安全组通信中数据源认证问题的研究
|
摘要
组通信(Group Communications)已经成为新一代网络体系结构中的一个非常重要的概念,但组通信比一对一的单点通信更难以获得安全保障,安全问题严重制约了组通信应用的发展。而数据源认证是整个安全组通信中的重点和难点问题,也是真正实现安全组通信的基础和前提。因此,本文重点分析了几种典型的安全组通信应用的具体特点,分别给出了几种不同类型的数据源认证方法。因为组播(Multicast)和任播(Anycast)是组通信中最为常用的两种关键技术,所以在本文中重点研究了组播数据源认证,同时也对任播数据源认证进行了一定的探讨。针对组播数据源认证,将非实时数据分发和实时数据流传输这两类最有代表性的组播应用作为重点研究内容,分别给出了一种改进的散列树认证协议和一种混合型多链认证模型,并进行了性能分析和实验测试。此外,还针对无线传感器网络(Wireless Sensor Network,WSN)中安全组通信的具体特点,给出了一种基于消息认证码(Message Authentication Code,MAC)的轻量级组播数据源认证方案。最后比较分析了任播数据源认证与组播数据源认证的异同,并给出了一种基于IPv6网络环境的认证方法。
With the development of computer networks, Internet has spread to every aspect of the social life. Many network applications, such as on-line multimedia conference, distributed cooperating work and transferring sea information are based on group communications, which has been one of the most important concepts in the new network architecture. However, group communications are less secure than point-to-point communications, so security problems have blocked the development of group communications, especially for the secrecy conferences, military commands and some other applications. Although point-to-point communications have the mature security models, they could not be extended to group communications and there are not mature security models in group communications now. On one hand, group communications must maintain the shared contexts of the group, but the group scalability and dynamic make it very difficult; on the other hand, the varieties of application requirements make group communications more complex. Usually, there are some demands in secure group communications as below:
(1)Access Control, permit and deny some communication entities to join the group;
(2)Communication Secrecy, ensure the entities outside of the group not to get the information;
(3)Group Authentication, prevent the entities outside of the group from sending the information to the group;
(4)Source Authentication, know the source entities who sent the information;
(5)Non-repudiation, the sender could not deny the data after sending and the receiver could not deny the data after receiving, which is the senior to the source authentication.
Data origin authentication is one of the most important and difficult problems in secure group communications, and it is also the foundation to implement secure group communications. Data origin authentication must consider the details of all sorts of applications, such as computation (time) overhead, communication (space) overhead, data buffer, network delay, loss probability and so on, so at present there is not an efficient way to solve it really. At present, there are some difficult problems in data origin authentication:
(1)Authenticating real-time streams. Many proposed schemes keep the balance between resisting the packet loss and network bandwidth, but all of them need time delay not only at the sender’s side, but also at the receiver’s side. So the authentication protocols having both low buffer and low delay is difficult to realize.
(2)Many-to-many communication is also a problem. Each receiver has to manage the buffer of each packet according to the proposed protocols. The public key of the sender is difficult to keep for the receivers having the limit resources. These problems are only to resolve with the development of cryptography.
(3)Packet loss is diffucult to resolve. The packet loss ratio could change with the time and network, and it could not be assigned at the same time in the large networks. Hence, the packet loss ratio is important to the authentication protocols.
(4)Collusion attack is a serious problem in mobile and wireless neworks. The time asymmetry is useless in mobile networks, since the packect delay changes with the topography of mobile networks.
Hence, this dissertation researches on the data origin authentication in secure group communications. Since multicast and anycast are the two important technologies in group communications, this dissertation attaches more attentions to multicast authentication, and anycast authentication is also researched. The major content includes:
(1)unreal-time multicast data origin authentication. More unrealtime multicast applications are distributing remote files, and the sender is powerful but the receiver is weak, so which has to be considered to authenticate unrealtime multicast data. First, both hash star and hash tree, which are two major schemes for authenticating unreal-time multicast data, is introduced. Then considering the high communication overhead of hash star, IHAP (Improved Hash-treeing Authentication Protocol) is proposed based on hash tree. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with hash tree by the performance analyses and simulation results, the computation overhead of IHAP is less than SAIDA, the communication overhead of IHAP is less than hash star and hash tree, and the authentication probability of IHAP could reach 90% if the packet loss ratio is less than 25%. So IHAP could adapt to authenticate unreal-time multicast data very well.
(2)real-time multicast data stream origin authentication. Authenticating real-time multicast streams is the most difficult problem, especially for the loss channels and unreliable networks. First, forward hash chain that is the most efficient scheme for authenticating real-time multicast data streams is introduced. Then HMAM(Hybrid Multi-chaining Authentication Model)is proposed. HMAM contains the merits of both random chaining sequence and periodical chaining sequence, and authenticates the important data first of all. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with some other similar schemes by the performance analyses and simulation results, HMAM could adapt to authenticate real-time multicast data very well, especially for the loss channels and unreliable networks.
(3)Multicast data origin authentication in Wireless Sensor Network(WSN). Secure group communications is efficient to WSN, so multicast authentication is also the important and difficult problem. However, digitial signature is not efficient in WSN for the high computation and communication overheads. TESLA and the simililar protocols based on MAC require the time sychronization in the group, but it is difficult to realize in WSN. So LAMA (Lightweight Approach to Multicast Authentication) is proposed based on Hashing Message Authentication Code (HMAC). LAMA has the low computation overhead and does not require the time synchronization in the group. Furthermore, every receiver could authenticate each data packet at once, and ensure the high authentication probability.
(4)Anycast data origin authentication. Both AH and ESP, the two extension headers of IPv6 packets, are the most security components in IPv6. An approach to authenticate anycast data is proposed base on symmetrical key. It makes the sender’s router could control anycast, and the receiver’s router could manage the group. Besides, the shared keys are not required in the group members and they could join and leave the group dynamically. At the same time, each anycast client could connect the anycast group with the anycast router, which resolves the limitation that anycast address could not be assigned to IPv6 clients. This approach has the low computation and communication overheads since it is based on symmetrical key. Moreover, it could also improve the performance to authenticate multicast data and make the nodes of shared trees amotize the computation and communication overheads.
