基于身份密码体系的无线自组织网络安全关键技术研究
摘要
本文介绍了两种无线自组织网络的代表:移动自组织网络和无线传感器网络。最初的自组织网络研究主要是在军事上、由美国国防高级研究项目署实施。1999年第一次对MANETs安全需求和面临的挑战包括MANETs特有属性和需求的重要性进行了探讨。这个开创性的研究在MANETs网络安全领域中引起了广泛的关注。
由于在自组织网络中基于对称密钥的解决方案存在密钥分发的局限性,所以很多研究人员开始将研究方向转向公钥密钥即非对称码。第一个基于公钥密码的解决方案是采用在线CA的方式,为自组织网络中节点颁发公钥证书。随后又提出了通过(k,n)-门限方案将传统的CA的任务分发到网络节点中。
随着基于身份密码方法的提出,由于其高效的密钥管理和其他特性,使得基于身份密码方案应用在自组织网络中被认为是可行的。在这些方案中多数都应用了密钥生成中心,并且这些方案声称因为基于身份密码有效的密钥管理方案,他们的方案比基于PKI的自组织方案效率更高。尽管基于身份签名方案能够消除证书的使用,但是由于可信的第三方私钥产生中心管理、产生和分发用户私钥,使得用户私钥托管问题成为基于身份签名方案的固有问题。为了解决这一固有问题,无证书的公钥思想被提出,随后大量相关工作被展开。而且应用在自组织网络中的基于无证书的方案也被提出,并被认为比基于IBC的方案更安全。
本文中,经过对无线自组织网络的特性分析,提出了基于口令的组密钥协商协议、身份认证协议、三方密钥交换协议以及为了确保数据在公开网络传播过程中的完整性和不可抵赖性本文还引入了基于无证书的数字签名方法。
组密钥交换协议:组密钥认证协商协议使一组用户可以通过不安全的,开放的网络建立一个共享的秘密,它被称为会话密钥,进而确实保证他们与对方共享这个会话密钥。组密钥认证协商协议允许多个用户即使存在主动攻击也能协议共享一个安全的会话密钥。协议的目的是解决在没有其他的管理者的情况下组成员可以掌握足够的信息来生成会话密钥问题,并保证用户组中的设置。因此,组密钥认证协商协议可以提供一个安全机制来实现在多用户群体的情况下安全的多播通信,如视频会议,数据备份和分布式计算,协同应用。是在无线环境的一个典型的安全模型。并详细的介绍了组密钥交换协议的特性及演化过程,并对当前热门的方案进行安全性分析及改进。
身份认证协议:自从Benenson等人首先指出了在传感器网络中用户认证协议的安全问题,并引入了多方认证机制后,很多相关工作被发表,最近Das提出了基于双向用户认证方案的研究。但是Nyang和Lee指出Das的协议在离线口令猜测攻击下和传感器节点妥协的攻击下是脆弱的,并且不能通过建立一个从传感器节点到用户的安全通道来保护查询响应消息。因此,Nyang和Lee改进了Das的双认证协议,试图解决Das的安全漏洞。然而在2010年,Khan等指出Das的方案在几个关键的安全攻击下仍然是不安全和脆弱的。除了Nyang和Lee等说提出的问题,Khan还提到Das的方案中是无法防御网关节点旁路攻击,也不能提供网关节点和传感器节点之间的相互认证,并且没有定义注册用户修改或更新密码的解决方案。为了解决Das方案的上述缺点,Khan等人提出了一个安全的改进方法。但在通过本文的分析得到除了以上的攻击外,在攻击者可以获取秘密信息并存储在智能卡中的假设下,Das的方案是在离线口令猜测攻击下是不安全的。这个假设对攻击Nyang和Lee的方案也是有效的。为了克服这个的安全缺陷,本文提出了一种改进方案,并将本文的方案与Das,Nyang和Lee的进行比较。
三方认证密钥交换协议:当第一个基于口令的双方认证密钥交换协议被提出后,大量的相应工作开始展开,随着技术的不断发展,从原来的双方交换改进为三方交换,增加了协议的安全属性。Yang等人使用椭圆曲线密码来增强Chen等人的3PAKE协议。在他们提出的协议中缩短了传输的消息并减少通信次数。但Tan通过对Yang等人的3PAKE协议的进一步安全分析,他发现,攻击者可以模拟会话发起者请求与其他缔约方通信,也可以模拟会话应答相应发起者建立连接。除此之外,还指出Yang等人的3PAKE协议受到平行攻击。为了克服这些漏洞,Tan在Yang等人的方案的基础上提出了一个增强的3PAKE协议。然而本文对这一协议进行了分析发现这一方案同样存在安全隐患,并提出了一个新的协议方案。提高原有协议的安全性。
无证书数字签名:解决了无线网络环境中实体间的认证后,为了确保数据的安全有效性,引入了数字签名方法。然而在无线传感器网络或MANET中公钥基础设施是不容易建立的。随着公钥密码体系的优化,基于身份签名方案部署在无线传感器网络或MANET中被认为是可行的。但是由于可信的第三方私钥产生中心(PKG)管理、产生和分发用户私钥,使得用户的私钥托管问题成为基于身份签名方案的固有的问题。但由于对运算的计算量是很大的并且很耗费时间,使用太多的配对操作的方案将会很难被应用于无线环境。Xu等人提出一个为移动无线物理信息融合系统无证书签名方案。在他们的方案中,仅在验证阶段需要一次配对运算,并在签名阶段不需要对运算。但不幸的是,Zhang等人分析Xu等人的无证书签名方案,并指出他们的方案并不像他们声明的那样安全。之后几个无配对运算的CLS方案被提出用于降低计算成本。但是本文介绍了一种新的基于无证书的签名方案,并证明其安全性,通过与已有方案比较可以看出这种新的签名方案是非常高效的。
In1999, the importance of securing MANETs including their special security needsand challenges were discussed for the first time. This groundbreaking paper triggeredan explosion of research in MANET security. Due to the large number of publishedpapers, we organize the security review in terms of utilized cryptographic primitivesrather than chronologically.
The limitations of symmetric key solutions caused by the key distribution problemin MANETs triggered the research on public key solutions. The first papers on publickey solutions focused on the implementation of an on-line CA that issues anddistributes public key certificates within the network in a self-organized manner. Laterthe power and tasks of a CA are distributed to several network nodes using a (k;n)-threshold scheme.
Due to their efficient key management and other desirable properties, IBC schemeshave been recently considered for securing MANETs. Those solutions both use aninternal key generation center (KGC). The KGC is emulated using a (k; n)-thresholdscheme, as has been previously proposed for internal CAs in PKIs.
In the ID-PKC based scheme, user’s public key is derived directly from certainaspects of his identity such as email address which is assumed to be publicly known.A private key is generated by a trusted third party named Private Key Generator(PKG). However, a new inherent problem is brought by this approach, namely the“key escrow” problem since the private key of user is known to the PKG. In order tosolve the key management problem in public key cryptography and “key escrow”problem in identity-based cryptography schemes, certificateless signature scheme isproposed.
Group key agreement protocol. Authenticated group key agreement protocolsenable a set of users communicating over an insecure, open network to establish ashared secret called session key and furthermore to be guaranteed that they are indeedsharing this session key with each other (i.e., with their intended partners). Thesession key may be subsequently used to achieve some cryptographic goals such asconfidentiality or data integrity. Authenticated GKA protocols allow two or more users to agree upon session key even in the presence of active adversaries. Theseprotocols are designed to deal with the problem to ensure users in the group settingthat no other principals aside from members of the group can learn any knowledgeabout the session key. Hence, authenticated GKA protocols can provide a naturalsecure mechanism for achieving secure multicasting communication in numerousgroup oriented scenarios such as video conferencing, secure replicated database,collaborative applications and distributed computations. In this paper, we point outthat Zhang et al.’s password-based group key agreement protocol is not authenticatedand easy to be forged or modified. And we give a method that the insider attacker canforce all group members.
Authentication Scheme. Since the sensor network may operate in a hostileenvironment such as a military battlefield, security is critical. Access control is anindispensable cryptographic primitive upon which other security primitives are built.A WSN should be smart enough to distinguish legitimate users from illegitimate users,resulting in the problem of user authentication. Benenson et al. first sketched thesecurity issues of user authentication in WSN and introduced the notion ofn-authentication. Later on, a large number of authentication schemes have beenproposed. Recently, Das proposed a two-factor user authentication scheme in WSNs.More recently, Nyang and Lee pointed out that the protocol of Das is vulnerable tooffline password guessing attack, sensor node compromising attack, and does notprotect query response messages by establishing a unique secure channel from sensornode to a user, which is an important way of serving a registered user in a secure andlegitimate way. Consequently, Nyang and Lee proposed their improved two-factorauthentication protocol for WSNs, which attempts to overcome their identifieddiscrepancies in the Das scheme. However, in2010, Khan et al. identify that theDas-scheme is still not secure and vulnerable to several critical security attacks. Inaddition to the problems identified by Nyang and Lee, Khan et al. show that theDas-scheme is defenseless against GW-node by-passing attack, does not providemutual authentication between GW-node and sensor nodes, has the security threat ofinsider attack, and does not have provision for changing or updating passwords ofregistered users. To fix the aforementioned weaknesses of the Das-scheme, theypropose security improvements in their paper. But in this paper, we show that theDas’s scheme is not secure against off-line password guessing attack under theassumption that the adversary can obtain the secret information stored in the smartcard. And this assumption is useful to attack the schemes of Nyang and Khan. To overcome the inherent security weakness, we propose an improvement scheme andcompare our scheme with the schemes of Das, Nyang and Khan.
