基于口令认证的密钥交换协议若干关键技术研究
|
摘要
网络信息安全一直是网络应用普及和发展过程中人们非常关心的重要课题,在解决网络信息安全问题的机制中,对用户身份的认证通常是最基本的第一步,通过认证,系统可以决定是否要为该用户提供服务或服务的权限等等。而在身份认证之后,接下来的问题通常是如何为开放网络环境中通讯双方的用户建立一条安全的通信信道,以保护他们之间所传送的敏感消息。目前解决该问题最常用最有效的方法就是通讯双方共同协商一个共享会话密钥,然后使用该会话密钥来加密所传送的消息。认证密钥交换(Authenticated Key Exchange,AKE)协议正是这样一种既能够对用户的身份进行认证,又能够在用户与用户之间建立共享会话密钥的协议。
在各种对身份的认证技术中,以基于口令的认证方式使用最普遍也最方便,因此也受到人们的普遍关注。在基于口令认证的密钥交换(Password-Authenticated KeyExchange,PAKE)协议中,用户和服务器之间共享口令或口令的验证值,服务器借此对用户进行身份的认证,并协助用户完成会话密钥的生成。到目前为止,已经提出了很多基于口令认证的密钥交换协议,但仍然存在着一些需要解决的问题,例如,如何使用弱口令实现强认证;如何认证服务器的身份;如何抵御字典攻击;如何实现效率和安全性上的平衡;如何对协议的安全性进行形式化证明和分析等等。
本文针对基于口令认证密钥交换协议的若干关键技术进行了深入的分析与研究,研究的主要内容包括:
首先,针对认证密钥交换协议中客户与服务器所共享的认证密钥的形式,分别给出了平衡模型与非平衡模型的定义,并对这两种模型下协议的安全性分别进行了分析。基于平衡模型提出了认证密钥交换协议2DHEKE,并在协议分析与设计模型CK2001下证明了该协议的安全性;除此以外,还分别提出了平衡模型和非平衡模型下的口令认证密钥交换协议2PAKE和VB-2PAKE,并对协议的安全性进行了分析。
其次,对三方口令认证密钥交换协议的通用构造模型进行了改进,并依据此模型构造出了新的三方口令认证密钥交换协议3PAKE及VB-3PAKE协议,并在形式化模型BPR2000下证明这两个协议能够满足对三方口令认证密钥交换协议的安全要求。
然后,对已有跨域环境下口令认证密钥交换协议存在的安全漏洞进行了分析,并相应提出了基于公钥体制的4PAKE协议,及对称加密体制下的VB-4PAKE协议。对协议的安全性分析和执行效率分析表明,4PAKE协议能够提供较好的安全性,但基于公钥体制会给用户带来一定的负担,且代价昂贵;而VB-4PAKE协议相对于其它对称加密体制下的跨域协议能进一步提高安全性且执行效率相当。
最后,本文对开放性网络环境中一组固定成员之间共享会话密钥的建立过程进行了讨论研究,提出非平衡模型下口令认证组密钥交换协议VB-nPAKE,及基于双线性配对密钥树的口令认证组密钥交换协议nPAKE′。其中nPAKE′协议结合了树型结构,并且使用双线性配对取代了一般组密钥交换协议中的幂指数运算,降低了运算复杂度,因此在计算效率和通信效率等方面都有很大的提高。
Network information security is always an important topic of great concern in the popularity and development of the network applications. Identity authentication is usually the basic and first step in ensuring a secure network. Users must be identified and authenticated so that they can be accountable or given specific privileges. After authentication, the next question in the open network environments is how to build a secure communication channel to protect the sensitive information transmitted between users. The most common and effective method for solving this problem involves negotiating a shared session key to provide data privacy. A protocol that provides both identity authentication and session key negotiation can meet the security requirements mentioned above which is referred to as Authenticated Key Exchange (AKE).
Furthermore, the use of passwords is the most common and convenient solution for identity authentication, which has attracted widespread concern. And authenticated key exchange protocols based on passwords are referred to as Password-Authenticated Key Exchange (PAKE). In PAKE, users share a password or a verifier with the server and the server uses it to authenticate the users while helping them to agree on a session key. Until now, many PAKE protocols have been proposed. However, there are still some issues that need to be addressed, e.g. how to achieve strong authentication by using a low-entropy password, how to authenticate the server, how to resist dictionary attack, how to achieve the balance between efficiency and security, and how to provide formal proof and analysis to security protocols, etc.
This dissertation focuses on the analysis and research of several key technologies for PAKE.
Firstly, for the manners of the key shared between the user and the server in AKE, the balanced model and augmented model are defined and analyzed respectively. Based on the balanced model, an AKE protocol 2DHEKE in the CK2001 security model is presented and its security is proved. In addition, two PAKE protocols 2PAKE and VB-2PAKE based on balanced model and augmented model respectively are proposed and analyzed.
Secondly, the generic scheme for constructing PAKE protocol for three-parties is improved. Based on this constructing scheme, two new PAKE protocols 3PAKE and VB-3PAKE are proposed. And it is proved formally in the BPR2000 security model that the new protocols can meet the security requirements to the three-party password authenticated key exchange protocols.
Thirdly, the security vulnerabilities of the existing PAKE protocols are analyzed in cross-realm setting. To overcome the vulnerabilities, a 4PAKE protocol in the public key system and a VB-4PAKE protocol in the symmetric encryption system are presented respectively. By analyzing the security and performances, it is shown that 4PAKE protocol can resist many attacks, but based on the public key system puts a certain burden and heavy cost on the users. And compared to other protocols in the symmetric encryption system, VB-4PAKE enhances the security while has comparable efficiency.
Finally, the group PAKE protocols in open network environments are investigated. A VB-nPAKE protocol based on the augmented model and a nPAKE' protocol based on bilinear pairing and key tree are proposed. The nPAKE' protocol combines the hierarchical structure with the bilinear pairing algorithm instead of the exponential operator in common nPAKE protocols, which can reduce the computational complexity. Therefore, nPAKE' protocol has a greatly improvement in computational efficiency and communication efficiency.
