基于代理签名的移动通信网络匿名漫游认证协议

随着无线移动终端的广泛应用,漫游认证、身份保密等问题显得日益突出。该文分析了现有的各种漫游认证协议在匿名性及安全性上存在的问题,指出现有协议都无法同时满足移动终端的完全匿名与访问网络对非法认证请求的过滤,进而针对性地提出了一种新的匿名认证协议。该协议基于椭圆曲线加密和代理签名机制,通过让部分移动终端随机共享代理签名密钥对的方式,实现了完全匿名和非法认证请求过滤。此外,协议运用反向密钥链实现了快速重认证。通过分析比较以及形式化验证工具AVISPA验证表明,新协议实现了完全匿名,对非法认证请求的过滤,双向认证和会话密钥的安全分发,提高了安全性,降低了计算负载,适用于能源受限的移动终端。     

椭圆曲线加密结合散列函数的移动网络匿名安全认证方案

为了防止私人数据泄露并完善已有的移动网络匿名漫游认证方案,提出了一种利用椭圆曲线加密结合散列函数的移动网络匿名安全认证方案。该方案利用椭圆曲线加密,结合散列函数,以随机数代替公开密钥加密和时间戳。首先,使用外地代理（FA）的漫游服务之前,计算单向散列函数,移动用户（MU）使用本地代理（HA）注册。然后,建立认证和会话的密钥,采用椭圆曲线加密,若HA一直待在同一FA中,则MU可以用FA更新会话密钥。最后,MU通过公共信道,利用HA修改密码。性能和安全性分析表明,相比其他几种类似方案,提出的方案明显提高了效率和安全性。其中,虚拟计算时间只有2.000 85 s,显著降低了计算开销。     

LTE-A中异构蜂窝网络下的切换技术研究

随着小型蜂窝基站的大量部署,异构网络环境越来越复杂,为了保证用户在小型蜂窝基站和宏基站的无缝移动,用户对移动性管理也提出了更高的要求。因此,异构蜂窝网络的移动性管理成为未来通信的一个重要技术。本文针对小型蜂窝基站的大量部署和用户的频繁移动带来的切换问题进行分析,总结了LTE-A切换的基本知识,并进一步归纳了LTE-A中异构蜂窝网络下切换技术的关键研究点。     

椭圆曲线加密结合cookie信息的物联网终端安全认证协议

针对物联网(IoT)中终端设备接入网络服务器的安全性问题,提出了一种基于椭圆曲线加密(ECC)和cookie信息的物联网终端安全认证协议.协议首先将用户身份信息、服务器私钥、随机数和cookie有效期信息组成一个cookie文件,然后利用椭圆曲线加密体制对其进行加密,并将之存储在智能终端.在认证阶段,通过比对由cookie信息计算的安全参数来实现相互身份认证.性能分析表明,该协议在具有较低计算和通信成本的同时,能够有效抵抗多种攻击,提供了较高的安全性,非常适合应用于物联网中资源有限的终端设备.     

基于ABE-IBS的无线传感器网络签名加密一体化方法

为了提高无线传感器网络加密与签名的安全性与效率,结合椭圆曲线上双线性对的基于身份的签名体制(IBS),提出了基于属性的加密和基于身份的签名一体化(ABE-IBS)方法和一个有效的无线传感器网络签密方案,分析与实验结果表明,提出的方案复杂性和存储要求低、效率高,能增强无线传感器网络的安全性.     

基于ECC的TES网络链路层安全协议的研究

研究了TES网络物理配置和协议配置,分析了当前TES网络可能存在的安全隐患,结合民航TES网络安全的需求,提出了保障TES网络安全的措施;根据TES网络工作的特点,提出了一种基于椭圆曲线加密(ECC)的TES网络链路层安全协议.该协议给出了TES网络安全所需的软件认证、信息加密、密钥分配以及攻击检测等安全方案,并对该协议进行了安全性分析.TES网络链路层安全协议的实施将为TES网络提供鉴别非法用户、防止信息窃取和应对恶意攻击的保障能力.     

基于身份的车联网消息认证方案

本文对车联网中常用的椭圆曲线消息认证方法进行比较分析,对现有的方案改进,并对该方案进行了性能分析,在安全性不变的前提下,仿真结果表明增加了19％通信开销,但是消息验证阶段计算开销提升80％以上,签名阶段提升22％.     

基于椭圆曲线的代理数字签名

现有的代理数字签名方案都是基于离散对数问题和大数因子分解问题的方案.本文我们将代理签名的思想应用于椭圆曲线数字签名,提出了一种新的基于椭圆曲线离散对数问题的代理签名方案,并对方案的复杂性和安全性进行了分析.在对方案的安全性分析中,我们还提出了两类椭圆曲线上的困难问题.新方案不仅推广和丰富了代理签名的研究成果,而且也扩展了椭圆曲线密码的密码功能,为信息安全问题的解决提供了新的密码学方法.     

一种LTE异构网络下的移动性优化方法

长期演进(LTE)网络是3GPP定义的先进移动网络系统,相比现有的2G和3G网络,LTE网络的用户(UE)更加密集、站间距更小、更多的小基站加入系统,从而使UE移动性管理面临更大的挑战.为此,提出了一种新型UE切换方法.仿真结果显示,新方法能够很好地解决密集LTE异构网络中UE切换失败率高的问题,性能优化显著.     

一种有效的椭圆曲线代理签名方案

现有的代理数字签名方案大多是基于离散对数问题和大数因子分解问题的方案.本文将代理签名的思想用于椭圆曲线数字签名,提出了基于椭圆曲线的代理签名方案,除了满足代理签名的七条基本性质外,还对目前已有的代理签名方案中尚未很好解决的问题--代理权的滥用进行了有效的控制.在本方案中,签名人不能生成代理签名,也不能给多于一个的人以代理权,真正做到了对签名代理权的控制.本方案基于椭圆曲线,且整个过程参与方少,具有安全性高、密钥量小、便于实现等优点.     