Thire-party password-based authentication key exchange. Wireless network hasbrought convenience to people. However, the communication channel could beeavesdropped and the message transmitted could be modified. Impersonation attackscould be mounted in the open environment. Bellovin and Merritt developed atwo-party password-based authentication key exchange (2PAKE) protocol in whichparty authentication and key exchange techniques always are adopted. Two parties incommunication share a password, authenticate each other and obtain a commonephemeral session key. Since then, many2PAKE protocols are proposed. Because2PAKE protocols require each pair to share one password, in order to communicatewith many parties, each party has to remember a larger number of passwords. Muchresearch has been made to generalize2PAKE protocols to3PAKE protocols.3PAKEprotocols can be classified into two categories: with password and without password.Tan proposed an enhanced3PAKE protocol based on Yang et al.’s scheme. Theproposed protocol using Elliptic curve cryptography (ECC) inherits the advantages ofYang et al.’s scheme. He integrated the time stamp and the identities of the senderinto the hash function, the proposed protocol removes the security weaknesses ofYang et al.’s scheme. However Nose point that Tan’s3PAKE protocol is susceptibleto impersonation attack and man in the middle attack. In the paper, we analyzed Tan’sprotocol and found the man in the middle attack Nose claimed is based on theimpersonation attack. And we propose an enhanced3PAKE protocol between sensorsand a security manager in a sensor network against impersonation attack and man inthe middle attack.
Certificateless signature. Because of this, they have wide range applications likemilitary applications, environmental applications, health applications, homeapplications, and other commercial applications. WSNs are more vulnerable tovarious attacks due to their nature of wireless communication. However, since sensorsusually have very constrained resources in terms of computing, communication,memory and battery power, providing authenticity in WSN poses different challengesthan in traditional network/computer security. This requires lightweight andpower-saving cryptographic algorithms to support WSN security. Xu et al. Present acertificateless signature scheme for mobile wireless cyber-physical systems. In theirscheme, there is only required one pairing operation in the verification phase, andnone in the signing phase. But unfortunately, Zhang et al. analyzed Xu et al.’s certificateless signature scheme and point out their scheme not secure as they claimed.After that several CLS schemes withou pairing was proposed to reduce the costs ofcomputation. In this paper, we propose a new certificateless signature scheme thatdoes not depend on the bilinear pairings and hence, is more efficient than otherschemes. We also provide a security illustration for the scheme based on the DiscreteLogarithm (DL) Assumption.
由于在自组织网络中基于对称密钥的解决方案存在密钥分发的局限性,所以很多研究人员开始将研究方向转向公钥密钥即非对称码。第一个基于公钥密码的解决方案是采用在线CA的方式,为自组织网络中节点颁发公钥证书。随后又提出了通过(k,n)-门限方案将传统的CA的任务分发到网络节点中。
随着基于身份密码方法的提出,由于其高效的密钥管理和其他特性,使得基于身份密码方案应用在自组织网络中被认为是可行的。在这些方案中多数都应用了密钥生成中心,并且这些方案声称因为基于身份密码有效的密钥管理方案,他们的方案比基于PKI的自组织方案效率更高。尽管基于身份签名方案能够消除证书的使用,但是由于可信的第三方私钥产生中心管理、产生和分发用户私钥,使得用户私钥托管问题成为基于身份签名方案的固有问题。为了解决这一固有问题,无证书的公钥思想被提出,随后大量相关工作被展开。而且应用在自组织网络中的基于无证书的方案也被提出,并被认为比基于IBC的方案更安全。
本文中,经过对无线自组织网络的特性分析,提出了基于口令的组密钥协商协议、身份认证协议、三方密钥交换协议以及为了确保数据在公开网络传播过程中的完整性和不可抵赖性本文还引入了基于无证书的数字签名方法。
组密钥交换协议:组密钥认证协商协议使一组用户可以通过不安全的,开放的网络建立一个共享的秘密,它被称为会话密钥,进而确实保证他们与对方共享这个会话密钥。组密钥认证协商协议允许多个用户即使存在主动攻击也能协议共享一个安全的会话密钥。协议的目的是解决在没有其他的管理者的情况下组成员可以掌握足够的信息来生成会话密钥问题,并保证用户组中的设置。因此,组密钥认证协商协议可以提供一个安全机制来实现在多用户群体的情况下安全的多播通信,如视频会议,数据备份和分布式计算,协同应用。是在无线环境的一个典型的安全模型。并详细的介绍了组密钥交换协议的特性及演化过程,并对当前热门的方案进行安全性分析及改进。
身份认证协议:自从Benenson等人首先指出了在传感器网络中用户认证协议的安全问题,并引入了多方认证机制后,很多相关工作被发表,最近Das提出了基于双向用户认证方案的研究。但是Nyang和Lee指出Das的协议在离线口令猜测攻击下和传感器节点妥协的攻击下是脆弱的,并且不能通过建立一个从传感器节点到用户的安全通道来保护查询响应消息。因此,Nyang和Lee改进了Das的双认证协议,试图解决Das的安全漏洞。然而在2010年,Khan等指出Das的方案在几个关键的安全攻击下仍然是不安全和脆弱的。除了Nyang和Lee等说提出的问题,Khan还提到Das的方案中是无法防御网关节点旁路攻击,也不能提供网关节点和传感器节点之间的相互认证,并且没有定义注册用户修改或更新密码的解决方案。为了解决Das方案的上述缺点,Khan等人提出了一个安全的改进方法。但在通过本文的分析得到除了以上的攻击外,在攻击者可以获取秘密信息并存储在智能卡中的假设下,Das的方案是在离线口令猜测攻击下是不安全的。这个假设对攻击Nyang和Lee的方案也是有效的。为了克服这个的安全缺陷,本文提出了一种改进方案,并将本文的方案与Das,Nyang和Lee的进行比较。
三方认证密钥交换协议:当第一个基于口令的双方认证密钥交换协议被提出后,大量的相应工作开始展开,随着技术的不断发展,从原来的双方交换改进为三方交换,增加了协议的安全属性。Yang等人使用椭圆曲线密码来增强Chen等人的3PAKE协议。在他们提出的协议中缩短了传输的消息并减少通信次数。但Tan通过对Yang等人的3PAKE协议的进一步安全分析,他发现,攻击者可以模拟会话发起者请求与其他缔约方通信,也可以模拟会话应答相应发起者建立连接。除此之外,还指出Yang等人的3PAKE协议受到平行攻击。为了克服这些漏洞,Tan在Yang等人的方案的基础上提出了一个增强的3PAKE协议。然而本文对这一协议进行了分析发现这一方案同样存在安全隐患,并提出了一个新的协议方案。提高原有协议的安全性。
无证书数字签名:解决了无线网络环境中实体间的认证后,为了确保数据的安全有效性,引入了数字签名方法。然而在无线传感器网络或MANET中公钥基础设施是不容易建立的。随着公钥密码体系的优化,基于身份签名方案部署在无线传感器网络或MANET中被认为是可行的。但是由于可信的第三方私钥产生中心(PKG)管理、产生和分发用户私钥,使得用户的私钥托管问题成为基于身份签名方案的固有的问题。但由于对运算的计算量是很大的并且很耗费时间,使用太多的配对操作的方案将会很难被应用于无线环境。Xu等人提出一个为移动无线物理信息融合系统无证书签名方案。在他们的方案中,仅在验证阶段需要一次配对运算,并在签名阶段不需要对运算。但不幸的是,Zhang等人分析Xu等人的无证书签名方案,并指出他们的方案并不像他们声明的那样安全。之后几个无配对运算的CLS方案被提出用于降低计算成本。但是本文介绍了一种新的基于无证书的签名方案,并证明其安全性,通过与已有方案比较可以看出这种新的签名方案是非常高效的。
In1999, the importance of securing MANETs including their special security needsand challenges were discussed for the first time. This groundbreaking paper triggeredan explosion of research in MANET security. Due to the large number of publishedpapers, we organize the security review in terms of utilized cryptographic primitivesrather than chronologically.
