网络匿名连接中的安全可靠性技术研究
|
摘要
为使在开放的互连网络环境中保持用户的身份匿名性,由David Chaum在八十年代提出了实现匿名(Anonymous Application)的技术,目前匿名技术已取得广泛应用。例如在Internet实现匿名的连接、匿名浏览、移动代理技术、电子支付的匿名控制等;其它的应用还包括匿名通信、匿名电子现金、匿名电子选举、匿名电子拍卖、匿名计算、匿名事务处理与系统和匿名信息存储与消息发布等。匿名网络(Anonymous Network Connections)是各类匿名技术在网络通信与应用的实现方法。随着网络引入了更多安全敏感的应用,如电子商务、政府的接入、军事通信领域的网络连接等,不但要依赖基础网络设施所提供信息安全的保证,而且还需要能保证用户的身份及部分网络实体在信息传输过程不被暴露。即抗击以跟踪为目的的流量分析攻击,实现网络通信与应用的匿名。匿名网是实现各种网络匿名应用的基本构件,通过匿名网络实现匿名,能为各类网络的匿名应用提供坚实的基础。洋葱路由和移动代理是匿名网络的关键技术,但在现有方案中存在着几个严重的缺陷,具体表现为:第一,洋葱路由方案并不能保证抗击以扰乱为目的的动态攻击,使其实现极其脆弱;第二,现行常规公钥密码所使用的签名-加密方法的计算低效率与需高效率执行的路由协议是不相称的,签名路由信息必然会导致网络的系统的运行效率降低;第三,要实现匿名路由,必须能保证实现安全的匿名路由分配管理、双向匿名路由分配管理和实时性的匿名路由分配;第四,由于移动代理的执行是离线操作,无法阻止攻击者窥探代理的签名和加密的密钥,以及签名和加密过程的执行操作,因此,保证移动代理签名和加密安全极为困难;第五,移动代理在开放的网络中漂移和运行,除了要防止以窥探为目的的被动攻击外,也需要防止以跟踪为目的的流量分析攻击,即要实现其漂移路径的匿名;第六,在开放网络的多方操作环境中,移动代理所在某个网络节点所采集的信息对于其它节点应该是保密的,应该能同时抵抗窥探和扰乱的双重攻击。这些问题的解决在现有的文献中或还没有见到,或只解决了部分问题,或所提方案效率很低,使在实际中不可实现。本文在认真总结和分析该领域已有成果的基础上,针对上面所提到的这些缺陷,采用密码学的方法,对匿名网络中可靠性安全的理论及应用做了进一步的研究,主要取得了以下研究成果:
1.在匿名网络连接协议的研究中,首次提出了可靠匿名路由的协议,消除了匿名路由协议抵抗主动攻击的缺陷,使匿名网络所提供的服务是有可靠质量保证的。
2.在研究了现阶段信息识别技术的基础上,首次提出了用第三方签密的方法构造可靠洋葱路由协议,使得在不接入匿名路由明文情况下能高效地执行
协议。
在分析了现有洋葱路由协议的基础上,首次明确地提出了洋葱路由是通过
原路由协议实现的匿名路由的分配过程,从而保证匿名路由的双向和实时
的分配。
在研究和分析了许多移动代理方案后,首次提出通过各节点之间可信的关
系保证移动代理的安全,从而避免了让移动代理携带签名和加密的密钥和
在不安全节点中执行签名和加密的困难,从而把密码学的签名和加密方法
直接引入了移动代理的实现方案中。
首次把可靠洋葱路由的方法应用于移动代理中,使移动代理的漂移路径的
匿名,从而避免遭受以跟踪为目的的流量分析攻击:
首次提出分段可验证签名的多信宿签密方案和分段可验证签名的多重签密
方案,既使移动代理的漂移路径取得匿名,也使移动代理在某节点所采集
信息对其它节点是匿名的。
在深入分析了匿名网络的实质问题后,首次提出了匿名路径的可靠信息传
送方案。
首次提出了采用前向签名与SmartCard方法实现的移动代理方案;把匿名
技术应用到电子商务中,首次提出了使用多群盲代理签名实现的分区代理
银行支付系统。
With the growth and acceptance of the Internet, there has been increased interest in maintaining anonymity in the network. Anonymous application, which has first been introduced by David Chaum from defining a mechanism for routing data through intermediate nodes, called mixes, in 1980s, works in various ways, such as anonymous connections, private web browsing, mobile agents and anonymity controlled electronic payment systems in the Internet, and such as Anonymous Communications, Anonymous Cash, Anonymous Elections, Anonymous Auctions, Anonymous Computations, Anonymous Transactions & Systems, and distributed information storage and anonymous publishing in the other fields. Anonymous network connections are applied in network layer by means of some anonymous techniques. With the introduction of services sensitive to security into in network, including in electronic commerce, in government affairs, in military communications, not only should the content of a conversation be protected from eavesdroppers by encryption integrated into many secure systems but also the identities of communicating parties and network entities should be hided from exposing to eavesdroppers, or from each other. The aim of anonymous connections in the network described here are designed to be resistant to traffic analysis and the anonymous applications should be implemented with the primitives for building anonymous connections. Although onion
routing and mobile agents are used as the important primitives, there are several severe
drawbacks in the current schemes. Firstly, Onion Routing schemes available can hide
information but can not prevent attacker from subversive attacks such as disturbing data packages, that is, the attacker do not want to know the contents of message being sent but make them confusion, which is fragile. Secondly, this standard use of public key cryptographic techniques for anonymous routing will reduce the whole network efficiency because their expensive computations disagree with the routing protocol. Thirdly, for any anonymous connection, a sequence of anonymous router in a route is strictly defined at connection setup and anonymous routing provides dynamic, bi-directional and near real time similar to TCP/IP sockets connections. Fourthly, mobile agents consist of software only that cannot prevent malicious hosts from spying at their secure key used in signature and encryption when they are executing their programs on the remote computers. Protecting mobile agents from malicious hosts is clearly a hard program. Fifthly, mobile agents are
autonomous programs, which, following a route, migrate through a network of sites to accomplish tasks on behalf of their owners, Not only protecting their secure keys but also safeguard an agent's route information that are strongly resistant to both eavesdropping and traffic analysis. Lastly, an agent's data collected on some host along the route should be kept secret to other hosts and they should be resistant to be both eavesdropped and tampered when they roam the network. They have not been mentioned, or there do not exist any a full and efficient solution in the literature available. Based on a detailed summarization and analysis of related literatures, in this thesis, a further research on in the literature available is done aiming at the drawbacks presented above, and the following results are gotten:
1. With respect to anonymous network connection schemes, an authenticated scheme of onion routing is present. This eliminates the defect that the protocols available cannot be resistant to active attacks to improve services supported by anonymous network connections
2. The authenticated onion routing protocol based on signcryption for third-party verification is first presented on the basis of making a summary of the current information authentication. In the case the protocol can operate efficiently without access to the plaintext of the routing packet.
3. An onion routing packet by means of the source routing protocol during building an anonymous conn
1.在匿名网络连接协议的研究中,首次提出了可靠匿名路由的协议,消除了匿名路由协议抵抗主动攻击的缺陷,使匿名网络所提供的服务是有可靠质量保证的。
2.在研究了现阶段信息识别技术的基础上,首次提出了用第三方签密的方法构造可靠洋葱路由协议,使得在不接入匿名路由明文情况下能高效地执行
协议。
在分析了现有洋葱路由协议的基础上,首次明确地提出了洋葱路由是通过
原路由协议实现的匿名路由的分配过程,从而保证匿名路由的双向和实时
的分配。
在研究和分析了许多移动代理方案后,首次提出通过各节点之间可信的关
系保证移动代理的安全,从而避免了让移动代理携带签名和加密的密钥和
在不安全节点中执行签名和加密的困难,从而把密码学的签名和加密方法
直接引入了移动代理的实现方案中。
首次把可靠洋葱路由的方法应用于移动代理中,使移动代理的漂移路径的
匿名,从而避免遭受以跟踪为目的的流量分析攻击:
首次提出分段可验证签名的多信宿签密方案和分段可验证签名的多重签密
方案,既使移动代理的漂移路径取得匿名,也使移动代理在某节点所采集
信息对其它节点是匿名的。
在深入分析了匿名网络的实质问题后,首次提出了匿名路径的可靠信息传
送方案。
首次提出了采用前向签名与SmartCard方法实现的移动代理方案;把匿名
技术应用到电子商务中,首次提出了使用多群盲代理签名实现的分区代理
银行支付系统。
With the growth and acceptance of the Internet, there has been increased interest in maintaining anonymity in the network. Anonymous application, which has first been introduced by David Chaum from defining a mechanism for routing data through intermediate nodes, called mixes, in 1980s, works in various ways, such as anonymous connections, private web browsing, mobile agents and anonymity controlled electronic payment systems in the Internet, and such as Anonymous Communications, Anonymous Cash, Anonymous Elections, Anonymous Auctions, Anonymous Computations, Anonymous Transactions & Systems, and distributed information storage and anonymous publishing in the other fields. Anonymous network connections are applied in network layer by means of some anonymous techniques. With the introduction of services sensitive to security into in network, including in electronic commerce, in government affairs, in military communications, not only should the content of a conversation be protected from eavesdroppers by encryption integrated into many secure systems but also the identities of communicating parties and network entities should be hided from exposing to eavesdroppers, or from each other. The aim of anonymous connections in the network described here are designed to be resistant to traffic analysis and the anonymous applications should be implemented with the primitives for building anonymous connections. Although onion
routing and mobile agents are used as the important primitives, there are several severe
drawbacks in the current schemes. Firstly, Onion Routing schemes available can hide
information but can not prevent attacker from subversive attacks such as disturbing data packages, that is, the attacker do not want to know the contents of message being sent but make them confusion, which is fragile. Secondly, this standard use of public key cryptographic techniques for anonymous routing will reduce the whole network efficiency because their expensive computations disagree with the routing protocol. Thirdly, for any anonymous connection, a sequence of anonymous router in a route is strictly defined at connection setup and anonymous routing provides dynamic, bi-directional and near real time similar to TCP/IP sockets connections. Fourthly, mobile agents consist of software only that cannot prevent malicious hosts from spying at their secure key used in signature and encryption when they are executing their programs on the remote computers. Protecting mobile agents from malicious hosts is clearly a hard program. Fifthly, mobile agents are
autonomous programs, which, following a route, migrate through a network of sites to accomplish tasks on behalf of their owners, Not only protecting their secure keys but also safeguard an agent's route information that are strongly resistant to both eavesdropping and traffic analysis. Lastly, an agent's data collected on some host along the route should be kept secret to other hosts and they should be resistant to be both eavesdropped and tampered when they roam the network. They have not been mentioned, or there do not exist any a full and efficient solution in the literature available. Based on a detailed summarization and analysis of related literatures, in this thesis, a further research on in the literature available is done aiming at the drawbacks presented above, and the following results are gotten:
1. With respect to anonymous network connection schemes, an authenticated scheme of onion routing is present. This eliminates the defect that the protocols available cannot be resistant to active attacks to improve services supported by anonymous network connections
2. The authenticated onion routing protocol based on signcryption for third-party verification is first presented on the basis of making a summary of the current information authentication. In the case the protocol can operate efficiently without access to the plaintext of the routing packet.
