无线网络可信接入理论及其应用研究
|
摘要
安全接入认证和密钥协商协议是保证无线网络安全的重要技术手段,这些传统的网络安全技术多以“防外为主”,无法有效抵御“内部攻击”。利用可信计算技术确保终端平台软硬件的完整性,能够有效防止来自系统内部的攻击,研究如何将可信计算技术与安全的认证和密钥协商协议有机融合具有重要意义。本文对无线网络可信接入理论及其应用进行了较为深入的研究,具体研究内容为:
1.对可信环境下密钥协商协议的形式化方法–Canetti-Krawczyk模型进行研究,对该模型定义的攻击者的三种攻击能力重新进行分析,指出TPM克服了Canetti-Krawczyk模型中基于加密算法认证器的安全缺陷。在此基础上我们提出了可信环境下的CK模型–CKTE。
2.发现可信网络连接架构存在安全缺陷,形式化的给出了可信网络连接协议的安全目标,在此基础之上,提出一种可证明安全的可信网络连接协议模型(TNC-PS),在保持可信网络连接架构不变的基础上,避免其安全缺陷造成的影响。
3.设计了一种无证书的WLAN可信接入协议CL-TAP,该协议结合无证书公钥密码体制和可信计算技术,仅需6轮交互就能实现STA与AP之间的双向身份认证和会话密钥协商,同时实现AS对STA的平台可信性验证。分析表明,与IEEE802.11i的接入认证方案相比,新协议的安全性有所增强,且通信和计算负载优势明显。
4.设计了一种高效的可证明安全的WLAN Mesh网络可信接入协议MN-TAP,该协议仅需7轮交互就能实现访问请求者,策略执行点和策略决策点三者之间的用户身份认证和密钥确认,同时在第一轮交互中就实现了策略决策点对访问请求者平台身份的认证和平台完整性的校验。分析表明,新协议达到通用可组合安全,且与现有协议相比性能优势明显。
5.根据TCG的规范,开发了WLAN可信接入原型系统。
Authentication and key agreement(AKA) protocols are the main techniquesto secure the wireless networks. However, these conventional techniques mainlydeal with the foreign attacks from the outside, while unable to e?ciently resist theinternal attacks. Trusted computing technologies are able to ensure the integrity ofsoftware and hardware of the terminal platform, so as to protect the platform fromthe internal attacks. It is of great significance to integrate the trusted computingtechnologies with secure authentication and key agreement protocols. We make ain-depth research on the trusted connection of wireless networks in this thesis, andthe main contributions are as follows:
1. In the trusted environment, we restudy the three attack abilities defined inthe Canetti-Krawczyk model which is a formal method for the design and analysisof key agreement protocols. We find that the TPM overcomes the weakness of theencryption algorithm based authenticator in the Canetti-Krawczyk model. Based onthese, a new CK model called CKTE in the trusted environment-CKTE is proposed.
2. A platform substitution attack on the trusted network connect protocol isfound. To solve this problem, the security objectives of the trusted network connectprotocol is formally proposed, and a provably secure model TNC-PS for the trustednetwork connect protocol is designed. By using the TNC-PS model, the security?aw is avoided with the TNC ar-chitecture keeps unchanged.
3. A trusted network connect protocol CL-TAP for wireless environment isproposed, in which the trusted computing technology and certificateless public keycryptography are utilized. The platform authentication and integrity verificationare integrated into the user authentication within 6 rounds in such protocol. Thesecurity and performance analysis show that our protocol enhances the securityof the authentication protocol and has great advantages in both computing andcommunication costs.
4. A provably secure trusted access protocol MN-TAP for the WLAN Meshnetworks is proposed. Such protocol will achieve authentication and key confir-mation among the access requestor, policy enforcement point and policy decisionpoint within 7 protocol rounds. At the same time, the protocol can realize the plat-form authentication and platform integrity verification in the first round of protocolinteraction. Security and performance analysis results show that: the protocol isa UC-secure protocol, and the performance has great advantages over the current protocols.
5. A Network Trusted Connect System(NTCS) is built in accordance with therelated TCG specifications.
1.对可信环境下密钥协商协议的形式化方法–Canetti-Krawczyk模型进行研究,对该模型定义的攻击者的三种攻击能力重新进行分析,指出TPM克服了Canetti-Krawczyk模型中基于加密算法认证器的安全缺陷。在此基础上我们提出了可信环境下的CK模型–CKTE。
2.发现可信网络连接架构存在安全缺陷,形式化的给出了可信网络连接协议的安全目标,在此基础之上,提出一种可证明安全的可信网络连接协议模型(TNC-PS),在保持可信网络连接架构不变的基础上,避免其安全缺陷造成的影响。
3.设计了一种无证书的WLAN可信接入协议CL-TAP,该协议结合无证书公钥密码体制和可信计算技术,仅需6轮交互就能实现STA与AP之间的双向身份认证和会话密钥协商,同时实现AS对STA的平台可信性验证。分析表明,与IEEE802.11i的接入认证方案相比,新协议的安全性有所增强,且通信和计算负载优势明显。
4.设计了一种高效的可证明安全的WLAN Mesh网络可信接入协议MN-TAP,该协议仅需7轮交互就能实现访问请求者,策略执行点和策略决策点三者之间的用户身份认证和密钥确认,同时在第一轮交互中就实现了策略决策点对访问请求者平台身份的认证和平台完整性的校验。分析表明,新协议达到通用可组合安全,且与现有协议相比性能优势明显。
5.根据TCG的规范,开发了WLAN可信接入原型系统。
Authentication and key agreement(AKA) protocols are the main techniquesto secure the wireless networks. However, these conventional techniques mainlydeal with the foreign attacks from the outside, while unable to e?ciently resist theinternal attacks. Trusted computing technologies are able to ensure the integrity ofsoftware and hardware of the terminal platform, so as to protect the platform fromthe internal attacks. It is of great significance to integrate the trusted computingtechnologies with secure authentication and key agreement protocols. We make ain-depth research on the trusted connection of wireless networks in this thesis, andthe main contributions are as follows:
1. In the trusted environment, we restudy the three attack abilities defined inthe Canetti-Krawczyk model which is a formal method for the design and analysisof key agreement protocols. We find that the TPM overcomes the weakness of theencryption algorithm based authenticator in the Canetti-Krawczyk model. Based onthese, a new CK model called CKTE in the trusted environment-CKTE is proposed.
2. A platform substitution attack on the trusted network connect protocol isfound. To solve this problem, the security objectives of the trusted network connectprotocol is formally proposed, and a provably secure model TNC-PS for the trustednetwork connect protocol is designed. By using the TNC-PS model, the security?aw is avoided with the TNC ar-chitecture keeps unchanged.
