基于身份的认证协议的理论及应用研究
|
摘要
认证是实现信息安全的基本手段,基于身份的密码体制作为一种公钥认证框架具有无公钥证书的优势,已成为传统公钥体制的有力替代。基于身份密码体制的认证协议具有重要的理论研究价值和广阔的应用前景。
本文从理论和应用两个方面对基于身份的认证协议进行了研究。首先研究了两种基本认证模型:客户-服务器模型和客户-客户模型下基于身份的认证协议。然后结合理论研究成果,提出了具体应用场景下基于身份的认证协议。得到如下主要结果:
1.提出了一种具有用户匿名性的基于身份的远程认证协议。协议将一种新提出的基于身份的签名算法和用户帐户索引的概念相结合,实现了认证性、用户匿名性和非否认性;相比于已有协议,减少了至少24.7%的用户运行时间和46.3%的信令开销。同时给出了随机预言机模型下的安全证明。
2.利用椭圆曲线加法群构造了两个无双线性对的基于身份的认证密钥协商(ID-AK)协议。协议一基于除法性计算性Di?e-Hellman问题,首次实现了无双线性对的基于身份的隐式认证;协议二基于计算性Di?e-Hellman问题,最小化了消息交互次数。在随机预言机模型下证明了协议的安全性。两个协议提供完善安全性,并可实现不同管理域间的扩展;同时去除了双线性对,是已知最高效的ID-AK协议。
3.提出了两个移动IP网络中基于身份的注册协议。协议一基于本文提出的认证会话密钥协商;协议二基于非时变的安全关联,以实现安全-效率折衷。两个协议利用盲签名去除了密钥托管,利用哈希函数去除了安全关联列表。相比于已有协议,新协议减少了至少19.4%的注册时延和11.6%的信令开销,同时具有强安全性和高效性。
4.提出了一种无线传感器网络中基于身份的多用户广播认证协议IMBAS。IMBAS基于一种新的具有较短签名长度的签名算法vBNN-IBS和具有部分消息恢复的Schnorr签名,首次实现了同时具有强安全性、完善可扩展性和高效性的无线传感器网络多用户广播认证。
5.给出了对一种已有高效无证书签名方案的替换公钥攻击,表明了在该方案中,攻击者可以通过替换签名者公钥伪造签名。进而提出了改进方案,在随机预言机模型下证明了改进方案具有存在性不可伪造性。
Authentication is a basic guarantee for information security. As an asymmetric au-thentication framework, Identity-Based Cryptosystem (IBC) is advantageous to the tra-ditional Public Key Cryptosystem (PKC) in the former’s abolishment of the public keycertificate, and hence becomes a powerful alternative of PKC. The research on identity-based (ID-based) authentication protocol has importance in both theory and application.
This dissertation investigates the ID-based authentication in both theoretical andapplicational aspects. We first study ID-based authentication protocols under two fun-damental authentication models, i.e., Client-server model and Client-client model. Thenbased on those theoretical results, we study ID-based authentication protocols in di?erentapplication scenarios. The authors obtain results as follows:
1. An ID-based remote authentication protocol with user anonymity is presented. Theprotocol combines a newly-proposed ID-based signature algorithm and a novel con-cept of user account index, which makes the protocol realize authenticity, useranonymity and non-repudiation. Compared with previous protocols, the new proto-col reduces at least 24.7% of user running time and 46.3% of signalling tra?c. Thesecurity proof is given under the random oracle model.
2. Two pairing-free ID-based authenticated key agreement (ID-AK) protocols are pro-posed based on additive elliptic curve group. Protocol I utilizes the Divisible Com-putational Di?e-Hellman problem and realizes for the first time the implicit ID-based authentication without pairing; Protocol II utilizes the Computational Di?e-Hellman problem and minimizes the message exchange round time. The securityof the proposed protocol can be proved in the random oracle model. Both pro-posals achieve strong security and can provide the authenticated key agreementbetween users of di?erent administrative domains. Moreover, the proposals elimi-nate the pairing operations, which makes them the most e?cient ID-AK protocolsever known.
3. Two ID-based Mobile IP registration protocols are proposed. Protocol I is based onthe ID-AK protocol proposed in Chapter 4; Protocol II is based on the time-invariantsecurity association to achieve the security-e?ciency trade-o?. Both protocols elim-inate the key escrow with the blind signature, and remove the security associationtable with hash function. Compared with previous protocols, the proposed protocolsreduce at least 19.4% of registration delay and 11.6% of signalling tra?c, providingboth strong security and improved e?ciency.
4. IMBAS, an ID-based Multi-user Broadcast Authentication Scheme is proposed forwireless sensor networks (WSN). The protocol employs a newly proposed pairing-free ID-based signature with reduced signature size and the Schnorr signature withpartial message recovery, and becomes the first protocol that provides all of strongsecurity, sound scalability and e?ciency for the multi-user broadcast authenticationin WSN.
5. That a presented proposal of e?cient certificateless signature scheme is insecureagainst public key replacement attack is demonstrated. It is shown that an adversarywho replaces the public key of a signer can forge valid signatures for the signerwithout knowledge of the signer’s private key. Then the scheme is improved, theimproved scheme is proven secure against existential forgery in the random oraclemodel.
本文从理论和应用两个方面对基于身份的认证协议进行了研究。首先研究了两种基本认证模型:客户-服务器模型和客户-客户模型下基于身份的认证协议。然后结合理论研究成果,提出了具体应用场景下基于身份的认证协议。得到如下主要结果:
1.提出了一种具有用户匿名性的基于身份的远程认证协议。协议将一种新提出的基于身份的签名算法和用户帐户索引的概念相结合,实现了认证性、用户匿名性和非否认性;相比于已有协议,减少了至少24.7%的用户运行时间和46.3%的信令开销。同时给出了随机预言机模型下的安全证明。
2.利用椭圆曲线加法群构造了两个无双线性对的基于身份的认证密钥协商(ID-AK)协议。协议一基于除法性计算性Di?e-Hellman问题,首次实现了无双线性对的基于身份的隐式认证;协议二基于计算性Di?e-Hellman问题,最小化了消息交互次数。在随机预言机模型下证明了协议的安全性。两个协议提供完善安全性,并可实现不同管理域间的扩展;同时去除了双线性对,是已知最高效的ID-AK协议。
3.提出了两个移动IP网络中基于身份的注册协议。协议一基于本文提出的认证会话密钥协商;协议二基于非时变的安全关联,以实现安全-效率折衷。两个协议利用盲签名去除了密钥托管,利用哈希函数去除了安全关联列表。相比于已有协议,新协议减少了至少19.4%的注册时延和11.6%的信令开销,同时具有强安全性和高效性。
4.提出了一种无线传感器网络中基于身份的多用户广播认证协议IMBAS。IMBAS基于一种新的具有较短签名长度的签名算法vBNN-IBS和具有部分消息恢复的Schnorr签名,首次实现了同时具有强安全性、完善可扩展性和高效性的无线传感器网络多用户广播认证。
5.给出了对一种已有高效无证书签名方案的替换公钥攻击,表明了在该方案中,攻击者可以通过替换签名者公钥伪造签名。进而提出了改进方案,在随机预言机模型下证明了改进方案具有存在性不可伪造性。
Authentication is a basic guarantee for information security. As an asymmetric au-thentication framework, Identity-Based Cryptosystem (IBC) is advantageous to the tra-ditional Public Key Cryptosystem (PKC) in the former’s abolishment of the public keycertificate, and hence becomes a powerful alternative of PKC. The research on identity-based (ID-based) authentication protocol has importance in both theory and application.
