Ad Hoc网络可证明安全的群组密钥协商协议研究
|
摘要
Ad Hoc网络是自组织(Self-organizing)、高度动态(Highly Dynam-ic)的网络,无须基站或者中心控制器等基础设施,即可自主建立并维护群组节点之间的通信。Ad Hoc网络最初应用于军事领域,但随着无线通信和终端技术的发展,逐渐在其他很多领域找到应用场景,包括:用于在无有线通信基础设施或者其遭到破坏时的灾难拯救;用于恶劣环境下状态监测,如无线传感器网络(Wireless Sensor Networks, WSN);需要分布式特性的应用网络通信环境,如群组会议、分布式计算等;其它有线通信设施不足,需要快速建立通信的环境。Ad Hoc网络灵活的组网特点使其有越来越多的应用场景,但同时也带来很多安全问题,而通信安全在需要防止窃听、破坏和入侵的军事领域或者商业应用中尤为重要。一种最通用和有效的方式就是利用群组中所有节点共享的密钥对网络中交互的消息进行加密,而这个群组密钥建立的过程即为群组密钥协商(Group Key Agreement, GKA)。基于广播网络的传统群组密钥协商已经得到很广泛深入的研究,但这些协议并不能直接应用在无线Ad Hoc网络中,因为它们大都基于广播并假设节点间可以直接通信,同时需要较高的通信带宽和大量的计算资源,而Ad Hoc网络节点间距离为多跳,而且节点的能量和计算、存储资源都有限。因此Ad Hoc网络的群组密钥协商面临巨大的挑战,有时甚至是不可能实现的任务。分簇算法将Ad Hoc网络分为若干分簇,簇内的节点可以直接通信或者通过簇头的转发通信,簇头节点形成更高的层级结构,并转发分簇间节点的通信,为网络中节点高效的通信和灵活管理提供基础。基于分簇的群组密钥协商成为研究热点,一般包括两个阶段:簇内密钥协商,在所有簇内节点间共享簇密钥;簇间密钥协商,实现群组密钥的分发。本文研究Ad Hoc网络基于分簇的群组密钥协商协议并对设计的协议进行了安全性和效率分析,主要工作和创新点如下:
1.基于广播网络中传统群组密钥协商协议,提出了一种执行轮数和计算效率优化的用于Ad Hoc网络簇内密钥协商的子协议。与同类型的基于环结构的群组密钥协商协议相比,提出的协议大大降低了执行轮数,仅约为原来的一半,并且在计算效率和通信效率上都有所提升。对协议的语义安全性做了证明,并将其作为子协议应用到其它已经存在的Ad Hoc网络基于分簇的群组密钥协商协议HKAP和CGDH中,对比结果表明,除了协议执行轮数大幅减少,提出的协议在其他参数相当的情况下,大大减少了HKAP协议中消息交互的总数量,并大幅度减少了CGDH协议的指数运算量。另外协议使用C-MACON转换器实现显示认证和贡献性,能抵抗未知密钥共享攻击和内部恶意参与者的密钥控制攻击。
2.针对现有协议在网络规模变大时,簇内密钥协商的通信复杂度和计算复杂度都急剧增加的缺陷,提出了一种适用于大规模Ad Hoc网络的认证群组密钥协商算法,与大部分基于分簇的算法将网络分成单跳分簇不同,设计的算法将网络中的节点采用2跳分簇算法分成若干分簇,所有簇头形成最小生成树的结构。为了更大程度减小协议执行过程中,消息交互的通信负载,采用BSL短签名算法去实现消息认证。采用2跳分簇的网络,同等网络规模下可以产生更少的分簇数,并使节点成员关系的变化以更大的概率发生在分簇内,从而使网络保持更大的稳定性,更容易实现群组密钥更新。协议使用改进的IC-GKA协议实现簇内密钥协商,AT-GDH协议实现簇间密钥协商及群组密钥分发。首次证明了AT-GDH协议的安全性,并在此基础上,证明了所提出协议的安全性。提出的协议支持节点加入、退出等成员关系的变化。使用的簇内密钥协商协议不基于广播,因而需要更少的消息交互,另外协议的计算效率也有明显提高(与比较协议对比,由O(n2)降低到O(n))。通信复杂度和计算复杂度分析的结果表明(包括加入通信延迟的考虑),提出的协议是一种适用于大规模Ad Hoc网络的通信和计算高效的群组密钥协商协议。
3.提出一种适用于Ad Hoc网络的基于Clique的计算高效的群组密钥协商协议,网络中的节点按照地理位置邻近关系划分若干分簇(Clique,簇内节点间可直接通信),所有簇头节点组成最小生成树的结构。协议采用数字签名算法对执行过程中交互的消息进行认证,从而转化为认证密钥协商协议。每个分簇内的节点采用DB协议协商簇密钥,使用PCKA协议形成簇间密钥,并通过对称加密算法实现会话密钥在生成树上的层层分发,最后所有节点计算出群组密钥。协议实现了贡献性(Contributiveness),即最终的群组密钥由网络中所有节点的私密值共同决定,任何簇头节点无法决定群组密钥的值。协议还对网络中成员关系的动态变化,比如成员加入、成员退出等提供支持,加入了相应的密钥更新算法。除了对协议进行安全性证明,还对协议的执行效率包含通信复杂度和计算复杂度进行分析。基于相同硬件平台下的能量分析表明,提出的协议是计算高效的群组密钥协商协议,在任何的网络规模下,与对比协议相比,具有最少的总能量消耗。
4.针对采用数字签名的认证协议需要公钥基础设施或者能存储高熵密钥的硬件的局限性,提出了一种基于便于记忆的低熵共享口令的群组加密密钥协商协议,协议可用于Ad Hoc网络中,为每一个分簇产生簇密钥,与适当的簇间密钥协商协议相结合,便可为整个网络中所有节点计算全局共享密钥。在DDH假设下,借助随机预言模型和理想加密模型对协议进行了安全性证明。安全证明结论表明,提出的协议能抵抗离线字典攻击,即借助于窃听协议执行过程中交互的消息,只能获得可忽略的优势,而仅有的办法就是猜测协议参与者共享的口令仿冒诚实的参与者执行协议。效率对比表明,提出的协议具有适中的通信轮数,最少的计算量,因而适合应用于资源受限的Ad Hoc网络中进行群组密钥协商。
综上所述,本文研究了Ad Hoc网络基于分簇的群组密钥协商协议,提出了优化的簇内密钥协商协议,并分别实现了用于大规模网络和基于Clique的群组密钥协商协议,设计的协议或者具有较高的通信和计算效率,或者具有最少的能量消耗,因此适合为Ad Hoc网络所有节点协商共享密钥,为后续建立安全信道提供保障。
Ad hoc networks is self-organizing, highly dynamic networks which can autonomously establish and maintain the communication among a group of the nodes without the requirement of centralized administration or fixed infrastruc-ture such as base stations or access points. The study and applications for ad hoc networks firstly come from the requirements of military field, but with the development of wireless communication and terminal technology, ad hoc net-works has more and more applications in other sceneries which include:disaster rescuing with no wire communication infrastructure or its being destroyed; the condition monitoring of severe environment using Wireless Sensor Networks (WSN); distributive and cooperative communications such as conference meet-ing and distributive computing and so on; other environments which need to set up communication quickly, but have no wire communication infrastructure. In these applications, secure communication is a critical problem. An effective way to achieve secure communication is to encrypt all the messages exchanged among network users with a common key computed before any communication starts. But establishing a common key shared by the whole group nodes is a difficulty and sometimes impossible work because of the characteristics in ad hoc networks, such as dynamic topology and multi-hops distance. Many effi-cient group key agreement (GKA) protocols proposed for wired networks are however not adaptable directly for wireless ad hoc networks because all of them are based on broadcasting or one-hop distance assumption among all the nodes. Clustering, which partitions the whole network into subgroups, provides con-venience and high efficiency for routing and other network management work. Many clustering-based GKA protocols for ad hoc networks have been proposed which always consist of two phases:intra-cluster key agreement generating a cluster key among the nodes within each cluster and group key agreement gen-erating group key among the cluster-heads (representatives of the cluster) and then sharing the group key among entire group members by some broadcasting or distributing methods. Our work mainly focus on clustering-based group key agreement. The main contribution and innovations of our thesis are as follows.
1. We propose an authenticated group key agreement protocol which needs less communication rounds and also provides more computation efficien-cy than other ring-based protocols. Our scheme is suitable for resource-constraint environments such as Ad-hoc Network. We prove the semantic security of our scheme and make analysis in two aspects:communication and computation. At last, we make the proposed protocol to be adopted as sub protocol in the existing GKA protocols(HKAP and CGDH) for ad hoc networks and the comparison results show that our protocol promotes the efficiency apparently not only on communication for HKAP but also on computation for CGDH. Besides, Our protocol uses the compiler C-MACON to achieve mutual authentication and contributiveness which can resist the unknown-key share attack and the key control attack of malicious participants/insiders.
