面向融合的移动通信网络安全关键技术研究
|
摘要
摘要
固定移动融合(Fix Mobile Convergence,FMC)体系框架下的移动通信网络提供了更多的对外接口,网络具有了充分的开放性,原有体系的不安全因素完全暴露并成为重要的安全威胁。同时,随着全IP技术的引入,固定网络中的一些安全威胁和漏洞也被引入到移动通信网络中。因此,融合环境下移动通信网络所面临的安全威胁更加复杂多样。
现有移动通信网络安全技术不能应对融合带来的挑战,IP网络安全技术也不适用于资源受限的移动通信网络。由于融合环境中移动通信网络安全威胁的特殊性、复杂性,探索适合移动通信网络的安全防护技术和解决方案具有重要的理论意义和应用价值。
本文在全面分析移动通信网络安全威胁,深入研究可信计算技术、下一代信令(Next Step in Signaling, NSIS)技术的基础上,重点开展了可信计算技术、下一代信令技术(NSIS)在移动终端、无线接入网以及核心网安全防护中的应用研究,主要工作及结论包括:
(1)可信计算模型的形式化分析方法
提出了基于模糊集合的感性信任分析方法,基于谓词逻辑和条件谓词逻辑的理性信任分析方法。利用提出的方法对可信计算平台安全引导模型进行了形式化分析,结果表明,利用这些方法能够简洁、准确地评估可信计算系统的可信性,发现可信计算模型的安全漏洞,提出的方法为可信计算形式化分析提供了有效的手段。
(2)基于可信计算的融合网络移动终端和可信无线接入方案
提出了基于可信计算的融合网络移动终端和可信无线接入方案,并利用提出的形式化分析方法证明了方案的正确性。方案不仅能检验移动终端和网络身份的合法性,而且能够检验终端的可信状态,阻止不安全终端接入UMTS网络,从源头上保障了移动通信网络的安全。基于硬件的可信计算技术为资源受限的移动通信网络提供了简洁、有效的安全问题解决方案。
(3)基于NSIS的网络管理、访问控制信令协议的设计、验证和分析
提出了基于NSIS的网络管理应用层信令协议和基于NSIS的通用访问控制应用层信令协议,并对协议的逻辑正确性和性能进行了验证分析。将NSIS信令机制引入到融合网络的控制管理中,保障了控制管理信息的安全、可靠传输,为融合环境下移动通信网络控制管理提供了新的手段。
(4)基于NSIS的第三代移动通信(3G)核心网动态安全防御系统
提出了NSIS框架下的UMTS核心网动态防御系统。系统基于多源安全信息的融合和聚类分析,发现攻击并通过NSIS通用访问控制信令协议动态阻止针对核心网的攻击。NSIS信令技术的引入,解决了目前动态防御系统联动协议存在的通用性问题,保障了控制信息安全、可靠地传输。实验分析结果表明系统能够有效地防御针对核心网的攻击。
本文的主要研究工作受到了国家自然科学基金,国家高技术研究发展计划的资金资助,相关工作及结论已经应用到实际的原型系统及产品开发中。
More external interfaces are provided by mobile communication network in the framework of fixed mobile convergence (FMC), which has the characteristics of sufficient opening. The insecurity factors of mobile system completely exposed as major security threats. At the same time, a number of security threats and vulnerabilities in fixed network have been inherited into mobile communication network for the introduced of all-IP technology. In general, security threats faced by mobile communication network become more complicated and various.
The existing security technologies of mobile network can not cope with the challenges of convergence, security technology of IP network is not quite fit the resource-constrained mobile network. The security threats of mobile network in convergence environment are unique and complex. Therefore, it has important theoretical and practical meaning to research appropriate security technologies and solutions for mobile network.
The technologies of trusted computing and next steps in signaling are studied firstly. On analyzing security threats of terminals, radio access network and core network in converged network, trusted computing and NSIS based security protection for converged network is proposed. A number of important conclusions and results are obtained, which including.
(1) The formal analysis methods of trusted computing models
Formal analysis method for the emotional trust based on fuzzy set, formal analysis methods for the rational trust based on predicate logic and condition predicate logic were proposed after comprehensively studying the technologies of trusted computing. Trusted computing models were analyzed with the proposed methods. Analyzing results show that trusted computing system can be precisely, correctively analyzed and the vulnerabilities can be found with the proposed formal analysis methods. The effective way is provided for formalizing trusted computing with the proposed methods.
(2)Secure schemes of mobile terminal and radio access network based on trusted computing
The schemes that trusted mobile terminal and trusted access are proposed based on trusted computing. With the proposed schemes, not only the authentication of mobile user and network is concerned about, but the health status of mobile platforms is verified. The insecure terminals were prevented form accessing UMTS network, which can protect network security from the source. New solution to security problems in convergence network is provided with the introduction of trusted computing.
(3) Designing, validating the NSIS based application signaling protocol for access control and network management
Signaling protocols for access control and network management are proposed respectively based on the NSIS technology, and logic correctness and performance of the protocols are analyzed. The results show that the introduction of NSIS signaling mechanism in convergence network can ensure the security and reliability of the signaling information transmission, which provides new ideas and methods of network control and management in convergence network. New solution to security problem in convergence network is proposed with the introduction of trusted computing.
(4) NSIS based dynamic defensive system in 3G core network
NSIS based dynamic defensive system in UMTS core network are proposed. Technologies of multi-source information integration and cluster analysis are taken in defensive system, and attacks against core network are detected and prevented real time with NSIS control signaling protocol. The problems of existed linkage protocols are resolved based on NSIS signaling mechanism introduced, and signaling information is transported securely and reliably. The attacks to core network are effectively resisted.
This research is partly supported by the national science funds of China under Grant Nos. 60602061, and the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z413. The work and conclusions have been applied to the actual prototype system and product development.