This dissertation investigates the ID-based authentication in both theoretical andapplicational aspects. We first study ID-based authentication protocols under two fun-damental authentication models, i.e., Client-server model and Client-client model. Thenbased on those theoretical results, we study ID-based authentication protocols in di?erentapplication scenarios. The authors obtain results as follows:
1. An ID-based remote authentication protocol with user anonymity is presented. Theprotocol combines a newly-proposed ID-based signature algorithm and a novel con-cept of user account index, which makes the protocol realize authenticity, useranonymity and non-repudiation. Compared with previous protocols, the new proto-col reduces at least 24.7% of user running time and 46.3% of signalling tra?c. Thesecurity proof is given under the random oracle model.
2. Two pairing-free ID-based authenticated key agreement (ID-AK) protocols are pro-posed based on additive elliptic curve group. Protocol I utilizes the Divisible Com-putational Di?e-Hellman problem and realizes for the first time the implicit ID-based authentication without pairing; Protocol II utilizes the Computational Di?e-Hellman problem and minimizes the message exchange round time. The securityof the proposed protocol can be proved in the random oracle model. Both pro-posals achieve strong security and can provide the authenticated key agreementbetween users of di?erent administrative domains. Moreover, the proposals elimi-nate the pairing operations, which makes them the most e?cient ID-AK protocolsever known.
3. Two ID-based Mobile IP registration protocols are proposed. Protocol I is based onthe ID-AK protocol proposed in Chapter 4; Protocol II is based on the time-invariantsecurity association to achieve the security-e?ciency trade-o?. Both protocols elim-inate the key escrow with the blind signature, and remove the security associationtable with hash function. Compared with previous protocols, the proposed protocolsreduce at least 19.4% of registration delay and 11.6% of signalling tra?c, providingboth strong security and improved e?ciency.
4. IMBAS, an ID-based Multi-user Broadcast Authentication Scheme is proposed forwireless sensor networks (WSN). The protocol employs a newly proposed pairing-free ID-based signature with reduced signature size and the Schnorr signature withpartial message recovery, and becomes the first protocol that provides all of strongsecurity, sound scalability and e?ciency for the multi-user broadcast authenticationin WSN.
5. That a presented proposal of e?cient certificateless signature scheme is insecureagainst public key replacement attack is demonstrated. It is shown that an adversarywho replaces the public key of a signer can forge valid signatures for the signerwithout knowledge of the signer’s private key. Then the scheme is improved, theimproved scheme is proven secure against existential forgery in the random oraclemodel.
引文
[1] M. Abdalla, J. H. An, M. Bellare and C. Namprempre,“From identification to signa-tures via the Fiat- Shamir transform: Minimizing assumptions for security and forward-security,”Proc. Eurocrypt’02, LNCS2332, 418-433, Springer-Verlag, 2002.
[2] I. Akyildiz, W. Su, Y. Sankarasubramaniam and E. Cayirci,“A survey on sensor net-works,”IEEE Commun. Magazine, 40(8):102-116, 2002.
[3] S. Al-Riyami and K. G. Paterson,“Certificateless public key cryptography,”Proc. ASI-ACRYPT’03, LNCS2894, 452-473, Springer-Verlag, 2003.
[4] A. O. L. Atkin and F. Morain,“Elliptic curves and primality proving,”Mathematics ofComputation, 61(203):29-68, 1993.
[5] J. Baek, J. Newmarch, R. Safavi-Naini1 and W. Susilo,“A survey of identity-based cryp-tography,”Proc.AUUG04, 95-102,IEEE Press, 2004.
[6] F. Bao, R. H. Deng and H. Zhu,“Variations of Di?e-Hellman problem,”Proc. ICS’03,301-312, IEEE Press, 2003.
[7] P. Barreto, Ben Lynn and M. Scott,“E?cient implementation of pairing-based cryptosys-tems,”J. Cryptology, 17: 321–334, 2004.
[8] P. Barreto, B. Libert, N. McCullagh and J. Quisquater,“E?cient and provably-secure identity-based signatures and signcryption from bilinear maps,”Proc. Asiacrypt’05,LNCS3788, 515-532, Springer-Verlag, 2005.
[9] P. Barreto, S. D. Galbraith, C. He′igeartaigh and M. Scott,“E?cient pairing computationon supersingular Abelian varieties,”Des Codes Crypt, 42(3): 239-271, 2007.
[10] M. Bellare and P. Rogaway,“Random oracles are practical: a paradigm for designing e?-cient protocols,”Proc. 1st ACM Conf. Computer and communications security, 62–73,ACM Press, 1993.
[11] M. Bellare and P. Rogaway,“Provably secure session key distribution: the three partycase,”Proc. Proceedings of the twenty-seventh annual ACM symposium on Theory ofcomputing, 57 - 66, ACM Press, 1995.
[12] M. Bellare, C. Namprempre and G. Neven.“Security proofs for identity-based identi-fication and signature Schemes,”http://www.cse.ucsd.edu/users/mihir/crypto-research-papers.html, Extended Abstract in Advances in Proc. Eurocrypt’04, LNCS3027, 268-286,Springer-Verlag, 2004.
[13] Z. Benenson, N. Gedicke and O. Raivio,“Realizing robust user authenticationin sensor networks,”Proc. Real-World Wireless Sensor Networks (REALWSN’05),http://citeseer.ist.psu.edu/benenson05realizing.html, 2005.
[14] D. Boneh and M. Franklin,“Identity-Based encryption from the Weil pairing”, Proc.CRYPTO’01, LNCS2139, 213-229, Springer-Verlag, 2001.
[15] D. Boneh, B. Lynn and H. Shacham,“Short signatures from the Weil pairing,”J. ofCryptology, 17(4): 297-319, 2004.
[16] C. Boyd and D. G. Park,“Public key protocols for wireless communications,”Proc. Int.lConf. Information Security and Cryptology, 47-57, 1998.
[17] M. Burrows, M. Abadi, and R. Needham,“A Logic of Authentication,”ACM Trans.Computer Systems, 8(1): 18-36, 1990.
[18] A. T. Campbell, S. B. Eisenman, N. D. Lane, E. Miluzzo and R. A. Peterson,“People-centric urban sensing,”Proc. 2nd annual international workshop on Wireless internet,http://www.cs.dartmouth.edu/ niclane/pubs/ metrosense.pdf, 2006.
[19] R. Canetti and H. Krawczyk,“Analysis of key-exchange protocols and their use for buildingsecure channels,”Proc. Eurocrypt’01, LNCS2045, 453-474, Springer-Verlag, 2001.
[20] R. Canetti,“Universally Composable Security: A new paradigm for cryptographic proto-cols,”42nd IEEE Symposium on Foundations of Computer Science (FOCS’01), 136-145,IEEE Press, 2001.
[21] J. C. Cha and J. H. Cheon,“An identity-based signature from gap Di?e-Hellman groups,”Proc. PKC’03, LNCS2567, 18-30, Springer-Verlag, 2003.
[22] C .K. Chan and L. M. Cheng,“Cryptanalysis of a remote user authentication schemeusing smart cards,”IEEE Trans. Consumer Electronics, 49(4): 1243-1245, 2003.
[23] S. Chang, S. Shieh, W. Lin and C. Hsieh,“An e?cient broadcast authentication schemein wireless sensor networks,”Proc. ASSIACCS’06 311-320, ACM Press, 2006.
[24] L. Chen and C. Kudla.“Identity based authenticated key agreement protocols from pair-ing,”Computer Security Foundations workshop, 219-233, IEEE Press, 2003.