3. A trusted network connect protocol CL-TAP for wireless environment isproposed, in which the trusted computing technology and certificateless public keycryptography are utilized. The platform authentication and integrity verificationare integrated into the user authentication within 6 rounds in such protocol. Thesecurity and performance analysis show that our protocol enhances the securityof the authentication protocol and has great advantages in both computing andcommunication costs.
4. A provably secure trusted access protocol MN-TAP for the WLAN Meshnetworks is proposed. Such protocol will achieve authentication and key confir-mation among the access requestor, policy enforcement point and policy decisionpoint within 7 protocol rounds. At the same time, the protocol can realize the plat-form authentication and platform integrity verification in the first round of protocolinteraction. Security and performance analysis results show that: the protocol isa UC-secure protocol, and the performance has great advantages over the current protocols.
5. A Network Trusted Connect System(NTCS) is built in accordance with therelated TCG specifications.
引文
[1]闵应骅.前进中的可信计算.中国传媒科技, (009): 50–52, 2005.
[2] CENTER D O D F G G M M C S. Department of Defense Trusted ComputerSystem Evaluation Criteria, 1983.
[3] Gallagher Jr P. Trusted Database Management System Interpretation. Tech.rep., NCSC-TG-021. Library, 1991.
[4] National Computer Security Center U. Trusted network interpretation of theTrusted computer system evaluation criteria. Tech. rep., NCSC-TG-005, 1987.
[5] Bell D and LaPadula L. Secure computer systems: Mathematical foundations.Tech. rep., Technical Report MTR-2547, 1973.
[6] Microsoft. Trusted platform module services in windows longhorn.
[7] consortium T O T C O. General activities of OpenTC.
[8]张焕国毋国庆.一种新型安全计算机.武汉大学学报:理学版, 50(A01): 1–6,2004.
[9]兆日科技.兆日TPM安全芯片(SSX35)和解决方案.
[10] NISHIMURA K, ISHIKAWA S, HIROTA K, et al. ISO/IEC 15408. DBSJLetters, 4(3): 13–16, 2005.
[11]沈昌祥张焕国.信息安全综述.中国科学: E辑, 37(002): 129–150, 2007.
[12] Grawrock D. TCG Specification Architecture Overview, Revision 1.4.
[13] Rong Z. Trusted chain research. Computer Application, 9: 121–125, 2007.
[14] Group T C. TPM Main Specification Level 2 Version 1.2, Revision 103.
[15] Group T C. TNC TNC Architecture for Interoperability Specification Version1.0, Revision 4.
[16] Group T C. TNC Architecture for Interoperability Specification Version 1.1,Revision 2.
[17] Group T C. TNC Architecture for Interoperability Specification Version 1.2,Revision 4.
[18] Group T C. TNC Architecture for Interoperability Specification Version 1.3,Revision 6.
[19] Group T C. TNC IF-MAP Specification, Version 1.0.
[20] Group T C. TNC Architecture for Interoperability Specification Version 1.4,Revision 4.
[21] Group T C. TCG Specification Trusted Network Connect TNC IF-T: Bindingto TLS Specification version 1.0, Revision 16.
[22] Group T C. TCG Trusted Network Connect Federated TNC Specificationversion 1.0.
[23] Group T C. TCG Trusted Network Connect Clientless Endpoint SupportProfile Specification version 1.0, Revision 13.
[24] Networks J. Juniper Unified Access Control Solution.
[25] Clark D, Sollins K, and Wroclawski J. Newarch project: Future-generationinternet architecture.
[26] Neumann P. Principled assuredly trustworthy composable architectures,Project Report. Tech. rep., Computer Science Laboratory. SRI International,2004.
[27] Ellison R and Moore A. Trustworthy refinement through intrusion-aware de-sign: An overview. In Proc. the 3rd Annual High Confidence Software andSystem Conference, Baltimore, MD. 2003.
[28]林闯.可控可信可扩展的新一代互联网.软件学报, 15(12).
[29]林闯.可信网络研究.计算机学报, 28(005): 751–758, 2005.
[30]闵应骅.可信系统与网络.计算机工程与科学, 23(005): 21–23, 2001.
[31]田立勤.可信网络中一种基于行为信任预测的博弈控制机制.计算机学报,30(011): 1930–1938, 2007.
[32] Dolev D and Yao A. On the security of public key protocols. IEEE Transac-tions on information theory, 29(2): 198–208, 1983.
[33] Mao W. Modern cryptography: theory and practice. Prentice Hall PTR; 1stedition (July 25, 2003), 2003. ISBN 0-1306-6943-1.
[34] Menezes A, Van Oorschot P, and Vanstone S. Handbook of applied cryptogra-phy. CRC, 1997.
[35]王育民.通信网的安全――理论与技术.陕西西安:西安电子科技大学出版社, 1999.
[36]卿斯汉.安全协议的设计与逻辑分析.软件学报, 14(007): 1300–1309, 2003.
[37] Abadi M and Needham R. Prudent engineering practice for cryptographicprotocols. IEEE Transactions on Software Engineering, 22(1): 6–15, 1996.
[38] Needham R M and Schroeder M D. Using encryption for authentication inlarge networks of computers. Commun. ACM, 21(12): 993–999, 1978.
[39]卿斯汉,认证协议的形式化分析,软件学报,1996,Vol.7(A00),P:107-114.
[40]薛锐,冯登国,安全协议的形式化分析技术与方法,计算机学报,2006,Vol.29(1),P:1-20.
[41] Dolev D and Yao A C. On the security of public key protocols. IEEE Trans-actions on Information Theory, pages 198–208, 1983.
[42] Even S and Goldreich O. On the security of multi-party ping-pong protocols.In IEEE Symposium on Foundations of Computer Science, pages 34–39. 1983.
[43] Burrows M, Abadi M, and Needham R. A logic of authentication. ACM Trans.Comput. Syst., 8(1): 18–36, 1990.
[44]卿斯汉,安全协议20年研究进展,软件学报,2003,Vol.14(10),P:1740-1752.
[45] Vardi M Y. Why is modal logic so robustly decidable? Tech. Rep. TR97-274,1997.
[46] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol usingFDR. In Tools and Algorithms for the Construction and Analysis of Systems(TACAS), vol. 1055, pages 147–166. Springer-Verlag, Berlin Germany, 1996.
[47] Thayer J, Herzog J, and Guttman J. Strand spaces: Why is a security protocolcorrect? In Proceeding os the 1998 IEEE Symposium on Security and Privacy,pages 160–171. 1998.