With the development of computer networks, Internet has spread to every aspect of the social life. Many network applications, such as on-line multimedia conference, distributed cooperating work and transferring sea information are based on group communications, which has been one of the most important concepts in the new network architecture. However, group communications are less secure than point-to-point communications, so security problems have blocked the development of group communications, especially for the secrecy conferences, military commands and some other applications. Although point-to-point communications have the mature security models, they could not be extended to group communications and there are not mature security models in group communications now. On one hand, group communications must maintain the shared contexts of the group, but the group scalability and dynamic make it very difficult; on the other hand, the varieties of application requirements make group communications more complex. Usually, there are some demands in secure group communications as below:
(1)Access Control, permit and deny some communication entities to join the group;
(2)Communication Secrecy, ensure the entities outside of the group not to get the information;
(3)Group Authentication, prevent the entities outside of the group from sending the information to the group;
(4)Source Authentication, know the source entities who sent the information;
(5)Non-repudiation, the sender could not deny the data after sending and the receiver could not deny the data after receiving, which is the senior to the source authentication.
Data origin authentication is one of the most important and difficult problems in secure group communications, and it is also the foundation to implement secure group communications. Data origin authentication must consider the details of all sorts of applications, such as computation (time) overhead, communication (space) overhead, data buffer, network delay, loss probability and so on, so at present there is not an efficient way to solve it really. At present, there are some difficult problems in data origin authentication:
(1)Authenticating real-time streams. Many proposed schemes keep the balance between resisting the packet loss and network bandwidth, but all of them need time delay not only at the sender’s side, but also at the receiver’s side. So the authentication protocols having both low buffer and low delay is difficult to realize.
(2)Many-to-many communication is also a problem. Each receiver has to manage the buffer of each packet according to the proposed protocols. The public key of the sender is difficult to keep for the receivers having the limit resources. These problems are only to resolve with the development of cryptography.
(3)Packet loss is diffucult to resolve. The packet loss ratio could change with the time and network, and it could not be assigned at the same time in the large networks. Hence, the packet loss ratio is important to the authentication protocols.
(4)Collusion attack is a serious problem in mobile and wireless neworks. The time asymmetry is useless in mobile networks, since the packect delay changes with the topography of mobile networks.
Hence, this dissertation researches on the data origin authentication in secure group communications. Since multicast and anycast are the two important technologies in group communications, this dissertation attaches more attentions to multicast authentication, and anycast authentication is also researched. The major content includes:
(1)unreal-time multicast data origin authentication. More unrealtime multicast applications are distributing remote files, and the sender is powerful but the receiver is weak, so which has to be considered to authenticate unrealtime multicast data. First, both hash star and hash tree, which are two major schemes for authenticating unreal-time multicast data, is introduced. Then considering the high communication overhead of hash star, IHAP (Improved Hash-treeing Authentication Protocol) is proposed based on hash tree. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with hash tree by the performance analyses and simulation results, the computation overhead of IHAP is less than SAIDA, the communication overhead of IHAP is less than hash star and hash tree, and the authentication probability of IHAP could reach 90% if the packet loss ratio is less than 25%. So IHAP could adapt to authenticate unreal-time multicast data very well.
(2)real-time multicast data stream origin authentication. Authenticating real-time multicast streams is the most difficult problem, especially for the loss channels and unreliable networks. First, forward hash chain that is the most efficient scheme for authenticating real-time multicast data streams is introduced. Then HMAM(Hybrid Multi-chaining Authentication Model)is proposed. HMAM contains the merits of both random chaining sequence and periodical chaining sequence, and authenticates the important data first of all. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with some other similar schemes by the performance analyses and simulation results, HMAM could adapt to authenticate real-time multicast data very well, especially for the loss channels and unreliable networks.
(3)Multicast data origin authentication in Wireless Sensor Network(WSN). Secure group communications is efficient to WSN, so multicast authentication is also the important and difficult problem. However, digitial signature is not efficient in WSN for the high computation and communication overheads. TESLA and the simililar protocols based on MAC require the time sychronization in the group, but it is difficult to realize in WSN. So LAMA (Lightweight Approach to Multicast Authentication) is proposed based on Hashing Message Authentication Code (HMAC). LAMA has the low computation overhead and does not require the time synchronization in the group. Furthermore, every receiver could authenticate each data packet at once, and ensure the high authentication probability.
(4)Anycast data origin authentication. Both AH and ESP, the two extension headers of IPv6 packets, are the most security components in IPv6. An approach to authenticate anycast data is proposed base on symmetrical key. It makes the sender’s router could control anycast, and the receiver’s router could manage the group. Besides, the shared keys are not required in the group members and they could join and leave the group dynamically. At the same time, each anycast client could connect the anycast group with the anycast router, which resolves the limitation that anycast address could not be assigned to IPv6 clients. This approach has the low computation and communication overheads since it is based on symmetrical key. Moreover, it could also improve the performance to authenticate multicast data and make the nodes of shared trees amotize the computation and communication overheads.
引文
[1]尹青.组通信安全管理研究与实现[D].郑州:解放军信息工程大学,2005.
[2] Kent S, Atkinson R. RFC2401: Security Architecture for the Internet Protocol[EB/OL]. (1998-11-11) [2008-6-29]. http://www.ietf.org/rfc/rfc2401.txt.
[3] Lakshminath R D, Sarit M, Ashok S. Scalable secure one-to-many group communication using dual encryption[J]. Computer Communications, 1999, 23(17): 1681-1701.
[4]赵膺,宋佳兴,徐万鸿,等.安全组播综述[J].小型微型计算机系统,2003,24(10):1873-1877.
[5] Banerjee S, Bhattacharjee B. Scalable secure group communication over IP multicast[J]. Special Issue on Network Support for Group Communication, 2002, 20 (8):156-163.
[6] He J X, Xu G C, Zhou Z G, et al. A new approach for source authentication of multicast data[C]. Proc. of SAM’06. Las Vegas: CSREA, 2006: 118-122.
[7] He J X, Xu G C, Fu X D, et al. A hybrid and efficient scheme of multicast source authentication[C]. Proc. of SNPD 2007. Qingdao: IEEE, 2007: 123-125.
[8] He J X, Xu G C, Fu X D, et al. LMCM: Layered multiple chaining model for authenticating multicast streams[C]. Proc. of SNPD 2008. Phuket: IEEE, 2008: 206-211.
[9]贺金鑫,徐高潮,付晓东,等.一种改进的安全组播数据源认证方法[J].计算机科学,2006,33(8):197-199.
