异构无线网络互联的认证和密钥协商研究
|
摘要
无线网络技术的飞速发展,给人类的传统生活和工作带来了深远的影响,许多基于无线网络所发展起来的新的应用也正改变着人类的生活习惯和生活方式,带给人类越来越多的应用体验。
目前存在的各种无线网络如WLAN, Bluetooth, GSM, CDMA以及UMTS等都有着特定的需求及应用场景,任何单个技术的无线网络并不能满足未来人们对移动通信、以及普适计算的需求。未来的无线网络必然是朝着全IP核心网络,各种不同的无线接入技术互联、融合的方向发展,从而能为用户提供无时无刻、无所不在的网络接入服务。
实现异构无线网络的互联是一个非常复杂的系统工程,其中安全问题解决的好坏直接关系到融合的成功与否。除了现有同构无线网络存在的安全缺陷对未来异构无线网络的安全融合会带来影响以外;异构无线网络互联的系统复杂性、管理复杂性,使得其要面临更多额外的安全问题。
本文主要研究的是异构无线互联中的认证和密钥协商问题,包括异构的接入认证与密钥协商、域间垂直切换过程中的再认证与密钥更新。异构互联中的安全接入、以及垂直切换的再认证和密钥协商是用户在异构环境中进行安全通信的基本前提,是实现异构无线网络安全融合的基本块(Building Block),是当前的一个研究热点。通过认证和密钥协商机制,可以防止非授权用户的网络接入,也可防止合法用户被恶意网络欺骗等;协商的密钥则用于加密用户传输的数据、提供数据源验证等等。
目前,异构无线网络互联受到越来越多重视,一些标准组织、项目组织都已展开异构互联的相关研究,但对其中的安全接入认证和密钥协商,以及垂直切换再认证所做的工作还比较少。现有的一些文献所提出的异构认证和密钥交换协议在安全性上仍存在着一定不足之处,如未提供足够的安全属性、不满足一些基本的安全需求、未提供相应形式化的安全证明等。基于此,本文针对已有的异构网络模型,提出和改进了几种异构认证和密钥协商协议,除通过非形式化的分析安全性以外,还在可证安全模型下给出形式化安全证明。本文所作的几点工作如下:
(1)首先指出3GPP-WLAN的异构互联的接入认证协议EAP-AKA存在一种重定向攻击,并说明这种攻击可能会带来资费纠纷、密文泄露等问题。由于EAP-AKA重用3GPP本身存在安全缺陷的接入认证机制AKA,因此文中提出一种基于代理签名、哈希链、以及Diffie-Hellman密钥交换思想的3GPP接
The rapid progress of the wireless network technology has a wide influence on the people’s traditional life and work. Some new applications based on the new wireless technologies are altering the custom and style of the people’s life, and bringing us more and more experiences.
Currently, the existing various wireless networks, such as WLAN, Bluetooth, GSM, CDMA and UMTS, are designed for specific service requirements. None of the existing wireless systems can simultaneously satisfy the requirements of the future mobile communcaitions and pervasive computing. The development of future wireless network must be towards the core network with IP, and the convergence of the various wireless access technologies. It can thus provide users anywhere and anytime access to high-speed data real- and non-real time multimedia services.
It is very complicated to implement the heterogeneous wireless network convergence. How to solve the security problems is the key step toward the successful heterogeneous convergence. In spite of the security limits existing in the current homogeneous wireless networks, which may influnce on the future heterogeneous wireless convergence, heterogeneous wireless network interworking will be faced with further security problems because of the complexity of system and management.
This dissertation mainly studies on the authentication and key agreement of future heterogeneous wireless convergence, including access authentication, inter-domain vertical handover authentication, and the session key agreement. It is the basic precondition and building block for the secure communication of the heterogeneous convergence, and also it is the research hotspot now. The authentication and key agreement mechanism can prevent unauthorized user from accessing the network, resist malicious network to deceive the lawful user, encrypt the session data by using the exchange key, and provide the identification of the data origination.
Currently, heterogeneous wireless network interworking is paid more and more attention. Some standard and project organizations are investigating the heterogeneous wireless convergence issues. However, few works about the access authentication and vertical handover authentication are carried through. Some results
目前存在的各种无线网络如WLAN, Bluetooth, GSM, CDMA以及UMTS等都有着特定的需求及应用场景,任何单个技术的无线网络并不能满足未来人们对移动通信、以及普适计算的需求。未来的无线网络必然是朝着全IP核心网络,各种不同的无线接入技术互联、融合的方向发展,从而能为用户提供无时无刻、无所不在的网络接入服务。
实现异构无线网络的互联是一个非常复杂的系统工程,其中安全问题解决的好坏直接关系到融合的成功与否。除了现有同构无线网络存在的安全缺陷对未来异构无线网络的安全融合会带来影响以外;异构无线网络互联的系统复杂性、管理复杂性,使得其要面临更多额外的安全问题。
本文主要研究的是异构无线互联中的认证和密钥协商问题,包括异构的接入认证与密钥协商、域间垂直切换过程中的再认证与密钥更新。异构互联中的安全接入、以及垂直切换的再认证和密钥协商是用户在异构环境中进行安全通信的基本前提,是实现异构无线网络安全融合的基本块(Building Block),是当前的一个研究热点。通过认证和密钥协商机制,可以防止非授权用户的网络接入,也可防止合法用户被恶意网络欺骗等;协商的密钥则用于加密用户传输的数据、提供数据源验证等等。
目前,异构无线网络互联受到越来越多重视,一些标准组织、项目组织都已展开异构互联的相关研究,但对其中的安全接入认证和密钥协商,以及垂直切换再认证所做的工作还比较少。现有的一些文献所提出的异构认证和密钥交换协议在安全性上仍存在着一定不足之处,如未提供足够的安全属性、不满足一些基本的安全需求、未提供相应形式化的安全证明等。基于此,本文针对已有的异构网络模型,提出和改进了几种异构认证和密钥协商协议,除通过非形式化的分析安全性以外,还在可证安全模型下给出形式化安全证明。本文所作的几点工作如下:
(1)首先指出3GPP-WLAN的异构互联的接入认证协议EAP-AKA存在一种重定向攻击,并说明这种攻击可能会带来资费纠纷、密文泄露等问题。由于EAP-AKA重用3GPP本身存在安全缺陷的接入认证机制AKA,因此文中提出一种基于代理签名、哈希链、以及Diffie-Hellman密钥交换思想的3GPP接
The rapid progress of the wireless network technology has a wide influence on the people’s traditional life and work. Some new applications based on the new wireless technologies are altering the custom and style of the people’s life, and bringing us more and more experiences.
