一种抵御中间人攻击的可信网络连接协议
|
摘要
可信计算组织TCG提出的可信网络连接TNC可以很好地解决网络接入过程中的安全威胁.但由于TNC网络访问层和完整性评估层之间没有绑定关系,平台完整性信息可以被冒用,容易遭受中间人攻击,导致不合法的终端接入网络.为解决这一问题,我们设计了一种抵御中间人攻击的可信网络连接协议S-TNC(SafeTNC),在完整性评估层基于TPM协商一个秘密密钥,将其与平台完整性报告绑定,再由这个秘密密钥直接导出会话密钥,用于通信对端之间数据通信的保护,实现认证对端和通信对端的密码学绑定,抵御中间人攻击.经BAN逻辑形式化分析和实验测试,该协议本身没有发现安全缺陷,可以抵御中间人攻击.与现有方案相比,该协议不额外增加实体和证书,密钥受TPM保护,具有简单安全的特点.
Trusted Computing Organization(TCG)proposes the Trusted Network Connection(TNC)to solve the threats and problems in network access.However,due to the TNC architecture design features,it is vulnerable to man-in-the-middle attack,which can lead to illegal access,service interruption,sensitive information leakage and other security issues.By in-depth study of the attack process,the crux of the problem is found.Because there is no binding relationship between the network access layer and the integrity evaluation layer,valid authentication between the Access Requestor(AR)and the Policy Decision Point(PDP)is lacking.Attacker can use a legal terminal's platform integrity information by passing the TNC request and reply message in the middle.It impersonates a legal terminal to get access to network illegally.To solve this problem,this paper designs an improved protocol S-TNC(Safe TNC).According to S-TNC,a secret is negotiated in integrity evaluation layer between AR and PDP.Firstly,AR generates a pair of Bind Key(BK)based on Trusted Platform Module(TPM)and signs it with Attestation Identity Key(AIK)to prove that the BK belongs to AR's platform.Secendly,PDP generates a secret and send it to AR protected by BK.Thirdly,AR uses the secret as the externalData parameter of TPM_Quote command to generate the platform integrity report,so it is bound with the platform integrity report.Finally,after verifying the integrity of AR's platform,PDP and AR both believe that the secret is only known to them,and they derive a session key using the same key generation algorithm based on the secret to protect the subsequent communication.So a cryptography bound between the authentication peers and the communication peers is achieved to resist man-inthe-middle attack.For S-TNC,the secret is the key thing to resist man-in-the-middle.The secret is generated based on AIK authentication and protected by TPM.It has a natural binding relationship with the platform.Any middleman can not acquire and forge the secret.Therefore,it is not possible to generate a valid session key,and illegal access is denied.S-TNC is implemented in the integrity evaluation layer,transparent to the network access layer and integrity collection layer.S-TNC does not change the original architecture of TNC and inherits the security features described in the TNC standard.BAN logic is a widely used formal analysis method for authentication protocols.It is used to analyze S-TNC to reveal some defects that are hard to find.After strict reasoning,S-TNC is proved to be safe and correct.An experimental system is built to test the feasibility,resistance to man-in-the-middle attack and system performance of the S-TNC.The tests prove that the S-TNC has reached the intended safety target.Compared with the existing methods,S-TNC does not increase the complexity of the system for no additional entities and certificates are added.Security is enhanced for the keys are protected by TPM hardware.It is simple and safe.