[25] L. Chen, Z. Cheng and N. P. Smart,“Identity-based key agreement protocols from pairings,”Int.J.Inf.Secur, 6: 213-241, 2007.
[26]陈伟东,“安全协议的可证明安全性研究,”中国科学院电子学研究所博士论文, 2006.
[27] Z. Cheng, L. Chen, R. Comley, and Q. Tang,“Identity-Based Key Agree-ment with Unilateral Identity Privacy Using Pairings,”http://www. cite-seer.ist.psu.edu/cheng05identitybased.html, 2005.
[28]程相国,“基于双线性对的签名体制的研究,”西安电子科技大学博士论文, 2006.
[29] Z. Cheng,“Pairng-based cryptosystems and key exchange protocols,”Ph.D Thesis ofMiddlesex University, 2007.
[30] K. Y. Choi, J. Y. Hwang and D. H. Lee,“E?cient ID-based group key agreement withbilinear maps,”Proc. PKC’04, LNCS2947, 130-144, 2004.
[31] K. Y. Choi,J. H. Park, J. Y. Hwang and D. H. Lee,“E?cient Certificateless SignatureSchemes,”Proc. ACNS’07, LNCS4521, 443–458, Springer-verlag, 2007.
[32] Y. Choie, E. Jeong and E. Lee,“E?cient identity-based authenticated key agreementprotocol from pairings,”Appl. Math. Comput., 162: 179-188, 2005.
[33] J. Chou, Y. Chen and J. Lin,“Improvement of Manik et al.’s remote user authenticationscheme,”http://eprint.iacr.org/2005/450, 2005.
[34] S. Chung and K. Chae,”An E?cient Public-key based Authentication with Mobile-IP inE-commerce,”Proc. Int. Conf. Parallel and Processing, 2000.
[35] W. Dai,”Crypto++ 5.2.1 Benchmarks,”http://www.eskimo.com/ weidai/bench-marks.html, 2004.
[36] L. Dang, W. Kou, X. Cao, J. Zhang and J. Liu,“Improvement of Mobile IP Reg-istration Using Self-certified Public Keys”, http://doi.ieeecomputersociety.org/10.1109/TMC.2007.70741, 2007.
[37] M. L. Das, A. Saxena, V. P. Gulati and D. B. Phatak,“A novel remote user authenticationscheme using bilinear pairings,”Computers & Security, 25(3): 184-189,2006.
[38] D. Dolev and A. C. Yao,“On the Security of Public Key Protocols,”IEEE Trans.Information Theory, 29(2): 198-208, 1983.
[39] W. Di?e, M. E. Hellman,“New directions in cryptography,”IEEE Trans.on InformationTheory, IT-22(6): 644-654, 1976.
[40] W. Du, R. Wang and P. Ning,“An e?cient scheme for authenticating public keys in sensornetworks,”Proc.of MobiHoc’05, 58-67, ACM Press, 2005.
[41] A. Enge, Eliptic curves and their applications to cryptography: an introduction, KluwerAcademic Publishers, 1999.
[42]范红,“安全协议形式化分析理论与方法,”中国人民解放军信息工程大学博士学位论文, 2003.
[43] G. Fang and G. Huang,“Improvement of recently proposed remote user authenticationschemes,”http://eprint.iacr.org/2005/450, 2005.
[44] G. Horn and B. Preneel,“Authentication and payment in future mobile systems,”Proc.5th European Symposium on Research in Computer Security, 277–293, 1998.
[45] S. Galbraith, K. G. Paterson and N. P. Smart,“Pairings for cryptographers,”http://eprint.iacr.org/2006/165, 2006.
[46] D. Galindo, J. Herranz and E. Kiltz,“On the generic construction of identity-based signa-tures with additional properties”, Proc. ASIACRYPT’06, LNCS4284, 178-193, Springer-verlag, 2006.
[47] S. Goldwasser and S. Micali,“Probabilisitic Encryption,”J. of Computer and SystemSciences, 28(3): 270-299, 1984.
[48] M. C. Gorantla and A. Saxena,“An e?cient certificateless signature scheme,”Proc. CIS’05, LNAI3802, 110-116, Springer-Verlag, 2005.
[49] T. Goriparthi, M. Dasa , A. Negi and A. Saxena,“Cryptanalysis of recently proposedRemote User AuthenticationSchemes,”http://eprint.iacr.org/2005/450, 2005.
[50] N. Gura, A.Patel and A. Wander,“Comparing elliptic curve cryptography and RSA on8-bit CPUs,”Proc. CHES’04, LNCS3156, 119–132, Springer-verlag, 2004.
[51] F. Hess,“E?cient identity based signature schemes based on pairings,”9th Int’l workshopon selected area of cryptography, 310-324, 2004.
[52] G. Horn, K. M. Martin , and C. J. Mitchell,“Authentication protocols for mobile networkenvironment value-Added services,”IEEE Trans. Vehicular Technology, 51(2):383-392,2002.
[53] L. Hu, Y. Yang and X. Niu,“Improved Remote User Authentication Scheme PreservingUser Anonymity,”Proc. CNSR’07, 323-328, 2007.
[54] M. S. Hwang and L. H. Li,“A new remote user authentication scheme using smart card,”IEEE Trans. Consum. Electr., 46(1): 28–30, 2000.
[55] IEEE P1363a Standard,“Standard specifications for public key cryptography,”http://grouper.ieee.org/groups/1363/index.html, 2000.
[56] IEEE P1363.3,“Identity-based public key cryptography,”http://grouper.ieee.org/groups/1363/IBC/index.html, 2006.
[57] 2.4GHZ IEEE 802.15.4/ZigBee-ready RF Transceiver, http://focus.ti.com/lit/ds/ sym-link/cc2420.pdf, 2007.
[58] K. Ireland and M. Rosen, A classical introduction to modern number theory, Springer-Verlag, 1990.
[59] ISO/IEC 11770-3:1999,“Information technology―security techniques―key manage-ment―part 3: mechanisms using asymmetric techniques”.
[60] K. C. Jeong, H. Choo and S.Y. Ha,”ID-based secure session key exchange scheme to reduceregistration delay with AAA in mobile IP networks,”Proc. ICCS 2005, LNCS3515, 510-518, Springer-Verlag, 2005.
[64] C. Jiang, B. Li and H. Xu,”An e?cient scheme for User Authentication in Wireless SensorNetworks,”Proc. AINAW’07, 438-442, IEEE Press, 2007.
[62] D. Johnson, A. Menezes and S. Vanstone,“The Elliptic Curve Digital Signature Algorithm(ECDSA),”Int’l J. of Information Security, 1(1): 36-63, 2001.
[63] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang,“A Remote User Authentication SchemeUsing Bilinear Pairings and ECC”, Proc. Intelligent Systems Design and ApplicationsISDA’06, 2, 1091-1094, 2006.
[64] C. Jiang, B. Li, H. Xu, C. Jiang, B. Li and H. Xu,“An e?cient scheme for User Authen-tication in Wireless Sensor Networks,”Proc. AINAW’07, 438-442, IEEE Press, 2007.
[65] A. Joux,“A one round protocol for tripartite Di?e-Hellman,”J. of Cryptology 17:263–276, 2004.
[66] W. Juang,“E?cient Password Authenticated Key Agreement Using Smart Cards,”Com-puters & Security, 23(2): 167-173, 2004.
[67] R. Kailar.“Accountability in Electronic Commerce Protocols,”IEEE Trans. SoftwareEngineering, 22(5): 313-328, 1996.
