认证协议及其在网络安全系统中的应用研究
|
摘要
随着计算机和信息技术的迅猛发展,现代社会对利用互联网进行信息传递的依靠性越来越强了,保证互联网上数据安全的问题显得尤为重要,信息安全技术的研究也因此得到了全社会的广泛关注。
认证是信息安全中至关重要的一步,使用网络进行安全通讯必须首先进行认证来确定通信双方的身份。认证协议的设计、实现、以及安全性分析是网络安全的重要课题,近年来在攻击和防范的实践中,认证协议的设计与分析技术都有较大的发展。
本文系统的讨论了认证协议的发展思路和技术路线:首先详细分析了Yoon等人提出的基于USBKey并使用哈希算法的一种认证协议,分析了其安全性,指出了其缺陷;然后本文分析了Han等人对协议的改进,提出了一种新的改进,克服了原协议所存在的安全缺陷;本文随后讨论了Fan等人提出的基于USBKey的使用加密算法的一种认证协议,分析了其安全性,指出了其缺陷;本文接下来分析了Wen等人对协议的改进,并且提出了一种新的改进,克服了原协议所存在的安全缺陷的同时提高了协议效率。
随后,本文依据系统构架理论,自下而上的设计并实现了安全系统的各个层次:给出了基于USBKey的加密中间层的设计与实现,包括CSP、KSP等标准接口和自定义的加密接口;给出了安全协议层的设计与实现,包括基于USBKey的TLS协议的设计与实现和一种安全文件传输协议的设计与实现;给出了一个安全系统的架构与设计,此系统已经通过相关检测并投入使用,取得了良好效果。
With the rapid development of computers and information technology, nowadays people more and more rely on the Internet for information delivery. So to ensure the security of information data on Internet is of crucial importance. Therefore, research on information security technology has become a widespread concern in society.
Authentication is a vital step to ensure information security. User authentication should be performed to ensure safe information delivery at the first step. Authentication protocol design, implementation and security analysis are the key subjects of net security. In recent years, in the practice of attacks and protections, the authentication protocol design and analysis techniques have been developed rapidly.
This article systematically discusses authentication protocol development in ideas and techniques:a detailed security and defect analysis of the authentication protocol (proposed by Yoon. etc), which is using hash algorithms and based on USBKey. Then analysis on the improvement made by Han based on Yoon's protocol theory as well as my suggestion of improvement based on Han's theory to overcome the defects in Han's protocol. Followed by this article details the security analysis as well as defects of the authentication protocol (proposed by Fan. etc), which is using encryption algorithms and based on USBKey; Finally another improvement analysis on Wen's protocol theory based on Fan's theory as well as my new improvement suggestion to overcome the defects of previous protocol theory and improve the protocol efficiency.
Subsequently, based on system architecture theory, this article puts forward the design and implementation from the bottom to the top of the system at all levels of structures:idea of design and implementation of the middle layer of encryption based on USBKey, including the CSP, KSP, as well as a custom encryption interface; idea of security protocol layer design and implementation, including the design and implementation of TLS protocol based on USBKey as well as the design and implementation of a secure file transfer protocol; idea of the architecture and design of a security system, which has passed the relevant inspection and it is already on trial use with good feedback.
认证是信息安全中至关重要的一步,使用网络进行安全通讯必须首先进行认证来确定通信双方的身份。认证协议的设计、实现、以及安全性分析是网络安全的重要课题,近年来在攻击和防范的实践中,认证协议的设计与分析技术都有较大的发展。
本文系统的讨论了认证协议的发展思路和技术路线:首先详细分析了Yoon等人提出的基于USBKey并使用哈希算法的一种认证协议,分析了其安全性,指出了其缺陷;然后本文分析了Han等人对协议的改进,提出了一种新的改进,克服了原协议所存在的安全缺陷;本文随后讨论了Fan等人提出的基于USBKey的使用加密算法的一种认证协议,分析了其安全性,指出了其缺陷;本文接下来分析了Wen等人对协议的改进,并且提出了一种新的改进,克服了原协议所存在的安全缺陷的同时提高了协议效率。
随后,本文依据系统构架理论,自下而上的设计并实现了安全系统的各个层次:给出了基于USBKey的加密中间层的设计与实现,包括CSP、KSP等标准接口和自定义的加密接口;给出了安全协议层的设计与实现,包括基于USBKey的TLS协议的设计与实现和一种安全文件传输协议的设计与实现;给出了一个安全系统的架构与设计,此系统已经通过相关检测并投入使用,取得了良好效果。
With the rapid development of computers and information technology, nowadays people more and more rely on the Internet for information delivery. So to ensure the security of information data on Internet is of crucial importance. Therefore, research on information security technology has become a widespread concern in society.
