抗污染攻击的UC安全网络编码方案的研究与设计
摘要
网络编码是信息论领域中信息处理和传输理论研究的一个重大突破。与传统网络的中间节点只复制和传输数据包不一样,网络编码允许在网络的节点上对接收到的信息进行一定形式的编码处理。网络编码理论涉及了多用户信息论、计算机网络、组播技术和图论等诸多方面的理论,已成为提高网络吞吐量、鲁棒性和安全性的有效方法。
网络编码能够带来多种益处,但是基于网络编码的系统非常容易遭受污染攻击,主要包括两种类型的污染攻击,搭线窃听攻击(被动攻击)和拜占庭攻击(主动攻击)。网络编码允许中间节点在转发数据前对收到的信息进行混合,一旦有数据包被攻击者破坏,受污染的节点进一步影响其他诚实节点。随着对安全、高效的数据通信要求越来越高,对网络编码中污染攻击问题的解决势必越来越重要。
本文对安全网络编码理论进行了深入研究,所做的主要工作如下:
针对网络编码中存在的窃听和拜占庭污染攻击,以单源多接收节点有向无环网络为模型,提出了一种抗污染攻击的UC安全网络编码方案记为UC-SNCAPA(UC Secure Network Coding Against Pollution Attacks)。UC-SNCAPA方案通过AONT(All-Or-Nothing Transform)块加密实现了对抗窃听攻击,不论窃听了多少条编码信道也得不到任何有意义的信息,利用NCS_1(Network Coding Signature)同态签名机制防止恶意节点的攻击。
UC-SNCAPA方案首次将通用可复合UC (Universally Composable)安全框架应用到编码方案中,构建了编码环境下的理想函数Fsig,FCPKE,根据编码方案抽象出编码协议π_(coding),在(F_(CPKE),F_(sig))辅助的混合模型下描述了π_(coding),最后证明了π_(coding)安全实现了编码理想函数F_(coding)。通过证明,表明该方案具有抵抗窃听攻击和拜占庭攻击的能力。
Network coding is a major breakthrough in the field of information processingand transmission theoretical study. Intermediate nodes only copy and transfer datapackets in the traditional network, contrary to that, network coding allows thereceived information on the nodes of the network to carry out some form of encodingprocessing. Network coding theory involves multi-user information theory, computernetworks, multicast technology and graph theory and other aspects of the theories, ithas become an effective way to improve network throughput, robustness andsecurity.
Network coding can bring many benefits, but the system based on networkcoding is vulnerable to suffering from pollution attack, including wiretappingattacks (passive attacks) and Byzantine attacks (active attacks). Network codingallows the routers to mix the received information before forwarding them to thenext nodes. Once a packet is corrupted, a single error further will cause pollution ofdownstream nodes like the plague spread on the network. With higher and higherdemand for security and efficient data communication, the solution of pollutionattacks problems in network coding scenarios is bound to more and more important.
The work in this paper is to research on the secure network coding theory, themain work are as follows:
Considering the pollution attacks in network coding, in the single-sourcemulti-sinks directed acyclic network, we present a universally composable securenetwork coding against pollution attacks (UC-SNCAPA). By means of AONT(All-Or-Nothing Transform) encryption an eavesdropper is unable to get anymeaningful information no matter how many channels are wiretapped,and we adoptthe signature scheme NCS1(Network Coding Signature) to prevent malicious nodes.