一种新型稀疏Ad Hoc网络消息签名方案

针对稀疏Ad Hoc网络的易断易延时特性,采用基于身份的密码体制和椭圆曲线双线性对,提出一种新的稀疏Ad Hoc网络消息签名方案,并对方案的安全性和性能进行了分析。该方案可以解决第三方密钥托管带来的签名伪造问题,限制稀疏Ad Hoc网络中节点私钥泄密带来的伪造消息签名的影响,在保证安全性的前提下,有效减少密钥长度、签名长度与签名的计算量,降低了对网络通信带宽和节点存储、计算能力的要求,符合稀疏Ad Hoc网络的签名需求。     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X:车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。     

面向ZigBee网络节点安全定位的消息签名方案

针对ZigBee网络节点定位中消息的安全性问题,该文提出一种带隐私保护的消息签名方案。方案基于椭圆曲线(ECC)上的无双线性对运算,设计了带身份隐私保护的定位请求消息签名算法和坐标隐私保护的定位参照消息签名算法。理论证明了所提方案可抵御伪造攻击、重放攻击等多种外部攻击,同时具备隐私保护、身份追踪等功能。性能分析结果表明,与同类方案相比,所提方案计算开销和通信开销均具有优势。     

An efficient EAP‐based proxy signature handover authentication scheme for WRANs over TV white space

The wireless regional area networks (WRANs) operates in the very high frequency and ultra high frequency television white space bands regulated by the IEEE 802.22 standard. The IEEE 802.22 standard supports Extensible Authentication Protocol (EAP)‐based authentication scheme. Due to the participation of a server and the information exchanged between a customer primes equipment and the secondary user base station, it takes around 50 ms to complete a complete EAP authentication that cannot be accepted in a handover procedure in WRANs. In this paper, we propose an EAP‐based proxy signature (EPS) handover authentication scheme for WRANs. The customer primes equipment and secondary user base station accomplish a handover authentication without entailing the server by using the proxy signature. Approved by the logic derivation by Burrows, Abadi, and Needham logic and formal verification by Automated Validation of Internet Security Protocols and Applications, we can conclude that the proposed EPS scheme can obtain mutual authentication and hold the key secrecy with a strong antiattack ability. Additionally, the performance of the EPS scheme in terms of the authentication delay has been investigated by simulation experiments with the results showing that the EPS scheme is much more efficient in terms of low computation delay and less communication resources required than the security scheme regulated in IEEE 802.22 standard.     

Dynamic ID-based remote user mutual authentication scheme with smartcard using Elliptic Curve Cryptography

In the literature, several dynamic ID-based remote user mutual authentication schemes are implemented using password, smartcard and Elliptic Curve Cryptography （ECC）, however, none of them provides resilience against different attacks. Therefore, there is a great need to design an efficient scheme for practical applications. In this paper, we proposed such a scheme in order to provide desired security attributes and computation efficiencies. Compared with other existing techniques, our scheme is more efficient and secured. In addition, our scheme is provably secure in the random oracle model under the hardness assumption of computational Diffie-Hellman problem.     

基于椭圆曲线和RSA的数字签名的性能分析

数字签名是电子商务、电子政务开展的有力保障。他在实现身份验证、数据完整性、不可抵赖性等功能方面都有重要应用。其实现基础是加密算法技术,使用公钥加密算法和散列函数。目前主要的数字签名算法有RSA,ELGamal和椭圆曲线密码(ECC)。介绍了基于ECC和RSA数字签名算法的一般模型,并且给出了两种签名算法在C 下的性能比较,根据比较结果分析,探讨两种数字签名算法的应用范围。     

Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things

The Internet of Things (IoT) is an expansion of Internet-based sensing, processing and networking. As a key technique of the IoT, the Radio Frequency Identification (RFID) had a prosperous development in the past decade. Security schemes were also proposed to ensure secure RFID authentication. This paper analyzes security weaknesses found in previous schemes and proposes a new RFID authentication scheme using Elliptic Curve Cryptography (ECC). Security analysis results show that the proposed scheme can meet security requirements of RFID authentication while requiring no extra cost in terms of performance.     

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

Recently, the Third Generation Partnership Project (3GPP) has initiated the research in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication mechanisms reported in the literature and identify the security vulnerabilities such as violation of global base-station attack, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy-efficient mobile devices in the 5G communication network. To overcome these issues, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by Random Oracle Model (ROM) to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties.Moreover, the performance evaluation of the earlier 5G handover schemes and proposed SEAI handover AKA protocol is carried out in terms of communication, transmission, computation overhead, handover delay, and energy consumption. From the evaluations, it is observed that the SEAI handover AKA protocol obtains significant results and strengthens the security of the 5G network during handover scenarios.

     

Prediction-based secured handover authentication for mobile cloud computing

Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.

     

集成加密方案ECIES的设计与验证

椭圆曲线密码（ECC,elliptic curve cryptograph）是密码学的重要分支之一,它可以用来加密数据,进行数字签名或者在安全通信的开始阶段进行密钥交换。在加密方面,基于ECC最有名的就是综合加密方案（ECIES,elliptic curve integrate encrypt scheme）。ECIES是Certi-com公司提出的公钥加密方案,可以抵挡选择明文攻击和选择密文攻击。ECIES各个步骤的实现可以用不同的算法,在软件中是可以配置的。而它实现的多样性也验证了它的灵活性以及可靠性。