在各种对身份的认证技术中,以基于口令的认证方式使用最普遍也最方便,因此也受到人们的普遍关注。在基于口令认证的密钥交换(Password-Authenticated KeyExchange,PAKE)协议中,用户和服务器之间共享口令或口令的验证值,服务器借此对用户进行身份的认证,并协助用户完成会话密钥的生成。到目前为止,已经提出了很多基于口令认证的密钥交换协议,但仍然存在着一些需要解决的问题,例如,如何使用弱口令实现强认证;如何认证服务器的身份;如何抵御字典攻击;如何实现效率和安全性上的平衡;如何对协议的安全性进行形式化证明和分析等等。
本文针对基于口令认证密钥交换协议的若干关键技术进行了深入的分析与研究,研究的主要内容包括:
首先,针对认证密钥交换协议中客户与服务器所共享的认证密钥的形式,分别给出了平衡模型与非平衡模型的定义,并对这两种模型下协议的安全性分别进行了分析。基于平衡模型提出了认证密钥交换协议2DHEKE,并在协议分析与设计模型CK2001下证明了该协议的安全性;除此以外,还分别提出了平衡模型和非平衡模型下的口令认证密钥交换协议2PAKE和VB-2PAKE,并对协议的安全性进行了分析。
其次,对三方口令认证密钥交换协议的通用构造模型进行了改进,并依据此模型构造出了新的三方口令认证密钥交换协议3PAKE及VB-3PAKE协议,并在形式化模型BPR2000下证明这两个协议能够满足对三方口令认证密钥交换协议的安全要求。
然后,对已有跨域环境下口令认证密钥交换协议存在的安全漏洞进行了分析,并相应提出了基于公钥体制的4PAKE协议,及对称加密体制下的VB-4PAKE协议。对协议的安全性分析和执行效率分析表明,4PAKE协议能够提供较好的安全性,但基于公钥体制会给用户带来一定的负担,且代价昂贵;而VB-4PAKE协议相对于其它对称加密体制下的跨域协议能进一步提高安全性且执行效率相当。
最后,本文对开放性网络环境中一组固定成员之间共享会话密钥的建立过程进行了讨论研究,提出非平衡模型下口令认证组密钥交换协议VB-nPAKE,及基于双线性配对密钥树的口令认证组密钥交换协议nPAKE′。其中nPAKE′协议结合了树型结构,并且使用双线性配对取代了一般组密钥交换协议中的幂指数运算,降低了运算复杂度,因此在计算效率和通信效率等方面都有很大的提高。
Network information security is always an important topic of great concern in the popularity and development of the network applications. Identity authentication is usually the basic and first step in ensuring a secure network. Users must be identified and authenticated so that they can be accountable or given specific privileges. After authentication, the next question in the open network environments is how to build a secure communication channel to protect the sensitive information transmitted between users. The most common and effective method for solving this problem involves negotiating a shared session key to provide data privacy. A protocol that provides both identity authentication and session key negotiation can meet the security requirements mentioned above which is referred to as Authenticated Key Exchange (AKE).
Furthermore, the use of passwords is the most common and convenient solution for identity authentication, which has attracted widespread concern. And authenticated key exchange protocols based on passwords are referred to as Password-Authenticated Key Exchange (PAKE). In PAKE, users share a password or a verifier with the server and the server uses it to authenticate the users while helping them to agree on a session key. Until now, many PAKE protocols have been proposed. However, there are still some issues that need to be addressed, e.g. how to achieve strong authentication by using a low-entropy password, how to authenticate the server, how to resist dictionary attack, how to achieve the balance between efficiency and security, and how to provide formal proof and analysis to security protocols, etc.
This dissertation focuses on the analysis and research of several key technologies for PAKE.
Firstly, for the manners of the key shared between the user and the server in AKE, the balanced model and augmented model are defined and analyzed respectively. Based on the balanced model, an AKE protocol 2DHEKE in the CK2001 security model is presented and its security is proved. In addition, two PAKE protocols 2PAKE and VB-2PAKE based on balanced model and augmented model respectively are proposed and analyzed.
Secondly, the generic scheme for constructing PAKE protocol for three-parties is improved. Based on this constructing scheme, two new PAKE protocols 3PAKE and VB-3PAKE are proposed. And it is proved formally in the BPR2000 security model that the new protocols can meet the security requirements to the three-party password authenticated key exchange protocols.
Thirdly, the security vulnerabilities of the existing PAKE protocols are analyzed in cross-realm setting. To overcome the vulnerabilities, a 4PAKE protocol in the public key system and a VB-4PAKE protocol in the symmetric encryption system are presented respectively. By analyzing the security and performances, it is shown that 4PAKE protocol can resist many attacks, but based on the public key system puts a certain burden and heavy cost on the users. And compared to other protocols in the symmetric encryption system, VB-4PAKE enhances the security while has comparable efficiency.
Finally, the group PAKE protocols in open network environments are investigated. A VB-nPAKE protocol based on the augmented model and a nPAKE' protocol based on bilinear pairing and key tree are proposed. The nPAKE' protocol combines the hierarchical structure with the bilinear pairing algorithm instead of the exponential operator in common nPAKE protocols, which can reduce the computational complexity. Therefore, nPAKE' protocol has a greatly improvement in computational efficiency and communication efficiency.
引文
1.冯登国.国内外信息安全研究现状及发展趋势(摘编)[J],信息网络安全2007.1:9-11.
2.Lowe G.Some New Attacks upon Security Protocols[C],Computer Security Foundations Workshop,County Kerry,Ireland,1996.
3.Burrows M,Abadi M,Needham R.A logic of authentication[J],ACM Trans.Comput.Syst.,1990,8(1):18-36.
4.Choo K-K R.Secure Key Establishment[M],New York:Springer Science+Business Media,LLC,2009.
5.Dolcv D,Yao A C.On the Security of Public Key Protocols[J],IEEE Transactions on Information Theory,1983,29(2):198-208.
6.赵宇,王亚弟,韩继红,et al.一种基于规划理论的密码协议形式模型[J],计算机研究与发展,2008.9,45(9):1567-1577.
7.Paulson L C.The inductive approach to verifying cryptographic protocols[J],J.Comput.Secur.,1998,6(1-2):85-128.
8.Armando A,Compagna L.SAT-based model-checking for security protocols analysis[J],Int.J.Inf.Secur.,2008,7(1):3-32.
9.Abadi M,Needham R.Prudent Engineering Practice for Cryptographic Protocols[J],IEEE Trans.Softw.Eng.,1996,22(1):6-15.
10.Menezes A J,Oorschot P C v,Vanstone S A.Handbook of Applied Cryptography[M],5ed,Boca Raton:CRC Press 2001.
11.Hao F,Ryan P.Password Authenticated Key Exchange by Juggling[C],16th Workshop on Security Protocols,Cambridge,2008.4.
