网络,也可适用于以随机密钥预分配协议为基本协议的中小型无线网络。实验结果表明,该协议能提高网络中可用节点比例,减少因单向链路覆盖而退出网络活动的节点数量。我们在典型传感器器件—XBOW的MICAz上实现了各类密码原语(包括SHA-1、AES和ECC),并对运行时间和能耗进行了分析和比较。
第二,针对低成本RFID系统,我们从成本控制、计算能力和能耗等方面,比较了现有的若干轻量级安全协议,设计了一个仅采用伪随机函数(PRF)的“标签-阅读器”双向认证协议,通过三次信息交互达到双向认证。该协议具有抗重放攻击、抗中间人攻击、前向安全性等诸多安全性能。
Being a reprentative technology in the fusion of computer science and industrial technology, embedded system security issues, especially wireless embedded system security are paid much more attention on by designers and producers.
With the progress of reverse engineering techniques, remapping and microprobing become easier to implement, and eavesdropping of data in hardware layer is feasible. Therefore, how to protect system bus, volatile memory and other hardwares is a vital problem in embedded system. MPU is the core part of an embedded system. With the increase of the degree of integration, improvement of manufacture and packaging, anti-probing and tampering measures, the reverse engineering on MPU is quite impossible. Therefore, MPU is suitable place to reserve overall system secret, so designing and integrating a security scheme into the architecture is the best way to derive the security from MPU to whole system.
Besides the security assurance by physical layer, embedded systems require robust and secure applications in upper layers. With the drive of commercial applications, popularization of wireless networks and the concept of ubiquitous computing expedite security towards integrity system design. Wireless embedded system networks focus on two issues: (1) establishing trust among network members, and (2) efficiency and security of protocol itself. Therefore, we select two representative scnarios; wireless sensor networks (WSNs) and low-cost RFID systems. We put a hot research topic on wireless sensor networks because they involve complex network communications and how to establish trust among network members are challenging. Low-cost RFID systems’s less power and computation ability also bring a tricky situation which implies that standard cryptographic premitives are impossible to be deployed, so the lightweight and efficiency of security resolution must be prerequisite.
Therefore, we compartmentalize security issues on embedded systems into two layers, one is Architectural Security, and the other one is Communication Security. On the Architectural Security layer, we start our research on common computer architecture. After analyzing existing secure architecture framework and memory protection techniques, we obtain the following achievements:
First, according to the feature of microprocessor architecture, we designed an efficient memory encryption and verification scheme. This scheme provides architecture support for data encryption outside MPU chip and data verification while accessing main memory. Meanwhile, it adopts GCM encryption mode, the speed of data encryption/decryption and verification is improved, which makes our scheme more efficient than others, and more suitable for embedded system microprocessor architecture. The simulation results reveal that our scheme slows down the system 20% and less, while other schemes cause more than 25% performance slow down.
Second, considering the popularization of Chip Multi-Processor (CMP) architecture, we proposed counter Cache coherence optimiazation method AOW for CMP adopting secure architecture. AOW is a“write-invalid”snooping protocol as MESI. It provides 1bit onto MESI protocol to identify the status and keep the freshness of counters. The aim of AOW is to advance the hit rate of counter Cache, so that the times of memory access for missing counter will be obviously reduced. The results of system simulations reveal that AOW protocol promots the system performance at least 8% under SPEC2000 benchmarks.
On the Communication Security layer, we choose two representative wireless networks, wireless sensor networks and RFID systems. We obtain the achievements as follows:
First, focusing on large amount of unidirectional links in sensor networks, our researches include key establishment protocols which exploit these links in WSNs. We realize that unidirectional links are neglected by most security protocols so that nodes covered by only unidirectional links are no longer available in network activities. We propose IntraKey and InterKey Protcol exploiting unidirectional links in WSNs. These protocols promots the proportion of available nodes in network, and the simulation results prove that. Later on, we implement several cryptographic premitives including an asymmetric key algorithm ECC on XBOW MICAz, and measure the time and energy consuming.
Second, for low-cost RFID system, our researches include analyzing the relation between circuit and cryptographic premitive complexity, and compare several lightweight authentication protocols. After the realization of the impossibility of standard cryptographic premitives, we propose a lightweight mutual authentication protocol for low-cost RFID systems adopting only Pesudo-Random Function (PRF), and authenticate each other through three message flows. It also provides forward security and the ability of anti-replay attack and man-in-the-middle attack.
引文
[1] R.Kamal,嵌入式系统:体系结构、编程设计, 1 ed.北京:清华大学出版社, 2005.
[2] M. Weiser, "Hot topics-ubiquitous computing," Computer, vol. 26, pp. 71-72, 1993.
[3] J. Kelsey, B. Schneier, and D. Wagner, "Protocol Interactions and the Chosen Protocol Attack," LECTURE NOTES IN COMPUTER SCIENCE, pp. 91-104, 1998.
[4] P. Kocher, R. Lee, G. McGraw, A. Raghunathan, and S. Ravi, "Security as a new dimension in embedded system design," in Design Automation Conference, 2004. Proceedings. 41st, 2004, pp. 753-760.
[5] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," in Advances in Cryptology—CRYPTO’96, 1996, pp. 104-113.
