若干安全认证协议的研究与设计
|
摘要
随着信息技术的高速发展,信息网络已广泛的应用于政治、军事、科研、商业、金融等领域,并成为社会进步和发展的重要标志之一。信息网络在给人们的生活带来巨大便利的同时,也面临着一个非常现实的问题——如何保证大量敏感信息在信息网络中的安全传输。基于密码技术的认证协议是解决这一问题的一个有效工具,它可以提供认证性、完整性和不可否认性等多种安全属性,是信息安全的核心技术之一,也是安全电子商务(Electric Business)和电子政务(Electric Government)广泛应用的关键技术。因此,研究可靠的认证协议具有重要的现实意义。
本文利用可证明安全的方法对认证协议的设计与安全分析进行了比较深入的研究,研究内容包括:多信任域认证、匿名认证、快速认证与密钥协商和无证书认证。主要研究成果如下:
1.针对采用不同认证方式的网络进行互联扩充时,处于不同网络中采用不同认证方式的用户间的相互认证问题,提出了一种通用的多信任域认证与密钥协商协议,并在CK模型下提供可证明安全;然后,引入时戳的概念,提出了一种针对同步通信网的改进协议,并给出安全性证明;最后,对这两种协议进行性能分析。
2.利用双线性对和椭圆曲线的相关特性,提出了一种基于身份的通用匿名认证协议,并对该协议的安全性和匿名性进行了详细分析,给出了用户匿名性在随机预言模型下的安全性证明;然后,针对无线通信网的特点,提出了一种针对无线漫游认证问题的改进协议,该协议在保证安全性的前提下,大幅减少计算和通信开销;最后,对这两种协议进行性能分析,并和已有相关协议进行比较。
3.基于公钥加密和消息认证码技术,提出了一种快速认证与密钥协商协议,该协议采用模块化的设计方式,在CK模型下提供可证明安全,并具有双向实体认证、完美的前向安全等安全属性,在效率上该协议仅需进行两次通信即可完成,且运算量较小,可以通过适当的封装作为802.11i和WAPI下的认证子协议。
4.基于对称加密和签名技术,提出了一种快速认证与密钥协商协议,并在CK模型下提供了安全性证明,同时进行了相关安全属性分析;并给出了计算性能的分析,该协议仅需1次签名和1次公钥加密运算即可实现双向实体认证和密钥协商。5.提出了一种基于离散对数的不使用双线性对的无证书签密方案,在随机预言模型下给出了该方案的安全性证明,以及性能分析;然后,基于此方案提出了一种高效的不使用双线性对的无证书认证协议,并提供了CK模型下的可证明安全,同时进行了相关安全属性分析;最后,对该协议进行了性能分析,并和已有相关协议进行比较。
With the rapid development of information and network technology, the information network has been applied in government,military affairs,science research,commerce and finance, and plays a very important role in our society. At the same time, how to effectively keep the security of the information which was transported in network has become more and more concerned. The secure authentication protocol based on cryptography is a valid technology to solve the problem, and is the core of information security techniques. The secure authentication protocol could be widely used in E-commerce and E-government. Therefore, our point in this thesis is to study and design some secure authentication protocols with provably security in multi-domain authentication,anonymous authentication,fast authentication key agreement and certificateless authentication. Our main achievements are as follows:
(1) Considered the especial requirements in multi-domain environment where the users used different authentication frameworks in different domains, first, an authentication protocol for the multi-domain was proposed with public encryption and message authentication code. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. Moreover, entity authentication for cross-domain and other secure properties were supported in the protocol. The proposed protocol was secure and could achieve the security requirements. Second, based on the first proposed protocol, an improved protocol with timestamp was proposed, which was also provably security in CK mode. At last, the implementations of the protocols were analyzed, and they could be efficient authentication methods between the networks which use the different authentication frameworks.
(2) Considered the especial requirements of the authentication protocol between the roaming users and the visited networks, first, an ID-based universal authentication protocol with anonymity was proposed by the bilinearity and non-degeneration of pairings. The security of authentication and anonymity was analyzed in detail. Especially, the anonymous security was analyzed by formal approach under the unauthenticated-links adversarial model. The proposed scheme could not only achieve authentication securely but also has a secure anonymity. Second, considered the characteristics of the mobile communication network, an improved protocol was proposed based on the first proposed protocol, which was also provably security in authentication and anonymity, and need lower computation cost. At last, the implementations of the protocols were analyzed.
(3) Based on public key encryption and message authentication code technology, a fast authentication key agreement protocol for wireless network was proposed. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. The results show that the proposed protocol is session-key secure with perfect forward secrecy. Moreover,The implementation of the protocol was just twice communications and twice operation of public key encryption. The protocol could satisfy the characteristics of wireless equipment and could be utilized as a complementary plan to the current authentication protocol in wireless network.
(4) Based on symmetrical encryption and signature, an efficient authentication key agreement protocol was proposed. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. The results showed that the proposed protocol was session-key secure with perfect forward secrecy, known key security and no key compromise Impersonation. Moreover, the implementation of the protocol was just twice communications, once signature operation and once symmetrical encryption operation.
(5) Based on Discrete-Logarithm, a certificateless signcryption scheme without using the bilinear pairings was proposed. The proposed scheme was proved to be secure in the random oracle model, assuming the Compute Diffle-Hellman problem and Discrete-Logarithm problem is hard. At the same time, based on the proposed scheme, a certificateless authentication key agreement protocol without using the bilinear pairings was proposed, which was provably security in CK mode. At last, the implementations of the protocols were analyzed.