固定移动融合(Fix Mobile Convergence,FMC)体系框架下的移动通信网络提供了更多的对外接口,网络具有了充分的开放性,原有体系的不安全因素完全暴露并成为重要的安全威胁。同时,随着全IP技术的引入,固定网络中的一些安全威胁和漏洞也被引入到移动通信网络中。因此,融合环境下移动通信网络所面临的安全威胁更加复杂多样。
现有移动通信网络安全技术不能应对融合带来的挑战,IP网络安全技术也不适用于资源受限的移动通信网络。由于融合环境中移动通信网络安全威胁的特殊性、复杂性,探索适合移动通信网络的安全防护技术和解决方案具有重要的理论意义和应用价值。
本文在全面分析移动通信网络安全威胁,深入研究可信计算技术、下一代信令(Next Step in Signaling, NSIS)技术的基础上,重点开展了可信计算技术、下一代信令技术(NSIS)在移动终端、无线接入网以及核心网安全防护中的应用研究,主要工作及结论包括:
(1)可信计算模型的形式化分析方法
提出了基于模糊集合的感性信任分析方法,基于谓词逻辑和条件谓词逻辑的理性信任分析方法。利用提出的方法对可信计算平台安全引导模型进行了形式化分析,结果表明,利用这些方法能够简洁、准确地评估可信计算系统的可信性,发现可信计算模型的安全漏洞,提出的方法为可信计算形式化分析提供了有效的手段。
(2)基于可信计算的融合网络移动终端和可信无线接入方案
提出了基于可信计算的融合网络移动终端和可信无线接入方案,并利用提出的形式化分析方法证明了方案的正确性。方案不仅能检验移动终端和网络身份的合法性,而且能够检验终端的可信状态,阻止不安全终端接入UMTS网络,从源头上保障了移动通信网络的安全。基于硬件的可信计算技术为资源受限的移动通信网络提供了简洁、有效的安全问题解决方案。
(3)基于NSIS的网络管理、访问控制信令协议的设计、验证和分析
提出了基于NSIS的网络管理应用层信令协议和基于NSIS的通用访问控制应用层信令协议,并对协议的逻辑正确性和性能进行了验证分析。将NSIS信令机制引入到融合网络的控制管理中,保障了控制管理信息的安全、可靠传输,为融合环境下移动通信网络控制管理提供了新的手段。
(4)基于NSIS的第三代移动通信(3G)核心网动态安全防御系统
提出了NSIS框架下的UMTS核心网动态防御系统。系统基于多源安全信息的融合和聚类分析,发现攻击并通过NSIS通用访问控制信令协议动态阻止针对核心网的攻击。NSIS信令技术的引入,解决了目前动态防御系统联动协议存在的通用性问题,保障了控制信息安全、可靠地传输。实验分析结果表明系统能够有效地防御针对核心网的攻击。
本文的主要研究工作受到了国家自然科学基金,国家高技术研究发展计划的资金资助,相关工作及结论已经应用到实际的原型系统及产品开发中。
More external interfaces are provided by mobile communication network in the framework of fixed mobile convergence (FMC), which has the characteristics of sufficient opening. The insecurity factors of mobile system completely exposed as major security threats. At the same time, a number of security threats and vulnerabilities in fixed network have been inherited into mobile communication network for the introduced of all-IP technology. In general, security threats faced by mobile communication network become more complicated and various.
The existing security technologies of mobile network can not cope with the challenges of convergence, security technology of IP network is not quite fit the resource-constrained mobile network. The security threats of mobile network in convergence environment are unique and complex. Therefore, it has important theoretical and practical meaning to research appropriate security technologies and solutions for mobile network.
The technologies of trusted computing and next steps in signaling are studied firstly. On analyzing security threats of terminals, radio access network and core network in converged network, trusted computing and NSIS based security protection for converged network is proposed. A number of important conclusions and results are obtained, which including.
(1) The formal analysis methods of trusted computing models
Formal analysis method for the emotional trust based on fuzzy set, formal analysis methods for the rational trust based on predicate logic and condition predicate logic were proposed after comprehensively studying the technologies of trusted computing. Trusted computing models were analyzed with the proposed methods. Analyzing results show that trusted computing system can be precisely, correctively analyzed and the vulnerabilities can be found with the proposed formal analysis methods. The effective way is provided for formalizing trusted computing with the proposed methods.
(2)Secure schemes of mobile terminal and radio access network based on trusted computing
The schemes that trusted mobile terminal and trusted access are proposed based on trusted computing. With the proposed schemes, not only the authentication of mobile user and network is concerned about, but the health status of mobile platforms is verified. The insecure terminals were prevented form accessing UMTS network, which can protect network security from the source. New solution to security problems in convergence network is provided with the introduction of trusted computing.
(3) Designing, validating the NSIS based application signaling protocol for access control and network management
Signaling protocols for access control and network management are proposed respectively based on the NSIS technology, and logic correctness and performance of the protocols are analyzed. The results show that the introduction of NSIS signaling mechanism in convergence network can ensure the security and reliability of the signaling information transmission, which provides new ideas and methods of network control and management in convergence network. New solution to security problem in convergence network is proposed with the introduction of trusted computing.
(4) NSIS based dynamic defensive system in 3G core network
NSIS based dynamic defensive system in UMTS core network are proposed. Technologies of multi-source information integration and cluster analysis are taken in defensive system, and attacks against core network are detected and prevented real time with NSIS control signaling protocol. The problems of existed linkage protocols are resolved based on NSIS signaling mechanism introduced, and signaling information is transported securely and reliably. The attacks to core network are effectively resisted.
This research is partly supported by the national science funds of China under Grant Nos. 60602061, and the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z413. The work and conclusions have been applied to the actual prototype system and product development.
引文
1.3GPP TS 23.228 v5.13.0:IP Multimedia Subsystem (IMS) [S].3GPP,2004.
2.3GPP TS 23.101 v3.0.1:General UMTS Architecture [S].3GPP,1999.
3.3GPP TS 23.101 v4.0.0:General UMTS Architecture[S].3GPP,2001.
4.3GPP TS 23.228 v6.1.0:IP Multimedia Subsystem (IMS) [S].3GPP,2004.
5.3GPP TS 23.228 v7.1.0:IP Multimedia Subsystem (IMS) [S].3GPP,2007.
6. Albauhg W.A. Wireless security is different [J]. IEEE Computer.2003,36(8):99-101.
7. Ravi S, Rahgunathna A, Chakiadhar S. Embedding security in wireless embedded systems [C]. In:Proc of 16th International Conference on VLSI Design, New Delhi, India. IEEE Computer Society 2003:269-270.
8. ESTI GSM 02.09. Digital cellular telecommunications system (phase 2+) (GSM); Security aspects [S]. ESTI GSM,1999.
9. ESTI GSM 03.20. Digital cellular telecommunications system (phase 2+) (GSM); Security related network functions [S]. ESTI GSM,2000.
10. ITU-R Rec M.687-2, International mobile telecommunications-2000 (IMT-2000) [S], ITU,1997.
11. ITU-R Rec M.1223, Evaluation of security mechanisms for IMT-2000 [S], ITU,1997.
12. Woo T, Yaocbi Y. Topics in wireless security [J]. IEEE Wireless Communications,2004, 11(1):6-7.
13. Miller S. K. Facing the Challenges of Wireless Security [J]. IEEE Computer,2001, 34(4):46-48.
14. Prabhat K, Arun L. Analysis and detection of computer viruses and worms:an annotated bibliography [J]. ACMSIGPLAN Notes,2002,37(2):29-35.
15. Cohen F. Computational Aspects of Computer Viruses [J]. Computers & Security, 1989(4):325-344.
16. Spafford EH. The Internet worm program:An analysis [R]. Technical Report, CSD-TR-823, West Lafayette:Department of Computer Science, Purdue University, 1988,1-29.
17. Philip L. Campbel. The Denial of Service Dance, IEEE Security & Privacy,2005, 6(3):34-40.
18.隋爱芬,杨义先.第三代移动通信系统的安全[J].世界电信,2003,29(5):35-39.
19. A.K.Ghosh, T.M.Swmainatha. Software security and privacy risks in mobile e-commerce [J]. Communications of the ACM.2001,44(2):52-57.
20. Chuanxiong Guo, Helen J. Wan, Wenwu Zhu. Smart phone attacks and defenses [EB/OL]. http://research.microsoft.com/-helew/papers/smartphone.pdf,2005.