12.Behrouz A.Forouzan著,马振晗,贾军保译.密码学与网络安全[M],北京:清华大学出版社,2009.
13.Otway D,Rees O.Efficient and timely mutual authentication[J],SIGOPS Oper.Syst.Rev.,1987,21(1):8-10.
14.Morris R,Thompson K.Password security:a case history[J],Communications of the ACM,1979,22(11):594-597.
15.冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J],中国科学E辑:信息 科学, 2007, 37(2):223-237.
16. Diffie W,Hellman M E. New Directions in Cryptography[J], IEEE Transactions on Information Theory, 1976, 22(6):644-654.
17. Needham R M,Schroeder M D. Using encryption for authentication in large networks of computers[J], Commun. ACM, 1978, 21(12):993-999.
18. Bellovin S M,Merritt M. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks[C], IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, 1992:72-84.
19. Jonathan K, Rafail O, Moti Y. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords[C], Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Innsbruck, Austria, 2001:475 - 494.
20. Bellare M, Pointcheval D, Rogaway P. Authenticated Key Exchange Secure against Dictionary Attacks[C], Advances in Cryptology-EUROCRYPT'OO, Brugge, Belgium, 2000:139-155.
21. Boyko V, Mackenzie P, Patel S. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman [C], Advances in Cryptology-EUROCRYPT'00, Bruges, Belgium, 2000:156-171.
22. Goldreich O,Lindell Y. Session-key generation using human passwords only[C], Advances in cryptology -CRYPT'01, California,USA, 2001:408-432.
23. Halevi S,Krawczyk H. Public-key cryptography and password protocols[J], ACM Trans. Inf. Syst. Secur., 1999,2(3):230-268.
24. Philip D M, Patel S, Swaminathan R. Password-Authenticated Key Exchange Based on RSA[C], Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, Kyoto, Japan, 2000:599-613.
25. Kwon J O, Jeong I R, Sakurai K, et al. Efficient verifier-based password-authenticated key exchange in the three-party setting[J], Comput. Stand. Interfaces, 2007, 29(5):513-520.
26. Gong L. Optimal authentication protocols resistant to password guessing attacks[C], Proceedings of the 8th IEEE workshop on Computer Security Foundations, Kenmare, County Kerry, Ireland, 1995:24.
27.Bellare M,Rogaway P.Provably Secure Session Key Distribution- The Three Party Case[C],In Proceedings of the 27th ACM Symposium on the Theory of Computing,Las Vegas,NV,USA,1995:57-66.
28.Gong L,Mark T,Lomas T M A,et al.Protecting poorly chosen secrets from guessing attacks[J],IEEE Journal on Selected Areas in Communications,1993,11(5):648-656.
29.Kwon T,Kang M,Song J.An Adaptable and Reliable Authentication Protocol for Communication Networks[C],Proceedings of the INFOCOM '97.Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies.Driving the Information Revolution,Kobe,Japan,1997:737.
30.Lin C-L,Sun H-M,Hwang T.Three-party encrypted key exchange:attacks and a solution[J],SIGOPS Oper.Syst.Rev.,2000,34(4):12-20.
31.Lin C-L,Sun H-M,Steiner M,et al.Three-Party Encrypted Key Exchange Without Server Public-Keys[J],IEEE Communications Letters,2001,5(12):497-499.
32.Sun H-M,Chen B-C,Hwang T.Secure key agreement protocols for three-party against guessing attacks[J],The Journal of Systems and Software,2005,75(1-2):63-68.
33.Wang W,Hu L.Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols[C],INDOCRYPT 2006,LNCS 4329,2006:118-132.
34.Gang Y,Dengguo F,Xiaoxi H.Improved Client-to-Client Password-Authenticated Key Exchange Protocol[C],IEEE ARES 2007,Vienna,Austria 2007:564-574.
35.Byun J W,Jeong I R,Lee D H,et al.Password-authenticated key exchange between clients with different passwords[C],ICICS2002,LNCS 2513,Singapore,2002:134-146.
36.Byun J W,Lee D H,LIM J I.EC2C-PAKA:An efficient client-to-client password-authenticated key agreement[J],Information Sciences,2007,177(19):3995-4013
37.Yoneyama K,Ota H,Ohta K.Secure Cross-Realm Client-to-Client Password-Based Authenticated Key Exchange Against Undetectable On-Line Dictionary Attacks[C],AAECC 2007,LNCS 4851,Bangalore,India,2007:257-266.
38.徐静,张振峰,冯登国.跨域口令认证密钥交换协议的分析与改进[R],第三届信息安全国家重点实验室安全协议研讨会,北京,中国,2007.
39.Byun J W,Lee D H,Lim J.Password-Based Group Key Exchange Secure Against Insider Guessing Attacks[C],CIS 2005,Part Ⅱ,LNAI 3802,Xi'an,China, 2005:143-148.
40. Lee S M, Hwang J Y, Lee D H. Efficient Password-Based Group Key Exchange[C], TrustBus 2004, LNCS 3184, Zaragoza, Spain, 2004:191-199.
41. Byun J W,Lee D H. N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords[C], ACNS 2005, LNCS 3531, New York, USA, 2005:75-90.
42. Bresson E, Chevassut O, Pointcheval D. Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks[C], Asiacrypt'02, LNCS 2501, Queenstown, New Zealand, 2002:497-514.
43. Wan Z, Deng R H, Bao F, et al. nPAKE+: A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords[C], ICICS 2007, LNCS 4861, Zhengzhou, China, 2007:31-43.
44. Maurizio Kliban B. Public-key cryptography and password protocols: the multi-user case[C], Proceedings of the 6th ACM conference on Computer and communications security, Kent Ridge Digital Labs, Singapore, 1999:63-72.
45. Sayed R M, Ibrahim M H, Nossair Z B. Group key exchange protocol for users with individual passwords[J], Journal of Engineering and Applied Science, 2008.8, 55(4):327-342.
46. Jablon D P. Strong password-only authenticated key exchange[J], SIGCOMM Comput. Commun. Rev., 1996, 26(5):5-26.
47. Phan R C-W, Yau W-C, Goi B-M. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)[J], Information Sciences, 2008.7, 178(13):2849-2856.
48. Park S B, Kang M S, Lee S J. Authenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise [C], Lecture Notes in Computer Science-GCC2003, Shanghai, China, 2003:924-931.
49. Bellovin S M,Merritt M. Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise[C], Proceedings of the 1st ACM conference on Computer and communications security, Fairfax, Virginia, United States, 1993.
