D.-S. Huang, K. Li, and G.W. Irwin (Eds.): ICIC 2006, LNAI 4114, pp. 334 – 345, 2006. © Springer-Verlag Berlin Heidelberg 2006

A Novel Key Management and Access Control Scheme for Mobile Agent

Jen-Yi Pan1,2,3, Tzer-Long Chen1, and Tzer-Shyong Chen4

1 Department of Communications Engineering, National Chung Cheng University 2 Department of Electrical Engineering, National Chung Cheng University

3 Center for Telecommunication Research, National Chung Cheng University 4 Department of Information Management, Tung Hai University

jypan@ccu.edu.tw

Abstract. The speed and convenience of the Internet facilitated the development of electronic commerce (e-commerce). E-commerce research and technologies have always drawn the attention of researchers. Among them, the application of mobile agent on e-commerce has drawn much attention in recent years. Mobile agents can roam freely over different execution environments to execute tasks assigned to them. However, a mobile agent may be attacked when it requests services from other servers or when comes in contact with and exchange information with another agents while roaming on the internet. Hence, a mobile agent user may be concerned that his mobile agent could be corrupted or private information tapped and pirated by other agents. To ensure the security of mobile agents in public network environment, this paper proposes a security scheme that is suitable for mobile agents. The scheme includes access control and key management; it is also an improvement on the key management and access control for mobile agent scheme of Volker and Mehrdad. The proposed scheme corrects the drawback in Volker and Mehrdad’s scheme which is the need of a large amount of storage for storing the secret keys. Security and performance analysis of our scheme proves the proposed scheme to be more efficient and secure.

1 Introduction

Following the easy availability of the Internet, in order to improve efficiency, complex distributed computing can now be performed online. Simultaneous computing on distributed system can be performed through transmission of bulk information and messages between host servers. However, the bulky data causes overloading of network flow [5].

A mobile agent is a type of program that can move between servers and simultaneously handle distributed computing. Compared to the traditional structure, mobile agent has the following qualities:

1. Reduce network load: Distributed systems are completely dependent on communication mediums for exchange of information, especially when using security protocols. This causes bulk network flow. Mobile agent does not require constant connection with the target server, it packages the instructions

A Novel Key Management and Access Control Scheme for Mobile Agent 335

and send it to the target server and can interact on the target server. Mobile agent can also compute large amount of data on remote servers, reducing the network flow and the number of connections between the source server and target server.

2. Overcome network delay: When the control system needs to process large amount of data instantaneously, delays could happen. Therefore, if a mobile agent is used, then messages can be exchanged on remote servers by sending the agent to each of the servers to carry out the task. Thus network delay can be reduced.

3. Packaging protocol: Traditional distributed systems have a fixed protocol for exchanging data. However, varying platforms require each server to create their own protocol, each having its own coding. Therefore, if the protocol needs to be redesigned when met with efficiency or security problems and if one of the servers were not quick enough with its update, then incompatibility or delays may occur. A mobile agent can package the message and request a connection with the remote server when it reaches the same; hence it does not face protocol problems.

4. Non-simultaneous and spontaneous execution: A mobile agent can non-simultaneously and spontaneously execute its task while a server is offline. It reports back when the task is completed.

5. Adapt to dynamic environment: A mobile agent has the ability to assess its environment and make spontaneous adjustment to adapt to the environment.

6. Innate heterogeneity: From the point of view of hardware or software, network computing is basically of diverse nature. Mobile agent is independent from the computer or the network transmission layer; it is related only to the environment.

7. Expandability: Mobile agent allows flexible adjustment or expansion between source and target.

Recently, many mobile agent researchers are exploring ways to apply mobile agent technology to improve business activities [10]. A mobile agent, during its execution, roams about the Internet and may come in contact with other agents and exchange information; consequently it may face some security problems [5, 9]. The security problem of mobile agent happens mostly at unsafe contact. Therefore, this paper has put together four types of security risks [4] a mobile agent may face, as follows.

1. Host server gets accessed by unauthorized personnel: An unauthorized agent accesses data on a host server.

2. Host server is attacked by malicious agent: An agent forges another agent’s identification marking to access services or resources, or to evade responsibility and break the trust of the rightful agent.

3. An agent is attacked by another agent: An agent forges another agents ID to trick another agent. The malicious agent constantly sends messages to cause receiving end server to overload and cause computation time on the receiving end server to increase.