Currently, the existing various wireless networks, such as WLAN, Bluetooth, GSM, CDMA and UMTS, are designed for specific service requirements. None of the existing wireless systems can simultaneously satisfy the requirements of the future mobile communcaitions and pervasive computing. The development of future wireless network must be towards the core network with IP, and the convergence of the various wireless access technologies. It can thus provide users anywhere and anytime access to high-speed data real- and non-real time multimedia services.
It is very complicated to implement the heterogeneous wireless network convergence. How to solve the security problems is the key step toward the successful heterogeneous convergence. In spite of the security limits existing in the current homogeneous wireless networks, which may influnce on the future heterogeneous wireless convergence, heterogeneous wireless network interworking will be faced with further security problems because of the complexity of system and management.
This dissertation mainly studies on the authentication and key agreement of future heterogeneous wireless convergence, including access authentication, inter-domain vertical handover authentication, and the session key agreement. It is the basic precondition and building block for the secure communication of the heterogeneous convergence, and also it is the research hotspot now. The authentication and key agreement mechanism can prevent unauthorized user from accessing the network, resist malicious network to deceive the lawful user, encrypt the session data by using the exchange key, and provide the identification of the data origination.
Currently, heterogeneous wireless network interworking is paid more and more attention. Some standard and project organizations are investigating the heterogeneous wireless convergence issues. However, few works about the access authentication and vertical handover authentication are carried through. Some results
引文
[1] I. F. Akyildiz, S. Mohanty, and X. Jiang, “A Ubiquitous Mobile Communication Architecture for Next-Generation Heterogeneous Wireless Systems” IEEE Communications Magazine, Vol. 43, No. 6, June 2005 pp. S29 - S36.
[2] G. Wu, M. Mizuno, and P. J. M. Havinga, “MIRAI architecture for heterogeneous network”, IEEE Communications Magazine, Vol. 40, No. 2, Feb 2002 pp.126-134.
[3] IST-SHAMAN Deliverable D09, “Detailed technical specification of security for heterogeneous access (Version 1.0)”, June, 2002, [Online]. Available: http://www.ist-shaman.org/.
[4] E. Gustafsson and A. Jonsson, “Always Best Connected”, IEEE Wireless Communications, Vol. 10, No. 1, February 2003,pp 49-55.
[5] M. M. Buddhikot, G. Chandranmenon, S. Han, et al., “Design and Implementation of a WLAN/CDMA2000 Interworking Architecture”, IEEE Communications Magazine, November 2003, pp. 90-100.
[6] A. Salkintzis, C. Fors, and R. Pazhyannur, “WLAN-GPRS Integration for Next-generation Mobile Data Networks,” IEEE Wireless Commun., Oct. 2002.
[7] M. Buddhikot et al., “Integration of 802.11 and Third Generation Wireless Data Networks,” IEEE INFOCOM 2003, Apr. 2003.
[8] H. Luo et al., “Integrating Wireless LAN and Cellular Data for Enterprise,” IEEE Internet Comp., Mar.-Apr. 2003, pp. 25-33.
[9] K. Ahmavaara, H. Haverinen, and R. Pichna, “Interworking Architecture between 3GPP and WLAN Systems”, IEEE Communications Magazine, November 2003, pp.74-81.
[10] H. Haverinen et al., “Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks,” IEEE Wireless Comm., Vol. 9, No. 6, Dec. 2002, pp. 52-60.
[11] H. Y. Hsieh and R. Sivakumar, “On Using the Ad-hoc Network Model in Cellular Packet Data Networks”, In Proceedings of the third ACM international symposium on Mobile ad hoc networking & computing, pp. 36-47, June 2002.
[12] G. Aggelou and R. Tafazolli, “On the Relaying Capability of Next-Generation GSM Cellular Networks”, IEEE Personal Communications, February 2001.
[13] Y. D. Lin and Y. C. Hsu, “Multihop Cellular: A New Architecture for Wireless Communications”, In Proceedings of IEEE INFOCOM, March 2000.
[14] P. J. Havinga et al., “The SMART Project: Exploiting the Heterogeneous MobileWorld,” Proc. 2nd Int’l. Conf. Internet Comp., Las Vegas, NV, June 2001, pp.346-52.
[15] A. R. Prasad, P. Schoo and H. Wang, “An Evolutionary Approach towards Ubiquitous Communications: A Security Perspective”, in Proceedings of the 2004 International Symposium on Applications and the Internet Workshops (SAINTW’04), Tokyo, Japan, January 26-30, 2004,pp. 689-695.
[16] G. Bianchi, N. Blefari-Melazzi, P. M. L. Chan, et al., “Design and Validation of QoS Aware Mobile Internet Access Procedures for Heterogeneous Networks”, Mobile Networks and Applications, Vol. 8, No. 1 2003, pp. 11-25.
[17] L. Salgarelli, M. Buddhikot, J. Garay, S. Patel, and S. Miller, “Efficient authentication and key distribution in wireless IP networks,” IEEE Wireless Communications, Vol. 10, No. 6, Dec. 2003, pp. 52-61.
[18] M. Cappiello and A. Floris, “Mobility amongst Heterogeneous Networks with AAA Support”, IEEE International Conference on Communications (ICC 2002), 2002, Vol.4, pp. 2064-2069.
[19] J. Al-Muhtadi, D. Mickunas, and R. Campbell, “A Lightweight Reconfigurable Security Mechanism For 3G/4G Mobile Devices”, IEEE Wireless Communications, Vol. 9, No. 2, pp. 60-65, April 2002.
[20] H. Wang and A. R. Prasad, “Security Context Transfer in Vertical Handover”, in Proc. of the 14th. International Symposium on Personal, Indoor, Mobile Radio Communication (PIMRC 2003). Beijing, China, September, 2003.
[21] L. Blunk et al., “Extensible Authentication Protocol (EAP),” Internet draft, draft-ietf-eap-rfc2284bis-04.txt, June 2003, work in progress.
[22] C. Rigney et al., “Remote Authentication Dial In User Service (RADIUS),” IETF RFC 2865, June 2000.
[23] P. R. Calhoun and J. Loughney. “Diameter Base Protocol“, Internet Draft, draft-ietf-aaa-diameter-17.txt, December 2002.
[24] H. Haverinen and J. Salowey, “Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM),” Internet Draft, draft-haverinen-pppext-eap-sim-13.txt, April 5, 2004, work in progress.
[25] J. Arkko and H. Haverinen, “Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement (EAP-AKA),” Internet Draft, draft-arkko-pppext-eap-aka-15.txt, December 21, 2004, work in progress.