[10]贺金鑫,欧阳若川,徐高潮.基于前向散列链的实时组播流源认证方法[J].吉林大学学报(信息科学版),2007,25(5):560-563.
[11]贺金鑫,徐高潮,付晓东,等.一种有效的混合式组播通信源认证方法[J].微电子学与计算机,2007,36(12):122-124.
[12] Zhu L, Cao Y, Wang D. Digital signature of multicast streams secure againstaaptive chosen message attack[J]. Computers & Security, 2004, 23(1):229-240.
[13]陈璟.多播安全中几个关键问题的研究[D].西安:西安电子科技大学,2004.
[14] Hardjono T, Dondeti L R. Multicast and group security[M]. London: Artech House, 2003.
[15]周贤伟.IP组播与安全[M].北京:国防工业出版社,2006.
[16]邹艳.安全组播及源认证方法的应用研究[D].重庆:重庆大学,2004.
[17]邹艳.基于抗碰撞函数和分组认证树的组播源认证方案[J].计算机工程与应用,2004,13(2):137-138.
[18]邹艳.基于满二叉树和杂凑函数的组播源认证方法[J].计算机应用与软件,2005,22(7):114-115.
[19]徐高潮,胡亮,付晓东.计算机网络[M].长春:吉林大学出版社,2002.
[20]徐高潮,胡亮,鞠九滨.分布计算系统[M].北京:高等教育出版社,2004.
[21]谢希仁.计算机网络(第四版)[M].北京:电子工业出版社,2003.
[22] Chan K C, Chan S G. Distributed servers approach for large-scale secure multicast[J]. The IEEE Journal on Selected Areas in Communications, 2002, 20(8): 1500-1510.
[23] Deering S E. RFC1112: host extensions for IP multicasting [EB/OL]. (1988-8-15) [2008-09-20]. http://www.faqs.org/rfcs/rfc1112.html.
[24] Deering S E, Hinden R. RFC2460: IPv6 Specification[EB/OL]. (1998-12-25) [2007-2-17]. http://www.faqs.org/rfcs/rfc2460.html.
[25]陆音,石进,黄皓,等.综述:关于IPv6安全性问题的研究[J].计算机科学,2006,33(5):5-11,21.
[26] Stevens W R.TCP/IP详解(卷1):协议[M].北京:机械工业出版社,2004.
[27] Farinacci D, Cai Y. RFC4610: anycast-rp using protocol independent multicast (PIM) [EB/OL]. (2006-6-11) [2008-2-29]. http://www.ietf.org/rfc/rfc4610.txt.
[28]李领治.选播路由及其关键技术研究[D].南京:南京航空航天大学,2006.
[29] Zhou Z G, Xu G C, He J X, et al. Research of secure anycast[C]. Proc. of ICHIT2006. Jeju: IEEE, 2006: 186-190.
[30] Zhou Z G, Xu G C, He J X, et al. Research of secure anycast Group management[C]. Proc. of NCM2008. Gyeongju: IEEE, 2008: 604-608.
[31] Xu S, Sandhu R. Authenticated multicast immune to denial-of-service attack[C]. Proc. of ACM Symposium on Applied Computing. Madrid: ACM, 2002: 196-200.
[32] Sherlia Y S, Jonathan S. T. Multicast routing and bandwidth dimensioning in overlay networks[J]. IEEE Journal on selected areas in communications. 2002, 20(8): 1444-1455.
[33] Tan S, Waters G, Crawford J. A survey and performance evaluation of scalable tree-based application layer multicast protocol[R]. UK: University of Kent at Canterbury, 2003.
[34] Song R, Korba L. Cryptanalysis of scalable multicast security protocol[J]. IEEE Communications Letters, 2003,7(11):121-130.
[35]费金龙,祝跃飞,刘雅辉,等.组播Internet密钥协商的研究与实现[J].微电子学与计算机,2006,23(2):185-188.
[36]李保红,候义斌,赵银亮.安全多播中密钥更新机制的性能优化[J].西安交通大学学报,2004,38(10):1053-1056.
[37]陆正福,李亚东,何英.IP多播组密钥管理方案分类体系研究[J].计算机工程与科学,2004,26(10):23-27.
[38]潘志铂,郑宝玉,吴蒙.一种基于时间流的安全多播密钥更新机制的研究[J].电子与信息学报,2004,26(7):1045-1052.
[39]宣文霞,窦万峰.基于LKH的组播密钥分发改进方案R-LKH[J].微电子学与计算机,2006,23(10):213-216.
[40]许勇,凌龙,顾冠群.可靠可缩放安全多播密钥更新研究[J].计算机研究与发展,2004,41(6):934-939.
[41]陈璟,杨波,田春歧.基于单向函数树的多播密钥管理安全性方案分析[J].西安电子科技大学学报(自然科学版),2004,31(6):959-962.
[42] Hardjono T, Verisign B W. RFC3740: The Multicast Group Security Architecture[EB/OL]. (2004-3-25) [2008-8-8]. http://www.ietf.org/rfc/rfc3740.txt.
[43] Chu H H, Qiao L, Nahrstedt K. A secure multicast protocol with copyright protection[J]. ACM SIGCOMM Computer Communications Review, 2002, 32(2): 42-60.
[44] Sanjeev S, Sencun Z Sushil J. A comparative performance analysis of reliable group rekey transport protocols for secure multicast[C]. Proc. of the Performance Conference. Rome: IEEE, 2002: 21-41.
[45] Waldvogel M, Garonni G, Sun D, et al. The versakey framework: versatile group key management[J]. IEEE Journal on Selected Areas in Communications (Special Issue on Middleware), 1999, 17(9):1614-1631.
[46] Kim Y, Perrig A, Tsudik G. Simple and fault-tolerant key agreement for dynamic collaborative groups[C]. Proc. of the 7th ACM Conf. on Computer and Communications Security. Athens: ACM, 2000: 235-244.
[47] Yang L, Li X S, Zhang X B, et al. Reliable group rekeying: a performance analysis[C]. Proc. of SIGCOMM. San Diego: ACM, 2001: 27-31.
[48] Paul J, Mostafa A. Security issues and solutions in multicast content Distribution: a survey[J]. IEEE Network, 2003, 28(12): 30-36.
[49]冯俊昌,叶天语.一个安全多播主机结构模型[J].中原工学院学报,2005,16(1):75-78.