[68] H. Kim, S. Lee, K. Yoo and K. Daegu,“ID-based password authentication scheme usingsmart cards and fingerprints,”ACM SIGOPS Operating Systems Review, 37(4): 32-41,2003.
[69] L. Lamport,“Password authentication with insecure communication,”Comm. ACM,24(11): 770-772, 1981.
[70] B. G. Lee, D. H. Choi, H. G. Kim, S. W. Sohn, and K.-H. Park,”Mobile IP and WLANwith AAA authentication protocol using Identity-based cryptography,”Proc. IEEE ICT’03, 1, 597-603, IEEE Press, 2003.
[71] I. Liao, C. Lee and M. Hwang,“A password authentication scheme over insecure networks,”J. of Computer and System Sciences, 72: 727-740, 2006.
[72] Y. Liao, S. Wang,“A Secure and E?cient Scheme of Remote User Authentication basedon Bilinear Pairings”, Proc.TENCON’07, 1-4, IEEE Press, 2007.
[73] D. Liu and P. Ning,“Multi-levelμTESLA: broadcast authentication for distributed sensornetworks”, ACM Trans. Embedded Computing Syst., 3(4): 800-836, 2004.
[74]刘含,谷大武,石庆祖,“无线局域网中基于身份的密钥协商与鉴别方案,”上海交通大学学报,39(8): 1327-1330,2005.
[75] K. Lorincz, D. J. Malan, T. R. F. Fulford-Jones, A. Nawoj et.al,“Sensor networks foremergency response: challenges and opportunities,”IEEE Pervasive Computing, 3(4):16-23, 2004.
[76] R. Lu and Z. Cao,“E?cient remote user authentication scheme using smart card,”,Computer Networks, 49: 535-540, 2005.
[77] A. Mainwaring, J.Polastre, R. Szewczyk, D.Culler and J. Anderson,“Wireless sensornetworks for habitat monitoring,”Proc. WSNA’02, 88-97, IEEE Press, 2002.
[78] W. Mao著,王继林,伍前红译,现代密码学理论与实践,北京:电子工业出版社, 2004.
[79] N. McCullagh, P.S.L.M. Barreto,“A new two-party identity-based authenticated keyagreement,”Topics in Cryptology-CT-RSA 2005, LNCS3376, 262-274, Springer-Verlag,2005.
[80] A. J. Menezes, Elliptic curve public key cryptosystems, Kluwer Academic Publishers, 1993.
[81] A. J. Menezes, P. C. v. Oorschot and S. A. Vanstone, Handbook of Applied Cryptography,CRC Press, 1997.
[82]“MICA2 datasheet,”http://www.xbow.com/Products/Product pdf files/Wireless pdf/MICA2 Datasheet.pdf, 2006.
[83]“MICAz datasheet,”http://www.xbow.com/Products/Product pdf files/Wireless pdf/ MI-CAz Datasheet.pdf, 2006.
[84] A. Miyaji, M. Nakabayashi and S. Takano,“New explicit conditions of elliptic curve tracesfor FR-reduction,”IEIEC Transactions on Fundamentals, E84-A(5): 1234-1243, 2001.
[85] D. Naccache and J. Stern,“Signing on a Postcard,”Proc. of Financial Cryptography’00,LNCS1962, 121-135, Spriner-verlag, 2000.
[86] E. Okamoto,“Proposal for identity-based key distribution system,”Electron. Lett., 22:1283–1284, 1986.
[87] K. G. Paterson,“ID-based Signatures from Pairings on Elliptic Curves ,”ElectronicsLetters, 38(18): 1025-1026, 2002.
[88] T. P. Pedersen,“Electronic payments of small amounts,”Proc. Cambridge Workshop onSecurity Protocols, 59-68, 1996.
[89]彭华熹,冯登国,“无线匿名认证协议的匿名性缺陷和改进,”通信学报,27(9): 78-65, 2006.
[90] A. Perrig,“The BiBa one-time signature and broadcast authentication protocol,”Proc.CCS’01, 28-37, ACM Press, 2001.
[91] A. Perrig, R. Szewczyk, V. Wen, D. Culler and D. Tygar,“SPINS: security protocols forsensor networks,”ACM Wireless Networks, 8(5): 521-534, 2002.
[92] C. Perkins,“IP Mobility Support,”Request for Comments (RFC) 2002, 1996.
[93] C. Perkins,“IP Mobility Support for IPv4”, Request for Comments (RFC) 3344, 2002.
[94] H. Petersen and P. Horster,“Self-certified keys Concepts and Applications,”http://citeseer.ist.psu.edu/petersen97selfcertified.html.
[95] D. Pointcheval and J. Stern,“Security Proofs for Signature Schemes,”J. of Cryptology,12(3): 361-396, 2000.
[96] K. Ren, W. Lou, K. Kim, and R. Deng,“A Novel Privacy Preserving Authenticationand Access Control Scheme for Pervasive Computing Environments,”IEEE Trans. onVehicular Technology, 55(4): 1373-1384, 2006.
[97] K. Ren, W. Lou and Y. Zhang,“Multi-user broadcast authentication in wireless sensornetworks,”Proc. of SECON’07, 223-232, IEEE Press, 2007.
[98] K.Ren, W. Lou, K. Zeng and P.J. Moran,“On broadcast authentication in wireless sensornetworks”, IEEE Trans. on Wireless Commun., 6(11): 4136-4144, 2007.
[99] R. Sakai, K. Ohgishi and M. Kasahara,“Cryptosystems based on pairing,”Symposium onCryptography and Information Security, 2000.
[100] G. Shailaja, K. P. Kumar and A. Saxena,“Pairing based Mutual Authentication SchemeUsing Smart Cards”, http://eprint.iacr.org/2006/152, 2006.
[101] M. Scott,“ID-based password authentication scheme using smart cards and fingerprints,”ACM SIGOPS Operating Systems Review, 38(3):73 - 75, 2004.
[102] H. Shacham,“New Paradigms in Signature Schemes,”PhD Thesis, U. Stanford, 2005.
[103] A. Shamir,“Identity-based cryptosystems and signature schemes,”Proc. CRYPTO’84,LNCS176, 47-53, Springer-Verlag, 1984.
[104] W. G. Shieh and J. M. Wang,“E?cient remote mutual authentication and key agreement,”Computers & Security, 25: 72-77, 2006.
[105] K. Shim,“E?cient ID-based authenticated key agreement protocol based on the Weilpairing,”Electronics Letters, 39(8):653-654, 2003.
[106] N. P. Smart,“The Exact Security of ECIES in the Generic Group Model,”8th IMA Conf.cryptography and coding, 393-396, 2001.
[107] N. P. Smart,“An identity based authenticated key agreement protocol based on the Weilpairing,”Electronics Letters, 38: 630-632, 2002.
[108] R. Sakai, K. Ohgishi and M. Kasahara,“Cryptosysytems based on pairing,”Symposiumon Cryptography and Information Security-SCIS’00, 2000.
[109] S. Sufatrio and K.Y. Lam,”Mobile-IP Registration Protocol: a Security Attack and NewSecure Minimal Pubic-key based Authentication,”Proc. 1999 Int Symp. Parallel Archi-tectures, 1999.
[110] H. Sun, B. Hsieh,“Security analysis of Shim’s authenticated key agreement protocolsfrom pairings,”http://eprint,iacr.org/2003/113, 2003.
[111] K. Tanaka, and E. Okamoto,“Key distribution system for mail systems using ID-relatedinformation directory,”Comput. Secur. , 10:25–33, 1991.