[26] 3GPP TS 23.234 v7.0.0, “Group Services and System Aspects; 3GPP System to Wireless Local Area Network (WLAN) Interworking; System Description(Release 6)”, December 2005, work in progress.
[27] G. Kambourakis, A. Rouskas, G. Kormentzas and S. Gritzalis, “Advanced SSL/TLS-based authentication for secure WLAN-3G interworking”, IEE Proceedings Communications, Vol. 151, No. 5, October 2004, pp. 501-506.
[28] B. Aboba and D. Simon, “PPP EAP-TLS authentication protocol”, IETF RFC 2716, October 1999.
[29] A. O. Freier, P. Karlton, and P. C. Kocher, “The SSL Protocol Version 3.0”, IETF draft, draft-freier-ssl-version3-02.txt, Nov. 1996. Available at http://www.netscape.com/eng/ssl3/draft302.txt.
[30] D. Maughan, M. Schertler, “Internet Security Association and Key Management Protocol (ISAKMP)”, IETF RFC 2408, November 1998.
[31] 3GPP TS 33.200 V5.0.0. “3G Security: Network Domain Security; MAP application layer security (Release 5)”, 2002-03.
[32] C. Perkins, “IP Mobility Support for IPv4,” IETF RFC 3344, Aug. 2002.
[33] U. Meyer and S. Wetzel, “On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks”, IEEE 15th International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2004, Barcelona, Spain, pp. 2876-2883, Sep 5-8 2004.
[34] 3GPP TS 33.102. “3GPP: Technical Specification Group services and System Aspects; 3G Security; Security Architecture”.
[35] S. Ghaheri-Niri and R. Tafazolli, “Cordless-cellular Network Integration for the 3rd Generation Personal Communication Systems,” Proc. IEEE VTC ’98, vol. 1, 1998, pp. 402-408.
[36] F. D. Priscoli, “Interworking of a Satellite System for Mobile Multimedia Applications with the Terrestrial Networks,” IEEE JSAC, vol. 17, no. 2, Feb. 1999, pp. 385-394.
[37] I. F. Akyildiz and W. Wang, “A Dynamic Location Management Scheme for Next Generation Multitier PCS Systems,” IEEE Trans. Wireless Comm., vol. 1, no.1, Jan. 2002, pp. 178-189.
[38] “Inter-PLMN Backbone Guidelines,” GSM Assn. classifications, v. 3.4.0, Mar., 2003.
[39] IST-BRAIN Deliverable D2.2: “BRAIN architecture specifications and models, BRAIN functionality and protocol specification”, March 2001.
[40] W. Aiello. “Just Fast Keying (JFK)”, IETF Draft (work in progress),draft-ietf-ipsec-jfk-03.txt, April 2002.
[41] D. Harkins, C. Kaufman, et al. “Proposal for the IKEv2 Protocol”, IETF Draft (work in progress), draft-ietf-ipsec-ikev2-02.txt, April 2002.
[42] T. Wu, “The Secure Remote Password Protocol”, http://srp.stanford.edu/ndss.html. March 1998.
[43] H. Wang and A. R. Prasad, “Fast Authentication for Inter-domain Handover”, the 11th International Conference on Telecommunications, Fortaleza, Brazil (ICT 2004), Springer-Verlag, LNCS 3124, Springer-Verlag, 2004, pp. 973-982.
[44] R. Soltwisch, X. Fu, D. Hogrefe, and S. Narayanan, “A Method for Authentication and Key Exchange for Seamless Inter-domain Handovers”, in Proc. of the 12th IEEE International Conference on Networks (ICON 2004), Singapore, November 2004.
[45] H. Wang, A. Prasad, P. Schoo, S. Tessier, and O. Tirla, “A domain model approach to network security”, Proceedings of International Workshop on Mobile IP-based Network Developments, London, U.K., October 2002.
[46] D. Dolev, A. C. Yao, “On the security of public-key protocols”, IEEE Transaction on Information Theory, Vol. 2, No. 29, 1983, pp. 198-208.
[47] 卿斯汉,“安全协议的设计与逻辑分析”,软件学报,Vol.14,No.7,2003,7, pp.1300-1309.
[48] G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR”, Software-Concepts and Tools, 1996, Vol. 17, pp. 93-102.
[49] P. Syverson, “A taxonomy of replay attacks”, In Proceedings of the Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1994, pp.187-191.
[50] D. Denning and G. Sacco, “Timestamps in key distribution protocols”, Communications of the ACM, 1981, Vol. 24, No. 8, pp.533-536.
[51] W. B. Mao 著,王继林,伍前红等译,“现代密码学理论与实践 / (英)”,北京:电子工业出版社,2004. 7.
[52] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory, vol. IT-22, pp. 644-654, Nov. 1976.
[53] 谢冬青,冷健 编著,“PKI原理与技术”,北京:清华大学出版社,2004. 1.
[54] M. Abadi and R. Needham, “Prudent engineering practices for crypto-graphic protocols”, In: Proceedings of the 1994 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1994. pp. 122-136.
[55] W. Diffie, P. C. Van-Oorschot, and M. J. Wiener, “ Authentication andAuthenticated Key Exchanges”, Designs, Codes and Cryptography 2 (1992), No.2, pp. 107-125.
[56] H. Krawczyk, “SIGMA: The ‘SIGn-and-Mac’ approach to authenticated Diffie-Hellman and its use in the IKE protocols”, In Advances in Cryptology - CRYPTO 2003, LNCS 2729, Springer-Verlag, 2003, pp. 400-425.
[57] J. A. Muir, “Techniques of side channel cryptanalysis”, Master’s thesis, Department of Combinatorics and Optimization, University of Waterloo, 2001. Available at http://www.math.uwaterloo.ca/~jamuir/sidechannel.htm.
[58] A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks”, In Network and Distributed System Security Symposium, pp.151-165, 1999.
[59] L. Law, A. Menezes, M. Qu, J. Solinas, and S. Vanstone, “An efficient protocol for authenticated key agreement”, Designs, Codes, and Cryptography, No. 28, pp.119-134, 2003.
[60] M. Just and S. Vaudenay, “Authenticated multi-party key agreement”, In Advances in Cryptology - ASIACRYPT 96, LNCS 1163, pages 36-49, 1996.
[61] 曹珍富 著,“公钥密码学”,哈尔滨:黑龙江教育出版社,1993. 10.
[62] B. Schneire著,吴世忠, 祝世雄,张文政等译,“应用密码学—协议、算法与C源程序 / (英)”,北京:机械工业出版社,2000. 1.
[63] M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, Proceedings of 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62-73.