Trusted Computing Organization(TCG)proposes the Trusted Network Connection(TNC)to solve the threats and problems in network access.However,due to the TNC architecture design features,it is vulnerable to man-in-the-middle attack,which can lead to illegal access,service interruption,sensitive information leakage and other security issues.By in-depth study of the attack process,the crux of the problem is found.Because there is no binding relationship between the network access layer and the integrity evaluation layer,valid authentication between the Access Requestor(AR)and the Policy Decision Point(PDP)is lacking.Attacker can use a legal terminal's platform integrity information by passing the TNC request and reply message in the middle.It impersonates a legal terminal to get access to network illegally.To solve this problem,this paper designs an improved protocol S-TNC(Safe TNC).According to S-TNC,a secret is negotiated in integrity evaluation layer between AR and PDP.Firstly,AR generates a pair of Bind Key(BK)based on Trusted Platform Module(TPM)and signs it with Attestation Identity Key(AIK)to prove that the BK belongs to AR's platform.Secendly,PDP generates a secret and send it to AR protected by BK.Thirdly,AR uses the secret as the externalData parameter of TPM_Quote command to generate the platform integrity report,so it is bound with the platform integrity report.Finally,after verifying the integrity of AR's platform,PDP and AR both believe that the secret is only known to them,and they derive a session key using the same key generation algorithm based on the secret to protect the subsequent communication.So a cryptography bound between the authentication peers and the communication peers is achieved to resist man-inthe-middle attack.For S-TNC,the secret is the key thing to resist man-in-the-middle.The secret is generated based on AIK authentication and protected by TPM.It has a natural binding relationship with the platform.Any middleman can not acquire and forge the secret.Therefore,it is not possible to generate a valid session key,and illegal access is denied.S-TNC is implemented in the integrity evaluation layer,transparent to the network access layer and integrity collection layer.S-TNC does not change the original architecture of TNC and inherits the security features described in the TNC standard.BAN logic is a widely used formal analysis method for authentication protocols.It is used to analyze S-TNC to reveal some defects that are hard to find.After strict reasoning,S-TNC is proved to be safe and correct.An experimental system is built to test the feasibility,resistance to man-in-the-middle attack and system performance of the S-TNC.The tests prove that the S-TNC has reached the intended safety target.Compared with the existing methods,S-TNC does not increase the complexity of the system for no additional entities and certificates are added.Security is enhanced for the keys are protected by TPM hardware.It is simple and safe.
引文
[1]Zhang Huan-Guo,Zhao Bo.Trusted computing.Wuhan:Wuhan University Press,2011(in Chinese)(张焕国,赵波.可信计算.武汉:武汉大学出版社,2011)
[2]Shen Chang-Xiang,Zhang Huan-Guo,Wang Huai-Ming,et al.Research and development of Trusted Computing.Scientia Sinica:Informationis,2010,40(2):139-166(in Chinese)(沈昌祥,张焕国,王怀民等.可信计算的研究与发展.中国科学:信息科学,2010,40(2):139-166)
[3]Zhao Bo,Zhang Huan-Guo,Li Jing,et al.The system architecture and security structure of Trusted PDA.Chinese Journal of Computers,2010,33(1):82-92(in Chinese)(赵波,张焕国,李晶等.可信PDA计算平台系统结构与安全机制.计算机学报,2010,33(1):82-92)
[4]Trusted Computing Group.Trusted Platform Module Library,Part 1:Architecture,Part 2:Structures,Part 3:Commands,Family 2.0,Revision 1.16.2014