4. Agent attacked by a malicious host: A host may impersonate another host to trick agents; or a malicious host may ignore an agent’s request. For example, a host deliberately delays an agent’s request, or even terminates an agent without

336 J.-Y. Pan, T.-L. Chen, and T.-S. Chen

warning causing other agents awaiting response from this agent to enter into a deadlock. In addition, another case is that a malicious host deliberately causes an agent to be unable to carry out his task causing the agent to be live-locked.

The first three security risks listed above can be resolved using present cryptography technology. Since a mobile agent carries along the commissioner’s private information while visiting hosts of different security levels to deliver computations carried out by the host, there is a need for codes, secret keys and security schemes that protects the agent and the information it carries. However, since a mobile agent is controlled by an agent host, it is not possible to guard against malicious behavior of a server. Therefore it is very difficult to resolve the fourth security risk; this is also the problem this paper proposes to solve.

Researchers in recent years are focusing their research on the security of mobile agents. Corradi et al. [3] proposed a mobile agent structure, SOMA. This structure included agent, agent server, management system, and security approach. Karnik and Tripathi [9] also proposed a structure, Ajanta; it has the same functions as SOMA. In response to SOMA and Ajanta, Volker and Mehrdad [13] proposed a tree structure; its functions include authorization of mobile agent, key management and access control. This paper examines Volker and Mehrdad’s security scheme, amending its drawback and proposes two mobile agent key management and access control schemes based on hierarchical structures [1]. This paper, through systematic and complete mobile agent, and related security technology, proposes to combine present security technologies to design a more suitable mobile agent key management and access control scheme. At the same time, we shall compare and analyze security and efficiency to prove the feasibility and efficiency of the scheme, and its ability to protect the safety of a mobile agent in its work environment; and thus protects user rights.

This paper is divided into six sections. Section 1 introduces mobile agent, its characteristics and security risks in addition to explaining the purpose of this paper. Section 2 examines Volker and Mehrdad’s mobile agent key management and access control scheme and points out its drawbacks. Section 3 proposes the new schemes, which is analyzed in section 4. Section 5 compares efficiency between Volker and Mehrdad’s scheme and the proposed scheme to prove that the drawback in Volker and Mehrdad’s scheme has been effectively amended. A conclusion is finally drawn in section 6.

2 Volker and Mehrdad’s Scheme

Volker and Mehrdad [13] proposed a scheme with access control and key management for mobile agents to effectively protect an agent. This section examines the security and drawbacks of the scheme.

2.1 Volker and Mehrdad’s Scheme

This security scheme designed a tree as the basic structure; it supports agent authorization, key management and access control. The structure is as shown in fig. 1.

A Novel Key Management and Access Control Scheme for Mobile Agent 337

Fig. 1. A tree based mobile agent structure

The whole structure can be divided into two parts: static and dynamic. The static part includes all permanent information, like group classification, security approach, and others, which will not change during the agent’s lifetime. In order to prevent information from being tampered, an agent owner can use security technologies (like digital signature) to accomplish data comprehensiveness and authenticable identity. In the static part, the accuracy of a message can be verified by the visited host. Relatively, modified data is stored in the dynamic part, like group, shared storage space and the confidential message. When the agent completes its task on a server, the agent’s status and information gathered by the agent could be altered by the same server. In order to maintain comprehensiveness of the message, the last visited host must sign the root node, which also supports the source and all visited hosts’ signature [2].

On the other hand, a confidential message whether in static part or dynamic part must maintain confidentiality. To prevent unauthorized personnel from accessing the message, we need a fine access control method. For this purpose, Volker and Mehrdad proposed an access control and key management scheme, which employs the public key cryptosystem and the symmetric encryption system. A summary of their scheme is as follows. Create a folder for each visited node in the static/sctx/acl folder. Each folder includes the decryption key of the same node. A host authorized to a particular file can find its corresponding decryption key in the same folder. The files in the folders are also encrypted.

Use the host’s public key to encrypt the folder stored under static/sctx/acl. When the agent reaches a certain host, the same host can find the corresponding folder under static/sctx/acl. Each host can only use its corresponding secret key to decrypt and access the corresponding folder.