The limitations of symmetric key solutions caused by the key distribution problemin MANETs triggered the research on public key solutions. The first papers on publickey solutions focused on the implementation of an on-line CA that issues anddistributes public key certificates within the network in a self-organized manner. Laterthe power and tasks of a CA are distributed to several network nodes using a (k;n)-threshold scheme.
Due to their efficient key management and other desirable properties, IBC schemeshave been recently considered for securing MANETs. Those solutions both use aninternal key generation center (KGC). The KGC is emulated using a (k; n)-thresholdscheme, as has been previously proposed for internal CAs in PKIs.
In the ID-PKC based scheme, user’s public key is derived directly from certainaspects of his identity such as email address which is assumed to be publicly known.A private key is generated by a trusted third party named Private Key Generator(PKG). However, a new inherent problem is brought by this approach, namely the“key escrow” problem since the private key of user is known to the PKG. In order tosolve the key management problem in public key cryptography and “key escrow”problem in identity-based cryptography schemes, certificateless signature scheme isproposed.
Group key agreement protocol. Authenticated group key agreement protocolsenable a set of users communicating over an insecure, open network to establish ashared secret called session key and furthermore to be guaranteed that they are indeedsharing this session key with each other (i.e., with their intended partners). Thesession key may be subsequently used to achieve some cryptographic goals such asconfidentiality or data integrity. Authenticated GKA protocols allow two or more users to agree upon session key even in the presence of active adversaries. Theseprotocols are designed to deal with the problem to ensure users in the group settingthat no other principals aside from members of the group can learn any knowledgeabout the session key. Hence, authenticated GKA protocols can provide a naturalsecure mechanism for achieving secure multicasting communication in numerousgroup oriented scenarios such as video conferencing, secure replicated database,collaborative applications and distributed computations. In this paper, we point outthat Zhang et al.’s password-based group key agreement protocol is not authenticatedand easy to be forged or modified. And we give a method that the insider attacker canforce all group members.
Authentication Scheme. Since the sensor network may operate in a hostileenvironment such as a military battlefield, security is critical. Access control is anindispensable cryptographic primitive upon which other security primitives are built.A WSN should be smart enough to distinguish legitimate users from illegitimate users,resulting in the problem of user authentication. Benenson et al. first sketched thesecurity issues of user authentication in WSN and introduced the notion ofn-authentication. Later on, a large number of authentication schemes have beenproposed. Recently, Das proposed a two-factor user authentication scheme in WSNs.More recently, Nyang and Lee pointed out that the protocol of Das is vulnerable tooffline password guessing attack, sensor node compromising attack, and does notprotect query response messages by establishing a unique secure channel from sensornode to a user, which is an important way of serving a registered user in a secure andlegitimate way. Consequently, Nyang and Lee proposed their improved two-factorauthentication protocol for WSNs, which attempts to overcome their identifieddiscrepancies in the Das scheme. However, in2010, Khan et al. identify that theDas-scheme is still not secure and vulnerable to several critical security attacks. Inaddition to the problems identified by Nyang and Lee, Khan et al. show that theDas-scheme is defenseless against GW-node by-passing attack, does not providemutual authentication between GW-node and sensor nodes, has the security threat ofinsider attack, and does not have provision for changing or updating passwords ofregistered users. To fix the aforementioned weaknesses of the Das-scheme, theypropose security improvements in their paper. But in this paper, we show that theDas’s scheme is not secure against off-line password guessing attack under theassumption that the adversary can obtain the secret information stored in the smartcard. And this assumption is useful to attack the schemes of Nyang and Khan. To overcome the inherent security weakness, we propose an improvement scheme andcompare our scheme with the schemes of Das, Nyang and Khan.
Thire-party password-based authentication key exchange. Wireless network hasbrought convenience to people. However, the communication channel could beeavesdropped and the message transmitted could be modified. Impersonation attackscould be mounted in the open environment. Bellovin and Merritt developed atwo-party password-based authentication key exchange (2PAKE) protocol in whichparty authentication and key exchange techniques always are adopted. Two parties incommunication share a password, authenticate each other and obtain a commonephemeral session key. Since then, many2PAKE protocols are proposed. Because2PAKE protocols require each pair to share one password, in order to communicatewith many parties, each party has to remember a larger number of passwords. Muchresearch has been made to generalize2PAKE protocols to3PAKE protocols.3PAKEprotocols can be classified into two categories: with password and without password.Tan proposed an enhanced3PAKE protocol based on Yang et al.’s scheme. Theproposed protocol using Elliptic curve cryptography (ECC) inherits the advantages ofYang et al.’s scheme. He integrated the time stamp and the identities of the senderinto the hash function, the proposed protocol removes the security weaknesses ofYang et al.’s scheme. However Nose point that Tan’s3PAKE protocol is susceptibleto impersonation attack and man in the middle attack. In the paper, we analyzed Tan’sprotocol and found the man in the middle attack Nose claimed is based on theimpersonation attack. And we propose an enhanced3PAKE protocol between sensorsand a security manager in a sensor network against impersonation attack and man inthe middle attack.
Certificateless signature. Because of this, they have wide range applications likemilitary applications, environmental applications, health applications, homeapplications, and other commercial applications. WSNs are more vulnerable tovarious attacks due to their nature of wireless communication. However, since sensorsusually have very constrained resources in terms of computing, communication,memory and battery power, providing authenticity in WSN poses different challengesthan in traditional network/computer security. This requires lightweight andpower-saving cryptographic algorithms to support WSN security. Xu et al. Present acertificateless signature scheme for mobile wireless cyber-physical systems. In theirscheme, there is only required one pairing operation in the verification phase, andnone in the signing phase. But unfortunately, Zhang et al. analyzed Xu et al.’s certificateless signature scheme and point out their scheme not secure as they claimed.After that several CLS schemes withou pairing was proposed to reduce the costs ofcomputation. In this paper, we propose a new certificateless signature scheme thatdoes not depend on the bilinear pairings and hence, is more efficient than otherschemes. We also provide a security illustration for the scheme based on the DiscreteLogarithm (DL) Assumption.
引文
[1] IEEE Standard802.11-1999, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part11: Wireless LAN Medium Access Control and Physical Layer specifications[P].1999.
[2] IEEE Standard802.16-2004, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part16: Air Interface for Fixed Broadband Wireless Access Systems[P].2004.
[3] Zhou L, Haas Z J. Securing Ad Hoc Networks[J]. IEEE Network Journal,1999,13(6):24-30.
[4] Stajano F. The Resurrecting Duckling-What Next?[C]. Proceedings of the8thInternational Workshop on Security Protocols, LNCS2133, Springer Verlag,2000:204-214.
[5] Hubaux J P, Buttyan L, Capkun S. The Quest for Security in Mobile Ad HocNetworks[C]. ACM Symposium on Mobile Networking andComputing-MobiHOC2001,2001.
[6] Stajano F, Anderson R. The Resurrecting Duckling: Security Issues for Ad-HocWireless Networks[C]. In Proceedings of the7th International Workshop onSecurity Protocols, LNCS1796, Springer Verlag,1999:172-194.
[7] Bluetoothr SIG, Specification of the Bluetooth System[CP/OL]. Version1.1;February22,2001. Available at https://www.bluetooth.com.
[8] Balfanz D, Smetters D K, Stewart P, Chi W H. Talking to Strangers:Authentication in Ad-Hoc Wireless Networks[C]. Proceedings of Network andDistributed System Security Symposium2002(NDSS '02),2002.
[9] Salako A O. Authentication in Ad hoc Networking[C]. In Proceedings of LondonCommunications Symposium2002,2002.
[10] Hoeper K, Gong G. Models of Authentication in Ad Hoc Networks and TheirRelated Network Properties[C]. Technical Report CACR2004-03, Centre forApplied Cryptographic Research, Waterloo, Canada,2004.
[11] FIPS180-3, US Federal Information Processing Standard, Secure Hash Standard,February2004.
[12] FIPS198, US Federal Information Processing Standard, The Keyed-HashMessage Authentication Code (HMAC)[P]. March2002.
[13] Menezes A J, Orschot P C, Vanstone S A. Handbook of AppliedCryptography[M].1997by CRC press LLC.
[14] Boyd C, Mathuria A. Protocols for Authentication and Key Establishment[M].Springer Verlag,2003.
[15] Hu Y C, Johnson D B, Perrig A. SEAD: Secure Efficient Distance VectorRouting in Mobile Wireless Ad-Hoc Networks[C]. IEEE Workshop on MobileComputing Systems and Applications (WMCSA '02),2002:3-13.
[16] Hu Y C, Perrig A, Johnson D B. Ariadne: a Secure On-Demand Routing Protocolfor Ad Hoc Networks[C]. MobiCom '02: Proceedings of the8th annualinternational conference on Mobile computing and networking,2002:12-23.