21.3GPP TS 21.133 V4.1.0:Security Threats and Requirements[S].3GPP,2004.
22.3GPP TS 33.120:Security Principles and objectives [S].3GPP,1999.
23.3GPP TS 33.102 v5.7.0:Security architecture [S].3GPP,2003.
24.3GPP TS 33.919 v6.2.0:Generic Authentication Architecture (GAA):System Description [S].3GPP,2005.
25.3GPP TS 33.102 v1.1.0:Generic Authentication Architecture (GAA):Generic Bootstrapping Architecture [S].3GPP,2004.
26.3GPP TS 29.109 v5.7.0:Generic Authentication Architecture (GAA):Zh and Zn Interface based on the Diameter Protocol[S].3GPP,2006.
27.3GPP TS 33.105 v3.8.0:3G Security:Cryptographic Algorithm Requirements [S]. 3GPP,2001.
28.3GPP TS35.205. Specification of the MILENAGE Algorithm Set:An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1:General [S].2001.
29.3GPP TS35.206. Specification of the MILENAGE Algorithm Set:An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2:Algorithm Specification [S].2001.
30.3GPP TS 33.103:3G Security:Integration Guidelines [S].3GPP,1999.
31.3GPP TS 33.106:3G Security; Lawful Interception Requirements [S].3GPP,1999.
32.3GPP TS 33.107:3G Security; Lawful interception architecture and functions[S].3GPP, 2002.
33.3GPP TS 33.203 v7.5.0:3G Security; 3G security; Access security for IP-based Services [S].3GPP,2007.
34.3GPP TS33.210 v7.2.0. Network Domain Security:IP network layer security [S].3GPP, 2006.
35. Jain A. K, Lin Hong, Pankanti S. B. An identity authentication system using fingerprints[C]. Proceedings of the IEEE,1997,85(9):1365-1388.
36. Shaikh S.A. Dimitriadis C.K. Modeling a biometric authentication protocol for 3G mobile systems using CSP [C]. Proceedings of the IASTED International Conference on Communication, Network, and Information Security,2006,7-12.
37. Dimitriadis C.K., Polemi, D. Biometric-enabled authentication in 3G/WLAN systems [C]. Proceedings of the IEEE 39th International Carnahan Conference on Security Technology,2005,164-171.
38. Lee J. K., Ryu S. R., Yoo K. Y.. Fingerprint based remote user authentication scheme using smart cards[J]. Electronics Letters,2002,38(12):554-555
39. Lin C. H., Lai Y. Y.. A flexible biometrics remote user authentication scheme [J]. Computer Standards & Interfaces,2004,27(1):19-23.
40. Beller M.J., Chang L. F., Yacobi Y.. Privacy and authentication on a portable communications system [J]. IEEE Journal on Selected Areas in Communications,1993, 11 (6):821-829
41. Putz S., Schmitz R., Tonsing F.. Authentication schemes for third generation mobile radio systems [C]. Proceedings of the 9th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, Boston,1998,126-130.
42. EL-Fishway N., Tadros A.. On the design of authentication protocols for third generation mobile communication systems [C]. Proceedings of the 20th National Radio Science Conference,Cairo Egypt,2003, C24_1-C24_10.
43.郑宇,何大可,梅其祥.基于自验证公钥的3G移动通信系统认证方案[J].计算机学报,2005,28(8):1327-1332.
44.刘东苏,韦宝典,王新梅.改进的3G认证与密钥分配协议[J].通信学报,2002,23(5):119-12.
45. A. Prasad, H. Wang, P. Schoo. Infrastructure Security for Future Mobile Communications System[C]. Proceeding of WPMC 2003, Yokosuka, Japan,2003, 19-22.
46. K. Boman, G. Horn, P. Howard and V. NiemiL. UMTS security [J]. Electronics & Communication Engineering Journal,2002,14(5),191-204.
47. Gnter Schfer. Research Challenges in Security for Next Generation Mobile network [R]. Technische University Berlin, Department of Electrical Engineering and Computer Science, Germany,2004.
48. Hemant Sengar, Duminda Wijesekera, Sushil Jajodia. MTPSec:Customizable Secure MTP3 Tunnels in the SS7 Network [C]. Proceedings of IPDPS'05, Denver, Colorado, 2005,1-8.
49. Peter L, Martin L, Krzyszt P. Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches [J]. Lecture Notes in Computer Science, Vol 3970. Berlin:Springer-Verlag,2006,155-165.
50. Muhammad S, Shaoke W, Thomas M. Security Threats and Solutions for Application Server of IP Multimedia Subsystem (IMS-AS) [C]. Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation. Tuebingen, Germany,2006. 38-44.
51.何申.面向3G移动通信网络的安全框架研究[D].合肥,中国科学技术大学,2007.
52.朱红儒,肖国镇.基于整个网络的3G安全体制的设计与分析[J].通信学报,2002,23(4):117-122.
53.闻英友,陈书义,赵大哲,赵宏.3GPP框架下的UMTS核心网安全体系研究[J].计算机工程,2006,32(6):646-649.
54. Anderson J P. Computer Security Technology Planning Study [R]. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA:Technical Report ESDTR-73-51.1972
55. Department of Defense Computer Security Evaluation Center. Trusted Computer System Evaluation Criteria [S]. TCSEC,1982.
56. TCG. Trusted Computing Group [EB/OL]. https://www.trustedcomputinggroup.org/downloads/background_docs/TCG_Backgroun der_November_2004.pdf.2007.
57. TCG. TCPA Main Specification version 1.1b [EB/OL]. https://www.trustedcomputinggroup.org/specs/TPM/TCPA_Main_TCG_Architecture_v 1_1b.pdf.2008.
58. TCG. TPM Work Group [EB/OL]. https://www.trustedcomputinggroup.org/groups/tpm/. 2008.
59. Trusted Computing Group. TCG Trusted Network Connection Specification Version 1.1 [EB/OL]. https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_1_r2.pdf
60. Microsoft. Next-Generation Secure Computing Base home page [EB/OL]. http://www.microsoft.com/resources/ngscb,2007.
61. Intel. LaGrande Technology Architectural Overview [EB/OL]. http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf,2007.01
62. Alan Z. Coming soon to VMware, Microsoft, and Xen:AMD Virtualization Technology Solves Virtualization Challenges [EB/OL]. http://www.devx.com/amd/Article/30186, 2007.
63. 郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案[J].计算机学报,2006,29(8):1255-1264.
64. 余发江,张焕国.可信安全计算平台的一种实现[J].武汉大学学报,2004,50(1):069-075.
65. 张焕国,毋国庆,覃中平.一种新型安全计算机[J].武汉大学学报(理学版),2004,0(S1):1-6.
66. 张焕国,刘玉珍,余发江,等.一种新型嵌入式安全模块[J].武汉大学学报(理学版),2004,50(S1):7-11.
67. 林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758.
68. 林闯,任丰原.可信可控可扩展的新一代互联网[J].2004,15(12):1815-1821.
69. 张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
70. Jesang A. A Subjective Metric of Authentication [C]. Proceedings of the European Symposium on Research in Security (ESORICS'98), Louvain-la-Neuve, Belgium,1998: 329-344.