Authentication is a vital step to ensure information security. User authentication should be performed to ensure safe information delivery at the first step. Authentication protocol design, implementation and security analysis are the key subjects of net security. In recent years, in the practice of attacks and protections, the authentication protocol design and analysis techniques have been developed rapidly.
This article systematically discusses authentication protocol development in ideas and techniques:a detailed security and defect analysis of the authentication protocol (proposed by Yoon. etc), which is using hash algorithms and based on USBKey. Then analysis on the improvement made by Han based on Yoon's protocol theory as well as my suggestion of improvement based on Han's theory to overcome the defects in Han's protocol. Followed by this article details the security analysis as well as defects of the authentication protocol (proposed by Fan. etc), which is using encryption algorithms and based on USBKey; Finally another improvement analysis on Wen's protocol theory based on Fan's theory as well as my new improvement suggestion to overcome the defects of previous protocol theory and improve the protocol efficiency.
Subsequently, based on system architecture theory, this article puts forward the design and implementation from the bottom to the top of the system at all levels of structures:idea of design and implementation of the middle layer of encryption based on USBKey, including the CSP, KSP, as well as a custom encryption interface; idea of security protocol layer design and implementation, including the design and implementation of TLS protocol based on USBKey as well as the design and implementation of a secure file transfer protocol; idea of the architecture and design of a security system, which has passed the relevant inspection and it is already on trial use with good feedback.
引文
[ALA96]Alan O. Freier, The SSL Protocol Version 3.0, November 18,1996,22-30.
[AOL93]A.O.L. Atkin and F. Morain. Elliptic curves and primality proving. Mathematics of Computation,61(203), July 1993,29-68.
[ASH84]A Shamir, Identity-based Cryptosystems and Signature Schemes[C], Cryptology-Crypto'84, LNCS 196, Springer-Verlag,1984.47-53.
[BLA05]Blake F., Seroussi G., Smart N. P. Advance in Elliptic Curve Cryptography, New York:Cambridge University Press,2005.
[BRU00]Bruce Schneier,吴世忠,祝世雄,张文政,应用密码学:协议,算法与C源程序,2000.1,第一版,北京机械工业出版社.
[CAD96]C Adams, The Simple Public-Key GSS-API Mechanism (SPKM)[S].IETF RFC 2025,1996-10.
[CET94]Cetin Kaya Koc, High-Speed RSA Implementation, RSA Laboratories http://citeseer.ist.psu.edu/koc94highspeed.html.
[CFA05]C.Fan, Y.Chan, Z.Zhang, Robust remote authentication scheme with smart cards, Computers & Security, vol.24, no.8, Nov.2005,619-628.
[CHA04]Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security:Private Communication in a Public World, Second Edition,网络安全:公众世界中的秘密通信(第二版),许剑卓,左英男等译,2004,电子工业出版社,138-140.
[CHA05]Charles Iheagwara, Andrew Blyth. Future Directions in the Development of Intrusion Detection System. http://isaca-washdc.org/content/newsletter/articles/articl-emay2003.htm.2003-5-1/2005-10-1.
[CHR01]Chris Brenton, Cameron Hunt,马树奇,金燕译,Active Defense:A Comprehensive Guide to Network Security.2001,9,电子工业出版社.
[CLC05]蔡乐才,应用密码学,2005.2,第一版,中国电力出版社.
[CLE06]C.Lee, M.Hwang, I.Liao, Security enhancement on a new authentication scheme with anonymity for wireless environments, IEEE Trans. Ind. Electron., VOL.53, NO.5, Oct.2006,1683-1687.
[DBO01]D Boneh, M Franklin, Identity-based Encryption from the Weil Pairing[C], Cryptology-Crypto 2001, LNCS 2139, Springer-Verlag,2001.213-229.
[DIF76]Diffie W. and Hellman M. E.. New directions in cryptography. IEEE Transactions on Infor-mation Theory,1976,22:644-654.
[DIN94]丁存生,肖国镇.流密码学及其应用,1994,第一版,北京:国防工业出版社.