[17] Papadimitratos P, Haas Z. Secure Routing for Mobile Ad Hoc Networks[C].Proceedings of SCS Communication Networks and Distributed SystemsModeling and Simulation Conference (CNDS2002),2002.
[18] Kahn R E, Gronemeyer S A, Burchfiel J, Kunzelman RC. Advances in PacketRadio Technology[J]. Proceedings of the IEEE,1978,66(11):1468-1496.
[19] Fifer W, Bruno F. The Low-Cost Packet Radio[J]. Proceedings of the IEEE,1987,75(1):33-42.
[20] Bennett F, Clarke D, Evans J B, Hopper A, Jones A, Leask D. Piconet: EmbeddedMobile Networking[J]. IEEE Pers. Commun.,1997,4(5):8-15.
[21] Official Homepage of the SmartDust project[M/OL], http://robotics.eecs.berkeley.edu/~pister/SmartDust/.
[22] Neumann B C, Ts'o T. Kerberos: An Authentication Service for ComputerNetworks[J]. IEEE Commun. Mag.,1994,32(9):33-38.
[23] T. Clancy and H. Tschofenig. EAP Generalized Pre-Shared Key (EAP-GPSK)[C].Internet Draft, Work in Progress, March2007.
[24] Eschenauer L, Gligor V D. A Key-Management Scheme for Distributed SensorNetworks[C].9th ACM conference on Computer and Communications Security,ACM Press,2002:41-47,.
[25] Liu D, Ning P. Location-Based Pairwise Key Establishments for Static SensorNetworks[C].1st ACM Workshop Security of Ad Hoc and Sensor Networks(SASN)'03, ACM Press,2003:72-82.
[26] Asokan N, Ginzboorg P. Key Agreement in Ad Hoc Networks[J]. ComputerCommunications,2000,23(17):1627-1637.
[27] Lamport L. Password Authentication with Insecure Communication,Communication of the ACM,1981,24(11):770-772.
[28] Weimerskirch A, Westhoff D. Zero Common-Knowledge Authentication forPervasive Networks[C]. Tenth Annual International Workshop on Selected Areasin Cryptography (SAC2003),2003.
[29] Weimerskirch A, Westhoff D. Identity Certified Authentication for Ad-hocNetworks[C]. Proceedings of the1st ACM workshop on Security of ad hoc andsensor networks (SASN),2003, ACM Press, ISBN:1-58113-783-4, pp.33-40,2003.
[30] IEEE Standard802.15.1-2005, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part15.1: Wireless medium access control (MAC) and physical layer (PHY)specifications for wireless personal area networks (WPANs)[P].2005.
[31] IEEE Standard802.15.4-2003, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part15.4: Wireless medium access control (MAC) and physical layer (PHY)specifications for low-rate wireless personal area networks (LR-WPANs)[P].2003.
[32] IEEE Standard802.11i, Institute of Electrical and Electronics Engineers,Supplement to Standard for Telecommunications and Information ExchangeBetween Systems-LAN/MAN Specific Requirements-part11: Wireless LANMedium Access Control (MAC) and Physical Layer (PHY) Specifica-tions:Specification for Enhanced Security[P]. July2004.
[33] IEEE Standard802.16e, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-Air Interface for Fixed andMobile Broadband Wireless Access Systems[P]. Amendment2: Physical andMedium Access Control Layers for Combined Fixed and Mobile Operation inLicensed Bands, Corrigendum1, February2006.
[34] Luo H, Zerfos P, Kong J, Lu S, Zhang L. Self-Securing Ad Hoc WirelessNetworks[C]. Seventh IEEE Symposium on Computers and Communications(ISCC '02),2002.
[35] Deng H, Mukherjee A, Agrawal D P. Threshold and Identity-based KeyManagement and Authentication for Wireless Ad Hoc Networks[C].International Conference on Information Technology: Coding and Computing(ITCC'04),2004,1:107-115.
[36] Khalili A, Katz J, Arbaugh W. Toward Secure Key Distribution in Truly Ad-HocNetworks[C].2003Symposium on Applications and the Internet Workshops(SAINT2003), IEEE Computer Society,2003:342-346.
[37] Zhang Y, Liu W, W. Lou, Fang Y. Securing Mobile Ad Hoc Networks withCertificateless Public Keys[J]. IEEE Trans. Dependable Secur. Comput.,2006,3(4):386-399,.
[38] Crepeau C, Davis C R. A Certificate Revocation Scheme for Wireless Ad HocNetworks[C]. Proceedings of ACM Workshop on Security of Ad Hoc and SensorNetworks (SASN '03), ACM Press,2003:54-61.
[39] Chen X Q, Makki K, Yen K, Pissinou N. Sensor Network Security: A Survey[J].IEEE Communications Surveys&Tutorials,2009,11(2):52-73.
[40] Lopez J, Zhou J. Wireless sensor network security[C]. Cryptology andInformation Security Series. IOS Press, Amsterdam,2008.
[41] Zhang J Q, Varadharajan V. Wireless sensor network key management surveyand taxonomy[J]. Journal of Network and Computer Applications,2010,33:63–75.
[42] Karlof C, Sastry N, Wagner D. Tinysec: A link layer security architecture forwireless sensor networks[C]. In: Proc. ACM SenSys’04, ACM, Baltimore,2004:162–175.
[43] Baek J, Tan H, Zhou J, Wong J. Realizing stateful public key encryption inwireless sensor network[C]. In: Proc. IFIP-SEC’08, Springer, Boston,200:95–108.
[44] Gura N, Patel A, Wander A H, Hberle S, Chang Shantz. Comparing elliptic curvecryptography and RSA on8-bit CPUs[C]. In: Proc. Wksp. CryptographicHardware and Embedded Systems(CHES '04), Aug,2004.
[45] WANDER A S, GURA N, EBERLE H. Energy analysis of public-keycryptography for wireless sensor networks[C]. In: Proc.3rd IEEE Int'l. Conf.Pervasive Computing and Commun(PerCom’05), Kauw Island,HI,USA, Mar,2005:324-328.
[46] Krishnamachari B, Estrin D, Wicker S. Impact of data aggregation in wirelesssensor network[C]. In: Proc22nd Int'l Conf on Distributed Computing System,Vienna, Austria, July,2002:575-578.
[47] Shamir A. Identity-Based Cryptosystems and Signature Schemes[J]. LectureNotes in Computer Science,1984,196:47-53.
[48] Al-Riyami S, Paterson K G. Certificateless Public Key Cryptography[J]. LectureNotes in Computer Science,2003,2894:452-473.
[49] Gentry C. Certificate-Based Encryption and the Certificate-RevocationProblem[J]. Lecture Notes in Computer Science,2003,2656:272-291.
[50] Yum D, Lee. Generic Construction of Certificateless Encryption[J]. LectureNotes in Computer Science,2004,3043:802-811.
[51] Yum D, Lee. Identity-based cryptography in public key management[J]. LectureNotes in Computer Science,2004,3093:71-84.
[52] Libert B, Quisquater. On constructing certificateless cryptosystems from identitybased encryption[J]. Lecture Notes in Computer Science,2006,3958:474-490.
[53] Galindo D, Morillo P, Carla R. Breaking Yum and Lee Generic Constructions ofCertificate-Less and Certificate-Based Encryption Schemes[J]. Lecture Notes inComputer Science,2006,4043:81-91.
[54] Huang X, Susilo W, Mu Y, Zhang F. On the security of certificateless signatureschemes from Asiacrypt2003[J]. Lecture Notes in Computer Science,2005,3810:13-25.
[55] Liu J, Au M. Self-Generated-Certificate Public Key Cryptography andCertificateless Signature/Encryption Scheme in the Standard Model[C]. Proc.ASIACCS2007,2007:273-283.
[56] Hwang Y H, Liu J K, Sherman S, Chow M. Certificateless Public Key EncryptionSecure against Malicious KGC Attacks in the Standard Model[J], Journal ofUniversal Computer Science,2008,14(3):156-161.
[57] Diffie W, Hellman M E. New directions in cryptography[J]. IEEE Transaction onInformation Theory,1976,22(6):644–654.
[58] Burmester M, Desmedt Y. A secure and efficient conference key distributionsystem[C]. Proc. Eurocrypt'94, Lecture Notes in Computer Science, Berlin,1994:275–286.
[59] Burmester M, Desmedt Y. A secure and scalable group key exchange system[J].Information Processing Letters,2005,94(3):137–143.
[60] Horng G. An efficient and secure protocol for multi-party key establishment[J].The Computer Journal,2001,44(5):464–470.
[61] Tseng Y M. A robust multi-party key agreement protocol resistant to maliciousparticipants[J]. The Computer Journal,2005,48(4):480–486.
[62] Katz J, Yung M. Scalable protocols for authenticated group key exchange[C].Proc. Crypto'03, Lecture Notes in Computer Science, Berlin,2003:110–125.