3. An onion routing packet by means of the source routing protocol during building an anonymous conn
引文
[1] 蔡吉人.网络与信息安全.信息安全技术与产业发展研讨会论文集,范兴元主编,中国武汉,2000:4-6.
[2] 吴世忠,祝世雄,张文政等译.应用密码学——协议、算法与C源程序.Bruce Schneier著,北京,机械工业出版社,2000.
[3] 王育民,何大可.保密学——基础与应用.西安,西安电子科技大学出版社,1990.
[4] 王育民,刘建伟.通信网的安全——理论与技术.西安,西安电子科技大学出版社,1999.
[5] Menezes A J, Van Oorschot P C, Vanstone S A. The Handbook of Applied Cryptography. New York, CRC Press, 1996.
[6] Stallings W. Cryptography and Network Security. Second Edition. New Jersey, Prentice Hall, 1998.
[7] Preneel B. Cryptographic primitives for information authentication --state of the art. In "State of the Art in Applied Cryptography—— COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin : Springer-Verlag, 1998: 49-104.
[8] Verschuren J. Security of computer networks. In"State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Pijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998:163-185.
[9] Fumy W. Internet security protocols. In "State of the Art in Applied Cryptography COSIC'97 Course", Preneel B, Rijmen Veds., LNCS 1528, Berlin: Springer-Verlag, 1998:186-208.
[10] Vandenwauver M, Jorissen F. Securing Internet electronic mail. In"State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998: 209-223.
[11] Preneel B, Rijmen V, Bosselaers A. Recent developments in the design of conventional cryptographic algorithms. In "State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998: 105-130.
[12] 谢希仁.计算机网络.大连,大连理工大学出版社,1989.
[13] Bertsekas, D, Gallager R. Data network(Second edition), International Editions. Prentice-Hall, 1999.
[14]熊桂喜,王小虎等译.计算机网络(第三版).清华大学出版社,1998.
[15]杨世平等.SDH光同步数字传输设备与工程应用.人民邮电出版社,2000.
[16]Diffie W. Network security——problems and approaches, in"Proceedings of the National Communication Forum", 1984: 292-314.
[17]Hearnder (Ed). A Handbook of Computer Security. Kogan Page limited, 1987.
[18]Nessett D M. Factors affecting distributed system security. In "Proceedings of IEEE Symposium on Security and Privacy",1996: 204-222.
[19]Walker S T. Network security overview. In "Proceedings of the 1985 Syposium on Security and Privacy",IEEE Computer Society, 1985: 62-67.
[20]Parcker T A. Secuity in open system——a report on the standard work of ECMA's TC32/TGg. Proceedings of 10th National Computer Security Conference, 1987: 21-24.
[21]王晓鸣.分布式系统中的安全访问控制.通信保密,No.4,1996:16-21.
[22]ISO International Standard 7498, Open systems interconnection basic reference Model, 1983.
[23]Open systems interconnection basic reference model, Part 1:Basic reference model, ISO 7498-1(CCITT X. 200),Melbourne, 1988.
[24]ISO international standard 7498-2, Open systems interconnection basic reference model-part 2: security architecture.
[25]Verschuren J, Govaerts R, Vandewalle J. ISO-OSI security architecture, Computer Security and Industrial Cryptography, LNCS ESAT Course, Belgium, 1991: 179-192.
[26]Fumy W. (Local Area) Network security. Computer Security and Industrial Cryptography, LNCS EAST Course, Belgium, 1991: 211-226.
[27]Martin D M. Local anonymity in the Internet (Dissertation). Boston University Graduate School of arts and Sciences: 4.
[28]Shannon C E. A mathematical theory of communication. Bell System Technical Journal, 27, 1948: 379-423, 623-656.
[29]Shannon C E. Communication theory of secrecy systems. Bell System Technical Journal, 28,1949: 656-715.
[30]Diffie W, Hellman M E. New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 1976:644-654.
[31]Rivest R L, Shamir A, Adleman. A method for obtaining digital signatures
and public-key cryptosysteras. Communications of the ACM, 21 (2) , 1978: 120-126.
[32] Rivest R L. Cryptography. Handbook of Theoretical Computer Science, van Leeuwen J ed., Elsevier, 1990: 717-755.
[33] Gong L. Optimal Authentication protocols resistant to password guessing attacks. In "Proceedings of IEEE Computer Security Foundations Workshop Ⅷ", IEEE Press, 1995: 24-29.
[34] Neuman B C, Theodore Ts. A authentication service for compute network. IEEE Communication Magazine, 32(9) , 1994: 33-38.
[35] Needham R M, Schroder M D. Using encryption authentication in large networks of computers. Communication of the ACM, 21 (12) , 1978: 993-1003.
[36] Dening D E, Sacco G M. Timestamps in key distribution protocols. Communication of the ACM, 24(8) , 1978: 553-536.
[37] Bellovin S M, Merrit M. Limittation of the Kerberos authentication system. Computer Communication Review, 20(5) , 1990: 119-132.
[38] Burrows M, Abadi M, Needham R M. A Logic of authentication. ACM Transaction on Computer System, 8(1) , 1990: 18-36.
[39] Kohl J T, Neuman B C, Ts'o T Y. The evolution of the Kerberos authentication service, Internet Draft, to appear in IEEE Computer Society Press book edited by Brazier F and Johansen D.
[40] Shieh S P, Yang W H. An authentication and key distribution system for open network system. ACM Operating Systems Review, 30 (2) ,1996: 32-41.
[41] Gong L. Using one-way function for authentication. ACM Computer Communication Review, 19(15) , 1989: 8-11.
[42] Bird R, Gopal I etc. The KryptoKnight family of light-weight protocols for authentication and key distribution. IEEE Transaction on Networking, 3(1) , 1995: 31-34.
[43] Bird R, Gopal I etc. Systematic design of two-way authentication protocols. In "Advances in Cryptology-CRYPTO'91", Feigenbaum J ed., LNCS 576, Berlin: Springer-Verlag, 1991: 44-61.
[44] Bird R, Gopal I etc. Systematic design of family of attack-resistant authentication protocols. IEEE Journal of Selected Areas Communications, Vol. 11,1993: 679-693.
[45] Diffe W, Oorcshot P C, Wiener M J. Authentication and authenticated key exchanged. Designs, Codes and Cryptography, No 2,1992:107-125.
[46] Shamir A. Identity-based cryptosystem and signature schemes. In "Advances in Cryptology-CRYPTO'84" Chaum D, LNCS 196, Berlin : Springer-Verlag 1984: 47-53.
[47] Koyama K, Ohta K. Identity-based conference key distribution systems. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 175-184.
[48] Koyama K, Ohta K. Security of improved Identity-based conference key distribution systems. In "Advances in Cryptology-EUROCRYPT'88", Gunther C G Ed., LNCS 330, Berlin: Springer-Verlag, 1988: 11-19.
[49] Tsujil S, Chao T, Araki K. A simple ID-base schemes for key sharing. IEEE Journal on Selected Areas in Communications, 11 (5) , 1993: 730-734.
[50] Okamoto E, Tanaka K. Key distribution system based on identification information. IEEE Journal on Selected Areas in Communications , 7(4) , 1989: 481-485.
[51] Tsujil S, Ithoh T. An ID-based cryptosystem based the discrete logarithm problem. IEEE Journal on Selected Areas in Communications 7(4) , 1989: 467-473.
[52] Okamoto E. Key distribution system based on identification information. In "Advances in Cryptology-CRYPTO '88", Goldwasser S ed., LNCS 0403,1988: 194-202.
[53] Matsumoto T, Imai H. On the key distribution sytem: apratical solution to the key distribution problem. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 185-193.
[54] Koyama K. Identity-based conference key distribution system. .In "Advances in Cryptology-CRYPTO'87", Pomerance, C ed., LNCS 293,1987: 175-184. 495-496.
[55] Koyama K. Secure conference key distribution system for conspiracy attack. In "Advances in Cryptology-EUROCRYPT '92", Rainer A. Rueppel R A ed.,LNCS 658, 1992: 449-453.
[56] Yacobi Y. Attack on the Koyama-Ohta identity based key distribution scheme. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 429-433.
[57] Jiwa A, Hardjono T, Seberry J. Beacns for authentication in distribution systems. Journal of Computer Security, No. 4, 1996: 81-96.
[58] Tardo J J, Alagappan K. SPX: Global authentication using public key certificates. In "Proceedings of IEEE Symposium Reseach in Security and Privacy". IEEE CS Press, 1991: 232-244.
[59] Woo T Y C, Lam S S. Authentication for distributed systems. Computer, 25(1) ,1992: 39-52.
[60] Hardjono T, Seberry J. Authentication via multi-service Tickets in the Kuperee Server. In "The 3rd European Symposium on Research in Computer Security-ESORICS'94, Gollmann D ed., LNCS 875, Berlin: Springer-Verlag, 1994: 143-160.
[61] Draft Recommendation X. 509, The Directory-authentication framework, version 7, Gloucceester.
[62] Aziz A, Diffie W. Privacy and authentication for Wireless local area networks. IEEE Personal Communication Magazine, First quarter,1994: 25-31.
[63] Chaum D. Untraceable electronic mail, return addresses, and didgital pseudonyms. Communications of the ACM 24(2) , 1981: 84-88.
[64] Pfitzmann A, Waidner M. Networks without user observability. Computer&Security, 6(2) , 1987:158-166.
[65] Kesdogan D, Egner J, Buschkes R. Stop-and-go-MIXes providing probabilistic anonymity in an open system. In "The 2nd Information Hiding Workshop-IHW'98, Aucsmih D ed., LNCS 1525,1998: 83-98.
[66] Federrath H, Jerichow A, Kesdogan D, etc. Minimizing the average cost of paging on the air interface-an approach considering privacy. In "Proceedings IEEE 47th Aunual International Vehicular Technology Conference-VTC'97", Phoenix, Arizona, 1997. Available at http://www. dirk-trossen. de / Research/publications.html.
[67] Hoff S, Jakobs K, Kesdogan. Secure location management in UMTS. In "Communications and Multimedia Security-Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security", at Essen, Germany, September 1996, Chapman &Hall, ISBN 0-412-79780-1.
[68] Kesdogan D, Federrath H, Jerichow A, Pfitzmann A. Location management strategies increasing privacy in mobile communication systems. In "IFIP SEC'96,12th International Information Security Conference", May 1996: 39-48.
[69] Kesdogan D, Fouletier X. Secure location information management in cellular radio systems. In "IEEE Wireless Communication Systems Symposium WCSS'95-Wireless Trends in 21st Centurf, New York, 1995: 35-40.
[70] Federrath H, Jerichow A, Kesdogan D, Pfitzmann A. Security in public mobile communication networks. In "Proceedings of the IFIP TC6 International Workshop on Personal Wireless Communications", Prague(Czech Republic),April 1995:105-116.
[71] Chaum D. The Dining Cryptographers Problem: unconditional sender and recipient untraceability. J. Cryptology, 1(1) , 1988:65-75.
[72] Cooper D A, Birman K P. Preserving Privacy in network of mobile computer. In "1995 Symposium on Research in Security and Privacy", IEEE Computer Society Press, Los Alamitos, 1995: 26-38.
[73] Claessens J, Preneel B, Vandewalle J. Solution for anonymous communication on the Internet. In "Proc. of the IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology", Madrid, Spain, October 5-7, 1999: 298-303.