[50]谢铮.移动自组网中Anycast路由协议及其安全机制的研究[D].长沙:中南大学,2004.
[51]张展,段起阳,高传善.基于IPv6网络的Anycast路由协议[J].计算机研究与发展,2003,40(7):1028-1035.
[52] Menezes A J.应用密码学手册[M].北京:电子工业出版社,2005.
[53]杨波.现代密码学[M].北京:清华大学出版社,2003.
[54]郭兴阳.基于攻击的数字签名安全性分析研究[D].长沙:国防科学技术大学,2006.
[55]钱海峰.若干数字签名方案的分析、设计与应用[D].上海:上海交通大学,2006.
[56]赵泽茂.数字签名理论及应用研究[D].南京:南京理工大学,2005.
[57]周玉洁,冯登国.公开密钥密码算法及其快速实现[M].北京:国防工业出版社,2002.
[58] Schnorr C P. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991,4 (3):161-174.
[59] Chien H Y, Jan J K, Tseng Y M.An efficient and practical solution to remote authentication: smart card [J].Computer & Security, 2002, 21(4): 372-375.
[60] Canetti R, Caray J, Itkis G, et al. Multicast security: a taxonomy and some efficient constructions[C]. Proc. of the INFOCOM’99. New York: ACM, 1999: 708-716.
[61] Canetti R, Pinkas B. A taxonomy of multicast security issues[EB/OL]. (1999-10-1) [2007-12-20]. http://www.ietf.org/msec.html.
[62] Gennaro R, Rohatgi P. How to sign digital streams[J]. Information and Computation, 2001, 199(1): 100-116.
[63]陈海楠.基于一次签名的组播源认证方案的设计及其在Helix平台的实现[D].厦门:厦门大学,2006.
[64]牛震宇,周贤伟,杨军.一种安全高效的组播源认证一次签名方案分析[J].微电子学与计算机,2004,21(10):4-9.
[65] Perrig A. The BiBa one time signature and broadcast Authentication Protocol[C]. Proc. of CCS’01. Phildelphia: ACM, 2001:11-20.
[66] Aslan H K. A hybrid scheme for multicast authentication over lossy networks[J]. Computers & Security, 2004, 23(6): 705-713.
[67] Barnett C A. Efficient, reliable and secure source authentication schemes for realtime multicast[D]. Maryland: Maryland University, 2003.
[68] Boneh D, Durfee G, Franklin M. Lower bounds for multicast message authentication[J]. Theory and Application of Cryptographic Techniques. 2001, 45(1): 437-452.
[69] Perrig A, Canetti R, Tygar J D, et al. Efficient authentication and signing ofmulticast streams over lossy channels[C]. Proc. of the 2000 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE, 2000: 56-73.
[70] Perrg A, Canetti R, Song D, et al. Efficient and secure source authentication for multicast[C]. Proc. of NDSS’01. San Diego: ISOC, 2001: 79-90.
[71] Perrig A, Song D, Canetti R, et al. RFC4082: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): multicast source authentication transform introduction[EB/OL], (2005-6-6) [2007-7-7]. http://www.ietf.org/rfc/rfc4082.txt.
[72]李真.基于事件序列组播源认证方案的研究与实现[D].南宁:广西师范大学,2003.
[73]刘传才,郭文忠.基于消息认证码的安全有效的组播源认证[J].微电子学与计算机,2002,31(6):13-17.
[74]何永忠,冯登国.一个组播源认证方案的安全分析[J].计算机工程,2006,32(18):12-22.
[75]黄鑫阳,杨明,吕珊珊.一种高效的多播源认证协议与仿真实现[J].系统仿真学报,2007,19(10):2216-2221.
[76]张海波,周贤伟,宋存义.IP组播不可否认数据源认证研究进展[J].电子与信息学报,2006,28(11):2205-2207.
[77] Pannetrat A, Molva R. Authenticating real time packet streams and multicast[C]. Proc. of 7th International Symposium on Computers and Communications. Taormina: IEEE, 2002: 490-495.
[78] Golle P, Modadugu N. Authenticating streamed data in the presence of random packet loss[C]. Proc. of ISOC Network and Distributed System Security Symposium. San Diego: Internet Security, 2001: 13-22.
[79] Miner S, Staddon J. Graph-based authentication of digital streams[C]. Proc. of IEEE Symposium on Security and Privacy. Oakland: IEEE, 2001: 232-246.
[80] Wong C K, Lam S S. Digital signatures for flows and multicasts[J]. IEEE/ACM transactions on Networking, 1999, 7(4): 502-513.
[81] Park J M, Chong E K, Siegel H J. Efficient multicast stream authentication using erasure codes[J]. ACM Transaction on Information and System Security, 2003, 6(2): 258-285.
[82]王炳新,李廉,曾述宾.基于CA的安全组播源认证方案研究[J].计算机与现代化,2005,7(9):78-80.
[83] Baugher M, Canetti R, Dondeti L, et al. RFC 4046: multicast security (msec) group key management architecture[EB/OL]. (2005-4-1) [2007-12-1]. http://www.ietf.org/rfc/rfc4046.txt.
[84] Sandro R, David H. A survey of key management for secure group communication[J]. ACM Computing Surveys: 2003, 35(3): 309-329.
[85]徐明伟,董晓虎,徐恪.组播密钥管理的研究进展[J].软件学报,2004,15(1):141-150.
[86] Wallner D, Harder E, Agee R. RFC 2627: Key management for multicast: Issues and architectures[EB/OL]. (1999-12-31) [2007-12-12]. http://www.ietf.org/rfc/rfc2627.txt.
[87] Harney H, Muckenhirn C. RFC2093: Group Key Management Protocol (GKMP) Specification[EB/OL]. (1997-7-1) [2008-08-28]. http://www.faqs.org/rfcs/rfc2093.html.
[88] Harney H, Muckenhirn C. RFC2094: Group Key Management Protocol (GKMP) Architecture[EB/OL]. (1997-7-1) [2008-08-28]. http://www.faqs.org/rfcs/rfc2094.html.
[89] Setiner M, Taudik G, Waidnet M. Cliques: a new approach to group key agreement[R]. USA: IBM Research, 1997.
[90] Mittra S. Iolus: A framework for scalable secure multicasting[J]. ACM SIGCOMM Computer Communication Review, 1997, 27(4): 277-288.