[48] Thayer J, Herzog J, and Guttman J. Strand spaces: Honesy ideals on strandspaces. In Proceeding os the 1998 IEEE computer Security foundations Work-shop., pages 66–77. 1998.
[49] Thayer J, Herzog J, and Guttman J. Strand spaces: Proving security protocolscorrect. Journal of Computer Security, 7: 191–230, 1999.
[50] Abadi M and Gordon A D. A calculus for cryptographic protocols: The spicalculus. In Fourth ACM Conference on Computer and Communications Se-curity, pages 36–47. ACM Press, 1997.
[51] Gong L, Needham R, and Yahalom R. Reasoning About Belief in Crypto-graphic Protocols. In Cooper D and Lunt T, editors, Proceedings 1990 IEEESymposium on Research in Security and Privacy, pages 234–248. IEEE Com-puter Society, 1990.
[52] Abadi M and Tuttle M. A semantics for a logic of authentication. pages201–216.
[53] van Oorschot P. Extending cryptographic logics of belief to key agreementprotocols. In CCS’93: Proceedings of the 1st ACM conference on Computerand communications security, pages 232–243. ACM Press, New York, NY,USA, 1993.
[54] Perrig A and Song D. Looking for diamonds in the desert—extending au-tomatic protocol generation to three-party authentication and key agreementprotocols. In Proceeding of the 13th IEEE Computer Securiy FoundationsWorkshop., pages 64–76. 2000.
[55] Song D X. Athena: A new e?cient automatic checker for security protocolanalysis. In PCSFW: Proceedings of The 12th Computer Security FoundationsWorkshop. IEEE Computer Society Press, 1999.
[56] Milner R, Parrow J, and Walker D. A calculus of mobile processes. Inf.Comput., 100(1): 1–77, 1992.
[57]冯登国,可证明安全性理论与方法研究,软件学报,2005,Vol.16(10),P:1744-1756.
[58] Bellare M and Rogaway P. Random oracles are practical: A paradigm fordesigning e?cient protocols. In ACM Conference on Computer and Commu-nications Security, pages 62–73. 1993.
[59] Canetti R, Goldreich O, and Halevi S. The random oracle methodology, re-visited (preliminary version). pages 209–218. 1998.
[60] David P. Asymmetric cryptography and practical security. Journal of Telecom-munications and Information Technology, 4(1): 41–56, 2002.
[61] Goldreich O. Foundations of Cryptography (Fragments of a Book). WeizmannInstitute of Science, 1995. Available, along with revised version 1/98, fromhttp://theory.lcs.mit.edu/~oded.
[62] F K. Careful Design and Integration of Cryptographic Primitives with Contri-butions to Timing Attack, Padding Schemes and Random Number Generators.PhD thesis, Universite Catholique de Louvain, 2001. ISBN 3-540-65004-0.
[63] Gennaro R, Halevi S, and Rabin T. Secure hash-and-sign signatures withoutthe random oracle. Lecture Notes in Computer Science, 1592: 123++, 1999.
[64] Bellare M, Canetti R, and Krawczyk H. A modular approach to the design andanalysis of authentication and key exchange protocols (extended abstract). InSTOC’98: Proceedings of the thirtieth annual ACM symposium on Theory ofcomputing, pages 419–428. ACM Press, New York, NY, USA, 1998.
[65] Goldwasser S and Micali S. Probabilistic encryption. J. Comput. Syst. Sci.,28(2): 270–299, 1984.
[66] Pfitzmann B and Waidner M. A model for asynchronous reactive systems andits application to secure message transmission. In Proc. of 2001 IEEE Symp.on Security and Privacy. 2001.
[67] Lindell Y. Composition of Secure Multi-Party Protocols: A ComprehensiveStudy. Springer, 2003.
[68] Lindell Y. General composition and universal composability in secure multi-party computation. In FOCS, pages 394–403. 2003.
[69] Canetti R. Universally composable security: A new paradigm for crypto-graphic protocols. In FOCS, pages 136–145. 2001.
[70] Canetti R, Lindell Y, Ostrovsky R, et al. Universally composable two-partyand multi-party secure computation. In STOC, pages 494–503. 2002.
[71]季庆光,对几类重要网络安全协议形式模型的分析,计算机学报,2005,Vol.28(7),P:128-141.
[72] Datta A, Derek A, Mitchell J C, et al. A derivation system for security proto-cols and its logical formalization. In CSFW, pages 109–125. 2003.
[73] Datta A, Derek A, Mitchell J C, et al. Abstraction and refinement in protocolderivation. In CSFW’04: Proceedings of the 17th IEEE Computer SecurityFoundations Workshop (CSFW’04), page 30. IEEE Computer Society, Wash-ington, DC, USA, 2004.
[74] Datta A, Derek A, Mitchell J C, et al. A derivation system and compositionallogic for security protocols. J. Comput. Secur., 13(3): 423–482, 2005.
[75] Datta A, Derek A, Mitchell J C, et al. Secure protocol composition. In FMSE’03: Proceedings of the 2003 ACM workshop on Formal methods in securityengineering, pages 11–23. ACM Press, New York, NY, USA, 2003.
[76] Durgin N, Mitchell J, and Pavlovic D. A compositional logic for protocolcorrectness. In CSFW’01: Proceedings of the 14th IEEE Workshop on Com-puter Security Foundations, page 241. IEEE Computer Society, Washington,DC, USA, 2001.
[77] Durgin N, Mitchell J, and Pavlovic D. A compositional logic for provingsecurity properties of protocols. J. Comput. Secur., 11(4): 677–721, 2004.
[78] Canetti R and Herzog J. Universally composable symbolic analysis of crypto-graphic protocols, 2004.
[79] Canetti R and Herzog J. Universally composable symbolic analysis of mutualauthentication and key-exchange protocols. In Halevi S and Rabin T, editors,TCC, vol. 3876 of Lecture Notes in Computer Science, pages 380–403. Springer,2006.
[80] Patil A. On symbolic analysis of cryptographic protocols. Massachusetts Insti-tute of Technology, 2005.
[81]刘东喜.安全协议的自动验证技术研究. Ph.D. thesis,上海交通大学, 2002.
[82]张爱新.网络安全协议的分析与设计. Ph.D. thesis,华东理工大学, 2002.
[83]任侠.形式化方法在安全协议验证领域内的应用研究. Ph.D. thesis,中国科技大学, 2003.
[84]范红.安全协议形式化分析理论与方法. Ph.D. thesis,解放军信息工程大学,2003.
[85]李莉.安全协议的形式化分析及验证技术研究. Ph.D. thesis,武汉大学, 2004.