71. 李小勇,桂小林.大规模分布式环境下动态信任模型研究[J].软件学报,2007,18(6):1510-1521.
72. Beth T, Borcherding M, Klein B. Valuation of Trust in Open Network [C]. Proceedings of the European Symposium on Research in Security (ESORICS'94), Brighton, UK, 1994:3-18.
73. 唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报,2003,14(8):1401-1408.
74. 屈延文.软件行为学[M].北京:电子工业出版社,2004.
75. Patel J, Teacy W T, Luke, et al. A Probabilistic Trust Model for Handling Inaccurate Reputation Sources [C]. Proceedings of Trust Management Third International Conference (iTrust 2005), INRIA-Rocquencourt, France,2005:193-209
76. Abadi M, Wobber T. A Logical account of NGSCB [C]. Proceedings of Formal Techniques for Networked and Distributed Systems (FORTE 2004), Madrid, Spain, 2004:1-12
77. Maurer U. Modeling a public-key infrastructure [C]. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96), Roma, Italy,1996: 325-350
78. Hanane El Bakkali, Bahia Idrissi Kaitouni. Predicate calculus logic for the PKI trust model analysis [C]. Proceedings of IEEE International Symposium on Network Computing and Applications (NCA 2001), Cambridge. MA, USA,2001:368-371
79. Chen Shuyi, Wen Yingyou, Zhao Hong. Modeling Trusted Computing [J].Wuhan University Journal of Natural Sciences,2006, 11(6):1507-1510.
80. Brickell E, Camenisch J, Chen L. Direct anonymous attestation [C]. Proceedings of the 11th ACM Conference on Computer and Communications Security. Washington DC: The Association for Computing Machinery,2004,132--144.
81. Lofti Z. Fuzzy Sets [J]. Journal of Information and Control,1965,8(3):338-353.
82. 杨纶标,高英仪.模糊数学原理及应用[M].广州:华南理工大学出版社,2002.
83. Chen Shuyi, Wen Yingyou, Zhao Hong. Formal Analysis of Secure Bootstrap in Trusted Computing [C]. Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC 2007), Springer, LNCS,2007, vol.4610:352-360.
84. Trusted Computing Group. TCG Mobile Trusted Module Specification Version 1.0 [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-trusted-module-1.0.pdf.2007
85. Trusted Computing Group. TCG Mobile Reference Architecture Version 1.0 [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-archit ecture-1.0.pdf.2007
86. TMP. Trusted Mobile Platform Hardware Architecture Description [EB/OL]. http://www.trustedmobile.org/TMP_HWAD_rev1_00.pdf.2007
87. TMP. Trusted Mobile Platform Software Architecture Description [EB/OL]. http://www.trustedmobile.org/TMP_SWAD_rev1_00.pdf.2007
88. OMTP. Open Mobile Terminal Platform group [EB/OL]. http://www.omtp.org/wgs_recommendations.html#trusted.2007
89. Trusted Computing Group. TCG Mobile Reference Architecture Version 1.0. [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone,2006-09-12.
90.陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案研究[J].东北大学学报,2008,29(8):1096-1099.
91. Braden R, et al. Resource Reservation Protocol-Version 1 [S]. IETF RFC 2205,1997.
92. Berger, L. Omalley T. RSVP Extensions for IPSEC Data Flows [S]. RFC 2207,1997.
93. Terzis A, Krawczyk J, Wroclawski J, et al. RSVP Operation over IP Tunnels [S]. RFC 2746,2000.
94. Baker F, Lindell B, Talwar M. RSVP Cryptographic Authentication [S], RFC 2747, 2000.
95. Herzog S. RSVP Extensions for Policy Control [S]. RFC 2750,2000.
96. Berger L. Generalized Multi-Protocol Label Switching (GMPLS) Signaling Resource Reservation Protocol Traffic Engineering (RSVP-TE) Extensions [J]. RFC 3473,2003.
97. Moon B, Aghvami H. RSVP Extensions for Real-Time Services in Wireless Mobile network [J]. IEEE Communications Magazine,2001,39(12):52-59.
98. Miao Y, Hwang W, Shieh C. A Transparent Deployment Method of RSVP-aware Applications on UNIX [J]. Computer Networks,2002,40:45-56.
99. X Fu, Kappler C, Tschofenig H. Analysis on RSVP Regarding Multicast [R]. Technical Report No. IFI-TB-2002-001, ISSN 1611-1044, Institute for Informatics, University of Goettingen,2002.
100. ITU-T Recommendation. Packet based multimedia communication systems (H.323 V2) [S], ITU,1998.
101. Rosenberg J, Schulzrinne H, Camarillo G. SIP:Session Initiation Protocol [S]. RFC3261,2002.
102.张宇VoIP中若干关键技术的研究[D].杭州,浙江大学,2001.
103. Next Steps in Signaling [EB/OL]. http://www.ietf.org/html.charters/nsis-charter.html, 2008.
104. Hancock R, Karagiannis Q Loughney J. Next steps in signaling (NSIS):framework [S]. IETF RFC 4080,2005.
105. IETF Draft ietf-nsis-ntlp-15. GIST:general Internet signaling transport [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-ntlp-15,2008.
106. IETF Draft ietf-nsis-nslp-natfw-18. NAT/Firewall NSIS Signaling Layer Protocol (NSLP) [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-nslp-natfw-18,2008.
107. IETF Draft ietf-nsis-qos-nslp-16. NSLP for Quality-of-Service signaling [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-qos-nslp-16,2008.
108. IETF Draft draft-cordeiro-nsis-hypath. GIST Extension for Hybrid On-path Off-path Signaling (HyPath) [EB/OL]. http://www3.tools.ietf.org/html/draft-cordeiro-nsis-hypath-05,2008.
109. IETF Draft draft-bless-nsis-est-mrm-00. An Explicit Signaling Target Message Routing Method (EST-MRM) for the General Internet Signaling Transport (GIST) Protocol [EB/OL]. http://www3.tools.ietf.org/html/draft-bless-nsis-est-mrm-00,2007
110. Xiaoming F, Schulzrinne H, Bader A, et al. NSIS:A New Extensible IP Signaling Protocol Suite [J]. IEEE Communications Magazine,2005,43(10):133-141.
111. Xiaoming F, Tschofenig H, Hogrefe D. beyond QoS signaling:A new generic IP signaling framework [J]. Computer Networks,2006,50(17):3416-3433.
112. Luu T, Boukhatem N. Generic Signaling Service Protocol:State-management and Transport Mechanisms [C]. Proceedings-First International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks,2004:272-281.
113. Xiaoming F, Schulzrinn H, Tschofenig H, et al. Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol [C]. Proceedings of the 25th IEEE Conference on Computer Communications,2006:1-12.
114. Carmo M, Carvalho B, Silva S, et al. NSIS-based quality of service and resource allocation in Ethernet networks [C]. Proceedings of 4th International Conference, WWIC 2006. Lecture Notes in Computer Science Vol.3970,2006:132-142.
115. Bader A, Karagiannis G,Westberg L. QoS signaling across heterogeneous wired/wireless networks:resource management in DiffServ using the NSIS protocol suite [C]. Proceedings of 2nd International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks,2006:1-6.