[91] Balenson D, McGrew D, Sherman A. Key management for large dynamic groups: One-Way function trees and amortized initialization[EB/OL]. (2000-1-1) [2006-9-10]. http://www.ietf.org/msec.html.
[92] Yoon E, Yoo K. An improved popescu’s authenticated key agreement protocol[C]. Proc. of ICCSA 2006. Berlin: Springer-Verlag, 2006.
[93]熊继平,朱文涛,李津生,等.基于Tornado码的安全组播源认证方案[J].小型微型计算机系统,2004,25(11):1922-1925.
[94]李治宇,沈苏彬.IP网络安全多播控制机制的设计与实现[J].南京邮电学院学报,2005,25(1):35-41.
[95]徐雷鸣,庞博,赵耀.NS与网络模拟[M].北京:人民邮电出版社,2003.
[96]于斌,孙斌,温暖,等.NS2与网络模拟[M].北京:人民邮电出版社,2007.
[97] Bajaj L, Takai M, Ahuja R, et al.Glomosim: A scalable network simulation environment[R]. USA: UCLA Computer Science Department, 1999.
[98] Abuein Q, Shibusawa S. A graph-based new amortization scheme for multicast streams authentication[J]. Advanced Modeling and Optimization, 2005, 7(2): 238-261.
[99] Challal Y, Bouabdallah A, Hinard Y. RLH: Receiver driven layered hash-chaining for multicast data origin authentication[J]. Computer Communications, 2004, 28(7): 726-740.
[100] Channal Y, Bettahar H, Bouabdallah A. A taxonomy of multicast data origin authentication: issues and solutions[J]. IEEE Communications Surveys and Tutorials, 2004, 6(3): 34-57.
[101] Challal Y, Battahar H, Bouabdallah A. Hybrid and adaptive hash-chaining scheme for data streaming source authentication[C]. Proc. of HSNMC 2004. Berlin: Springer, 2004: 1056-1067.
[102] Challal Y, Bettahar H, Bouabdallah A. SAKM: a scalable and adaptive key management approach for multicast communications[J]. ACM SIGCOMM Computer Communications Review: 2004, 34(2): 55-70.
[103] Challal Y, Bouabdallah A, Battahar H. H2A: Hybrid hash-chaining scheme for adaptive multicast source authentication of media-streaming[J]. Computers & Security, 2005, 24(1): 57-68.
[104] Hinard Y, Bettahar H, Challal Y, et al. Layered multicast data origin authentication and non-repudiation over lossy networks[C]. Proc. of ISCC’06. Pula-Cagliari: IEEE, 2006: 111-116.
[105]马建庆.无线传感器网络安全的关键技术研究[D].上海:复旦大学,2007.
[106]李晖.无线传感器网络安全技术研究[D].上海:上海交通大学,2007.
[107]周贤伟,施德军,覃伯平.无线传感器网络认证机制的研究[J].计算机应用研究,2006,23(12):108-111.
[108] Liu D G. Security mechanisms for wireless sensor networks[D]. North Carolina: North Carolina State University, 2005.
[109]赵治平.无线传感器网络组密钥管理研究[D].长沙:湖南大学,2007.
[110] Lysyanskaya A, Tamassia R, Triandopoulos N. Multicast authentication in fully adversarial networks[C]. Proc. of IEEE Symposium on Security and Privacy. Oakland: IEEE, 2004:241-255.
[111] Zhang Z, Sun Q, Wong W. A proposal of butterfly-graph based stream authentication over lossy networks[C]. Proc. of ICME2005. Amsterdam: IEEE, 2005: 115-118.
[112] Briscoe B. FlAMS: Fast, Loss-Tolerant Authentication of Multicast Streams[R]. London: British Telecommunications PLC, 2000.
[113] Wang W, Li Z, Lu C et al. An efficient multicast source authentication protocol[J]. Wuhan University Journal of Natural Sciences, 2006, 11(6): 1831-1834.
[114]朱丹.一种组播源认证协议的优化改进设计与原型实现[D].大连:大连理工大学,2007.
[115] Rodeh O, Birman K, Dolev D. Optimized group rekey for group communication systems[R]. Jerusalem: Hebrew University, 1999.
[116] Diot C, Levine B N, Lyles B, et al. Deployment issues for the IP multicast service and architecture[J]. IEEE Network, 2000, 14(1): 78–88.
[117]赵安军,郭雷,姚俊.基于消息认证码的组播源认证研究[J].西北工业大学学报,2004,22(1):45-48.
[118]赵安军,徐邦海,郭雷.动态Ad hoc网络环境下组播源认证研究[J].计算机应用研究,2007,24(1):291-293.
[119] Zhao X, Prakash A. Source authentication in group communication systems[C]. Proc. of DEXA’03. Prague: IEEE, 2003: 76-80.
[120] Sharma A. A simple approach to data source authentication for multicast security[EB/OL]. (2004-5-1) [2008-5-1]. http://www.ietf.org/ietf/lid-abstract.txt.
[121] Li X X, Huai J P. Efficient non-repudiation multicast source authentication schemes[J]. Journal of Computer Science and Technology, 2002, 17(6): 820-829.
[122] Stallings W.密码编码学与网络安全:原理与实践(第四版)[M].北京:电子工业出版社,2006.
[123]张春瑞,王开云.基于IPSec的组播数据源认证设计方案[J].计算机工程与设计,2006,27(10):1754-1756.
[124]杨邓奇.基于ECDSA多播数据源认证协议设计及其BAN逻辑分析[J].开发研究与设计技术,2007,5(2):101-103.
[125]周贤伟,戴昕昱,刘蕴络.IP组播源认证方案研究[J].计算机工程,2007,33(16):130-132.
[2] Kent S, Atkinson R. RFC2401: Security Architecture for the Internet Protocol[EB/OL]. (1998-11-11) [2008-6-29]. http://www.ietf.org/rfc/rfc2401.txt.
[3] Lakshminath R D, Sarit M, Ashok S. Scalable secure one-to-many group communication using dual encryption[J]. Computer Communications, 1999, 23(17): 1681-1701.
[4]赵膺,宋佳兴,徐万鸿,等.安全组播综述[J].小型微型计算机系统,2003,24(10):1873-1877.
[5] Banerjee S, Bhattacharjee B. Scalable secure group communication over IP multicast[J]. Special Issue on Network Support for Group Communication, 2002, 20 (8):156-163.