[86]李梦君.安全协议形式化验证技术的研究与实现. Ph.D. thesis,国防科大,2005.
[87]赵华伟.两种安全协议形式化理论的研究. Ph.D. thesis,山东大学, 2006.
[88]李兴华.无线网络中认证及密钥协商协议的研究. Ph.D. thesis,西安电子科技大学, 2006.
[89]张帆.无线网络安全协议的形式化分析方法. Ph.D. thesis,西安电子科技大学, 2007.
[90]曹春杰.可证明安全的认证及密钥交换协议设计与分析. Ph.D. thesis,西安电子科技大学, 2008.
[91]冯涛.通用可复合密码协议理论及其应用研究. Ph.D. thesis,西安电子科技大学, 2008.
[92]杨超.无线网络协议的形式化分析与设计. Ph.D. thesis,西安电子科技大学,2008.
[93]陈伟东.安全协议的可证明安全性研究. Ph.D. thesis,国科学院电子学研究所, 2006.
[94]雷飞宇. UC安全多方计算模型及其典型应用研究. Ph.D. thesis,上海交通大学, 2007.
[95] Law L, Menezes A, Qu M, et al. An e?cient protocol for authenticated keyagreement. Designs, Codes and Cryptography, 28(2): 119–134, 2003.
[96] Bresson E, Chevassut O, and Pointcheval D. New security results on encryptedkey exchange. Public Key Cryptography–PKC 2004, pages 145–158, 2004.
[97] Aiello W, Bellovin S, Blaze M, et al. E?cient, DoS-resistant, secure key ex-change for internet protocols. In Security Protocols, pages 27–39. Springer.
[98]张焕国,罗捷,金刚, et al.可信计算研究进展.武汉大学学报:理学版,52(005): 513–518, 2006.
[99] Sailer R, Jaeger T, Zhang X, et al. Attestation-based policy enforcement forremote access. In Proceedings of the 11th ACM conference on Computer andcommunications security, pages 308–317. ACM, 2004.
[100] Pearson S. Trusted computing: Strengths, weaknesses and further opportuni-ties for enhancing privacy. Trust Management, pages 305–320, 2005.
[101] Hilley S. Trusted computing–path to security or road to servitude? Infosecu-rity Today, 1(4): 18–21, 2004.
[102] Sa?ord D and Zohar M. Trusted computing and open source. InformationSecurity Technical Report, 10(2): 74–82, 2005.
[103] Berger B. Trusted computing group history. Information Security TechnicalReport, 10(2): 59–62, 2005.
[104]沈昌祥.网络信任与公钥认证.电子商务, 3, 2006.
[105]郑宇,何大可, and何明星.基于可信计算的移动终端用户认证方案.计算机学报, 29(008): 1255–1264, 2006.
[106] Goldman K, Perez R, and Sailer R. Linking remote attestation to securetunnel endpoints. In Proceedings of the first ACM workshop on Scalable trustedcomputing, page 24. ACM, 2006.
[107] Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIXSecurity Symposium, pages 223–238. 2004.
[108] Mao W B. Modern cryptography: theory and practice. Prentice Hall Profes-sional Technical Reference, 2003.
[109] Canetti R and Krawczyk H. Analysis of key-exchange protocols and their usefor building secure channels. Advances in Cryptology―EUROCRYPT 2001,pages 453–474, 2001.
[110] Di?e W and Hellman M. New directions in cryptography. IEEE Transactionson information Theory, 22(6): 644–654, 1976.
[111] Choo K, Boyd C, and Hitchcock Y. Errors in computational complexity proofsfor protocols. Advances in Cryptology-ASIACRYPT 2005, pages 624–643,2005.
[112] Pearson S and Balache? B. Trusted computing platforms: TCPA technologyin context. Prentice Hall PTR, 2003.
[113] Bellovin S and Merritt M. Encrypted key exchange: Password-based protocolssecure against dictionary attacks. In Proceedings of the IEEE Symposium onResearch in Security and Privacy, vol. 92. Oakland, 1992.
[114] Group T C. Trusted Platform Module Main Specification.
[115] Needham R and Schroeder M. Using encryption for authentication in largenetworks of computers. Communications of the ACM, 21(12): 999, 1978.
[116] Cohen R. On the establishment of an access VPN in broadband access net-works. IEEE Communications Magazine, 41(2): 156–163, 2003.
[117] for Local I S and metropolitan area networks. Port based Network AccessControl. 802.1X-REV, Draft 11.
[118] Bellare M and Rogaway P. Entity authentication and key distribution. InAdvances in Cryptology―CRYPTO’93, pages 232–249. Springer, 1993.
[119] Wireless L. Medium Access Control (MAC) Security Enhancements, Amend-ment 6 to IEEE Standard for Information technology - Telecommunicationsand information exchange between systems - Local and metropolitan areanetworks - Specific requirements - Part 11: Wireless Medium Access Control.IEEE Std.
[120] Odhiambo O N, Biermann E, Noel G. An integrated security model for WLAN.In IEEE AFRICON Conference, IEEE, 2009.
[121] Park C S. Two-way Handshake protocol for improved security in IEEE 802.11wireless LANs. Computer Communications, Elsevier, 33(9): 1133–1140, 2010.
[122] He C, Sundararajan M, Datta A, et al. A modular correctness proof of IEEE802.11 i and TLS. In Proceedings of the 12th ACM conference on Computerand communications security, page 15. ACM, 2005.
[123] Housley R, Polk W, Ford W, et al. Internet X. 509 public key infrastructurecertificate and certificate revocation list (CRL) profile, 2002.
[124] Shamir A. Identity-based cryptosystems and signature schemes. In Advancesin cryptology, pages 47–53. Springer, 1984.
[125] Al-Riyami S and Paterson K. Certificateless public key cryptography. Ad-vances in Cryptology-ASIACRYPT 2003, pages 452–473, 2003.
[126] Union I. General Characteristics of International Telephone Connections andInternational Telephone Circuits, 1988.
[127] Aboba B, Blunk L, Vollbrecht J, et al. Extensible authentication protocol(EAP), 2004.
[128] McCurley K. The discrete logarithm problem. In Proc. of Symp. in AppliedMath, vol. 42, pages 49–74. 1990.
[129] Boneh D and Franklin M. Identity-based encryption from the Weil pairing.In Advances in Cryptology―CRYPTO 2001, pages 213–229. Springer, 2001.
[130] Group T C. TCG Specification Trusted Network Connect TNC IF-PEP: Pro-tocol binding for Radius Revision 0.7.