[6] T. Messerges, E. Dabbish, and R. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE TRANSACTIONS ON COMPUTERS, pp. 541-552, 2002.
[7] S. Skorobogatov, "Semi-invasive attacks-a new approach to hardware security analysis," Technical report, University of Cambridge, Computer Laboratory, April, 2005.
[8] TCG, "Trusted Computing Group," https://trustcomputinggroup.org/.
[9] G. E. Suh, D. Clarke, B. Gasend, M. van Dijk, and S. Devadas, "Efficient memory integrity verification and encryption for secure processors," in Microarchitecture, 2003. MICRO-36. Proceedings. 36th Annual IEEE/ACM International Symposium on, 2003, pp. 339-350.
[10] G. E. Suh, D. Clarke, B. Gassend, M. v. Dijk, and S. Devadas, "AEGIS: architecture for tamper-evident and tamper-resistant processing," in Proceedings of the 17th annual international conference on Supercomputing San Francisco, CA, USA: ACM, 2003.
[11] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural support for copy and tamper resistant software," ACM SIGPLAN Notices, vol. 35, pp. 168-177, 2000.
[12] D. Lie, C. Thekkath, and M. Horowitz, "Implementing an untrusted operating system on trusted hardware," ACM SIGOPS Operating Systems Review, vol. 37, pp. 178-192, 2003.
[13] X. Zhuang, T. Zhang, and S. Pande, "HIDE: an infrastructure for efficiently protecting information leakage on the address bus," in Proceedings of the11th international conference on Architectural support for programming languages and operating systems Boston, MA, USA: ACM, 2004.
[14] B. Gassend, G. E. Suh, D. Clarke, M. v. Dijk, and S. Devadas, "Caches and Hash Trees for Efficient Memory Integrity Verification," in Proceedings of the 9th International Symposium on High-Performance Computer Architecture: IEEE Computer Society, 2003.
[15] B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin, "Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly," in Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture: IEEE Computer Society, 2007.
[16] A. Perrig, R. Szewczyk, J. Tygar, V. Wen, and D. Culler, "SPINS: Security Protocols for Sensor Networks," Wireless Networks, vol. 8, pp. 521-534, 2002.
[17] M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas, and R. Rivest, "Proxy-based security protocols in networked mobile devices," in Proceedings of the 2002 ACM symposium on Applied computing Madrid, Spain: ACM, 2002.
[18] C. Haowen, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," in Security and Privacy, 2003. Proceedings. 2003 Symposium on, 2003, pp. 197-213.
[19] W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. 22, pp. 644-654, 1976.
[20] K. Piotrowski, P. Langendoerfer, and S. Peter, "How public key cryptography influences wireless sensor node lifetime," in Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks Alexandria, Virginia, USA: ACM, 2006.
[21] Y. Zhang, W. Liu, W. Lou, and Y. Fang, "Location-based compromise-tolerant security mechanisms for wireless sensor networks," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 247-260, 2006.
[22] G. Vipul, M. Millard, S. Fung, Y. Zhu, N. Gura, H. Eberle, and S. C. Shantz, "Sizzle: a standards-based end-to-end security architecture for the embedded Internet," in Pervasive Computing and Communications, 2005. PerCom 2005. Third IEEE International Conference on, 2005, pp. 247-256.
[23] B. Seema and E. J. Coyle, "An energy efficient hierarchical clustering algorithm for wireless sensor networks," in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, 2003, pp. 1713-1723 vol.3.
[24] M. Bechler, H. J. Hof, D. Kraft, F. Pahlke, and L. Wolf, "A cluster-based security architecture for ad hoc networks," in INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and CommunicationsSocieties, 2004, pp. 2393-2403 vol.4.
[25] X. Du, Y. Xiao, M. Guizani, and H. Chen, "An effective key management scheme for heterogeneous sensor networks," Ad Hoc Networks, vol. 5, pp. 24-34, 2007.
[26] J. Hoffstein, J. Pipher, and J. Silverman, "NTRU: A ring-based public key cryptosystem," LECTURE NOTES IN COMPUTER SCIENCE, vol. 1423, pp. 267-288, 1998.
[27] Y. Jun, Z. Youtao, and G. Lan, "Fast secure processor for inhibiting software piracy and tampering," in Microarchitecture, 2003. MICRO-36. Proceedings. 36th Annual IEEE/ACM International Symposium on, 2003, pp. 351-360.
[28] D. Boneh, C. S. Dept, and S. University, Hardware Support for Tamper-resistant and Copy-resistant Software: Stanford University, 2001.
[29] C. Yan, D. Englender, M. Prvulovic, B. Rogers, and Y. Solihin, "Improving Cost, Performance, and Security of Memory Encryption and Authentication," in Proceedings of the 33rd annual international symposium on Computer Architecture: IEEE Computer Society, 2006.
[30] W. Shi, H.-H. S. Lee, M. Ghosh, C. Lu, and A. Boldyreva, "High Efficiency Counter Mode Security Architecture via Prediction and Precomputation," in Proceedings of the 32nd annual international symposium on Computer Architecture: IEEE Computer Society, 2005.
[31] D. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," Submission to NIST Modes of Operation Process, January, vol. 15, 2004.