本文利用可证明安全的方法对认证协议的设计与安全分析进行了比较深入的研究,研究内容包括:多信任域认证、匿名认证、快速认证与密钥协商和无证书认证。主要研究成果如下:
1.针对采用不同认证方式的网络进行互联扩充时,处于不同网络中采用不同认证方式的用户间的相互认证问题,提出了一种通用的多信任域认证与密钥协商协议,并在CK模型下提供可证明安全;然后,引入时戳的概念,提出了一种针对同步通信网的改进协议,并给出安全性证明;最后,对这两种协议进行性能分析。
2.利用双线性对和椭圆曲线的相关特性,提出了一种基于身份的通用匿名认证协议,并对该协议的安全性和匿名性进行了详细分析,给出了用户匿名性在随机预言模型下的安全性证明;然后,针对无线通信网的特点,提出了一种针对无线漫游认证问题的改进协议,该协议在保证安全性的前提下,大幅减少计算和通信开销;最后,对这两种协议进行性能分析,并和已有相关协议进行比较。
3.基于公钥加密和消息认证码技术,提出了一种快速认证与密钥协商协议,该协议采用模块化的设计方式,在CK模型下提供可证明安全,并具有双向实体认证、完美的前向安全等安全属性,在效率上该协议仅需进行两次通信即可完成,且运算量较小,可以通过适当的封装作为802.11i和WAPI下的认证子协议。
4.基于对称加密和签名技术,提出了一种快速认证与密钥协商协议,并在CK模型下提供了安全性证明,同时进行了相关安全属性分析;并给出了计算性能的分析,该协议仅需1次签名和1次公钥加密运算即可实现双向实体认证和密钥协商。5.提出了一种基于离散对数的不使用双线性对的无证书签密方案,在随机预言模型下给出了该方案的安全性证明,以及性能分析;然后,基于此方案提出了一种高效的不使用双线性对的无证书认证协议,并提供了CK模型下的可证明安全,同时进行了相关安全属性分析;最后,对该协议进行了性能分析,并和已有相关协议进行比较。
With the rapid development of information and network technology, the information network has been applied in government,military affairs,science research,commerce and finance, and plays a very important role in our society. At the same time, how to effectively keep the security of the information which was transported in network has become more and more concerned. The secure authentication protocol based on cryptography is a valid technology to solve the problem, and is the core of information security techniques. The secure authentication protocol could be widely used in E-commerce and E-government. Therefore, our point in this thesis is to study and design some secure authentication protocols with provably security in multi-domain authentication,anonymous authentication,fast authentication key agreement and certificateless authentication. Our main achievements are as follows:
(1) Considered the especial requirements in multi-domain environment where the users used different authentication frameworks in different domains, first, an authentication protocol for the multi-domain was proposed with public encryption and message authentication code. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. Moreover, entity authentication for cross-domain and other secure properties were supported in the protocol. The proposed protocol was secure and could achieve the security requirements. Second, based on the first proposed protocol, an improved protocol with timestamp was proposed, which was also provably security in CK mode. At last, the implementations of the protocols were analyzed, and they could be efficient authentication methods between the networks which use the different authentication frameworks.
(2) Considered the especial requirements of the authentication protocol between the roaming users and the visited networks, first, an ID-based universal authentication protocol with anonymity was proposed by the bilinearity and non-degeneration of pairings. The security of authentication and anonymity was analyzed in detail. Especially, the anonymous security was analyzed by formal approach under the unauthenticated-links adversarial model. The proposed scheme could not only achieve authentication securely but also has a secure anonymity. Second, considered the characteristics of the mobile communication network, an improved protocol was proposed based on the first proposed protocol, which was also provably security in authentication and anonymity, and need lower computation cost. At last, the implementations of the protocols were analyzed.
(3) Based on public key encryption and message authentication code technology, a fast authentication key agreement protocol for wireless network was proposed. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. The results show that the proposed protocol is session-key secure with perfect forward secrecy. Moreover,The implementation of the protocol was just twice communications and twice operation of public key encryption. The protocol could satisfy the characteristics of wireless equipment and could be utilized as a complementary plan to the current authentication protocol in wireless network.
(4) Based on symmetrical encryption and signature, an efficient authentication key agreement protocol was proposed. The security analysis of the proposed protocol in the implementation plan with the CK model was presented. The results showed that the proposed protocol was session-key secure with perfect forward secrecy, known key security and no key compromise Impersonation. Moreover, the implementation of the protocol was just twice communications, once signature operation and once symmetrical encryption operation.
(5) Based on Discrete-Logarithm, a certificateless signcryption scheme without using the bilinear pairings was proposed. The proposed scheme was proved to be secure in the random oracle model, assuming the Compute Diffle-Hellman problem and Discrete-Logarithm problem is hard. At the same time, based on the proposed scheme, a certificateless authentication key agreement protocol without using the bilinear pairings was proposed, which was provably security in CK mode. At last, the implementations of the protocols were analyzed.
引文
[1]王育民,刘建伟.通信网的安全——理论与技术[M].西安:西安电子科技大学出版社,1999。
[2]冯登国.网络安全原理与技术[M].北京:科学出版社, 2003年出版。
[3] Menezes A J, Oorschot P C, Vanstone S A. Handbook of Applied Cryptography [M]. CRC Press, 1997.
[4]卿斯汉.安全协议20年研究进展[J].软件学报,2003,14(10):1740-1752。
[5] Simmons G J. Authentication theory/coding theory [C]. In Crypto’84. LNCS, 1985, 196: 411-431.
[6] Needham R, Schroeder M. Using encryption for authentication in large networks of computers [J]. Communications of the ACM, 1978, 21 (12): 993 -999.
[7] Mao W B著.王继林,伍前红译.现代密码学理论与实践[M].北京:电子工业出版社,2004。
[8]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安:西安电子科技大学博士学位论文,2008年。
[9] Diffie W, Hellman M E. New directions in cryptography [J]. IEEE Transcation on Information Theory, 1976, 22(6): 644-654.
[10] Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2):198-208.
[11] Choo, K K R, Boyd C, Hitchcock Y. The importance of proofs of security for key establishment protocols-Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh -Hwang-Lee, Lin-Sun-Hwang, and Ych-Sun protocols [J]. Computer Communications, 2006, 29(15): 2788-2797.
[12] Allamigeon X, Blanchet B. Reconstruction of Attacks against cryptographic protocols [C]. In 18th IEEE Computer Security Foundations Workshop -CSFW’05, 2005: 140-154.
[13] Choo K K R. Refuting security proofs for tripartite key exchange with modelchecker in planning problem setting[C]. In 19th IEEE Computer Security Foundations Workshop-CSFW’06,2006.
[14] Clarke E M, Jha S, Marrero W. Verifying security protocols with Brutus [J]. Acm Transactions on Software Engineering and Methodology, 2000, 9 (4): 443-487.
[15] Steel G, Bundy A. Attacking group multieast key management Protocols Using Coral[C]. In 2nd International Joint Conference on Automated Reasoning– ARSPA’2004 . Electronic Notes in Theoretical Computer Science, 2005, 125(1): 125-144.