[74] Syverson P F, Reed M G, Goldschlag D M, Onion routing access configurations. In "DISCEX 2000: Proceedings of the DARPA Information Survivability Conference and Exposition", Hilton Head, SC, IEEE CS Press, January 2000: 34-40.
[75] Syverson P, Tsudik G, Reed M, Landwerhr C. Towards an analysis of onion routing security. In "Workshop on Design Issues in Anonymity and Unobservability", LNCS 2009, 2000 : 96-114.
[76] Dean D, Felten E W. Secure mobile code: where do we go from here. In: "the DARPA Workshop on Foundations for Secure Mobile Code". Monterey, California, 1997. 15-18.
[77] Sander T, Tschudin C F. Towards mobile cryptography. In: "Proceedings of the IEEE Symposium on Security and Privacy". Oakland, 1998: 215-224.
[78] Hohl F. Mobile agent security and reliability. In: "Proceedings of the 9th International Symposium on Software Reliability Engineering", Paderborn, Germany, 1998: 181.
[79] Vernam G S. Cipher printing telegraph system for secret wire and radio telegraph communications. Journal American Institute of Electrical Engineers, Vol. XLV: 1926. 109-115
[80] Rueppel R A. Stream ciphers. In "Contemporary Cryptography: The Science of Information Integrity, Simmons G J(Ed) IEEE Press, 1991: 65-134.
[81] Simmons G J. A survey of information authentication. In "Contemporary-Cryptology: The Science of Information Integrity". Simmons G J(Ed) IEEE Press, 1991: 381-419.
[82] Bleichenbacher D, Maurer U M. Directed cyclic graphs, one-way functions and digital signatures. In "Advances in Cryptology-Crypto'94", Desmedt Y ed., LNCS 839, Berlin: Springer-Verlag, 1994: 10-18.
[83] Merkle R. A certified digital signature. In "Advances in Cryptology-Crypto'89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 218-238.
[84] Rabin M O. Digitalized signatures and public-key functions as intractable asfactoriztion. Technical Report MIT/LCS/TR-212, Massachusetts Insitute of Technology, Laboratory for Computer Science, Cambridge, MA, 1979.
[85] Fujioka A, Okamoto T, Miyaguchi S. ESIGN: an efficient digital signature implementation for smart cards. In "Advances in Cryptology-Eurocrypt'91", Davies D W ed., LNCS 547, Berlin: Springer-Verlag, 1991:446-457.
[86] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans, on Information Theory, IT-31(4) , 1985 : 469-472.
[87] Bleichenbacher D. Generating ElGamal signatures without knowing the secret key. In "Advances in Cryptology-Eurocrypt'96", Maurer U ed., LNCS 1070, Berlin: Springer-Verlag: 10-18.
[88] Agnew G B, Mull in R C, Vanstone S A. Common application protocols and their security characteristics. CALMOS CA34C168 Application Notes, U. S. Patent Number 4,745,568,1989.
[89] FIPS 186. Digital Signature Standard. Federal Information Proceeding Standard (FIPS), Publication 186, National Institute of Standard and Technology, US Department of Commerce, Washington D. C. 1994.
[90] Schnorr C P. Efficient identification and signatures for smart cards. In "Advances in Cryptology-Crypto'89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 239-252.
[91] De Win E, Preneel B. Elliptic curve public-key cryptosystems-an introduction. In "State of the Art in Applied Cryptography--COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin : Springer-Verlag, 1998: 132-142.
[92] Menezes A. Elliptic curve public-key cryptosystems. Kluwer Academic Publishers, 1993
[93] Quisquater J-J, Guillou L. A "paradoxical" identity-based signature scheme resulting from zero-knowledge. In "Advances in Cryptology-Crypto'88", Goldwasser S, ed., LNCS 403, Berlin: Springer-Verlag, 1988: 216-231.
[94] Okamoto T, Ohta K. A modification of the Fiat-Shame scheme. In "Advances in Cryptology-Crypto'88", Goldwasser S ed., LNCS 403, Berlin : Springer-Verlag, 1988: 232-243.
[95] Feige U, Fiat A, Shamir A. Zero knowledge proofs of identity. Journal of Cryptoloy, 1 (2) ,1988: 77-94.
[96] Okamoto T. Provably secure and pratical identification schemes and corresponding signature schemes. In "Advances in Cryptology-Crypto'92", Brickell E F ed., LNCS 740, Berlin: Springer-Verlag, 1992: 31-53.
[97] Chaum D, van Heyst D. Group signatures. In "Advances in Cryptology-Eurocrypto'91", Davies D W ed., LNCS 0547, Berlin: Springer-Verlag, 1991. 257-265.
[98] Chaum D. Designated confirmer signatures. Advances in Cryptology-Eurocrypto'94, Santis A D ed., LNCS 0950, Berlin: Springer-Verlag, 1994: 86-91.
[99] Wang D. Design&Analysis of Digital Signature Scheme. Master thesis, Xidian university, Xi'an China, 1996.
[100] Chen L. Oblivious signatures. In "Third European Symposium on Research in Computer Security-ESORICS"94", Dieter Gollmann D ed., Berlin: Springer-Verlag, 1994: 161-172.
[101] Chen L. Witness hiding proofs and Applications. DAIMI PB-177, Aarhus University, 1994.
[102] Chen L, Pedersen T P. New group signature schemes. In "Advances in Cryptology-Eurocrypto'94", Santis A D ed., LNCS 950, Berlin: Springer-Verlag, 1994: 171-181.
[103] Chen L, Burminster M. A pratical secret voting scheme, which allows voters to abstain. CHINACRYPT'94, Xidian, China 1994: 100-107.
[104] Chen L, Pedersen T P. On the efficiency of group signatures providing information-theoretic anonymity. In "Advances in Cryptology-Eurocrypto'95", Guillou L C, Quisquater J J ed., LNCS 0921, Berlin: Springer-Verlag, 1995: 39-49.
[105] Camenisch J. Efficient and generalized group signatures. In "Advances in Cryptology-Eurocrypto'97", Fumy W ed., LNCS 1233, Berlin: Springer-Verlag, 1997: 465-497.
[106] Petersen H. How to convert any digital signature scheme into a group signature scheme. In "Security Protocols Workshop", LNCS 1361, Berlin: Springer-Verlag , 1997: 177-190.
[107] Camenisch J, Stadler M. Efficient group signatures for large group. In "Advances in Cryptology-Crypto'97", Kaliski B ed., LNCS 1294, Berlin: Springer-Verlag, 1997: 465-497.
[108] Kim S, Park S, Won D. Group signature for hierarchical multigroups. In "Information Security Workshop-ISW'97", LNCS 1396[C], Berlin: Springer-Verlag, 1998: 273-281.
[109] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages. IEICE trans. Fundamentals, E97-A(9) , 1996: 1338-1354.
[110] Chaum D. Blind signaturees for untaceable payments. In "Advances in Cryptology-Crypto'82" Chaum D, Rivest R L, Sherman A T eds., Berlin: Springer-Verlag, 1982: 199-203.
[111] Chaum D. Bllinding for unticipated signatures. In "Advances in Cryptology-Crypto'87", Pomerance C ed., LNCS 0293, Berlin: Springer-Verlag, 1987: 227-233.
[112] Chaum D. Blind signature systems. U.S. Patent #4, 759,063,1988.
[113] Chaum D. Bllinding for unticipated signature systems. U.S. Patent #4, 759, 064,1988.
[114] Chaum D, van Antwerpen H. Undeniable signatures. In "Advances in Cryptology-Crypto'89",Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 212-216.
[115] Chaum D. Undeniable signature systems. U.S. Patent #4, 914, 698,1990
[116] Chaum D, van Heyst E, Pfitzmann B. Cryptographically strong undeniable signaturees, unconditionally secure for the signer. In "Advances in
Cryptology-Crypto'91", Feigenbaum J ed., LNCS 0576, Berlin: Springer-Verlag, 1991: 204-212.
[117] Preneel B. Analysis and design of cryptographic hash functions. Doctoral Disertation, Katheholieke Universiteit, K. U. Leuven, 1989.
[118] Preneel B, Govaerts R, Vandewall J. Cryptographically secure hash functions: an overview. ESAT Internal Report, K. U. Leuven, 1989.
[119] Preneel B, Govaerts R, Vandewall J. On the power of memory in the design of collision resistant hash functions. In "Advances in Cryptology-Auscrypt'92' Seberry J, Zheng Y eds., LNCS 718, Berlin: Springer-Verlag, 1992: 105-121.
[120] Preneel B, Govaerts R, Vandewall J. Hash functions based on block cipher: a synthetic approach. In "Advances in Cryptology-Crypto'93", Stinson D ed., LNCS 773 Berlin: Springer-Verlag, 1993:368-378.
[121] Lai X, Massey. Hash functions based on block ciphers. In "Advances in Cryptology-Crypto'92", Brickell E F ed., LNCS 658,Berlin: Springer-Verlag, 1992: 55-70.
[122] Damgard I B.A design principle for hash functions. In "Advances in Cryptology-Crypto,89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 416-427.
[123] Merkle R. One way hash functions and DBS. In "Advances in Cryptology-Crypto'93", Stinson D ed., LNCS 773 Berlin: Springer-Verlag, 1993: 428-446.
[124] Campbell C M Jr. Design and specification of cryptographic capabilities. Computer Security and the Data Encryption Standard, Branstad D K ed., NBS Special Publication 500-27, U. S. Department of Commerce, 1977: 54-66.
[125] ANSI X9. 9-1986. American National Standard for Financial Institution Massage Authentication, ANSI, New York.
[126] ANSI X9. 19. Financial Institution Retail Massage Authentication, American Bankers Association, 1986.
[127] FIPS 113. Computer Data Authentication. Federal Information Processing Standard, National Bureau of Standards, US Department of Commerce, Washington D.C, 1985.
[128] ISO 8731. Banking-approved algorithms for message authentication-Part 1:DEA, 1987. Part 2, Message Authentication Algorithm (MAA), 1987.
[129] ISO/IEC 9797. Information technology-Data cryptographic techniques-Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm. ISO/IEC, 1994.
[130] ISO/IEC 9796. Information technology-Security techniques-Part 1:Digital signature scheme giving message recovery, 1991, Part 2:Message Authentication Algorithm (MAA), 1987.
[131] Zheng Y. Digital signcryption or how to achieve cost(signature and encryption)< [132] Zheng Y. Signcryption and its application in efficient public key solutions. In "Proc. of Information Security Workshop-ISW'97", LNCS 1396, Berlin: Springer-Verlag,1998: 291-312.
[133] Bao F, Deng R H. A signcryption scheme with signature directly verifiable by public key. In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography-PKC'98", LNSC1431, Berlin: Springer-Verlag, 1998: 55-59.
[134] Gamage C, Leiwo J, Zheng Y. Encrypted message authentication by firewalls. In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography-PKC'99", LNCS 1560, Berlin: Springer-Verlag, 1999: 69-81.
[135] Seo M, Kim K. Electronic funds transfer protocol using domain-verifiable signcryption scheme. In "Proc. of International Conference on Information Security and Cryptology-ICISC'99", Song J ed., LNCS 1787, Berlin: Springer-Verlag, 2000: 269-277.