[131] Group T C. TCG Specification Trusted Network Connect TNC IF-TNCCS:TLV Binding Revision 10.
[132] Group T C. TCG Specification Trusted Network Connect TNC IF-IMC Re-vision 8.
[133] Group T C. TCG Specification Trusted Network Connect TNC IF-IMV Re-vision 8.
[134] Group T C. TCG Specification Trusted Network Connect TNC IF-M: TLVBinding Revision 30.
[135] KohnfelcJer L. Towards a practical public-key cryptosystem. Ph.D. thesis,Massachusetts Institute of Technology, 1978.
[136] Baek J, Safavi-naini R, and Susilo W. Certificateless public key encryp-tion without pairing. In Computers and Operations Research, pages 134–148.Springer-Verlag, 2005.
[137] Cheng Z and Comley R. E?cient certificateless public key encryption. Tech.rep., In Proc. EUROCRYPT 91, LNCS 547, 2005.
[138] Libert B and jacques Quisquater J. On constructing certificateless cryp-tosystems from identity based encryption. In In PKC 2006, pages 474–490.Springer-Verlag, 2006.
[139] Shi Y and Li J. Provable e?cient certificateless public key encryption. Tech.rep., 2005.
[140] Park D, Boyd C, and Moon S. Forward secrecy and its application to futuremobile communications security. In Public Key Cryptography, pages 433–445.Springer, 2000.
[141] G”unther C. An identity-based key-exchange protocol. In Advances in Cryptol-ogy―Eurocrypt’89, pages 29–37. Springer.
[142] Choie Y, Jeong E, and Lee E. E?cient identity-based authenticated key agree-ment protocol from pairings. Applied Mathematics and Computation, 162(1):179–188, 2005.
[143] Chen L, Cheng Z, and Smart N. Identity-based key agreement protocols frompairings. International Journal of Information Security, 6(4): 213–241, 2007.
[144] Wei Dai. Crypto++ 5.6.0 Benchmarks. https://www.cryptopp.com/benchmarks.html.
[145] OPNET, https://www.opnet.com.
[146] Standard I. IEEE Draft Amendment to Standard for Information Technology- Telecommunications and Information Exchange Between Systems - LAN/-MAN Specific Requirements - Part 11: Wireless Medium Access Control(MAC) and physical layer (PHY) specifications: Amendment: ESS Mesh Net-working, IEEE P802.11s/D1.0.
[147] Standard I. Supplement to Standard for Telecommunications and InformationExchange Between Systems - LAN/MAN Specific Requirements - Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)Specifications: Specification for Enhanced Security, IEEE 802.11.
[148] Wichmann B and Hill I. An e?cient and portable pseudo-random numbergenerator. Applied Statistics, 31(2): 188–190, 1982.
[149] Goldwasser S and Micali S. Probabilistic encryption . Journal of computerand system sciences, 28(2): 270–299, 1984.
[150] Goldreich O, Micali S, and Wigderson A. How to play any mental game. InProceedings of the nineteenth annual ACM symposium on Theory of comput-ing, pages 218–229. ACM, 1987.
[151] Goldreich O, Goldwasser S, and Linial N. Fault-tolerant computation in thefull information model.—, pages 447–457, 1991.
[152] Beaver D. Foundations of secure interactive computing. In Advances in Cryp-tology―CRYPTO’91, pages 377–391. Springer, 1991.
[153] Goldwasser S, Micali S, and Racko? C. The knowledge complexity of interac-tive proof-systems. In Proceedings of the seventeenth annual ACM symposiumon Theory of computing, page 304. ACM, 1985.
[154] Dai W. Crypto++ 5.6.0 Benchmarks.
[155] Potlapally N, Ravi S, Raghunathan A, et al. A study of the energy consump-tion characteristics of cryptographic algorithms and security protocols. IEEETransactions on Mobile Computing, 5(2): 128–143, 2006.IEEE Africon 2009, September 23, 2009 - September 25, 2009
[2] CENTER D O D F G G M M C S. Department of Defense Trusted ComputerSystem Evaluation Criteria, 1983.
[3] Gallagher Jr P. Trusted Database Management System Interpretation. Tech.rep., NCSC-TG-021. Library, 1991.
[4] National Computer Security Center U. Trusted network interpretation of theTrusted computer system evaluation criteria. Tech. rep., NCSC-TG-005, 1987.
[5] Bell D and LaPadula L. Secure computer systems: Mathematical foundations.Tech. rep., Technical Report MTR-2547, 1973.
[6] Microsoft. Trusted platform module services in windows longhorn.
[7] consortium T O T C O. General activities of OpenTC.
[8]张焕国毋国庆.一种新型安全计算机.武汉大学学报:理学版, 50(A01): 1–6,2004.
[9]兆日科技.兆日TPM安全芯片(SSX35)和解决方案.
[10] NISHIMURA K, ISHIKAWA S, HIROTA K, et al. ISO/IEC 15408. DBSJLetters, 4(3): 13–16, 2005.
[11]沈昌祥张焕国.信息安全综述.中国科学: E辑, 37(002): 129–150, 2007.
[12] Grawrock D. TCG Specification Architecture Overview, Revision 1.4.
[13] Rong Z. Trusted chain research. Computer Application, 9: 121–125, 2007.
[14] Group T C. TPM Main Specification Level 2 Version 1.2, Revision 103.
[15] Group T C. TNC TNC Architecture for Interoperability Specification Version1.0, Revision 4.
[16] Group T C. TNC Architecture for Interoperability Specification Version 1.1,Revision 2.
[17] Group T C. TNC Architecture for Interoperability Specification Version 1.2,Revision 4.
[18] Group T C. TNC Architecture for Interoperability Specification Version 1.3,Revision 6.
[19] Group T C. TNC IF-MAP Specification, Version 1.0.
[20] Group T C. TNC Architecture for Interoperability Specification Version 1.4,Revision 4.
[21] Group T C. TCG Specification Trusted Network Connect TNC IF-T: Bindingto TLS Specification version 1.0, Revision 16.
[22] Group T C. TCG Trusted Network Connect Federated TNC Specificationversion 1.0.
[23] Group T C. TCG Trusted Network Connect Clientless Endpoint SupportProfile Specification version 1.0, Revision 13.
[24] Networks J. Juniper Unified Access Control Solution.
[25] Clark D, Sollins K, and Wroclawski J. Newarch project: Future-generationinternet architecture.
[26] Neumann P. Principled assuredly trustworthy composable architectures,Project Report. Tech. rep., Computer Science Laboratory. SRI International,2004.
[27] Ellison R and Moore A. Trustworthy refinement through intrusion-aware de-sign: An overview. In Proc. the 3rd Annual High Confidence Software andSystem Conference, Baltimore, MD. 2003.