[16]王亚弟,束妮娜,韩继红等.密码协议形式化分析[M].北京:机械工业出版社,2006。
[17] Burrows M, Abadi M, Needham R. A Logic of Authentication[J].Acm Transactions on Computer Systems, 1990, 8 (1): 18-36.
[18] Gong L, Needham R, Yahalom R. Reasoning about belief in cryptographic protocols[C]. In IEEE Computer Society Symposium in Security and Privacy,1990,5: 234-248.
[19] Abadi M, Tuttle R. A smantics for a logic of authentication[C].In the 10th ACM Symposium on Principles of Distributed Computing. 1991. ACM Press.
[20] Oorschot P C. Extending cryptographic logics of belief to key agreement protocols[C]. In the 1st ACM conference on Computer and communications security.1993.Fairfax,Virginia, United States: ACM Press.
[21] Syverson P F, Oorschot P C. On unifying some cryptographic protocollogics[C]. In IEEE Computer Society Symposium On Research in Security andPrivacy, 1994:14-28.
[22] Kailar R. Reasoning about accountability in protocols for electronic commerce[C]. In: Proceedings of the IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1995: 236-250.
[23]曹雪菲.基于身份的认证协议的理论及应用研究[D].西安:西安电子科技大学博士学位论文,2008年。
[24] David L D, Andreas J D, Alan J H, et a1.Protocol verification as a hardware design aid[C]. In Proceedings of the Proceedings of the IEEE International Conference On Computer Design on VLSI in Computer & Processors’1991. IEEEComputer Society, l992.
[25] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol using FDR [J]. Software Concepts and Tools, 1996, 17: 93-102.
[26] Woo T, Lam S. A lesson on authentication protocol design [J]. Operating Systems Review, 1994, 28 (3):24-37.
[27] Meadows C. The NRL protocol analyzer: An overview [J]. Journal of Logic Programming, 1996, 26(2):113-131.
[28] Millen J. The interrogator model [C]. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1995: 251-260.
[29] Paulson L C. Mechanized proofs for a recursive authentication protocol[C]. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1997:84-94.
[30] Paulson L C. The inductive approach to verifying cryptographic protocols [J]. Journal of Computer Security, 1998, (6):85-128.
[31] Man N A, Andrew D G. A calculus for cryptographic protocols:the spi calculus[C].In Proceedings of the Proceedings of the 4th ACM conference on Computer and communications security.Zurich,Switzerland:ACM,1997.
[32] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Why is a security protocol correct? [C]. In Proceedings of the 1998 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1998: 160-171.
[33] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Proving security protocols correct [J]. Journal of Computer Security, 1999, 7(2): 191-230.
[34] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Honest ideals on strand spaces[C]. In Proceedings of the 1998 IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1998:66-77.
[35] Abadi M, Gordon A D. A calculus for cryptographic protocols: The spi calculus[C]. In: Proceedings of the 4th ACM Conference on Computer and Communications Security. 1997: 36-47.
[36] Goldwasser S, Micali S. Probabilisitic encryption [J].Journal of Computer and System Sciences,1984, 28(3):270-299.
[37] Pointcheval D, Stern J. Security proofs for signature schemes [C]. In Advances in Cryptology-Eurocrypt'96. May 12–16, 1996, Zaragoza, Spain . LNCS, 1996, 1070: 387–398.
[38] Bellare M, Rogaway P. Entity authentication and key distribution[C]. Advances in Cryptography-CRYPTO’93,1994.LNCS, 773:232-249.
[39] Bellare M, Rogaway P. Provably secure session key distribution:the three party cases [C]. In Proceedings of the 27th ACM Symposium on the Theory ofComputing, 1995:57-66.
[40] Bellare M, Canetti R, Klawczyk H. A modular approach to the design and analysis of authentication and key-exchange protocols [C].in Proceedings of the 30th Annual Symp. on the Theory of Computing.1998, New York, ACM Press.
[41] Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels [C]. Advances in Cryptoiogy-Euroerypt’2001, 2001. LNCS 2045: 453-474.
[42] Bresson E, Chevassut O, Pointcheval D. Provably authenticated group DH key exchange-the dynamic ease [C]. In Proceedings of Asiacrypt’01, 2001. LNCS ,2248: 290-309.
[43] Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman key exchange under standard assumptions [C]. Advances in Cryptology–Euroerypt’2002 Proceedings, 2002. LNCS,2332: 321-336.
[44] Bresson E, Chevassut O, Pointchcval D, et a1. Provably authenticated group DH key exchange [C]. In Proceedings of ACM CCS’01, 2001: 255-264.
[45] Canetti R. Universally composable security: a new paradigm for cryptographic protocols [C].In Proceedings of the 42nd IEEE Symposium on Foundations ofComputer Science(FOCS),2001: 136-145.
[46] Canetti R, Krawczyk H. Universally composable notions of key exchange and secure channels [C]. Advances in Cryptology-Eurocrypt'02 Proceedings, 2002. LNCS, 2332: 337-351.
[47] Fiat A, Shamir A. How to prove yourself practical solutions to identification and signature problems[C]. In Advances in Cryptology -Crypto’86, 1987: 186—194.
[48]李艳平.若干安全协议的研究与设计[D].西安:西安电子科技大学博士学位论文,2009年。
[49] Diffie W, Hellman M. New directions in cryptography [J]. IEEE Transactions on Information Theory, 1976, 22(6): 644-654.
[50] Rivest R, Shamir A, Adleman L. A method for obtaining digital signatures and public key cryptosystem [J]. Communications of ACM, 1978, 21(2): 120-126.
[51] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms [J]. IEEE Transactions on Information Theory, 1985, 31:496-472.
[52] Oblitz N. Elliptic curve cryptosystems [J]. Mathematics of computation. 1987, 48: 203-209.
[53] Shamir A. Identity-based cryptosystems and signature schemes [C]. Advances in Cryptology-Crypto’84, Berlin: Springer-Verlag, 1984: 47-53.
[54] Al-Riyami S, Paterson K. Certificateless public key cryptography [C], Advances in Cryptology-Asiacrypt’2003. LNCS 2894, Springer-Verlag, 2003: 452-473.