[63] Bellare M, Pointcheval D, Rogaway P. Authenticated key agreement secureagainst dictionary attacks[C]. Proc. EUROCRYT'00, Lecture Notes in ComputerScience, Berlin,2000:139–155.
[64] Asokan N, Ginzboorg P. Key agreement in ad-hoc networks[J]. Journal ofComputer Communications,2000,23(17):1627–1637.
[65] Bresson E, Chevassut O, Pointcheval D. Group Diffie-Hellman key exchangesecure against dictionary attack[C]. Proc. ASIACRYPT'02, Lecture Notes inComputer Science, Berlin,2002:497–514.
[66] Dutta R, Barua R. Password-based encrypted group key agreement[J].International Journal of Network Security,2006,3(1):30–41.
[67] Abdalla M, Bresson E, Chevassut O, Pointcheval D. Password-based group keyexchange in a constant number of rounds[C]. Proc. PKC'06, Lecture Notes inComputer Science, Berlin,2006:427–442.
[68] Lee S, Hwang J Y, Lee D H. Efficient password-based group key exchange[C].Proc. TrustBus'04, Lecture Notes in Computer Science, Berlin,2004:191–199.
[69] Abdalla M, Fouque P A, Pointcheval D. Password-based authenticated keyexchange in the three-party setting[C]. Proc. PKC'05, Lecture Notes in ComputerScience, Berlin,2005:65–84.
[70] Bresson E, Chevassut O, Pointcheval D, Quisquater J. Provably authenticatedgroup Diffie-Hellman key exchange[C]. Proc. CCS'01, Philadelphia,2001:255–264.
[71] Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution extended togroup communication[C]. Proc. CCS'96, New Dehli,1996:31–37.
[72] Byun J W, Lee D H, Lim J I. EC2C-PAKA: an efficient client-to-client passwordauthenticated key agreement[J]. Information Sciences,2007,177(19):3995–4013.
[73] Zheng M H, Zhou H H, Li J, Cui G H. Efficient and provably securepassword-based group key agreement protocol[J]. Computer Standards&Interfaces,2009,31(5):948-953.
[74] Benenson Z, Felix C G, Dogan K. User Authentication in Sensor Networks[C]. InProceedings of Workshop Sensor Networks, Ulm, Germany,2004:385-389.
[75] Yang J, Chang C. An ID-based remote mutual authentication with key agreementprotocol for mobile devices on elliptic curve cryptosystem[J]. Computers andSecurity,2009,28:138–143.
[76] Yoon E, Yoo K. Robust ID-based remote mutual authentication with keyagreement protocol for mobile devices on ECC[C]. In Proc.:2009InternationalConference on Computational Science and Engineering, Vancouver, Canada,2009:633–640.
[77] Wu C C, Lee W B, Tsaur W J. A secure authentication scheme with anonymityfor wireless communications[J]. IEEE Communication Letter,2008,12(10):722–723.
[78] Wang Y V, Liu J Y, Xiao F X, Dan J. A more efficient and secure dynamicID-based remote user authentication scheme[J]. Computer Communications,2009,32(4):583–585.
[79] Zeng P, Cao Z, Choo K K R, Wang S. On the anonymity of some authenticationschemes for wireless communications[J]. IEEE Communication Letter,2009,13(3):170–171.
[80] Tsai J L. Efficient multi-server authentication scheme based on one-way hashfunction without verification table[J]. Computers&Security,2008,27(3):115–121.
[81] Kumar M. A new secure remote user authentication scheme with smart cards[J].International Journal of Network Security,2010,11(2):88–93.
[82] Wong K H M, Yuan Z, Jiannong C, Shengwei W. A dynamic user authenticationscheme for wireless sensor networks[C]. In Proceedings of Sensor Networks,Ubiquitous, and Trustworthy Computing, Taichung, Taiwan,2006:244-251.
[83] Tseng H R, Jan R H, Yang W. An Improved Dynamic User AuthenticationScheme for Wireless Sensor Networks[C]. In Proceedings of IEEE Globecom,Washington,D.C., USA,2007:986-990.
[84] Tsern H L. Simple Dynamic User Authentication Protocols for Wireless SensorNetworks[C]. In Proceedings of2nd International Conference on SensorTechnologies and Applications, Cap Esterel, France,2008:657-660.
[85] Das M L. Two-Factor User Authentication in Wireless Sensor Networks[J]. IEEETrans. Wireless Comm,2009,8:1086-1090.
[86] Nyang D H, Lee M K. Improvement of Das’s Two-Factor AuthenticationProtocol in Wireless Sensor Networks[C]. Cryptology ePrint Archive,2009.
[87] Khan M K, Alghathbar K. Cryptanalysis and security improvement of two-factoruser authentication in wireless sensor networks[J]. Sensors,2010,10:2450-2459.
[88] Kocher P, Jaffe J, Jun B. Differential power analysis[C]. Proc. Advances inCryptology,1999:388-397.
[89] Messerges T S, Dabbish E A, Sloan R H. Examining smart-card security underthe threat of power analysis attacks[J]. IEEE Transactions on Computers,2002,51(5):541-552.
[90] Zhu R, Qin Y, Wang J. Energy-aware distributed intelligent date gatheringalgorithm in wireless sensor networks[J]. International Journal of DistributedSensor Networks,2011:1-13.
[91] Zhu R. Efficient fault-tolerant event query algorithm in distributed wirelesssensor networks[J]. International Journal of Distributed Sensor Networks,2010:1-7.
[92] Zhu R. Intelligent Collaborative Event Query Algorithm in Wireless SensorNetworks[J]. International Journal of Distributed Sensor Networks,2012:1-11.
[93] Bellovin S, Merritt M. Encrypted key exchange: passwords based protocolssecure against dictionary attacks[J]. Proceedings of the IEEE Symposium onSecurity and Privacy,1992,92:72-84.
[94] Bellare M, Rogaway P. Entity authentication and key distribution[C]. Advancesin Cryptology-Crypto’93, LNCS,1993,773:232-249.
[95] Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secureagainst dictionary attacks[C]. Advances in Cryptology-Eurocrypt’00, LNCS,2000,1807:139-155.
[96] Bellare M, Rogaway P. Provably secure session key distribution: the three partycase[C]. Proceedings of the ACM Symposium on the Theory of Computing(STOC’95),1995:57-66.
[97] Ding Y, Horster P. Undetectable on-line password guessing attacks[J]. ACMOper. Syst. Rev.,1995,29:77-86.
[98] Guo H, Li Z, Mu Y, Zhang X. Cryptanalysis of simple three-party key exchangeprotocol[J]. Computers&Security,2008,27(1-2):16-21.
[99] Chen H B, Chen T H, Lee W B, Chang C C. Security enhancement for athree-party encrypted key exchange protocol against undetectable on-linepassword guessing attacks[J]. Computer Standards&Interfaces,2008,30:95-99.
[100] Lin C L, Sun H M, Hwang T. Three party-encrypted key exchange: attacks and asolution[J]. ACM Oper. Syst. Rev.2000,34:12-20.
[101] Sun H M, Chen B C, Hwang T. Secure key agreement protocols for three-partyagainst guessing attacks[J]. J. Syst. Softw.,2005,75:63-68.
[102] Chung H R, Ku W C. Three weaknesses in a simple three-party key exchangeprotocol[J]. Inf. Sci.,2008,178:220-229.
[103] Lu R, Cao Z. Simple three-party key exchange protocol[J]. Comput. Secur.,2007,26:94-97.
[104] Nam J, Kim S, Won D. Attack on the Sun.Chen.Hwang’s three-party keyagreement protocols using passwords[J]. IEICE Trans. Fundam. Electron.Commun.,2006, E89-A:209-212.
[105] Chien H Y, Wu T C. Provably secure password-based three-party key exchangeWith Optimal Message Steps[J]. The Computer Journal,2008:1-10.
[106] Lin C L, Sun H M, Steiner M, Hwang T. Three-party encrypted key exchangewithout server public-keys[J]. IEEE Communication Letter,2001,5(12):497-499.
[107] Chen Y J, Lee W B, Chen H B. A round and computation efficient three partyauthentication key exchange protocol[J]. Journal of Systems and Software,2008,81:1581-1590.
[108] Yang J H, Chang C C. An efficient three-party authenticated key exchangeprotocol using elliptic curve cryptography for mobile-commerce environments[J].Journal of Systems and Software,2008,82:1497–1502.
[109] Schnorr C P. Efficient identification and signature for smart cards[C]. in:Proceedings of CRYPTO’89, LNCS, Springer-Verlag,1989:239-252.
[110] Holbl M, Welzer T, Brumen B. Two proposed identity-based three-partyauthenticated key agreement protocols from pairings[J]. Computers&Security2010,29:244-252.