[64] 冯登国, 范红, “安全协议形式化分析理论与方法研究综述”, 中国科学院研究生院学报, Vol. 20, No. 4, Dec. 2003, pp. 389-406.
[65] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, Research Report 39, Digital Equipment Corp. Systems Research Center, Feb 1989.
[66] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, ACM Transactions on Computer Systems, Vol. 8, No. 1, Feb. 1990, pp. 18-36.
[67] P. Bieber, “A Logic of Communication in a Hostile Environment”, In Proceedings of the Computer Security Foundations Workshop III. Los Alamitos: IEEE Computer Society Press, 1990. pp. 14-22.
[68] G. Lowe. “Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR”, In Tools and Algorithms for the Construction and Analysis of Systems, LNCS 1055, Springer-Verlag, 1996, pp.147-166.
[69] F. Thayer, J. Herzog, and J. Guttman, “Strand Space: Why is a Security ProtocolCorrect ? ”, In Proceedings of the 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1998. 160-171.
[70] L. C. Paulson, “The Inductive Approach to Verifying Cryptographic Protocols”, Journal of Computer Security, 1998, Vol. 6, pp.85-128.
[71] M. Bellare, “Practice-oriented provable security”, in Proceedings of First International Workshop on Information Security (ISW 97), LNCS 1396, Springer-Verlag, 1998, pp. 221-231.
[72] M. Bellare and P. Rogaway, “Entity authentication and key distribution,” In Advances in Cryptology - Crypto 1993, LNCS 773, Springer-Verlag, 1994. pp.232-249.
[73] N. Koblitz and A. Menezes, “Another Look at ‘Provable Security’ ”, Technical report CORR 2004-20, Centre for Applied Cryptographic Research, University of Waterloo, Canada, 2004.
[74] M. Bellare and P. Rogaway, “Provably secure session key distribution - the three party case”, In 27th ACM Symposium on Theory of Computing. ACM Press, 1995, pp. 57-66.
[75] M. Bellare, R. Canetti, and H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols,” In Proceedings of the 30th Annual Symposium on the Theory of Computing, ACM, pp. 412-428, 1998.
[76] V. Shoup,“On formal models for secure key exchange”, Technical Report IBM Research Report RZ 3120, IBM Research, 1999.
[77] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” In Advances in Cryptology – Eurocrypt 2001. LNCS 2045, Springer-Verlag, 2001. pp.453-474.
[78] R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols”, In Proc. of the 42nd FOCS. (2001) 136-145.
[79] Y. S. T. Tin, C. Boyd, and J. M. G. Nieto, “Provably Secure Key Exchange: An Engineering Approach”, At the Australasian Information Security Workshop (AISW2003), Vol. 21.
[80] M. N. Eddie, “Security Models and Proofs for Key Establishment Protocols”, A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics in Combinatorics and Optimization, Waterloo, Ontario, Canada, 2005.
[81] Y. Hitchcock, C. Boyd, and J. M. G. Nieto, “Tripartite Key Exchange in the Canetti-Krawczyk Proof Model”, INDOCRYPT 2004, LNCS 3348,Springer-Verlag, 2004, pp.17-32.
[82] 李兴华, 马建峰, 文相在, “基于身份密码系统下Canetti-Krawczyk模型的安全扩展”, 中国科学E辑, 信息科学,Vol. 34, No. 10, 2004, pp. 1185-1192.
[83] 3GPP TS 33.234 v6.7.0, “3G Security; Wireless Local Area Network (WLAN) Interworking Security (Release 6),” December 2005, work in progress.
[84] IEEE Draft Supplement to Standard for Telecommunications and Information Exchange between Systems LAN/MAN Specific Requirements Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security. IEEE Std 802.11i/D3.0, Draft Supplement to ISO/IEC 8802-11/1999(I) ANSI/IEEE Std 802.11, 1999 edition, November 2002.
[85] M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures for delegating signing operation”. In the 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp.48-57.
[86] M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures: delegation of the power to sign messages”, IEICE Trans Fundam., 1996, E79-A (9):1338-1354.
[87] L. Lamport, “Password authentication with insecure communication”, Communications of ACM. Vol. 24. No. 11, pp. 770-772. 1981.
[88] R. Gennaro and P. Rohatgi, “How to Sign Digital Streams”, Advances in Cryptography – Crypto’97, pp.180-197.
[89] L. Harn and H. Lin, “A Non-Repudiation Metering Scheme”, IEEE Communications Letters, Vol. 5, No. 12, December 2001.
[90] 3GPP TS 21.133 V3.1.0, “3G Security;Security Threats and Requirements”, 1999-12.
[91] M. Zhang, “Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol,” IEEE Transactions on Wireless Communications, Vol. 4, No. 2, March 2005.
[92] L. Harn and W. J. Hsin, “On the Security of Wireless Network Access with Enhancements”, WiSE’03, September 19, 2003, San Diego, California, USA.
[93] W. B. Lee and C. K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication Systems ”, IEEE Transactions On Wireless Communications, Vol. 4, No. 1, pp. 57-64, January 2005.
[94] W. B. Lee and C. Y. Chang, “Efficient proxy-protected proxy signature scheme based on discrete logarithm,” in Proc. 10th Conf. Inform. Security, Taiwan, May 2000, pp. 4-7.
[95] S. Blake-Wilson, D. Johnson and A. Menezes, “Key Agreement Protocols andtheir Security Analysis”, Proceedings of the sixth IMA International Conference on Cryptography and Coding, LNCS 1355, Springer-Verlag, 1997, pp. 30-45.
[96] IEEE Std. 802.1X-2001, “IEEE Standard for Local and Metropolitan Area Networks - Port-Based Network Access Control,” June 2001.
[97] B. Aboba and M. Beadles, “The Network Access Identifier,” IETF RFC 2486, Jan. 1999.
[98] D. Naccache, D. M'Ra?hi, S. Vaudenay, et al., “Can D.S.A. Be Improved? Complexity Trade-offs with the Digital Signature Standard”, Advances in Cryptology - EUROCRYPT '94, LNCS 950, Springer-Verlag, 1995, pp. 77-85.
[99] G. M. Koien and T. Haslestad, “Security aspects of 3G-WLAN interworking,” IEEE Communications Magazine, Vol. 41, no. 11, Nov. 2003, pp. 82-88.
[100] National Institute of Standards and Technology, Digital Signature Standard (DSS), “Federal Information Processing Standards Publication”, FIPS PUB 186-2, Reaffirmed, January 27, 2000.
[101] S. Goldwasser and S. Micali “Probabilistic encryption”, Journal of Computer and System Science, 1984, 28(2), pp.270-299.