[136] Mitomi S, Miyaji A. A multisignature scheme with message flexibility, order flexibility and order verifiability. In "Proc. of 5th Australasian Conference on Information Security and Privacy-ACISP 2000", Dawson E, Clark A, Boyd C eds., LNCS 1811, Berlin: Springer-Verlag, 2000: 298-312.
[137] Miller V S. Use of elliptic curves in cryptography. In "Advances in Cryptology-Crypto'85", Williams H C ed., LNCS 218 Berlin: Springer-Verlag, 1985: 417-426.
[138] Koblitz N. Elliptic curve cryptosystems. Mathematics of Computation, 48(177) , 1987: 203-209.
[139] Zheng Y, Imai H. How to construct efficient signcryption schemes on elliptic curves. Elsevier Science-Information Processing Letters, 68,1998: 227-233.
[140] Zheng Y, Imai H. Compact and unforgeable key establishment over an ATM network. In "Proc. of 17th Annual Joint Conference of the IEEE Computer and Communications Societies--INFOCOM'98",1998: 411-418.
[141] ElGamal T. A public key crytosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory IT31 (4) , 1985,469-472.
[142] Syverson P F, Reed M G, Goldschlag D M. Private web browsing. Journal of Computer Security, 5(3) , 1997: 237-248.
[143] Goldberg I, Wagner D, TAZ server and the rewebber network-enabling anonymous publishing on the World Wide Web. Manuscript, May 1997, http:// www.cs.berkeley.edu/-daw/cs268/.
[ 144] Linn J, Kent S, Balenson D, Kaliski, B. Privacy Enhancement for Internet Electronic Mail, Parts Ⅰ-Ⅳ: key certification and related services. Tech. Reports. RFC 1421-1424, 1993.
[145] Guleu C. The anonymous e-mail conversation. Master's thesis, Eurecom Institute, France, June 1995.
[146] Gulcu C, Tsudik G. Mixing email with BABEL. In "Proc. of Symposium on Network and Distributed System Security", San Diego, IEEE Compote. Soc. Press, 1996:2-16.
[l47] Kikuchi H. Sender and recipient anonymous communication without public key cryptography, IPSJ SIG Notes, 98-CSEC-1,1998: 41-46.
[148] Martin Jr D M. A framework for local anonymity in the Internet. 1997. Available at http://cs-www.bu.edu/techreports/Home.html
[149] Goodrich M T. Efficient and security network routing Algorithm. Provisional patent filing, January 2001. Available at http: // www.cs. jhu. Edu /-goodrich /cgc/pubs/routing.pdf
[150] K. Zhang K. Efficient protocols for signing routing messages. In "Symposium on Network and Distributed Systems Security--NDSS '98"., San Diego, California, Internet Society, 1998. Available at http://www.isoc. org/isoc/conferences/ndss/98/ zhang. pdf
[151] Freedman M J. Design and analysis of an anonymous communications channel for the Free Haven Project, 2000. Available at http://theory.lcs.mit. edu/-cis/ cis-theses.html.
[152] Tschudin C F. Header hopping and packet mixers. ICCCN'2000. Oct 2000. In "Proc. of the 9th International Conference on Computer Communications and Nerworks": Las Vegas, Nevada.2000 : 316-319.
[153] Pfitzmann A, Pfitzmann B, Waidner M. ISDN-MIXes: Untraceable communication with very small bandwidth overhead. In "Proc. of GI/ITG Conference 'KommuniKation in verteilten Systemen'(Communication in Distributed Systems)", 1991, Mannheim, Informatik-Fachberichte LNCS 267, Berlin:Spring-Veriag, 1991:451-463.
[154] Samfat D, Molva R, Asokan N. Anonymity and untraceability in mobile networks. In "ACM International Conference on Mobile Computing and Networking", 1995. Available at http://www.semper.org/sirene/people/asokan/ research/index.html.
[155] Samfat D, Molva R, Asokan N. Untraceability in mobile networks. In "The First International Conference on Mobile Computing and Networking-MobiCom' 1995", New York, NY, USA, ACM Press, 1995: 26-36.
[156] Stajano F,Anderson R. The cocaine auction protocol:on the power of anonymous broadcast In "Proc. of Information Hiding, 3rd International Workshop-IH'99", Pfitzmann A ed., LNCS 1768, Berlin: Springer-Verlag 2000: 434. 447.
[157] Federrath H, Jerichow A, Pfitzmann A. MIXes in Mobile systems: location management with privacy. In "Proc. of Workshop on Information Hiding, 1st International Workshop-IH'96" Anderson R ed., LNCS 1174, Berlin :Springer-Verlag, 1996: 121-135.
[158] Fasbender A, Kesdogan D, Kubitz O. Analysis of security and Privacy in mobile IP. In "4th International Conference on Telecommunication Systems, Modelling and Analysis", Southern Methodist University, USA: ATSMA, 1996: 363-370.
[159] Dolev S, Ostrovsky R. Xor trees for efficient anonymous multicast and reception. In "Advances in Cryptology-Crypto '97", Kaliski B ed., LNCS 1294 Berlin: Springer-Verlag, 1997: 465-497.
[160] Fasbender A, Kesdogan D, Kubitz O. Variable and scalable Security,; protection of location information in mobile IP. In "46th IEEE Vehicular Technology Society Conference", Atlanta, March 1996. Available at http://citeseer.nj .nec.com /fasbender96variable.html.
[161] Reed M G, Syverson P F, Goldschlag D M, Protocols using anonymous connections: mobile applications. In "Proc. of 5th Security Protocols
International Workshop"LNCS 1361,Berlin: Springer-Verlag, 1997: 13-23.
[162] Asokan N. Anonymity in a mobile computing environment. In"Proc. of 1994 IEEE Workshop on Mobile Computing Systems and Applications", 1994:200-204.
[163] Bharghavan V. Secure wireless LANs, 1994 In "Proc. of the ACM Conference on Computers and Communications Security", 1994. Available at http://timely.crhc. uiuc.edu/Papers/ccs94. ps.gz.
[164] Bharghavan V, Ramamoorthy. Security issues in mobile communications. In "Proc. of the International Symposium on Autonomous Decentralized Systems", 1995. Availabe at http://uiuc.edu/Papers/isads95. ps.
[165] Federrath H. Protection in mobile communications. Multilateral Security in Communications. Rannenberg M G ed., Addison-Wesley-Longman, 1999:349-364.
[166] Freudenthal M, Heiberg S, Willemson. Personal security environment on palm PDA. In" Proc. of the 16th Annual Computer Security Applications-Conference--ACSAC'00", 2000. Availabe at http://ut.ee/-sven/acsac_smartpalm.ps.
[167] Lubinski A. Security issues in mobile database access. In "Proc. of the IFIP WG 11. 3 Twelfth Int. Conf. on Database Security", 1998. Available at http://wwwdb.informatik.unirostoc...uro_de.ps.
[168] Buttyan L, Hubaux J P. Accountable anonymous service usage in mobile communication systems. EPFL SSC Technique Report No SSC/1999/016.
[169] Lee S, Hong S, Yoon H, Cho Y. Accelerating key establishment protocols for mobile communication. In "The Fourth Australasian Conference on Information Security and Privacy--ACISP'99",LNCS 1587, 1999:51-63.
[170] Lubinski A. Database security meets mobile requirements. In "Proc. of the International Symposium on Database Technology & Software Engineering, WEB and Cooperative Systems-Intersymp 2000", Baden-Baden, August, 2-3, 2000. Available at http://wwwdb.informatik. uniros...intersymp.ps.
[171] Dingledine R, Freedman M J, Moluar D, The Free Haven Project: distributed anonymous storage servic. In "Proc. of the Workshop on Design Issues in Anonymity and Unobservability", 2000: 67-95.
[172] Molva R Samfat D, Tsudik G. Authentication of mobile users. IEEE Network, 1994: 26-34.
[173] Martin K M, Preneel B, Mitchell C J, Hitz H J, Horn G, Poliakova A, Howard P. Secure billing for mobile information services in UMTS. In "Proceedings of IS&N'98", 1998. http://esat.kuleuven.ac.be/cosic/as...isn98. ps.
[174] LaMaire R O, Kriahna A,Panian J, Bhagwat P. Wireless LANs and mobile networking: standard and future direction. IEEE Communications Magazine, 34(8) , Aug, 1996: 86-94.
[175] Bharghavan V. A Protocol for Authentication, Data and Location Privacy, and Accounting in Mobile Computing Environments, in "Proceedings of the ACM Conference on Computers and Communications Security", Fairfax, Virginia, November 1994. Available at http://seclab.anseo.dankook.ac.kr/...sec_PS.ps.
[176] Waider M, Pfitzmann B. The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability. In "Advances in Cryptology-EUROCRYPT'89", Quisquater J-J and Vandewalle J eds., LNCS 0434, Berlin: Springer-Verlag, 1989:690-690.
[177] von Solms S H, Sgeldenhuys J H. Managing multilevel security in a military intranet environment. Computer&Security, 18(3) , 1999:237-270.
[178] von Solms S.H, Sgeldenhuys J H. Collecting security baggage on the Internet. Computer&Security, 17 (4) , 1998: 337-345
[179] von Solms S H, Sgeldenhuys J H. Collecting security baggage on the Internet. Computer&Security, 17(4) , 1998:337-345.
[180] Boshoff W H, von Solms S H.A path context model for addressing security in potentially non_secure environments .Computer&Security, 8 (8) , 1989: 417-425.
[181] Goldschlag D M., Reed M G, Syverson P F. Hiding routing information.In: Information Hiding-First International Workshop, R.Anderson, ed.,LNCS 1174,Berlin:Springer-Verlag,1996:137-150.
[182] Syverson P F, Goldschlag D M, Reed M G. Anonymous connections and onion routing. IEEEJ. Selected Areas in Commun.16 (4) , 1998:482-494.
[183] Goldschlag D M, Reed M G, Syverson P F. Onion routing for anonymous and private Internet connections. Communications of ACM, 42(2) , 1999:39-42.
[184] Brands S. Untraceable off-line cash in wallet with observers. In "Advances in cryptology-Crypto'93", LNCS 773,Berlin: Springer-Verlag, 1993:302-318.
[185] Westhoff D, Schneider M, Unger C, Kaderali F . Methods for protecting a mobile agent's route. In "Proc. of the International Symposium on Database Technology & Software Engineering, WEB and Cooperative Systems-Intersymp 2000", 2000. Available at http://wwwdb.informatik. uni-rostock.de/-lubinski/artikel/intersymp. ps.
[186] Blaze M, Strauss M. Atomic proxy cryptography. ftp://ftp.research. att.com.
[187] Jakobsson M. On quorum controlled asymmetric proxy re-encryption .In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography--PKC'99", LNCS 1560, Berlin: Springer-Verlag, 1999:112-121.
[188] Colin G, Harrison C G, Chess D M, Kershenbaum A.Mobile agents: are they a good idea? Technical report: NY10598. IBM Research Division, T. J. Watson Research Center, Yorktown Height.March 1995. Available at URL http://www.research .ibm.com/massive/mobag.ps
[189] Vitck J, Tschudin C eds. Mobile object systems-towards the programmable Internet. In "2nd International Workshop-MOS'96", Linz, Austria, July 1996. Selected Presentations and Invited Papers. LNCS 1222, Berlin: Springe-Verlag, 1997.