[32] D. Greve, M. Wilding, and W. Vanfleet, "A separation kernel formal security policy," in Proceedings of the 4th International Workshop on the ACL2 Theorem Prover and Its Applications, 2003.
[33] S. Ravi, A. Raghunathan, and S. Chakradhar, "Tamper resistance mechanisms for secure embedded systems," in VLSI Design, 2004. Proceedings. 17th International Conference on, 2004, pp. 605-611.
[34] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, M. Bardouillet, C. Buatois, and J. B. Rigaud, "Hardware Engines for Bus Encryption: A Survey of Existing Techniques," in Proceedings of the conference on Design, Automation and Test in Europe - Volume 3: IEEE Computer Society, 2005.
[35] R. Best, "Microprocessor for executing enciphered programs," US Patent 4,168,396, 1979.
[36] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, M. Bardouillet, and A. Martinez, "A parallelized way to provide data encryption and integrity checking on a processor-memory bus," in Proceedings of the 43rd annual conference on Design automation San Francisco, CA, USA: ACM, 2006.
[37] R. Vaslin, G. Gogniat, J. Diguet, E. Wanderley, R. de Saint Maud, R.Tessier, and W. Burleson, "Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory."
[38] R. Takahashi and D. Heer, "Secure memory management unit for microprocessor," US Patent 5,825,878, 1998.
[39] B. Candelore and E. Sprunk, "Secure processor with external memory using block chaining and block re-ordering," Google Patents, 2000.
[40] D. McGrew and J. Viega, "The security and performance of the Galois/Counter Mode (GCM) of operation," Progress in Cryptology-INDOCRYPT, pp. 343–355, 2004.
[41] W. Shi, H.-H. S. Lee, M. Ghosh, and C. Lu, "Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems," in Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques: IEEE Computer Society, 2004.
[42] Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta, "SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors," in Proceedings of the 11th International Symposium on High-Performance Computer Architecture: IEEE Computer Society, 2005.
[43] D. Culler, J. Sillgh, and A. Gupta, "并行计算机体系结构——硬件/软件结合的设计与分析,"北京:机械工业出版社, 2002.
[44] M. G. Kuhn, "Cipher instruction search attack on the bus-encryption security microcontroller DS5002FP," IEEE Transactions on Computers, vol. 47, pp. 1153-1157, 1998.
[45] K. Olukotun, B. A. Nayfeh, L. Hammond, K. Wilson, and K. Chang, "The case for a single-chip multiprocessor," in Proceedings of the seventh international conference on Architectural support for programming languages and operating systems Cambridge, Massachusetts, United States: ACM, 1996.
[46] L. Hammond, M. Willey, and K. Olukotun, "Data speculation support for a chip multiprocessor," in Proceedings of the eighth international conference on Architectural support for programming languages and operating systems San Jose, California, United States: ACM, 1998.
[47] K. Olukotun, L. Hammond, and M. Willey, "Improving the performance of speculatively parallel applications on the Hydra CMP," in Proceedings of the 13th international conference on Supercomputing Rhodes, Greece: ACM, 1999.
[48] L. Hammond, B. A. Hubbert, M. Siu, M. K. Prabhu, M. Chen, and K. Olukolun, "The Stanford Hydra CMP," IEEE Micro, vol. 20, pp. 71-84, 2000.
[49] M. Taylor, "The Raw Processor Specification," Comprehensive specification for the Raw processor, 2002.
[50] K. Hwang, "Advanced Computer Architecture: Parallelism, Scalability, Programmability 1McGraw-Hill," New York, vol. 771, 1993.
[51] V. Pai, P. Ranganathan, and S. Adve, "RSIM: An Execution-Driven Simulator for ILP-Based Shared-Memory Multiprocessors and Uniprocessors," in Proceedings of the Third Workshop on Computer Architecture Education, 1997.
[52] R. Blom, "An Optimal Class of Symmetric Key Generation Systems," in Advances in Cryptology: Proceedings of EUROCRYPT 84 - A Workshop on the Theory and Application of Cryptographic Techniques, Paris, France, April 1984, 1985, p. 335.
[53] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, "Perfectly-Secure Key Distribution for Dynamic Conferences," in Advances in Cryptology—CRYPTO’92, 1993, pp. 471-486.
[54] D. Liu, P. Ning, and R. Li, "Establishing pairwise keys in distributed sensor networks," ACM Transaction on Information and System Security, vol. 8, pp. 41-77, 2005.
[55] B. Lai, S. Kim, and I. Verbauwhede, "Scalable session key construction protocol for wireless sensor networks," in IEEE Workshop on Large Scale Real-Time and Embedded Systems, 2002.
[56] B. Dutertre, S. Cheung, and J. Levy, "Lightweight key management in wireless sensor networks by leveraging initial trust," SRI International, SDL Technical Report SRI-SDL-04-02, April, vol. 45, 2004.
[57] L. Eschenauer and V. D. Gligor, "A key-management scheme for distributed sensor networks," in Proceedings of the 9th ACM conference on Computer and communications security Washington, DC, USA: ACM, 2002.
[58] C. Haowen and A. Perrig, "PIKE: peer intermediaries for key establishment in sensor networks," in INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, 2005, pp. 524-535 vol. 1.
[59] SECG, "Elliptic Curve Cryptography. SEC 1," http://www.secg.org/, 2000.