116. Tsenov T, Tschofenig H, Xiaoming F, et al. Advanced authentication and authorization for quality of service signaling [C]. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks,2005:224-235.
117. Yan Xuying, Peng Jun, Zhang Wei, et al. NSIS-based resource reservation for NEMO [C]. Proceedings of the 26th Chinese Control Conference,2007:671-675.
118. Tschofenig H, Kroeselberg D. Security Threats for Next Steps in Signaling [S]. IETF RFC 4081,2005.
119. Tschofenig H, Xiaoming F. Securing the next steps in signaling (NSIS) protocol suite [J]. International Journal of Internet Protocol Technology,2006,4(1):271-282.
120. A. Fessi, G. Carle, F. Dressler, J. Quittek, C. Kappler. NSLP for Metering Configuration Signaling [EB/OL]. http://www3.tools.ietf.org/html/draft-dressler-nsis-metering-nslp-05, 2006.
121. Falko Dressler, Andreas Klenk, Cornelia Kappler. Path coupled Signaling for Dynamic Metering Configuration in IP Based Networks [C]. Proceedings of IFIP 2005 Networking and Electronic Commerce Research Conference,2005:388-399.
122.杨宗凯,王玉明.下一代移动互联网信令系统现状及展望[J].计算机科学,2005,32(6):1-5.
123.廖佩贞,方新球,张惠民.NSIS的研究与实现[J].现代电信科技,2006,5:26-30.
124. NSIS Suite version 0.5.0 [EB/OL]. http://user.informatik.uni-goettingen.de/-nsis/download.html,2008.
125. NSIS java implementation [EB/OL]. http://nsis.dei.uc.pt/,2008.
126. Brand, D., Zafiropulo, P. On communicating finite state machines [J]. Journal of the ACM,1983,30(2):323-342.
127. Saiedia H. An Introduction to Formal Methods. IEEE Computer,1996,29(4):16-30.
128.吴哲辉Petri网导论[M].北京:机械工业出版社,2006.
129. C.A. Petri. Kommunikation mit automaten [D]. Ph.D. Thesis, Univ. of Bonn, Germany, 1962.
130. IETF RFC 1157. A simple network management protocol (SNMP) [S]. IETF,1990.
131. ISO 9596/DAM 2. Information processing open system interconnection common management information protocol (CMIP) [S].1991.
132. S Gaglio, L Gatani, G Re. et al. A logical architecture for active network management [J]. Journal of Network and Systems Management,2006,14(1):127-146.
133. P Haggerty, K Seetharaman. Benefits of CORBA-based network management [J]. Communications of the ACM,1998,41(10):73-79.
134.王汝传,穆鸿,王海艳.构建基于移动代理的层次化的网络管理系统[J].南京邮电大学学报(自然科学版).2006,26(3):9-13.
135.张普含,孙玉芳.一种基于移动代理的网络管理系统及性能分析[J].软件学报,2002,13(11):2090-2098.
136. K Fall, K Varadhan. NS notes and documents [EB/OL]. http://www.isi.edu/nsnam/ns/ns-documentation.html,2008.
137. Fu Xiaoming, S Niklas, P Henning, et al. Implementation and performance study of a new NAT/Firewall signaling protocol [C]. Proceedings of the 26th International Conference on Distributed Computing Systems-Workshops, Lisboa, Portugal, IEEE Computer Society Press,2006.401-408
138. Rosenberg J, Weinberger J, Huitema C, et al. STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) [S]. RFC 3489 IETF,2003.
139. Rosenberg J, Mahy R, Hutiema C, et al. Traversal Using Relay NAT (TURN), draft-rosenberg-midcom-turn-08 [S]. IETF,2006.
140. Rosenberg J. Interactive Connectivity Establishment (ICE):A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols, draft-ietf-mmusic-ice-15 [S]. IETF,2007.
141. Pan Jian Li, Chen Shan Zhi. A Mobile IPv6 Firewall Traversal Scheme Integrating with AAA [C]. Proceedings of 2006 International Conference on Wireless Communications, Networking and Mobile Computing,2007,414-420.
142. Mihai Aurel. NAT/firewall traversal for SIP:Issues and solutions [C]. Proceedings of International Symposium on Signals, Circuits and Systems,2005,521-524.
143.王文奇.入侵检测与安全防御协同控制研究[D].西安,西北工业大学,2007.
144. Alan Bavosa. GPRS Security Threats and Solution Recommendations [R]. Technical Report:200074-002. Juniper Networks, Inc. Sunnyvale, USA.2004.
145.孙锦山.基于NSIS的网络安全动态防御系统的设计与实现[D].沈阳,东北大学, 2008.
146. Xenakis C, Merakos L. Vulnerabilities and possible attacks against the GPRS backbone network [C]. Proceedings of First International Workshop Critical Information Infrastructures Security (CRITIS 2006). Berlin, Germany, Springer, Lecture Notes in Computer Science Vol.4347,2006:262-272.
147. Gopal, R.L, Tat Chan, Ti-Shiang W. User plane firewall for 3G mobile network [C]. Proceedings of 2003 IEEE 58th Vehicular Technology Conference.2003:2117-2121.
148.彭雪娜.入侵检测中告警信息融合模型及攻击行为分析技术研究[D].沈阳,东北大学,2007.
149. Xuena Peng, Hong Zhao. An Attacker Centric Cyber Attack Behavior Analysis Technique [C]. Proceedings of the 9th International Conference on Advanced Communication Technology (ICACT'07), Phoenix Park, Korea,2007,2113-2117.
150. Ning P, et al., Techniques and tools for analyzing intrusion alerts [J]. ACM Transactions on Information and System Security (TISSEC),2004.7(2):274-318.
2.3GPP TS 23.101 v3.0.1:General UMTS Architecture [S].3GPP,1999.
3.3GPP TS 23.101 v4.0.0:General UMTS Architecture[S].3GPP,2001.
4.3GPP TS 23.228 v6.1.0:IP Multimedia Subsystem (IMS) [S].3GPP,2004.
5.3GPP TS 23.228 v7.1.0:IP Multimedia Subsystem (IMS) [S].3GPP,2007.
6. Albauhg W.A. Wireless security is different [J]. IEEE Computer.2003,36(8):99-101.
7. Ravi S, Rahgunathna A, Chakiadhar S. Embedding security in wireless embedded systems [C]. In:Proc of 16th International Conference on VLSI Design, New Delhi, India. IEEE Computer Society 2003:269-270.
8. ESTI GSM 02.09. Digital cellular telecommunications system (phase 2+) (GSM); Security aspects [S]. ESTI GSM,1999.
9. ESTI GSM 03.20. Digital cellular telecommunications system (phase 2+) (GSM); Security related network functions [S]. ESTI GSM,2000.