[5]Zhang Huan-Guo,Chen Lu,Zhang Li-Qiang.Research on trusted network connection.Chinese Journal of Computers,2010,33(4):706-717(in Chinese)(张焕国,陈璐,张立强.可信网络连接研究.计算机学报,2010,33(4):706-717)
[6]Trusted Computing Group.Trusted Network Communications TNC Architecture for interoperability.Specification Version 1.5,Revision 4.2012
[7]Jaeger T,Sailer R,Shankar U.PRIMA:Policy-reduced integrity measurement architecture//Proceedings of the 11th ACM Symposium on Access Control Models and Technologies.California,USA,2006:19-28
[8]Sailer R,Zhang X,Jaeger T,et al.Design and implementation of a TCG-based integrity measurement architecture//Proceedings of the 13th USENIX Security Symposium.San Diego,USA,2004:16-32
[9]Asokan N.Man-in-the-middle in tunnelled authentication protocols//Proceedings of the 11th International Conference on Security Protocols.Cambridge,UK,2003:42-48
[10]Conti M,Dragoni N,Lesyk V.A survey of Man-in-TheMiddle attacks.IEEE Communications Surveys and Tutorials,2016,18(3):2027-2051
[11]GB/T 29828-2013.Trusted connection architecture.Information Security Management Working Group,2013(in Chinese)(GB/T 29828-2013.可信连接架构.信息安全管理工作组,2013)
[12]China Iwncomm Co,Ltd.Trusted network connection implementing method based on tri-element peer authentication,USA,2015
[13]Li Ming,Li Qin,Zhang Guo-Qiang,et al.The implementation and application of Trusted Connect Architecture.Journal of Information Security Research,2017,3(4):332-338(in Chinese)(李明,李琴,张国强等.可信网络连接架构TCA的实现及其应用.信息安全研究,2017,3(4):332-338)
[14]Tan Liang,Liu Zhen,Zhou Ming-Tian.Development of attestation in TCG.Acta Electronica Sinica,2010,38(5):1105-1112(in Chinese)(谭良,刘震,周明天.TCG架构下的证明问题研究及进展.电子学报,2010,38(5):1105-1112)
[15]Tan Liang,Chen Ju.Remote attestation project of the running environment of the trusted terminal.Journal of Software,2014,25(6):1273-1290(in Chinese)(谭良,陈菊.一种可信终端运行环境远程证明方案.软件学报,2014,25(6):1273-1290)
[16]Yu Yue,Wang Huai-Min,Liu Bo,et al.A trusted remote attestation model based on Trusted Computing//Proceedings of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Melbourne,Australia,2013:1504-1509
[17]Zhao Bao-Hua,Guo Hao.Dynamic remote attestation on Trusted Computing.Applied Mechanics and Materials,2015,696:167-172
[18]Hu Ling-Bi,Tan Liang.Research on the trusted virtual platform remote attestation method in cloud computing.Journal of Software,2018,29(9):2874-2895(in Chinese)(胡玲碧,谭良.云环境中可信虚拟平台的远程证明方案研究.软件学报,2018,29(9):2874-2895)
[19]Brickell E.Direct anonymous attestation//Proceedings of the11th ACM Conference on Computer and Communications Security.Washington,USA,2004:132-145
[20]Chen Xiao-Feng,Feng Deng-Guo.A direct anonymous attestation scheme in multi-doma environment.Chinese Journal of Computers,2008,31(7):1122-1130(in Chinese)(陈小峰,冯登国.一种多信任域内的直接匿名证明方案.计算机学报,2008,31(7):1122-1130)
[21]Zhang Da-Wei,Han Zhen,Jiang Yi-Chen,et al.Anonymous remote attestation protocol based on DAA and TLS.Journal of Huazhong University of Science and Technology(Natural Science Edition),2014,42(11):28-33(in Chinese)(张大伟,韩臻,蒋逸尘等.基于DAA和TLS的匿名远程证明协议.华中科技大学学报(自然科学版),2014,42(11):28-33)
[22]Yang Bo,Feng Deng-Guo,Qin Yu,et al.Research on direct anonymous attestation scheme based on trusted mobile platform.Journal of Computer Research and Development,2014,51(7):1436-1445(in Chinese)(杨波,冯登国,秦宇等.基于可信移动平台的直接匿名证明方案研究.计算机研究与发展,2014,51(7):1436-1445)
[23]Sadeghi A R,Stüble C.Property-based attestation for computing platforms:Caring about properties,not mechanisms//Proceedings of the 2004 Workshop on New Security Paradigms.Nova Scotia,Canada,2004:67-77
[24]Chen L,Landfermann R,Hr H,et al.A protocol for propertybased attestation//Proceedings of the 1st ACM Workshop on Scalable Trusted Computing.Alexandria,USA,2006:7-16
[25]Li Jian-Jun,Li Ying-Jia,Hu Ya-Jun,et al.An improved protocol for property-based attestation//Proceedings of the32nd Chinese Control Conference.Xi′an,China,2013:6343-6348