[60] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, "Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks," in Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications: IEEE Computer Society, 2005.
[61] P. Traynor, H. Choi, G. Cao, S. Zhu, and T. La Porta, "Establishing Pair-Wise Keys in Heterogeneous Sensor Networks," in INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, 2006, pp. 1-12.
[62] V. Ramasubramanian and D. Mosse, "Statistical analysis of connectivity in unidirectional ad hoc networks," in Parallel Processing Workshops, 2002. Proceedings. International Conference on, 2002, pp. 109-115.
[63] D. Boneh and M. Franklin, "Identity-Based Encryption from the WeilPairing," in Advances in Cryptology—CRYPTO 2001, 2001, pp. 213-229.
[64] A. Joux, "The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems," in Algorithmic Number Theory, 2002, pp. 11-18.
[65] J. Newsome, E. Shi, D. Song, and A. Perrig, "The sybil attack in sensor networks: analysis & defenses," in Proceedings of the third international symposium on Information processing in sensor networks, New York, NY, USA, 2004, pp. 259-268.
[66] M. Gerla, L. Yeng-Zhong, P. Joon-Sang, and Y. Yunjung, "On demand multicast routing with unidirectional links," in Wireless Communications and Networking Conference, 2005 IEEE, 2005, pp. 2162-2167 Vol. 4.
[67] SECG, "Elliptic Curve Cryptography. SEC 2," http://www.secg.org/, 2000.
[68] S. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," in Algorithmic Number Theory, 2002, pp. 69-86.
[69] EPCGlobal, "EPCGlobal," http://www.epcglobalinc.org/, 2005.
[70] I. O. f. Standardization, "part 1: Generic parameters for air interface communication for globally accepted frequencies," in ISO/IEC 18000-1. Information technology AIDC techniques - RFID for item management-air interface: Publish standard, 2003.
[71] S. Sarma, "Towards the 5 cent tag," Auto-Id Centre White paper, http://www.autoidlabs.org/whitepapers/MIT-AUTOID-WH-006.pdf, 2001.
[72] S. E. Sarma, S. A. Weis, and D. W. Engels, "Radio frequency identification: secure risks and challenges," RSA Laboratories Cryptobytes, vol. 6, pp. 2-8, 2003.
[73] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," in Cryptographic Hardware and Embedded Systems - CHES 2004, 2004, pp. 85-140.
[74] S. A. Weis, "Security Parallels between People and Pervasive Devices," in Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops: IEEE Computer Society, 2005.
[75] A. Juels, P. Syverson, and D. Bailey, "High-Power Proxies for Enhancing RFID Privacy and Utility," in Privacy Enhancing Technologies, 2006, pp. 210-226.
[76] D. H. Technology, "High Performance MD5. Fast SHA-1. Fast SHA-256. Hash core for ASIC," 2005.
[77] J. M. Technologies, "JetAES Tiny, Standard : Low Gate Count Low Data Rate AES Cores," 2006.
[78] Certicom, "Suite B TRNG IP Core," http://www.certicom.com/download/aid-690/Suite%20B%20TRNG%20IP%20Core.pdf.
[79] H. Lee and D. Hong, "The Tag Authentication Scheme using Self-Shrinking Generator on RFID System," International Journal of Applied Science, Engineering and Technology, vol. 3, pp. 52-57, 2006.
[80] J. Collins, "Marks & Spencer Expands RFID Trial," RFID Journal, 2004.
[81] F. Stajano and R. Anderson, "The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks," in Security Protocols, 2000, pp. 172-182.
[82] S. Spiekermann, "Perceived control: Scales for privacy in ubiquitous computing environments," in Proceedings of the 10th International Conference on User Modeling, 2005.
[83] S. Inoue and H. Yasuura, "RFID privacy using user-controllable uniqueness," in RFID Privacy Workshop, MIT, 2003.
[84] N. Good, J. Han, E. Miles, D. Molnar, D. Mulligan, L. Quilter, J. Urban, and D. Wagner, "Radio frequency identification and privacy with information goods," in Workshop on Privacy in the Electronic Society-WPES, 2004, pp. 41–42.
[85] K. P. Fishkin, S. Roy, and B. Jiang, "Some Methods for Privacy in RFID Communication," in Security in Ad-hoc and Sensor Networks, 2005, pp. 42-53.
[86] C. Floerkemeier, R. Schneider, and M. Langheinrich, "Scanning with a Purpose– Supporting the Fair Information Principles in RFID Protocols," in Ubiquitous Computing Systems, 2005, pp. 214-231.
[87] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," in Security in Pervasive Computing, 2004, pp. 50-59.
[88] C. Chatmon, T. van Le, and M. Burmester, "Secure anonymous RFID authentication protocols," Florida State University, Department of Computer Science2006.
[89] T. Dimitriou, "A Lightweight RFID Protocol to protect against Traceability and Cloning attacks," in Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks: IEEE Computer Society, 2005.
[90] S. Lee, T. Asano, and K. Kim, "RFID Mutual Authentication Scheme based on Synchronized Secret Information," in Symposium on Cryptography and Information Security, Hiroshima, Japan, 2006.
[91] T. Instruments, "TI-RFid," http://www.ti.com/rfid/shtml/rfid.shtml, 2006.