[190] Diffie W, van Oorschot P C, Weiner M J. Authentication and authenticated key exchange. Designs, Codes and Cryptography,2(2) June 1992: 107-125.
[191] Macali S, Rackoff C, Sloan B. The notion of security for probabilistic cryptosystems. SIAM Journal on computing,17(2) 1998: 412-426.
[192] Wang X F, Yi X, Lam K Y, Okamoto E. Secure information-gathering agent for Internet trading. In: "Australian Workshop on Distributed Artificial Intelligence: Multi-agent system: theories, languages and applications". Brisbane, 1998: 183-193.
[193] Kotzanikolaou P, Katsirelos G, Chrissikopoulos V. Mobile agent for secure electronic transaction. In: "Recent Advance in Signal Processing and Communications", Mastorakis N E ed., Greece: World Scientific & Engineering Society Press, 1999: 363-368.
[194] Westhoff D, Schneider M, Unger C, Kaderali F. Protecting a mobile agent's route against collusions. In: "Sixth Annual Workshop on Selected Areas in Cryptography-SAC'99". LNCS 1758,Berlin: Springer-Verlag, 2000: 215-225.
[195] Bellare M, Miner S K. A forward-secure digital signature scheme, In "Advance in Cryyptology-Crypto'99", LNCS 1666 ,Winener M ed., Berlin: Springer-Verlag, 1999:431-448.
[196] Bellare M, Rogaway P, The exact security of digital signatures-how to sign with RSA and Rabin, In "Advance in Crypotology-Eurocrypt '96",LNCS 1070, Maurer U ed., Berlin:Springer-Verlag,1996:399-416.
[197] Funfrocken S, Protecting mobile web-commerce agents with SmartCards, In "Proc. of the First International Symposium on Agent Systems and Applications and Third
International Symposium on Mobile Agents", Palm Springs California: Institute of Electrical and Electronics Engineers, Inc, 1999: 90-102.
[198] Lysyanskaya A, Ramzon Z A, Group blind digital signature: a scalable solution to electronic cash, In "Proc. of 2nd International Conference on Finance Crypto-FC'98", LNCS 1465, Berlin: Springer-Verlag, 1998: 184-197.
[199] Zhang K. Threshold proxy signature schemes, In "Proc. of 1st International Workshop on Information Security-ISW'97", LNCS 1396, Berlin: Springer-Verlag, 1997: 282-290.
[200] Ghodsi H, Pieprzyk J, Repudiation of cheating and non-repudiation of zhang's proxy signature schemes In "Proc. of 4th Australasian Conference on Information Security and Privacy-ACISP'99" LNCS 1587, Berlin: Springer-Verlag 1999: 129-134.
[201] Blaze M, Beumer G, Strauss M, Divertible protocols and atomic proxy cryptography, In "Workshop on the Theory and Application of Cryptograph Techniques--EUROCRYPT'98", LNCS 1403, Berlin: Springer-Verlag 1998: 127-144.
[202] Camenisch J, Michels M. A group signature with improved efficiency, In "Proc. of International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT'98", LNCS 1514, Berlin: Springer-Verlag, 1998, Berlin: Springer-Verlag 1998: 160-174.
[203] Franklin M, Yung M. Secure and efficient off-line digital money. "Proc. of 12th International Colloquium on Automata, Languages and Programming-ICALP'93", LNCS 700, Berlin: Springer-Verlag 1993: 265-276.
[204] Pedersen T P. Electronic payments of small amounts. In "Security Protocols'96". LNCS 1189, Berlin: Springer-Verlag, 1996: 59-68.
[205] Hanaoka G, Zheng Y, Imai H. LITESET: a light-weight secure electronic transaction protocol. In "Information Security and Privacy-ACISP '98". LNCS 1438, Berlin: Springer-Verlag, 1998: 215-226.
[206] Josep D F, Jordi H J. Spending programs: a tool for flexible micropayments. In "International Information Security Workshop-ISW'99". LNCS 1729, Springer-Verlag, 1999: 1-13.
[207] Mao W. Lightweight Micro cash for the Internet. In "European Symposium on Research in Computer Security-ESORICS'96", LNC S 1146, Berlin: Springer-Verlag, 1996: 15-32.
[208] Rivest R L.. Electronic lottery tickets as micropayments. In "Financial Cryptography'97", LNCS 1318, Berlin: Springer-Verlag, 1997: 307-314.
[209] Horn G, Preneel B. Authentication and payment in future mobile systems. In "European Symposium on Research in Computer Security-ESORICS'98". LNCS 1485, Springer-Verlag, 1998:277-293.
[210] Park D G, Boyd C, Moon S J. Forward secrecy and its application to future mobile communications security. In "Public Key Cryptosystems-PKC2000". LNCS 1751, Berlin: Springer-Verlag 2000: 433-445.
[211] Rivest R L, Shamir A. Payword and microMint: two simple micropayment schemes. In "Security Protocols'96", LNCS 1189, Berlin: Springer-Verlag, 1996: 69-88.
[212] Zhou J Y, Lam K Y. A secure pay-per view scheme for web-based video service. In "Public Key Cryptography-PKC'99". LNCS 1560, Berlin: Springer-Verlag, 1999: 315-326.
[213] Jutla C, Yung M. PayTree: "amortized-signature" for flexible micro payments. In "Proc. of the Second USENIX Workshop on Electronic Commerce", USENIX, 1996: 213-221.
[214] Bellare M, Garary J, Hauser R, etc. Design, implementation, and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication, 18(4) , 2000: 611-627.
[215] Hasnsser R, Steiner M, Waidner M. Micro-payments base on iKP. In "Proceedings of 14th Worldwide Congress on Computer and Communications Security Protection", C.N.I.T Paris-La Defense, France, 1996: 67-82.
[2] 吴世忠,祝世雄,张文政等译.应用密码学——协议、算法与C源程序.Bruce Schneier著,北京,机械工业出版社,2000.
[3] 王育民,何大可.保密学——基础与应用.西安,西安电子科技大学出版社,1990.
[4] 王育民,刘建伟.通信网的安全——理论与技术.西安,西安电子科技大学出版社,1999.
[5] Menezes A J, Van Oorschot P C, Vanstone S A. The Handbook of Applied Cryptography. New York, CRC Press, 1996.
[6] Stallings W. Cryptography and Network Security. Second Edition. New Jersey, Prentice Hall, 1998.
[7] Preneel B. Cryptographic primitives for information authentication --state of the art. In "State of the Art in Applied Cryptography—— COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin : Springer-Verlag, 1998: 49-104.
[8] Verschuren J. Security of computer networks. In"State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Pijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998:163-185.
[9] Fumy W. Internet security protocols. In "State of the Art in Applied Cryptography COSIC'97 Course", Preneel B, Rijmen Veds., LNCS 1528, Berlin: Springer-Verlag, 1998:186-208.
[10] Vandenwauver M, Jorissen F. Securing Internet electronic mail. In"State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998: 209-223.
[11] Preneel B, Rijmen V, Bosselaers A. Recent developments in the design of conventional cryptographic algorithms. In "State of the Art in Applied Cryptography——COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin: Springer-Verlag, 1998: 105-130.
[12] 谢希仁.计算机网络.大连,大连理工大学出版社,1989.
[13] Bertsekas, D, Gallager R. Data network(Second edition), International Editions. Prentice-Hall, 1999.
[14]熊桂喜,王小虎等译.计算机网络(第三版).清华大学出版社,1998.
[15]杨世平等.SDH光同步数字传输设备与工程应用.人民邮电出版社,2000.
[16]Diffie W. Network security——problems and approaches, in"Proceedings of the National Communication Forum", 1984: 292-314.
[17]Hearnder (Ed). A Handbook of Computer Security. Kogan Page limited, 1987.
[18]Nessett D M. Factors affecting distributed system security. In "Proceedings of IEEE Symposium on Security and Privacy",1996: 204-222.
[19]Walker S T. Network security overview. In "Proceedings of the 1985 Syposium on Security and Privacy",IEEE Computer Society, 1985: 62-67.
[20]Parcker T A. Secuity in open system——a report on the standard work of ECMA's TC32/TGg. Proceedings of 10th National Computer Security Conference, 1987: 21-24.
[21]王晓鸣.分布式系统中的安全访问控制.通信保密,No.4,1996:16-21.
[22]ISO International Standard 7498, Open systems interconnection basic reference Model, 1983.
[23]Open systems interconnection basic reference model, Part 1:Basic reference model, ISO 7498-1(CCITT X. 200),Melbourne, 1988.
[24]ISO international standard 7498-2, Open systems interconnection basic reference model-part 2: security architecture.
[25]Verschuren J, Govaerts R, Vandewalle J. ISO-OSI security architecture, Computer Security and Industrial Cryptography, LNCS ESAT Course, Belgium, 1991: 179-192.
[26]Fumy W. (Local Area) Network security. Computer Security and Industrial Cryptography, LNCS EAST Course, Belgium, 1991: 211-226.
[27]Martin D M. Local anonymity in the Internet (Dissertation). Boston University Graduate School of arts and Sciences: 4.
[28]Shannon C E. A mathematical theory of communication. Bell System Technical Journal, 27, 1948: 379-423, 623-656.
[29]Shannon C E. Communication theory of secrecy systems. Bell System Technical Journal, 28,1949: 656-715.
[30]Diffie W, Hellman M E. New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 1976:644-654.
[31]Rivest R L, Shamir A, Adleman. A method for obtaining digital signatures
and public-key cryptosysteras. Communications of the ACM, 21 (2) , 1978: 120-126.
[32] Rivest R L. Cryptography. Handbook of Theoretical Computer Science, van Leeuwen J ed., Elsevier, 1990: 717-755.
[33] Gong L. Optimal Authentication protocols resistant to password guessing attacks. In "Proceedings of IEEE Computer Security Foundations Workshop Ⅷ", IEEE Press, 1995: 24-29.
[34] Neuman B C, Theodore Ts. A authentication service for compute network. IEEE Communication Magazine, 32(9) , 1994: 33-38.
[35] Needham R M, Schroder M D. Using encryption authentication in large networks of computers. Communication of the ACM, 21 (12) , 1978: 993-1003.
[36] Dening D E, Sacco G M. Timestamps in key distribution protocols. Communication of the ACM, 24(8) , 1978: 553-536.
[37] Bellovin S M, Merrit M. Limittation of the Kerberos authentication system. Computer Communication Review, 20(5) , 1990: 119-132.
[38] Burrows M, Abadi M, Needham R M. A Logic of authentication. ACM Transaction on Computer System, 8(1) , 1990: 18-36.
[39] Kohl J T, Neuman B C, Ts'o T Y. The evolution of the Kerberos authentication service, Internet Draft, to appear in IEEE Computer Society Press book edited by Brazier F and Johansen D.
[40] Shieh S P, Yang W H. An authentication and key distribution system for open network system. ACM Operating Systems Review, 30 (2) ,1996: 32-41.
[41] Gong L. Using one-way function for authentication. ACM Computer Communication Review, 19(15) , 1989: 8-11.
[42] Bird R, Gopal I etc. The KryptoKnight family of light-weight protocols for authentication and key distribution. IEEE Transaction on Networking, 3(1) , 1995: 31-34.
[43] Bird R, Gopal I etc. Systematic design of two-way authentication protocols. In "Advances in Cryptology-CRYPTO'91", Feigenbaum J ed., LNCS 576, Berlin: Springer-Verlag, 1991: 44-61.