[DJO99]D. Johnson and A. Menezes, The elliptic curve digital signature algorithm (ECDSA), Technical report CORR 99-34, Dept. of C&O, University of Waterloo, 1999.
[DOU03]Douglas R.Stinso著,冯国登译,密码学原理与实践(第二版),2003,电子工业出版社.
[DRL00]DRL. Brown, The exact security of ECDSA, Technical report, CORR 2000-54, Dept. of Combinatorics and Optimization, Univ. of Waterloo,2000.
[DWA98]D. Wagner and B. Schneier, Analysis of the SSL 3.0 Protocol,1998.
[EJY04]E.J.Yoon, E.K.Ryu, K.Y.Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50(2)(2004)612-614.
[FED92]Federal Register, Proposed Federal Information Processing Standard for Digital Signature Standard (DSS), v.57, no.21,31 Jan 1992, pp.3747-3749.
[FEN03]冯克勤,保密通信的发展概况,大数数学,2003.12:1-8.
[FIP186]Digital Signature Standard(DSS). Federal Information Proceeding Sign Standards Publication (FIPS PUB 186).U.S Department of Commerce/NIST, National Technical Information Service. Springfield, Virginia,1994.
[HAN09]Han-Cheng Hsiang, Wei-Kuan Shih, Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards, Computer Communications 32(2009)649-652.
[HDB09]何德彪,经典密码算法的实现与应用研究,2009,武汉大学,博士学位论文.
[HYC02]H.Y.Chien, J.K.Jan, Y.M.Tseng, An efficient and practical solution to remote authentication smart card, Computers & Security 21 (4)(2002)372-375.
[KGP02]K G Paterson, ID-based Signatures from Pairings on Elliptic Curves, Cryptology Eprint Archive, Report 2002/004[EB/OL], http://eprint.iacr.org/.
[KOH93]Kohl, J and Neuman, C., The Kerberos Network Authentication Service(V5), RFC1510, September 1993.
[LIA98]Liaquat Khan, Deploying Public Key Infrastructures. Information Security Technical Report.1998, (2):18233.
[LLA81]L.Lamport, Password authentication with insecure communication, Communications of the ACM 24(11)(1981),770-772.
[MAB99]M. Abdalla, M. Bellare, and P. Rogaway, DHAES:an encryption scheme based onthe Diffie-Hellman problem, Crypto logy ePrint Archive, Report 1999/007, 1999.
[MAR04]Maria Papadaki, Steven M. Furnell. IDS or IPS:what is best? Network Security.2004 2004(7):(8-9).
[MBE98]M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes, In Advances in Cryptology-Crypto'98,1998, pages:26-45.
[MBU90]M.Burrow, M.Abadi, R.Needham, A logic of authentication, ACM Trans. Comput. Syst., Vol.8, NO.1, Feb.1990,18-36.
[MIC08]Microsoft, CryptoAPI System Architecture, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/cryptoapi_syste m_architecture.htm, Api.24,2008.
[MIC08-2]Microsoft, Cryptographic Service Providers, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/cryptographic_s ervice_providers.htm, Api.24,2008.
[MIC08-3]Microsoft, Writing a CSP, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/writing_a_csp.h tm, Api.24,2008.
[MIC08-4]Microsoft, Microsoft Base Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_base_cryptographic_provider.htm, Api.24,2008.
[MIC08-5]Microsoft, Microsoft Enhanced Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_enha nced_cryptographic_provider.htm, Api.24,2008.
[MIC08-6]Microsoft, Microsoft Strong Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_stron g_cryptographic_provider.htm, Api.24,2008.
[MIC08-7]Microsoft, Microsoft Policy for Signing CSPs, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_polic y_for_signing_csps.htm, Api.24,2008.
[MIC10]Microsoft, Cryptography API:Next Generation, http://msdn.microsoft.com/en-us/library/aa376210(v=VS.85).aspx, Mar.11,2010.
[MIC10-2]Microsoft, Cryptographic Primitives, http://msdn.microsoft.com/en-us/library/bb204776(v=VS.85).aspx, Mar.11,2010.
[MIC 10-3]Microsoft, Key Storage and Retrieval, http://msdn.microsoft.com/en-us/library/bb204778(v=VS.85).aspx, Mar.11,2010.