2. We propose an authenticated group key agreement for large ad hoc net-works which solves the drawback, that is, the complexity of both commu-nication and computation increases sharply when the size of the network-s becomes large. Our scheme adopts BSL short signature algorithm to achieve message authentication and reduce the message overhead during the protocol execution. Using the2-hop clustering algorithm, our protocol is more suitable for large ad hoc networks, because it can generate less number of clusters and make the group more stable. We adopts AT-GDH to get the group key among the cluster-heads, uses IC-GKA to get cluster key among members in a cluster, and for the first time we make a secu-rity proof for the AT-GDH protocol by which we hence prove our whole protocol's semantic security combining the IC-GKA's security proof. Our protocol also handles the dynamic membership changes of the group nodes and makes complexity comparison with other protocols. The intra-cluster key agreement used in our protocol is not based on broadcasting, so need-s less exchange of message. Besides, the computation efficiency of our protocol is obviously improved which is reduced from O(n2) to O(n) compared with the referenced protocol. The analysis results of communi-cation complexity and computation complexity which also considers the delay of communication show that the proposed group key agreement pro-tocol has high efficiency both on communication and computation, and is suitable for large ad hoc networks.
3. We propose an authenticated clique-based group key agreement for ad hoc networks which has high computational efficiency, partitions the whole group nodes into clusters and arranges the cluster heads in a spanning tree. Our protocol uses digital signature algorithm to authenticate all the mes-sages exchanged during the execution of the protocol. Our scheme com-putes the cluster key of each cluster using DB and finally gets the group key by executing moderate rounds of PCKA combining the symmetric en-cryption and decryption algorithms. The contributiveness and handling of membership changes such as member join and member leave are imple-mented in our algorithm. We prove the semantic security of our protocol and make complexity analysis consisting of communicational and compu-tational complexity. The energy analysis results based on the same hard-ware platform show that the proposed protocol has high efficiency on com-putation and has the least total energy consumption in any network scale compared with other referenced protocols.
4. We propose a password-based encrypted group key agreement protocol which generates cluster key for each cluster of the whole group and can be used as a sub-protocol to finally generate the group session key combining with inter-cluster key agreement protocol. We prove the security in the ran-dom oracle and ideal cipher models under the Decisional Diffie-Hellman assumption. The security result shows that the adversary can get negligible advantage by eavesdropping the messages exchanged during the execution of protocol and that the only way for the adversary to attack the security of protocol is to impersonate a user by guessing the password shared by all the users. So the protocol can resist both offline and online dictionary attacks. Efficiency comparison results show that our protocol is efficient and suitable for ad hoc networks.
The paper makes study on clustering-based group key agreement for Ad Hoc Networks, proposes more efficient intra-cluster key agreement protocols and group key agreement protocols for large and cliques-based Ad Hoc Net-works respectively. Comparisons show that our proposed protocols have high efficiency both on communication and computation and have less energy cost, so are suitable to be applied to the resource-limited Ad Hoc Networks and sup- ply indemnification for subsequently establishing secure channel.
1.基于广播网络中传统群组密钥协商协议,提出了一种执行轮数和计算效率优化的用于Ad Hoc网络簇内密钥协商的子协议。与同类型的基于环结构的群组密钥协商协议相比,提出的协议大大降低了执行轮数,仅约为原来的一半,并且在计算效率和通信效率上都有所提升。对协议的语义安全性做了证明,并将其作为子协议应用到其它已经存在的Ad Hoc网络基于分簇的群组密钥协商协议HKAP和CGDH中,对比结果表明,除了协议执行轮数大幅减少,提出的协议在其他参数相当的情况下,大大减少了HKAP协议中消息交互的总数量,并大幅度减少了CGDH协议的指数运算量。另外协议使用C-MACON转换器实现显示认证和贡献性,能抵抗未知密钥共享攻击和内部恶意参与者的密钥控制攻击。
2.针对现有协议在网络规模变大时,簇内密钥协商的通信复杂度和计算复杂度都急剧增加的缺陷,提出了一种适用于大规模Ad Hoc网络的认证群组密钥协商算法,与大部分基于分簇的算法将网络分成单跳分簇不同,设计的算法将网络中的节点采用2跳分簇算法分成若干分簇,所有簇头形成最小生成树的结构。为了更大程度减小协议执行过程中,消息交互的通信负载,采用BSL短签名算法去实现消息认证。采用2跳分簇的网络,同等网络规模下可以产生更少的分簇数,并使节点成员关系的变化以更大的概率发生在分簇内,从而使网络保持更大的稳定性,更容易实现群组密钥更新。协议使用改进的IC-GKA协议实现簇内密钥协商,AT-GDH协议实现簇间密钥协商及群组密钥分发。首次证明了AT-GDH协议的安全性,并在此基础上,证明了所提出协议的安全性。提出的协议支持节点加入、退出等成员关系的变化。使用的簇内密钥协商协议不基于广播,因而需要更少的消息交互,另外协议的计算效率也有明显提高(与比较协议对比,由O(n2)降低到O(n))。通信复杂度和计算复杂度分析的结果表明(包括加入通信延迟的考虑),提出的协议是一种适用于大规模Ad Hoc网络的通信和计算高效的群组密钥协商协议。
3.提出一种适用于Ad Hoc网络的基于Clique的计算高效的群组密钥协商协议,网络中的节点按照地理位置邻近关系划分若干分簇(Clique,簇内节点间可直接通信),所有簇头节点组成最小生成树的结构。协议采用数字签名算法对执行过程中交互的消息进行认证,从而转化为认证密钥协商协议。每个分簇内的节点采用DB协议协商簇密钥,使用PCKA协议形成簇间密钥,并通过对称加密算法实现会话密钥在生成树上的层层分发,最后所有节点计算出群组密钥。协议实现了贡献性(Contributiveness),即最终的群组密钥由网络中所有节点的私密值共同决定,任何簇头节点无法决定群组密钥的值。协议还对网络中成员关系的动态变化,比如成员加入、成员退出等提供支持,加入了相应的密钥更新算法。除了对协议进行安全性证明,还对协议的执行效率包含通信复杂度和计算复杂度进行分析。基于相同硬件平台下的能量分析表明,提出的协议是计算高效的群组密钥协商协议,在任何的网络规模下,与对比协议相比,具有最少的总能量消耗。
4.针对采用数字签名的认证协议需要公钥基础设施或者能存储高熵密钥的硬件的局限性,提出了一种基于便于记忆的低熵共享口令的群组加密密钥协商协议,协议可用于Ad Hoc网络中,为每一个分簇产生簇密钥,与适当的簇间密钥协商协议相结合,便可为整个网络中所有节点计算全局共享密钥。在DDH假设下,借助随机预言模型和理想加密模型对协议进行了安全性证明。安全证明结论表明,提出的协议能抵抗离线字典攻击,即借助于窃听协议执行过程中交互的消息,只能获得可忽略的优势,而仅有的办法就是猜测协议参与者共享的口令仿冒诚实的参与者执行协议。效率对比表明,提出的协议具有适中的通信轮数,最少的计算量,因而适合应用于资源受限的Ad Hoc网络中进行群组密钥协商。
综上所述,本文研究了Ad Hoc网络基于分簇的群组密钥协商协议,提出了优化的簇内密钥协商协议,并分别实现了用于大规模网络和基于Clique的群组密钥协商协议,设计的协议或者具有较高的通信和计算效率,或者具有最少的能量消耗,因此适合为Ad Hoc网络所有节点协商共享密钥,为后续建立安全信道提供保障。
Ad hoc networks is self-organizing, highly dynamic networks which can autonomously establish and maintain the communication among a group of the nodes without the requirement of centralized administration or fixed infrastruc-ture such as base stations or access points. The study and applications for ad hoc networks firstly come from the requirements of military field, but with the development of wireless communication and terminal technology, ad hoc net-works has more and more applications in other sceneries which include:disaster rescuing with no wire communication infrastructure or its being destroyed; the condition monitoring of severe environment using Wireless Sensor Networks (WSN); distributive and cooperative communications such as conference meet-ing and distributive computing and so on; other environments which need to set up communication quickly, but have no wire communication infrastructure. In these applications, secure communication is a critical problem. An effective way to achieve secure communication is to encrypt all the messages exchanged among network users with a common key computed before any communication starts. But establishing a common key shared by the whole group nodes is a difficulty and sometimes impossible work because of the characteristics in ad hoc networks, such as dynamic topology and multi-hops distance. Many effi-cient group key agreement (GKA) protocols proposed for wired networks are however not adaptable directly for wireless ad hoc networks because all of them are based on broadcasting or one-hop distance assumption among all the nodes. Clustering, which partitions the whole network into subgroups, provides con-venience and high efficiency for routing and other network management work. Many clustering-based GKA protocols for ad hoc networks have been proposed which always consist of two phases:intra-cluster key agreement generating a cluster key among the nodes within each cluster and group key agreement gen-erating group key among the cluster-heads (representatives of the cluster) and then sharing the group key among entire group members by some broadcasting or distributing methods. Our work mainly focus on clustering-based group key agreement. The main contribution and innovations of our thesis are as follows.