[6] He J X, Xu G C, Zhou Z G, et al. A new approach for source authentication of multicast data[C]. Proc. of SAM’06. Las Vegas: CSREA, 2006: 118-122.
[7] He J X, Xu G C, Fu X D, et al. A hybrid and efficient scheme of multicast source authentication[C]. Proc. of SNPD 2007. Qingdao: IEEE, 2007: 123-125.
[8] He J X, Xu G C, Fu X D, et al. LMCM: Layered multiple chaining model for authenticating multicast streams[C]. Proc. of SNPD 2008. Phuket: IEEE, 2008: 206-211.
[9]贺金鑫,徐高潮,付晓东,等.一种改进的安全组播数据源认证方法[J].计算机科学,2006,33(8):197-199.
[10]贺金鑫,欧阳若川,徐高潮.基于前向散列链的实时组播流源认证方法[J].吉林大学学报(信息科学版),2007,25(5):560-563.
[11]贺金鑫,徐高潮,付晓东,等.一种有效的混合式组播通信源认证方法[J].微电子学与计算机,2007,36(12):122-124.
[12] Zhu L, Cao Y, Wang D. Digital signature of multicast streams secure againstaaptive chosen message attack[J]. Computers & Security, 2004, 23(1):229-240.
[13]陈璟.多播安全中几个关键问题的研究[D].西安:西安电子科技大学,2004.
[14] Hardjono T, Dondeti L R. Multicast and group security[M]. London: Artech House, 2003.
[15]周贤伟.IP组播与安全[M].北京:国防工业出版社,2006.
[16]邹艳.安全组播及源认证方法的应用研究[D].重庆:重庆大学,2004.
[17]邹艳.基于抗碰撞函数和分组认证树的组播源认证方案[J].计算机工程与应用,2004,13(2):137-138.
[18]邹艳.基于满二叉树和杂凑函数的组播源认证方法[J].计算机应用与软件,2005,22(7):114-115.
[19]徐高潮,胡亮,付晓东.计算机网络[M].长春:吉林大学出版社,2002.
[20]徐高潮,胡亮,鞠九滨.分布计算系统[M].北京:高等教育出版社,2004.
[21]谢希仁.计算机网络(第四版)[M].北京:电子工业出版社,2003.
[22] Chan K C, Chan S G. Distributed servers approach for large-scale secure multicast[J]. The IEEE Journal on Selected Areas in Communications, 2002, 20(8): 1500-1510.
[23] Deering S E. RFC1112: host extensions for IP multicasting [EB/OL]. (1988-8-15) [2008-09-20]. http://www.faqs.org/rfcs/rfc1112.html.
[24] Deering S E, Hinden R. RFC2460: IPv6 Specification[EB/OL]. (1998-12-25) [2007-2-17]. http://www.faqs.org/rfcs/rfc2460.html.
[25]陆音,石进,黄皓,等.综述:关于IPv6安全性问题的研究[J].计算机科学,2006,33(5):5-11,21.
[26] Stevens W R.TCP/IP详解(卷1):协议[M].北京:机械工业出版社,2004.
[27] Farinacci D, Cai Y. RFC4610: anycast-rp using protocol independent multicast (PIM) [EB/OL]. (2006-6-11) [2008-2-29]. http://www.ietf.org/rfc/rfc4610.txt.
[28]李领治.选播路由及其关键技术研究[D].南京:南京航空航天大学,2006.
[29] Zhou Z G, Xu G C, He J X, et al. Research of secure anycast[C]. Proc. of ICHIT2006. Jeju: IEEE, 2006: 186-190.
[30] Zhou Z G, Xu G C, He J X, et al. Research of secure anycast Group management[C]. Proc. of NCM2008. Gyeongju: IEEE, 2008: 604-608.
[31] Xu S, Sandhu R. Authenticated multicast immune to denial-of-service attack[C]. Proc. of ACM Symposium on Applied Computing. Madrid: ACM, 2002: 196-200.
[32] Sherlia Y S, Jonathan S. T. Multicast routing and bandwidth dimensioning in overlay networks[J]. IEEE Journal on selected areas in communications. 2002, 20(8): 1444-1455.
[33] Tan S, Waters G, Crawford J. A survey and performance evaluation of scalable tree-based application layer multicast protocol[R]. UK: University of Kent at Canterbury, 2003.
[34] Song R, Korba L. Cryptanalysis of scalable multicast security protocol[J]. IEEE Communications Letters, 2003,7(11):121-130.
[35]费金龙,祝跃飞,刘雅辉,等.组播Internet密钥协商的研究与实现[J].微电子学与计算机,2006,23(2):185-188.
[36]李保红,候义斌,赵银亮.安全多播中密钥更新机制的性能优化[J].西安交通大学学报,2004,38(10):1053-1056.
[37]陆正福,李亚东,何英.IP多播组密钥管理方案分类体系研究[J].计算机工程与科学,2004,26(10):23-27.
[38]潘志铂,郑宝玉,吴蒙.一种基于时间流的安全多播密钥更新机制的研究[J].电子与信息学报,2004,26(7):1045-1052.
[39]宣文霞,窦万峰.基于LKH的组播密钥分发改进方案R-LKH[J].微电子学与计算机,2006,23(10):213-216.
[40]许勇,凌龙,顾冠群.可靠可缩放安全多播密钥更新研究[J].计算机研究与发展,2004,41(6):934-939.
[41]陈璟,杨波,田春歧.基于单向函数树的多播密钥管理安全性方案分析[J].西安电子科技大学学报(自然科学版),2004,31(6):959-962.
[42] Hardjono T, Verisign B W. RFC3740: The Multicast Group Security Architecture[EB/OL]. (2004-3-25) [2008-8-8]. http://www.ietf.org/rfc/rfc3740.txt.
[43] Chu H H, Qiao L, Nahrstedt K. A secure multicast protocol with copyright protection[J]. ACM SIGCOMM Computer Communications Review, 2002, 32(2): 42-60.
[44] Sanjeev S, Sencun Z Sushil J. A comparative performance analysis of reliable group rekey transport protocols for secure multicast[C]. Proc. of the Performance Conference. Rome: IEEE, 2002: 21-41.
[45] Waldvogel M, Garonni G, Sun D, et al. The versakey framework: versatile group key management[J]. IEEE Journal on Selected Areas in Communications (Special Issue on Middleware), 1999, 17(9):1614-1631.