[MIC96]Microsoft, Microsoft Cryptographic Service Provider Programmer's Guide, 1996
[MSH00]M.S.Hwang, L.H.Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 46(1)(2000)28-30
[NAT01]National Institute of Standards and Technology. Federal information Processing Standards Publication 197. http://csrc.nist.gov/archive/aes/index.html.
[NAT00]National Institute of Standards and Technology. Digital Signature Standard(DSS). Federal Information Processing Standards Publication 186-2,2000.
[NAT01]National Institute of Standards and Technology:'Advanced Encryption Standard (AES)'. Federal Information Processing Standards Publication (FIPS PUB) 197, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Nov.26 2001.
[NAT77]National Bureau of Standards, NBS FIPS PUB 46, Data Encryption Standard, National Bureau of Standards. U.S. Department of Commerce,1977.
[NAT93]Natioanl Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186,1993.
[NAT97]National Institute of Standards and Technology, Announcing Development of a Federal Information Standard for Advanced Encryption Standard, Federal Register,1997.
[NEE78]Needham E M, Schroeder M D, Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM,21(12):993-999,1978.
[NIC99]Nick Mansfield, Designing a Practical Public Key Infrastructure (PKI). Information Security Technical Report.1999,4(4):18227.
[NKO87]N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation,48, 1987,pages:203-209.
[PAU06]Paul Garrett,吴世忠,宋晓龙,郭涛,密码学导引,第一版,2006,机械工业出版社.
[PER86]Peralta RC, A simple and fast probabilistic algorithm for computing square roots modulo a prime number, IEEE Transactions on Information Theory 1986,32(6),846-847.
[PKO99]P.Kocher, J.Jaffe, B.Jun, Differential power analysis, Proceedings of Advances in Cryptology (CRYPTO'99),1999,388-397.
[RAB79]Rabin MO, Digitalized signatures and public-key functions as intractable as factorizations, Technical Report. Cambridge, MIT Lab, Computer Science, Jan.1979, MIT/LCS/TR212.
[RAJ]Rajan A, Wood M, Bowler D,Mechanics of the Common Security Services Manager, http://www.pentium.fr/cd/ids/developer/asmo-na/eng/20289.htm.
[REL81]R.E.Lennon, S.M.Matyas, C.H.Mayer, Cryptographic authentication of timeinvariant quantities, IEEE Transactions on Communications 29(6)(1981)773-777.
[Riv78]Rivest R. L., Shamir A., and Adleman L, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM,1978. 21(2):120-127.
[RSA93]RSA Laboratories, Public Key Cryptography Standards, RSA Data Security, November 1993.
[SBL06]S. Blake-Wilson, RFC4492-Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), May 2006.
[SCH96]Schneier B, Applied Cryptography.2nd ed.New York:John Wiley &Sons,1996.
[SJL07]孙金龙,基于椭圆曲线密码的安全芯片与协议的研究,2007,武汉大学,博士学位论文.
[SMY97]S.M.Yen, K.H.Liao, Shared authentication token secure against replay and weak key attack, Information Processing Letters (1997)78-80.
[TDI99]T.Dierks, RFC2246-The TLS Protocol Version 1.0, January 1999.
[TD106]T.Dierks, RFC4346-The TLS Protocol Version 1.2, October 2006.
[TEL85]T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory,1985,31, pages:469-472.
[THO03]Thomas Munn Airids, Architecture and Methodology. http://www.infosecwriterscom/text_resources/pdf/architecture.pdf,2003-10-1/2005-1 0-1.
[TPM]TCG, TPM Main Part 1 Design Principles, Specification Version 1.2, http://www.trustedcomputinggroup.org/specs/TPM.
[TPM2]TCG, TPM Design Principles V1.2,http://www.trustedcomputinggroup.org.
[TSM02]T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the thread of power analysis attacks, IEEE Transactions on Computers 51(5)(2002) 541-552.
[VIC04]Vickie R, Westrnark. A Definition for Information System Survivability. In Proceeding of the 37th Hawaii Internal Conference on System Sciences (HICSRS'04), 2004.303-312.
[WAN00]王爱英.智能卡技术:IC卡(第二版).2000,北京:清华大学出版社.
[WAN06]王亚弟、束妮娜、韩继红、王娜,密码协议形式化分析,第一版,2006,9,北京:机械工业出版社.
[WAN99]王育民、刘建伟,通信网的安全-理论与技术,第一版,1999,西安:西安电子科技大学出版社.
[WCK04]W.C.Ku, S.M.Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50(1)(2004)204-207.