50. Kwon T,Song J. Secure agreement scheme for g~(xy) via password authentication[J], Electronics Letters, 1999, 35(ll):892-893.
51. Lee S-W, Kim W-H, Kim H-S, et al. Efficient Password-Based Authenticated Key Agreement Protocol[C], ICCSA 2004,LNCS 3046, Assisi, Italy, 2004:617-626.
52.Abdalla M,Chevassut O,Pointcheval D.One-Time Verifier-Based Encrypted Key Exchange[C],Public Key Cryptography-PKC'05,Les Diablerets,Switzerland,2005:47-64.
53.Kwon J O,Kouichi S,Lee D H.One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange[C],10th IFIP TC-6 TC-11 International conference,CMS 2006 Heraklion,Crete,Greece,2006:87-96.
54.Blake-Wilson S,Menezes A.Authenticated Diffie-Hellman Key Agreement Protocols[C],Proceedings of the Selected Areas in Cryptography,Ontario,Canada,1999:339-361.
55.Bresson E,Chevassut O,Pointcheval D,et al.Provably Authenticated Group Diffie-Hellman Key Exchange[C],Proc.of ACM CCS'01,Pennsylvania,USA,2001:255-264.
56.Bresson E,Chevassut O,Pointcheval D.Provably Authenticated Group Diffie-Hellman Key Exchange-The Dynamic Case[C],Asiacrypt 2001,LNCS 2248,Gold Coast,2001:290-309.
57.Joux A.A One Round Protocol for Tripartite Diffie-Hellman[C],Proceedings of the 4th International Symposium on Algorithmic Number Theory,Leiden,The Netherlands,2000:385-394.
58.Boneh D,Franklin M K.Identity-Based Encryption from the Weil Pairing[C],Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology,California,USA,2001:213-229.
59.Cheng J-C.Cryptographic Protocols Based on Bilinear Pairing[D],Taiwan:National Cheng Kung University,2009.
60.姚刚,冯登国.基于 Weil对的成对密钥协商协议[J],软件学报,2006,17(4):907-914.
61.Barreto P S L M,Kim H Y,Lynn B,et al.Efficient Algorithms for Pairing-Based Cryptosystems[C],Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology,California,USA,2002:356-368.
62.林喜军,孙琳,武传坤.基于双线性映射的多对一加密认证方案[J],计算机研究与发展,2009,46(2):235-238.
63.王小云.Z_(pq)~*中离散对数问题的安全谓词[J],计算机学报,1995,18(3).
64.王小云.等价于Z_(pq)~*中离散对数问题的密钥交换体制[J],通信学报,1995,16(2):79-83.
65.Victor S M.Use of elliptic curves in cryptography[C],Lecture notes in computer sciences;218 on Advances in cryptology---CRYPTO 85,Santa Barbara,California,United States,1986:417-426
66.Koblitz N.Elliptic Curve Cryptosysterns[J],Mathematics of Computation,1987,48(177):203-209.
67.徐恒,陈恭亮,杨福祥.密钥交换中中间人攻击的防范[J],信息安全与通信保密,2009,36(2):90-92.
68.Wen H-A,Lee T-F,Hwang T.Provably secure three-party password-based authenticated key exchange protocol using Weil pairing[J],Communications,IEE Proceedings,2005,152(2):138-143.
69.Boneh D,Lynn B,Shacham H.Short signtures from the weil pairing[C],Advances in Cryptology-ASIACRYPT 2001,Gold Coast,Australia,2001:514-532.
70.Chien H-Y.Comments on a provably secure three-party password-based authenticated key exchange protocol using Weil pairings[C],Cryptology ePrint Archive:Report 2005.
71.Nam J,Lee Y,Kim S,et al.Security weakness in a three-party pairing-based protocol for password authenticated key exchange[J],Inf.Sci.,2007,177(6):1364-1375.
72.Goldwasser S,Micali S.Probabilistic encryption[J],Journal of Computer and System Sciences,1984,28(3):270-299.
73.Fiat A,Shamir A.How to prove yourself:practical solutions to identification and signature problems[C],Proceedings on Advances in cryptology---CRYPTO '86,Santa Barbara,California,United States,1987:186-194.
74.Bellare M,Rogaway P.Entity Authentication and Key Distribution.[C],Advances in Cryptography-Crypto'93,Santa Barbara,California,USA,1993:232-249.
75.Bresson E,Chevassut O,Pointcheval D.Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions[C],Eurocrypt 2002,LNCS 2332,Amsterdam,The Netherlands,2002:321-336.
76.Abdalla M,Fouque P-A,Pointcheval D.Password-Based Authenticated Key Exchange in the Three-Party Setting[C],International Association for Cryptologic Research 2005,LNCS 3386,2005:65-84.
77.Bellare M,Canetti R,Krawczyk H.A modular approach to the design and analysis of authentication and key exchange protocols[C],Proceedings of the thirtieth annual ACM symposium on Theory of computing Dallas,Texas,United States 1998:419-428.
78.Canetti R,Krawczyk H.Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels[C],EUROCRYPT 2001,LNCS 2045,Innsbruck(Tyrol),Austria,2001:453-474.
79.Blake-Wilson S,Johnson D,Menezes A.Key Agreement Protocols and their Security Analysis[C],the Sixth IMA International Conference on Cryptography and Coding,Cirencester,Uk,1997:30-45.
80.Goldwasser S,Micali S.Probabilistic encryption[J],JCSS,1984,28(2):270-299.
81.Jablon D P.Extended Password Key Exchange Protocols Immune to Dictionary Attack[C],Proceedings Sixth IEEE workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises(WET-ICE'97),Cambridge,MA,USA,1997:248-255
82.Steiner M,Tsudik G,Waidner M.Refinement and Extension of Encrypted Key Exchange[J],ACM Operating Systems Review,1995,29(3):22-30.
83.朱辉,李晖,王育民.一种Canetti-Krawczyk模型下的快速认证协议[J],西安电子科技大学学报(自然科学版),2009,36(1):156-161.
84.Canetti R,Goldreich O,Halevi S.The random oracle methodology,revisited[J],J.ACM,2004,51(4):557-594.
85.Li G,Wang P.A New Provably-Secure Key Agreement Ptotocol for Roaming in Mobile Networks[J],Wuhan University Journal of Natural Sciences,2008,13(5):605-608.
86.Li X,Ma J,Moon S.On the Security of the Canetti-Krawczyk Model[C],Computational Intelligence and Security,CIS 2005,Part Ⅱ,LNAI 3802,Xi'an,China,2005:356-363.