[46] Kim Y, Perrig A, Tsudik G. Simple and fault-tolerant key agreement for dynamic collaborative groups[C]. Proc. of the 7th ACM Conf. on Computer and Communications Security. Athens: ACM, 2000: 235-244.
[47] Yang L, Li X S, Zhang X B, et al. Reliable group rekeying: a performance analysis[C]. Proc. of SIGCOMM. San Diego: ACM, 2001: 27-31.
[48] Paul J, Mostafa A. Security issues and solutions in multicast content Distribution: a survey[J]. IEEE Network, 2003, 28(12): 30-36.
[49]冯俊昌,叶天语.一个安全多播主机结构模型[J].中原工学院学报,2005,16(1):75-78.
[50]谢铮.移动自组网中Anycast路由协议及其安全机制的研究[D].长沙:中南大学,2004.
[51]张展,段起阳,高传善.基于IPv6网络的Anycast路由协议[J].计算机研究与发展,2003,40(7):1028-1035.
[52] Menezes A J.应用密码学手册[M].北京:电子工业出版社,2005.
[53]杨波.现代密码学[M].北京:清华大学出版社,2003.
[54]郭兴阳.基于攻击的数字签名安全性分析研究[D].长沙:国防科学技术大学,2006.
[55]钱海峰.若干数字签名方案的分析、设计与应用[D].上海:上海交通大学,2006.
[56]赵泽茂.数字签名理论及应用研究[D].南京:南京理工大学,2005.
[57]周玉洁,冯登国.公开密钥密码算法及其快速实现[M].北京:国防工业出版社,2002.
[58] Schnorr C P. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991,4 (3):161-174.
[59] Chien H Y, Jan J K, Tseng Y M.An efficient and practical solution to remote authentication: smart card [J].Computer & Security, 2002, 21(4): 372-375.
[60] Canetti R, Caray J, Itkis G, et al. Multicast security: a taxonomy and some efficient constructions[C]. Proc. of the INFOCOM’99. New York: ACM, 1999: 708-716.
[61] Canetti R, Pinkas B. A taxonomy of multicast security issues[EB/OL]. (1999-10-1) [2007-12-20]. http://www.ietf.org/msec.html.
[62] Gennaro R, Rohatgi P. How to sign digital streams[J]. Information and Computation, 2001, 199(1): 100-116.
[63]陈海楠.基于一次签名的组播源认证方案的设计及其在Helix平台的实现[D].厦门:厦门大学,2006.
[64]牛震宇,周贤伟,杨军.一种安全高效的组播源认证一次签名方案分析[J].微电子学与计算机,2004,21(10):4-9.
[65] Perrig A. The BiBa one time signature and broadcast Authentication Protocol[C]. Proc. of CCS’01. Phildelphia: ACM, 2001:11-20.
[66] Aslan H K. A hybrid scheme for multicast authentication over lossy networks[J]. Computers & Security, 2004, 23(6): 705-713.
[67] Barnett C A. Efficient, reliable and secure source authentication schemes for realtime multicast[D]. Maryland: Maryland University, 2003.
[68] Boneh D, Durfee G, Franklin M. Lower bounds for multicast message authentication[J]. Theory and Application of Cryptographic Techniques. 2001, 45(1): 437-452.
[69] Perrig A, Canetti R, Tygar J D, et al. Efficient authentication and signing ofmulticast streams over lossy channels[C]. Proc. of the 2000 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE, 2000: 56-73.
[70] Perrg A, Canetti R, Song D, et al. Efficient and secure source authentication for multicast[C]. Proc. of NDSS’01. San Diego: ISOC, 2001: 79-90.
[71] Perrig A, Song D, Canetti R, et al. RFC4082: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): multicast source authentication transform introduction[EB/OL], (2005-6-6) [2007-7-7]. http://www.ietf.org/rfc/rfc4082.txt.
[72]李真.基于事件序列组播源认证方案的研究与实现[D].南宁:广西师范大学,2003.
[73]刘传才,郭文忠.基于消息认证码的安全有效的组播源认证[J].微电子学与计算机,2002,31(6):13-17.
[74]何永忠,冯登国.一个组播源认证方案的安全分析[J].计算机工程,2006,32(18):12-22.
[75]黄鑫阳,杨明,吕珊珊.一种高效的多播源认证协议与仿真实现[J].系统仿真学报,2007,19(10):2216-2221.
[76]张海波,周贤伟,宋存义.IP组播不可否认数据源认证研究进展[J].电子与信息学报,2006,28(11):2205-2207.
[77] Pannetrat A, Molva R. Authenticating real time packet streams and multicast[C]. Proc. of 7th International Symposium on Computers and Communications. Taormina: IEEE, 2002: 490-495.
[78] Golle P, Modadugu N. Authenticating streamed data in the presence of random packet loss[C]. Proc. of ISOC Network and Distributed System Security Symposium. San Diego: Internet Security, 2001: 13-22.
[79] Miner S, Staddon J. Graph-based authentication of digital streams[C]. Proc. of IEEE Symposium on Security and Privacy. Oakland: IEEE, 2001: 232-246.
[80] Wong C K, Lam S S. Digital signatures for flows and multicasts[J]. IEEE/ACM transactions on Networking, 1999, 7(4): 502-513.
[81] Park J M, Chong E K, Siegel H J. Efficient multicast stream authentication using erasure codes[J]. ACM Transaction on Information and System Security, 2003, 6(2): 258-285.
[82]王炳新,李廉,曾述宾.基于CA的安全组播源认证方案研究[J].计算机与现代化,2005,7(9):78-80.
[83] Baugher M, Canetti R, Dondeti L, et al. RFC 4046: multicast security (msec) group key management architecture[EB/OL]. (2005-4-1) [2007-12-1]. http://www.ietf.org/rfc/rfc4046.txt.
[84] Sandro R, David H. A survey of key management for secure group communication[J]. ACM Computing Surveys: 2003, 35(3): 309-329.
[85]徐明伟,董晓虎,徐恪.组播密钥管理的研究进展[J].软件学报,2004,15(1):141-150.
[86] Wallner D, Harder E, Agee R. RFC 2627: Key management for multicast: Issues and architectures[EB/OL]. (1999-12-31) [2007-12-12]. http://www.ietf.org/rfc/rfc2627.txt.