UC-SNCAPA scheme applied UC (Universally Composable) security frameworkto the network coding scheme for the first time. We formulate a universallycomposable network coding scheme π_(coding) in (F_(CPKE), F_(sig))-hybrid model. Here,F_(CPKE) is the encryption ideal functionality, and F_(sig) is the signature idealfunctionality. Lastly, we have proved the protocol π_(coding) securely realizes F_(coding) inthe (F_(CPKE), F_(sig))-hybrid model, here, F_(coding) is the ideal functionality of networkcoding against pollution attacks in the UC framework. By the security proof, it is showed that the proposed scheme has the ability of resistance eavesdropper and theByzantine attacker
网络编码能够带来多种益处,但是基于网络编码的系统非常容易遭受污染攻击,主要包括两种类型的污染攻击,搭线窃听攻击(被动攻击)和拜占庭攻击(主动攻击)。网络编码允许中间节点在转发数据前对收到的信息进行混合,一旦有数据包被攻击者破坏,受污染的节点进一步影响其他诚实节点。随着对安全、高效的数据通信要求越来越高,对网络编码中污染攻击问题的解决势必越来越重要。
本文对安全网络编码理论进行了深入研究,所做的主要工作如下:
针对网络编码中存在的窃听和拜占庭污染攻击,以单源多接收节点有向无环网络为模型,提出了一种抗污染攻击的UC安全网络编码方案记为UC-SNCAPA(UC Secure Network Coding Against Pollution Attacks)。UC-SNCAPA方案通过AONT(All-Or-Nothing Transform)块加密实现了对抗窃听攻击,不论窃听了多少条编码信道也得不到任何有意义的信息,利用NCS_1(Network Coding Signature)同态签名机制防止恶意节点的攻击。
UC-SNCAPA方案首次将通用可复合UC (Universally Composable)安全框架应用到编码方案中,构建了编码环境下的理想函数Fsig,FCPKE,根据编码方案抽象出编码协议π_(coding),在(F_(CPKE),F_(sig))辅助的混合模型下描述了π_(coding),最后证明了π_(coding)安全实现了编码理想函数F_(coding)。通过证明,表明该方案具有抵抗窃听攻击和拜占庭攻击的能力。
Network coding is a major breakthrough in the field of information processingand transmission theoretical study. Intermediate nodes only copy and transfer datapackets in the traditional network, contrary to that, network coding allows thereceived information on the nodes of the network to carry out some form of encodingprocessing. Network coding theory involves multi-user information theory, computernetworks, multicast technology and graph theory and other aspects of the theories, ithas become an effective way to improve network throughput, robustness andsecurity.
Network coding can bring many benefits, but the system based on networkcoding is vulnerable to suffering from pollution attack, including wiretappingattacks (passive attacks) and Byzantine attacks (active attacks). Network codingallows the routers to mix the received information before forwarding them to thenext nodes. Once a packet is corrupted, a single error further will cause pollution ofdownstream nodes like the plague spread on the network. With higher and higherdemand for security and efficient data communication, the solution of pollutionattacks problems in network coding scenarios is bound to more and more important.
The work in this paper is to research on the secure network coding theory, themain work are as follows:
Considering the pollution attacks in network coding, in the single-sourcemulti-sinks directed acyclic network, we present a universally composable securenetwork coding against pollution attacks (UC-SNCAPA). By means of AONT(All-Or-Nothing Transform) encryption an eavesdropper is unable to get anymeaningful information no matter how many channels are wiretapped,and we adoptthe signature scheme NCS1(Network Coding Signature) to prevent malicious nodes.