[102] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “A concrete security treatment of symmetric encryption (extended abstract)”, In Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS), IEEE Computer Society Press, 1997, pp.394-403.
[103] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes (extended abstract)”, In Advances in Cryptology-CRYPTO 1998, LNCS 1462, Springer-Verlag, 1998, pp.26-45.
[104] Y. S. T. Tin, H. Vasanta, C. Boyd, and J. M. G. Nieto, “Protocols with Security Proofs for Mobile Applications”, In Proceedings of ACISP 2004, LNCS 3108, Springer-Verlag, 2004, pp. 358-369.
[105] M. Bellare, A. Boldyreva, and S. Micali, “Public-key encryption in a multi-user setting: Security proofs and improvements”, In Advances in Cryptology – Eurocrypt 2000, LNCS 1807, Springer-Verlag, 2000, pp. 259-274.
[106] O. Baudron, D. Pointcheval, and J. Stern, “Extended notions of security for multicast public key cryptosystems”, In Proceedings of the 27th international Colloquium on Automata, Languages and Programming (ICALP ’2000), LNCS 1853, Springer-Verlag, 2000, pp. 499-511.
[107] A. Shamir, “Identity-based cryptosystems and signature schemes”, InAdvances in Cryptology - Crypto’84. LNCS 196. Springer-Verlag, 1984, pp.47-53.
[108] A. Joux, “A one round protocol for tripartite Diffie-Hellman”, Proc. of Algorithm Number Theory Symposium - ANTS-IV, LNCS 1838, Springer-Verlag, 2000, pp.385-394.
[109] S. S. Al-Riyami, and K. G. Paterson, “Tripartite Authenticated Key Agreement Protocols from Pairings”, IMA Conference on Cryptography and Coding, LNCS 2898, Springer-Verlag, 2003, pp.332-359.
[110] D. Boneh and M. Franklin, “Identity Based Encryption From the Weil Pairing”, Advances in Cryptology – Crypto’01, LNCS 2139, Springer-Verlag, 2001, pp. 213-229.
[111] D. Nalla and K.C. Reddy, “ID-based tripartite Authenticated Key Agreement Protocols from pairings”, Cryptology ePrint Archive, Report. 2003/004.
[112] F. Zhang, S. Liu, and K. Kim, “ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings”, Cryptology ePrint Archive, Report 2002/122.
[113] K. Shim, “A Man-in-the-middle Attack on Nalla-Reddy's ID-based Tripartite Authenticated Key Agreement Protocol”, Cryptology ePrint Archive, Report, 2003/115.
[114] C. Boyd, W. B. Mao, and K. Paterson, “Key Agreement using Statically Keyed Authenticators”, Applied Cryptography and Network Security: Second International Conference, ACNS 2004, LNCS 3089, Springer-Verlag, 2004, pp.248-262.
[115] H. Wang, A. R. Prasad, and P. Schoo, “Research Issues for Fast Authentication in Inter-Domain Handover”, in Proc. of the 8th Wireless World Research Forum meeting (WWRF#8), Beijing, China, February 2004.
[116] A. Hess and G. Sch?fer, “Performance Evaluation of AAA/Mobile IP Authentication”, in Proc. of the 2nd Polish-German Teletraffic Symposium (PGTS'02), Gdansk, Poland, September 2002.
[117] K. R. Choo, C. Boyd, Y. Hitchcock, and G. Maitland, “On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited”. Security in Communication Networks: 4th International Conference, SCN 2004, Amalfi, Italy. LNCS 3352, Springer-Verlag, 2005, pp.351-366.
[118] K. R. Choo and Y. Hitchcock, “Security Requirements for Key Establishment Proof Models: Revisiting Bellare–Rogaway and Jeong–Katz–Lee Protocols”Information Security and Privacy: 10th Australasian Conference, ACISP 2005, Brisbane, Australia. LNCS 3574, Springer-Verlag, 2005, pp. 429-442.
[119] B. Song and K. Kim, “Two-Pass Authenticated Key Agreement Protocol with Key Confirmation”, Proc. of Indocrypt 2000, LNCS 1977, Springer-Verlag, 2000, pp.237-249.
[2] G. Wu, M. Mizuno, and P. J. M. Havinga, “MIRAI architecture for heterogeneous network”, IEEE Communications Magazine, Vol. 40, No. 2, Feb 2002 pp.126-134.
[3] IST-SHAMAN Deliverable D09, “Detailed technical specification of security for heterogeneous access (Version 1.0)”, June, 2002, [Online]. Available: http://www.ist-shaman.org/.
[4] E. Gustafsson and A. Jonsson, “Always Best Connected”, IEEE Wireless Communications, Vol. 10, No. 1, February 2003,pp 49-55.
[5] M. M. Buddhikot, G. Chandranmenon, S. Han, et al., “Design and Implementation of a WLAN/CDMA2000 Interworking Architecture”, IEEE Communications Magazine, November 2003, pp. 90-100.
[6] A. Salkintzis, C. Fors, and R. Pazhyannur, “WLAN-GPRS Integration for Next-generation Mobile Data Networks,” IEEE Wireless Commun., Oct. 2002.
[7] M. Buddhikot et al., “Integration of 802.11 and Third Generation Wireless Data Networks,” IEEE INFOCOM 2003, Apr. 2003.
[8] H. Luo et al., “Integrating Wireless LAN and Cellular Data for Enterprise,” IEEE Internet Comp., Mar.-Apr. 2003, pp. 25-33.
[9] K. Ahmavaara, H. Haverinen, and R. Pichna, “Interworking Architecture between 3GPP and WLAN Systems”, IEEE Communications Magazine, November 2003, pp.74-81.
[10] H. Haverinen et al., “Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks,” IEEE Wireless Comm., Vol. 9, No. 6, Dec. 2002, pp. 52-60.
[11] H. Y. Hsieh and R. Sivakumar, “On Using the Ad-hoc Network Model in Cellular Packet Data Networks”, In Proceedings of the third ACM international symposium on Mobile ad hoc networking & computing, pp. 36-47, June 2002.
[12] G. Aggelou and R. Tafazolli, “On the Relaying Capability of Next-Generation GSM Cellular Networks”, IEEE Personal Communications, February 2001.
[13] Y. D. Lin and Y. C. Hsu, “Multihop Cellular: A New Architecture for Wireless Communications”, In Proceedings of IEEE INFOCOM, March 2000.
[14] P. J. Havinga et al., “The SMART Project: Exploiting the Heterogeneous MobileWorld,” Proc. 2nd Int’l. Conf. Internet Comp., Las Vegas, NV, June 2001, pp.346-52.