[28]林闯.可控可信可扩展的新一代互联网.软件学报, 15(12).
[29]林闯.可信网络研究.计算机学报, 28(005): 751–758, 2005.
[30]闵应骅.可信系统与网络.计算机工程与科学, 23(005): 21–23, 2001.
[31]田立勤.可信网络中一种基于行为信任预测的博弈控制机制.计算机学报,30(011): 1930–1938, 2007.
[32] Dolev D and Yao A. On the security of public key protocols. IEEE Transac-tions on information theory, 29(2): 198–208, 1983.
[33] Mao W. Modern cryptography: theory and practice. Prentice Hall PTR; 1stedition (July 25, 2003), 2003. ISBN 0-1306-6943-1.
[34] Menezes A, Van Oorschot P, and Vanstone S. Handbook of applied cryptogra-phy. CRC, 1997.
[35]王育民.通信网的安全――理论与技术.陕西西安:西安电子科技大学出版社, 1999.
[36]卿斯汉.安全协议的设计与逻辑分析.软件学报, 14(007): 1300–1309, 2003.
[37] Abadi M and Needham R. Prudent engineering practice for cryptographicprotocols. IEEE Transactions on Software Engineering, 22(1): 6–15, 1996.
[38] Needham R M and Schroeder M D. Using encryption for authentication inlarge networks of computers. Commun. ACM, 21(12): 993–999, 1978.
[39]卿斯汉,认证协议的形式化分析,软件学报,1996,Vol.7(A00),P:107-114.
[40]薛锐,冯登国,安全协议的形式化分析技术与方法,计算机学报,2006,Vol.29(1),P:1-20.
[41] Dolev D and Yao A C. On the security of public key protocols. IEEE Trans-actions on Information Theory, pages 198–208, 1983.
[42] Even S and Goldreich O. On the security of multi-party ping-pong protocols.In IEEE Symposium on Foundations of Computer Science, pages 34–39. 1983.
[43] Burrows M, Abadi M, and Needham R. A logic of authentication. ACM Trans.Comput. Syst., 8(1): 18–36, 1990.
[44]卿斯汉,安全协议20年研究进展,软件学报,2003,Vol.14(10),P:1740-1752.
[45] Vardi M Y. Why is modal logic so robustly decidable? Tech. Rep. TR97-274,1997.
[46] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol usingFDR. In Tools and Algorithms for the Construction and Analysis of Systems(TACAS), vol. 1055, pages 147–166. Springer-Verlag, Berlin Germany, 1996.
[47] Thayer J, Herzog J, and Guttman J. Strand spaces: Why is a security protocolcorrect? In Proceeding os the 1998 IEEE Symposium on Security and Privacy,pages 160–171. 1998.
[48] Thayer J, Herzog J, and Guttman J. Strand spaces: Honesy ideals on strandspaces. In Proceeding os the 1998 IEEE computer Security foundations Work-shop., pages 66–77. 1998.
[49] Thayer J, Herzog J, and Guttman J. Strand spaces: Proving security protocolscorrect. Journal of Computer Security, 7: 191–230, 1999.
[50] Abadi M and Gordon A D. A calculus for cryptographic protocols: The spicalculus. In Fourth ACM Conference on Computer and Communications Se-curity, pages 36–47. ACM Press, 1997.
[51] Gong L, Needham R, and Yahalom R. Reasoning About Belief in Crypto-graphic Protocols. In Cooper D and Lunt T, editors, Proceedings 1990 IEEESymposium on Research in Security and Privacy, pages 234–248. IEEE Com-puter Society, 1990.
[52] Abadi M and Tuttle M. A semantics for a logic of authentication. pages201–216.
[53] van Oorschot P. Extending cryptographic logics of belief to key agreementprotocols. In CCS’93: Proceedings of the 1st ACM conference on Computerand communications security, pages 232–243. ACM Press, New York, NY,USA, 1993.
[54] Perrig A and Song D. Looking for diamonds in the desert—extending au-tomatic protocol generation to three-party authentication and key agreementprotocols. In Proceeding of the 13th IEEE Computer Securiy FoundationsWorkshop., pages 64–76. 2000.
[55] Song D X. Athena: A new e?cient automatic checker for security protocolanalysis. In PCSFW: Proceedings of The 12th Computer Security FoundationsWorkshop. IEEE Computer Society Press, 1999.
[56] Milner R, Parrow J, and Walker D. A calculus of mobile processes. Inf.Comput., 100(1): 1–77, 1992.
[57]冯登国,可证明安全性理论与方法研究,软件学报,2005,Vol.16(10),P:1744-1756.
[58] Bellare M and Rogaway P. Random oracles are practical: A paradigm fordesigning e?cient protocols. In ACM Conference on Computer and Commu-nications Security, pages 62–73. 1993.
[59] Canetti R, Goldreich O, and Halevi S. The random oracle methodology, re-visited (preliminary version). pages 209–218. 1998.
[60] David P. Asymmetric cryptography and practical security. Journal of Telecom-munications and Information Technology, 4(1): 41–56, 2002.
[61] Goldreich O. Foundations of Cryptography (Fragments of a Book). WeizmannInstitute of Science, 1995. Available, along with revised version 1/98, fromhttp://theory.lcs.mit.edu/~oded.
[62] F K. Careful Design and Integration of Cryptographic Primitives with Contri-butions to Timing Attack, Padding Schemes and Random Number Generators.PhD thesis, Universite Catholique de Louvain, 2001. ISBN 3-540-65004-0.
[63] Gennaro R, Halevi S, and Rabin T. Secure hash-and-sign signatures withoutthe random oracle. Lecture Notes in Computer Science, 1592: 123++, 1999.
[64] Bellare M, Canetti R, and Krawczyk H. A modular approach to the design andanalysis of authentication and key exchange protocols (extended abstract). InSTOC’98: Proceedings of the thirtieth annual ACM symposium on Theory ofcomputing, pages 419–428. ACM Press, New York, NY, USA, 1998.
[65] Goldwasser S and Micali S. Probabilistic encryption. J. Comput. Syst. Sci.,28(2): 270–299, 1984.
[66] Pfitzmann B and Waidner M. A model for asynchronous reactive systems andits application to secure message transmission. In Proc. of 2001 IEEE Symp.on Security and Privacy. 2001.
[67] Lindell Y. Composition of Secure Multi-Party Protocols: A ComprehensiveStudy. Springer, 2003.
[68] Lindell Y. General composition and universal composability in secure multi-party computation. In FOCS, pages 394–403. 2003.