UC-SNCAPA scheme applied UC (Universally Composable) security frameworkto the network coding scheme for the first time. We formulate a universallycomposable network coding scheme π_(coding) in (F_(CPKE), F_(sig))-hybrid model. Here,F_(CPKE) is the encryption ideal functionality, and F_(sig) is the signature idealfunctionality. Lastly, we have proved the protocol π_(coding) securely realizes F_(coding) inthe (F_(CPKE), F_(sig))-hybrid model, here, F_(coding) is the ideal functionality of networkcoding against pollution attacks in the UC framework. By the security proof, it is showed that the proposed scheme has the ability of resistance eavesdropper and theByzantine attacker
引文
[1] Elias P, Feinstein A, Shannon C. A note on the maximum flow through anetwork[J]. IEEE Transactions on Information Theory,1956,2(4):117-119
[2] Ramanathan S. Multicast tree generation in networks with asymmetriclinks[J].IEEE/ACM Transactions on Networking,1996,4(4):558-568
[3] Charikar M, Chekuri C, Cheung T, et al. Approximation algorithms for directedSteiner problems[C]. Society for Industrial and Applied Mathematics,1998,192-200
[4] Zosin L, Khuller S. On directed Steiner trees[C]. Society for Industrial andApplied Mathematics,2002,59-63
[5] Ahlswede R, Cai N, Li S.Y.R, et al. Network information flow[J]. InformationTheory, IEEE Transactions on,2000,46(4):1204-1216
[6] Lamport L, Shostak R, Pease M. The Byzantine generals problem[J]. ACMTransactions on Programming Languages and Systems (TOPLAS),1982,4(3):382-401
[7] Koetter R, Medard M. Beyond routing: An algebraic approach to networkcoding[C]. IEEE,2002,122-130
[8] Koetter R, Medard M. An algebraic approach to network coding[J]. IEEE/ACMTransactions on Networking,2003,11(5):782-795
[9] Sanders P, Egner S, Tolhuizen L. Polynomial time algorithms for networkinformation flow[C]. ACM,2003,286-294
[10] Chou P A, Wu Y, Jain K. Practical network coding[C].2003
[11] Ho T, Medard M, Shi J, et al. On randomized network coding[C]. In: Proc. ofthe41st Annual Allerton Conf on Communication Control and Computing,2003,11-20
[12] Dougherty R, Freiling C, Zeger K. Linearity and solvability in multicastnetworks[J]. IEEE Transactions on Information Theory,2004,50(10):2243-2256
[13] Dougherty R, Freiling C, Zeger K. Insufficiency of linear coding in networkinformation flow[J]. IEEE Transactions on Information Theory,2005,51(8):2745-2759
[14] Wu Y, Chou P.A, Kung S.Y. Minimum-energy multicast in mobile ad hocnetworks using network coding[J]. IEEE Transactions on Communications,2005,53(11):1906-1918
[15] Wu Y, Chou P.A, Zhang Q, et al. Network planning in wireless ad hoc networks:a cross-layer approach[J]. IEEE Journal on Selected Areas in Communications,2005,23(1):136-150
[16] Katti S, Katabi D, Hu W, et al. The importance of being opportunistic: Practicalnetwork coding for wireless environments[C]. In: Proc.43rd Annual AllertonConference on Communication, Control, and Computing,2005
[17] Wu Y, Chou P.A, Kung S.Y. Information exchange in wireless networks withnetwork coding and physical-layer broadcast[C]. Proceedings of the39thConference on Information Sciences and Systems (CISS’05),2005
[18] Cai N, Yeung R.W. Network coding and error correction[C]. IEEE InformTheory Workshop,2002,119-122