[44] Bird R, Gopal I etc. Systematic design of family of attack-resistant authentication protocols. IEEE Journal of Selected Areas Communications, Vol. 11,1993: 679-693.
[45] Diffe W, Oorcshot P C, Wiener M J. Authentication and authenticated key exchanged. Designs, Codes and Cryptography, No 2,1992:107-125.
[46] Shamir A. Identity-based cryptosystem and signature schemes. In "Advances in Cryptology-CRYPTO'84" Chaum D, LNCS 196, Berlin : Springer-Verlag 1984: 47-53.
[47] Koyama K, Ohta K. Identity-based conference key distribution systems. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 175-184.
[48] Koyama K, Ohta K. Security of improved Identity-based conference key distribution systems. In "Advances in Cryptology-EUROCRYPT'88", Gunther C G Ed., LNCS 330, Berlin: Springer-Verlag, 1988: 11-19.
[49] Tsujil S, Chao T, Araki K. A simple ID-base schemes for key sharing. IEEE Journal on Selected Areas in Communications, 11 (5) , 1993: 730-734.
[50] Okamoto E, Tanaka K. Key distribution system based on identification information. IEEE Journal on Selected Areas in Communications , 7(4) , 1989: 481-485.
[51] Tsujil S, Ithoh T. An ID-based cryptosystem based the discrete logarithm problem. IEEE Journal on Selected Areas in Communications 7(4) , 1989: 467-473.
[52] Okamoto E. Key distribution system based on identification information. In "Advances in Cryptology-CRYPTO '88", Goldwasser S ed., LNCS 0403,1988: 194-202.
[53] Matsumoto T, Imai H. On the key distribution sytem: apratical solution to the key distribution problem. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 185-193.
[54] Koyama K. Identity-based conference key distribution system. .In "Advances in Cryptology-CRYPTO'87", Pomerance, C ed., LNCS 293,1987: 175-184. 495-496.
[55] Koyama K. Secure conference key distribution system for conspiracy attack. In "Advances in Cryptology-EUROCRYPT '92", Rainer A. Rueppel R A ed.,LNCS 658, 1992: 449-453.
[56] Yacobi Y. Attack on the Koyama-Ohta identity based key distribution scheme. In "Advances in Cryptology-CRYPTO'87", Pomerance C, ed., LNCS 196, Berlin: Springer-Verlag, 1987: 429-433.
[57] Jiwa A, Hardjono T, Seberry J. Beacns for authentication in distribution systems. Journal of Computer Security, No. 4, 1996: 81-96.
[58] Tardo J J, Alagappan K. SPX: Global authentication using public key certificates. In "Proceedings of IEEE Symposium Reseach in Security and Privacy". IEEE CS Press, 1991: 232-244.
[59] Woo T Y C, Lam S S. Authentication for distributed systems. Computer, 25(1) ,1992: 39-52.
[60] Hardjono T, Seberry J. Authentication via multi-service Tickets in the Kuperee Server. In "The 3rd European Symposium on Research in Computer Security-ESORICS'94, Gollmann D ed., LNCS 875, Berlin: Springer-Verlag, 1994: 143-160.
[61] Draft Recommendation X. 509, The Directory-authentication framework, version 7, Gloucceester.
[62] Aziz A, Diffie W. Privacy and authentication for Wireless local area networks. IEEE Personal Communication Magazine, First quarter,1994: 25-31.
[63] Chaum D. Untraceable electronic mail, return addresses, and didgital pseudonyms. Communications of the ACM 24(2) , 1981: 84-88.
[64] Pfitzmann A, Waidner M. Networks without user observability. Computer&Security, 6(2) , 1987:158-166.
[65] Kesdogan D, Egner J, Buschkes R. Stop-and-go-MIXes providing probabilistic anonymity in an open system. In "The 2nd Information Hiding Workshop-IHW'98, Aucsmih D ed., LNCS 1525,1998: 83-98.
[66] Federrath H, Jerichow A, Kesdogan D, etc. Minimizing the average cost of paging on the air interface-an approach considering privacy. In "Proceedings IEEE 47th Aunual International Vehicular Technology Conference-VTC'97", Phoenix, Arizona, 1997. Available at http://www. dirk-trossen. de / Research/publications.html.
[67] Hoff S, Jakobs K, Kesdogan. Secure location management in UMTS. In "Communications and Multimedia Security-Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security", at Essen, Germany, September 1996, Chapman &Hall, ISBN 0-412-79780-1.
[68] Kesdogan D, Federrath H, Jerichow A, Pfitzmann A. Location management strategies increasing privacy in mobile communication systems. In "IFIP SEC'96,12th International Information Security Conference", May 1996: 39-48.
[69] Kesdogan D, Fouletier X. Secure location information management in cellular radio systems. In "IEEE Wireless Communication Systems Symposium WCSS'95-Wireless Trends in 21st Centurf, New York, 1995: 35-40.
[70] Federrath H, Jerichow A, Kesdogan D, Pfitzmann A. Security in public mobile communication networks. In "Proceedings of the IFIP TC6 International Workshop on Personal Wireless Communications", Prague(Czech Republic),April 1995:105-116.
[71] Chaum D. The Dining Cryptographers Problem: unconditional sender and recipient untraceability. J. Cryptology, 1(1) , 1988:65-75.
[72] Cooper D A, Birman K P. Preserving Privacy in network of mobile computer. In "1995 Symposium on Research in Security and Privacy", IEEE Computer Society Press, Los Alamitos, 1995: 26-38.
[73] Claessens J, Preneel B, Vandewalle J. Solution for anonymous communication on the Internet. In "Proc. of the IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology", Madrid, Spain, October 5-7, 1999: 298-303.
[74] Syverson P F, Reed M G, Goldschlag D M, Onion routing access configurations. In "DISCEX 2000: Proceedings of the DARPA Information Survivability Conference and Exposition", Hilton Head, SC, IEEE CS Press, January 2000: 34-40.
[75] Syverson P, Tsudik G, Reed M, Landwerhr C. Towards an analysis of onion routing security. In "Workshop on Design Issues in Anonymity and Unobservability", LNCS 2009, 2000 : 96-114.
[76] Dean D, Felten E W. Secure mobile code: where do we go from here. In: "the DARPA Workshop on Foundations for Secure Mobile Code". Monterey, California, 1997. 15-18.
[77] Sander T, Tschudin C F. Towards mobile cryptography. In: "Proceedings of the IEEE Symposium on Security and Privacy". Oakland, 1998: 215-224.
[78] Hohl F. Mobile agent security and reliability. In: "Proceedings of the 9th International Symposium on Software Reliability Engineering", Paderborn, Germany, 1998: 181.
[79] Vernam G S. Cipher printing telegraph system for secret wire and radio telegraph communications. Journal American Institute of Electrical Engineers, Vol. XLV: 1926. 109-115
[80] Rueppel R A. Stream ciphers. In "Contemporary Cryptography: The Science of Information Integrity, Simmons G J(Ed) IEEE Press, 1991: 65-134.
[81] Simmons G J. A survey of information authentication. In "Contemporary-Cryptology: The Science of Information Integrity". Simmons G J(Ed) IEEE Press, 1991: 381-419.
[82] Bleichenbacher D, Maurer U M. Directed cyclic graphs, one-way functions and digital signatures. In "Advances in Cryptology-Crypto'94", Desmedt Y ed., LNCS 839, Berlin: Springer-Verlag, 1994: 10-18.
[83] Merkle R. A certified digital signature. In "Advances in Cryptology-Crypto'89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 218-238.
[84] Rabin M O. Digitalized signatures and public-key functions as intractable asfactoriztion. Technical Report MIT/LCS/TR-212, Massachusetts Insitute of Technology, Laboratory for Computer Science, Cambridge, MA, 1979.
[85] Fujioka A, Okamoto T, Miyaguchi S. ESIGN: an efficient digital signature implementation for smart cards. In "Advances in Cryptology-Eurocrypt'91", Davies D W ed., LNCS 547, Berlin: Springer-Verlag, 1991:446-457.
[86] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans, on Information Theory, IT-31(4) , 1985 : 469-472.
[87] Bleichenbacher D. Generating ElGamal signatures without knowing the secret key. In "Advances in Cryptology-Eurocrypt'96", Maurer U ed., LNCS 1070, Berlin: Springer-Verlag: 10-18.
[88] Agnew G B, Mull in R C, Vanstone S A. Common application protocols and their security characteristics. CALMOS CA34C168 Application Notes, U. S. Patent Number 4,745,568,1989.
[89] FIPS 186. Digital Signature Standard. Federal Information Proceeding Standard (FIPS), Publication 186, National Institute of Standard and Technology, US Department of Commerce, Washington D. C. 1994.
[90] Schnorr C P. Efficient identification and signatures for smart cards. In "Advances in Cryptology-Crypto'89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 239-252.
[91] De Win E, Preneel B. Elliptic curve public-key cryptosystems-an introduction. In "State of the Art in Applied Cryptography--COSIC'97 Course", Preneel B, Rijmen V eds., LNCS 1528, Berlin : Springer-Verlag, 1998: 132-142.
[92] Menezes A. Elliptic curve public-key cryptosystems. Kluwer Academic Publishers, 1993
[93] Quisquater J-J, Guillou L. A "paradoxical" identity-based signature scheme resulting from zero-knowledge. In "Advances in Cryptology-Crypto'88", Goldwasser S, ed., LNCS 403, Berlin: Springer-Verlag, 1988: 216-231.
[94] Okamoto T, Ohta K. A modification of the Fiat-Shame scheme. In "Advances in Cryptology-Crypto'88", Goldwasser S ed., LNCS 403, Berlin : Springer-Verlag, 1988: 232-243.
[95] Feige U, Fiat A, Shamir A. Zero knowledge proofs of identity. Journal of Cryptoloy, 1 (2) ,1988: 77-94.
[96] Okamoto T. Provably secure and pratical identification schemes and corresponding signature schemes. In "Advances in Cryptology-Crypto'92", Brickell E F ed., LNCS 740, Berlin: Springer-Verlag, 1992: 31-53.
[97] Chaum D, van Heyst D. Group signatures. In "Advances in Cryptology-Eurocrypto'91", Davies D W ed., LNCS 0547, Berlin: Springer-Verlag, 1991. 257-265.
[98] Chaum D. Designated confirmer signatures. Advances in Cryptology-Eurocrypto'94, Santis A D ed., LNCS 0950, Berlin: Springer-Verlag, 1994: 86-91.
[99] Wang D. Design&Analysis of Digital Signature Scheme. Master thesis, Xidian university, Xi'an China, 1996.
[100] Chen L. Oblivious signatures. In "Third European Symposium on Research in Computer Security-ESORICS"94", Dieter Gollmann D ed., Berlin: Springer-Verlag, 1994: 161-172.
[101] Chen L. Witness hiding proofs and Applications. DAIMI PB-177, Aarhus University, 1994.
[102] Chen L, Pedersen T P. New group signature schemes. In "Advances in Cryptology-Eurocrypto'94", Santis A D ed., LNCS 950, Berlin: Springer-Verlag, 1994: 171-181.
[103] Chen L, Burminster M. A pratical secret voting scheme, which allows voters to abstain. CHINACRYPT'94, Xidian, China 1994: 100-107.