[87] Harney H, Muckenhirn C. RFC2093: Group Key Management Protocol (GKMP) Specification[EB/OL]. (1997-7-1) [2008-08-28]. http://www.faqs.org/rfcs/rfc2093.html.
[88] Harney H, Muckenhirn C. RFC2094: Group Key Management Protocol (GKMP) Architecture[EB/OL]. (1997-7-1) [2008-08-28]. http://www.faqs.org/rfcs/rfc2094.html.
[89] Setiner M, Taudik G, Waidnet M. Cliques: a new approach to group key agreement[R]. USA: IBM Research, 1997.
[90] Mittra S. Iolus: A framework for scalable secure multicasting[J]. ACM SIGCOMM Computer Communication Review, 1997, 27(4): 277-288.
[91] Balenson D, McGrew D, Sherman A. Key management for large dynamic groups: One-Way function trees and amortized initialization[EB/OL]. (2000-1-1) [2006-9-10]. http://www.ietf.org/msec.html.
[92] Yoon E, Yoo K. An improved popescu’s authenticated key agreement protocol[C]. Proc. of ICCSA 2006. Berlin: Springer-Verlag, 2006.
[93]熊继平,朱文涛,李津生,等.基于Tornado码的安全组播源认证方案[J].小型微型计算机系统,2004,25(11):1922-1925.
[94]李治宇,沈苏彬.IP网络安全多播控制机制的设计与实现[J].南京邮电学院学报,2005,25(1):35-41.
[95]徐雷鸣,庞博,赵耀.NS与网络模拟[M].北京:人民邮电出版社,2003.
[96]于斌,孙斌,温暖,等.NS2与网络模拟[M].北京:人民邮电出版社,2007.
[97] Bajaj L, Takai M, Ahuja R, et al.Glomosim: A scalable network simulation environment[R]. USA: UCLA Computer Science Department, 1999.
[98] Abuein Q, Shibusawa S. A graph-based new amortization scheme for multicast streams authentication[J]. Advanced Modeling and Optimization, 2005, 7(2): 238-261.
[99] Challal Y, Bouabdallah A, Hinard Y. RLH: Receiver driven layered hash-chaining for multicast data origin authentication[J]. Computer Communications, 2004, 28(7): 726-740.
[100] Channal Y, Bettahar H, Bouabdallah A. A taxonomy of multicast data origin authentication: issues and solutions[J]. IEEE Communications Surveys and Tutorials, 2004, 6(3): 34-57.
[101] Challal Y, Battahar H, Bouabdallah A. Hybrid and adaptive hash-chaining scheme for data streaming source authentication[C]. Proc. of HSNMC 2004. Berlin: Springer, 2004: 1056-1067.
[102] Challal Y, Bettahar H, Bouabdallah A. SAKM: a scalable and adaptive key management approach for multicast communications[J]. ACM SIGCOMM Computer Communications Review: 2004, 34(2): 55-70.
[103] Challal Y, Bouabdallah A, Battahar H. H2A: Hybrid hash-chaining scheme for adaptive multicast source authentication of media-streaming[J]. Computers & Security, 2005, 24(1): 57-68.
[104] Hinard Y, Bettahar H, Challal Y, et al. Layered multicast data origin authentication and non-repudiation over lossy networks[C]. Proc. of ISCC’06. Pula-Cagliari: IEEE, 2006: 111-116.
[105]马建庆.无线传感器网络安全的关键技术研究[D].上海:复旦大学,2007.
[106]李晖.无线传感器网络安全技术研究[D].上海:上海交通大学,2007.
[107]周贤伟,施德军,覃伯平.无线传感器网络认证机制的研究[J].计算机应用研究,2006,23(12):108-111.
[108] Liu D G. Security mechanisms for wireless sensor networks[D]. North Carolina: North Carolina State University, 2005.
[109]赵治平.无线传感器网络组密钥管理研究[D].长沙:湖南大学,2007.
[110] Lysyanskaya A, Tamassia R, Triandopoulos N. Multicast authentication in fully adversarial networks[C]. Proc. of IEEE Symposium on Security and Privacy. Oakland: IEEE, 2004:241-255.
[111] Zhang Z, Sun Q, Wong W. A proposal of butterfly-graph based stream authentication over lossy networks[C]. Proc. of ICME2005. Amsterdam: IEEE, 2005: 115-118.
[112] Briscoe B. FlAMS: Fast, Loss-Tolerant Authentication of Multicast Streams[R]. London: British Telecommunications PLC, 2000.
[113] Wang W, Li Z, Lu C et al. An efficient multicast source authentication protocol[J]. Wuhan University Journal of Natural Sciences, 2006, 11(6): 1831-1834.
[114]朱丹.一种组播源认证协议的优化改进设计与原型实现[D].大连:大连理工大学,2007.
[115] Rodeh O, Birman K, Dolev D. Optimized group rekey for group communication systems[R]. Jerusalem: Hebrew University, 1999.
[116] Diot C, Levine B N, Lyles B, et al. Deployment issues for the IP multicast service and architecture[J]. IEEE Network, 2000, 14(1): 78–88.
[117]赵安军,郭雷,姚俊.基于消息认证码的组播源认证研究[J].西北工业大学学报,2004,22(1):45-48.
[118]赵安军,徐邦海,郭雷.动态Ad hoc网络环境下组播源认证研究[J].计算机应用研究,2007,24(1):291-293.
[119] Zhao X, Prakash A. Source authentication in group communication systems[C]. Proc. of DEXA’03. Prague: IEEE, 2003: 76-80.
[120] Sharma A. A simple approach to data source authentication for multicast security[EB/OL]. (2004-5-1) [2008-5-1]. http://www.ietf.org/ietf/lid-abstract.txt.
[121] Li X X, Huai J P. Efficient non-repudiation multicast source authentication schemes[J]. Journal of Computer Science and Technology, 2002, 17(6): 820-829.
[122] Stallings W.密码编码学与网络安全:原理与实践(第四版)[M].北京:电子工业出版社,2006.
[123]张春瑞,王开云.基于IPSec的组播数据源认证设计方案[J].计算机工程与设计,2006,27(10):1754-1756.
[124]杨邓奇.基于ECDSA多播数据源认证协议设计及其BAN逻辑分析[J].开发研究与设计技术,2007,5(2):101-103.
[125]周贤伟,戴昕昱,刘蕴络.IP组播源认证方案研究[J].计算机工程,2007,33(16):130-132.