[19] Widmer J, Fragouli C, Le Boudec J.Y. Low-complexity energy-efficientbroadcasting in wireless ad-hoc networks using network coding[C]. Proceedingsof1st Workshop on Network Coding Theory and Applications. Riva del Garda,Italy: Springer-Verlag,2005,2354-2361
[20]卢开澄,卢华明.图论及其应用[M].清华大学出版社,1995
[21]兰家隆,刘军.应用图论及算法[M].电子科技大学出版社,1995
[22]殷剑宏,吴开亚.图论及其算法[M].中国科学技术大学出版社,2003
[23] Cai N, Yeung R.W. Secure network coding[C]. IEEE Intl Symp Inf Theory,2002,323
[24] Yeung R.W. Information theory and network coding[J]. Springer Verlag,2008
[25]王静.网络编码理论及其应用的研究[D].西安电子科技大学,2008
[26] Li S.Y.R, Yeung R.W, Cai N. Linear network coding[J]. IEEE Transactions onInformation Theory,2003,49(2):371-381
[27] Noguchi T, Matsuda T, Yamamoto M. Performance evaluation of new multicastarchitecture with network coding[J]. IEICE TRANSACTIONS ONCOMMUNICATIONS E SERIES B,2003,86(6):1788-1795
[28] Acedanski S, Deb S, Medard M, et al. How good is random linear coding baseddistributed networked storage[C]. Proceedings of the1st Workshop on NetworkCoding Theory and Applications. New York: IEEE,2005,1-6
[29] Chen Y, Kishore S, Li J. Wireless diversity through network coding[C]. IEEE,2006,1681-1686
[30]孙岳.网络编码及网络容错的研究[D].西安电子科技大学,2005
[31] Ho T, Koetter R, Medard M, et al. The benefits of coding over routing in arandomized setting[C]. In: Proc of IEEE International Symposium onInformation Theory,2003,442
[32] Ho T, Medard M, Koetter R, et al. A random linear network coding approach tomulticast[J]. IEEE Transactions on Information Theory,2006,52(10):4413-4430
[33] Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactiveproof-systems[C]. In: Proc of STOC’85Rhode Island, USA: ACM Press,1985,186-208
[34] Canetti R. Universally composable security: A new paradigm for cryptographicprotocols[C]. Proceedings of the42nd Annual Symposium on Foundations ofComputer Science. Washington, DC: IEEE Computer Society,2001,136-145
[35] Wenbo M. Modern cryptography: theory and practice[M]. Publisher: PrenticeHall PTR, Copyright: Hewlett Packard,2004
[36] Merkle R.C. Secure communications over insecure channels[J].Communications of the ACM,1978,21(4):294-299
[37] Wikstrom D. A universally composable mix-net[C]. In: Proc.of the Theory ofCryptography Conf.LNCS2951, Springer-Verlag,2004,317-335
[38] Camenisch J, Lysyanskaya A. A formal treatment of onion routing[C]. In:Proc.of the Crypto2005. LNCS3621,2005,169-187
[39] Abe M, Fehr S. Adaptively secure Feldman VSS and applications touniversally-composable threshold cryptography[C]. Springer,2004,317-334
[40] Barak B, Canetti R, Nielsen J B, et al. Universally composable protocols withrelaxed set-up assumptions[C]. Proceedings of the45th Annual IEEESymposium on Foundations of Computer Science. Washington, DC: IEEEComputer Society,2004,186-195
[41]徐海霞,李宝.分布式密钥分发方案的安全性证明[J].软件学报,2005,16(4):570-576
[42]张帆,马建峰,文相在.通用可组合的匿名HASH认证模型[J].中国科学E辑,2007,37(2):272-284
[43]雷飞宇,陈克非. UC安全多方计算模型及其典型应用研究[D].上海:上海交通大学,2007
[44] Yao A, Yao F, Zhao Y. A note on the feasibility of generalized universalcomposability[J]. Theory and Applications of Models of Computation,2007,474-485
[45]罗正钦.基于UC框架的安全协议形式化分析[D].2007
[46]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安电子科技大学,2008
[47]彭清泉,裴庆祺,杨超等.通用可组合安全的Internet密钥交换协议[J].西安电子科技大学学报,2009,36(4):714-720
[48]洪璇.通用可组合数字签名模型及其关键问题研究[D].上海交通大学,2008
[49]冯涛,郭显,马建峰.可证明安全的节点不相交多路径源路由协议[J].软件学报,2010,21(7):1717-1731
[50]齐庆磊,张浩军,王逸芳.一种通用可组合安全的快速密钥交换协议[J].计算机工程,2011,37(20):94-96