[55]杨义先,孙伟,钮心祈.现代密码新理论[M].北京:科学出版社,2002。
[56]明洋.广义指定验证者签名体制的研究和设计[D].西安:西安电子科技大学博士学位论文,2008年。
[57] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [J].SIAM Journal on Computing, 2003, 32(3): 586-615.
[58] Yi X. An Identity-Based signature scheme from the Weil Pairing [J]. IEEE Communication letters, 2003, 7(2): 76-78.
[59] Baek J, Safavi-Naini R, Susilo W. Universal designated verifier signature proof (or how to efficiently prove knowledge of a signature) [C]. In Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 644-661.
[60] Zhang F, Safavi-Naini R, Susilo W. An efficient signature scheme from bilinear pairings and its applications [C]. In Practice and Theory in Public Key Cryptography-PKC’04, LNCS 2947, Berlin: Springer-Verlag, 2004: 277-290.
[61]李兴华.无线网络中认证及密钥协商协议的研究[D].西安:西安电子科技大学博士学位论文,2007年。
[62] Kaufman C. Internet key exchange (IKEv2) Protocol. Draft-ietf-IPSec- ikev2-11.txt, 2003.
[63] Linn J, Branchaud M. An examination of asserted PKI issues and proposed alternatives[C]. In Proceedings of the 3rd Annual PKI R & D Workshop. Gaithersburg: NIST, 2004.
[64] Zhu J, Ma J. A new authentication scheme with anonymity for wireless environments[J]. IEEE Transactions on Consumer Electronics, 2004.
[65] Yang F Y, Jan J K. An Enhanced and secure protocol for authenticated key exchange [DB/OL]. [2005-10-21]. http://eprint.iacr.org/2004/270.
[66]陈炜,龙翔,高小鹏.一种用于移动IPv6的混合认证方法[J].软件学报,2005,26(9):1617-1624。
[67]彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29 (8):1271-1281。
[68]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582。
[69]陈小峰,冯登国.一种多信任域内的直接匿名证明方案[J].计算机学报,2008,31(7):1122-1130。
[70] Micali S, Rogaway P. Secure computation[C]. In Proceeding of the Advances in Cryptology-Crypto’91, LNCS 576. Berlin, Heidelberg: Springer- Verlag, 1991: 392-404.
[71] Yiu S, Terry T, Colin B. Provably secure mobile key exchange: applying the Canetti-Krawczyk Approach[C]. In ACISP 2003. Berlin, Heidelberg : Springer-Verlag, 2003: 166–179.
[72] Tin Y S T, Vasanta H, Boyd C. Protocols with security proofs for mobile applications [C]. In Proceedings of the ACISP 2004.LNCS3108. Berlin: Springer-Verlag, 2004:358~369.
[73]冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学E辑,2007,37(2):223-237。
[74] Wang C I, Fan C I, Guan D J. Cryptanalysis on Chang-Yang-Hwang protected password change protocol. [DB/OL]. [2006-1-12]. http:// eprint.iacr.org/2005/182.
[75] Boneh D, Franklin M. Anonymous authentication with subset queries. In Proceedings of the 6th ACM Conference on Computer and Communications Security, New York, NY, USA, 1999: 113-119.
[76] Boneh D, Shaw J. Collusion-secure fingerprinting for digital data. In Proceedings of 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27-31, 1995: 452-465.
[77] Hirose S, Yoshida S. A user authentication scheme with identity and location privacy. Information Security and Privacy: 6th Australasian Conference, Sydney, Australia, July 11-13, 2001, LNCS 2119: 235-246.
[78] Lee C H, Deng X T, Zhu H F. Design and security analysis of anonymous group identification protocols [C]. In Public Key Cryptography, February 2002, Paris, France, LNCS 2274, Springer-Verlag, Berlin Heidelberg, 2002: 188-198.
[79] Kim J S, Choi S, Kim K, et al. Anonymous authentication protocol for dynamic groups with power-limited devices [C]. In SCIS 2003, Hamamatsu, Japan.
[80] Wang C J, Leung H F. An anonymous and secure continuous double auctionscheme for internet retails market[C]. In the 37th Hawaii International Conference on System Sciences, Big Island, HI, USA, January 5-8, 2004, http://csdl.computer.org/comp/proceedings/hicss/2004/2056/07/205670180babs.htm.
[81] Ren K, Lou W J, Kim K, et al. A novel privacy preserving authentication and access control scheme for pervasive computing environments [J]. IEEE Transcation on Vehicular Technology, 2006, 55 (4): 1373-1384.
[82] Mangipudi K, Katti R. A Hash-based strong password authentication protocol with user anonymity [J]. Journal of Network Security, 2006, 2 (3): 205-209.
[83] Liao I E, Lee C, Hwang M. A password authentication scheme over unsecure networks [J]. Journal of Computer and System Sciences, 2006, 72 (4): 727-740.
[84]田子健,王继林,伍云霞.一个动态的可追踪匿名认证方案[J].电子与信息学报,2005,27(11):1737-1740。
[85] Park J, Go J, Kim K. Wireless authentication protocol preserving user anonymity [C]. In Proceedings of the 2001 Symposium on Cryptography and Information Security. Janpan, Jan 23-26, 2001.
[86] Wong D S. Security analysis of two anonymous authentication protocols for distributed wireless networks [C].In PerCom 2005 Workshops. Kauai Island, Hawaii, 8-12 March, 2005.
[87] Kang M H, Ryou H B, Choi W. Design of anonymity-preserving user authentication and key agreement protocol for ubiquitous computing environments[C]. In WINE 2005. Hong Kong, China, December 15-17, 2005.
[88] Kim W H, Yoon E J, Yoo K Y. New authentication protocol providing user anonymity in open network [C]. In WINE 2005. Hong Kong, China, December 15-17, 2005.
[89]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18。
[90]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85。
[91] Baek J, Safavi-Naini R, Susilo W. Universal designated verifier signature proof [C]. In Advances in Cryptology-Asiacrypt’05, LNCS 3788. Berlin: Springer-Verlag, 2005: 644-661.
[92]田园.计算机密码学—通用方案构造及安全性证明[M].北京:电子工业出版社,2008。
[93] Guillou L S, Quisquater J J. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory [C]. In Advances in Cryptology- Eurocrypto’88, Davos, Switzerland, Springer- Verlag, LNCS 330, 1988:123-128.