1. We propose an authenticated group key agreement protocol which needs less communication rounds and also provides more computation efficien-cy than other ring-based protocols. Our scheme is suitable for resource-constraint environments such as Ad-hoc Network. We prove the semantic security of our scheme and make analysis in two aspects:communication and computation. At last, we make the proposed protocol to be adopted as sub protocol in the existing GKA protocols(HKAP and CGDH) for ad hoc networks and the comparison results show that our protocol promotes the efficiency apparently not only on communication for HKAP but also on computation for CGDH. Besides, Our protocol uses the compiler C-MACON to achieve mutual authentication and contributiveness which can resist the unknown-key share attack and the key control attack of malicious participants/insiders.
2. We propose an authenticated group key agreement for large ad hoc net-works which solves the drawback, that is, the complexity of both commu-nication and computation increases sharply when the size of the network-s becomes large. Our scheme adopts BSL short signature algorithm to achieve message authentication and reduce the message overhead during the protocol execution. Using the2-hop clustering algorithm, our protocol is more suitable for large ad hoc networks, because it can generate less number of clusters and make the group more stable. We adopts AT-GDH to get the group key among the cluster-heads, uses IC-GKA to get cluster key among members in a cluster, and for the first time we make a secu-rity proof for the AT-GDH protocol by which we hence prove our whole protocol's semantic security combining the IC-GKA's security proof. Our protocol also handles the dynamic membership changes of the group nodes and makes complexity comparison with other protocols. The intra-cluster key agreement used in our protocol is not based on broadcasting, so need-s less exchange of message. Besides, the computation efficiency of our protocol is obviously improved which is reduced from O(n2) to O(n) compared with the referenced protocol. The analysis results of communi-cation complexity and computation complexity which also considers the delay of communication show that the proposed group key agreement pro-tocol has high efficiency both on communication and computation, and is suitable for large ad hoc networks.
3. We propose an authenticated clique-based group key agreement for ad hoc networks which has high computational efficiency, partitions the whole group nodes into clusters and arranges the cluster heads in a spanning tree. Our protocol uses digital signature algorithm to authenticate all the mes-sages exchanged during the execution of the protocol. Our scheme com-putes the cluster key of each cluster using DB and finally gets the group key by executing moderate rounds of PCKA combining the symmetric en-cryption and decryption algorithms. The contributiveness and handling of membership changes such as member join and member leave are imple-mented in our algorithm. We prove the semantic security of our protocol and make complexity analysis consisting of communicational and compu-tational complexity. The energy analysis results based on the same hard-ware platform show that the proposed protocol has high efficiency on com-putation and has the least total energy consumption in any network scale compared with other referenced protocols.
4. We propose a password-based encrypted group key agreement protocol which generates cluster key for each cluster of the whole group and can be used as a sub-protocol to finally generate the group session key combining with inter-cluster key agreement protocol. We prove the security in the ran-dom oracle and ideal cipher models under the Decisional Diffie-Hellman assumption. The security result shows that the adversary can get negligible advantage by eavesdropping the messages exchanged during the execution of protocol and that the only way for the adversary to attack the security of protocol is to impersonate a user by guessing the password shared by all the users. So the protocol can resist both offline and online dictionary attacks. Efficiency comparison results show that our protocol is efficient and suitable for ad hoc networks.
The paper makes study on clustering-based group key agreement for Ad Hoc Networks, proposes more efficient intra-cluster key agreement protocols and group key agreement protocols for large and cliques-based Ad Hoc Net-works respectively. Comparisons show that our proposed protocols have high efficiency both on communication and computation and have less energy cost, so are suitable to be applied to the resource-limited Ad Hoc Networks and sup- ply indemnification for subsequently establishing secure channel.
引文
[1]Diffie W. and Hellman M., New Directions in Cryptography, IEEE Transaction on Information Theory,22 (6),1976, pp.644-654.
[2]Joux A., A One Round Protocol for Tripartite Diffie-Hellman, In Proc. of ANTS: LNCS 1838, Berlin, Germany,2000, pp.385-394.
[3]郑明辉,可证安全的组密钥协商协议研究[学位论文],华中科技大学,武汉,2008.
[4]Ingemarsson I., Tang D. T., and Wong C. K., A Conference Key Distribution System, IEEE Transactions on Information Theory,28 (5),1982, pp.714-720.
[5]Steinter M., Tsudik G., and Wainer M., Diffie-Hellman Key Distribution Extended to Group Communication, In Gong L., Stearn J., editors, Proc. of ACM CCS 1996, New York, NY, USA,1996, pp.31-37.
[6]Bresson E., Chevassut O., Pointcheval D., et al., Provably Authenticated Group Diffie-Hellman Key Exchange, In Reiter M. K., Samarati P., editors, Proc. of ACM CCS 2001, New York, NY, USA,2001, pp.255-264.
[7]Bresson E., Chevassut O., and Pointcheval D., Provably Authenticated Group Diffie-Hellman Key Exchange-The Dynamic Case, In Boyd C., editor, Proc. of ASIACRYPT 2001:LNCS 2248, Gold Coast, Queensland, Australia,2001, pp.290-309.
[8]Bresson E., Chevassut O., and Pointcheval D., Dynamic Group Diffie-Hellman Key Exchange under Standard Assumption, In Knudsen L. R., editor, Proc. of EU-ROCRYPT 2002:LNCS 2332, Amsterdam, The Netherlands,2002, pp.321-336.
[9]Kim Y., Perrig A., and Tsudik G., Tree-Based Group Key Agreement, ACM Trans-action on Information and System Security,7(1),2004, pp.60-96.
[10]Bellare M. and Rogaway P., Random Oracles are Practical:A Paradigm for Designing Efficient Protocols, In Proc. of ACM CCS 1993, New York, NY, USA,1993, pp.
[11]Bresson E. and Manulis M., Securing Group Key Exchange Against Strong Corrup-tions, In Proc. of the 2008 ACM symposium on Information, Computer and Commu-nications Security, Tokyo, Japan,2008, pp.249-260.
[12]Brecher T., Bresson E., and Manulis M., Fully Robust Tree-Diffie-Hellman Group Key Exchange, In Garay J. A., Miyaji A., Otsuka A., editors, Proc. of CANS 2009: LNCS 5888, Kanazawa, Ishikawa, Japan,2009, pp.478-497.
[13]Burmester M. and Desmedt Y., A Secure and Efficient Conference Key Distribution System, In Santic A. D., editor, EUROCRYPT 1994:LNCS 950, Berlin, Germany, 1995, pp.275-286.
[14]Burmester M. and Desmedt Y., A Secure and Scalable Group Key Exchange System, Information Processing Letters,94 (3),2005, pp.137-143.
[15]Katz J. and Yung M., Scalable Protocols for Authenticated Group Key Exchange, In Dan Boneh, editor, Proc. of CRYPTO 2003:LNCS 2729, Berlin, Germany,2003, pp. 110-125.
[16]Dutta R. and Barua R., Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting, IEEE Transactions on Information Theory,54 (5), 2008, pp.2007-2025.
[17]许立,《无线传感器网络的安全和优化》,北京:电子工业出版社,2010年
[18]Yu J. Y. and Chong P. H. J., A Survey of Clustering Schemes for Mobile Ad Hoc Networks, IEEE Communications Surveys and Tutorial,7 (1),2005, pp.32-48.
[19]Lin C. R. and Gerla M., Adaptive Clustering for Mobile Wireless Networks, IEEE Journal on Selected Areas in Communications,15 (7),1997, pp.1265-1275.
[20]Chinara S. and Rath S. K., A Survey on One-Hop Clustering Algorithms in Mobile Ad Hoc Networks, Journal of Networks System Manage,17,2009, pp.183-207.
[21]Klaoudatou E., Konstantinou E., Kambourakis G., et al., A Survey on Cluster-Based Group Key Agreement Protocols for WSNs, IEEE Communications Suiveys and Tu-torials,13 (3),2011, (in press).
[22]Shi H., He M., and Qin Z., Authenticated and Communication Efficient Group Key Agreement for Clustered Ad Hoc Networks, In Proc. of 5th International Conference on Cryptology and Network Security, Suzhou, China,2006, pp.73-89.
[23]Abdel-Hafez A., Miri A., and Orozco-Barbosa L., Scalable and Fault-tolerant Key Agreement Protocol for Dynamic Groups, International Journal of Network Manage-ment,16,2006, pp.185-201.
[24]Atenies G., Steiner M., and Tsudik G., New Multiparty Authentication Services and Key Agreement Protocols, IEEE Journal on Selected Areas in Communications,18 (4),2000, pp.628-639.
[25]Teo J. C. M. and Tan C. H., Denial-of-Service Resilience Password-Based Group Key Agreement for Wireless Networks, In Proc. of 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, Chania, Crete Island, Greece,2007, pp. 136-143.
[26]Hietalahti M., A Clustering-Based Group Key Agreement Protocol for Ad-Hoc Net-work, Electronic Notes in Theoretical Computer Science,192,2008, pp.43-53.