[51]曹峥,邓淼磊.通用可组合的RFID搜索协议[J].华中科技大学学报:自然科学版,2011,39(4):56-59
[52] Canetti R. Composable formal security analysis: Juggling soundness, simplicityand efficiency[C]. Automata, Languages and Programming,2008:1-13
[53] Canetti R, Dodis Y, Pass R, et al. Universally composable security with globalsetup[C]. Theory of Cryptography,2007:61-85
[54] Prabhakaran M, Sahai A. New notions of security: achieving universalcomposability without trusted setup[C]. ACM,2004,242-251
[55]罗蛟.基于安全网络编码的无线自组网MAODV协议研究[D].2009,武汉理工大学
[56] Lindell Y. General composition and universal composability in securemulti-party computation[C]. Proceedings of the44nd IEEE Symposium onFoundations of Computer Science. Cambridg,2003,394-403
[57] Feldman J, Malkin T, Stein C, et al. On the capacity of secure networkcoding[C]. In: Proc.42nd Annual Allerton Conference onCommunication,Control,and Computing,Monticello,IL,USA,Sep.2004
[58] Chan T, Grant A. Capacity bounds for secure network coding[C].Communication Theory Workshop. Australian: IEEE Press,2008:95-100
[59] Rouayheb S.Y, Soljanin E. On wiretap networks II[C]. IEEE,2007,551-555
[60] Silva D, Kschischang F.R. Security for wiretap networks via rank-metriccodes[C]. IEEE,2008,176-180
[61] Ho T, Leong B, Koetter R, et al. Byzantine modification detection in multicastnetworks with random network coding[J]. IEEE Transactions on InformationTheory,2008,54(6):2798-2803
[62] Jaggi S, Langberg M, Katti S, et al. Resilient network coding in the presence ofbyzantine adversaries[C].IEEE,2007,616-624
[63] Krohn M N, Freedman M J, Mazieres D. On-the-fly verification of ratelesserasure codes for efficient content distribution[C]. IEEE,2004,226-240
[64] Zhou Y, Li H, Ma J. Secure network coding against the contamination andeavesdropping adversaries[EB/OL]. http://arxiv.org/pdf/0805.2286,2008
[65] Yu Z, Wei Y, Ramkumar B, et al. An efficient signature-based scheme forsecuring network coding against pollution attacks[C]. IEEE,2008,1409-1417
[66] Agrawal S, Boneh D. Homomorphic MACs: MAC-based integrity for networkcoding[C]. Springer,2009,292-305
[67] Li Y, Yao H, Chen M, et al. Ripple authentication for network coding[C]. IEEE,2010,1-9
[68] Wang Y. Insecure “provably secure network coding” and homomorphicauthentication schemes for network coding[EB/OL].[2010-12-11].http://eprint.iacr.org/2010/060.pdf.
[69] Tao F, Bingtao Z, Jianfeng M. Security Random Network Coding Model againstByzantine Attack Based on CBC[C]. IEEE,2011,1178-1181
[70] Boneh D, Freeman D, Katz J, et al. Signing a linear subspace: Signatureschemes for network coding[C]. Public Key Cryptography–PKC2009,2009,68-87
[71]李大霖,林雪红,林家儒等.安全网络编码的一个必要条件[J].北京邮电大学学报,2008,9-12
[72] Rivest R. All-or-nothing encryption and the package transform[C]. Springer,1997,210-218
[73] Stinson D.R. Something about all or nothing (transforms)[J]. Designs, Codesand Cryptography,2001,22(2):133-138
[74] Goldwasser S, Micali S. Probabilistic encryption[J]. Journal of computer andsystem sciences,1984,28(2):270-299
[75] Fiat A, Shamir A. How to prove yourself: Practical solutions to identificationand signature problems[C]. Springer,1987,186-194
[76] Goldwasser S, Micali S, Rivest R.L. A digital signature scheme secure againstadaptive chosen-message attacks[J]. SIAM J. Comput.,1988,17(2):281-308