87.Shim K.Cryptanalysis of Al-Riyami-Paterson's Authenticated Three Party Key Agreement Protocols[R],Cryptology ePrint Archive,Report 2003/122,2003.
88.Law L,Menezes A,Qu M,et al.An Efficient Protocol for Authenticated Key Agreement[R],Technical Report CORR 98-05,Department of C & O,University of Waterloo,1998.
89.Sun H-M,Chen B-C,Hwang T.Secure key agreement protocols for three-party against guessing attacks[J],The Journal of Systems and Software,2003,75(1-2):63-68.
90.Denning D E,Sacco G M.Timestamps in key distribution protocols[J],Communications of the ACM 1981,24(8):533-536.
91.MacKenzie P,Shrimpton T,Jakobsson M.Threshold password-authenticated key exchange[C],Advances in cryptology -CRYPTO'02,California,USA,2002:385-400.
92.刘秀英,张玉清,波杨,et al.三方密码协议运行模式分析法[J],中国科学院研究生院学报,2004,21(3):380-385.
93.Lin C-L.Provably Secure Password Authenticated Key Exchanges[D],Tainan,Taiwan:National Cheng Kung University,2003.
94.刘军,廖建新,朱峰,et al.对Bellare-Rogaway 3PKD模型安全性定义的修正[J],通信学报,2007,28(9):1-6.
95.Bellare M,Canettiy R,Krawczykz H.Keying Hash Functions for Message Authentication[C],Advances in Cryptology -Crypto'96,Santa Barbara,California,USA,1996.
96.Chen L.A Weakness of the Password-Authenticated Key Agreement between Clients with Different Passwords Scheme[C],The document was being circulated for consideration at the 27th the SC27/WG2 meeting,Paris,France,2003.
97.Kim J,Kim S,Kwak J,et al.Cryptanalysis and Improvement of Password Authenticated Key Exchange between Clients with Different Passwords[C],ICCSA2004,LNCS3043,Assisi,Italy,2004:895-902.
98.Yoon E-J,Yoo K-Y.A Secure Password-Authenticated Key Exchange Between Clients with Different Passwords[C],APWeb Workshops 2006,LNCS 3842,Harbin,China,2006:659-663.
99.Byun J W,Lee D H,Lim J I.Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol[C],APWeb 2006 Harbin,China,2006:830-836.
100.Phan R C-W,Goi B-M.Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE) Scheme[C],Applied Cryptography and Network Security 2005,New York,USA,2005:33-39.
101.曹春杰,马建峰,郭渊博.群组密钥交换协议中的一致性分析[J],通信学报,2008,29(4):71-76.
102.Bresson E,Chevassut O,Pointcheval D.The Group Diffie-Hellman Problems[C],SAC 2002,LNCS 2595,Madrid,Spain,2002:325-338.
103.Kwon J O,Jeong I R,Lee D H.Provably-Secure Two-Round Password-Authenticated Group Key Exchange in the Standard Model[C],IWSEC 2006,LNCS 4266,Kyoto,Japan,2006:322-336.
104.Sayed R M,Ibrahim M H,Nossair Z B.Group key exchange protocol for users with individual passwords[J],Journal of Engineering and Applied Science,2008,55(8):327-342.
105.Tang Q,Chen L.Weaknesses in two group Diffie-Hellman key exchange protocols[R],Cryptology ePrint Archive 2005/197,2005.
106.Menezes A,Vanstone S,Okamoto T.Reducing elliptic curve logarithms to logarithms in a finite field[C],Proceedings of the twenty-third annual ACM symposium on Theory of computing,New Orleans,Louisiana,United States,1991:80-89.
107.Gerhard F,Hans-Georg R.A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves[J],Mathematics of Computation,1994,62(206):865-874.
108.胡磊,冯登国,文铁华.一类Koblitz椭圆曲线的快速点乘[J],软件学报,2003,14(11):1907-1910.
109.Wong C K,Gouda M G,Lam S S.Secure Group Communications Using Key Graphs[R],University of Texas at Austin,1997.
110.Wallner D,Harder E,Agee R.Key Management for Multicast:Issues and Architectures[M],United States RFC Editor,1999.
111.Sherman A T,McGrew D A.Key Establishment in Large Dynamic Groups Using One-Way Function Trees[J],IEEE Trans.Softw.Eng.,2003,29(5):444-458.
112.Kim Y,Perrig A,Gene T.Communication-Efficient Group Key Agreement[C],Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security:Trusted Information:The New Decade Challenge,Paris,France,2001:229-244.
113.Perrig A,Song D,Tygar J D.ELK,a New Protocol for Efficient Large-Group Key Distribution[C],Proceedings of the 2001 IEEE Symposium on Security and Privacy,Oakland,California,USA,2001:247.
114.Steiner M,Tsudik G,Waidner M.CLIQUES:A New Approach to Group Key Agreement[C],18th IEEE International Conference on Distributed Computing Systems (ICDCS'98),Amsterdam,Netherlands,1998.
115.Steiner M,Tsudik G,Waidner M.Key Agreement in Dynamic Peer Groups[J],IEEE Trans.Parallel Distrib.Syst.,2000,11(8):769-780.
116.王化群,张力军,赵君喜.两种环签名方案的安全性分析及其改进[J],电子与信息学报,2007,29(1):201-205.
117.刘广伟,周恩光,闫虹,周福才.一种改进的跨域口令密钥交换协议[J],东北大学学报(自然科学版),2009,30(1):42-45.
118.周福才,周恩光,闫虹,苏晓曦.基于不同口令认证的跨域组密钥协议[J],计算机科学,2009,36(3):74-77.
2.Lowe G.Some New Attacks upon Security Protocols[C],Computer Security Foundations Workshop,County Kerry,Ireland,1996.
3.Burrows M,Abadi M,Needham R.A logic of authentication[J],ACM Trans.Comput.Syst.,1990,8(1):18-36.
4.Choo K-K R.Secure Key Establishment[M],New York:Springer Science+Business Media,LLC,2009.
5.Dolcv D,Yao A C.On the Security of Public Key Protocols[J],IEEE Transactions on Information Theory,1983,29(2):198-208.
6.赵宇,王亚弟,韩继红,et al.一种基于规划理论的密码协议形式模型[J],计算机研究与发展,2008.9,45(9):1567-1577.
7.Paulson L C.The inductive approach to verifying cryptographic protocols[J],J.Comput.Secur.,1998,6(1-2):85-128.