[111] Wu S, Pu Q. Weakness and improvement of three-party authenticated keyexchange protocol using elliptic curve cryptography[J/OL]. Available:http://eprint.iacr.org/2009/534.pdf.
[112] Chen Z. Security analysis on Nalla-Reddy’s ID-based tripartiteauthenticated keyagreement protocols[C]. Cryptology Eprint Archive,2003.
[113] Holbl M, Welzer T, Brumen B. Comparative study of tripartite identity-basedauthenticated key agreement protocols[J], Informatica33.2009,33(3):347-355.
[114] Zuowen Tan. An enhanced three-party authentication key exchange protocol formobile commerce environments[J]. J. Commun.2010,5(5):436-443.
[115] Peter N. Security weaknesses of authenticated key agreement protocols[J].Information Processing Letters,2011,111:687–696.
[116] Yang G, Tan C. Strongly secure certificateless key exchange without pairing[C].in:6th ACM Symposium on Information, Computer and CommunicationsSecurity,2011:71–79.
[117] Zhang Z, Wong D S, Xu J, Feng D. Certificateless Public-Key Signature:Security Model and Efficient Construction[C]. In Applied Cryptography andNetwork Security,4th International Conference, ACNS2006, Singapore, June6-9,2006, Proceedings, Lecture Notes in Computer Science,2006:293–308.
[118] Yap W S, Heng S H, Goi B M. An efficient certificateless signature scheme[C].In EUC Workshops, Lecture Notes in Computer Science,2006:322–331.
[119] Roma R, Alcaraz C. Applicability of public key infrastructures in wireless sensornetworks[C]. In: Proc. EuroPKI’07, Lecture Notes in Computer Science,Springer, Berlin,2007:313–320.
[120] Watro R, Kong D, Cuti S, Gardiner C, Lynn C, Kruus P. Tinypk: Securing sensornetworks with public key technology[C]. In: Proc.2nd ACM workshop onSecurity of ad hoc and sensor networks, ACM, Washington. DC,2004:59–64.
[121] Liu J K, Baek J, Zhou J Y, Yang Y J, Wong J W. Efficient online/offlineidentity-based signature for wireless sensor network[J]. Int. J. Inf. Secur,2010,9:287–296.
[122] Xu Z, Liu X, Zhang G Q, He W B. McCLS: Certificateless Signature Scheme forEmergency Mobile Wireless Cyber-Physical Systems[J]. Int. J. of Computers,Communications&Control,2008,3(4):395-411.
[123] Zhang F, Li S, Miao S, Mu Y, Susilo W, Huang X. Cryptanalysis on TwoCertificateless Signature Schemes[J]. Int. J. of Computers, Communications&Control,2010,5(4):586-591.
[124] Ge A J, Chen S Z, Huang X Y. A Concrete Certificateless Signature Schemewithout Pairings[c]. In: Wang L, et al., eds. Proc. of the2009Int’l Conf. onMultimedia Information Networking and Security, IEEE Computer Society,2009:374377.
[125] Harn L, Ren J, Lin C L. Design of DL-based Certificateless Digital Signatures[J].The Journal of Systems and Software,2009,82:789–793.
[2] IEEE Standard802.16-2004, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part16: Air Interface for Fixed Broadband Wireless Access Systems[P].2004.
[3] Zhou L, Haas Z J. Securing Ad Hoc Networks[J]. IEEE Network Journal,1999,13(6):24-30.
[4] Stajano F. The Resurrecting Duckling-What Next?[C]. Proceedings of the8thInternational Workshop on Security Protocols, LNCS2133, Springer Verlag,2000:204-214.
[5] Hubaux J P, Buttyan L, Capkun S. The Quest for Security in Mobile Ad HocNetworks[C]. ACM Symposium on Mobile Networking andComputing-MobiHOC2001,2001.
[6] Stajano F, Anderson R. The Resurrecting Duckling: Security Issues for Ad-HocWireless Networks[C]. In Proceedings of the7th International Workshop onSecurity Protocols, LNCS1796, Springer Verlag,1999:172-194.
[7] Bluetoothr SIG, Specification of the Bluetooth System[CP/OL]. Version1.1;February22,2001. Available at https://www.bluetooth.com.
[8] Balfanz D, Smetters D K, Stewart P, Chi W H. Talking to Strangers:Authentication in Ad-Hoc Wireless Networks[C]. Proceedings of Network andDistributed System Security Symposium2002(NDSS '02),2002.
[9] Salako A O. Authentication in Ad hoc Networking[C]. In Proceedings of LondonCommunications Symposium2002,2002.
[10] Hoeper K, Gong G. Models of Authentication in Ad Hoc Networks and TheirRelated Network Properties[C]. Technical Report CACR2004-03, Centre forApplied Cryptographic Research, Waterloo, Canada,2004.
[11] FIPS180-3, US Federal Information Processing Standard, Secure Hash Standard,February2004.
[12] FIPS198, US Federal Information Processing Standard, The Keyed-HashMessage Authentication Code (HMAC)[P]. March2002.
[13] Menezes A J, Orschot P C, Vanstone S A. Handbook of AppliedCryptography[M].1997by CRC press LLC.
[14] Boyd C, Mathuria A. Protocols for Authentication and Key Establishment[M].Springer Verlag,2003.
[15] Hu Y C, Johnson D B, Perrig A. SEAD: Secure Efficient Distance VectorRouting in Mobile Wireless Ad-Hoc Networks[C]. IEEE Workshop on MobileComputing Systems and Applications (WMCSA '02),2002:3-13.
[16] Hu Y C, Perrig A, Johnson D B. Ariadne: a Secure On-Demand Routing Protocolfor Ad Hoc Networks[C]. MobiCom '02: Proceedings of the8th annualinternational conference on Mobile computing and networking,2002:12-23.
[17] Papadimitratos P, Haas Z. Secure Routing for Mobile Ad Hoc Networks[C].Proceedings of SCS Communication Networks and Distributed SystemsModeling and Simulation Conference (CNDS2002),2002.
[18] Kahn R E, Gronemeyer S A, Burchfiel J, Kunzelman RC. Advances in PacketRadio Technology[J]. Proceedings of the IEEE,1978,66(11):1468-1496.
[19] Fifer W, Bruno F. The Low-Cost Packet Radio[J]. Proceedings of the IEEE,1987,75(1):33-42.
[20] Bennett F, Clarke D, Evans J B, Hopper A, Jones A, Leask D. Piconet: EmbeddedMobile Networking[J]. IEEE Pers. Commun.,1997,4(5):8-15.
[21] Official Homepage of the SmartDust project[M/OL], http://robotics.eecs.berkeley.edu/~pister/SmartDust/.
[22] Neumann B C, Ts'o T. Kerberos: An Authentication Service for ComputerNetworks[J]. IEEE Commun. Mag.,1994,32(9):33-38.
[23] T. Clancy and H. Tschofenig. EAP Generalized Pre-Shared Key (EAP-GPSK)[C].Internet Draft, Work in Progress, March2007.
[24] Eschenauer L, Gligor V D. A Key-Management Scheme for Distributed SensorNetworks[C].9th ACM conference on Computer and Communications Security,ACM Press,2002:41-47,.
[25] Liu D, Ning P. Location-Based Pairwise Key Establishments for Static SensorNetworks[C].1st ACM Workshop Security of Ad Hoc and Sensor Networks(SASN)'03, ACM Press,2003:72-82.
[26] Asokan N, Ginzboorg P. Key Agreement in Ad Hoc Networks[J]. ComputerCommunications,2000,23(17):1627-1637.
[27] Lamport L. Password Authentication with Insecure Communication,Communication of the ACM,1981,24(11):770-772.
[28] Weimerskirch A, Westhoff D. Zero Common-Knowledge Authentication forPervasive Networks[C]. Tenth Annual International Workshop on Selected Areasin Cryptography (SAC2003),2003.
[29] Weimerskirch A, Westhoff D. Identity Certified Authentication for Ad-hocNetworks[C]. Proceedings of the1st ACM workshop on Security of ad hoc andsensor networks (SASN),2003, ACM Press, ISBN:1-58113-783-4, pp.33-40,2003.
[30] IEEE Standard802.15.1-2005, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part15.1: Wireless medium access control (MAC) and physical layer (PHY)specifications for wireless personal area networks (WPANs)[P].2005.
[31] IEEE Standard802.15.4-2003, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-specific requirements-part15.4: Wireless medium access control (MAC) and physical layer (PHY)specifications for low-rate wireless personal area networks (LR-WPANs)[P].2003.
[32] IEEE Standard802.11i, Institute of Electrical and Electronics Engineers,Supplement to Standard for Telecommunications and Information ExchangeBetween Systems-LAN/MAN Specific Requirements-part11: Wireless LANMedium Access Control (MAC) and Physical Layer (PHY) Specifica-tions:Specification for Enhanced Security[P]. July2004.