[27]Hietalahti M., Efficient Key Agreement for Ad-hoc Networks [Dissertation], Helsinki University of Technology, Espoo, Finland,2001.
[28]Dutta R. and Dowling T., Secure and Efficient Group Key Agreements for Cluster Based Networks, Transactions on Computational Science,4,2009, pp.87-116.
[29]Dutta R., Barua R., and Sarkar P., Provably Secure Authenticated Tree Based Group Key Agreement Protocol Using Paring, In Proc. of the 6th International Conference on Information and Communications Security, Malaga, Spain,2004, pp.92-104.
[30]Dutta R. and Dowling T., Provably Secure Hybrid Key Agreement Protocols in Cluster-based Wireless Ad Hoc Networks, Ad Hoc Networks,9,2011, pp.767-787.
[31]Bellovin S. M. and Merritt M., Encrypted Key Exchange:Password-Based Protocols Secure Against Dictionary Attacks, In Proc. of 1992 IEEE Symposium on Security and Privacy,1992, pp.72-84.
[32]Bellare M., Pointcheval D., and Rogaway P., Authenticated Key Exchange Secure Against Dictionary Attacks, In Proc. of EUROCRYPT 2000:LNCS 1807, Berlin, Ger-many,2000, pp.139-155.
[33]Bellare M. and Rogaway P., Entity Authentication and Key Distribution, In Proc. of Crypto 1993:LNCS 773, Berlin, Germany,1993, pp.232-249.
[34]Bellare M. and Rogaway P., Provably Secure Session Key Distribution:The Three Party Case, In Proc. of STOC 1995, New York, USA,1995, pp.57-66.
[35]Boyko V., MacKenzie P. D., and Patel S., Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman, In Proc. of EUROCRYPT 2000:LNCS 1807, Berlin, Germany,2000, pp.156-171.
[36]Shoup V., On Formal Models for Secure Key Exchange, Technical Report RZ 3120, IBM,1999.
[37]Katz J., Ostrovsky R.,, et al., Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, In Proc. of EUROCRYPT 2001:LNCS 2045, Berlin, Germany,2001, pp.475-494.
[38]Gennaro R. and Lindell Y., A Framework for Password-Based Authenticated Key Exchange, In Biham E., editor, EUROCRYPT 2003:LNCS 2656, Berlin, Germany, 2003, pp.524-543.
[39]Cramer R. and Shoup V., Universal Hash Proofs and A Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption, In Lars Knudsen, editor, Proc. of EURO-CRYPT 2002:LNCS 2332, Berlin, Germany,2002, pp.45-64.
[40]Canetti R., Halevi S., Katz J., et al., Universally Composable Password-Based Key Exchange, In Proc. of EUROCRYPT 2005:LNCS 3494,2005, pp.404-421.
[41]Canetti R., Universally Composable Security:A New Paradigm for Cryptographic Protocols, In Proc. of 42nd FOCS,2001, pp.136-145.
[42]Bresson E., Chevassut O., and Pointcheval D., Security Proofs for an Efficient Password-Based Key Exchange, In Proc. of ACM CCS 2003, Washington, DC, USA, 2003, pp.241-250.
[43]Abdalla M. and Pointcheval D., Simple Password-Based Encrypted Key Exchange Protocols, In CT-RSA 2005:LNCS 3376, Berlin, Germany,2005, pp.191-208.
[44]MacKenzie P. D., The PAK Suite:Protocols for Password-Authenticated Key Ex-change, Contributions to IEEE P1363.2,2002.
[45]Gentry C., MacKenzie P., and Ramzan Z., A Method for Making Password-based Key Exchange Resilient to Server Compromise, In Proc. of CRYPTO 2006:LNCS 4117, Berlin, Germany,2006, pp.142-159.
[46]Bohli J.-M., Vasco M. I. G., and Steinwandt R., Password-Authenticated Constant-Round Group Key Establishment with a Common Reference String, Cryptology ePrint Archive, Report 2006/214,2006.
[47]Shannon C., Communication theory of secrecy systems, Bell Systems Technical Jour-nal,28 (4),1949, pp.656-715.
[48]Katz J., Ostrovsky R., and Yung M., Efficient and Secure Authenticated Key Ex-change Using Weak Passwords, Journal of the ACM,57 (1),2009.
[49]Abdalla M. and Pointcheval D., A Scalable Password-Based Group Key Exchange Protocol in the Stand Model, In Proc. of ASIACRYPT 2006,2006, pp.332-347.
[50]Abdalla M., Catalano D., Chevalier C., et al., Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework, In CT-RSA 2008:LNCS 4964,2008, pp.335-351.
[51]Liskov M., Rivest R. L., and Wagner D., Tweakable Block Ciphers, In Proc. of CRYPTO 2002:LNCS 2442, Berlin, Germany,2002, pp.31-46.
[52]Michel Abdalla D. C., Chevalier C., and Pointcheval D., Password-Authenticated Group Key Agreement with Adaptive Security and Contributiveness, In Preneel B., editor, AFRICACRYPT 2009:LNCS 5580,2009, pp.254-271.
[53]Abdalla M., Bresson E., Chevassut O., et al., Password-Based Group Key Exchange in a Constant Number of Rounds, In Yung M., Dodis Y., Kiayias A., and Malkin T., editors, PKC 2006:LNCS 3958,2006, pp.427-442.
[54]Bresson E., Chevassut O., and Pointcheval D., Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks, In Proc. of ASIACRYPT 2002:LNCS 2501,2002, pp.497-514.
[55]Dutta R. and Barua R., Password-Based Encrypted Group Key Agreement, Interna-tional Journal of Network Security,3 (1),2006, pp.23-34.
[56]McDonald A. B. and Znati T. F., Design and Performance of a Distributed Dynam-ic Clustering Algorithm for Ad-Hoc Networks, In Proc. of 34th Annual Simulation Symp.,2001, pp.27-35.
[57]Ohta T., Inoue S., and Kakuda Y., An Adaptive Multihop Clustering Scheme for Highly Mobile Ad Hoc Networks, In Proc. of ISADS 2003,2003., pp.293-300
[58]Nocetti F. G. and Gonzalez J. S., Connectivity Based k-Hop Clustering in Wireless Networks, Telecommunication Systems,22 (1),2003, pp.205-220.
[59]金海旻,可认证密钥交换研究[学位论文],中国科学技术大学,合肥,2010.
[60]黄海,认证密钥交换协议及其安全模型的研究[学位论文],上海交通大学,上海,2009.
[61]Lee S., Kim Y., Kim K., et al., An Efficient Tree-Based Group Key Agreement Using Bilinear Maps, In Proc. of ACNS 2003:LNCS 2846,2003, pp.357-371.
[62]Dutta R., Barua R., and Sarkar P., Pairing-Based Cryptographic Protocols:A Survey, Cryptology ePrint Archive, Report 2004/064,2004.
[63]Sui A. F., Yang Y. X., Niu X. X., et al., Research on the Authenticated Key Agreement Protocol Based on Elliptic Curve Cryptography, Jounal of Beijing University of Posts and Telecommunications,24 (3),2004, pp.28-32.
[64]冯登国等编著,《信息安全中的数学方法与技术》,清华大学出版社,2009年
[65]阮传概,孙伟等编著,《近世代数及其应用》,北京邮电大学出版社,2001年
[66]赵建杰,认证密钥协商协议的分析与设计[学位论文],上海交通大学,上海,2010.
[67]胡学先,标准模型下口令认证密钥交换协议的分析与设计[学位论文],解放军信息工程大学,郑州,2010.
[68]Choo K. K. R., Key establishment:proofs and refutations [Dissertation], Queensland University of Technology, Queensland,Australia,2006.
[69]Manulis M., Survey on Security Requirements and Models for Group Key Exchange, Cryptology ePrint Archive, Report 2006/388,2006.
[70]Manulis M., Provably Secure Group Key Exchange [Dissertation], Ruhr University, Bochum, Germany,2007.
[71]李国民,群密钥协商协议的分析与设计[学位论文],西南交通大学,成都,2008.
[72]Yacobi Y. and Shmuely Z., On Key Distribution Systems, In Proc. of CRYPTO 1989: LNCS 435, Berlin, Germany,1989, pp.344-355.
[73]Steiner M., Secure Group Key Agreement [Dissertation], Saarland University,2002.
[74]Choi K. Y., Hwang J. Y., and Lee D. H., Efficient ID-based Group Key Agreement with Bilinear Maps, In Proc. of PKC 2004:LNCS 2947, Berlin, Germany,2004, pp. 130-144.
[75]Manulis M., Contributory Group Key Agreement Protocols, In Proc. of MASS 2005, 2005, pp.811-818.
[76]Steiner M., Tsudik G., and Waidner M., Cliques:A New Approach to Group Key Agreement, In Proc. of IEEE Conference on Distributed Computing Systems,1998, pp.380-391.
[77]Ateniese G., Steiner M., and Tsudik G., Authentieated Group Key Agreement and Friends, In Proc. of CCS 1998,1998, pp.17-26.