8.Armando A,Compagna L.SAT-based model-checking for security protocols analysis[J],Int.J.Inf.Secur.,2008,7(1):3-32.
9.Abadi M,Needham R.Prudent Engineering Practice for Cryptographic Protocols[J],IEEE Trans.Softw.Eng.,1996,22(1):6-15.
10.Menezes A J,Oorschot P C v,Vanstone S A.Handbook of Applied Cryptography[M],5ed,Boca Raton:CRC Press 2001.
11.Hao F,Ryan P.Password Authenticated Key Exchange by Juggling[C],16th Workshop on Security Protocols,Cambridge,2008.4.
12.Behrouz A.Forouzan著,马振晗,贾军保译.密码学与网络安全[M],北京:清华大学出版社,2009.
13.Otway D,Rees O.Efficient and timely mutual authentication[J],SIGOPS Oper.Syst.Rev.,1987,21(1):8-10.
14.Morris R,Thompson K.Password security:a case history[J],Communications of the ACM,1979,22(11):594-597.
15.冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J],中国科学E辑:信息 科学, 2007, 37(2):223-237.
16. Diffie W,Hellman M E. New Directions in Cryptography[J], IEEE Transactions on Information Theory, 1976, 22(6):644-654.
17. Needham R M,Schroeder M D. Using encryption for authentication in large networks of computers[J], Commun. ACM, 1978, 21(12):993-999.
18. Bellovin S M,Merritt M. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks[C], IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, 1992:72-84.
19. Jonathan K, Rafail O, Moti Y. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords[C], Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Innsbruck, Austria, 2001:475 - 494.
20. Bellare M, Pointcheval D, Rogaway P. Authenticated Key Exchange Secure against Dictionary Attacks[C], Advances in Cryptology-EUROCRYPT'OO, Brugge, Belgium, 2000:139-155.
21. Boyko V, Mackenzie P, Patel S. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman [C], Advances in Cryptology-EUROCRYPT'00, Bruges, Belgium, 2000:156-171.
22. Goldreich O,Lindell Y. Session-key generation using human passwords only[C], Advances in cryptology -CRYPT'01, California,USA, 2001:408-432.
23. Halevi S,Krawczyk H. Public-key cryptography and password protocols[J], ACM Trans. Inf. Syst. Secur., 1999,2(3):230-268.
24. Philip D M, Patel S, Swaminathan R. Password-Authenticated Key Exchange Based on RSA[C], Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, Kyoto, Japan, 2000:599-613.
25. Kwon J O, Jeong I R, Sakurai K, et al. Efficient verifier-based password-authenticated key exchange in the three-party setting[J], Comput. Stand. Interfaces, 2007, 29(5):513-520.
26. Gong L. Optimal authentication protocols resistant to password guessing attacks[C], Proceedings of the 8th IEEE workshop on Computer Security Foundations, Kenmare, County Kerry, Ireland, 1995:24.
27.Bellare M,Rogaway P.Provably Secure Session Key Distribution- The Three Party Case[C],In Proceedings of the 27th ACM Symposium on the Theory of Computing,Las Vegas,NV,USA,1995:57-66.
28.Gong L,Mark T,Lomas T M A,et al.Protecting poorly chosen secrets from guessing attacks[J],IEEE Journal on Selected Areas in Communications,1993,11(5):648-656.
29.Kwon T,Kang M,Song J.An Adaptable and Reliable Authentication Protocol for Communication Networks[C],Proceedings of the INFOCOM '97.Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies.Driving the Information Revolution,Kobe,Japan,1997:737.
30.Lin C-L,Sun H-M,Hwang T.Three-party encrypted key exchange:attacks and a solution[J],SIGOPS Oper.Syst.Rev.,2000,34(4):12-20.
31.Lin C-L,Sun H-M,Steiner M,et al.Three-Party Encrypted Key Exchange Without Server Public-Keys[J],IEEE Communications Letters,2001,5(12):497-499.
32.Sun H-M,Chen B-C,Hwang T.Secure key agreement protocols for three-party against guessing attacks[J],The Journal of Systems and Software,2005,75(1-2):63-68.
33.Wang W,Hu L.Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols[C],INDOCRYPT 2006,LNCS 4329,2006:118-132.
34.Gang Y,Dengguo F,Xiaoxi H.Improved Client-to-Client Password-Authenticated Key Exchange Protocol[C],IEEE ARES 2007,Vienna,Austria 2007:564-574.
35.Byun J W,Jeong I R,Lee D H,et al.Password-authenticated key exchange between clients with different passwords[C],ICICS2002,LNCS 2513,Singapore,2002:134-146.
36.Byun J W,Lee D H,LIM J I.EC2C-PAKA:An efficient client-to-client password-authenticated key agreement[J],Information Sciences,2007,177(19):3995-4013
37.Yoneyama K,Ota H,Ohta K.Secure Cross-Realm Client-to-Client Password-Based Authenticated Key Exchange Against Undetectable On-Line Dictionary Attacks[C],AAECC 2007,LNCS 4851,Bangalore,India,2007:257-266.
38.徐静,张振峰,冯登国.跨域口令认证密钥交换协议的分析与改进[R],第三届信息安全国家重点实验室安全协议研讨会,北京,中国,2007.
39.Byun J W,Lee D H,Lim J.Password-Based Group Key Exchange Secure Against Insider Guessing Attacks[C],CIS 2005,Part Ⅱ,LNAI 3802,Xi'an,China, 2005:143-148.
40. Lee S M, Hwang J Y, Lee D H. Efficient Password-Based Group Key Exchange[C], TrustBus 2004, LNCS 3184, Zaragoza, Spain, 2004:191-199.
41. Byun J W,Lee D H. N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords[C], ACNS 2005, LNCS 3531, New York, USA, 2005:75-90.
42. Bresson E, Chevassut O, Pointcheval D. Group Diffie-Hellman Key Exchange Secure Against Dictionary Attacks[C], Asiacrypt'02, LNCS 2501, Queenstown, New Zealand, 2002:497-514.
43. Wan Z, Deng R H, Bao F, et al. nPAKE+: A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords[C], ICICS 2007, LNCS 4861, Zhengzhou, China, 2007:31-43.
44. Maurizio Kliban B. Public-key cryptography and password protocols: the multi-user case[C], Proceedings of the 6th ACM conference on Computer and communications security, Kent Ridge Digital Labs, Singapore, 1999:63-72.