[112]田野,张玉军,刘莹,李忠诚,“移动IPv6网络基于身份签名的快速认证方法,”软件学报,17(9):1980-1988, 2006.
[113]田野,张玉军,张瀚文,李忠诚,“移动IPv6网络基于身份的层次化接入认证机制,”计算机学报,30(6):906-914,2007.
[114] Y. M. Tseng, T. Y. Wu and J. D.Wu,“A mutual authentication and key exchange schemefrom bilinear pairings for low power computing devices”, Proc. COMPAC’07, 2, 700-710,IEEE Press, 2007.
[115] A. Wander, N. Gura, H. Eberle, V. Gupta and S. Shantz,“Energy analysis of public-keycryptography on small wireless devices,”Proc. IEEE PerCom’05, 324-328, IEEE Press,2005.
[116] S. J. Wang,“Anonymous Wireless Authentication on a Portable Cellular Mobile System,”IEEE Trans. on Computer, 53(10): 1317-1329, 2004.
[117] S. Blake-Wilson, D. Johnson, and A. Menezes,“Key agreement protocols and their securityanalysis,”Proc. 6th IMA Int’l Conf. on Cryptography and Coding, 30-45, 1997.
[118] S. Blake-Wilson, A. Menezes,“Entity Authentication and Authenticated Key TransportProtocols Employing Asymmetric Techniques”, Proc. the 5th International Workshop onSecurity Protocols, LNCS1361, 137-158, Springer-Verlag, 1997.
[119] C. Yang, W. Ma, X. Wang,“Novel remote user authentication scheme using bilinearpairings,”Proc. ATC’07, LNCS4610, 306-312, Springer-Verlag, 2007.
[120]杨庚,王江涛,程宏兵,容淳铭,“基于身份加密的无线传感器网络密钥分配方法,”电子学报,35(1):180-184, 2007.
[121] X. Yi,“An Identity-Based Signature Scheme from the Weil Pairing,”IEEE Comm. letters,7(2): 76-78, 2003.
[122] J.P. Yoo1, K. Kim, H. Choo, J. Lee, and J.S. Song,”Secure and Scalable Mobile IPRegistration Scheme using PKI,”LNCS2668, 220-229, Springer-Verlag, 2003.
[123] E. J. Yoon, E. K. Ryn, and K. Y. Yoo,“E?cient remote user authenticaiton schemebased on generalized ElGamal signature scheme,”IEEE Trans. Consumer. Electr., 50(3):568-570, 2004.
[124]禹勇,具有特殊性质的数字签名和签密方案,西安电子科技大学博士论文,2008.
[125] Q. Yuan and S. Li,“A new e?cient ID-based authenticated key agreement protocol,”http://eprint.iacr.org/2005/309, 2005.
[126] J. Zao, S. Kent, J. Gahm, G. Troxel, M. Condell, P. Helinek, N. Yuan, and I. Castineyra,”A Public-key based Secure Mobile IP,”Wireless Networks, 5(5): 373-390, 1999.
[127] F. Zhang and X. Chen,“Attack on an ID-based authenticated group key agreement schemefrom PKC 2004,”Information Processing Letters, 91(4): 191-193, 2004.
[128]张胜,徐国爱,胡正名,杨义先,周锡增,“基于身份公钥的移动IP认证方案,”北京邮电大学学报,28(3):86-88,2005.
[129] Z. Zhang, D. S. Wong, D. Feng,“Certificateless public-key signature: security model ande?cient construction,”Proc. ACNS’06, LNCS3989, 293-308, Springer-Verlag, 2006.
[130] Y. Zhang, W. Liu, Y. Fang,“Securing mobile Ad Hoc networks with certificateless publickeys,”IEEE Trans. Depend. & Secur. Comput., 3(4): 386-399, 2006.
[131] Y. Zhang, W. Liu, W. Lou, and Y. Fang,“MASK: anonymous on-demand routing inMobile Ad Hoc networks,”IEEE Trans. on Wireless Communications, 5(9): 2376-2385,2006.
[132] Y. Zhang, W. Liu, W. Lou, and Y. Fang,“Location-based compromise-tolerant securitymechanisms for wireless sensor networks,”IEEE J. Selected Areas in Communications,24(2): 247-272, 2006.
[133] Y. Zhang and Y. Fang,“A secure authentication and billing architecture for wireless meshnetworks,”Wireless Networks, 13(5): 663-678, 2007.
[134] J. Zhou and K. Lam,“Undeniable billing in mobile communication,”Proc. 4th ACM/IEEEInt’l Conf. Mobile computing and networking, 284-290, 1998.
[135] Y. Zhou and Y. Fang,“Babra: Batch-based broadcast authentication in wireless sensornetworks,”Proc. IEEE GLOBECOM’06, 1-5, IEEE Press, 2006.
[136] R.W. Zhu, G. Yang, D.S.Wong,“An e?cient identity-based key exchange protocol withKGS forward secrecy for low-power devices,”Theoretical Computer Science, 378: 198-207,2007.
[137] F. Zhang, R. Safavi-Naini, and W. Susilo,“An E?cient Signature Scheme from BilinearPairings and Its Applications,”Proc. PKC’04, LNCS2947, 277–290, Springer-Verlag,2004.
[2] I. Akyildiz, W. Su, Y. Sankarasubramaniam and E. Cayirci,“A survey on sensor net-works,”IEEE Commun. Magazine, 40(8):102-116, 2002.
[3] S. Al-Riyami and K. G. Paterson,“Certificateless public key cryptography,”Proc. ASI-ACRYPT’03, LNCS2894, 452-473, Springer-Verlag, 2003.
[4] A. O. L. Atkin and F. Morain,“Elliptic curves and primality proving,”Mathematics ofComputation, 61(203):29-68, 1993.
[5] J. Baek, J. Newmarch, R. Safavi-Naini1 and W. Susilo,“A survey of identity-based cryp-tography,”Proc.AUUG04, 95-102,IEEE Press, 2004.
[6] F. Bao, R. H. Deng and H. Zhu,“Variations of Di?e-Hellman problem,”Proc. ICS’03,301-312, IEEE Press, 2003.
[7] P. Barreto, Ben Lynn and M. Scott,“E?cient implementation of pairing-based cryptosys-tems,”J. Cryptology, 17: 321–334, 2004.
[8] P. Barreto, B. Libert, N. McCullagh and J. Quisquater,“E?cient and provably-secure identity-based signatures and signcryption from bilinear maps,”Proc. Asiacrypt’05,LNCS3788, 515-532, Springer-Verlag, 2005.
[9] P. Barreto, S. D. Galbraith, C. He′igeartaigh and M. Scott,“E?cient pairing computationon supersingular Abelian varieties,”Des Codes Crypt, 42(3): 239-271, 2007.
[10] M. Bellare and P. Rogaway,“Random oracles are practical: a paradigm for designing e?-cient protocols,”Proc. 1st ACM Conf. Computer and communications security, 62–73,ACM Press, 1993.
[11] M. Bellare and P. Rogaway,“Provably secure session key distribution: the three partycase,”Proc. Proceedings of the twenty-seventh annual ACM symposium on Theory ofcomputing, 57 - 66, ACM Press, 1995.
[12] M. Bellare, C. Namprempre and G. Neven.“Security proofs for identity-based identi-fication and signature Schemes,”http://www.cse.ucsd.edu/users/mihir/crypto-research-papers.html, Extended Abstract in Advances in Proc. Eurocrypt’04, LNCS3027, 268-286,Springer-Verlag, 2004.