[78]Steer D. G., Strawczynski L., Diffie W., et al., A Secure Audio Teleconference System, In Proc. of CRYPTO 1988:LNCS 403, Berlin, Germany,1990, pp.520-528.
[79]Perrig A., Efficient Collabrative Key Management Protocols for Secure Autonomous Group Communication, In Proc. of the International Workshop on Cryptographic Tech-niques and Electronic Commerce 1999, Hong Kong, China,1999, pp.192-202.
[80]Kim Y., Perrig A., and Tsudik G., Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups, In Proc. of CCS 2000, New York, USA,2000, pp. 235-244.
[81]Dutta R., Barua R., and Sarkar P., Extending Joux's Protocol to Multi Party Key Agreement, In Proc. of INDOCRYPT 2003:LNCS 2904, Berlin, Germany,2003, pp. 205-217.
[82]Papadimitriou C. H. and Steiglizt K., Combinatorial Optimization:Algorithms and Complexity,2nd Edition, Dover Publications, INC.,2002
[83]Goldwasse S. and Micali S., Probabilitic Encryption and How to Play Mental Poker Keeping Secret All Partial Information, In Proc. of STOC 1982, New York, USA, 1982,pp.365-377.
[84]Wegman M. N. and Carter J. L., New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences,22 (8),1981, pp.265-279.
[85]Maurer U., Information-Theoretically Secure Secret-Key Agreement by NOT Au-thenticated Public Discussion, In Proc. of EUROCRYPT 1997:LNCS 1233, Berlin,Germany,1997, pp.209-225.
[86]Maurer U., Towards Characterizing when Information-Theoretic Key Agreement is Possible, In Proc. of ASIACRYPT 1996:LNCS 1163, Berlin.Germany,1996, pp.196-209.
[87]Shoup V., Sequences of Games:A Tool for Taming Complexity in Security Proofs, Cryptology ePrint Archive, Report 2004/332,2004.
[88]Goldreich O., Micali S., and Wigderson A., How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority, In Proc. of STOC 1987, New York, USA,1987, pp.218-229.
[89]Dolev D. and Yao A. C.-C., On the security of Public Key Protocols, IEEE Transac-tions on Information Theory,29 (2),1983, pp.198-207.
[90]Abadi M. and Gordon A. D., A Calculus for Cryptographic Protocols:The Spi Calcu-lus, In Proc. of CCS 1997, New York, USA,1997, pp.36-47.
[91]Burrows M., Abadi M., and Needham R., A Logic of Authentication, DEC Systems Research Center, Technical Report 39,1989.
[92]Fabrega F., Herzog J., and Guttman J., Strand Spaces:Why Is a Security Protocol Correct?, In Proc. of IEEE Symposium on Security and Privacy 1998,1998, pp.160-171.
[93]Kemmeter R. A., Meadows C., and Millen J. K., Three Systems for Cryptographic Protocol Analysis, Journal of Cryptology,7 (2),1994, pp.79-130.
[94]Meadows C., Formal Verification of Cryptographic Protocols:A Survey, In Proc. of ASIACRYPT 1994:LNCS 917, Berlin, Germany,1994, pp.135-150.
[95]Abadi M. and Rogaway P., Reconciling Two Views of Cryptography (The Compu-tational Soundness of Formal Encryption), Journal of Cryptology,15 (2),2002, pp. 103-127.
[96]龚征,随机预言机模型下可证明安全性关键问题研究[学位论文],上海交通大学,上海,2008.
[97]Bellare M., Boldyreva A., and Palacio A., An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem, In Proc. of EUROCRYPTO 2004:LNCS 3027, Berlin, Germany,2004, pp.171-188.
[98]Canetti R., Goldreich O., and Halevi S., The Random Oracle Methodology, Revisted, Journal of the ACM,51 (4),2004, pp.557-594.
[99]Nielsen J. B., Separating Random Oracle Proofs from Complexity Theoretic Proof-s: The Non-committing Encryption Case, In Proc. of CRYPTO 2002:LNCS 2442, Berlin, Germany,2002, pp.111-126.
[100]Coron J., Patarin J., and Seurin Y., The random oracle and the ideal cipher model are equivalent, In Proc. of CRYPTO 2008, Berlin, Germany,2008, pp.1-20.
[101]Black J., The Ideal-Cipher Model, Revisited:An Uninstantiable Blockcipher-Based Hash Function, Cryptology ePrint Archive, Report 2005/210,2005.
[102]Katz J. and Shin J. S., Modeling Insider Attacks on Group Key-Exchange Protocols, In Proc. of CCS 2005, New York, USA,2005, pp.180-189.
[103]Bresson E. and Manulis M., Malicious Participants in Group key Exchange-Key Con-trol and Contributiveness in the Shadow of Trust, In Xiao B., Yang L. T, Ma J., Muller-Schloer C. and Hua Y, editors, Proc. of ATC 2007:LNCS 4610, Hong-Kong, China, 2007, pp.395-409.
[104]Bresson E., Manulis M., and Schwenk J., On Security Models and Compilers for Group Key Exchange Protocols, In Miyaji A., Kikuchi H. and Rannenberg K., editors, Proc. of IWSEC 2007:LNCS 4752, Nara, Japan,2007, pp.292-307.
[105]Bresson E. and Manulis M., Securing Group Key Exchange against Strong Corrup-tions and Key Registration Attacks, In Abe M., Gligor V., editors, Proc. of ASIACCS 2008, New York, NY, USA,2008, pp.249-260.
[106]Canetti R., Security and Composition of Multiparty Crypgographic Protocols, Journal of Cryptology,13(1),2000, pp.143-202.
[107]Pfitzmann B. and Waidner M., Composition and Integrity Preservation of Secure Re-active Systems, In Proc. of ACM Conference on Computer and Communications Se-curity(CCS'00), New York, USA,2000, pp.245-254.
[108]Bellare M., Canetti R., and Krawczyk H., A Modular Approach to the Design and Analysis of Authentication and Key Exchange Piotocols(Extended Abstrack), In Proc. of STOC 1998, New York, USA,1998, pp.419-428.
[109]Canetti R. and Krawczyk H., Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, In Proc. of EUROCRYPT 2001, Berlin, Germany,2001, pp.453-474.
[110]Kim H. J., Lee S. M., and Lee D. H., Constant-Round Authenticated Group Key Exchange for Dynamic Groups, In Proc. of ASIACRYPT 2004:LNCS 3329, Berlin, Germany,2004, pp.245-259.
[111]Goldwasser S. and Micali S., Probabilistic Encryption, Journal of Computer and Sys-tem Sciences,28 (2),1984, pp.270-299.
[112]Dutta R. and Barua R., Constant Round Dynamic Group Key Agreement, In Proc. of ISC 2005:LNCS 3650, Berlin, Germany,2005, pp.74-88.
[113]Dutta R. and Barua R., Dynamic Group Key Agreement in Tree-Based Setting, In Proc. of ACISP 2005:LNCS 3574, Berlin, Germany,2005, pp.101-112.
[114]谷利泽,郑世慧,杨义先等编著,《现代密码学教程》,北京邮电大学出版社,2009年
[115]Bresson E.,Chevassut O., and Pointcheval D., A Security Solution for IEEE 802.11 s Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange, International Journal on Wireless and Mobile Computing,2 (1),2007, pp.4-13.
[116]Augot D., Bhaskar R., Issarny V., et al., A Three Round Authenticated Group Key Agreement Protocol for Ad hoc Networks, Pervasive and Mobile Computing,3(1), 2007, pp.36-52.
[117]Yao G., Ren K., Bao F., et al., Making the Key Agreement Protocol in Mobile Ad Hoc Network More Efficient, In Proc. of ACNS 2003:LNCS 2846,2003, pp.343-356.
[118]Steinter M., Tsudik G., and Waidner M., Key Agreement in Dynamic Peer Groups, IEEE Transactions on Parallel and Distributed Systems,11 (8),2000, pp.769-780.
[119]Teo J. C. M. and Tan C. H., Energy-Efficient and Scalable Group Key Agreement for Large Ad Hoc Networks, In Proc. of PE-WASUN, Montreal, Quebec, Canada,2005, pp.114-121.
[120]Joux A., A One Round Protocol for Tripartite Diffie-Hellman, Journal of Cryptology, 17(4),2004, pp.263-276.
[121]Boneh D., Shacham H., and Lynn B., Short Signatures from the Weil Pairing, Journal of Cryptology,17 (4),2004, pp.297-319.
[122]Erciyes K., Dagdeviren O., Cokuslu D., et al., Graph Theoretic Clustering Algo-rithms in Mobile Ad Hoc Networks and Wireless Sensor Networks-Survey, Applied Computational Mathematics,6 (2),2007, pp.162-180.
[123]Abdalla M., Bellare M., and Rogaway P., DHIES:An Encryption Scheme Based on the Diffie-Hellman Problem, In Proc. of CT-RSA:LNCS 2020, Berlin, Germany, 2001, pp.143-158.
[124]Wu J. and Li H., On Calculating Connected Dominating Set for Efficient Routing in Ad Hoc Wireless Networks, In Proc. of the 3rd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications,1999, pp.7-14.