45. Sayed R M, Ibrahim M H, Nossair Z B. Group key exchange protocol for users with individual passwords[J], Journal of Engineering and Applied Science, 2008.8, 55(4):327-342.
46. Jablon D P. Strong password-only authenticated key exchange[J], SIGCOMM Comput. Commun. Rev., 1996, 26(5):5-26.
47. Phan R C-W, Yau W-C, Goi B-M. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)[J], Information Sciences, 2008.7, 178(13):2849-2856.
48. Park S B, Kang M S, Lee S J. Authenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise [C], Lecture Notes in Computer Science-GCC2003, Shanghai, China, 2003:924-931.
49. Bellovin S M,Merritt M. Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise[C], Proceedings of the 1st ACM conference on Computer and communications security, Fairfax, Virginia, United States, 1993.
50. Kwon T,Song J. Secure agreement scheme for g~(xy) via password authentication[J], Electronics Letters, 1999, 35(ll):892-893.
51. Lee S-W, Kim W-H, Kim H-S, et al. Efficient Password-Based Authenticated Key Agreement Protocol[C], ICCSA 2004,LNCS 3046, Assisi, Italy, 2004:617-626.
52.Abdalla M,Chevassut O,Pointcheval D.One-Time Verifier-Based Encrypted Key Exchange[C],Public Key Cryptography-PKC'05,Les Diablerets,Switzerland,2005:47-64.
53.Kwon J O,Kouichi S,Lee D H.One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange[C],10th IFIP TC-6 TC-11 International conference,CMS 2006 Heraklion,Crete,Greece,2006:87-96.
54.Blake-Wilson S,Menezes A.Authenticated Diffie-Hellman Key Agreement Protocols[C],Proceedings of the Selected Areas in Cryptography,Ontario,Canada,1999:339-361.
55.Bresson E,Chevassut O,Pointcheval D,et al.Provably Authenticated Group Diffie-Hellman Key Exchange[C],Proc.of ACM CCS'01,Pennsylvania,USA,2001:255-264.
56.Bresson E,Chevassut O,Pointcheval D.Provably Authenticated Group Diffie-Hellman Key Exchange-The Dynamic Case[C],Asiacrypt 2001,LNCS 2248,Gold Coast,2001:290-309.
57.Joux A.A One Round Protocol for Tripartite Diffie-Hellman[C],Proceedings of the 4th International Symposium on Algorithmic Number Theory,Leiden,The Netherlands,2000:385-394.
58.Boneh D,Franklin M K.Identity-Based Encryption from the Weil Pairing[C],Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology,California,USA,2001:213-229.
59.Cheng J-C.Cryptographic Protocols Based on Bilinear Pairing[D],Taiwan:National Cheng Kung University,2009.
60.姚刚,冯登国.基于 Weil对的成对密钥协商协议[J],软件学报,2006,17(4):907-914.
61.Barreto P S L M,Kim H Y,Lynn B,et al.Efficient Algorithms for Pairing-Based Cryptosystems[C],Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology,California,USA,2002:356-368.
62.林喜军,孙琳,武传坤.基于双线性映射的多对一加密认证方案[J],计算机研究与发展,2009,46(2):235-238.
63.王小云.Z_(pq)~*中离散对数问题的安全谓词[J],计算机学报,1995,18(3).
64.王小云.等价于Z_(pq)~*中离散对数问题的密钥交换体制[J],通信学报,1995,16(2):79-83.
65.Victor S M.Use of elliptic curves in cryptography[C],Lecture notes in computer sciences;218 on Advances in cryptology---CRYPTO 85,Santa Barbara,California,United States,1986:417-426
66.Koblitz N.Elliptic Curve Cryptosysterns[J],Mathematics of Computation,1987,48(177):203-209.
67.徐恒,陈恭亮,杨福祥.密钥交换中中间人攻击的防范[J],信息安全与通信保密,2009,36(2):90-92.
68.Wen H-A,Lee T-F,Hwang T.Provably secure three-party password-based authenticated key exchange protocol using Weil pairing[J],Communications,IEE Proceedings,2005,152(2):138-143.
69.Boneh D,Lynn B,Shacham H.Short signtures from the weil pairing[C],Advances in Cryptology-ASIACRYPT 2001,Gold Coast,Australia,2001:514-532.
70.Chien H-Y.Comments on a provably secure three-party password-based authenticated key exchange protocol using Weil pairings[C],Cryptology ePrint Archive:Report 2005.
71.Nam J,Lee Y,Kim S,et al.Security weakness in a three-party pairing-based protocol for password authenticated key exchange[J],Inf.Sci.,2007,177(6):1364-1375.
72.Goldwasser S,Micali S.Probabilistic encryption[J],Journal of Computer and System Sciences,1984,28(3):270-299.
73.Fiat A,Shamir A.How to prove yourself:practical solutions to identification and signature problems[C],Proceedings on Advances in cryptology---CRYPTO '86,Santa Barbara,California,United States,1987:186-194.
74.Bellare M,Rogaway P.Entity Authentication and Key Distribution.[C],Advances in Cryptography-Crypto'93,Santa Barbara,California,USA,1993:232-249.
75.Bresson E,Chevassut O,Pointcheval D.Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions[C],Eurocrypt 2002,LNCS 2332,Amsterdam,The Netherlands,2002:321-336.
76.Abdalla M,Fouque P-A,Pointcheval D.Password-Based Authenticated Key Exchange in the Three-Party Setting[C],International Association for Cryptologic Research 2005,LNCS 3386,2005:65-84.
77.Bellare M,Canetti R,Krawczyk H.A modular approach to the design and analysis of authentication and key exchange protocols[C],Proceedings of the thirtieth annual ACM symposium on Theory of computing Dallas,Texas,United States 1998:419-428.
78.Canetti R,Krawczyk H.Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels[C],EUROCRYPT 2001,LNCS 2045,Innsbruck(Tyrol),Austria,2001:453-474.
79.Blake-Wilson S,Johnson D,Menezes A.Key Agreement Protocols and their Security Analysis[C],the Sixth IMA International Conference on Cryptography and Coding,Cirencester,Uk,1997:30-45.
80.Goldwasser S,Micali S.Probabilistic encryption[J],JCSS,1984,28(2):270-299.
81.Jablon D P.Extended Password Key Exchange Protocols Immune to Dictionary Attack[C],Proceedings Sixth IEEE workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises(WET-ICE'97),Cambridge,MA,USA,1997:248-255
82.Steiner M,Tsudik G,Waidner M.Refinement and Extension of Encrypted Key Exchange[J],ACM Operating Systems Review,1995,29(3):22-30.