[92] P. P. López, "Lightweight Cryptography in Radio Frequency Identification (RFID) Systems," in Computer Science. vol. Ph.D: UNIVERSIDAD CARLOS III DE MADRID, 2008.
[93] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic approach to“privacy-friendly”tags," in RFID Privacy Workshop, 2003, pp. 624-654.
[94] D. Henrici, P. M\, \#252, and ller, "Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers," in Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops: IEEE Computer Society, 2004.
[95] Mahajivana, "RFID-Zapper project," http://www.events.ccc.de/congress/2005/static/r/f/i/RFIDZapper(EN)_77f3.html, 2006.
[96] K. Rhee, J. Kwak, S. Kim, and D. Won, "Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment," in Security in Pervasive Computing, 2005, pp. 70-84.
[97] A. Juels and S. A. Weis, "Authenticating Pervasive Devices with Human Protocols," in Advances in Cryptology– CRYPTO 2005, 2005, pp. 293-308.
[98] N. Hopper and M. Blum, "Secure Human Identification Protocols," in Advances in Cryptology—ASIACRYPT 2001, 2001, pp. 52-66.
[99] H. Gilbert, M. Robshaw, and H. Sibert, "An active attack against HB+–a provably secure lightweight authentication protocol," IEE Electronic Letters, vol. 41, pp. 1169-1170, 2005.
[100] J. Bringer, H. Chabanne, and E. Dottax, "HB++: a Lightweight Authentication Protocol Secure against Some Attacks," in Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, 2006, pp. 28-33.
[101] TinyOS, "TinyOS Tutorial," http://www.tinyos.net/tinyos-1.x/doc/tutorial/.
[102] NesC, "nesC 1.1 Language Reference Manual," http://nescc.sourceforge.net/papers/nesc-ref.pdf.
[103] Crossbow, "MPR-MIB Users Manual," http://www.xbow.com/support/support_pdf_files/mpr-mib_series_users_manual.pdf, 2007.
[104] S. Camtepe and B. Yener, "Key Distribution Mechanisms for Wireless Sensor Networks: a Survey," Rensselaer Polytechnic Inst., Comput. Sci. Dept., Troy, NY, Tech. Rep. TR-05-07, 2005.
[2] M. Weiser, "Hot topics-ubiquitous computing," Computer, vol. 26, pp. 71-72, 1993.
[3] J. Kelsey, B. Schneier, and D. Wagner, "Protocol Interactions and the Chosen Protocol Attack," LECTURE NOTES IN COMPUTER SCIENCE, pp. 91-104, 1998.
[4] P. Kocher, R. Lee, G. McGraw, A. Raghunathan, and S. Ravi, "Security as a new dimension in embedded system design," in Design Automation Conference, 2004. Proceedings. 41st, 2004, pp. 753-760.
[5] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," in Advances in Cryptology—CRYPTO’96, 1996, pp. 104-113.
[6] T. Messerges, E. Dabbish, and R. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE TRANSACTIONS ON COMPUTERS, pp. 541-552, 2002.
[7] S. Skorobogatov, "Semi-invasive attacks-a new approach to hardware security analysis," Technical report, University of Cambridge, Computer Laboratory, April, 2005.
[8] TCG, "Trusted Computing Group," https://trustcomputinggroup.org/.
[9] G. E. Suh, D. Clarke, B. Gasend, M. van Dijk, and S. Devadas, "Efficient memory integrity verification and encryption for secure processors," in Microarchitecture, 2003. MICRO-36. Proceedings. 36th Annual IEEE/ACM International Symposium on, 2003, pp. 339-350.
[10] G. E. Suh, D. Clarke, B. Gassend, M. v. Dijk, and S. Devadas, "AEGIS: architecture for tamper-evident and tamper-resistant processing," in Proceedings of the 17th annual international conference on Supercomputing San Francisco, CA, USA: ACM, 2003.
[11] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural support for copy and tamper resistant software," ACM SIGPLAN Notices, vol. 35, pp. 168-177, 2000.
[12] D. Lie, C. Thekkath, and M. Horowitz, "Implementing an untrusted operating system on trusted hardware," ACM SIGOPS Operating Systems Review, vol. 37, pp. 178-192, 2003.
[13] X. Zhuang, T. Zhang, and S. Pande, "HIDE: an infrastructure for efficiently protecting information leakage on the address bus," in Proceedings of the11th international conference on Architectural support for programming languages and operating systems Boston, MA, USA: ACM, 2004.
[14] B. Gassend, G. E. Suh, D. Clarke, M. v. Dijk, and S. Devadas, "Caches and Hash Trees for Efficient Memory Integrity Verification," in Proceedings of the 9th International Symposium on High-Performance Computer Architecture: IEEE Computer Society, 2003.
[15] B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin, "Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly," in Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture: IEEE Computer Society, 2007.
[16] A. Perrig, R. Szewczyk, J. Tygar, V. Wen, and D. Culler, "SPINS: Security Protocols for Sensor Networks," Wireless Networks, vol. 8, pp. 521-534, 2002.
[17] M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas, and R. Rivest, "Proxy-based security protocols in networked mobile devices," in Proceedings of the 2002 ACM symposium on Applied computing Madrid, Spain: ACM, 2002.