Figure 2 [11] explains this scheme’s simple access control and key management scheme example. In the diagram, the classes folder contains seven files: agent.zip, application.zip, server.zip, support.zip, picture.zip, control.zip, and route.zip. Except

338 J.-Y. Pan, T.-L. Chen, and T.-S. Chen

for agent.zip, the rest of the six files are confidential and has been encrypted with the secret keys, SK1, SK2, SK3, SK4, SK5 and SK6. Additionally, SK1, SK2, SK3, SK4, SK5 and SK6 denote six different hosts, thu.edu.tw, pu.edu.tw, fcu.edu.tw, nchu.edu.tw, ncku.edu.tw and nctu.edu.tw, respectively.

Fig. 2. An example of the Volker and Mehrdad access control and key management scheme

Suppose a host is authorized to a certain file, then the decryption key can be found under the host’s folder. For example, Host has six decryption keys: SK1, SK2, SK3, SK4, SK5 and SK6; hence, host SC1 can decrypt the files, application.zip, server.zip, support.zip, picture.zip, control.zip, and route.zip. Host SC2 has four decryption keys: SK1, SK2, SK3, and SK4; hence, host SC2 can decrypt the files, application.zip, server.zip, support.zip, and picture.zip. The same applies to host SC3, SC4, SC5 and SC6. The six folders, static /sctx/acl/SC1, static/sctx/acl/SC2, static/sctx/acl/SC3, static/sctx/acl/SC4, static/sctx/acl/ SC5, and static/sctx/acl/SC6 must each be encrypted with the secret key of their corresponding host, and the secret keys are held only by the authorized host. Hence, confidential files can be protected by adhering to and adopting the access control and key management scheme.

2.2 Drawbacks of Volker and Mehrdad’s Scheme

Volker and Mehrdad’s scheme is based on the tree structure. This study examined their scheme and discovered the following drawbacks.

(1) Wastage of large amount storage space: From Volker and Mehrdad’s security scheme, this study discovered that the decryption key in the scheme is repeatedly stored under different folders. From fig. 2, we can see that secret key SK1 can be found under the folders of hosts SC1, SC2 and SC4; secret key SK2, SK3, SK4, SK5 and SK6 are also repetitively stored. Therefore, we can clearly see that the scheme wastes large amount of storage space on repetitive storage, increasing the size of the mobile agent.

(2) Large amount of public key computations: The decryption key for decrypting confidential files are repeatedly stored under the folder,

A Novel Key Management and Access Control Scheme for Mobile Agent 339

static/sctx/acl/. Therefore, a mobile agent owner spends large amount of time computing the public key to maintain the security of the folder.

To allow a mobile agent to move easily through the Internet, the storage space required by an ideal mobile agent as well as the computation cost of its secret key should the lower the better. This study proposes amendments to Volker and Mehrdad’s scheme in the next section, explaining the cited concept, describing its process of execution and stating examples.

3 The Proposed Scheme

In 1983, Akl and Taylor [1] proposed an access control scheme based on hierarchical structure. In their proposed method, each user is assigned to a security group, C1, C2, …, Cm. According to the hierarchical structure, user Ci of a higher hierarchy has greater access rights than user Cj of a lower hierarchy. This kind of access relationship can be denoted by Cj<Ci. Akl and Taylor also proposed a superkey concept to handle key management problems. Suppose user Ci has greater access rights than user Cj, then Ci can use his superkey to compute and determine the superkey of user Cj to access data available to Cj. This paper cites the superkey concept of Akl and Taylor’s scheme to design two highly efficient access control and key management schemes for mobile agent, to mend the drawback in Volker and Mehrdad’s scheme.

Before a mobile agent is sent to work in an internet environment, the source host must first decide which hosts will the mobile agent be visiting and which information can be accessed by the visited hosts. Furthermore, mobile agent owner must also first decide the path the agent shall take as well as the access plan. Afterwards, agent owner uses individual secret key to encrypt each confidential file, and may use symmetric cryptosystems [12] like AES, DES or IDEAL to encrypt the files. Then, according to access plan customize various access rights, and according to the extent of access rights construct access hierarchy. Agent owner will assign a superkey to each host and publish the public parameters of a number of agents. Each host can use its superkey to access data of lower access rights host.

Before describing the proposed scheme, this paper first shall modify the tree structure of Volker and Mehrdad’s scheme, turning it into the hierarchical structure of our proposed scheme as shown in fig. 3. Figure 3 is a hierarchy based on fig. 2.