[WEN08]Wen-Shenq Juang, Sian-Teng Chen, Horng-Twu Liaw, Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards, IEEE Transactions on Industrial Electronics, VOL.55, NO.6, June 2008,2551-2556.
[WJU04]W.Juang, efficient password authenticated key agreement using smart cards, Comput. Secur. VOL.23, NO.2, Mar.2004,167-173.
[WZH01]汪朝晖,椭圆曲线密码的安全性研究,2001,武汉大学,博士学位论文.
[YAN98]严东冬,智能卡技术及应用,第一版,1998,西安:西安电子科技大学出版社.
[ZHO05]《中华人民共和国电子签名法》,http://www.gov.cn/ziliao/flfg/2005-06/27/content_9785.htm,2005.
[ZLN08]张丽娜,安全体系架构及其相关技术研究,2008,武汉大学,博士学问论文.
[AOL93]A.O.L. Atkin and F. Morain. Elliptic curves and primality proving. Mathematics of Computation,61(203), July 1993,29-68.
[ASH84]A Shamir, Identity-based Cryptosystems and Signature Schemes[C], Cryptology-Crypto'84, LNCS 196, Springer-Verlag,1984.47-53.
[BLA05]Blake F., Seroussi G., Smart N. P. Advance in Elliptic Curve Cryptography, New York:Cambridge University Press,2005.
[BRU00]Bruce Schneier,吴世忠,祝世雄,张文政,应用密码学:协议,算法与C源程序,2000.1,第一版,北京机械工业出版社.
[CAD96]C Adams, The Simple Public-Key GSS-API Mechanism (SPKM)[S].IETF RFC 2025,1996-10.
[CET94]Cetin Kaya Koc, High-Speed RSA Implementation, RSA Laboratories http://citeseer.ist.psu.edu/koc94highspeed.html.
[CFA05]C.Fan, Y.Chan, Z.Zhang, Robust remote authentication scheme with smart cards, Computers & Security, vol.24, no.8, Nov.2005,619-628.
[CHA04]Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security:Private Communication in a Public World, Second Edition,网络安全:公众世界中的秘密通信(第二版),许剑卓,左英男等译,2004,电子工业出版社,138-140.
[CHA05]Charles Iheagwara, Andrew Blyth. Future Directions in the Development of Intrusion Detection System. http://isaca-washdc.org/content/newsletter/articles/articl-emay2003.htm.2003-5-1/2005-10-1.
[CHR01]Chris Brenton, Cameron Hunt,马树奇,金燕译,Active Defense:A Comprehensive Guide to Network Security.2001,9,电子工业出版社.
[CLC05]蔡乐才,应用密码学,2005.2,第一版,中国电力出版社.
[CLE06]C.Lee, M.Hwang, I.Liao, Security enhancement on a new authentication scheme with anonymity for wireless environments, IEEE Trans. Ind. Electron., VOL.53, NO.5, Oct.2006,1683-1687.
[DBO01]D Boneh, M Franklin, Identity-based Encryption from the Weil Pairing[C], Cryptology-Crypto 2001, LNCS 2139, Springer-Verlag,2001.213-229.
[DIF76]Diffie W. and Hellman M. E.. New directions in cryptography. IEEE Transactions on Infor-mation Theory,1976,22:644-654.
[DIN94]丁存生,肖国镇.流密码学及其应用,1994,第一版,北京:国防工业出版社.
[DJO99]D. Johnson and A. Menezes, The elliptic curve digital signature algorithm (ECDSA), Technical report CORR 99-34, Dept. of C&O, University of Waterloo, 1999.
[DOU03]Douglas R.Stinso著,冯国登译,密码学原理与实践(第二版),2003,电子工业出版社.
[DRL00]DRL. Brown, The exact security of ECDSA, Technical report, CORR 2000-54, Dept. of Combinatorics and Optimization, Univ. of Waterloo,2000.
[DWA98]D. Wagner and B. Schneier, Analysis of the SSL 3.0 Protocol,1998.
[EJY04]E.J.Yoon, E.K.Ryu, K.Y.Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50(2)(2004)612-614.
[FED92]Federal Register, Proposed Federal Information Processing Standard for Digital Signature Standard (DSS), v.57, no.21,31 Jan 1992, pp.3747-3749.
[FEN03]冯克勤,保密通信的发展概况,大数数学,2003.12:1-8.