10. ITU-R Rec M.687-2, International mobile telecommunications-2000 (IMT-2000) [S], ITU,1997.
11. ITU-R Rec M.1223, Evaluation of security mechanisms for IMT-2000 [S], ITU,1997.
12. Woo T, Yaocbi Y. Topics in wireless security [J]. IEEE Wireless Communications,2004, 11(1):6-7.
13. Miller S. K. Facing the Challenges of Wireless Security [J]. IEEE Computer,2001, 34(4):46-48.
14. Prabhat K, Arun L. Analysis and detection of computer viruses and worms:an annotated bibliography [J]. ACMSIGPLAN Notes,2002,37(2):29-35.
15. Cohen F. Computational Aspects of Computer Viruses [J]. Computers & Security, 1989(4):325-344.
16. Spafford EH. The Internet worm program:An analysis [R]. Technical Report, CSD-TR-823, West Lafayette:Department of Computer Science, Purdue University, 1988,1-29.
17. Philip L. Campbel. The Denial of Service Dance, IEEE Security & Privacy,2005, 6(3):34-40.
18.隋爱芬,杨义先.第三代移动通信系统的安全[J].世界电信,2003,29(5):35-39.
19. A.K.Ghosh, T.M.Swmainatha. Software security and privacy risks in mobile e-commerce [J]. Communications of the ACM.2001,44(2):52-57.
20. Chuanxiong Guo, Helen J. Wan, Wenwu Zhu. Smart phone attacks and defenses [EB/OL]. http://research.microsoft.com/-helew/papers/smartphone.pdf,2005.
21.3GPP TS 21.133 V4.1.0:Security Threats and Requirements[S].3GPP,2004.
22.3GPP TS 33.120:Security Principles and objectives [S].3GPP,1999.
23.3GPP TS 33.102 v5.7.0:Security architecture [S].3GPP,2003.
24.3GPP TS 33.919 v6.2.0:Generic Authentication Architecture (GAA):System Description [S].3GPP,2005.
25.3GPP TS 33.102 v1.1.0:Generic Authentication Architecture (GAA):Generic Bootstrapping Architecture [S].3GPP,2004.
26.3GPP TS 29.109 v5.7.0:Generic Authentication Architecture (GAA):Zh and Zn Interface based on the Diameter Protocol[S].3GPP,2006.
27.3GPP TS 33.105 v3.8.0:3G Security:Cryptographic Algorithm Requirements [S]. 3GPP,2001.
28.3GPP TS35.205. Specification of the MILENAGE Algorithm Set:An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1:General [S].2001.
29.3GPP TS35.206. Specification of the MILENAGE Algorithm Set:An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2:Algorithm Specification [S].2001.
30.3GPP TS 33.103:3G Security:Integration Guidelines [S].3GPP,1999.
31.3GPP TS 33.106:3G Security; Lawful Interception Requirements [S].3GPP,1999.
32.3GPP TS 33.107:3G Security; Lawful interception architecture and functions[S].3GPP, 2002.
33.3GPP TS 33.203 v7.5.0:3G Security; 3G security; Access security for IP-based Services [S].3GPP,2007.
34.3GPP TS33.210 v7.2.0. Network Domain Security:IP network layer security [S].3GPP, 2006.
35. Jain A. K, Lin Hong, Pankanti S. B. An identity authentication system using fingerprints[C]. Proceedings of the IEEE,1997,85(9):1365-1388.
36. Shaikh S.A. Dimitriadis C.K. Modeling a biometric authentication protocol for 3G mobile systems using CSP [C]. Proceedings of the IASTED International Conference on Communication, Network, and Information Security,2006,7-12.
37. Dimitriadis C.K., Polemi, D. Biometric-enabled authentication in 3G/WLAN systems [C]. Proceedings of the IEEE 39th International Carnahan Conference on Security Technology,2005,164-171.
38. Lee J. K., Ryu S. R., Yoo K. Y.. Fingerprint based remote user authentication scheme using smart cards[J]. Electronics Letters,2002,38(12):554-555
39. Lin C. H., Lai Y. Y.. A flexible biometrics remote user authentication scheme [J]. Computer Standards & Interfaces,2004,27(1):19-23.
40. Beller M.J., Chang L. F., Yacobi Y.. Privacy and authentication on a portable communications system [J]. IEEE Journal on Selected Areas in Communications,1993, 11 (6):821-829
41. Putz S., Schmitz R., Tonsing F.. Authentication schemes for third generation mobile radio systems [C]. Proceedings of the 9th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, Boston,1998,126-130.
42. EL-Fishway N., Tadros A.. On the design of authentication protocols for third generation mobile communication systems [C]. Proceedings of the 20th National Radio Science Conference,Cairo Egypt,2003, C24_1-C24_10.
43.郑宇,何大可,梅其祥.基于自验证公钥的3G移动通信系统认证方案[J].计算机学报,2005,28(8):1327-1332.
44.刘东苏,韦宝典,王新梅.改进的3G认证与密钥分配协议[J].通信学报,2002,23(5):119-12.
45. A. Prasad, H. Wang, P. Schoo. Infrastructure Security for Future Mobile Communications System[C]. Proceeding of WPMC 2003, Yokosuka, Japan,2003, 19-22.
46. K. Boman, G. Horn, P. Howard and V. NiemiL. UMTS security [J]. Electronics & Communication Engineering Journal,2002,14(5),191-204.
47. Gnter Schfer. Research Challenges in Security for Next Generation Mobile network [R]. Technische University Berlin, Department of Electrical Engineering and Computer Science, Germany,2004.
48. Hemant Sengar, Duminda Wijesekera, Sushil Jajodia. MTPSec:Customizable Secure MTP3 Tunnels in the SS7 Network [C]. Proceedings of IPDPS'05, Denver, Colorado, 2005,1-8.
49. Peter L, Martin L, Krzyszt P. Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches [J]. Lecture Notes in Computer Science, Vol 3970. Berlin:Springer-Verlag,2006,155-165.
50. Muhammad S, Shaoke W, Thomas M. Security Threats and Solutions for Application Server of IP Multimedia Subsystem (IMS-AS) [C]. Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation. Tuebingen, Germany,2006. 38-44.
51.何申.面向3G移动通信网络的安全框架研究[D].合肥,中国科学技术大学,2007.
52.朱红儒,肖国镇.基于整个网络的3G安全体制的设计与分析[J].通信学报,2002,23(4):117-122.
53.闻英友,陈书义,赵大哲,赵宏.3GPP框架下的UMTS核心网安全体系研究[J].计算机工程,2006,32(6):646-649.
54. Anderson J P. Computer Security Technology Planning Study [R]. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA:Technical Report ESDTR-73-51.1972
55. Department of Defense Computer Security Evaluation Center. Trusted Computer System Evaluation Criteria [S]. TCSEC,1982.
56. TCG. Trusted Computing Group [EB/OL]. https://www.trustedcomputinggroup.org/downloads/background_docs/TCG_Backgroun der_November_2004.pdf.2007.
57. TCG. TCPA Main Specification version 1.1b [EB/OL]. https://www.trustedcomputinggroup.org/specs/TPM/TCPA_Main_TCG_Architecture_v 1_1b.pdf.2008.