Fig. 3. Hierarchy after modification

340 J.-Y. Pan, T.-L. Chen, and T.-S. Chen

The SK7 of the leaf node in a hierarchy represents the decryption key used to encrypt files; the other internal nodes SCs represent the various corresponding hosts; Ss represent host superkey. This superkey is used to obtain the decryption key of their successors. In figure 3, root node SC1 has superkey S1 and also the right to access all decryption keys. Node SC2 has superkey S2 and right to access the decryption key of SK7, SK8, SK9 and SK10.

Scheme one of this paper is a hierarchy based scheme; it uses exponential operations to construct polynomials and also employs the modulus of a large prime number n to encrypt the decryption key of each leaf node. Scheme two adopts the polynomial concept of scheme one; the exponent is replaced by the elliptic curve paired with one way hash function, which not only reduces the length of the polynomial but also strengthens security. The security of the two schemes proposed in this paper is mainly dependent on the difficulty of solving the polynomial by using the congruence of large prime number.Consequently, the proposed scheme ensures that only authorized hosts can access the decryption key to encrypted confidential files.

3.1 Scheme One

Step 1: Agent owner randomly chooses a large prime number n≒2180 and a non-repeated parameter

njZg ∈ for each leaf node. Both n and

jg are public.

Step 2: Agent owner chooses a non-repeated superkey Si for each host (internal node), and chooses a non-repeated decryption key SKj for each leaf node. Both Si and SKj are private.

Step 3: When host SC i has access to SCj, that is, SCj < SCi, and when i ≠ j, agent owner calculates all and then uses the same to construct fj(x); fj(x) is as shown below:

f j (x) =

j iSC SC<∏ ( x – g j

Si ) + SK j (mod n) . (1)

Step 4: If a host SCi wants to access the decryption key SKj of a successor, then it

can use its superkey Si and public parameter gj to calculate fj( isjg ) to

obtain decryption key SKj.

Compared to Volker and Mehrdad’s scheme, scheme one proposed by this paper clearly reduces the number of time a key is stored, thus the storage space needed is greatly reduced, and consequently the mobile agent size is also much smaller. hash function not only compresses stored data into a fixed size, its non-reversible nature strengthens the security of the agent. Also, the ECC reduces storage space and therefore fewer calculations to be performed; the processing speed is also faster and the security stronger. Hence, this paper proposes a second scheme that combines ECC and one way hash function.

A Novel Key Management and Access Control Scheme for Mobile Agent 341

3.2 Scheme Two

Step 1: Agent owner randomly chooses a large prime number n≒2180, and then define an elliptic curve E with base n, and from En select a base point Gj for each leaf node. Both n and Gj are public.

Step 2: Agent owner selects a non-repeated superkey Si for each host (internal node), and selects a non-repeated decryption key SKj for each leaf node. Both Si and SKj are private.

Step 3: Agent owner employs the algorithm below to calculate the value obtained after encryption with one way hash function h, and uses the same to construct fj(x) for each leaf node to protect decryption key SKj.

Begin algorithm: For all hosts SCi with access rights to leaf nodes SCj

Generate SiGj=(xj , i , yj , i) and use one way hash function to calculate the value of h(xj , i || yj , i), || denotes a successive operator

End For End algorithm

Afterwards, use each h(xj, i || yj ,i) to construct fj(x), fj(x) can be denoted as follows:

f j (x) =

j iSC SC<∏ ( x –h(x j, i || y j, i )) + SK j (mod n) . (2)

Step 4: If a host SCi wants to obtain the decryption key SKj of its successor, it can use its superkey Si and public parameter Gj to calculate SiG j after one way hash function operation; finally, substitute the result in fj(x) to obtain decryption key SKj.

4 Security Analysis

This section analyzes the schemes proposed in this paper to prove their security and feasibility. The analysis is based on the possible forms of attack. Through security analysis, this study can prove that the security of the proposed schemes is very strong.

4.1 Reverse Attack

The first potential attack is, when host SCj and host SCi have a SCj < SCi relationship or when host SCj and host SCi belongs to the same level of a hierarchy, can host SCj use its superkey and public parameters to derive the super key of host SCi to access or modify internal information of host SCi?