[13] Z. Benenson, N. Gedicke and O. Raivio,“Realizing robust user authenticationin sensor networks,”Proc. Real-World Wireless Sensor Networks (REALWSN’05),http://citeseer.ist.psu.edu/benenson05realizing.html, 2005.
[14] D. Boneh and M. Franklin,“Identity-Based encryption from the Weil pairing”, Proc.CRYPTO’01, LNCS2139, 213-229, Springer-Verlag, 2001.
[15] D. Boneh, B. Lynn and H. Shacham,“Short signatures from the Weil pairing,”J. ofCryptology, 17(4): 297-319, 2004.
[16] C. Boyd and D. G. Park,“Public key protocols for wireless communications,”Proc. Int.lConf. Information Security and Cryptology, 47-57, 1998.
[17] M. Burrows, M. Abadi, and R. Needham,“A Logic of Authentication,”ACM Trans.Computer Systems, 8(1): 18-36, 1990.
[18] A. T. Campbell, S. B. Eisenman, N. D. Lane, E. Miluzzo and R. A. Peterson,“People-centric urban sensing,”Proc. 2nd annual international workshop on Wireless internet,http://www.cs.dartmouth.edu/ niclane/pubs/ metrosense.pdf, 2006.
[19] R. Canetti and H. Krawczyk,“Analysis of key-exchange protocols and their use for buildingsecure channels,”Proc. Eurocrypt’01, LNCS2045, 453-474, Springer-Verlag, 2001.
[20] R. Canetti,“Universally Composable Security: A new paradigm for cryptographic proto-cols,”42nd IEEE Symposium on Foundations of Computer Science (FOCS’01), 136-145,IEEE Press, 2001.
[21] J. C. Cha and J. H. Cheon,“An identity-based signature from gap Di?e-Hellman groups,”Proc. PKC’03, LNCS2567, 18-30, Springer-Verlag, 2003.
[22] C .K. Chan and L. M. Cheng,“Cryptanalysis of a remote user authentication schemeusing smart cards,”IEEE Trans. Consumer Electronics, 49(4): 1243-1245, 2003.
[23] S. Chang, S. Shieh, W. Lin and C. Hsieh,“An e?cient broadcast authentication schemein wireless sensor networks,”Proc. ASSIACCS’06 311-320, ACM Press, 2006.
[24] L. Chen and C. Kudla.“Identity based authenticated key agreement protocols from pair-ing,”Computer Security Foundations workshop, 219-233, IEEE Press, 2003.
[25] L. Chen, Z. Cheng and N. P. Smart,“Identity-based key agreement protocols from pairings,”Int.J.Inf.Secur, 6: 213-241, 2007.
[26]陈伟东,“安全协议的可证明安全性研究,”中国科学院电子学研究所博士论文, 2006.
[27] Z. Cheng, L. Chen, R. Comley, and Q. Tang,“Identity-Based Key Agree-ment with Unilateral Identity Privacy Using Pairings,”http://www. cite-seer.ist.psu.edu/cheng05identitybased.html, 2005.
[28]程相国,“基于双线性对的签名体制的研究,”西安电子科技大学博士论文, 2006.
[29] Z. Cheng,“Pairng-based cryptosystems and key exchange protocols,”Ph.D Thesis ofMiddlesex University, 2007.
[30] K. Y. Choi, J. Y. Hwang and D. H. Lee,“E?cient ID-based group key agreement withbilinear maps,”Proc. PKC’04, LNCS2947, 130-144, 2004.
[31] K. Y. Choi,J. H. Park, J. Y. Hwang and D. H. Lee,“E?cient Certificateless SignatureSchemes,”Proc. ACNS’07, LNCS4521, 443–458, Springer-verlag, 2007.
[32] Y. Choie, E. Jeong and E. Lee,“E?cient identity-based authenticated key agreementprotocol from pairings,”Appl. Math. Comput., 162: 179-188, 2005.
[33] J. Chou, Y. Chen and J. Lin,“Improvement of Manik et al.’s remote user authenticationscheme,”http://eprint.iacr.org/2005/450, 2005.
[34] S. Chung and K. Chae,”An E?cient Public-key based Authentication with Mobile-IP inE-commerce,”Proc. Int. Conf. Parallel and Processing, 2000.
[35] W. Dai,”Crypto++ 5.2.1 Benchmarks,”http://www.eskimo.com/ weidai/bench-marks.html, 2004.
[36] L. Dang, W. Kou, X. Cao, J. Zhang and J. Liu,“Improvement of Mobile IP Reg-istration Using Self-certified Public Keys”, http://doi.ieeecomputersociety.org/10.1109/TMC.2007.70741, 2007.
[37] M. L. Das, A. Saxena, V. P. Gulati and D. B. Phatak,“A novel remote user authenticationscheme using bilinear pairings,”Computers & Security, 25(3): 184-189,2006.
[38] D. Dolev and A. C. Yao,“On the Security of Public Key Protocols,”IEEE Trans.Information Theory, 29(2): 198-208, 1983.
[39] W. Di?e, M. E. Hellman,“New directions in cryptography,”IEEE Trans.on InformationTheory, IT-22(6): 644-654, 1976.
[40] W. Du, R. Wang and P. Ning,“An e?cient scheme for authenticating public keys in sensornetworks,”Proc.of MobiHoc’05, 58-67, ACM Press, 2005.
[41] A. Enge, Eliptic curves and their applications to cryptography: an introduction, KluwerAcademic Publishers, 1999.
[42]范红,“安全协议形式化分析理论与方法,”中国人民解放军信息工程大学博士学位论文, 2003.
[43] G. Fang and G. Huang,“Improvement of recently proposed remote user authenticationschemes,”http://eprint.iacr.org/2005/450, 2005.
[44] G. Horn and B. Preneel,“Authentication and payment in future mobile systems,”Proc.5th European Symposium on Research in Computer Security, 277–293, 1998.
[45] S. Galbraith, K. G. Paterson and N. P. Smart,“Pairings for cryptographers,”http://eprint.iacr.org/2006/165, 2006.
[46] D. Galindo, J. Herranz and E. Kiltz,“On the generic construction of identity-based signa-tures with additional properties”, Proc. ASIACRYPT’06, LNCS4284, 178-193, Springer-verlag, 2006.
[47] S. Goldwasser and S. Micali,“Probabilisitic Encryption,”J. of Computer and SystemSciences, 28(3): 270-299, 1984.
[48] M. C. Gorantla and A. Saxena,“An e?cient certificateless signature scheme,”Proc. CIS’05, LNAI3802, 110-116, Springer-Verlag, 2005.
[49] T. Goriparthi, M. Dasa , A. Negi and A. Saxena,“Cryptanalysis of recently proposedRemote User AuthenticationSchemes,”http://eprint.iacr.org/2005/450, 2005.
[50] N. Gura, A.Patel and A. Wander,“Comparing elliptic curve cryptography and RSA on8-bit CPUs,”Proc. CHES’04, LNCS3156, 119–132, Springer-verlag, 2004.
[51] F. Hess,“E?cient identity based signature schemes based on pairings,”9th Int’l workshopon selected area of cryptography, 310-324, 2004.
[52] G. Horn, K. M. Martin , and C. J. Mitchell,“Authentication protocols for mobile networkenvironment value-Added services,”IEEE Trans. Vehicular Technology, 51(2):383-392,2002.
[53] L. Hu, Y. Yang and X. Niu,“Improved Remote User Authentication Scheme PreservingUser Anonymity,”Proc. CNSR’07, 323-328, 2007.
[54] M. S. Hwang and L. H. Li,“A new remote user authentication scheme using smart card,”IEEE Trans. Consum. Electr., 46(1): 28–30, 2000.