[104] Chen L, Pedersen T P. On the efficiency of group signatures providing information-theoretic anonymity. In "Advances in Cryptology-Eurocrypto'95", Guillou L C, Quisquater J J ed., LNCS 0921, Berlin: Springer-Verlag, 1995: 39-49.
[105] Camenisch J. Efficient and generalized group signatures. In "Advances in Cryptology-Eurocrypto'97", Fumy W ed., LNCS 1233, Berlin: Springer-Verlag, 1997: 465-497.
[106] Petersen H. How to convert any digital signature scheme into a group signature scheme. In "Security Protocols Workshop", LNCS 1361, Berlin: Springer-Verlag , 1997: 177-190.
[107] Camenisch J, Stadler M. Efficient group signatures for large group. In "Advances in Cryptology-Crypto'97", Kaliski B ed., LNCS 1294, Berlin: Springer-Verlag, 1997: 465-497.
[108] Kim S, Park S, Won D. Group signature for hierarchical multigroups. In "Information Security Workshop-ISW'97", LNCS 1396[C], Berlin: Springer-Verlag, 1998: 273-281.
[109] Mambo M, Usuda K, Okamoto E. Proxy signatures: delegation of the power to sign messages. IEICE trans. Fundamentals, E97-A(9) , 1996: 1338-1354.
[110] Chaum D. Blind signaturees for untaceable payments. In "Advances in Cryptology-Crypto'82" Chaum D, Rivest R L, Sherman A T eds., Berlin: Springer-Verlag, 1982: 199-203.
[111] Chaum D. Bllinding for unticipated signatures. In "Advances in Cryptology-Crypto'87", Pomerance C ed., LNCS 0293, Berlin: Springer-Verlag, 1987: 227-233.
[112] Chaum D. Blind signature systems. U.S. Patent #4, 759,063,1988.
[113] Chaum D. Bllinding for unticipated signature systems. U.S. Patent #4, 759, 064,1988.
[114] Chaum D, van Antwerpen H. Undeniable signatures. In "Advances in Cryptology-Crypto'89",Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 212-216.
[115] Chaum D. Undeniable signature systems. U.S. Patent #4, 914, 698,1990
[116] Chaum D, van Heyst E, Pfitzmann B. Cryptographically strong undeniable signaturees, unconditionally secure for the signer. In "Advances in
Cryptology-Crypto'91", Feigenbaum J ed., LNCS 0576, Berlin: Springer-Verlag, 1991: 204-212.
[117] Preneel B. Analysis and design of cryptographic hash functions. Doctoral Disertation, Katheholieke Universiteit, K. U. Leuven, 1989.
[118] Preneel B, Govaerts R, Vandewall J. Cryptographically secure hash functions: an overview. ESAT Internal Report, K. U. Leuven, 1989.
[119] Preneel B, Govaerts R, Vandewall J. On the power of memory in the design of collision resistant hash functions. In "Advances in Cryptology-Auscrypt'92' Seberry J, Zheng Y eds., LNCS 718, Berlin: Springer-Verlag, 1992: 105-121.
[120] Preneel B, Govaerts R, Vandewall J. Hash functions based on block cipher: a synthetic approach. In "Advances in Cryptology-Crypto'93", Stinson D ed., LNCS 773 Berlin: Springer-Verlag, 1993:368-378.
[121] Lai X, Massey. Hash functions based on block ciphers. In "Advances in Cryptology-Crypto'92", Brickell E F ed., LNCS 658,Berlin: Springer-Verlag, 1992: 55-70.
[122] Damgard I B.A design principle for hash functions. In "Advances in Cryptology-Crypto,89", Brassard G ed., LNCS 435, Berlin: Springer-Verlag, 1989: 416-427.
[123] Merkle R. One way hash functions and DBS. In "Advances in Cryptology-Crypto'93", Stinson D ed., LNCS 773 Berlin: Springer-Verlag, 1993: 428-446.
[124] Campbell C M Jr. Design and specification of cryptographic capabilities. Computer Security and the Data Encryption Standard, Branstad D K ed., NBS Special Publication 500-27, U. S. Department of Commerce, 1977: 54-66.
[125] ANSI X9. 9-1986. American National Standard for Financial Institution Massage Authentication, ANSI, New York.
[126] ANSI X9. 19. Financial Institution Retail Massage Authentication, American Bankers Association, 1986.
[127] FIPS 113. Computer Data Authentication. Federal Information Processing Standard, National Bureau of Standards, US Department of Commerce, Washington D.C, 1985.
[128] ISO 8731. Banking-approved algorithms for message authentication-Part 1:DEA, 1987. Part 2, Message Authentication Algorithm (MAA), 1987.
[129] ISO/IEC 9797. Information technology-Data cryptographic techniques-Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm. ISO/IEC, 1994.
[130] ISO/IEC 9796. Information technology-Security techniques-Part 1:Digital signature scheme giving message recovery, 1991, Part 2:Message Authentication Algorithm (MAA), 1987.
[131] Zheng Y. Digital signcryption or how to achieve cost(signature and encryption)<
[133] Bao F, Deng R H. A signcryption scheme with signature directly verifiable by public key. In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography-PKC'98", LNSC1431, Berlin: Springer-Verlag, 1998: 55-59.
[134] Gamage C, Leiwo J, Zheng Y. Encrypted message authentication by firewalls. In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography-PKC'99", LNCS 1560, Berlin: Springer-Verlag, 1999: 69-81.
[135] Seo M, Kim K. Electronic funds transfer protocol using domain-verifiable signcryption scheme. In "Proc. of International Conference on Information Security and Cryptology-ICISC'99", Song J ed., LNCS 1787, Berlin: Springer-Verlag, 2000: 269-277.
[136] Mitomi S, Miyaji A. A multisignature scheme with message flexibility, order flexibility and order verifiability. In "Proc. of 5th Australasian Conference on Information Security and Privacy-ACISP 2000", Dawson E, Clark A, Boyd C eds., LNCS 1811, Berlin: Springer-Verlag, 2000: 298-312.
[137] Miller V S. Use of elliptic curves in cryptography. In "Advances in Cryptology-Crypto'85", Williams H C ed., LNCS 218 Berlin: Springer-Verlag, 1985: 417-426.
[138] Koblitz N. Elliptic curve cryptosystems. Mathematics of Computation, 48(177) , 1987: 203-209.
[139] Zheng Y, Imai H. How to construct efficient signcryption schemes on elliptic curves. Elsevier Science-Information Processing Letters, 68,1998: 227-233.
[140] Zheng Y, Imai H. Compact and unforgeable key establishment over an ATM network. In "Proc. of 17th Annual Joint Conference of the IEEE Computer and Communications Societies--INFOCOM'98",1998: 411-418.
[141] ElGamal T. A public key crytosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory IT31 (4) , 1985,469-472.
[142] Syverson P F, Reed M G, Goldschlag D M. Private web browsing. Journal of Computer Security, 5(3) , 1997: 237-248.
[143] Goldberg I, Wagner D, TAZ server and the rewebber network-enabling anonymous publishing on the World Wide Web. Manuscript, May 1997, http:// www.cs.berkeley.edu/-daw/cs268/.
[ 144] Linn J, Kent S, Balenson D, Kaliski, B. Privacy Enhancement for Internet Electronic Mail, Parts Ⅰ-Ⅳ: key certification and related services. Tech. Reports. RFC 1421-1424, 1993.
[145] Guleu C. The anonymous e-mail conversation. Master's thesis, Eurecom Institute, France, June 1995.
[146] Gulcu C, Tsudik G. Mixing email with BABEL. In "Proc. of Symposium on Network and Distributed System Security", San Diego, IEEE Compote. Soc. Press, 1996:2-16.
[l47] Kikuchi H. Sender and recipient anonymous communication without public key cryptography, IPSJ SIG Notes, 98-CSEC-1,1998: 41-46.
[148] Martin Jr D M. A framework for local anonymity in the Internet. 1997. Available at http://cs-www.bu.edu/techreports/Home.html
[149] Goodrich M T. Efficient and security network routing Algorithm. Provisional patent filing, January 2001. Available at http: // www.cs. jhu. Edu /-goodrich /cgc/pubs/routing.pdf
[150] K. Zhang K. Efficient protocols for signing routing messages. In "Symposium on Network and Distributed Systems Security--NDSS '98"., San Diego, California, Internet Society, 1998. Available at http://www.isoc. org/isoc/conferences/ndss/98/ zhang. pdf
[151] Freedman M J. Design and analysis of an anonymous communications channel for the Free Haven Project, 2000. Available at http://theory.lcs.mit. edu/-cis/ cis-theses.html.
[152] Tschudin C F. Header hopping and packet mixers. ICCCN'2000. Oct 2000. In "Proc. of the 9th International Conference on Computer Communications and Nerworks": Las Vegas, Nevada.2000 : 316-319.
[153] Pfitzmann A, Pfitzmann B, Waidner M. ISDN-MIXes: Untraceable communication with very small bandwidth overhead. In "Proc. of GI/ITG Conference 'KommuniKation in verteilten Systemen'(Communication in Distributed Systems)", 1991, Mannheim, Informatik-Fachberichte LNCS 267, Berlin:Spring-Veriag, 1991:451-463.
[154] Samfat D, Molva R, Asokan N. Anonymity and untraceability in mobile networks. In "ACM International Conference on Mobile Computing and Networking", 1995. Available at http://www.semper.org/sirene/people/asokan/ research/index.html.
[155] Samfat D, Molva R, Asokan N. Untraceability in mobile networks. In "The First International Conference on Mobile Computing and Networking-MobiCom' 1995", New York, NY, USA, ACM Press, 1995: 26-36.
[156] Stajano F,Anderson R. The cocaine auction protocol:on the power of anonymous broadcast In "Proc. of Information Hiding, 3rd International Workshop-IH'99", Pfitzmann A ed., LNCS 1768, Berlin: Springer-Verlag 2000: 434. 447.
[157] Federrath H, Jerichow A, Pfitzmann A. MIXes in Mobile systems: location management with privacy. In "Proc. of Workshop on Information Hiding, 1st International Workshop-IH'96" Anderson R ed., LNCS 1174, Berlin :Springer-Verlag, 1996: 121-135.
[158] Fasbender A, Kesdogan D, Kubitz O. Analysis of security and Privacy in mobile IP. In "4th International Conference on Telecommunication Systems, Modelling and Analysis", Southern Methodist University, USA: ATSMA, 1996: 363-370.
[159] Dolev S, Ostrovsky R. Xor trees for efficient anonymous multicast and reception. In "Advances in Cryptology-Crypto '97", Kaliski B ed., LNCS 1294 Berlin: Springer-Verlag, 1997: 465-497.
[160] Fasbender A, Kesdogan D, Kubitz O. Variable and scalable Security,; protection of location information in mobile IP. In "46th IEEE Vehicular Technology Society Conference", Atlanta, March 1996. Available at http://citeseer.nj .nec.com /fasbender96variable.html.
[161] Reed M G, Syverson P F, Goldschlag D M, Protocols using anonymous connections: mobile applications. In "Proc. of 5th Security Protocols
International Workshop"LNCS 1361,Berlin: Springer-Verlag, 1997: 13-23.
[162] Asokan N. Anonymity in a mobile computing environment. In"Proc. of 1994 IEEE Workshop on Mobile Computing Systems and Applications", 1994:200-204.