In the proposed schemes, host SCj and host SCi are independent. When there exists a SCj < SCi relationship between the two hosts, host SCj cannot access internal information on host SCi. This paper proposes two schemes. Scheme one uses exponential operations and large prime numbers which requires long periods of time to calculate making the result not worth the cost and therefore it is very difficult for the attacker to determine the victim’s superkey. Scheme two adopts the non-reversibility of the one way function and the ECC to meet security requirements. Since one way hash function is a method that is incapable of obtaining the input via

342 J.-Y. Pan, T.-L. Chen, and T.-S. Chen

the output, and the correct base point of the ECC cannot be determined without first solving the elliptic curve discrete logarithmic problem (ECDLP) [14, 15]. Thus, attacker SCj cannot determine superkey Si and therefore cannot access confidential information. If host SCj and host SCi belonged to the same level of a hierarchy, the attacker will meet with complex exponential computations and large prime numbers, or the challenge of solving the one way hash function and ECC.

4.2 Conspiracy Attack

The second potential attack is, if a host SCj corresponding to a mobile agent and another host SCi has a SCj < SCi relation, can hosts SCj, SCj+1, …, SCj+k work together to collect correlated public parameters to derive the superkey of host SCi? For instance, in figure 3, can host SC4 and host SC5 conspire to derive the superkey of host SC1? Or the access right of host SCi and host SCj is greater than equal to that of host SCk, but SCi, SCj and SCk do not have mutual access relationship, can hosts SCi and SCj conspire to derive the superkey of host SCk? For instance, can hosts SC2 and SC4 in figure 3 conspire to derive the superkey of host SC6?

Generally speaking, the attacker uses known information to determine the desired superkey. The attacker must resolve the barrier created by exponential operation, large prime number application, ECC and one way hash function. This situation has been described in the first form of attack. Although users from the lower levels of a hierarchy conspire by collecting known public parameters and superkeys, the information remains incomplete; therefore this method of attack shall fail.

4.3 External Collective Attack

The third potential attack is an external attack. Can an intruder determine the desired superkey via known public parameters? In scheme one of this paper, an intruder not only need to reverse the public polynomial to its original form, but also find the matching superkey in exponential operations and among the large prime numbers; both of which are extremely difficult to accomplish. Moreover, scheme two employs the one way hash function which is not only irreversible, but also incapable of deriving the inputs via the output; in addition, the use of ECC makes it extremely difficult to determine the superkey. Therefore, the intruder cannot possibly succeed within the valid period. In other words, the proposed schemes are highly secure against intruders.

We shall assess the computation load of the two proposed schemes. The notations are defined as follows:

TMUL : time cost of modulus multiplication operation

TEXP : time cost of modulus operation

TH : time cost of one way hash function operation

TEC_MUL : time cost of perform elliptic curve multiplication operation

Next, we shall equate the time complexity of multiplication operation of the two proposed schemes to allow comparison of the two below. According to reference [16],

A Novel Key Management and Access Control Scheme for Mobile Agent 343

in gt mod p operation, t is a 160 bits random integer, p is a 1024 bits prime number, and elliptic curve multiplication is performed to calculate bG, where )( pZEG ∈ and

1602≈p , b is a 160 bits random integer. Combining all of the above, we can derive

the following: Table 1 below is the time complexity of the two proposed scheme composed from

the above-mentioned information. From table 1, we can see that in the parameter generation stage, the computation load of scheme one is greater than that of scheme two, and scheme two has one way hash function operation but not scheme one. And the computation load varies according to the adopted one way hash function. In the equation construction stage, since both schemes need to only calculate the leaf nodes, therefore computation load is same.

TEXP ≒ 240TMUL . (3)

TEC_MUL ≒ 29TMUL . (4)

Table 1. Time complexity comparison table

Item Equation construction stage

Time complexity 1

n

r=∑ r(n- r+ 2)TEXP +

1

n

r=∑ r(n- r+ 2)TMUL-2nTMUL

Scheme one

Rough estimate 2411

n

r=∑ r(n- r+ 2)TMUL-2nTMUL

Time complexity 1

n

r=∑ r(n –r +2)TEC_MUL +

1

n

r=∑ r(n- r+ 2)TMUL

-2nTMUL +1

n

r=∑ r(n- r+ 2)TH

Scheme two

Rough estimate 30 1

n

r=∑ r(n-r+2)TMUL-2nTMUL +

1

n

r=∑ r(n-r+2)TH

6 Conclusion

Mobile agent is a growing research arena in today’s advanced internet environment. Putting internet resources to good use will be a great help to the improvement of

344 J.-Y. Pan, T.-L. Chen, and T.-S. Chen

efficiency of an organization and the reduction of costs. Mobile agent is also important in e-commerce, and we predict a thriving future for mobile agents. At the same time, mobile agent is also a challenging research subject. Presently, mobile agent is facing an all out execution barrier which stems mainly from security problems. Hence, we need a wholesome mobile agent security system structure.