[18] C. Haowen, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," in Security and Privacy, 2003. Proceedings. 2003 Symposium on, 2003, pp. 197-213.
[19] W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. 22, pp. 644-654, 1976.
[20] K. Piotrowski, P. Langendoerfer, and S. Peter, "How public key cryptography influences wireless sensor node lifetime," in Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks Alexandria, Virginia, USA: ACM, 2006.
[21] Y. Zhang, W. Liu, W. Lou, and Y. Fang, "Location-based compromise-tolerant security mechanisms for wireless sensor networks," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 247-260, 2006.
[22] G. Vipul, M. Millard, S. Fung, Y. Zhu, N. Gura, H. Eberle, and S. C. Shantz, "Sizzle: a standards-based end-to-end security architecture for the embedded Internet," in Pervasive Computing and Communications, 2005. PerCom 2005. Third IEEE International Conference on, 2005, pp. 247-256.
[23] B. Seema and E. J. Coyle, "An energy efficient hierarchical clustering algorithm for wireless sensor networks," in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, 2003, pp. 1713-1723 vol.3.
[24] M. Bechler, H. J. Hof, D. Kraft, F. Pahlke, and L. Wolf, "A cluster-based security architecture for ad hoc networks," in INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and CommunicationsSocieties, 2004, pp. 2393-2403 vol.4.
[25] X. Du, Y. Xiao, M. Guizani, and H. Chen, "An effective key management scheme for heterogeneous sensor networks," Ad Hoc Networks, vol. 5, pp. 24-34, 2007.
[26] J. Hoffstein, J. Pipher, and J. Silverman, "NTRU: A ring-based public key cryptosystem," LECTURE NOTES IN COMPUTER SCIENCE, vol. 1423, pp. 267-288, 1998.
[27] Y. Jun, Z. Youtao, and G. Lan, "Fast secure processor for inhibiting software piracy and tampering," in Microarchitecture, 2003. MICRO-36. Proceedings. 36th Annual IEEE/ACM International Symposium on, 2003, pp. 351-360.
[28] D. Boneh, C. S. Dept, and S. University, Hardware Support for Tamper-resistant and Copy-resistant Software: Stanford University, 2001.
[29] C. Yan, D. Englender, M. Prvulovic, B. Rogers, and Y. Solihin, "Improving Cost, Performance, and Security of Memory Encryption and Authentication," in Proceedings of the 33rd annual international symposium on Computer Architecture: IEEE Computer Society, 2006.
[30] W. Shi, H.-H. S. Lee, M. Ghosh, C. Lu, and A. Boldyreva, "High Efficiency Counter Mode Security Architecture via Prediction and Precomputation," in Proceedings of the 32nd annual international symposium on Computer Architecture: IEEE Computer Society, 2005.
[31] D. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," Submission to NIST Modes of Operation Process, January, vol. 15, 2004.
[32] D. Greve, M. Wilding, and W. Vanfleet, "A separation kernel formal security policy," in Proceedings of the 4th International Workshop on the ACL2 Theorem Prover and Its Applications, 2003.
[33] S. Ravi, A. Raghunathan, and S. Chakradhar, "Tamper resistance mechanisms for secure embedded systems," in VLSI Design, 2004. Proceedings. 17th International Conference on, 2004, pp. 605-611.
[34] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, M. Bardouillet, C. Buatois, and J. B. Rigaud, "Hardware Engines for Bus Encryption: A Survey of Existing Techniques," in Proceedings of the conference on Design, Automation and Test in Europe - Volume 3: IEEE Computer Society, 2005.
[35] R. Best, "Microprocessor for executing enciphered programs," US Patent 4,168,396, 1979.
[36] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, M. Bardouillet, and A. Martinez, "A parallelized way to provide data encryption and integrity checking on a processor-memory bus," in Proceedings of the 43rd annual conference on Design automation San Francisco, CA, USA: ACM, 2006.
[37] R. Vaslin, G. Gogniat, J. Diguet, E. Wanderley, R. de Saint Maud, R.Tessier, and W. Burleson, "Low latency solution for confidentiality and integrity checking in embedded systems with off-chip memory."
[38] R. Takahashi and D. Heer, "Secure memory management unit for microprocessor," US Patent 5,825,878, 1998.
[39] B. Candelore and E. Sprunk, "Secure processor with external memory using block chaining and block re-ordering," Google Patents, 2000.
[40] D. McGrew and J. Viega, "The security and performance of the Galois/Counter Mode (GCM) of operation," Progress in Cryptology-INDOCRYPT, pp. 343–355, 2004.
[41] W. Shi, H.-H. S. Lee, M. Ghosh, and C. Lu, "Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems," in Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques: IEEE Computer Society, 2004.
[42] Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta, "SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors," in Proceedings of the 11th International Symposium on High-Performance Computer Architecture: IEEE Computer Society, 2005.
[43] D. Culler, J. Sillgh, and A. Gupta, "并行计算机体系结构——硬件/软件结合的设计与分析,"北京:机械工业出版社, 2002.
[44] M. G. Kuhn, "Cipher instruction search attack on the bus-encryption security microcontroller DS5002FP," IEEE Transactions on Computers, vol. 47, pp. 1153-1157, 1998.