[125]Jayakumar R., Analysis and Study of A Spanning Tree Enumeration Algorithm, In Proc. of Combinatorics and Graph Theory:Lecture Notes in Mathematics 885, Berlin, Germany,1981, pp.284-289.
[126]Carman D. W., Kruus P. S., and Matt B. J., Constraints and Approaches for Dis-tributed Sensor Network Security, NAI Labs Technical Report No.00-010, September 2000.
[127]Savvides A., Park S., and Srivastava M. B., On Modeling Networks of Wireless Microsensors, In Proc. of SIGMETRICS 2001, Cambridge, MA, USA,2001, pp.318-319.
[128]Hodjat A. and Verbauwhede I., The Energy Cost of Secrets in Ad-hoc Networks, In Proc. of IEEE CAS Workshop on Wireless Communications and Networking,2002.
[129]Abdalla M., Fouque P. A., and Pointcheval D., Password-Based Authenticated Key Exchange in the Three-Party Setting, In Vaudenay S., editor, PKC 2005:LNCS 3386, Berlin, Germany,2005, pp.65-84.
[130]Abdalla M. and Pointcheval D., Interactive Diffie-Hellman Assumptions with Appli-cations to Password-Based Authentication, In Patrick A. and Yung M., editors, Pro-ceedings of Financial Cryptography and Data Security-FC 2005:LNCS 3570,2005, pp.341-356.
[131]Abdalla M., Bohli J.-M., Vasco M. I. G., et al., (Password) Authenticated Key Es-tablishment:from 2-Party to Group, In Vadhan S. P., editor, TCC2007:LNCS 4392, 2007, pp.499-514.
[132]Lee S. M., Hwang J. Y., and Lee D. H., Efficient Password-Based Group Key Ex-change, In Proc. of Trust and Privacy in Digital Business-TrustBus 2004:LNCS 3184,2004, pp.191-199.
[2]Joux A., A One Round Protocol for Tripartite Diffie-Hellman, In Proc. of ANTS: LNCS 1838, Berlin, Germany,2000, pp.385-394.
[3]郑明辉,可证安全的组密钥协商协议研究[学位论文],华中科技大学,武汉,2008.
[4]Ingemarsson I., Tang D. T., and Wong C. K., A Conference Key Distribution System, IEEE Transactions on Information Theory,28 (5),1982, pp.714-720.
[5]Steinter M., Tsudik G., and Wainer M., Diffie-Hellman Key Distribution Extended to Group Communication, In Gong L., Stearn J., editors, Proc. of ACM CCS 1996, New York, NY, USA,1996, pp.31-37.
[6]Bresson E., Chevassut O., Pointcheval D., et al., Provably Authenticated Group Diffie-Hellman Key Exchange, In Reiter M. K., Samarati P., editors, Proc. of ACM CCS 2001, New York, NY, USA,2001, pp.255-264.
[7]Bresson E., Chevassut O., and Pointcheval D., Provably Authenticated Group Diffie-Hellman Key Exchange-The Dynamic Case, In Boyd C., editor, Proc. of ASIACRYPT 2001:LNCS 2248, Gold Coast, Queensland, Australia,2001, pp.290-309.
[8]Bresson E., Chevassut O., and Pointcheval D., Dynamic Group Diffie-Hellman Key Exchange under Standard Assumption, In Knudsen L. R., editor, Proc. of EU-ROCRYPT 2002:LNCS 2332, Amsterdam, The Netherlands,2002, pp.321-336.
[9]Kim Y., Perrig A., and Tsudik G., Tree-Based Group Key Agreement, ACM Trans-action on Information and System Security,7(1),2004, pp.60-96.
[10]Bellare M. and Rogaway P., Random Oracles are Practical:A Paradigm for Designing Efficient Protocols, In Proc. of ACM CCS 1993, New York, NY, USA,1993, pp.
[11]Bresson E. and Manulis M., Securing Group Key Exchange Against Strong Corrup-tions, In Proc. of the 2008 ACM symposium on Information, Computer and Commu-nications Security, Tokyo, Japan,2008, pp.249-260.
[12]Brecher T., Bresson E., and Manulis M., Fully Robust Tree-Diffie-Hellman Group Key Exchange, In Garay J. A., Miyaji A., Otsuka A., editors, Proc. of CANS 2009: LNCS 5888, Kanazawa, Ishikawa, Japan,2009, pp.478-497.
[13]Burmester M. and Desmedt Y., A Secure and Efficient Conference Key Distribution System, In Santic A. D., editor, EUROCRYPT 1994:LNCS 950, Berlin, Germany, 1995, pp.275-286.
[14]Burmester M. and Desmedt Y., A Secure and Scalable Group Key Exchange System, Information Processing Letters,94 (3),2005, pp.137-143.
[15]Katz J. and Yung M., Scalable Protocols for Authenticated Group Key Exchange, In Dan Boneh, editor, Proc. of CRYPTO 2003:LNCS 2729, Berlin, Germany,2003, pp. 110-125.
[16]Dutta R. and Barua R., Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting, IEEE Transactions on Information Theory,54 (5), 2008, pp.2007-2025.
[17]许立,《无线传感器网络的安全和优化》,北京:电子工业出版社,2010年
[18]Yu J. Y. and Chong P. H. J., A Survey of Clustering Schemes for Mobile Ad Hoc Networks, IEEE Communications Surveys and Tutorial,7 (1),2005, pp.32-48.
[19]Lin C. R. and Gerla M., Adaptive Clustering for Mobile Wireless Networks, IEEE Journal on Selected Areas in Communications,15 (7),1997, pp.1265-1275.
[20]Chinara S. and Rath S. K., A Survey on One-Hop Clustering Algorithms in Mobile Ad Hoc Networks, Journal of Networks System Manage,17,2009, pp.183-207.
[21]Klaoudatou E., Konstantinou E., Kambourakis G., et al., A Survey on Cluster-Based Group Key Agreement Protocols for WSNs, IEEE Communications Suiveys and Tu-torials,13 (3),2011, (in press).
[22]Shi H., He M., and Qin Z., Authenticated and Communication Efficient Group Key Agreement for Clustered Ad Hoc Networks, In Proc. of 5th International Conference on Cryptology and Network Security, Suzhou, China,2006, pp.73-89.
[23]Abdel-Hafez A., Miri A., and Orozco-Barbosa L., Scalable and Fault-tolerant Key Agreement Protocol for Dynamic Groups, International Journal of Network Manage-ment,16,2006, pp.185-201.
[24]Atenies G., Steiner M., and Tsudik G., New Multiparty Authentication Services and Key Agreement Protocols, IEEE Journal on Selected Areas in Communications,18 (4),2000, pp.628-639.
[25]Teo J. C. M. and Tan C. H., Denial-of-Service Resilience Password-Based Group Key Agreement for Wireless Networks, In Proc. of 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, Chania, Crete Island, Greece,2007, pp. 136-143.
[26]Hietalahti M., A Clustering-Based Group Key Agreement Protocol for Ad-Hoc Net-work, Electronic Notes in Theoretical Computer Science,192,2008, pp.43-53.
[27]Hietalahti M., Efficient Key Agreement for Ad-hoc Networks [Dissertation], Helsinki University of Technology, Espoo, Finland,2001.
[28]Dutta R. and Dowling T., Secure and Efficient Group Key Agreements for Cluster Based Networks, Transactions on Computational Science,4,2009, pp.87-116.
[29]Dutta R., Barua R., and Sarkar P., Provably Secure Authenticated Tree Based Group Key Agreement Protocol Using Paring, In Proc. of the 6th International Conference on Information and Communications Security, Malaga, Spain,2004, pp.92-104.
[30]Dutta R. and Dowling T., Provably Secure Hybrid Key Agreement Protocols in Cluster-based Wireless Ad Hoc Networks, Ad Hoc Networks,9,2011, pp.767-787.
[31]Bellovin S. M. and Merritt M., Encrypted Key Exchange:Password-Based Protocols Secure Against Dictionary Attacks, In Proc. of 1992 IEEE Symposium on Security and Privacy,1992, pp.72-84.
[32]Bellare M., Pointcheval D., and Rogaway P., Authenticated Key Exchange Secure Against Dictionary Attacks, In Proc. of EUROCRYPT 2000:LNCS 1807, Berlin, Ger-many,2000, pp.139-155.
[33]Bellare M. and Rogaway P., Entity Authentication and Key Distribution, In Proc. of Crypto 1993:LNCS 773, Berlin, Germany,1993, pp.232-249.
[34]Bellare M. and Rogaway P., Provably Secure Session Key Distribution:The Three Party Case, In Proc. of STOC 1995, New York, USA,1995, pp.57-66.
[35]Boyko V., MacKenzie P. D., and Patel S., Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman, In Proc. of EUROCRYPT 2000:LNCS 1807, Berlin, Germany,2000, pp.156-171.
[36]Shoup V., On Formal Models for Secure Key Exchange, Technical Report RZ 3120, IBM,1999.