[15] A. R. Prasad, P. Schoo and H. Wang, “An Evolutionary Approach towards Ubiquitous Communications: A Security Perspective”, in Proceedings of the 2004 International Symposium on Applications and the Internet Workshops (SAINTW’04), Tokyo, Japan, January 26-30, 2004,pp. 689-695.
[16] G. Bianchi, N. Blefari-Melazzi, P. M. L. Chan, et al., “Design and Validation of QoS Aware Mobile Internet Access Procedures for Heterogeneous Networks”, Mobile Networks and Applications, Vol. 8, No. 1 2003, pp. 11-25.
[17] L. Salgarelli, M. Buddhikot, J. Garay, S. Patel, and S. Miller, “Efficient authentication and key distribution in wireless IP networks,” IEEE Wireless Communications, Vol. 10, No. 6, Dec. 2003, pp. 52-61.
[18] M. Cappiello and A. Floris, “Mobility amongst Heterogeneous Networks with AAA Support”, IEEE International Conference on Communications (ICC 2002), 2002, Vol.4, pp. 2064-2069.
[19] J. Al-Muhtadi, D. Mickunas, and R. Campbell, “A Lightweight Reconfigurable Security Mechanism For 3G/4G Mobile Devices”, IEEE Wireless Communications, Vol. 9, No. 2, pp. 60-65, April 2002.
[20] H. Wang and A. R. Prasad, “Security Context Transfer in Vertical Handover”, in Proc. of the 14th. International Symposium on Personal, Indoor, Mobile Radio Communication (PIMRC 2003). Beijing, China, September, 2003.
[21] L. Blunk et al., “Extensible Authentication Protocol (EAP),” Internet draft, draft-ietf-eap-rfc2284bis-04.txt, June 2003, work in progress.
[22] C. Rigney et al., “Remote Authentication Dial In User Service (RADIUS),” IETF RFC 2865, June 2000.
[23] P. R. Calhoun and J. Loughney. “Diameter Base Protocol“, Internet Draft, draft-ietf-aaa-diameter-17.txt, December 2002.
[24] H. Haverinen and J. Salowey, “Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM),” Internet Draft, draft-haverinen-pppext-eap-sim-13.txt, April 5, 2004, work in progress.
[25] J. Arkko and H. Haverinen, “Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement (EAP-AKA),” Internet Draft, draft-arkko-pppext-eap-aka-15.txt, December 21, 2004, work in progress.
[26] 3GPP TS 23.234 v7.0.0, “Group Services and System Aspects; 3GPP System to Wireless Local Area Network (WLAN) Interworking; System Description(Release 6)”, December 2005, work in progress.
[27] G. Kambourakis, A. Rouskas, G. Kormentzas and S. Gritzalis, “Advanced SSL/TLS-based authentication for secure WLAN-3G interworking”, IEE Proceedings Communications, Vol. 151, No. 5, October 2004, pp. 501-506.
[28] B. Aboba and D. Simon, “PPP EAP-TLS authentication protocol”, IETF RFC 2716, October 1999.
[29] A. O. Freier, P. Karlton, and P. C. Kocher, “The SSL Protocol Version 3.0”, IETF draft, draft-freier-ssl-version3-02.txt, Nov. 1996. Available at http://www.netscape.com/eng/ssl3/draft302.txt.
[30] D. Maughan, M. Schertler, “Internet Security Association and Key Management Protocol (ISAKMP)”, IETF RFC 2408, November 1998.
[31] 3GPP TS 33.200 V5.0.0. “3G Security: Network Domain Security; MAP application layer security (Release 5)”, 2002-03.
[32] C. Perkins, “IP Mobility Support for IPv4,” IETF RFC 3344, Aug. 2002.
[33] U. Meyer and S. Wetzel, “On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks”, IEEE 15th International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2004, Barcelona, Spain, pp. 2876-2883, Sep 5-8 2004.
[34] 3GPP TS 33.102. “3GPP: Technical Specification Group services and System Aspects; 3G Security; Security Architecture”.
[35] S. Ghaheri-Niri and R. Tafazolli, “Cordless-cellular Network Integration for the 3rd Generation Personal Communication Systems,” Proc. IEEE VTC ’98, vol. 1, 1998, pp. 402-408.
[36] F. D. Priscoli, “Interworking of a Satellite System for Mobile Multimedia Applications with the Terrestrial Networks,” IEEE JSAC, vol. 17, no. 2, Feb. 1999, pp. 385-394.
[37] I. F. Akyildiz and W. Wang, “A Dynamic Location Management Scheme for Next Generation Multitier PCS Systems,” IEEE Trans. Wireless Comm., vol. 1, no.1, Jan. 2002, pp. 178-189.
[38] “Inter-PLMN Backbone Guidelines,” GSM Assn. classifications, v. 3.4.0, Mar., 2003.
[39] IST-BRAIN Deliverable D2.2: “BRAIN architecture specifications and models, BRAIN functionality and protocol specification”, March 2001.
[40] W. Aiello. “Just Fast Keying (JFK)”, IETF Draft (work in progress),draft-ietf-ipsec-jfk-03.txt, April 2002.
[41] D. Harkins, C. Kaufman, et al. “Proposal for the IKEv2 Protocol”, IETF Draft (work in progress), draft-ietf-ipsec-ikev2-02.txt, April 2002.
[42] T. Wu, “The Secure Remote Password Protocol”, http://srp.stanford.edu/ndss.html. March 1998.
[43] H. Wang and A. R. Prasad, “Fast Authentication for Inter-domain Handover”, the 11th International Conference on Telecommunications, Fortaleza, Brazil (ICT 2004), Springer-Verlag, LNCS 3124, Springer-Verlag, 2004, pp. 973-982.
[44] R. Soltwisch, X. Fu, D. Hogrefe, and S. Narayanan, “A Method for Authentication and Key Exchange for Seamless Inter-domain Handovers”, in Proc. of the 12th IEEE International Conference on Networks (ICON 2004), Singapore, November 2004.
[45] H. Wang, A. Prasad, P. Schoo, S. Tessier, and O. Tirla, “A domain model approach to network security”, Proceedings of International Workshop on Mobile IP-based Network Developments, London, U.K., October 2002.
[46] D. Dolev, A. C. Yao, “On the security of public-key protocols”, IEEE Transaction on Information Theory, Vol. 2, No. 29, 1983, pp. 198-208.
[47] 卿斯汉,“安全协议的设计与逻辑分析”,软件学报,Vol.14,No.7,2003,7, pp.1300-1309.
[48] G. Lowe, “Breaking and fixing the Needham-Schroeder public-key protocol using FDR”, Software-Concepts and Tools, 1996, Vol. 17, pp. 93-102.