[94] Bellare M, Palacio A. GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks [C]. In Advances in Cryptology-Crypto'02, Santa Barbara, California, USA, LNCS 2442, 2002: 167-177.
[95] Kim M, Kim K. A new identification scheme based on the bilinear Diffie-Hellman group [C]. In Information security and privacy: 7th Australasian Conference, ACISP 2002 Melbourne, Australia, July 3-5, 2002: 362-378.
[96] Zhang Z F, Jin X, Feng D G. Attack on an identification scheme based on Gap Diffie-Hellman problem [EB/OL], 2003(four pages), http:// eprint.iacr.org /2003/153.pdf.
[97] Shao J, Cao Z F, Lu R X. A new efficient identification scheme based on strong Diffie-Hellman assumption [C]. In proceedings of International Symposium on Future Software Technology-ISFST’2004, Xi’an, China, Software Engineers Association, 2004.
[98] Yang F Y, Jan J K. An Enhanced and secure protocol for authenticated key exchange [DB/OL]. [2006-10-21]. http://eprint .iacr.org/2004/270.
[99]张帆,马建峰. CK模型下的无线认证协议[C].密码学新进展—CHINACRYPT’2006:187-194。
[100]冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学E辑,2007,37(2):223-237。
[101]陈晓峰,伍前红,王育民.基于安全双方计算的密钥协商方案[J].西安电子科技大学学报,2003(06):477-480。
[102] Raimondo M D, Gennaro R. Provably secure threshold password- authenticated key exchange[C]. In Proceedings of the Advances in Cryptology-EUROCRYPT’2003. LNCS 2656, Berlin, Heidelberg: Springer -Verlag, 2003: 507?523.
[103] IEEE P802.11i/D3.0, Specification for Enhanced Security [DB/OL]. http://standards.ieee.org/reading/ieee/std/lanman/drafts/P802.11i.pdf.
[104]中华人民共和国国家标准.国标GB15629. 11-2003信息远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范,2003。
[105] Zheng Y L. Digital signcryption or how to achieve cost (signature & encryption)< [106] Dodis Y, Freedman M J, Jarecki S, et al.Versatile padding schemes for joint signature and eneryption[C]. In 17th ACM conference on Computer and Communication Security-CCS’04, Washington, DC, USA, October 25-29, 2004.
[107]张串绒.签密方案的分析、设计和应用研究[D].西安:西安电子科技大学博士学位论文,2007年。
[108] Aranha D, Castro R, Lopez J, et al. Efficient certificateless Signcryption [C]. In sbseg2008 :257-258.
[109] Wu C H, Chen Z X. A new efficient certificateless Signcryption scheme [C]. In ISISE’08. 2008:661–664.
[110] Barreto P L M, Deusajute A M, Cruz E C, et al. Toward efficient certificateless signcryption from (and without) bilinear pairings [C]. In SBSeg 2008:115-125.
[111] Sharmila D S, Vivek S S, Pandu R C. On the security of Certificateless Signcryption schemes. Cryptology ePrint Archive, Report 2009/298.
[112] Barbosa M, Farshim P. Certificateless Signcryption [C]. In ASIACCS’2008. ACM, 2008:369-372.
[113] Li F G, Masaaki S, Tsuyoshi T. Certificateless hybrid Signcryption [C]. In ISPEC’2009, LNCS 5451. Springer-Verlag Berlin Heidelberg 2009:112–123.
[114] Al-Riyami S S, Paterson K G. CBE from CL-PKE: A generic construction and efficient schemes [J]. Lecture Notes in Computer Science, 2005, 3386: 398-415.
[115] Yum D H, Lee P J. Generic construction of crtificateless encryption [J]. Lecture Notes in Computer Science, 2004, 3043: 802-811.
[116] Libert B, Quisquater J J. On Constructing Certificateless Cryptosystems from Identity Based Encryption [J].Lecture Notes in Computer Science, 2006, 3958: 474-490.
[117] Cheng Z H, Comley R, Vasiu L. Remove Key Escrow from the Identity-Based Encryption System [C], In Foundations of Information Technology in the Era of Network and MobileComputing, Paris, 2004.
[118] Cheng Z H, Comley R. Efficient Certificateless public key encryption [EB/OL]. http://eprint.iacr.org/2005/012.pdf.
[119] Wang S B, Cao Z F, Wang L C. Efficient certificateless authenticated key agreement protocol from pairing [J].Wuhan University Journal of Natural Sciences, 2006, 11(5):1278-1282.
[120] Shi Y J, Li J H. Two-Party Authenticated Key Agreement in Certificateless Public Key Cryptography [J]. Wuhan University Journal of Natural Sciences, 2007, 12(1):071-074.
[121] Tarjei K, Mandt, Chik H T. Certificateless authenticated two-Party key agreement protocols[C]. In ASIAN 2006, Berlin:Springer-Verlag, 2007:37–44.
[122] Wang F J, Zhang Y Q. A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography. [EB/OL]. http://eprint.iacr.org/2007/220.
[2]冯登国.网络安全原理与技术[M].北京:科学出版社, 2003年出版。
[3] Menezes A J, Oorschot P C, Vanstone S A. Handbook of Applied Cryptography [M]. CRC Press, 1997.
[4]卿斯汉.安全协议20年研究进展[J].软件学报,2003,14(10):1740-1752。
[5] Simmons G J. Authentication theory/coding theory [C]. In Crypto’84. LNCS, 1985, 196: 411-431.
[6] Needham R, Schroeder M. Using encryption for authentication in large networks of computers [J]. Communications of the ACM, 1978, 21 (12): 993 -999.
[7] Mao W B著.王继林,伍前红译.现代密码学理论与实践[M].北京:电子工业出版社,2004。
[8]曹春杰.可证明安全的认证及密钥交换协议设计与分析[D].西安:西安电子科技大学博士学位论文,2008年。
[9] Diffie W, Hellman M E. New directions in cryptography [J]. IEEE Transcation on Information Theory, 1976, 22(6): 644-654.
[10] Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2):198-208.
[11] Choo, K K R, Boyd C, Hitchcock Y. The importance of proofs of security for key establishment protocols-Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh -Hwang-Lee, Lin-Sun-Hwang, and Ych-Sun protocols [J]. Computer Communications, 2006, 29(15): 2788-2797.