[55] IEEE P1363a Standard,“Standard specifications for public key cryptography,”http://grouper.ieee.org/groups/1363/index.html, 2000.
[56] IEEE P1363.3,“Identity-based public key cryptography,”http://grouper.ieee.org/groups/1363/IBC/index.html, 2006.
[57] 2.4GHZ IEEE 802.15.4/ZigBee-ready RF Transceiver, http://focus.ti.com/lit/ds/ sym-link/cc2420.pdf, 2007.
[58] K. Ireland and M. Rosen, A classical introduction to modern number theory, Springer-Verlag, 1990.
[59] ISO/IEC 11770-3:1999,“Information technology―security techniques―key manage-ment―part 3: mechanisms using asymmetric techniques”.
[60] K. C. Jeong, H. Choo and S.Y. Ha,”ID-based secure session key exchange scheme to reduceregistration delay with AAA in mobile IP networks,”Proc. ICCS 2005, LNCS3515, 510-518, Springer-Verlag, 2005.
[64] C. Jiang, B. Li and H. Xu,”An e?cient scheme for User Authentication in Wireless SensorNetworks,”Proc. AINAW’07, 438-442, IEEE Press, 2007.
[62] D. Johnson, A. Menezes and S. Vanstone,“The Elliptic Curve Digital Signature Algorithm(ECDSA),”Int’l J. of Information Security, 1(1): 36-63, 2001.
[63] Z. Jia, Y. Zhang, H. Shao, Y. Lin and J. Wang,“A Remote User Authentication SchemeUsing Bilinear Pairings and ECC”, Proc. Intelligent Systems Design and ApplicationsISDA’06, 2, 1091-1094, 2006.
[64] C. Jiang, B. Li, H. Xu, C. Jiang, B. Li and H. Xu,“An e?cient scheme for User Authen-tication in Wireless Sensor Networks,”Proc. AINAW’07, 438-442, IEEE Press, 2007.
[65] A. Joux,“A one round protocol for tripartite Di?e-Hellman,”J. of Cryptology 17:263–276, 2004.
[66] W. Juang,“E?cient Password Authenticated Key Agreement Using Smart Cards,”Com-puters & Security, 23(2): 167-173, 2004.
[67] R. Kailar.“Accountability in Electronic Commerce Protocols,”IEEE Trans. SoftwareEngineering, 22(5): 313-328, 1996.
[68] H. Kim, S. Lee, K. Yoo and K. Daegu,“ID-based password authentication scheme usingsmart cards and fingerprints,”ACM SIGOPS Operating Systems Review, 37(4): 32-41,2003.
[69] L. Lamport,“Password authentication with insecure communication,”Comm. ACM,24(11): 770-772, 1981.
[70] B. G. Lee, D. H. Choi, H. G. Kim, S. W. Sohn, and K.-H. Park,”Mobile IP and WLANwith AAA authentication protocol using Identity-based cryptography,”Proc. IEEE ICT’03, 1, 597-603, IEEE Press, 2003.
[71] I. Liao, C. Lee and M. Hwang,“A password authentication scheme over insecure networks,”J. of Computer and System Sciences, 72: 727-740, 2006.
[72] Y. Liao, S. Wang,“A Secure and E?cient Scheme of Remote User Authentication basedon Bilinear Pairings”, Proc.TENCON’07, 1-4, IEEE Press, 2007.
[73] D. Liu and P. Ning,“Multi-levelμTESLA: broadcast authentication for distributed sensornetworks”, ACM Trans. Embedded Computing Syst., 3(4): 800-836, 2004.
[74]刘含,谷大武,石庆祖,“无线局域网中基于身份的密钥协商与鉴别方案,”上海交通大学学报,39(8): 1327-1330,2005.
[75] K. Lorincz, D. J. Malan, T. R. F. Fulford-Jones, A. Nawoj et.al,“Sensor networks foremergency response: challenges and opportunities,”IEEE Pervasive Computing, 3(4):16-23, 2004.
[76] R. Lu and Z. Cao,“E?cient remote user authentication scheme using smart card,”,Computer Networks, 49: 535-540, 2005.
[77] A. Mainwaring, J.Polastre, R. Szewczyk, D.Culler and J. Anderson,“Wireless sensornetworks for habitat monitoring,”Proc. WSNA’02, 88-97, IEEE Press, 2002.
[78] W. Mao著,王继林,伍前红译,现代密码学理论与实践,北京:电子工业出版社, 2004.
[79] N. McCullagh, P.S.L.M. Barreto,“A new two-party identity-based authenticated keyagreement,”Topics in Cryptology-CT-RSA 2005, LNCS3376, 262-274, Springer-Verlag,2005.
[80] A. J. Menezes, Elliptic curve public key cryptosystems, Kluwer Academic Publishers, 1993.
[81] A. J. Menezes, P. C. v. Oorschot and S. A. Vanstone, Handbook of Applied Cryptography,CRC Press, 1997.
[82]“MICA2 datasheet,”http://www.xbow.com/Products/Product pdf files/Wireless pdf/MICA2 Datasheet.pdf, 2006.
[83]“MICAz datasheet,”http://www.xbow.com/Products/Product pdf files/Wireless pdf/ MI-CAz Datasheet.pdf, 2006.
[84] A. Miyaji, M. Nakabayashi and S. Takano,“New explicit conditions of elliptic curve tracesfor FR-reduction,”IEIEC Transactions on Fundamentals, E84-A(5): 1234-1243, 2001.
[85] D. Naccache and J. Stern,“Signing on a Postcard,”Proc. of Financial Cryptography’00,LNCS1962, 121-135, Spriner-verlag, 2000.
[86] E. Okamoto,“Proposal for identity-based key distribution system,”Electron. Lett., 22:1283–1284, 1986.
[87] K. G. Paterson,“ID-based Signatures from Pairings on Elliptic Curves ,”ElectronicsLetters, 38(18): 1025-1026, 2002.
[88] T. P. Pedersen,“Electronic payments of small amounts,”Proc. Cambridge Workshop onSecurity Protocols, 59-68, 1996.
[89]彭华熹,冯登国,“无线匿名认证协议的匿名性缺陷和改进,”通信学报,27(9): 78-65, 2006.
[90] A. Perrig,“The BiBa one-time signature and broadcast authentication protocol,”Proc.CCS’01, 28-37, ACM Press, 2001.
[91] A. Perrig, R. Szewczyk, V. Wen, D. Culler and D. Tygar,“SPINS: security protocols forsensor networks,”ACM Wireless Networks, 8(5): 521-534, 2002.
[92] C. Perkins,“IP Mobility Support,”Request for Comments (RFC) 2002, 1996.
[93] C. Perkins,“IP Mobility Support for IPv4”, Request for Comments (RFC) 3344, 2002.
[94] H. Petersen and P. Horster,“Self-certified keys Concepts and Applications,”http://citeseer.ist.psu.edu/petersen97selfcertified.html.
[95] D. Pointcheval and J. Stern,“Security Proofs for Signature Schemes,”J. of Cryptology,12(3): 361-396, 2000.
[96] K. Ren, W. Lou, K. Kim, and R. Deng,“A Novel Privacy Preserving Authenticationand Access Control Scheme for Pervasive Computing Environments,”IEEE Trans. onVehicular Technology, 55(4): 1373-1384, 2006.
[97] K. Ren, W. Lou and Y. Zhang,“Multi-user broadcast authentication in wireless sensornetworks,”Proc. of SECON’07, 223-232, IEEE Press, 2007.