[49] P. Syverson, “A taxonomy of replay attacks”, In Proceedings of the Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1994, pp.187-191.
[50] D. Denning and G. Sacco, “Timestamps in key distribution protocols”, Communications of the ACM, 1981, Vol. 24, No. 8, pp.533-536.
[51] W. B. Mao 著,王继林,伍前红等译,“现代密码学理论与实践 / (英)”,北京:电子工业出版社,2004. 7.
[52] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory, vol. IT-22, pp. 644-654, Nov. 1976.
[53] 谢冬青,冷健 编著,“PKI原理与技术”,北京:清华大学出版社,2004. 1.
[54] M. Abadi and R. Needham, “Prudent engineering practices for crypto-graphic protocols”, In: Proceedings of the 1994 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1994. pp. 122-136.
[55] W. Diffie, P. C. Van-Oorschot, and M. J. Wiener, “ Authentication andAuthenticated Key Exchanges”, Designs, Codes and Cryptography 2 (1992), No.2, pp. 107-125.
[56] H. Krawczyk, “SIGMA: The ‘SIGn-and-Mac’ approach to authenticated Diffie-Hellman and its use in the IKE protocols”, In Advances in Cryptology - CRYPTO 2003, LNCS 2729, Springer-Verlag, 2003, pp. 400-425.
[57] J. A. Muir, “Techniques of side channel cryptanalysis”, Master’s thesis, Department of Combinatorics and Optimization, University of Waterloo, 2001. Available at http://www.math.uwaterloo.ca/~jamuir/sidechannel.htm.
[58] A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks”, In Network and Distributed System Security Symposium, pp.151-165, 1999.
[59] L. Law, A. Menezes, M. Qu, J. Solinas, and S. Vanstone, “An efficient protocol for authenticated key agreement”, Designs, Codes, and Cryptography, No. 28, pp.119-134, 2003.
[60] M. Just and S. Vaudenay, “Authenticated multi-party key agreement”, In Advances in Cryptology - ASIACRYPT 96, LNCS 1163, pages 36-49, 1996.
[61] 曹珍富 著,“公钥密码学”,哈尔滨:黑龙江教育出版社,1993. 10.
[62] B. Schneire著,吴世忠, 祝世雄,张文政等译,“应用密码学—协议、算法与C源程序 / (英)”,北京:机械工业出版社,2000. 1.
[63] M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, Proceedings of 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62-73.
[64] 冯登国, 范红, “安全协议形式化分析理论与方法研究综述”, 中国科学院研究生院学报, Vol. 20, No. 4, Dec. 2003, pp. 389-406.
[65] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, Research Report 39, Digital Equipment Corp. Systems Research Center, Feb 1989.
[66] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication”, ACM Transactions on Computer Systems, Vol. 8, No. 1, Feb. 1990, pp. 18-36.
[67] P. Bieber, “A Logic of Communication in a Hostile Environment”, In Proceedings of the Computer Security Foundations Workshop III. Los Alamitos: IEEE Computer Society Press, 1990. pp. 14-22.
[68] G. Lowe. “Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR”, In Tools and Algorithms for the Construction and Analysis of Systems, LNCS 1055, Springer-Verlag, 1996, pp.147-166.
[69] F. Thayer, J. Herzog, and J. Guttman, “Strand Space: Why is a Security ProtocolCorrect ? ”, In Proceedings of the 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1998. 160-171.
[70] L. C. Paulson, “The Inductive Approach to Verifying Cryptographic Protocols”, Journal of Computer Security, 1998, Vol. 6, pp.85-128.
[71] M. Bellare, “Practice-oriented provable security”, in Proceedings of First International Workshop on Information Security (ISW 97), LNCS 1396, Springer-Verlag, 1998, pp. 221-231.
[72] M. Bellare and P. Rogaway, “Entity authentication and key distribution,” In Advances in Cryptology - Crypto 1993, LNCS 773, Springer-Verlag, 1994. pp.232-249.
[73] N. Koblitz and A. Menezes, “Another Look at ‘Provable Security’ ”, Technical report CORR 2004-20, Centre for Applied Cryptographic Research, University of Waterloo, Canada, 2004.
[74] M. Bellare and P. Rogaway, “Provably secure session key distribution - the three party case”, In 27th ACM Symposium on Theory of Computing. ACM Press, 1995, pp. 57-66.
[75] M. Bellare, R. Canetti, and H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols,” In Proceedings of the 30th Annual Symposium on the Theory of Computing, ACM, pp. 412-428, 1998.
[76] V. Shoup,“On formal models for secure key exchange”, Technical Report IBM Research Report RZ 3120, IBM Research, 1999.
[77] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” In Advances in Cryptology – Eurocrypt 2001. LNCS 2045, Springer-Verlag, 2001. pp.453-474.
[78] R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols”, In Proc. of the 42nd FOCS. (2001) 136-145.
[79] Y. S. T. Tin, C. Boyd, and J. M. G. Nieto, “Provably Secure Key Exchange: An Engineering Approach”, At the Australasian Information Security Workshop (AISW2003), Vol. 21.
[80] M. N. Eddie, “Security Models and Proofs for Key Establishment Protocols”, A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics in Combinatorics and Optimization, Waterloo, Ontario, Canada, 2005.
[81] Y. Hitchcock, C. Boyd, and J. M. G. Nieto, “Tripartite Key Exchange in the Canetti-Krawczyk Proof Model”, INDOCRYPT 2004, LNCS 3348,Springer-Verlag, 2004, pp.17-32.
[82] 李兴华, 马建峰, 文相在, “基于身份密码系统下Canetti-Krawczyk模型的安全扩展”, 中国科学E辑, 信息科学,Vol. 34, No. 10, 2004, pp. 1185-1192.
[83] 3GPP TS 33.234 v6.7.0, “3G Security; Wireless Local Area Network (WLAN) Interworking Security (Release 6),” December 2005, work in progress.
[84] IEEE Draft Supplement to Standard for Telecommunications and Information Exchange between Systems LAN/MAN Specific Requirements Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security. IEEE Std 802.11i/D3.0, Draft Supplement to ISO/IEC 8802-11/1999(I) ANSI/IEEE Std 802.11, 1999 edition, November 2002.
[85] M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures for delegating signing operation”. In the 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp.48-57.
[86] M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures: delegation of the power to sign messages”, IEICE Trans Fundam., 1996, E79-A (9):1338-1354.
[87] L. Lamport, “Password authentication with insecure communication”, Communications of ACM. Vol. 24. No. 11, pp. 770-772. 1981.