[FIP186]Digital Signature Standard(DSS). Federal Information Proceeding Sign Standards Publication (FIPS PUB 186).U.S Department of Commerce/NIST, National Technical Information Service. Springfield, Virginia,1994.
[HAN09]Han-Cheng Hsiang, Wei-Kuan Shih, Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards, Computer Communications 32(2009)649-652.
[HDB09]何德彪,经典密码算法的实现与应用研究,2009,武汉大学,博士学位论文.
[HYC02]H.Y.Chien, J.K.Jan, Y.M.Tseng, An efficient and practical solution to remote authentication smart card, Computers & Security 21 (4)(2002)372-375.
[KGP02]K G Paterson, ID-based Signatures from Pairings on Elliptic Curves, Cryptology Eprint Archive, Report 2002/004[EB/OL], http://eprint.iacr.org/.
[KOH93]Kohl, J and Neuman, C., The Kerberos Network Authentication Service(V5), RFC1510, September 1993.
[LIA98]Liaquat Khan, Deploying Public Key Infrastructures. Information Security Technical Report.1998, (2):18233.
[LLA81]L.Lamport, Password authentication with insecure communication, Communications of the ACM 24(11)(1981),770-772.
[MAB99]M. Abdalla, M. Bellare, and P. Rogaway, DHAES:an encryption scheme based onthe Diffie-Hellman problem, Crypto logy ePrint Archive, Report 1999/007, 1999.
[MAR04]Maria Papadaki, Steven M. Furnell. IDS or IPS:what is best? Network Security.2004 2004(7):(8-9).
[MBE98]M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes, In Advances in Cryptology-Crypto'98,1998, pages:26-45.
[MBU90]M.Burrow, M.Abadi, R.Needham, A logic of authentication, ACM Trans. Comput. Syst., Vol.8, NO.1, Feb.1990,18-36.
[MIC08]Microsoft, CryptoAPI System Architecture, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/cryptoapi_syste m_architecture.htm, Api.24,2008.
[MIC08-2]Microsoft, Cryptographic Service Providers, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/cryptographic_s ervice_providers.htm, Api.24,2008.
[MIC08-3]Microsoft, Writing a CSP, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/writing_a_csp.h tm, Api.24,2008.
[MIC08-4]Microsoft, Microsoft Base Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_base_cryptographic_provider.htm, Api.24,2008.
[MIC08-5]Microsoft, Microsoft Enhanced Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_enha nced_cryptographic_provider.htm, Api.24,2008.
[MIC08-6]Microsoft, Microsoft Strong Cryptographic Provider, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_stron g_cryptographic_provider.htm, Api.24,2008.
[MIC08-7]Microsoft, Microsoft Policy for Signing CSPs, ms-help://MS.VSCC.v90/MS.MSDNQTR.v90.chs/seccrypto/security/microsoft_polic y_for_signing_csps.htm, Api.24,2008.
[MIC10]Microsoft, Cryptography API:Next Generation, http://msdn.microsoft.com/en-us/library/aa376210(v=VS.85).aspx, Mar.11,2010.
[MIC10-2]Microsoft, Cryptographic Primitives, http://msdn.microsoft.com/en-us/library/bb204776(v=VS.85).aspx, Mar.11,2010.
[MIC 10-3]Microsoft, Key Storage and Retrieval, http://msdn.microsoft.com/en-us/library/bb204778(v=VS.85).aspx, Mar.11,2010.
[MIC96]Microsoft, Microsoft Cryptographic Service Provider Programmer's Guide, 1996
[MSH00]M.S.Hwang, L.H.Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 46(1)(2000)28-30
[NAT01]National Institute of Standards and Technology. Federal information Processing Standards Publication 197. http://csrc.nist.gov/archive/aes/index.html.
[NAT00]National Institute of Standards and Technology. Digital Signature Standard(DSS). Federal Information Processing Standards Publication 186-2,2000.
[NAT01]National Institute of Standards and Technology:'Advanced Encryption Standard (AES)'. Federal Information Processing Standards Publication (FIPS PUB) 197, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Nov.26 2001.
[NAT77]National Bureau of Standards, NBS FIPS PUB 46, Data Encryption Standard, National Bureau of Standards. U.S. Department of Commerce,1977.
[NAT93]Natioanl Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186,1993.
[NAT97]National Institute of Standards and Technology, Announcing Development of a Federal Information Standard for Advanced Encryption Standard, Federal Register,1997.