[12] Allamigeon X, Blanchet B. Reconstruction of Attacks against cryptographic protocols [C]. In 18th IEEE Computer Security Foundations Workshop -CSFW’05, 2005: 140-154.
[13] Choo K K R. Refuting security proofs for tripartite key exchange with modelchecker in planning problem setting[C]. In 19th IEEE Computer Security Foundations Workshop-CSFW’06,2006.
[14] Clarke E M, Jha S, Marrero W. Verifying security protocols with Brutus [J]. Acm Transactions on Software Engineering and Methodology, 2000, 9 (4): 443-487.
[15] Steel G, Bundy A. Attacking group multieast key management Protocols Using Coral[C]. In 2nd International Joint Conference on Automated Reasoning– ARSPA’2004 . Electronic Notes in Theoretical Computer Science, 2005, 125(1): 125-144.
[16]王亚弟,束妮娜,韩继红等.密码协议形式化分析[M].北京:机械工业出版社,2006。
[17] Burrows M, Abadi M, Needham R. A Logic of Authentication[J].Acm Transactions on Computer Systems, 1990, 8 (1): 18-36.
[18] Gong L, Needham R, Yahalom R. Reasoning about belief in cryptographic protocols[C]. In IEEE Computer Society Symposium in Security and Privacy,1990,5: 234-248.
[19] Abadi M, Tuttle R. A smantics for a logic of authentication[C].In the 10th ACM Symposium on Principles of Distributed Computing. 1991. ACM Press.
[20] Oorschot P C. Extending cryptographic logics of belief to key agreement protocols[C]. In the 1st ACM conference on Computer and communications security.1993.Fairfax,Virginia, United States: ACM Press.
[21] Syverson P F, Oorschot P C. On unifying some cryptographic protocollogics[C]. In IEEE Computer Society Symposium On Research in Security andPrivacy, 1994:14-28.
[22] Kailar R. Reasoning about accountability in protocols for electronic commerce[C]. In: Proceedings of the IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1995: 236-250.
[23]曹雪菲.基于身份的认证协议的理论及应用研究[D].西安:西安电子科技大学博士学位论文,2008年。
[24] David L D, Andreas J D, Alan J H, et a1.Protocol verification as a hardware design aid[C]. In Proceedings of the Proceedings of the IEEE International Conference On Computer Design on VLSI in Computer & Processors’1991. IEEEComputer Society, l992.
[25] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol using FDR [J]. Software Concepts and Tools, 1996, 17: 93-102.
[26] Woo T, Lam S. A lesson on authentication protocol design [J]. Operating Systems Review, 1994, 28 (3):24-37.
[27] Meadows C. The NRL protocol analyzer: An overview [J]. Journal of Logic Programming, 1996, 26(2):113-131.
[28] Millen J. The interrogator model [C]. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1995: 251-260.
[29] Paulson L C. Mechanized proofs for a recursive authentication protocol[C]. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1997:84-94.
[30] Paulson L C. The inductive approach to verifying cryptographic protocols [J]. Journal of Computer Security, 1998, (6):85-128.
[31] Man N A, Andrew D G. A calculus for cryptographic protocols:the spi calculus[C].In Proceedings of the Proceedings of the 4th ACM conference on Computer and communications security.Zurich,Switzerland:ACM,1997.
[32] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Why is a security protocol correct? [C]. In Proceedings of the 1998 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1998: 160-171.
[33] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Proving security protocols correct [J]. Journal of Computer Security, 1999, 7(2): 191-230.
[34] Thayer F J, Herzog J C, Guttman J D. Strand spaces: Honest ideals on strand spaces[C]. In Proceedings of the 1998 IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1998:66-77.
[35] Abadi M, Gordon A D. A calculus for cryptographic protocols: The spi calculus[C]. In: Proceedings of the 4th ACM Conference on Computer and Communications Security. 1997: 36-47.
[36] Goldwasser S, Micali S. Probabilisitic encryption [J].Journal of Computer and System Sciences,1984, 28(3):270-299.
[37] Pointcheval D, Stern J. Security proofs for signature schemes [C]. In Advances in Cryptology-Eurocrypt'96. May 12–16, 1996, Zaragoza, Spain . LNCS, 1996, 1070: 387–398.
[38] Bellare M, Rogaway P. Entity authentication and key distribution[C]. Advances in Cryptography-CRYPTO’93,1994.LNCS, 773:232-249.
[39] Bellare M, Rogaway P. Provably secure session key distribution:the three party cases [C]. In Proceedings of the 27th ACM Symposium on the Theory ofComputing, 1995:57-66.
[40] Bellare M, Canetti R, Klawczyk H. A modular approach to the design and analysis of authentication and key-exchange protocols [C].in Proceedings of the 30th Annual Symp. on the Theory of Computing.1998, New York, ACM Press.
[41] Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels [C]. Advances in Cryptoiogy-Euroerypt’2001, 2001. LNCS 2045: 453-474.
[42] Bresson E, Chevassut O, Pointcheval D. Provably authenticated group DH key exchange-the dynamic ease [C]. In Proceedings of Asiacrypt’01, 2001. LNCS ,2248: 290-309.
[43] Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman key exchange under standard assumptions [C]. Advances in Cryptology–Euroerypt’2002 Proceedings, 2002. LNCS,2332: 321-336.
[44] Bresson E, Chevassut O, Pointchcval D, et a1. Provably authenticated group DH key exchange [C]. In Proceedings of ACM CCS’01, 2001: 255-264.
[45] Canetti R. Universally composable security: a new paradigm for cryptographic protocols [C].In Proceedings of the 42nd IEEE Symposium on Foundations ofComputer Science(FOCS),2001: 136-145.
[46] Canetti R, Krawczyk H. Universally composable notions of key exchange and secure channels [C]. Advances in Cryptology-Eurocrypt'02 Proceedings, 2002. LNCS, 2332: 337-351.
[47] Fiat A, Shamir A. How to prove yourself practical solutions to identification and signature problems[C]. In Advances in Cryptology -Crypto’86, 1987: 186—194.
[48]李艳平.若干安全协议的研究与设计[D].西安:西安电子科技大学博士学位论文,2009年。
[49] Diffie W, Hellman M. New directions in cryptography [J]. IEEE Transactions on Information Theory, 1976, 22(6): 644-654.