[69] Canetti R. Universally composable security: A new paradigm for crypto-graphic protocols. In FOCS, pages 136–145. 2001.
[70] Canetti R, Lindell Y, Ostrovsky R, et al. Universally composable two-partyand multi-party secure computation. In STOC, pages 494–503. 2002.
[71]季庆光,对几类重要网络安全协议形式模型的分析,计算机学报,2005,Vol.28(7),P:128-141.
[72] Datta A, Derek A, Mitchell J C, et al. A derivation system for security proto-cols and its logical formalization. In CSFW, pages 109–125. 2003.
[73] Datta A, Derek A, Mitchell J C, et al. Abstraction and refinement in protocolderivation. In CSFW’04: Proceedings of the 17th IEEE Computer SecurityFoundations Workshop (CSFW’04), page 30. IEEE Computer Society, Wash-ington, DC, USA, 2004.
[74] Datta A, Derek A, Mitchell J C, et al. A derivation system and compositionallogic for security protocols. J. Comput. Secur., 13(3): 423–482, 2005.
[75] Datta A, Derek A, Mitchell J C, et al. Secure protocol composition. In FMSE’03: Proceedings of the 2003 ACM workshop on Formal methods in securityengineering, pages 11–23. ACM Press, New York, NY, USA, 2003.
[76] Durgin N, Mitchell J, and Pavlovic D. A compositional logic for protocolcorrectness. In CSFW’01: Proceedings of the 14th IEEE Workshop on Com-puter Security Foundations, page 241. IEEE Computer Society, Washington,DC, USA, 2001.
[77] Durgin N, Mitchell J, and Pavlovic D. A compositional logic for provingsecurity properties of protocols. J. Comput. Secur., 11(4): 677–721, 2004.
[78] Canetti R and Herzog J. Universally composable symbolic analysis of crypto-graphic protocols, 2004.
[79] Canetti R and Herzog J. Universally composable symbolic analysis of mutualauthentication and key-exchange protocols. In Halevi S and Rabin T, editors,TCC, vol. 3876 of Lecture Notes in Computer Science, pages 380–403. Springer,2006.
[80] Patil A. On symbolic analysis of cryptographic protocols. Massachusetts Insti-tute of Technology, 2005.
[81]刘东喜.安全协议的自动验证技术研究. Ph.D. thesis,上海交通大学, 2002.
[82]张爱新.网络安全协议的分析与设计. Ph.D. thesis,华东理工大学, 2002.
[83]任侠.形式化方法在安全协议验证领域内的应用研究. Ph.D. thesis,中国科技大学, 2003.
[84]范红.安全协议形式化分析理论与方法. Ph.D. thesis,解放军信息工程大学,2003.
[85]李莉.安全协议的形式化分析及验证技术研究. Ph.D. thesis,武汉大学, 2004.
[86]李梦君.安全协议形式化验证技术的研究与实现. Ph.D. thesis,国防科大,2005.
[87]赵华伟.两种安全协议形式化理论的研究. Ph.D. thesis,山东大学, 2006.
[88]李兴华.无线网络中认证及密钥协商协议的研究. Ph.D. thesis,西安电子科技大学, 2006.
[89]张帆.无线网络安全协议的形式化分析方法. Ph.D. thesis,西安电子科技大学, 2007.
[90]曹春杰.可证明安全的认证及密钥交换协议设计与分析. Ph.D. thesis,西安电子科技大学, 2008.
[91]冯涛.通用可复合密码协议理论及其应用研究. Ph.D. thesis,西安电子科技大学, 2008.
[92]杨超.无线网络协议的形式化分析与设计. Ph.D. thesis,西安电子科技大学,2008.
[93]陈伟东.安全协议的可证明安全性研究. Ph.D. thesis,国科学院电子学研究所, 2006.
[94]雷飞宇. UC安全多方计算模型及其典型应用研究. Ph.D. thesis,上海交通大学, 2007.
[95] Law L, Menezes A, Qu M, et al. An e?cient protocol for authenticated keyagreement. Designs, Codes and Cryptography, 28(2): 119–134, 2003.
[96] Bresson E, Chevassut O, and Pointcheval D. New security results on encryptedkey exchange. Public Key Cryptography–PKC 2004, pages 145–158, 2004.
[97] Aiello W, Bellovin S, Blaze M, et al. E?cient, DoS-resistant, secure key ex-change for internet protocols. In Security Protocols, pages 27–39. Springer.
[98]张焕国,罗捷,金刚, et al.可信计算研究进展.武汉大学学报:理学版,52(005): 513–518, 2006.
[99] Sailer R, Jaeger T, Zhang X, et al. Attestation-based policy enforcement forremote access. In Proceedings of the 11th ACM conference on Computer andcommunications security, pages 308–317. ACM, 2004.
[100] Pearson S. Trusted computing: Strengths, weaknesses and further opportuni-ties for enhancing privacy. Trust Management, pages 305–320, 2005.
[101] Hilley S. Trusted computing–path to security or road to servitude? Infosecu-rity Today, 1(4): 18–21, 2004.
[102] Sa?ord D and Zohar M. Trusted computing and open source. InformationSecurity Technical Report, 10(2): 74–82, 2005.
[103] Berger B. Trusted computing group history. Information Security TechnicalReport, 10(2): 59–62, 2005.
[104]沈昌祥.网络信任与公钥认证.电子商务, 3, 2006.
[105]郑宇,何大可, and何明星.基于可信计算的移动终端用户认证方案.计算机学报, 29(008): 1255–1264, 2006.
[106] Goldman K, Perez R, and Sailer R. Linking remote attestation to securetunnel endpoints. In Proceedings of the first ACM workshop on Scalable trustedcomputing, page 24. ACM, 2006.
[107] Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIXSecurity Symposium, pages 223–238. 2004.
[108] Mao W B. Modern cryptography: theory and practice. Prentice Hall Profes-sional Technical Reference, 2003.
[109] Canetti R and Krawczyk H. Analysis of key-exchange protocols and their usefor building secure channels. Advances in Cryptology―EUROCRYPT 2001,pages 453–474, 2001.
[110] Di?e W and Hellman M. New directions in cryptography. IEEE Transactionson information Theory, 22(6): 644–654, 1976.
[111] Choo K, Boyd C, and Hitchcock Y. Errors in computational complexity proofsfor protocols. Advances in Cryptology-ASIACRYPT 2005, pages 624–643,2005.
[112] Pearson S and Balache? B. Trusted computing platforms: TCPA technologyin context. Prentice Hall PTR, 2003.