[NEE78]Needham E M, Schroeder M D, Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM,21(12):993-999,1978.
[NIC99]Nick Mansfield, Designing a Practical Public Key Infrastructure (PKI). Information Security Technical Report.1999,4(4):18227.
[NKO87]N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation,48, 1987,pages:203-209.
[PAU06]Paul Garrett,吴世忠,宋晓龙,郭涛,密码学导引,第一版,2006,机械工业出版社.
[PER86]Peralta RC, A simple and fast probabilistic algorithm for computing square roots modulo a prime number, IEEE Transactions on Information Theory 1986,32(6),846-847.
[PKO99]P.Kocher, J.Jaffe, B.Jun, Differential power analysis, Proceedings of Advances in Cryptology (CRYPTO'99),1999,388-397.
[RAB79]Rabin MO, Digitalized signatures and public-key functions as intractable as factorizations, Technical Report. Cambridge, MIT Lab, Computer Science, Jan.1979, MIT/LCS/TR212.
[RAJ]Rajan A, Wood M, Bowler D,Mechanics of the Common Security Services Manager, http://www.pentium.fr/cd/ids/developer/asmo-na/eng/20289.htm.
[REL81]R.E.Lennon, S.M.Matyas, C.H.Mayer, Cryptographic authentication of timeinvariant quantities, IEEE Transactions on Communications 29(6)(1981)773-777.
[Riv78]Rivest R. L., Shamir A., and Adleman L, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM,1978. 21(2):120-127.
[RSA93]RSA Laboratories, Public Key Cryptography Standards, RSA Data Security, November 1993.
[SBL06]S. Blake-Wilson, RFC4492-Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), May 2006.
[SCH96]Schneier B, Applied Cryptography.2nd ed.New York:John Wiley &Sons,1996.
[SJL07]孙金龙,基于椭圆曲线密码的安全芯片与协议的研究,2007,武汉大学,博士学位论文.
[SMY97]S.M.Yen, K.H.Liao, Shared authentication token secure against replay and weak key attack, Information Processing Letters (1997)78-80.
[TDI99]T.Dierks, RFC2246-The TLS Protocol Version 1.0, January 1999.
[TD106]T.Dierks, RFC4346-The TLS Protocol Version 1.2, October 2006.
[TEL85]T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory,1985,31, pages:469-472.
[THO03]Thomas Munn Airids, Architecture and Methodology. http://www.infosecwriterscom/text_resources/pdf/architecture.pdf,2003-10-1/2005-1 0-1.
[TPM]TCG, TPM Main Part 1 Design Principles, Specification Version 1.2, http://www.trustedcomputinggroup.org/specs/TPM.
[TPM2]TCG, TPM Design Principles V1.2,http://www.trustedcomputinggroup.org.
[TSM02]T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the thread of power analysis attacks, IEEE Transactions on Computers 51(5)(2002) 541-552.
[VIC04]Vickie R, Westrnark. A Definition for Information System Survivability. In Proceeding of the 37th Hawaii Internal Conference on System Sciences (HICSRS'04), 2004.303-312.
[WAN00]王爱英.智能卡技术:IC卡(第二版).2000,北京:清华大学出版社.
[WAN06]王亚弟、束妮娜、韩继红、王娜,密码协议形式化分析,第一版,2006,9,北京:机械工业出版社.
[WAN99]王育民、刘建伟,通信网的安全-理论与技术,第一版,1999,西安:西安电子科技大学出版社.
[WCK04]W.C.Ku, S.M.Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics 50(1)(2004)204-207.
[WEN08]Wen-Shenq Juang, Sian-Teng Chen, Horng-Twu Liaw, Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards, IEEE Transactions on Industrial Electronics, VOL.55, NO.6, June 2008,2551-2556.
[WJU04]W.Juang, efficient password authenticated key agreement using smart cards, Comput. Secur. VOL.23, NO.2, Mar.2004,167-173.
[WZH01]汪朝晖,椭圆曲线密码的安全性研究,2001,武汉大学,博士学位论文.
[YAN98]严东冬,智能卡技术及应用,第一版,1998,西安:西安电子科技大学出版社.
[ZHO05]《中华人民共和国电子签名法》,http://www.gov.cn/ziliao/flfg/2005-06/27/content_9785.htm,2005.
[ZLN08]张丽娜,安全体系架构及其相关技术研究,2008,武汉大学,博士学问论文.