[77] Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use forbuilding secure channels[C]. Advances in Cryptology-EUROCRYPT2001,2001,453-474
[78] Canetti R, Krawczyk H. Universally composable notions of key exchange andsecure channels[C].Advances in Cryptology-Eurocrypt'02LNCS2332. Berlin:Springer-Verlag,2002:337-351
[79] Even S, Goldreich O, Micali S. On-line/off-line digital signatures[C]. In: Proc.of Advances in Cryptdogy.New York: Springer-Verlag,1990,263-275
[2] Ramanathan S. Multicast tree generation in networks with asymmetriclinks[J].IEEE/ACM Transactions on Networking,1996,4(4):558-568
[3] Charikar M, Chekuri C, Cheung T, et al. Approximation algorithms for directedSteiner problems[C]. Society for Industrial and Applied Mathematics,1998,192-200
[4] Zosin L, Khuller S. On directed Steiner trees[C]. Society for Industrial andApplied Mathematics,2002,59-63
[5] Ahlswede R, Cai N, Li S.Y.R, et al. Network information flow[J]. InformationTheory, IEEE Transactions on,2000,46(4):1204-1216
[6] Lamport L, Shostak R, Pease M. The Byzantine generals problem[J]. ACMTransactions on Programming Languages and Systems (TOPLAS),1982,4(3):382-401
[7] Koetter R, Medard M. Beyond routing: An algebraic approach to networkcoding[C]. IEEE,2002,122-130
[8] Koetter R, Medard M. An algebraic approach to network coding[J]. IEEE/ACMTransactions on Networking,2003,11(5):782-795
[9] Sanders P, Egner S, Tolhuizen L. Polynomial time algorithms for networkinformation flow[C]. ACM,2003,286-294
[10] Chou P A, Wu Y, Jain K. Practical network coding[C].2003
[11] Ho T, Medard M, Shi J, et al. On randomized network coding[C]. In: Proc. ofthe41st Annual Allerton Conf on Communication Control and Computing,2003,11-20
[12] Dougherty R, Freiling C, Zeger K. Linearity and solvability in multicastnetworks[J]. IEEE Transactions on Information Theory,2004,50(10):2243-2256
[13] Dougherty R, Freiling C, Zeger K. Insufficiency of linear coding in networkinformation flow[J]. IEEE Transactions on Information Theory,2005,51(8):2745-2759
[14] Wu Y, Chou P.A, Kung S.Y. Minimum-energy multicast in mobile ad hocnetworks using network coding[J]. IEEE Transactions on Communications,2005,53(11):1906-1918
[15] Wu Y, Chou P.A, Zhang Q, et al. Network planning in wireless ad hoc networks:a cross-layer approach[J]. IEEE Journal on Selected Areas in Communications,2005,23(1):136-150
[16] Katti S, Katabi D, Hu W, et al. The importance of being opportunistic: Practicalnetwork coding for wireless environments[C]. In: Proc.43rd Annual AllertonConference on Communication, Control, and Computing,2005
[17] Wu Y, Chou P.A, Kung S.Y. Information exchange in wireless networks withnetwork coding and physical-layer broadcast[C]. Proceedings of the39thConference on Information Sciences and Systems (CISS’05),2005
[18] Cai N, Yeung R.W. Network coding and error correction[C]. IEEE InformTheory Workshop,2002,119-122
[19] Widmer J, Fragouli C, Le Boudec J.Y. Low-complexity energy-efficientbroadcasting in wireless ad-hoc networks using network coding[C]. Proceedingsof1st Workshop on Network Coding Theory and Applications. Riva del Garda,Italy: Springer-Verlag,2005,2354-2361
[20]卢开澄,卢华明.图论及其应用[M].清华大学出版社,1995
[21]兰家隆,刘军.应用图论及算法[M].电子科技大学出版社,1995
[22]殷剑宏,吴开亚.图论及其算法[M].中国科学技术大学出版社,2003
[23] Cai N, Yeung R.W. Secure network coding[C]. IEEE Intl Symp Inf Theory,2002,323
[24] Yeung R.W. Information theory and network coding[J]. Springer Verlag,2008