[98] K.Ren, W. Lou, K. Zeng and P.J. Moran,“On broadcast authentication in wireless sensornetworks”, IEEE Trans. on Wireless Commun., 6(11): 4136-4144, 2007.
[99] R. Sakai, K. Ohgishi and M. Kasahara,“Cryptosystems based on pairing,”Symposium onCryptography and Information Security, 2000.
[100] G. Shailaja, K. P. Kumar and A. Saxena,“Pairing based Mutual Authentication SchemeUsing Smart Cards”, http://eprint.iacr.org/2006/152, 2006.
[101] M. Scott,“ID-based password authentication scheme using smart cards and fingerprints,”ACM SIGOPS Operating Systems Review, 38(3):73 - 75, 2004.
[102] H. Shacham,“New Paradigms in Signature Schemes,”PhD Thesis, U. Stanford, 2005.
[103] A. Shamir,“Identity-based cryptosystems and signature schemes,”Proc. CRYPTO’84,LNCS176, 47-53, Springer-Verlag, 1984.
[104] W. G. Shieh and J. M. Wang,“E?cient remote mutual authentication and key agreement,”Computers & Security, 25: 72-77, 2006.
[105] K. Shim,“E?cient ID-based authenticated key agreement protocol based on the Weilpairing,”Electronics Letters, 39(8):653-654, 2003.
[106] N. P. Smart,“The Exact Security of ECIES in the Generic Group Model,”8th IMA Conf.cryptography and coding, 393-396, 2001.
[107] N. P. Smart,“An identity based authenticated key agreement protocol based on the Weilpairing,”Electronics Letters, 38: 630-632, 2002.
[108] R. Sakai, K. Ohgishi and M. Kasahara,“Cryptosysytems based on pairing,”Symposiumon Cryptography and Information Security-SCIS’00, 2000.
[109] S. Sufatrio and K.Y. Lam,”Mobile-IP Registration Protocol: a Security Attack and NewSecure Minimal Pubic-key based Authentication,”Proc. 1999 Int Symp. Parallel Archi-tectures, 1999.
[110] H. Sun, B. Hsieh,“Security analysis of Shim’s authenticated key agreement protocolsfrom pairings,”http://eprint,iacr.org/2003/113, 2003.
[111] K. Tanaka, and E. Okamoto,“Key distribution system for mail systems using ID-relatedinformation directory,”Comput. Secur. , 10:25–33, 1991.
[112]田野,张玉军,刘莹,李忠诚,“移动IPv6网络基于身份签名的快速认证方法,”软件学报,17(9):1980-1988, 2006.
[113]田野,张玉军,张瀚文,李忠诚,“移动IPv6网络基于身份的层次化接入认证机制,”计算机学报,30(6):906-914,2007.
[114] Y. M. Tseng, T. Y. Wu and J. D.Wu,“A mutual authentication and key exchange schemefrom bilinear pairings for low power computing devices”, Proc. COMPAC’07, 2, 700-710,IEEE Press, 2007.
[115] A. Wander, N. Gura, H. Eberle, V. Gupta and S. Shantz,“Energy analysis of public-keycryptography on small wireless devices,”Proc. IEEE PerCom’05, 324-328, IEEE Press,2005.
[116] S. J. Wang,“Anonymous Wireless Authentication on a Portable Cellular Mobile System,”IEEE Trans. on Computer, 53(10): 1317-1329, 2004.
[117] S. Blake-Wilson, D. Johnson, and A. Menezes,“Key agreement protocols and their securityanalysis,”Proc. 6th IMA Int’l Conf. on Cryptography and Coding, 30-45, 1997.
[118] S. Blake-Wilson, A. Menezes,“Entity Authentication and Authenticated Key TransportProtocols Employing Asymmetric Techniques”, Proc. the 5th International Workshop onSecurity Protocols, LNCS1361, 137-158, Springer-Verlag, 1997.
[119] C. Yang, W. Ma, X. Wang,“Novel remote user authentication scheme using bilinearpairings,”Proc. ATC’07, LNCS4610, 306-312, Springer-Verlag, 2007.
[120]杨庚,王江涛,程宏兵,容淳铭,“基于身份加密的无线传感器网络密钥分配方法,”电子学报,35(1):180-184, 2007.
[121] X. Yi,“An Identity-Based Signature Scheme from the Weil Pairing,”IEEE Comm. letters,7(2): 76-78, 2003.
[122] J.P. Yoo1, K. Kim, H. Choo, J. Lee, and J.S. Song,”Secure and Scalable Mobile IPRegistration Scheme using PKI,”LNCS2668, 220-229, Springer-Verlag, 2003.
[123] E. J. Yoon, E. K. Ryn, and K. Y. Yoo,“E?cient remote user authenticaiton schemebased on generalized ElGamal signature scheme,”IEEE Trans. Consumer. Electr., 50(3):568-570, 2004.
[124]禹勇,具有特殊性质的数字签名和签密方案,西安电子科技大学博士论文,2008.
[125] Q. Yuan and S. Li,“A new e?cient ID-based authenticated key agreement protocol,”http://eprint.iacr.org/2005/309, 2005.
[126] J. Zao, S. Kent, J. Gahm, G. Troxel, M. Condell, P. Helinek, N. Yuan, and I. Castineyra,”A Public-key based Secure Mobile IP,”Wireless Networks, 5(5): 373-390, 1999.
[127] F. Zhang and X. Chen,“Attack on an ID-based authenticated group key agreement schemefrom PKC 2004,”Information Processing Letters, 91(4): 191-193, 2004.
[128]张胜,徐国爱,胡正名,杨义先,周锡增,“基于身份公钥的移动IP认证方案,”北京邮电大学学报,28(3):86-88,2005.
[129] Z. Zhang, D. S. Wong, D. Feng,“Certificateless public-key signature: security model ande?cient construction,”Proc. ACNS’06, LNCS3989, 293-308, Springer-Verlag, 2006.
[130] Y. Zhang, W. Liu, Y. Fang,“Securing mobile Ad Hoc networks with certificateless publickeys,”IEEE Trans. Depend. & Secur. Comput., 3(4): 386-399, 2006.
[131] Y. Zhang, W. Liu, W. Lou, and Y. Fang,“MASK: anonymous on-demand routing inMobile Ad Hoc networks,”IEEE Trans. on Wireless Communications, 5(9): 2376-2385,2006.
[132] Y. Zhang, W. Liu, W. Lou, and Y. Fang,“Location-based compromise-tolerant securitymechanisms for wireless sensor networks,”IEEE J. Selected Areas in Communications,24(2): 247-272, 2006.
[133] Y. Zhang and Y. Fang,“A secure authentication and billing architecture for wireless meshnetworks,”Wireless Networks, 13(5): 663-678, 2007.
[134] J. Zhou and K. Lam,“Undeniable billing in mobile communication,”Proc. 4th ACM/IEEEInt’l Conf. Mobile computing and networking, 284-290, 1998.
[135] Y. Zhou and Y. Fang,“Babra: Batch-based broadcast authentication in wireless sensornetworks,”Proc. IEEE GLOBECOM’06, 1-5, IEEE Press, 2006.
[136] R.W. Zhu, G. Yang, D.S.Wong,“An e?cient identity-based key exchange protocol withKGS forward secrecy for low-power devices,”Theoretical Computer Science, 378: 198-207,2007.
[137] F. Zhang, R. Safavi-Naini, and W. Susilo,“An E?cient Signature Scheme from BilinearPairings and Its Applications,”Proc. PKC’04, LNCS2947, 277–290, Springer-Verlag,2004.