This study applies existing information security tools along with related security technology to propose a more suitable key management and access control scheme for mobile agent. We have successfully used exponential operation, ECC encryption technology and one way hash function to form a new direction of thinking and solution. The above-mentioned also proved that the proposed schemes are feasible and secure; it not only successfully ensures the security of a mobile agent, but is also more advantageous than Volker and Mehrdad’s scheme. The proposed scheme effectively reduced the storage space required by an agent as well as the number of computations, making the mobile agent operate more efficiently.

Acknowledgement

This work was supported partially by National Science Council of Republic of China under Grants NSC 94-2213-E-194-042.

References

1. Akl, S. G., Taylor, P. D..: Cryptographic Solution to a Problem of Access Control in A Hierarchy, ACM Transactions on Computer Systems. Vol. 1, No. 3, August, (1983), 239-248

2. Chess, D., Grosof, B., Harrison, C., Levine, D., Parris, C., Tsudik, G..: Itinerant Agents for Mobile Computing, IEEE Personal Communications, Vol. 2, No. 5, October, (1995), 34-49

3. Corradi, A., Montanari, R., Stefanelli, C..: Security Issues in Mobile Agent Technology, Proceedings of the 7th IEEE Workshop on Future Trends of Distributed Computing Systems, Cape Town, South Africa, (1999), 3-8

4. Hohl, F..: A Model of Attacks Malicious Hosts Against Mobile Agents, Proceedings of the 4th Workshop on Mobile Object Systems: Secure Internet Mobile Computations, Brussels, Belgium, July, 21, (1998), 105-120

5. Karmouch, A..: Mobile Software Agents for Telecommunications, Guest Editorial, IEEE Communications Magazine, Vol. 36, No. 7, July, (1998), 24-25

6. Karnik, N. M., Tripathi, A. R..: A Security Architecture for Mobile Agents in Ajanta, Proceedings of The 20th International Conference on Distributed Computing Systems (ICDCS 2000), Taipei, Taiwan, April, (2000), 402-409

7. Lange, D. B., Oshima, M..: Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley Press, Massachusetts, USA, (1998)

8. Lin, I. C., Ou, H. H., Hwang, M. S.: Two Secure Transportation Schemes for Mobile Agents, Agent-Based Technologies- Information & Security,International Relations and Security Network ISN, Vol. 8, No. 1, (2002), 87-97

9. Lin, I. C., Ou, H. H., Hwang, M. S.: Efficient Access Control and Key Management Schemes for Mobile Agents, Computer Standards & Interfaces, Vol. 26, No. 5, (2004), 423-433

A Novel Key Management and Access Control Scheme for Mobile Agent 345

10. Maes, P., Guttman, R. H., Moukas, A.G..: Agents that Buy and Sell, Communications of the ACM, Vol. 42, No. 3, March, (1999), 81-91

11. Lin, I. C., Ou, H. H., Hwang, M. S..: Efficient Access Control and Key Management Schemes for Mobile Agents, Computer Standards & Interfaces, Vol. 26, No. 5, (2004), 423-433

12. Schneier , B..: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed., John Wiley & Sons, New York, (1996)

13. Volker , R., Mehrdad, J. S..: Access Control and Key Management for Mobile Agents, Computer Graphics, Vol. 22, No. 4, (1998), 457-461

14. Miller , V. S..: Uses of Elliptic Curves in Cryptography, Advances in Cryptology-CRYPTO’85, Proceedings, Lecture Notes in Compute Science, New York, NY：Springer-Verlag, No. 218, (1985), 417-426

15. Koblitz.: Elliptic Curve Cryptosystems, Mathematics of Computation, Vol. 48, (1987), 203-209

16. Koblitz , N., Menezes , A., Vanstone , S. A..: The State of Elliptic Curve Cryptography, Designs, Codes and Cryptography, Vol. 19, No. 2-3, March, (2000), 173-193