58. TCG. TPM Work Group [EB/OL]. https://www.trustedcomputinggroup.org/groups/tpm/. 2008.
59. Trusted Computing Group. TCG Trusted Network Connection Specification Version 1.1 [EB/OL]. https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_1_r2.pdf
60. Microsoft. Next-Generation Secure Computing Base home page [EB/OL]. http://www.microsoft.com/resources/ngscb,2007.
61. Intel. LaGrande Technology Architectural Overview [EB/OL]. http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf,2007.01
62. Alan Z. Coming soon to VMware, Microsoft, and Xen:AMD Virtualization Technology Solves Virtualization Challenges [EB/OL]. http://www.devx.com/amd/Article/30186, 2007.
63. 郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案[J].计算机学报,2006,29(8):1255-1264.
64. 余发江,张焕国.可信安全计算平台的一种实现[J].武汉大学学报,2004,50(1):069-075.
65. 张焕国,毋国庆,覃中平.一种新型安全计算机[J].武汉大学学报(理学版),2004,0(S1):1-6.
66. 张焕国,刘玉珍,余发江,等.一种新型嵌入式安全模块[J].武汉大学学报(理学版),2004,50(S1):7-11.
67. 林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758.
68. 林闯,任丰原.可信可控可扩展的新一代互联网[J].2004,15(12):1815-1821.
69. 张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
70. Jesang A. A Subjective Metric of Authentication [C]. Proceedings of the European Symposium on Research in Security (ESORICS'98), Louvain-la-Neuve, Belgium,1998: 329-344.
71. 李小勇,桂小林.大规模分布式环境下动态信任模型研究[J].软件学报,2007,18(6):1510-1521.
72. Beth T, Borcherding M, Klein B. Valuation of Trust in Open Network [C]. Proceedings of the European Symposium on Research in Security (ESORICS'94), Brighton, UK, 1994:3-18.
73. 唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报,2003,14(8):1401-1408.
74. 屈延文.软件行为学[M].北京:电子工业出版社,2004.
75. Patel J, Teacy W T, Luke, et al. A Probabilistic Trust Model for Handling Inaccurate Reputation Sources [C]. Proceedings of Trust Management Third International Conference (iTrust 2005), INRIA-Rocquencourt, France,2005:193-209
76. Abadi M, Wobber T. A Logical account of NGSCB [C]. Proceedings of Formal Techniques for Networked and Distributed Systems (FORTE 2004), Madrid, Spain, 2004:1-12
77. Maurer U. Modeling a public-key infrastructure [C]. Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96), Roma, Italy,1996: 325-350
78. Hanane El Bakkali, Bahia Idrissi Kaitouni. Predicate calculus logic for the PKI trust model analysis [C]. Proceedings of IEEE International Symposium on Network Computing and Applications (NCA 2001), Cambridge. MA, USA,2001:368-371
79. Chen Shuyi, Wen Yingyou, Zhao Hong. Modeling Trusted Computing [J].Wuhan University Journal of Natural Sciences,2006, 11(6):1507-1510.
80. Brickell E, Camenisch J, Chen L. Direct anonymous attestation [C]. Proceedings of the 11th ACM Conference on Computer and Communications Security. Washington DC: The Association for Computing Machinery,2004,132--144.
81. Lofti Z. Fuzzy Sets [J]. Journal of Information and Control,1965,8(3):338-353.
82. 杨纶标,高英仪.模糊数学原理及应用[M].广州:华南理工大学出版社,2002.
83. Chen Shuyi, Wen Yingyou, Zhao Hong. Formal Analysis of Secure Bootstrap in Trusted Computing [C]. Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC 2007), Springer, LNCS,2007, vol.4610:352-360.
84. Trusted Computing Group. TCG Mobile Trusted Module Specification Version 1.0 [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-trusted-module-1.0.pdf.2007
85. Trusted Computing Group. TCG Mobile Reference Architecture Version 1.0 [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-archit ecture-1.0.pdf.2007
86. TMP. Trusted Mobile Platform Hardware Architecture Description [EB/OL]. http://www.trustedmobile.org/TMP_HWAD_rev1_00.pdf.2007
87. TMP. Trusted Mobile Platform Software Architecture Description [EB/OL]. http://www.trustedmobile.org/TMP_SWAD_rev1_00.pdf.2007
88. OMTP. Open Mobile Terminal Platform group [EB/OL]. http://www.omtp.org/wgs_recommendations.html#trusted.2007
89. Trusted Computing Group. TCG Mobile Reference Architecture Version 1.0. [EB/OL]. https://www.trustedcomputinggroup.org/specs/mobilephone,2006-09-12.
90.陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案研究[J].东北大学学报,2008,29(8):1096-1099.
91. Braden R, et al. Resource Reservation Protocol-Version 1 [S]. IETF RFC 2205,1997.
92. Berger, L. Omalley T. RSVP Extensions for IPSEC Data Flows [S]. RFC 2207,1997.
93. Terzis A, Krawczyk J, Wroclawski J, et al. RSVP Operation over IP Tunnels [S]. RFC 2746,2000.
94. Baker F, Lindell B, Talwar M. RSVP Cryptographic Authentication [S], RFC 2747, 2000.
95. Herzog S. RSVP Extensions for Policy Control [S]. RFC 2750,2000.
96. Berger L. Generalized Multi-Protocol Label Switching (GMPLS) Signaling Resource Reservation Protocol Traffic Engineering (RSVP-TE) Extensions [J]. RFC 3473,2003.
97. Moon B, Aghvami H. RSVP Extensions for Real-Time Services in Wireless Mobile network [J]. IEEE Communications Magazine,2001,39(12):52-59.
98. Miao Y, Hwang W, Shieh C. A Transparent Deployment Method of RSVP-aware Applications on UNIX [J]. Computer Networks,2002,40:45-56.
99. X Fu, Kappler C, Tschofenig H. Analysis on RSVP Regarding Multicast [R]. Technical Report No. IFI-TB-2002-001, ISSN 1611-1044, Institute for Informatics, University of Goettingen,2002.
100. ITU-T Recommendation. Packet based multimedia communication systems (H.323 V2) [S], ITU,1998.
101. Rosenberg J, Schulzrinne H, Camarillo G. SIP:Session Initiation Protocol [S]. RFC3261,2002.
102.张宇VoIP中若干关键技术的研究[D].杭州,浙江大学,2001.
103. Next Steps in Signaling [EB/OL]. http://www.ietf.org/html.charters/nsis-charter.html, 2008.
104. Hancock R, Karagiannis Q Loughney J. Next steps in signaling (NSIS):framework [S]. IETF RFC 4080,2005.
105. IETF Draft ietf-nsis-ntlp-15. GIST:general Internet signaling transport [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-ntlp-15,2008.
106. IETF Draft ietf-nsis-nslp-natfw-18. NAT/Firewall NSIS Signaling Layer Protocol (NSLP) [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-nslp-natfw-18,2008.
107. IETF Draft ietf-nsis-qos-nslp-16. NSLP for Quality-of-Service signaling [EB/OL]. http://www3.tools.ietf.org/html/draft-ietf-nsis-qos-nslp-16,2008.
108. IETF Draft draft-cordeiro-nsis-hypath. GIST Extension for Hybrid On-path Off-path Signaling (HyPath) [EB/OL]. http://www3.tools.ietf.org/html/draft-cordeiro-nsis-hypath-05,2008.