[25]王静.网络编码理论及其应用的研究[D].西安电子科技大学,2008
[26] Li S.Y.R, Yeung R.W, Cai N. Linear network coding[J]. IEEE Transactions onInformation Theory,2003,49(2):371-381
[27] Noguchi T, Matsuda T, Yamamoto M. Performance evaluation of new multicastarchitecture with network coding[J]. IEICE TRANSACTIONS ONCOMMUNICATIONS E SERIES B,2003,86(6):1788-1795
[28] Acedanski S, Deb S, Medard M, et al. How good is random linear coding baseddistributed networked storage[C]. Proceedings of the1st Workshop on NetworkCoding Theory and Applications. New York: IEEE,2005,1-6
[29] Chen Y, Kishore S, Li J. Wireless diversity through network coding[C]. IEEE,2006,1681-1686
[30]孙岳.网络编码及网络容错的研究[D].西安电子科技大学,2005
[31] Ho T, Koetter R, Medard M, et al. The benefits of coding over routing in arandomized setting[C]. In: Proc of IEEE International Symposium onInformation Theory,2003,442
[32] Ho T, Medard M, Koetter R, et al. A random linear network coding approach tomulticast[J]. IEEE Transactions on Information Theory,2006,52(10):4413-4430
[33] Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactiveproof-systems[C]. In: Proc of STOC’85Rhode Island, USA: ACM Press,1985,186-208
[34] Canetti R. Universally composable security: A new paradigm for cryptographicprotocols[C]. Proceedings of the42nd Annual Symposium on Foundations ofComputer Science. Washington, DC: IEEE Computer Society,2001,136-145
[35] Wenbo M. Modern cryptography: theory and practice[M]. Publisher: PrenticeHall PTR, Copyright: Hewlett Packard,2004
[36] Merkle R.C. Secure communications over insecure channels[J].Communications of the ACM,1978,21(4):294-299
[37] Wikstrom D. A universally composable mix-net[C]. In: Proc.of the Theory ofCryptography Conf.LNCS2951, Springer-Verlag,2004,317-335
[38] Camenisch J, Lysyanskaya A. A formal treatment of onion routing[C]. In:Proc.of the Crypto2005. LNCS3621,2005,169-187
[39] Abe M, Fehr S. Adaptively secure Feldman VSS and applications touniversally-composable threshold cryptography[C]. Springer,2004,317-334
[40] Barak B, Canetti R, Nielsen J B, et al. Universally composable protocols withrelaxed set-up assumptions[C]. Proceedings of the45th Annual IEEESymposium on Foundations of Computer Science. Washington, DC: IEEEComputer Society,2004,186-195
[41]徐海霞,李宝.分布式密钥分发方案的安全性证明[J].软件学报,2005,16(4):570-576
[42]张帆,马建峰,文相在.通用可组合的匿名HASH认证模型[J].中国科学E辑,2007,37(2):272-284
[43]雷飞宇,陈克非. UC安全多方计算模型及其典型应用研究[D].上海:上海交通大学,2007
[44] Yao A, Yao F, Zhao Y. A note on the feasibility of generalized universalcomposability[J]. Theory and Applications of Models of Computation,2007,474-485
[45]罗正钦.基于UC框架的安全协议形式化分析[D].2007
[46]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安电子科技大学,2008
[47]彭清泉,裴庆祺,杨超等.通用可组合安全的Internet密钥交换协议[J].西安电子科技大学学报,2009,36(4):714-720
[48]洪璇.通用可组合数字签名模型及其关键问题研究[D].上海交通大学,2008
[49]冯涛,郭显,马建峰.可证明安全的节点不相交多路径源路由协议[J].软件学报,2010,21(7):1717-1731
[50]齐庆磊,张浩军,王逸芳.一种通用可组合安全的快速密钥交换协议[J].计算机工程,2011,37(20):94-96
[51]曹峥,邓淼磊.通用可组合的RFID搜索协议[J].华中科技大学学报:自然科学版,2011,39(4):56-59
[52] Canetti R. Composable formal security analysis: Juggling soundness, simplicityand efficiency[C]. Automata, Languages and Programming,2008:1-13
[53] Canetti R, Dodis Y, Pass R, et al. Universally composable security with globalsetup[C]. Theory of Cryptography,2007:61-85
[54] Prabhakaran M, Sahai A. New notions of security: achieving universalcomposability without trusted setup[C]. ACM,2004,242-251