[33] IEEE Standard802.16e, Institute of Electrical and Electronics Engineers,Standard for Local and metropolitan area networks-Air Interface for Fixed andMobile Broadband Wireless Access Systems[P]. Amendment2: Physical andMedium Access Control Layers for Combined Fixed and Mobile Operation inLicensed Bands, Corrigendum1, February2006.
[34] Luo H, Zerfos P, Kong J, Lu S, Zhang L. Self-Securing Ad Hoc WirelessNetworks[C]. Seventh IEEE Symposium on Computers and Communications(ISCC '02),2002.
[35] Deng H, Mukherjee A, Agrawal D P. Threshold and Identity-based KeyManagement and Authentication for Wireless Ad Hoc Networks[C].International Conference on Information Technology: Coding and Computing(ITCC'04),2004,1:107-115.
[36] Khalili A, Katz J, Arbaugh W. Toward Secure Key Distribution in Truly Ad-HocNetworks[C].2003Symposium on Applications and the Internet Workshops(SAINT2003), IEEE Computer Society,2003:342-346.
[37] Zhang Y, Liu W, W. Lou, Fang Y. Securing Mobile Ad Hoc Networks withCertificateless Public Keys[J]. IEEE Trans. Dependable Secur. Comput.,2006,3(4):386-399,.
[38] Crepeau C, Davis C R. A Certificate Revocation Scheme for Wireless Ad HocNetworks[C]. Proceedings of ACM Workshop on Security of Ad Hoc and SensorNetworks (SASN '03), ACM Press,2003:54-61.
[39] Chen X Q, Makki K, Yen K, Pissinou N. Sensor Network Security: A Survey[J].IEEE Communications Surveys&Tutorials,2009,11(2):52-73.
[40] Lopez J, Zhou J. Wireless sensor network security[C]. Cryptology andInformation Security Series. IOS Press, Amsterdam,2008.
[41] Zhang J Q, Varadharajan V. Wireless sensor network key management surveyand taxonomy[J]. Journal of Network and Computer Applications,2010,33:63–75.
[42] Karlof C, Sastry N, Wagner D. Tinysec: A link layer security architecture forwireless sensor networks[C]. In: Proc. ACM SenSys’04, ACM, Baltimore,2004:162–175.
[43] Baek J, Tan H, Zhou J, Wong J. Realizing stateful public key encryption inwireless sensor network[C]. In: Proc. IFIP-SEC’08, Springer, Boston,200:95–108.
[44] Gura N, Patel A, Wander A H, Hberle S, Chang Shantz. Comparing elliptic curvecryptography and RSA on8-bit CPUs[C]. In: Proc. Wksp. CryptographicHardware and Embedded Systems(CHES '04), Aug,2004.
[45] WANDER A S, GURA N, EBERLE H. Energy analysis of public-keycryptography for wireless sensor networks[C]. In: Proc.3rd IEEE Int'l. Conf.Pervasive Computing and Commun(PerCom’05), Kauw Island,HI,USA, Mar,2005:324-328.
[46] Krishnamachari B, Estrin D, Wicker S. Impact of data aggregation in wirelesssensor network[C]. In: Proc22nd Int'l Conf on Distributed Computing System,Vienna, Austria, July,2002:575-578.
[47] Shamir A. Identity-Based Cryptosystems and Signature Schemes[J]. LectureNotes in Computer Science,1984,196:47-53.
[48] Al-Riyami S, Paterson K G. Certificateless Public Key Cryptography[J]. LectureNotes in Computer Science,2003,2894:452-473.
[49] Gentry C. Certificate-Based Encryption and the Certificate-RevocationProblem[J]. Lecture Notes in Computer Science,2003,2656:272-291.
[50] Yum D, Lee. Generic Construction of Certificateless Encryption[J]. LectureNotes in Computer Science,2004,3043:802-811.
[51] Yum D, Lee. Identity-based cryptography in public key management[J]. LectureNotes in Computer Science,2004,3093:71-84.
[52] Libert B, Quisquater. On constructing certificateless cryptosystems from identitybased encryption[J]. Lecture Notes in Computer Science,2006,3958:474-490.
[53] Galindo D, Morillo P, Carla R. Breaking Yum and Lee Generic Constructions ofCertificate-Less and Certificate-Based Encryption Schemes[J]. Lecture Notes inComputer Science,2006,4043:81-91.
[54] Huang X, Susilo W, Mu Y, Zhang F. On the security of certificateless signatureschemes from Asiacrypt2003[J]. Lecture Notes in Computer Science,2005,3810:13-25.
[55] Liu J, Au M. Self-Generated-Certificate Public Key Cryptography andCertificateless Signature/Encryption Scheme in the Standard Model[C]. Proc.ASIACCS2007,2007:273-283.
[56] Hwang Y H, Liu J K, Sherman S, Chow M. Certificateless Public Key EncryptionSecure against Malicious KGC Attacks in the Standard Model[J], Journal ofUniversal Computer Science,2008,14(3):156-161.
[57] Diffie W, Hellman M E. New directions in cryptography[J]. IEEE Transaction onInformation Theory,1976,22(6):644–654.
[58] Burmester M, Desmedt Y. A secure and efficient conference key distributionsystem[C]. Proc. Eurocrypt'94, Lecture Notes in Computer Science, Berlin,1994:275–286.
[59] Burmester M, Desmedt Y. A secure and scalable group key exchange system[J].Information Processing Letters,2005,94(3):137–143.
[60] Horng G. An efficient and secure protocol for multi-party key establishment[J].The Computer Journal,2001,44(5):464–470.
[61] Tseng Y M. A robust multi-party key agreement protocol resistant to maliciousparticipants[J]. The Computer Journal,2005,48(4):480–486.
[62] Katz J, Yung M. Scalable protocols for authenticated group key exchange[C].Proc. Crypto'03, Lecture Notes in Computer Science, Berlin,2003:110–125.
[63] Bellare M, Pointcheval D, Rogaway P. Authenticated key agreement secureagainst dictionary attacks[C]. Proc. EUROCRYT'00, Lecture Notes in ComputerScience, Berlin,2000:139–155.
[64] Asokan N, Ginzboorg P. Key agreement in ad-hoc networks[J]. Journal ofComputer Communications,2000,23(17):1627–1637.
[65] Bresson E, Chevassut O, Pointcheval D. Group Diffie-Hellman key exchangesecure against dictionary attack[C]. Proc. ASIACRYPT'02, Lecture Notes inComputer Science, Berlin,2002:497–514.
[66] Dutta R, Barua R. Password-based encrypted group key agreement[J].International Journal of Network Security,2006,3(1):30–41.
[67] Abdalla M, Bresson E, Chevassut O, Pointcheval D. Password-based group keyexchange in a constant number of rounds[C]. Proc. PKC'06, Lecture Notes inComputer Science, Berlin,2006:427–442.
[68] Lee S, Hwang J Y, Lee D H. Efficient password-based group key exchange[C].Proc. TrustBus'04, Lecture Notes in Computer Science, Berlin,2004:191–199.
[69] Abdalla M, Fouque P A, Pointcheval D. Password-based authenticated keyexchange in the three-party setting[C]. Proc. PKC'05, Lecture Notes in ComputerScience, Berlin,2005:65–84.
[70] Bresson E, Chevassut O, Pointcheval D, Quisquater J. Provably authenticatedgroup Diffie-Hellman key exchange[C]. Proc. CCS'01, Philadelphia,2001:255–264.
[71] Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution extended togroup communication[C]. Proc. CCS'96, New Dehli,1996:31–37.
[72] Byun J W, Lee D H, Lim J I. EC2C-PAKA: an efficient client-to-client passwordauthenticated key agreement[J]. Information Sciences,2007,177(19):3995–4013.
[73] Zheng M H, Zhou H H, Li J, Cui G H. Efficient and provably securepassword-based group key agreement protocol[J]. Computer Standards&Interfaces,2009,31(5):948-953.
[74] Benenson Z, Felix C G, Dogan K. User Authentication in Sensor Networks[C]. InProceedings of Workshop Sensor Networks, Ulm, Germany,2004:385-389.
[75] Yang J, Chang C. An ID-based remote mutual authentication with key agreementprotocol for mobile devices on elliptic curve cryptosystem[J]. Computers andSecurity,2009,28:138–143.
[76] Yoon E, Yoo K. Robust ID-based remote mutual authentication with keyagreement protocol for mobile devices on ECC[C]. In Proc.:2009InternationalConference on Computational Science and Engineering, Vancouver, Canada,2009:633–640.
[77] Wu C C, Lee W B, Tsaur W J. A secure authentication scheme with anonymityfor wireless communications[J]. IEEE Communication Letter,2008,12(10):722–723.
[78] Wang Y V, Liu J Y, Xiao F X, Dan J. A more efficient and secure dynamicID-based remote user authentication scheme[J]. Computer Communications,2009,32(4):583–585.