[45] K. Olukotun, B. A. Nayfeh, L. Hammond, K. Wilson, and K. Chang, "The case for a single-chip multiprocessor," in Proceedings of the seventh international conference on Architectural support for programming languages and operating systems Cambridge, Massachusetts, United States: ACM, 1996.
[46] L. Hammond, M. Willey, and K. Olukotun, "Data speculation support for a chip multiprocessor," in Proceedings of the eighth international conference on Architectural support for programming languages and operating systems San Jose, California, United States: ACM, 1998.
[47] K. Olukotun, L. Hammond, and M. Willey, "Improving the performance of speculatively parallel applications on the Hydra CMP," in Proceedings of the 13th international conference on Supercomputing Rhodes, Greece: ACM, 1999.
[48] L. Hammond, B. A. Hubbert, M. Siu, M. K. Prabhu, M. Chen, and K. Olukolun, "The Stanford Hydra CMP," IEEE Micro, vol. 20, pp. 71-84, 2000.
[49] M. Taylor, "The Raw Processor Specification," Comprehensive specification for the Raw processor, 2002.
[50] K. Hwang, "Advanced Computer Architecture: Parallelism, Scalability, Programmability 1McGraw-Hill," New York, vol. 771, 1993.
[51] V. Pai, P. Ranganathan, and S. Adve, "RSIM: An Execution-Driven Simulator for ILP-Based Shared-Memory Multiprocessors and Uniprocessors," in Proceedings of the Third Workshop on Computer Architecture Education, 1997.
[52] R. Blom, "An Optimal Class of Symmetric Key Generation Systems," in Advances in Cryptology: Proceedings of EUROCRYPT 84 - A Workshop on the Theory and Application of Cryptographic Techniques, Paris, France, April 1984, 1985, p. 335.
[53] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, "Perfectly-Secure Key Distribution for Dynamic Conferences," in Advances in Cryptology—CRYPTO’92, 1993, pp. 471-486.
[54] D. Liu, P. Ning, and R. Li, "Establishing pairwise keys in distributed sensor networks," ACM Transaction on Information and System Security, vol. 8, pp. 41-77, 2005.
[55] B. Lai, S. Kim, and I. Verbauwhede, "Scalable session key construction protocol for wireless sensor networks," in IEEE Workshop on Large Scale Real-Time and Embedded Systems, 2002.
[56] B. Dutertre, S. Cheung, and J. Levy, "Lightweight key management in wireless sensor networks by leveraging initial trust," SRI International, SDL Technical Report SRI-SDL-04-02, April, vol. 45, 2004.
[57] L. Eschenauer and V. D. Gligor, "A key-management scheme for distributed sensor networks," in Proceedings of the 9th ACM conference on Computer and communications security Washington, DC, USA: ACM, 2002.
[58] C. Haowen and A. Perrig, "PIKE: peer intermediaries for key establishment in sensor networks," in INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, 2005, pp. 524-535 vol. 1.
[59] SECG, "Elliptic Curve Cryptography. SEC 1," http://www.secg.org/, 2000.
[60] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, "Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks," in Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications: IEEE Computer Society, 2005.
[61] P. Traynor, H. Choi, G. Cao, S. Zhu, and T. La Porta, "Establishing Pair-Wise Keys in Heterogeneous Sensor Networks," in INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, 2006, pp. 1-12.
[62] V. Ramasubramanian and D. Mosse, "Statistical analysis of connectivity in unidirectional ad hoc networks," in Parallel Processing Workshops, 2002. Proceedings. International Conference on, 2002, pp. 109-115.
[63] D. Boneh and M. Franklin, "Identity-Based Encryption from the WeilPairing," in Advances in Cryptology—CRYPTO 2001, 2001, pp. 213-229.
[64] A. Joux, "The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems," in Algorithmic Number Theory, 2002, pp. 11-18.
[65] J. Newsome, E. Shi, D. Song, and A. Perrig, "The sybil attack in sensor networks: analysis & defenses," in Proceedings of the third international symposium on Information processing in sensor networks, New York, NY, USA, 2004, pp. 259-268.
[66] M. Gerla, L. Yeng-Zhong, P. Joon-Sang, and Y. Yunjung, "On demand multicast routing with unidirectional links," in Wireless Communications and Networking Conference, 2005 IEEE, 2005, pp. 2162-2167 Vol. 4.
[67] SECG, "Elliptic Curve Cryptography. SEC 2," http://www.secg.org/, 2000.
[68] S. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," in Algorithmic Number Theory, 2002, pp. 69-86.
[69] EPCGlobal, "EPCGlobal," http://www.epcglobalinc.org/, 2005.
[70] I. O. f. Standardization, "part 1: Generic parameters for air interface communication for globally accepted frequencies," in ISO/IEC 18000-1. Information technology AIDC techniques - RFID for item management-air interface: Publish standard, 2003.
[71] S. Sarma, "Towards the 5 cent tag," Auto-Id Centre White paper, http://www.autoidlabs.org/whitepapers/MIT-AUTOID-WH-006.pdf, 2001.
[72] S. E. Sarma, S. A. Weis, and D. W. Engels, "Radio frequency identification: secure risks and challenges," RSA Laboratories Cryptobytes, vol. 6, pp. 2-8, 2003.