[88] R. Gennaro and P. Rohatgi, “How to Sign Digital Streams”, Advances in Cryptography – Crypto’97, pp.180-197.
[89] L. Harn and H. Lin, “A Non-Repudiation Metering Scheme”, IEEE Communications Letters, Vol. 5, No. 12, December 2001.
[90] 3GPP TS 21.133 V3.1.0, “3G Security;Security Threats and Requirements”, 1999-12.
[91] M. Zhang, “Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol,” IEEE Transactions on Wireless Communications, Vol. 4, No. 2, March 2005.
[92] L. Harn and W. J. Hsin, “On the Security of Wireless Network Access with Enhancements”, WiSE’03, September 19, 2003, San Diego, California, USA.
[93] W. B. Lee and C. K. Yeh, “A New Delegation-Based Authentication Protocol for Use in Portable Communication Systems ”, IEEE Transactions On Wireless Communications, Vol. 4, No. 1, pp. 57-64, January 2005.
[94] W. B. Lee and C. Y. Chang, “Efficient proxy-protected proxy signature scheme based on discrete logarithm,” in Proc. 10th Conf. Inform. Security, Taiwan, May 2000, pp. 4-7.
[95] S. Blake-Wilson, D. Johnson and A. Menezes, “Key Agreement Protocols andtheir Security Analysis”, Proceedings of the sixth IMA International Conference on Cryptography and Coding, LNCS 1355, Springer-Verlag, 1997, pp. 30-45.
[96] IEEE Std. 802.1X-2001, “IEEE Standard for Local and Metropolitan Area Networks - Port-Based Network Access Control,” June 2001.
[97] B. Aboba and M. Beadles, “The Network Access Identifier,” IETF RFC 2486, Jan. 1999.
[98] D. Naccache, D. M'Ra?hi, S. Vaudenay, et al., “Can D.S.A. Be Improved? Complexity Trade-offs with the Digital Signature Standard”, Advances in Cryptology - EUROCRYPT '94, LNCS 950, Springer-Verlag, 1995, pp. 77-85.
[99] G. M. Koien and T. Haslestad, “Security aspects of 3G-WLAN interworking,” IEEE Communications Magazine, Vol. 41, no. 11, Nov. 2003, pp. 82-88.
[100] National Institute of Standards and Technology, Digital Signature Standard (DSS), “Federal Information Processing Standards Publication”, FIPS PUB 186-2, Reaffirmed, January 27, 2000.
[101] S. Goldwasser and S. Micali “Probabilistic encryption”, Journal of Computer and System Science, 1984, 28(2), pp.270-299.
[102] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “A concrete security treatment of symmetric encryption (extended abstract)”, In Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS), IEEE Computer Society Press, 1997, pp.394-403.
[103] M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes (extended abstract)”, In Advances in Cryptology-CRYPTO 1998, LNCS 1462, Springer-Verlag, 1998, pp.26-45.
[104] Y. S. T. Tin, H. Vasanta, C. Boyd, and J. M. G. Nieto, “Protocols with Security Proofs for Mobile Applications”, In Proceedings of ACISP 2004, LNCS 3108, Springer-Verlag, 2004, pp. 358-369.
[105] M. Bellare, A. Boldyreva, and S. Micali, “Public-key encryption in a multi-user setting: Security proofs and improvements”, In Advances in Cryptology – Eurocrypt 2000, LNCS 1807, Springer-Verlag, 2000, pp. 259-274.
[106] O. Baudron, D. Pointcheval, and J. Stern, “Extended notions of security for multicast public key cryptosystems”, In Proceedings of the 27th international Colloquium on Automata, Languages and Programming (ICALP ’2000), LNCS 1853, Springer-Verlag, 2000, pp. 499-511.
[107] A. Shamir, “Identity-based cryptosystems and signature schemes”, InAdvances in Cryptology - Crypto’84. LNCS 196. Springer-Verlag, 1984, pp.47-53.
[108] A. Joux, “A one round protocol for tripartite Diffie-Hellman”, Proc. of Algorithm Number Theory Symposium - ANTS-IV, LNCS 1838, Springer-Verlag, 2000, pp.385-394.
[109] S. S. Al-Riyami, and K. G. Paterson, “Tripartite Authenticated Key Agreement Protocols from Pairings”, IMA Conference on Cryptography and Coding, LNCS 2898, Springer-Verlag, 2003, pp.332-359.
[110] D. Boneh and M. Franklin, “Identity Based Encryption From the Weil Pairing”, Advances in Cryptology – Crypto’01, LNCS 2139, Springer-Verlag, 2001, pp. 213-229.
[111] D. Nalla and K.C. Reddy, “ID-based tripartite Authenticated Key Agreement Protocols from pairings”, Cryptology ePrint Archive, Report. 2003/004.
[112] F. Zhang, S. Liu, and K. Kim, “ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings”, Cryptology ePrint Archive, Report 2002/122.
[113] K. Shim, “A Man-in-the-middle Attack on Nalla-Reddy's ID-based Tripartite Authenticated Key Agreement Protocol”, Cryptology ePrint Archive, Report, 2003/115.
[114] C. Boyd, W. B. Mao, and K. Paterson, “Key Agreement using Statically Keyed Authenticators”, Applied Cryptography and Network Security: Second International Conference, ACNS 2004, LNCS 3089, Springer-Verlag, 2004, pp.248-262.
[115] H. Wang, A. R. Prasad, and P. Schoo, “Research Issues for Fast Authentication in Inter-Domain Handover”, in Proc. of the 8th Wireless World Research Forum meeting (WWRF#8), Beijing, China, February 2004.
[116] A. Hess and G. Sch?fer, “Performance Evaluation of AAA/Mobile IP Authentication”, in Proc. of the 2nd Polish-German Teletraffic Symposium (PGTS'02), Gdansk, Poland, September 2002.
[117] K. R. Choo, C. Boyd, Y. Hitchcock, and G. Maitland, “On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited”. Security in Communication Networks: 4th International Conference, SCN 2004, Amalfi, Italy. LNCS 3352, Springer-Verlag, 2005, pp.351-366.
[118] K. R. Choo and Y. Hitchcock, “Security Requirements for Key Establishment Proof Models: Revisiting Bellare–Rogaway and Jeong–Katz–Lee Protocols”Information Security and Privacy: 10th Australasian Conference, ACISP 2005, Brisbane, Australia. LNCS 3574, Springer-Verlag, 2005, pp. 429-442.
[119] B. Song and K. Kim, “Two-Pass Authenticated Key Agreement Protocol with Key Confirmation”, Proc. of Indocrypt 2000, LNCS 1977, Springer-Verlag, 2000, pp.237-249.