[50] Rivest R, Shamir A, Adleman L. A method for obtaining digital signatures and public key cryptosystem [J]. Communications of ACM, 1978, 21(2): 120-126.
[51] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms [J]. IEEE Transactions on Information Theory, 1985, 31:496-472.
[52] Oblitz N. Elliptic curve cryptosystems [J]. Mathematics of computation. 1987, 48: 203-209.
[53] Shamir A. Identity-based cryptosystems and signature schemes [C]. Advances in Cryptology-Crypto’84, Berlin: Springer-Verlag, 1984: 47-53.
[54] Al-Riyami S, Paterson K. Certificateless public key cryptography [C], Advances in Cryptology-Asiacrypt’2003. LNCS 2894, Springer-Verlag, 2003: 452-473.
[55]杨义先,孙伟,钮心祈.现代密码新理论[M].北京:科学出版社,2002。
[56]明洋.广义指定验证者签名体制的研究和设计[D].西安:西安电子科技大学博士学位论文,2008年。
[57] Boneh D, Franklin M. Identity-based encryption from the Weil pairing [J].SIAM Journal on Computing, 2003, 32(3): 586-615.
[58] Yi X. An Identity-Based signature scheme from the Weil Pairing [J]. IEEE Communication letters, 2003, 7(2): 76-78.
[59] Baek J, Safavi-Naini R, Susilo W. Universal designated verifier signature proof (or how to efficiently prove knowledge of a signature) [C]. In Advances in Cryptology-Asiacrypt’05, LNCS 3788, Berlin: Springer-Verlag, 2005: 644-661.
[60] Zhang F, Safavi-Naini R, Susilo W. An efficient signature scheme from bilinear pairings and its applications [C]. In Practice and Theory in Public Key Cryptography-PKC’04, LNCS 2947, Berlin: Springer-Verlag, 2004: 277-290.
[61]李兴华.无线网络中认证及密钥协商协议的研究[D].西安:西安电子科技大学博士学位论文,2007年。
[62] Kaufman C. Internet key exchange (IKEv2) Protocol. Draft-ietf-IPSec- ikev2-11.txt, 2003.
[63] Linn J, Branchaud M. An examination of asserted PKI issues and proposed alternatives[C]. In Proceedings of the 3rd Annual PKI R & D Workshop. Gaithersburg: NIST, 2004.
[64] Zhu J, Ma J. A new authentication scheme with anonymity for wireless environments[J]. IEEE Transactions on Consumer Electronics, 2004.
[65] Yang F Y, Jan J K. An Enhanced and secure protocol for authenticated key exchange [DB/OL]. [2005-10-21]. http://eprint.iacr.org/2004/270.
[66]陈炜,龙翔,高小鹏.一种用于移动IPv6的混合认证方法[J].软件学报,2005,26(9):1617-1624。
[67]彭华熹.一种基于身份的多信任域认证模型[J].计算机学报,2006,29 (8):1271-1281。
[68]路晓明,冯登国.一种基于身份的多信任域网格认证模型[J].电子学报,2006,34(4):577-582。
[69]陈小峰,冯登国.一种多信任域内的直接匿名证明方案[J].计算机学报,2008,31(7):1122-1130。
[70] Micali S, Rogaway P. Secure computation[C]. In Proceeding of the Advances in Cryptology-Crypto’91, LNCS 576. Berlin, Heidelberg: Springer- Verlag, 1991: 392-404.
[71] Yiu S, Terry T, Colin B. Provably secure mobile key exchange: applying the Canetti-Krawczyk Approach[C]. In ACISP 2003. Berlin, Heidelberg : Springer-Verlag, 2003: 166–179.
[72] Tin Y S T, Vasanta H, Boyd C. Protocols with security proofs for mobile applications [C]. In Proceedings of the ACISP 2004.LNCS3108. Berlin: Springer-Verlag, 2004:358~369.
[73]冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学E辑,2007,37(2):223-237。
[74] Wang C I, Fan C I, Guan D J. Cryptanalysis on Chang-Yang-Hwang protected password change protocol. [DB/OL]. [2006-1-12]. http:// eprint.iacr.org/2005/182.
[75] Boneh D, Franklin M. Anonymous authentication with subset queries. In Proceedings of the 6th ACM Conference on Computer and Communications Security, New York, NY, USA, 1999: 113-119.
[76] Boneh D, Shaw J. Collusion-secure fingerprinting for digital data. In Proceedings of 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27-31, 1995: 452-465.
[77] Hirose S, Yoshida S. A user authentication scheme with identity and location privacy. Information Security and Privacy: 6th Australasian Conference, Sydney, Australia, July 11-13, 2001, LNCS 2119: 235-246.
[78] Lee C H, Deng X T, Zhu H F. Design and security analysis of anonymous group identification protocols [C]. In Public Key Cryptography, February 2002, Paris, France, LNCS 2274, Springer-Verlag, Berlin Heidelberg, 2002: 188-198.
[79] Kim J S, Choi S, Kim K, et al. Anonymous authentication protocol for dynamic groups with power-limited devices [C]. In SCIS 2003, Hamamatsu, Japan.
[80] Wang C J, Leung H F. An anonymous and secure continuous double auctionscheme for internet retails market[C]. In the 37th Hawaii International Conference on System Sciences, Big Island, HI, USA, January 5-8, 2004, http://csdl.computer.org/comp/proceedings/hicss/2004/2056/07/205670180babs.htm.
[81] Ren K, Lou W J, Kim K, et al. A novel privacy preserving authentication and access control scheme for pervasive computing environments [J]. IEEE Transcation on Vehicular Technology, 2006, 55 (4): 1373-1384.
[82] Mangipudi K, Katti R. A Hash-based strong password authentication protocol with user anonymity [J]. Journal of Network Security, 2006, 2 (3): 205-209.
[83] Liao I E, Lee C, Hwang M. A password authentication scheme over unsecure networks [J]. Journal of Computer and System Sciences, 2006, 72 (4): 727-740.
[84]田子健,王继林,伍云霞.一个动态的可追踪匿名认证方案[J].电子与信息学报,2005,27(11):1737-1740。
[85] Park J, Go J, Kim K. Wireless authentication protocol preserving user anonymity [C]. In Proceedings of the 2001 Symposium on Cryptography and Information Security. Janpan, Jan 23-26, 2001.