[55]罗蛟.基于安全网络编码的无线自组网MAODV协议研究[D].2009,武汉理工大学
[56] Lindell Y. General composition and universal composability in securemulti-party computation[C]. Proceedings of the44nd IEEE Symposium onFoundations of Computer Science. Cambridg,2003,394-403
[57] Feldman J, Malkin T, Stein C, et al. On the capacity of secure networkcoding[C]. In: Proc.42nd Annual Allerton Conference onCommunication,Control,and Computing,Monticello,IL,USA,Sep.2004
[58] Chan T, Grant A. Capacity bounds for secure network coding[C].Communication Theory Workshop. Australian: IEEE Press,2008:95-100
[59] Rouayheb S.Y, Soljanin E. On wiretap networks II[C]. IEEE,2007,551-555
[60] Silva D, Kschischang F.R. Security for wiretap networks via rank-metriccodes[C]. IEEE,2008,176-180
[61] Ho T, Leong B, Koetter R, et al. Byzantine modification detection in multicastnetworks with random network coding[J]. IEEE Transactions on InformationTheory,2008,54(6):2798-2803
[62] Jaggi S, Langberg M, Katti S, et al. Resilient network coding in the presence ofbyzantine adversaries[C].IEEE,2007,616-624
[63] Krohn M N, Freedman M J, Mazieres D. On-the-fly verification of ratelesserasure codes for efficient content distribution[C]. IEEE,2004,226-240
[64] Zhou Y, Li H, Ma J. Secure network coding against the contamination andeavesdropping adversaries[EB/OL]. http://arxiv.org/pdf/0805.2286,2008
[65] Yu Z, Wei Y, Ramkumar B, et al. An efficient signature-based scheme forsecuring network coding against pollution attacks[C]. IEEE,2008,1409-1417
[66] Agrawal S, Boneh D. Homomorphic MACs: MAC-based integrity for networkcoding[C]. Springer,2009,292-305
[67] Li Y, Yao H, Chen M, et al. Ripple authentication for network coding[C]. IEEE,2010,1-9
[68] Wang Y. Insecure “provably secure network coding” and homomorphicauthentication schemes for network coding[EB/OL].[2010-12-11].http://eprint.iacr.org/2010/060.pdf.
[69] Tao F, Bingtao Z, Jianfeng M. Security Random Network Coding Model againstByzantine Attack Based on CBC[C]. IEEE,2011,1178-1181
[70] Boneh D, Freeman D, Katz J, et al. Signing a linear subspace: Signatureschemes for network coding[C]. Public Key Cryptography–PKC2009,2009,68-87
[71]李大霖,林雪红,林家儒等.安全网络编码的一个必要条件[J].北京邮电大学学报,2008,9-12
[72] Rivest R. All-or-nothing encryption and the package transform[C]. Springer,1997,210-218
[73] Stinson D.R. Something about all or nothing (transforms)[J]. Designs, Codesand Cryptography,2001,22(2):133-138
[74] Goldwasser S, Micali S. Probabilistic encryption[J]. Journal of computer andsystem sciences,1984,28(2):270-299
[75] Fiat A, Shamir A. How to prove yourself: Practical solutions to identificationand signature problems[C]. Springer,1987,186-194
[76] Goldwasser S, Micali S, Rivest R.L. A digital signature scheme secure againstadaptive chosen-message attacks[J]. SIAM J. Comput.,1988,17(2):281-308
[77] Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use forbuilding secure channels[C]. Advances in Cryptology-EUROCRYPT2001,2001,453-474
[78] Canetti R, Krawczyk H. Universally composable notions of key exchange andsecure channels[C].Advances in Cryptology-Eurocrypt'02LNCS2332. Berlin:Springer-Verlag,2002:337-351
[79] Even S, Goldreich O, Micali S. On-line/off-line digital signatures[C]. In: Proc.of Advances in Cryptdogy.New York: Springer-Verlag,1990,263-275