[163] Bharghavan V. Secure wireless LANs, 1994 In "Proc. of the ACM Conference on Computers and Communications Security", 1994. Available at http://timely.crhc. uiuc.edu/Papers/ccs94. ps.gz.
[164] Bharghavan V, Ramamoorthy. Security issues in mobile communications. In "Proc. of the International Symposium on Autonomous Decentralized Systems", 1995. Availabe at http://uiuc.edu/Papers/isads95. ps.
[165] Federrath H. Protection in mobile communications. Multilateral Security in Communications. Rannenberg M G ed., Addison-Wesley-Longman, 1999:349-364.
[166] Freudenthal M, Heiberg S, Willemson. Personal security environment on palm PDA. In" Proc. of the 16th Annual Computer Security Applications-Conference--ACSAC'00", 2000. Availabe at http://ut.ee/-sven/acsac_smartpalm.ps.
[167] Lubinski A. Security issues in mobile database access. In "Proc. of the IFIP WG 11. 3 Twelfth Int. Conf. on Database Security", 1998. Available at http://wwwdb.informatik.unirostoc...uro_de.ps.
[168] Buttyan L, Hubaux J P. Accountable anonymous service usage in mobile communication systems. EPFL SSC Technique Report No SSC/1999/016.
[169] Lee S, Hong S, Yoon H, Cho Y. Accelerating key establishment protocols for mobile communication. In "The Fourth Australasian Conference on Information Security and Privacy--ACISP'99",LNCS 1587, 1999:51-63.
[170] Lubinski A. Database security meets mobile requirements. In "Proc. of the International Symposium on Database Technology & Software Engineering, WEB and Cooperative Systems-Intersymp 2000", Baden-Baden, August, 2-3, 2000. Available at http://wwwdb.informatik. uniros...intersymp.ps.
[171] Dingledine R, Freedman M J, Moluar D, The Free Haven Project: distributed anonymous storage servic. In "Proc. of the Workshop on Design Issues in Anonymity and Unobservability", 2000: 67-95.
[172] Molva R Samfat D, Tsudik G. Authentication of mobile users. IEEE Network, 1994: 26-34.
[173] Martin K M, Preneel B, Mitchell C J, Hitz H J, Horn G, Poliakova A, Howard P. Secure billing for mobile information services in UMTS. In "Proceedings of IS&N'98", 1998. http://esat.kuleuven.ac.be/cosic/as...isn98. ps.
[174] LaMaire R O, Kriahna A,Panian J, Bhagwat P. Wireless LANs and mobile networking: standard and future direction. IEEE Communications Magazine, 34(8) , Aug, 1996: 86-94.
[175] Bharghavan V. A Protocol for Authentication, Data and Location Privacy, and Accounting in Mobile Computing Environments, in "Proceedings of the ACM Conference on Computers and Communications Security", Fairfax, Virginia, November 1994. Available at http://seclab.anseo.dankook.ac.kr/...sec_PS.ps.
[176] Waider M, Pfitzmann B. The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability. In "Advances in Cryptology-EUROCRYPT'89", Quisquater J-J and Vandewalle J eds., LNCS 0434, Berlin: Springer-Verlag, 1989:690-690.
[177] von Solms S H, Sgeldenhuys J H. Managing multilevel security in a military intranet environment. Computer&Security, 18(3) , 1999:237-270.
[178] von Solms S.H, Sgeldenhuys J H. Collecting security baggage on the Internet. Computer&Security, 17 (4) , 1998: 337-345
[179] von Solms S H, Sgeldenhuys J H. Collecting security baggage on the Internet. Computer&Security, 17(4) , 1998:337-345.
[180] Boshoff W H, von Solms S H.A path context model for addressing security in potentially non_secure environments .Computer&Security, 8 (8) , 1989: 417-425.
[181] Goldschlag D M., Reed M G, Syverson P F. Hiding routing information.In: Information Hiding-First International Workshop, R.Anderson, ed.,LNCS 1174,Berlin:Springer-Verlag,1996:137-150.
[182] Syverson P F, Goldschlag D M, Reed M G. Anonymous connections and onion routing. IEEEJ. Selected Areas in Commun.16 (4) , 1998:482-494.
[183] Goldschlag D M, Reed M G, Syverson P F. Onion routing for anonymous and private Internet connections. Communications of ACM, 42(2) , 1999:39-42.
[184] Brands S. Untraceable off-line cash in wallet with observers. In "Advances in cryptology-Crypto'93", LNCS 773,Berlin: Springer-Verlag, 1993:302-318.
[185] Westhoff D, Schneider M, Unger C, Kaderali F . Methods for protecting a mobile agent's route. In "Proc. of the International Symposium on Database Technology & Software Engineering, WEB and Cooperative Systems-Intersymp 2000", 2000. Available at http://wwwdb.informatik. uni-rostock.de/-lubinski/artikel/intersymp. ps.
[186] Blaze M, Strauss M. Atomic proxy cryptography. ftp://ftp.research. att.com.
[187] Jakobsson M. On quorum controlled asymmetric proxy re-encryption .In "Proc. of International Workshop on Practice and Theory in Public Key Cryptography--PKC'99", LNCS 1560, Berlin: Springer-Verlag, 1999:112-121.
[188] Colin G, Harrison C G, Chess D M, Kershenbaum A.Mobile agents: are they a good idea? Technical report: NY10598. IBM Research Division, T. J. Watson Research Center, Yorktown Height.March 1995. Available at URL http://www.research .ibm.com/massive/mobag.ps
[189] Vitck J, Tschudin C eds. Mobile object systems-towards the programmable Internet. In "2nd International Workshop-MOS'96", Linz, Austria, July 1996. Selected Presentations and Invited Papers. LNCS 1222, Berlin: Springe-Verlag, 1997.
[190] Diffie W, van Oorschot P C, Weiner M J. Authentication and authenticated key exchange. Designs, Codes and Cryptography,2(2) June 1992: 107-125.
[191] Macali S, Rackoff C, Sloan B. The notion of security for probabilistic cryptosystems. SIAM Journal on computing,17(2) 1998: 412-426.
[192] Wang X F, Yi X, Lam K Y, Okamoto E. Secure information-gathering agent for Internet trading. In: "Australian Workshop on Distributed Artificial Intelligence: Multi-agent system: theories, languages and applications". Brisbane, 1998: 183-193.
[193] Kotzanikolaou P, Katsirelos G, Chrissikopoulos V. Mobile agent for secure electronic transaction. In: "Recent Advance in Signal Processing and Communications", Mastorakis N E ed., Greece: World Scientific & Engineering Society Press, 1999: 363-368.
[194] Westhoff D, Schneider M, Unger C, Kaderali F. Protecting a mobile agent's route against collusions. In: "Sixth Annual Workshop on Selected Areas in Cryptography-SAC'99". LNCS 1758,Berlin: Springer-Verlag, 2000: 215-225.
[195] Bellare M, Miner S K. A forward-secure digital signature scheme, In "Advance in Cryyptology-Crypto'99", LNCS 1666 ,Winener M ed., Berlin: Springer-Verlag, 1999:431-448.
[196] Bellare M, Rogaway P, The exact security of digital signatures-how to sign with RSA and Rabin, In "Advance in Crypotology-Eurocrypt '96",LNCS 1070, Maurer U ed., Berlin:Springer-Verlag,1996:399-416.
[197] Funfrocken S, Protecting mobile web-commerce agents with SmartCards, In "Proc. of the First International Symposium on Agent Systems and Applications and Third
International Symposium on Mobile Agents", Palm Springs California: Institute of Electrical and Electronics Engineers, Inc, 1999: 90-102.
[198] Lysyanskaya A, Ramzon Z A, Group blind digital signature: a scalable solution to electronic cash, In "Proc. of 2nd International Conference on Finance Crypto-FC'98", LNCS 1465, Berlin: Springer-Verlag, 1998: 184-197.
[199] Zhang K. Threshold proxy signature schemes, In "Proc. of 1st International Workshop on Information Security-ISW'97", LNCS 1396, Berlin: Springer-Verlag, 1997: 282-290.
[200] Ghodsi H, Pieprzyk J, Repudiation of cheating and non-repudiation of zhang's proxy signature schemes In "Proc. of 4th Australasian Conference on Information Security and Privacy-ACISP'99" LNCS 1587, Berlin: Springer-Verlag 1999: 129-134.
[201] Blaze M, Beumer G, Strauss M, Divertible protocols and atomic proxy cryptography, In "Workshop on the Theory and Application of Cryptograph Techniques--EUROCRYPT'98", LNCS 1403, Berlin: Springer-Verlag 1998: 127-144.
[202] Camenisch J, Michels M. A group signature with improved efficiency, In "Proc. of International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT'98", LNCS 1514, Berlin: Springer-Verlag, 1998, Berlin: Springer-Verlag 1998: 160-174.
[203] Franklin M, Yung M. Secure and efficient off-line digital money. "Proc. of 12th International Colloquium on Automata, Languages and Programming-ICALP'93", LNCS 700, Berlin: Springer-Verlag 1993: 265-276.
[204] Pedersen T P. Electronic payments of small amounts. In "Security Protocols'96". LNCS 1189, Berlin: Springer-Verlag, 1996: 59-68.
[205] Hanaoka G, Zheng Y, Imai H. LITESET: a light-weight secure electronic transaction protocol. In "Information Security and Privacy-ACISP '98". LNCS 1438, Berlin: Springer-Verlag, 1998: 215-226.
[206] Josep D F, Jordi H J. Spending programs: a tool for flexible micropayments. In "International Information Security Workshop-ISW'99". LNCS 1729, Springer-Verlag, 1999: 1-13.
[207] Mao W. Lightweight Micro cash for the Internet. In "European Symposium on Research in Computer Security-ESORICS'96", LNC S 1146, Berlin: Springer-Verlag, 1996: 15-32.
[208] Rivest R L.. Electronic lottery tickets as micropayments. In "Financial Cryptography'97", LNCS 1318, Berlin: Springer-Verlag, 1997: 307-314.
[209] Horn G, Preneel B. Authentication and payment in future mobile systems. In "European Symposium on Research in Computer Security-ESORICS'98". LNCS 1485, Springer-Verlag, 1998:277-293.
[210] Park D G, Boyd C, Moon S J. Forward secrecy and its application to future mobile communications security. In "Public Key Cryptosystems-PKC2000". LNCS 1751, Berlin: Springer-Verlag 2000: 433-445.
[211] Rivest R L, Shamir A. Payword and microMint: two simple micropayment schemes. In "Security Protocols'96", LNCS 1189, Berlin: Springer-Verlag, 1996: 69-88.
[212] Zhou J Y, Lam K Y. A secure pay-per view scheme for web-based video service. In "Public Key Cryptography-PKC'99". LNCS 1560, Berlin: Springer-Verlag, 1999: 315-326.
[213] Jutla C, Yung M. PayTree: "amortized-signature" for flexible micro payments. In "Proc. of the Second USENIX Workshop on Electronic Commerce", USENIX, 1996: 213-221.
[214] Bellare M, Garary J, Hauser R, etc. Design, implementation, and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communication, 18(4) , 2000: 611-627.
[215] Hasnsser R, Steiner M, Waidner M. Micro-payments base on iKP. In "Proceedings of 14th Worldwide Congress on Computer and Communications Security Protection", C.N.I.T Paris-La Defense, France, 1996: 67-82.