[86] Wong D S. Security analysis of two anonymous authentication protocols for distributed wireless networks [C].In PerCom 2005 Workshops. Kauai Island, Hawaii, 8-12 March, 2005.
[87] Kang M H, Ryou H B, Choi W. Design of anonymity-preserving user authentication and key agreement protocol for ubiquitous computing environments[C]. In WINE 2005. Hong Kong, China, December 15-17, 2005.
[88] Kim W H, Yoon E J, Yoo K Y. New authentication protocol providing user anonymity in open network [C]. In WINE 2005. Hong Kong, China, December 15-17, 2005.
[89]朱建明,马建峰.一种高效的具有用户匿名性的无线认证协议[J].通信学报,2004,25(6):12-18。
[90]彭华熹,冯登国.匿名无线认证协议的匿名性缺陷和改进[J].通信学报,2006,27(9):78-85。
[91] Baek J, Safavi-Naini R, Susilo W. Universal designated verifier signature proof [C]. In Advances in Cryptology-Asiacrypt’05, LNCS 3788. Berlin: Springer-Verlag, 2005: 644-661.
[92]田园.计算机密码学—通用方案构造及安全性证明[M].北京:电子工业出版社,2008。
[93] Guillou L S, Quisquater J J. A practical zero-knowledge protocol fitted to security microprocessors minimizing both transmission and memory [C]. In Advances in Cryptology- Eurocrypto’88, Davos, Switzerland, Springer- Verlag, LNCS 330, 1988:123-128.
[94] Bellare M, Palacio A. GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks [C]. In Advances in Cryptology-Crypto'02, Santa Barbara, California, USA, LNCS 2442, 2002: 167-177.
[95] Kim M, Kim K. A new identification scheme based on the bilinear Diffie-Hellman group [C]. In Information security and privacy: 7th Australasian Conference, ACISP 2002 Melbourne, Australia, July 3-5, 2002: 362-378.
[96] Zhang Z F, Jin X, Feng D G. Attack on an identification scheme based on Gap Diffie-Hellman problem [EB/OL], 2003(four pages), http:// eprint.iacr.org /2003/153.pdf.
[97] Shao J, Cao Z F, Lu R X. A new efficient identification scheme based on strong Diffie-Hellman assumption [C]. In proceedings of International Symposium on Future Software Technology-ISFST’2004, Xi’an, China, Software Engineers Association, 2004.
[98] Yang F Y, Jan J K. An Enhanced and secure protocol for authenticated key exchange [DB/OL]. [2006-10-21]. http://eprint .iacr.org/2004/270.
[99]张帆,马建峰. CK模型下的无线认证协议[C].密码学新进展—CHINACRYPT’2006:187-194。
[100]冯登国,陈伟东.基于口令的安全协议的模块化设计与分析[J].中国科学E辑,2007,37(2):223-237。
[101]陈晓峰,伍前红,王育民.基于安全双方计算的密钥协商方案[J].西安电子科技大学学报,2003(06):477-480。
[102] Raimondo M D, Gennaro R. Provably secure threshold password- authenticated key exchange[C]. In Proceedings of the Advances in Cryptology-EUROCRYPT’2003. LNCS 2656, Berlin, Heidelberg: Springer -Verlag, 2003: 507?523.
[103] IEEE P802.11i/D3.0, Specification for Enhanced Security [DB/OL]. http://standards.ieee.org/reading/ieee/std/lanman/drafts/P802.11i.pdf.
[104]中华人民共和国国家标准.国标GB15629. 11-2003信息远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范,2003。
[105] Zheng Y L. Digital signcryption or how to achieve cost (signature & encryption)<
[107]张串绒.签密方案的分析、设计和应用研究[D].西安:西安电子科技大学博士学位论文,2007年。
[108] Aranha D, Castro R, Lopez J, et al. Efficient certificateless Signcryption [C]. In sbseg2008 :257-258.
[109] Wu C H, Chen Z X. A new efficient certificateless Signcryption scheme [C]. In ISISE’08. 2008:661–664.
[110] Barreto P L M, Deusajute A M, Cruz E C, et al. Toward efficient certificateless signcryption from (and without) bilinear pairings [C]. In SBSeg 2008:115-125.
[111] Sharmila D S, Vivek S S, Pandu R C. On the security of Certificateless Signcryption schemes. Cryptology ePrint Archive, Report 2009/298.
[112] Barbosa M, Farshim P. Certificateless Signcryption [C]. In ASIACCS’2008. ACM, 2008:369-372.
[113] Li F G, Masaaki S, Tsuyoshi T. Certificateless hybrid Signcryption [C]. In ISPEC’2009, LNCS 5451. Springer-Verlag Berlin Heidelberg 2009:112–123.
[114] Al-Riyami S S, Paterson K G. CBE from CL-PKE: A generic construction and efficient schemes [J]. Lecture Notes in Computer Science, 2005, 3386: 398-415.
[115] Yum D H, Lee P J. Generic construction of crtificateless encryption [J]. Lecture Notes in Computer Science, 2004, 3043: 802-811.
[116] Libert B, Quisquater J J. On Constructing Certificateless Cryptosystems from Identity Based Encryption [J].Lecture Notes in Computer Science, 2006, 3958: 474-490.
[117] Cheng Z H, Comley R, Vasiu L. Remove Key Escrow from the Identity-Based Encryption System [C], In Foundations of Information Technology in the Era of Network and MobileComputing, Paris, 2004.
[118] Cheng Z H, Comley R. Efficient Certificateless public key encryption [EB/OL]. http://eprint.iacr.org/2005/012.pdf.
[119] Wang S B, Cao Z F, Wang L C. Efficient certificateless authenticated key agreement protocol from pairing [J].Wuhan University Journal of Natural Sciences, 2006, 11(5):1278-1282.
[120] Shi Y J, Li J H. Two-Party Authenticated Key Agreement in Certificateless Public Key Cryptography [J]. Wuhan University Journal of Natural Sciences, 2007, 12(1):071-074.
[121] Tarjei K, Mandt, Chik H T. Certificateless authenticated two-Party key agreement protocols[C]. In ASIAN 2006, Berlin:Springer-Verlag, 2007:37–44.
[122] Wang F J, Zhang Y Q. A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography. [EB/OL]. http://eprint.iacr.org/2007/220.