[73] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," in Cryptographic Hardware and Embedded Systems - CHES 2004, 2004, pp. 85-140.
[74] S. A. Weis, "Security Parallels between People and Pervasive Devices," in Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops: IEEE Computer Society, 2005.
[75] A. Juels, P. Syverson, and D. Bailey, "High-Power Proxies for Enhancing RFID Privacy and Utility," in Privacy Enhancing Technologies, 2006, pp. 210-226.
[76] D. H. Technology, "High Performance MD5. Fast SHA-1. Fast SHA-256. Hash core for ASIC," 2005.
[77] J. M. Technologies, "JetAES Tiny, Standard : Low Gate Count Low Data Rate AES Cores," 2006.
[78] Certicom, "Suite B TRNG IP Core," http://www.certicom.com/download/aid-690/Suite%20B%20TRNG%20IP%20Core.pdf.
[79] H. Lee and D. Hong, "The Tag Authentication Scheme using Self-Shrinking Generator on RFID System," International Journal of Applied Science, Engineering and Technology, vol. 3, pp. 52-57, 2006.
[80] J. Collins, "Marks & Spencer Expands RFID Trial," RFID Journal, 2004.
[81] F. Stajano and R. Anderson, "The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks," in Security Protocols, 2000, pp. 172-182.
[82] S. Spiekermann, "Perceived control: Scales for privacy in ubiquitous computing environments," in Proceedings of the 10th International Conference on User Modeling, 2005.
[83] S. Inoue and H. Yasuura, "RFID privacy using user-controllable uniqueness," in RFID Privacy Workshop, MIT, 2003.
[84] N. Good, J. Han, E. Miles, D. Molnar, D. Mulligan, L. Quilter, J. Urban, and D. Wagner, "Radio frequency identification and privacy with information goods," in Workshop on Privacy in the Electronic Society-WPES, 2004, pp. 41–42.
[85] K. P. Fishkin, S. Roy, and B. Jiang, "Some Methods for Privacy in RFID Communication," in Security in Ad-hoc and Sensor Networks, 2005, pp. 42-53.
[86] C. Floerkemeier, R. Schneider, and M. Langheinrich, "Scanning with a Purpose– Supporting the Fair Information Principles in RFID Protocols," in Ubiquitous Computing Systems, 2005, pp. 214-231.
[87] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," in Security in Pervasive Computing, 2004, pp. 50-59.
[88] C. Chatmon, T. van Le, and M. Burmester, "Secure anonymous RFID authentication protocols," Florida State University, Department of Computer Science2006.
[89] T. Dimitriou, "A Lightweight RFID Protocol to protect against Traceability and Cloning attacks," in Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks: IEEE Computer Society, 2005.
[90] S. Lee, T. Asano, and K. Kim, "RFID Mutual Authentication Scheme based on Synchronized Secret Information," in Symposium on Cryptography and Information Security, Hiroshima, Japan, 2006.
[91] T. Instruments, "TI-RFid," http://www.ti.com/rfid/shtml/rfid.shtml, 2006.
[92] P. P. López, "Lightweight Cryptography in Radio Frequency Identification (RFID) Systems," in Computer Science. vol. Ph.D: UNIVERSIDAD CARLOS III DE MADRID, 2008.
[93] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic approach to“privacy-friendly”tags," in RFID Privacy Workshop, 2003, pp. 624-654.
[94] D. Henrici, P. M\, \#252, and ller, "Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers," in Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops: IEEE Computer Society, 2004.
[95] Mahajivana, "RFID-Zapper project," http://www.events.ccc.de/congress/2005/static/r/f/i/RFIDZapper(EN)_77f3.html, 2006.
[96] K. Rhee, J. Kwak, S. Kim, and D. Won, "Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment," in Security in Pervasive Computing, 2005, pp. 70-84.
[97] A. Juels and S. A. Weis, "Authenticating Pervasive Devices with Human Protocols," in Advances in Cryptology– CRYPTO 2005, 2005, pp. 293-308.
[98] N. Hopper and M. Blum, "Secure Human Identification Protocols," in Advances in Cryptology—ASIACRYPT 2001, 2001, pp. 52-66.
[99] H. Gilbert, M. Robshaw, and H. Sibert, "An active attack against HB+–a provably secure lightweight authentication protocol," IEE Electronic Letters, vol. 41, pp. 1169-1170, 2005.
[100] J. Bringer, H. Chabanne, and E. Dottax, "HB++: a Lightweight Authentication Protocol Secure against Some Attacks," in Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, 2006, pp. 28-33.
[101] TinyOS, "TinyOS Tutorial," http://www.tinyos.net/tinyos-1.x/doc/tutorial/.
[102] NesC, "nesC 1.1 Language Reference Manual," http://nescc.sourceforge.net/papers/nesc-ref.pdf.
[103] Crossbow, "MPR-MIB Users Manual," http://www.xbow.com/support/support_pdf_files/mpr-mib_series_users_manual.pdf, 2007.
[104] S. Camtepe and B. Yener, "Key Distribution Mechanisms for Wireless Sensor Networks: a Survey," Rensselaer Polytechnic Inst., Comput. Sci. Dept., Troy, NY, Tech. Rep. TR-05-07, 2005.