[79] Zeng P, Cao Z, Choo K K R, Wang S. On the anonymity of some authenticationschemes for wireless communications[J]. IEEE Communication Letter,2009,13(3):170–171.
[80] Tsai J L. Efficient multi-server authentication scheme based on one-way hashfunction without verification table[J]. Computers&Security,2008,27(3):115–121.
[81] Kumar M. A new secure remote user authentication scheme with smart cards[J].International Journal of Network Security,2010,11(2):88–93.
[82] Wong K H M, Yuan Z, Jiannong C, Shengwei W. A dynamic user authenticationscheme for wireless sensor networks[C]. In Proceedings of Sensor Networks,Ubiquitous, and Trustworthy Computing, Taichung, Taiwan,2006:244-251.
[83] Tseng H R, Jan R H, Yang W. An Improved Dynamic User AuthenticationScheme for Wireless Sensor Networks[C]. In Proceedings of IEEE Globecom,Washington,D.C., USA,2007:986-990.
[84] Tsern H L. Simple Dynamic User Authentication Protocols for Wireless SensorNetworks[C]. In Proceedings of2nd International Conference on SensorTechnologies and Applications, Cap Esterel, France,2008:657-660.
[85] Das M L. Two-Factor User Authentication in Wireless Sensor Networks[J]. IEEETrans. Wireless Comm,2009,8:1086-1090.
[86] Nyang D H, Lee M K. Improvement of Das’s Two-Factor AuthenticationProtocol in Wireless Sensor Networks[C]. Cryptology ePrint Archive,2009.
[87] Khan M K, Alghathbar K. Cryptanalysis and security improvement of two-factoruser authentication in wireless sensor networks[J]. Sensors,2010,10:2450-2459.
[88] Kocher P, Jaffe J, Jun B. Differential power analysis[C]. Proc. Advances inCryptology,1999:388-397.
[89] Messerges T S, Dabbish E A, Sloan R H. Examining smart-card security underthe threat of power analysis attacks[J]. IEEE Transactions on Computers,2002,51(5):541-552.
[90] Zhu R, Qin Y, Wang J. Energy-aware distributed intelligent date gatheringalgorithm in wireless sensor networks[J]. International Journal of DistributedSensor Networks,2011:1-13.
[91] Zhu R. Efficient fault-tolerant event query algorithm in distributed wirelesssensor networks[J]. International Journal of Distributed Sensor Networks,2010:1-7.
[92] Zhu R. Intelligent Collaborative Event Query Algorithm in Wireless SensorNetworks[J]. International Journal of Distributed Sensor Networks,2012:1-11.
[93] Bellovin S, Merritt M. Encrypted key exchange: passwords based protocolssecure against dictionary attacks[J]. Proceedings of the IEEE Symposium onSecurity and Privacy,1992,92:72-84.
[94] Bellare M, Rogaway P. Entity authentication and key distribution[C]. Advancesin Cryptology-Crypto’93, LNCS,1993,773:232-249.
[95] Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secureagainst dictionary attacks[C]. Advances in Cryptology-Eurocrypt’00, LNCS,2000,1807:139-155.
[96] Bellare M, Rogaway P. Provably secure session key distribution: the three partycase[C]. Proceedings of the ACM Symposium on the Theory of Computing(STOC’95),1995:57-66.
[97] Ding Y, Horster P. Undetectable on-line password guessing attacks[J]. ACMOper. Syst. Rev.,1995,29:77-86.
[98] Guo H, Li Z, Mu Y, Zhang X. Cryptanalysis of simple three-party key exchangeprotocol[J]. Computers&Security,2008,27(1-2):16-21.
[99] Chen H B, Chen T H, Lee W B, Chang C C. Security enhancement for athree-party encrypted key exchange protocol against undetectable on-linepassword guessing attacks[J]. Computer Standards&Interfaces,2008,30:95-99.
[100] Lin C L, Sun H M, Hwang T. Three party-encrypted key exchange: attacks and asolution[J]. ACM Oper. Syst. Rev.2000,34:12-20.
[101] Sun H M, Chen B C, Hwang T. Secure key agreement protocols for three-partyagainst guessing attacks[J]. J. Syst. Softw.,2005,75:63-68.
[102] Chung H R, Ku W C. Three weaknesses in a simple three-party key exchangeprotocol[J]. Inf. Sci.,2008,178:220-229.
[103] Lu R, Cao Z. Simple three-party key exchange protocol[J]. Comput. Secur.,2007,26:94-97.
[104] Nam J, Kim S, Won D. Attack on the Sun.Chen.Hwang’s three-party keyagreement protocols using passwords[J]. IEICE Trans. Fundam. Electron.Commun.,2006, E89-A:209-212.
[105] Chien H Y, Wu T C. Provably secure password-based three-party key exchangeWith Optimal Message Steps[J]. The Computer Journal,2008:1-10.
[106] Lin C L, Sun H M, Steiner M, Hwang T. Three-party encrypted key exchangewithout server public-keys[J]. IEEE Communication Letter,2001,5(12):497-499.
[107] Chen Y J, Lee W B, Chen H B. A round and computation efficient three partyauthentication key exchange protocol[J]. Journal of Systems and Software,2008,81:1581-1590.
[108] Yang J H, Chang C C. An efficient three-party authenticated key exchangeprotocol using elliptic curve cryptography for mobile-commerce environments[J].Journal of Systems and Software,2008,82:1497–1502.
[109] Schnorr C P. Efficient identification and signature for smart cards[C]. in:Proceedings of CRYPTO’89, LNCS, Springer-Verlag,1989:239-252.
[110] Holbl M, Welzer T, Brumen B. Two proposed identity-based three-partyauthenticated key agreement protocols from pairings[J]. Computers&Security2010,29:244-252.
[111] Wu S, Pu Q. Weakness and improvement of three-party authenticated keyexchange protocol using elliptic curve cryptography[J/OL]. Available:http://eprint.iacr.org/2009/534.pdf.
[112] Chen Z. Security analysis on Nalla-Reddy’s ID-based tripartiteauthenticated keyagreement protocols[C]. Cryptology Eprint Archive,2003.
[113] Holbl M, Welzer T, Brumen B. Comparative study of tripartite identity-basedauthenticated key agreement protocols[J], Informatica33.2009,33(3):347-355.
[114] Zuowen Tan. An enhanced three-party authentication key exchange protocol formobile commerce environments[J]. J. Commun.2010,5(5):436-443.
[115] Peter N. Security weaknesses of authenticated key agreement protocols[J].Information Processing Letters,2011,111:687–696.
[116] Yang G, Tan C. Strongly secure certificateless key exchange without pairing[C].in:6th ACM Symposium on Information, Computer and CommunicationsSecurity,2011:71–79.
[117] Zhang Z, Wong D S, Xu J, Feng D. Certificateless Public-Key Signature:Security Model and Efficient Construction[C]. In Applied Cryptography andNetwork Security,4th International Conference, ACNS2006, Singapore, June6-9,2006, Proceedings, Lecture Notes in Computer Science,2006:293–308.
[118] Yap W S, Heng S H, Goi B M. An efficient certificateless signature scheme[C].In EUC Workshops, Lecture Notes in Computer Science,2006:322–331.
[119] Roma R, Alcaraz C. Applicability of public key infrastructures in wireless sensornetworks[C]. In: Proc. EuroPKI’07, Lecture Notes in Computer Science,Springer, Berlin,2007:313–320.
[120] Watro R, Kong D, Cuti S, Gardiner C, Lynn C, Kruus P. Tinypk: Securing sensornetworks with public key technology[C]. In: Proc.2nd ACM workshop onSecurity of ad hoc and sensor networks, ACM, Washington. DC,2004:59–64.
[121] Liu J K, Baek J, Zhou J Y, Yang Y J, Wong J W. Efficient online/offlineidentity-based signature for wireless sensor network[J]. Int. J. Inf. Secur,2010,9:287–296.
[122] Xu Z, Liu X, Zhang G Q, He W B. McCLS: Certificateless Signature Scheme forEmergency Mobile Wireless Cyber-Physical Systems[J]. Int. J. of Computers,Communications&Control,2008,3(4):395-411.
[123] Zhang F, Li S, Miao S, Mu Y, Susilo W, Huang X. Cryptanalysis on TwoCertificateless Signature Schemes[J]. Int. J. of Computers, Communications&Control,2010,5(4):586-591.
[124] Ge A J, Chen S Z, Huang X Y. A Concrete Certificateless Signature Schemewithout Pairings[c]. In: Wang L, et al., eds. Proc. of the2009Int’l Conf. onMultimedia Information Networking and Security, IEEE Computer Society,2009:374377.
[125] Harn L, Ren J, Lin C L. Design of DL-based Certificateless Digital Signatures[J].The Journal of Systems and Software,2009,82:789–793.