[113] Bellovin S and Merritt M. Encrypted key exchange: Password-based protocolssecure against dictionary attacks. In Proceedings of the IEEE Symposium onResearch in Security and Privacy, vol. 92. Oakland, 1992.
[114] Group T C. Trusted Platform Module Main Specification.
[115] Needham R and Schroeder M. Using encryption for authentication in largenetworks of computers. Communications of the ACM, 21(12): 999, 1978.
[116] Cohen R. On the establishment of an access VPN in broadband access net-works. IEEE Communications Magazine, 41(2): 156–163, 2003.
[117] for Local I S and metropolitan area networks. Port based Network AccessControl. 802.1X-REV, Draft 11.
[118] Bellare M and Rogaway P. Entity authentication and key distribution. InAdvances in Cryptology―CRYPTO’93, pages 232–249. Springer, 1993.
[119] Wireless L. Medium Access Control (MAC) Security Enhancements, Amend-ment 6 to IEEE Standard for Information technology - Telecommunicationsand information exchange between systems - Local and metropolitan areanetworks - Specific requirements - Part 11: Wireless Medium Access Control.IEEE Std.
[120] Odhiambo O N, Biermann E, Noel G. An integrated security model for WLAN.In IEEE AFRICON Conference, IEEE, 2009.
[121] Park C S. Two-way Handshake protocol for improved security in IEEE 802.11wireless LANs. Computer Communications, Elsevier, 33(9): 1133–1140, 2010.
[122] He C, Sundararajan M, Datta A, et al. A modular correctness proof of IEEE802.11 i and TLS. In Proceedings of the 12th ACM conference on Computerand communications security, page 15. ACM, 2005.
[123] Housley R, Polk W, Ford W, et al. Internet X. 509 public key infrastructurecertificate and certificate revocation list (CRL) profile, 2002.
[124] Shamir A. Identity-based cryptosystems and signature schemes. In Advancesin cryptology, pages 47–53. Springer, 1984.
[125] Al-Riyami S and Paterson K. Certificateless public key cryptography. Ad-vances in Cryptology-ASIACRYPT 2003, pages 452–473, 2003.
[126] Union I. General Characteristics of International Telephone Connections andInternational Telephone Circuits, 1988.
[127] Aboba B, Blunk L, Vollbrecht J, et al. Extensible authentication protocol(EAP), 2004.
[128] McCurley K. The discrete logarithm problem. In Proc. of Symp. in AppliedMath, vol. 42, pages 49–74. 1990.
[129] Boneh D and Franklin M. Identity-based encryption from the Weil pairing.In Advances in Cryptology―CRYPTO 2001, pages 213–229. Springer, 2001.
[130] Group T C. TCG Specification Trusted Network Connect TNC IF-PEP: Pro-tocol binding for Radius Revision 0.7.
[131] Group T C. TCG Specification Trusted Network Connect TNC IF-TNCCS:TLV Binding Revision 10.
[132] Group T C. TCG Specification Trusted Network Connect TNC IF-IMC Re-vision 8.
[133] Group T C. TCG Specification Trusted Network Connect TNC IF-IMV Re-vision 8.
[134] Group T C. TCG Specification Trusted Network Connect TNC IF-M: TLVBinding Revision 30.
[135] KohnfelcJer L. Towards a practical public-key cryptosystem. Ph.D. thesis,Massachusetts Institute of Technology, 1978.
[136] Baek J, Safavi-naini R, and Susilo W. Certificateless public key encryp-tion without pairing. In Computers and Operations Research, pages 134–148.Springer-Verlag, 2005.
[137] Cheng Z and Comley R. E?cient certificateless public key encryption. Tech.rep., In Proc. EUROCRYPT 91, LNCS 547, 2005.
[138] Libert B and jacques Quisquater J. On constructing certificateless cryp-tosystems from identity based encryption. In In PKC 2006, pages 474–490.Springer-Verlag, 2006.
[139] Shi Y and Li J. Provable e?cient certificateless public key encryption. Tech.rep., 2005.
[140] Park D, Boyd C, and Moon S. Forward secrecy and its application to futuremobile communications security. In Public Key Cryptography, pages 433–445.Springer, 2000.
[141] G”unther C. An identity-based key-exchange protocol. In Advances in Cryptol-ogy―Eurocrypt’89, pages 29–37. Springer.
[142] Choie Y, Jeong E, and Lee E. E?cient identity-based authenticated key agree-ment protocol from pairings. Applied Mathematics and Computation, 162(1):179–188, 2005.
[143] Chen L, Cheng Z, and Smart N. Identity-based key agreement protocols frompairings. International Journal of Information Security, 6(4): 213–241, 2007.
[144] Wei Dai. Crypto++ 5.6.0 Benchmarks. https://www.cryptopp.com/benchmarks.html.
[145] OPNET, https://www.opnet.com.
[146] Standard I. IEEE Draft Amendment to Standard for Information Technology- Telecommunications and Information Exchange Between Systems - LAN/-MAN Specific Requirements - Part 11: Wireless Medium Access Control(MAC) and physical layer (PHY) specifications: Amendment: ESS Mesh Net-working, IEEE P802.11s/D1.0.
[147] Standard I. Supplement to Standard for Telecommunications and InformationExchange Between Systems - LAN/MAN Specific Requirements - Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)Specifications: Specification for Enhanced Security, IEEE 802.11.
[148] Wichmann B and Hill I. An e?cient and portable pseudo-random numbergenerator. Applied Statistics, 31(2): 188–190, 1982.
[149] Goldwasser S and Micali S. Probabilistic encryption . Journal of computerand system sciences, 28(2): 270–299, 1984.
[150] Goldreich O, Micali S, and Wigderson A. How to play any mental game. InProceedings of the nineteenth annual ACM symposium on Theory of comput-ing, pages 218–229. ACM, 1987.
[151] Goldreich O, Goldwasser S, and Linial N. Fault-tolerant computation in thefull information model.—, pages 447–457, 1991.
[152] Beaver D. Foundations of secure interactive computing. In Advances in Cryp-tology―CRYPTO’91, pages 377–391. Springer, 1991.
[153] Goldwasser S, Micali S, and Racko? C. The knowledge complexity of interac-tive proof-systems. In Proceedings of the seventeenth annual ACM symposiumon Theory of computing, page 304. ACM, 1985.
[154] Dai W. Crypto++ 5.6.0 Benchmarks.
[155] Potlapally N, Ravi S, Raghunathan A, et al. A study of the energy consump-tion characteristics of cryptographic algorithms and security protocols. IEEETransactions on Mobile Computing, 5(2): 128–143, 2006.IEEE Africon 2009, September 23, 2009 - September 25, 2009