[37]Katz J., Ostrovsky R.,, et al., Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, In Proc. of EUROCRYPT 2001:LNCS 2045, Berlin, Germany,2001, pp.475-494.
[38]Gennaro R. and Lindell Y., A Framework for Password-Based Authenticated Key Exchange, In Biham E., editor, EUROCRYPT 2003:LNCS 2656, Berlin, Germany, 2003, pp.524-543.
[39]Cramer R. and Shoup V., Universal Hash Proofs and A Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption, In Lars Knudsen, editor, Proc. of EURO-CRYPT 2002:LNCS 2332, Berlin, Germany,2002, pp.45-64.
[40]Canetti R., Halevi S., Katz J., et al., Universally Composable Password-Based Key Exchange, In Proc. of EUROCRYPT 2005:LNCS 3494,2005, pp.404-421.
[41]Canetti R., Universally Composable Security:A New Paradigm for Cryptographic Protocols, In Proc. of 42nd FOCS,2001, pp.136-145.
[42]Bresson E., Chevassut O., and Pointcheval D., Security Proofs for an Efficient Password-Based Key Exchange, In Proc. of ACM CCS 2003, Washington, DC, USA, 2003, pp.241-250.
[43]Abdalla M. and Pointcheval D., Simple Password-Based Encrypted Key Exchange Protocols, In CT-RSA 2005:LNCS 3376, Berlin, Germany,2005, pp.191-208.
[44]MacKenzie P. D., The PAK Suite:Protocols for Password-Authenticated Key Ex-change, Contributions to IEEE P1363.2,2002.
[45]Gentry C., MacKenzie P., and Ramzan Z., A Method for Making Password-based Key Exchange Resilient to Server Compromise, In Proc. of CRYPTO 2006:LNCS 4117, Berlin, Germany,2006, pp.142-159.
[46]Bohli J.-M., Vasco M. I. G., and Steinwandt R., Password-Authenticated Constant-Round Group Key Establishment with a Common Reference String, Cryptology ePrint Archive, Report 2006/214,2006.
[47]Shannon C., Communication theory of secrecy systems, Bell Systems Technical Jour-nal,28 (4),1949, pp.656-715.
[48]Katz J., Ostrovsky R., and Yung M., Efficient and Secure Authenticated Key Ex-change Using Weak Passwords, Journal of the ACM,57 (1),2009.
[49]Abdalla M. and Pointcheval D., A Scalable Password-Based Group Key Exchange Protocol in the Stand Model, In Proc. of ASIACRYPT 2006,2006, pp.332-347.
[50]Abdalla M., Catalano D., Chevalier C., et al., Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework, In CT-RSA 2008:LNCS 4964,2008, pp.335-351.
[51]Liskov M., Rivest R. L., and Wagner D., Tweakable Block Ciphers, In Proc. of CRYPTO 2002:LNCS 2442, Berlin, Germany,2002, pp.31-46.
[52]Michel Abdalla D. C., Chevalier C., and Pointcheval D., Password-Authenticated Group Key Agreement with Adaptive Security and Contributiveness, In Preneel B., editor, AFRICACRYPT 2009:LNCS 5580,2009, pp.254-271.
[53]Abdalla M., Bresson E., Chevassut O., et al., Password-Based Group Key Exchange in a Constant Number of Rounds, In Yung M., Dodis Y., Kiayias A., and Malkin T., editors, PKC 2006:LNCS 3958,2006, pp.427-442.
[54]Bresson E., Chevassut O., and Pointcheval D., Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks, In Proc. of ASIACRYPT 2002:LNCS 2501,2002, pp.497-514.
[55]Dutta R. and Barua R., Password-Based Encrypted Group Key Agreement, Interna-tional Journal of Network Security,3 (1),2006, pp.23-34.
[56]McDonald A. B. and Znati T. F., Design and Performance of a Distributed Dynam-ic Clustering Algorithm for Ad-Hoc Networks, In Proc. of 34th Annual Simulation Symp.,2001, pp.27-35.
[57]Ohta T., Inoue S., and Kakuda Y., An Adaptive Multihop Clustering Scheme for Highly Mobile Ad Hoc Networks, In Proc. of ISADS 2003,2003., pp.293-300
[58]Nocetti F. G. and Gonzalez J. S., Connectivity Based k-Hop Clustering in Wireless Networks, Telecommunication Systems,22 (1),2003, pp.205-220.
[59]金海旻,可认证密钥交换研究[学位论文],中国科学技术大学,合肥,2010.
[60]黄海,认证密钥交换协议及其安全模型的研究[学位论文],上海交通大学,上海,2009.
[61]Lee S., Kim Y., Kim K., et al., An Efficient Tree-Based Group Key Agreement Using Bilinear Maps, In Proc. of ACNS 2003:LNCS 2846,2003, pp.357-371.
[62]Dutta R., Barua R., and Sarkar P., Pairing-Based Cryptographic Protocols:A Survey, Cryptology ePrint Archive, Report 2004/064,2004.
[63]Sui A. F., Yang Y. X., Niu X. X., et al., Research on the Authenticated Key Agreement Protocol Based on Elliptic Curve Cryptography, Jounal of Beijing University of Posts and Telecommunications,24 (3),2004, pp.28-32.
[64]冯登国等编著,《信息安全中的数学方法与技术》,清华大学出版社,2009年
[65]阮传概,孙伟等编著,《近世代数及其应用》,北京邮电大学出版社,2001年
[66]赵建杰,认证密钥协商协议的分析与设计[学位论文],上海交通大学,上海,2010.
[67]胡学先,标准模型下口令认证密钥交换协议的分析与设计[学位论文],解放军信息工程大学,郑州,2010.
[68]Choo K. K. R., Key establishment:proofs and refutations [Dissertation], Queensland University of Technology, Queensland,Australia,2006.
[69]Manulis M., Survey on Security Requirements and Models for Group Key Exchange, Cryptology ePrint Archive, Report 2006/388,2006.
[70]Manulis M., Provably Secure Group Key Exchange [Dissertation], Ruhr University, Bochum, Germany,2007.
[71]李国民,群密钥协商协议的分析与设计[学位论文],西南交通大学,成都,2008.
[72]Yacobi Y. and Shmuely Z., On Key Distribution Systems, In Proc. of CRYPTO 1989: LNCS 435, Berlin, Germany,1989, pp.344-355.
[73]Steiner M., Secure Group Key Agreement [Dissertation], Saarland University,2002.
[74]Choi K. Y., Hwang J. Y., and Lee D. H., Efficient ID-based Group Key Agreement with Bilinear Maps, In Proc. of PKC 2004:LNCS 2947, Berlin, Germany,2004, pp. 130-144.
[75]Manulis M., Contributory Group Key Agreement Protocols, In Proc. of MASS 2005, 2005, pp.811-818.
[76]Steiner M., Tsudik G., and Waidner M., Cliques:A New Approach to Group Key Agreement, In Proc. of IEEE Conference on Distributed Computing Systems,1998, pp.380-391.
[77]Ateniese G., Steiner M., and Tsudik G., Authentieated Group Key Agreement and Friends, In Proc. of CCS 1998,1998, pp.17-26.
[78]Steer D. G., Strawczynski L., Diffie W., et al., A Secure Audio Teleconference System, In Proc. of CRYPTO 1988:LNCS 403, Berlin, Germany,1990, pp.520-528.
[79]Perrig A., Efficient Collabrative Key Management Protocols for Secure Autonomous Group Communication, In Proc. of the International Workshop on Cryptographic Tech-niques and Electronic Commerce 1999, Hong Kong, China,1999, pp.192-202.
[80]Kim Y., Perrig A., and Tsudik G., Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups, In Proc. of CCS 2000, New York, USA,2000, pp. 235-244.
[81]Dutta R., Barua R., and Sarkar P., Extending Joux's Protocol to Multi Party Key Agreement, In Proc. of INDOCRYPT 2003:LNCS 2904, Berlin, Germany,2003, pp. 205-217.
[82]Papadimitriou C. H. and Steiglizt K., Combinatorial Optimization:Algorithms and Complexity,2nd Edition, Dover Publications, INC.,2002
[83]Goldwasse S. and Micali S., Probabilitic Encryption and How to Play Mental Poker Keeping Secret All Partial Information, In Proc. of STOC 1982, New York, USA, 1982,pp.365-377.
[84]Wegman M. N. and Carter J. L., New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences,22 (8),1981, pp.265-279.
[85]Maurer U., Information-Theoretically Secure Secret-Key Agreement by NOT Au-thenticated Public Discussion, In Proc. of EUROCRYPT 1997:LNCS 1233, Berlin,Germany,1997, pp.209-225.
[86]Maurer U., Towards Characterizing when Information-Theoretic Key Agreement is Possible, In Proc. of ASIACRYPT 1996:LNCS 1163, Berlin.Germany,1996, pp.196-209.
[87]Shoup V., Sequences of Games:A Tool for Taming Complexity in Security Proofs, Cryptology ePrint Archive, Report 2004/332,2004.