[26]Awad A,Kadry S,Lee B,et al.Property based attestation for a secure cloud monitoring system//Proceedings of the 7th International Conference on Utility and Cloud Computing.Washington,USA,2015:934-940
[27]Chen Xun,Liu Ji-Qiang,Shi Yang-Feng,et al.An enhanced authentication scheme for virtual private network access based on platform attributes of multi-level classification//Proceedings of the International Conference on Applications and Techniques in Information Security.Beijing,China,2015:52-64
[28]Zhang Xin,Yang Xiao-Yuan,Zhu Shuai-Shuai.A ring-signature based remote attestation scheme for the property of configurations.Journal of Wuhan University(Natural Science Edition),2016,62(2):117-121(in Chinese)(张鑫,杨晓元,朱率率.一种基于环签名的属性配置远程证明方案.武汉大学学报(理学版),2016,62(2):117-121)
[29]Zhao Shi-Jun,Feng Deng-Guo.A TNC Trusted Network Connection schema based on property attestation.Journal of Wuhan University(Natural Science Edition),2012,58(6):519-525(in Chinese)(赵世军,冯登国.基于属性证明的可信网络接入方案.武汉大学学报(理学版),2012,58(6):519-525)
[30]Ma Zhuo,Ma Jian-Feng,Li Xing-Hua,et al.Provable security model for Trusted Network Connect protocol.Chinese Journal of Computers,2011,34(9):1669-1678(in Chinese)(马卓,马建峰,李兴华等.可证明安全的可信网络连接协议模型.计算机学报,2011,34(9):1669-1678)
[31]Luo An-An,Lin Chuang,Wang Yuan-Zhuo.Security quantifying method and enhanced mechanisms of TNC.Chinese Journal of Computers,2009,32(5):887-898(in Chinese)(罗安安,林闯,王元卓等.可信网络连接的安全量化分析与协议改进.计算机学报,2009,32(5):887-898)
[32]Xiao Yue-Lei.Research on key technologies of Trusted Network Connect and their application[Ph.D.dissertation].Xi′an:Xi′an Xidian University,2013(in Chinese)(肖跃雷.可信网络连接关键技术研究及其应用[博士学位论文].西安:西安电子科技大学,2013)
[33]Feng Wei,Feng Deng-Guo.Analyzing trusted computing protocol based on the strand spaces model.Chinese Journal of Computers,2015,38(4):701-716(in Chinese)(冯伟,冯登国.基于串空间的可信计算协议分析.计算机学报,2015,38(4):701-716)
[34]Stumpf F,Tafreschi O,Roder P,et al.A robust intergrity reporting protocol for remote attestation//Proceedings of the2nd Workshop on Advances in Trusted Computing.Tokyo,Japan,2006:308-317
[35]Zhu Lie-Huang,Zhang Zi-Jian,Liao Le-Lian,et al.A secure robust integrity reporting protocol of Trusted Computing for remote attestation under fully adaptive party corruptions//Proceedings of the International Conference on Future Wireless Networks and Information Systems.Macao,China,2011:211-217
[36]Trusted Computing Group.Trusted Network Communications TNC IF-T:Protocol Bindings for Tunneled EAP Methods.Specification Version 2.0.2014
[37]Trusted Computing Group.Trusted Network Communications TNC IF-T:Binding to TLS.Specification Version 2.0.2013
[38]Zhang Jun-Wei,Ma Jian-Feng,Wen Xiang-Zai.Generalized composable trusted network connection model and EAP-TNCprotocol in IF-T.Scientia Sinica Informationis,2010(2):200-215(in Chinese)(张俊伟,马建峰,文相在.通用可组合的可信网络连接模型和IF-T中的EAP-TNC协议.中国科学:信息科学,2010(2):200-215)
[39]Chen L,Warinschi B.Security of the TCG Privacy-CA solution//Proceedings of the 8th International Conference on Embedded and Ubiquitous Computing.Hong Kong,China,2010:609-616
[40]Burrows M,Abadi M,Needham R.A logic of authentication.ACM Transactions on Computer Systems,1990,8(1):18-36
[41]Abadi M,Tuttle M R.A semantics for a logic of authentication//Proceedings of the 10th ACM Symposium on Principles of Distributed Computing.Montreal,Canada,1991:201-216
[2]Shen Chang-Xiang,Zhang Huan-Guo,Wang Huai-Ming,et al.Research and development of Trusted Computing.Scientia Sinica:Informationis,2010,40(2):139-166(in Chinese)(沈昌祥,张焕国,王怀民等.可信计算的研究与发展.中国科学:信息科学,2010,40(2):139-166)
[3]Zhao Bo,Zhang Huan-Guo,Li Jing,et al.The system architecture and security structure of Trusted PDA.Chinese Journal of Computers,2010,33(1):82-92(in Chinese)(赵波,张焕国,李晶等.可信PDA计算平台系统结构与安全机制.计算机学报,2010,33(1):82-92)