83.朱辉,李晖,王育民.一种Canetti-Krawczyk模型下的快速认证协议[J],西安电子科技大学学报(自然科学版),2009,36(1):156-161.
84.Canetti R,Goldreich O,Halevi S.The random oracle methodology,revisited[J],J.ACM,2004,51(4):557-594.
85.Li G,Wang P.A New Provably-Secure Key Agreement Ptotocol for Roaming in Mobile Networks[J],Wuhan University Journal of Natural Sciences,2008,13(5):605-608.
86.Li X,Ma J,Moon S.On the Security of the Canetti-Krawczyk Model[C],Computational Intelligence and Security,CIS 2005,Part Ⅱ,LNAI 3802,Xi'an,China,2005:356-363.
87.Shim K.Cryptanalysis of Al-Riyami-Paterson's Authenticated Three Party Key Agreement Protocols[R],Cryptology ePrint Archive,Report 2003/122,2003.
88.Law L,Menezes A,Qu M,et al.An Efficient Protocol for Authenticated Key Agreement[R],Technical Report CORR 98-05,Department of C & O,University of Waterloo,1998.
89.Sun H-M,Chen B-C,Hwang T.Secure key agreement protocols for three-party against guessing attacks[J],The Journal of Systems and Software,2003,75(1-2):63-68.
90.Denning D E,Sacco G M.Timestamps in key distribution protocols[J],Communications of the ACM 1981,24(8):533-536.
91.MacKenzie P,Shrimpton T,Jakobsson M.Threshold password-authenticated key exchange[C],Advances in cryptology -CRYPTO'02,California,USA,2002:385-400.
92.刘秀英,张玉清,波杨,et al.三方密码协议运行模式分析法[J],中国科学院研究生院学报,2004,21(3):380-385.
93.Lin C-L.Provably Secure Password Authenticated Key Exchanges[D],Tainan,Taiwan:National Cheng Kung University,2003.
94.刘军,廖建新,朱峰,et al.对Bellare-Rogaway 3PKD模型安全性定义的修正[J],通信学报,2007,28(9):1-6.
95.Bellare M,Canettiy R,Krawczykz H.Keying Hash Functions for Message Authentication[C],Advances in Cryptology -Crypto'96,Santa Barbara,California,USA,1996.
96.Chen L.A Weakness of the Password-Authenticated Key Agreement between Clients with Different Passwords Scheme[C],The document was being circulated for consideration at the 27th the SC27/WG2 meeting,Paris,France,2003.
97.Kim J,Kim S,Kwak J,et al.Cryptanalysis and Improvement of Password Authenticated Key Exchange between Clients with Different Passwords[C],ICCSA2004,LNCS3043,Assisi,Italy,2004:895-902.
98.Yoon E-J,Yoo K-Y.A Secure Password-Authenticated Key Exchange Between Clients with Different Passwords[C],APWeb Workshops 2006,LNCS 3842,Harbin,China,2006:659-663.
99.Byun J W,Lee D H,Lim J I.Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol[C],APWeb 2006 Harbin,China,2006:830-836.
100.Phan R C-W,Goi B-M.Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE) Scheme[C],Applied Cryptography and Network Security 2005,New York,USA,2005:33-39.
101.曹春杰,马建峰,郭渊博.群组密钥交换协议中的一致性分析[J],通信学报,2008,29(4):71-76.
102.Bresson E,Chevassut O,Pointcheval D.The Group Diffie-Hellman Problems[C],SAC 2002,LNCS 2595,Madrid,Spain,2002:325-338.
103.Kwon J O,Jeong I R,Lee D H.Provably-Secure Two-Round Password-Authenticated Group Key Exchange in the Standard Model[C],IWSEC 2006,LNCS 4266,Kyoto,Japan,2006:322-336.
104.Sayed R M,Ibrahim M H,Nossair Z B.Group key exchange protocol for users with individual passwords[J],Journal of Engineering and Applied Science,2008,55(8):327-342.
105.Tang Q,Chen L.Weaknesses in two group Diffie-Hellman key exchange protocols[R],Cryptology ePrint Archive 2005/197,2005.
106.Menezes A,Vanstone S,Okamoto T.Reducing elliptic curve logarithms to logarithms in a finite field[C],Proceedings of the twenty-third annual ACM symposium on Theory of computing,New Orleans,Louisiana,United States,1991:80-89.
107.Gerhard F,Hans-Georg R.A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves[J],Mathematics of Computation,1994,62(206):865-874.
108.胡磊,冯登国,文铁华.一类Koblitz椭圆曲线的快速点乘[J],软件学报,2003,14(11):1907-1910.
109.Wong C K,Gouda M G,Lam S S.Secure Group Communications Using Key Graphs[R],University of Texas at Austin,1997.
110.Wallner D,Harder E,Agee R.Key Management for Multicast:Issues and Architectures[M],United States RFC Editor,1999.
111.Sherman A T,McGrew D A.Key Establishment in Large Dynamic Groups Using One-Way Function Trees[J],IEEE Trans.Softw.Eng.,2003,29(5):444-458.
112.Kim Y,Perrig A,Gene T.Communication-Efficient Group Key Agreement[C],Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security:Trusted Information:The New Decade Challenge,Paris,France,2001:229-244.
113.Perrig A,Song D,Tygar J D.ELK,a New Protocol for Efficient Large-Group Key Distribution[C],Proceedings of the 2001 IEEE Symposium on Security and Privacy,Oakland,California,USA,2001:247.
114.Steiner M,Tsudik G,Waidner M.CLIQUES:A New Approach to Group Key Agreement[C],18th IEEE International Conference on Distributed Computing Systems (ICDCS'98),Amsterdam,Netherlands,1998.
115.Steiner M,Tsudik G,Waidner M.Key Agreement in Dynamic Peer Groups[J],IEEE Trans.Parallel Distrib.Syst.,2000,11(8):769-780.
116.王化群,张力军,赵君喜.两种环签名方案的安全性分析及其改进[J],电子与信息学报,2007,29(1):201-205.
117.刘广伟,周恩光,闫虹,周福才.一种改进的跨域口令密钥交换协议[J],东北大学学报(自然科学版),2009,30(1):42-45.
118.周福才,周恩光,闫虹,苏晓曦.基于不同口令认证的跨域组密钥协议[J],计算机科学,2009,36(3):74-77.