[88]Goldreich O., Micali S., and Wigderson A., How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority, In Proc. of STOC 1987, New York, USA,1987, pp.218-229.
[89]Dolev D. and Yao A. C.-C., On the security of Public Key Protocols, IEEE Transac-tions on Information Theory,29 (2),1983, pp.198-207.
[90]Abadi M. and Gordon A. D., A Calculus for Cryptographic Protocols:The Spi Calcu-lus, In Proc. of CCS 1997, New York, USA,1997, pp.36-47.
[91]Burrows M., Abadi M., and Needham R., A Logic of Authentication, DEC Systems Research Center, Technical Report 39,1989.
[92]Fabrega F., Herzog J., and Guttman J., Strand Spaces:Why Is a Security Protocol Correct?, In Proc. of IEEE Symposium on Security and Privacy 1998,1998, pp.160-171.
[93]Kemmeter R. A., Meadows C., and Millen J. K., Three Systems for Cryptographic Protocol Analysis, Journal of Cryptology,7 (2),1994, pp.79-130.
[94]Meadows C., Formal Verification of Cryptographic Protocols:A Survey, In Proc. of ASIACRYPT 1994:LNCS 917, Berlin, Germany,1994, pp.135-150.
[95]Abadi M. and Rogaway P., Reconciling Two Views of Cryptography (The Compu-tational Soundness of Formal Encryption), Journal of Cryptology,15 (2),2002, pp. 103-127.
[96]龚征,随机预言机模型下可证明安全性关键问题研究[学位论文],上海交通大学,上海,2008.
[97]Bellare M., Boldyreva A., and Palacio A., An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem, In Proc. of EUROCRYPTO 2004:LNCS 3027, Berlin, Germany,2004, pp.171-188.
[98]Canetti R., Goldreich O., and Halevi S., The Random Oracle Methodology, Revisted, Journal of the ACM,51 (4),2004, pp.557-594.
[99]Nielsen J. B., Separating Random Oracle Proofs from Complexity Theoretic Proof-s: The Non-committing Encryption Case, In Proc. of CRYPTO 2002:LNCS 2442, Berlin, Germany,2002, pp.111-126.
[100]Coron J., Patarin J., and Seurin Y., The random oracle and the ideal cipher model are equivalent, In Proc. of CRYPTO 2008, Berlin, Germany,2008, pp.1-20.
[101]Black J., The Ideal-Cipher Model, Revisited:An Uninstantiable Blockcipher-Based Hash Function, Cryptology ePrint Archive, Report 2005/210,2005.
[102]Katz J. and Shin J. S., Modeling Insider Attacks on Group Key-Exchange Protocols, In Proc. of CCS 2005, New York, USA,2005, pp.180-189.
[103]Bresson E. and Manulis M., Malicious Participants in Group key Exchange-Key Con-trol and Contributiveness in the Shadow of Trust, In Xiao B., Yang L. T, Ma J., Muller-Schloer C. and Hua Y, editors, Proc. of ATC 2007:LNCS 4610, Hong-Kong, China, 2007, pp.395-409.
[104]Bresson E., Manulis M., and Schwenk J., On Security Models and Compilers for Group Key Exchange Protocols, In Miyaji A., Kikuchi H. and Rannenberg K., editors, Proc. of IWSEC 2007:LNCS 4752, Nara, Japan,2007, pp.292-307.
[105]Bresson E. and Manulis M., Securing Group Key Exchange against Strong Corrup-tions and Key Registration Attacks, In Abe M., Gligor V., editors, Proc. of ASIACCS 2008, New York, NY, USA,2008, pp.249-260.
[106]Canetti R., Security and Composition of Multiparty Crypgographic Protocols, Journal of Cryptology,13(1),2000, pp.143-202.
[107]Pfitzmann B. and Waidner M., Composition and Integrity Preservation of Secure Re-active Systems, In Proc. of ACM Conference on Computer and Communications Se-curity(CCS'00), New York, USA,2000, pp.245-254.
[108]Bellare M., Canetti R., and Krawczyk H., A Modular Approach to the Design and Analysis of Authentication and Key Exchange Piotocols(Extended Abstrack), In Proc. of STOC 1998, New York, USA,1998, pp.419-428.
[109]Canetti R. and Krawczyk H., Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, In Proc. of EUROCRYPT 2001, Berlin, Germany,2001, pp.453-474.
[110]Kim H. J., Lee S. M., and Lee D. H., Constant-Round Authenticated Group Key Exchange for Dynamic Groups, In Proc. of ASIACRYPT 2004:LNCS 3329, Berlin, Germany,2004, pp.245-259.
[111]Goldwasser S. and Micali S., Probabilistic Encryption, Journal of Computer and Sys-tem Sciences,28 (2),1984, pp.270-299.
[112]Dutta R. and Barua R., Constant Round Dynamic Group Key Agreement, In Proc. of ISC 2005:LNCS 3650, Berlin, Germany,2005, pp.74-88.
[113]Dutta R. and Barua R., Dynamic Group Key Agreement in Tree-Based Setting, In Proc. of ACISP 2005:LNCS 3574, Berlin, Germany,2005, pp.101-112.
[114]谷利泽,郑世慧,杨义先等编著,《现代密码学教程》,北京邮电大学出版社,2009年
[115]Bresson E.,Chevassut O., and Pointcheval D., A Security Solution for IEEE 802.11 s Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange, International Journal on Wireless and Mobile Computing,2 (1),2007, pp.4-13.
[116]Augot D., Bhaskar R., Issarny V., et al., A Three Round Authenticated Group Key Agreement Protocol for Ad hoc Networks, Pervasive and Mobile Computing,3(1), 2007, pp.36-52.
[117]Yao G., Ren K., Bao F., et al., Making the Key Agreement Protocol in Mobile Ad Hoc Network More Efficient, In Proc. of ACNS 2003:LNCS 2846,2003, pp.343-356.
[118]Steinter M., Tsudik G., and Waidner M., Key Agreement in Dynamic Peer Groups, IEEE Transactions on Parallel and Distributed Systems,11 (8),2000, pp.769-780.
[119]Teo J. C. M. and Tan C. H., Energy-Efficient and Scalable Group Key Agreement for Large Ad Hoc Networks, In Proc. of PE-WASUN, Montreal, Quebec, Canada,2005, pp.114-121.
[120]Joux A., A One Round Protocol for Tripartite Diffie-Hellman, Journal of Cryptology, 17(4),2004, pp.263-276.
[121]Boneh D., Shacham H., and Lynn B., Short Signatures from the Weil Pairing, Journal of Cryptology,17 (4),2004, pp.297-319.
[122]Erciyes K., Dagdeviren O., Cokuslu D., et al., Graph Theoretic Clustering Algo-rithms in Mobile Ad Hoc Networks and Wireless Sensor Networks-Survey, Applied Computational Mathematics,6 (2),2007, pp.162-180.
[123]Abdalla M., Bellare M., and Rogaway P., DHIES:An Encryption Scheme Based on the Diffie-Hellman Problem, In Proc. of CT-RSA:LNCS 2020, Berlin, Germany, 2001, pp.143-158.
[124]Wu J. and Li H., On Calculating Connected Dominating Set for Efficient Routing in Ad Hoc Wireless Networks, In Proc. of the 3rd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications,1999, pp.7-14.
[125]Jayakumar R., Analysis and Study of A Spanning Tree Enumeration Algorithm, In Proc. of Combinatorics and Graph Theory:Lecture Notes in Mathematics 885, Berlin, Germany,1981, pp.284-289.
[126]Carman D. W., Kruus P. S., and Matt B. J., Constraints and Approaches for Dis-tributed Sensor Network Security, NAI Labs Technical Report No.00-010, September 2000.
[127]Savvides A., Park S., and Srivastava M. B., On Modeling Networks of Wireless Microsensors, In Proc. of SIGMETRICS 2001, Cambridge, MA, USA,2001, pp.318-319.
[128]Hodjat A. and Verbauwhede I., The Energy Cost of Secrets in Ad-hoc Networks, In Proc. of IEEE CAS Workshop on Wireless Communications and Networking,2002.
[129]Abdalla M., Fouque P. A., and Pointcheval D., Password-Based Authenticated Key Exchange in the Three-Party Setting, In Vaudenay S., editor, PKC 2005:LNCS 3386, Berlin, Germany,2005, pp.65-84.
[130]Abdalla M. and Pointcheval D., Interactive Diffie-Hellman Assumptions with Appli-cations to Password-Based Authentication, In Patrick A. and Yung M., editors, Pro-ceedings of Financial Cryptography and Data Security-FC 2005:LNCS 3570,2005, pp.341-356.
[131]Abdalla M., Bohli J.-M., Vasco M. I. G., et al., (Password) Authenticated Key Es-tablishment:from 2-Party to Group, In Vadhan S. P., editor, TCC2007:LNCS 4392, 2007, pp.499-514.
[132]Lee S. M., Hwang J. Y., and Lee D. H., Efficient Password-Based Group Key Ex-change, In Proc. of Trust and Privacy in Digital Business-TrustBus 2004:LNCS 3184,2004, pp.191-199.