[4]Trusted Computing Group.Trusted Platform Module Library,Part 1:Architecture,Part 2:Structures,Part 3:Commands,Family 2.0,Revision 1.16.2014
[5]Zhang Huan-Guo,Chen Lu,Zhang Li-Qiang.Research on trusted network connection.Chinese Journal of Computers,2010,33(4):706-717(in Chinese)(张焕国,陈璐,张立强.可信网络连接研究.计算机学报,2010,33(4):706-717)
[6]Trusted Computing Group.Trusted Network Communications TNC Architecture for interoperability.Specification Version 1.5,Revision 4.2012
[7]Jaeger T,Sailer R,Shankar U.PRIMA:Policy-reduced integrity measurement architecture//Proceedings of the 11th ACM Symposium on Access Control Models and Technologies.California,USA,2006:19-28
[8]Sailer R,Zhang X,Jaeger T,et al.Design and implementation of a TCG-based integrity measurement architecture//Proceedings of the 13th USENIX Security Symposium.San Diego,USA,2004:16-32
[9]Asokan N.Man-in-the-middle in tunnelled authentication protocols//Proceedings of the 11th International Conference on Security Protocols.Cambridge,UK,2003:42-48
[10]Conti M,Dragoni N,Lesyk V.A survey of Man-in-TheMiddle attacks.IEEE Communications Surveys and Tutorials,2016,18(3):2027-2051
[11]GB/T 29828-2013.Trusted connection architecture.Information Security Management Working Group,2013(in Chinese)(GB/T 29828-2013.可信连接架构.信息安全管理工作组,2013)
[12]China Iwncomm Co,Ltd.Trusted network connection implementing method based on tri-element peer authentication,USA,2015
[13]Li Ming,Li Qin,Zhang Guo-Qiang,et al.The implementation and application of Trusted Connect Architecture.Journal of Information Security Research,2017,3(4):332-338(in Chinese)(李明,李琴,张国强等.可信网络连接架构TCA的实现及其应用.信息安全研究,2017,3(4):332-338)
[14]Tan Liang,Liu Zhen,Zhou Ming-Tian.Development of attestation in TCG.Acta Electronica Sinica,2010,38(5):1105-1112(in Chinese)(谭良,刘震,周明天.TCG架构下的证明问题研究及进展.电子学报,2010,38(5):1105-1112)
[15]Tan Liang,Chen Ju.Remote attestation project of the running environment of the trusted terminal.Journal of Software,2014,25(6):1273-1290(in Chinese)(谭良,陈菊.一种可信终端运行环境远程证明方案.软件学报,2014,25(6):1273-1290)
[16]Yu Yue,Wang Huai-Min,Liu Bo,et al.A trusted remote attestation model based on Trusted Computing//Proceedings of the 12th IEEE International Conference on Trust,Security and Privacy in Computing and Communications.Melbourne,Australia,2013:1504-1509
[17]Zhao Bao-Hua,Guo Hao.Dynamic remote attestation on Trusted Computing.Applied Mechanics and Materials,2015,696:167-172
[18]Hu Ling-Bi,Tan Liang.Research on the trusted virtual platform remote attestation method in cloud computing.Journal of Software,2018,29(9):2874-2895(in Chinese)(胡玲碧,谭良.云环境中可信虚拟平台的远程证明方案研究.软件学报,2018,29(9):2874-2895)
[19]Brickell E.Direct anonymous attestation//Proceedings of the11th ACM Conference on Computer and Communications Security.Washington,USA,2004:132-145
[20]Chen Xiao-Feng,Feng Deng-Guo.A direct anonymous attestation scheme in multi-doma environment.Chinese Journal of Computers,2008,31(7):1122-1130(in Chinese)(陈小峰,冯登国.一种多信任域内的直接匿名证明方案.计算机学报,2008,31(7):1122-1130)
[21]Zhang Da-Wei,Han Zhen,Jiang Yi-Chen,et al.Anonymous remote attestation protocol based on DAA and TLS.Journal of Huazhong University of Science and Technology(Natural Science Edition),2014,42(11):28-33(in Chinese)(张大伟,韩臻,蒋逸尘等.基于DAA和TLS的匿名远程证明协议.华中科技大学学报(自然科学版),2014,42(11):28-33)
[22]Yang Bo,Feng Deng-Guo,Qin Yu,et al.Research on direct anonymous attestation scheme based on trusted mobile platform.Journal of Computer Research and Development,2014,51(7):1436-1445(in Chinese)(杨波,冯登国,秦宇等.基于可信移动平台的直接匿名证明方案研究.计算机研究与发展,2014,51(7):1436-1445)
[23]Sadeghi A R,Stüble C.Property-based attestation for computing platforms:Caring about properties,not mechanisms//Proceedings of the 2004 Workshop on New Security Paradigms.Nova Scotia,Canada,2004:67-77