109. IETF Draft draft-bless-nsis-est-mrm-00. An Explicit Signaling Target Message Routing Method (EST-MRM) for the General Internet Signaling Transport (GIST) Protocol [EB/OL]. http://www3.tools.ietf.org/html/draft-bless-nsis-est-mrm-00,2007
110. Xiaoming F, Schulzrinne H, Bader A, et al. NSIS:A New Extensible IP Signaling Protocol Suite [J]. IEEE Communications Magazine,2005,43(10):133-141.
111. Xiaoming F, Tschofenig H, Hogrefe D. beyond QoS signaling:A new generic IP signaling framework [J]. Computer Networks,2006,50(17):3416-3433.
112. Luu T, Boukhatem N. Generic Signaling Service Protocol:State-management and Transport Mechanisms [C]. Proceedings-First International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks,2004:272-281.
113. Xiaoming F, Schulzrinn H, Tschofenig H, et al. Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol [C]. Proceedings of the 25th IEEE Conference on Computer Communications,2006:1-12.
114. Carmo M, Carvalho B, Silva S, et al. NSIS-based quality of service and resource allocation in Ethernet networks [C]. Proceedings of 4th International Conference, WWIC 2006. Lecture Notes in Computer Science Vol.3970,2006:132-142.
115. Bader A, Karagiannis G,Westberg L. QoS signaling across heterogeneous wired/wireless networks:resource management in DiffServ using the NSIS protocol suite [C]. Proceedings of 2nd International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks,2006:1-6.
116. Tsenov T, Tschofenig H, Xiaoming F, et al. Advanced authentication and authorization for quality of service signaling [C]. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks,2005:224-235.
117. Yan Xuying, Peng Jun, Zhang Wei, et al. NSIS-based resource reservation for NEMO [C]. Proceedings of the 26th Chinese Control Conference,2007:671-675.
118. Tschofenig H, Kroeselberg D. Security Threats for Next Steps in Signaling [S]. IETF RFC 4081,2005.
119. Tschofenig H, Xiaoming F. Securing the next steps in signaling (NSIS) protocol suite [J]. International Journal of Internet Protocol Technology,2006,4(1):271-282.
120. A. Fessi, G. Carle, F. Dressler, J. Quittek, C. Kappler. NSLP for Metering Configuration Signaling [EB/OL]. http://www3.tools.ietf.org/html/draft-dressler-nsis-metering-nslp-05, 2006.
121. Falko Dressler, Andreas Klenk, Cornelia Kappler. Path coupled Signaling for Dynamic Metering Configuration in IP Based Networks [C]. Proceedings of IFIP 2005 Networking and Electronic Commerce Research Conference,2005:388-399.
122.杨宗凯,王玉明.下一代移动互联网信令系统现状及展望[J].计算机科学,2005,32(6):1-5.
123.廖佩贞,方新球,张惠民.NSIS的研究与实现[J].现代电信科技,2006,5:26-30.
124. NSIS Suite version 0.5.0 [EB/OL]. http://user.informatik.uni-goettingen.de/-nsis/download.html,2008.
125. NSIS java implementation [EB/OL]. http://nsis.dei.uc.pt/,2008.
126. Brand, D., Zafiropulo, P. On communicating finite state machines [J]. Journal of the ACM,1983,30(2):323-342.
127. Saiedia H. An Introduction to Formal Methods. IEEE Computer,1996,29(4):16-30.
128.吴哲辉Petri网导论[M].北京:机械工业出版社,2006.
129. C.A. Petri. Kommunikation mit automaten [D]. Ph.D. Thesis, Univ. of Bonn, Germany, 1962.
130. IETF RFC 1157. A simple network management protocol (SNMP) [S]. IETF,1990.
131. ISO 9596/DAM 2. Information processing open system interconnection common management information protocol (CMIP) [S].1991.
132. S Gaglio, L Gatani, G Re. et al. A logical architecture for active network management [J]. Journal of Network and Systems Management,2006,14(1):127-146.
133. P Haggerty, K Seetharaman. Benefits of CORBA-based network management [J]. Communications of the ACM,1998,41(10):73-79.
134.王汝传,穆鸿,王海艳.构建基于移动代理的层次化的网络管理系统[J].南京邮电大学学报(自然科学版).2006,26(3):9-13.
135.张普含,孙玉芳.一种基于移动代理的网络管理系统及性能分析[J].软件学报,2002,13(11):2090-2098.
136. K Fall, K Varadhan. NS notes and documents [EB/OL]. http://www.isi.edu/nsnam/ns/ns-documentation.html,2008.
137. Fu Xiaoming, S Niklas, P Henning, et al. Implementation and performance study of a new NAT/Firewall signaling protocol [C]. Proceedings of the 26th International Conference on Distributed Computing Systems-Workshops, Lisboa, Portugal, IEEE Computer Society Press,2006.401-408
138. Rosenberg J, Weinberger J, Huitema C, et al. STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) [S]. RFC 3489 IETF,2003.
139. Rosenberg J, Mahy R, Hutiema C, et al. Traversal Using Relay NAT (TURN), draft-rosenberg-midcom-turn-08 [S]. IETF,2006.
140. Rosenberg J. Interactive Connectivity Establishment (ICE):A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols, draft-ietf-mmusic-ice-15 [S]. IETF,2007.
141. Pan Jian Li, Chen Shan Zhi. A Mobile IPv6 Firewall Traversal Scheme Integrating with AAA [C]. Proceedings of 2006 International Conference on Wireless Communications, Networking and Mobile Computing,2007,414-420.
142. Mihai Aurel. NAT/firewall traversal for SIP:Issues and solutions [C]. Proceedings of International Symposium on Signals, Circuits and Systems,2005,521-524.
143.王文奇.入侵检测与安全防御协同控制研究[D].西安,西北工业大学,2007.
144. Alan Bavosa. GPRS Security Threats and Solution Recommendations [R]. Technical Report:200074-002. Juniper Networks, Inc. Sunnyvale, USA.2004.
145.孙锦山.基于NSIS的网络安全动态防御系统的设计与实现[D].沈阳,东北大学, 2008.
146. Xenakis C, Merakos L. Vulnerabilities and possible attacks against the GPRS backbone network [C]. Proceedings of First International Workshop Critical Information Infrastructures Security (CRITIS 2006). Berlin, Germany, Springer, Lecture Notes in Computer Science Vol.4347,2006:262-272.
147. Gopal, R.L, Tat Chan, Ti-Shiang W. User plane firewall for 3G mobile network [C]. Proceedings of 2003 IEEE 58th Vehicular Technology Conference.2003:2117-2121.
148.彭雪娜.入侵检测中告警信息融合模型及攻击行为分析技术研究[D].沈阳,东北大学,2007.
149. Xuena Peng, Hong Zhao. An Attacker Centric Cyber Attack Behavior Analysis Technique [C]. Proceedings of the 9th International Conference on Advanced Communication Technology (ICACT'07), Phoenix Park, Korea,2007,2113-2117.
150. Ning P, et al., Techniques and tools for analyzing intrusion alerts [J]. ACM Transactions on Information and System Security (TISSEC),2004.7(2):274-318.