[24]Chen L,Landfermann R,Hr H,et al.A protocol for propertybased attestation//Proceedings of the 1st ACM Workshop on Scalable Trusted Computing.Alexandria,USA,2006:7-16
[25]Li Jian-Jun,Li Ying-Jia,Hu Ya-Jun,et al.An improved protocol for property-based attestation//Proceedings of the32nd Chinese Control Conference.Xi′an,China,2013:6343-6348
[26]Awad A,Kadry S,Lee B,et al.Property based attestation for a secure cloud monitoring system//Proceedings of the 7th International Conference on Utility and Cloud Computing.Washington,USA,2015:934-940
[27]Chen Xun,Liu Ji-Qiang,Shi Yang-Feng,et al.An enhanced authentication scheme for virtual private network access based on platform attributes of multi-level classification//Proceedings of the International Conference on Applications and Techniques in Information Security.Beijing,China,2015:52-64
[28]Zhang Xin,Yang Xiao-Yuan,Zhu Shuai-Shuai.A ring-signature based remote attestation scheme for the property of configurations.Journal of Wuhan University(Natural Science Edition),2016,62(2):117-121(in Chinese)(张鑫,杨晓元,朱率率.一种基于环签名的属性配置远程证明方案.武汉大学学报(理学版),2016,62(2):117-121)
[29]Zhao Shi-Jun,Feng Deng-Guo.A TNC Trusted Network Connection schema based on property attestation.Journal of Wuhan University(Natural Science Edition),2012,58(6):519-525(in Chinese)(赵世军,冯登国.基于属性证明的可信网络接入方案.武汉大学学报(理学版),2012,58(6):519-525)
[30]Ma Zhuo,Ma Jian-Feng,Li Xing-Hua,et al.Provable security model for Trusted Network Connect protocol.Chinese Journal of Computers,2011,34(9):1669-1678(in Chinese)(马卓,马建峰,李兴华等.可证明安全的可信网络连接协议模型.计算机学报,2011,34(9):1669-1678)
[31]Luo An-An,Lin Chuang,Wang Yuan-Zhuo.Security quantifying method and enhanced mechanisms of TNC.Chinese Journal of Computers,2009,32(5):887-898(in Chinese)(罗安安,林闯,王元卓等.可信网络连接的安全量化分析与协议改进.计算机学报,2009,32(5):887-898)
[32]Xiao Yue-Lei.Research on key technologies of Trusted Network Connect and their application[Ph.D.dissertation].Xi′an:Xi′an Xidian University,2013(in Chinese)(肖跃雷.可信网络连接关键技术研究及其应用[博士学位论文].西安:西安电子科技大学,2013)
[33]Feng Wei,Feng Deng-Guo.Analyzing trusted computing protocol based on the strand spaces model.Chinese Journal of Computers,2015,38(4):701-716(in Chinese)(冯伟,冯登国.基于串空间的可信计算协议分析.计算机学报,2015,38(4):701-716)
[34]Stumpf F,Tafreschi O,Roder P,et al.A robust intergrity reporting protocol for remote attestation//Proceedings of the2nd Workshop on Advances in Trusted Computing.Tokyo,Japan,2006:308-317
[35]Zhu Lie-Huang,Zhang Zi-Jian,Liao Le-Lian,et al.A secure robust integrity reporting protocol of Trusted Computing for remote attestation under fully adaptive party corruptions//Proceedings of the International Conference on Future Wireless Networks and Information Systems.Macao,China,2011:211-217
[36]Trusted Computing Group.Trusted Network Communications TNC IF-T:Protocol Bindings for Tunneled EAP Methods.Specification Version 2.0.2014
[37]Trusted Computing Group.Trusted Network Communications TNC IF-T:Binding to TLS.Specification Version 2.0.2013
[38]Zhang Jun-Wei,Ma Jian-Feng,Wen Xiang-Zai.Generalized composable trusted network connection model and EAP-TNCprotocol in IF-T.Scientia Sinica Informationis,2010(2):200-215(in Chinese)(张俊伟,马建峰,文相在.通用可组合的可信网络连接模型和IF-T中的EAP-TNC协议.中国科学:信息科学,2010(2):200-215)
[39]Chen L,Warinschi B.Security of the TCG Privacy-CA solution//Proceedings of the 8th International Conference on Embedded and Ubiquitous Computing.Hong Kong,China,2010:609-616
[40]Burrows M,Abadi M,Needham R.A logic of authentication.ACM Transactions on Computer Systems,1990,8(1):18-36
[41]Abadi M,Tuttle M R.A semantics for a logic of authentication//Proceedings of the 10th ACM Symposium on Principles of Distributed Computing.Montreal,Canada,1991:201-216
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |