共查询到20条相似文献,搜索用时 156 毫秒
1.
分布式安全组播在互联网上有广泛的应用,但密钥生成和密钥更新的计算开销以及密钥带宽是主要的制约因素.表文提出基于椭圆曲线加密的组共享密钥生成机制,并将其应用到组播中提出两种分布式安全组播方案.组共享密钥嵌入所有用户的私钥.安全性高,与已有的技术相比,在同等安全强度下.计算开销和带宽开销较小,组共享密钥更新效率高. 相似文献
2.
为了解决标签与读写器之间的共享密钥事先设置好而存在的安全缺陷问题,提出了一种基于位运算的共享密钥无线生成算法。算法采用无线生成密钥的方式,将读写器与标签产生的随机数通过位运算函数进行加密,最终动态生成两者之间的共享密钥,从而可以使共享密钥不用事先设置。通过全面的性能及安全性分析,表明该算法不仅能够确保标签及读写器端的计算量与原算法计算量相当,而且能够解决原算法中存在的安全缺陷问题。 相似文献
3.
4.
5.
一种针对弹性CA的分布式密钥产生方案 总被引:1,自引:0,他引:1
弹性CA是一种使用入侵容忍技术保护CA密钥的CA系统,它采用了新的私钥分割方法加强了系统的安全性,但其使用的密钥分发中心却不利于CA私钥安全 .分布式密钥产生方案就是在传统的弹性CA方案的基础上取消了密钥分发中心,使用分布式的密钥产生和分割机制,从而保证了在CA初始化和整个运行过程中,任意t-1(t为门限值)台服务器都不可能窃得CA私钥,大大加强了CA系统安全 . 相似文献
6.
7.
针对普适环境中的密钥管理问题,利用椭圆曲线加法群设计了一种新的基于身份的密钥管理方案.新方案利用门限秘密共享机制构建了分布式密钥生成中心,并设计了私钥更新、主密钥分量更新和会话密钥协商策略.与现有基于身份密钥管理方案相比,新方案具有更强的安全性和更高的执行效率. 相似文献
8.
9.
10.
11.
提出一个新的MANET(mobile ad hoc network)中基于时限撤消具有自愈能力的组密钥分发方案,通过双向散列链DDHC(dual directional hash chains)和HBT(Hash binary tree)树结构实现了组密钥之间的冗余关联和访问控制;在没有管理节点协助的情况下,利用当前发布的会话密钥信息和自身秘密信息,合法用户节点可以自主恢复出历史组密钥;通过秘密撤消多项式实现了管理节点的撤消功能;接着,提出一个改进方案。安全性和性能分析表明,新方案能够抵御没有会话交集的用户节点同谋破解攻击;在满足MANET的安全需求前提下,有效地节省网络带宽和存储资源。 相似文献
12.
基于身份标识的公开密钥管理方案避免了传统PKI模型下繁杂的公钥签发及验证等操作,对于通信带宽有限、结点计算资源有限的MANET来说,具有较强的优势.基于分布式CA的基本思路,采用门限秘密共享体制,提出了一个基于身份标识的MANET公开密钥管理方案,具有较少的通信量与较少的通信环节,能够较好地适应MANET环境.将CA的功能分布到各个网络结点中,克服了传统CA可用性与安全性方面的问题.设计了显式与隐式两种密钥撤销机制,有效地解决了密钥撤销问题.设计了基于时间片的用户密钥定时更新机制,确保了公钥服务的高可用性. 相似文献
13.
在分布式的网络环境中,多个企业机构之间有在某种共识下的共享资源.为预防未经授权的用户访问这些资源,将改进的基于权重的秘密共享签名方案用于联盟链中的共识过程,提出基于区块技术的权重标识的跨域认证模型.模型中不同CA机构作为联盟链中共识机制的验证节点,系统基于验证节点的权重采用改进的秘密共享方案生成拥有不同权重的私钥分配给... 相似文献
14.
A mobile ad hoc network (MANET) is a wireless communication network which does not rely on a pre-existing infrastructure or any centralized management. Securing the exchanges in MANETs is compulsory to guarantee a widespread development of services for this kind of networks. The deployment of any security policy requires the definition of a trust model that defines who trusts who and how. Our work aims to provide a fully distributed trust model for mobile ad hoc networks. In this paper, we propose a fully distributed public key certificate management system based on trust graphs and threshold cryptography. It permits users to issue public key certificates, and to perform authentication via certificates' chains without any centralized management or trusted authorities. Moreover, thanks to the use of threshold cryptography; our system resists against false public keys certification. We perform an overall evaluation of our proposed approach through simulations. The results indicate out performance of our approach while providing effective security. 相似文献
15.
16.
移动Ad Hoc网络(MANET)通常采用分布式CA认证方案,但针对认证服务中私钥元分配之前的安全审核方案很少,且已有方案是基于门限方案的单层结构,当一个节点的单跳邻居节点数目小于系统门限值时就无法正常工作。采用多层分布式技术,提出一种安全的多层分布式私钥元分配方案,一方面可以对申请私钥元的节点进行严格审核,防止多个恶意节点合谋重构系统私钥;另一方面可以使网络边缘或其他特殊位置的节点通过代理邻居节点获得正确的担保证书,解决了担保证书低于门限值的问题。 相似文献
17.
提出了一种用于基于对象存储系统(OBS)的安全认证机制--RACOS,它采用基于角色的访问控制,保证了系统中客户对OBS中对象访问的合法性以及数据的完整性,通过在系统中设置专用安全管理器减轻了文件服务器的负担.同时,安全管理器和对象存储设备(OSD)之间使用经过改进的简单密钥交换协议(SAKA)来设置和更新共享密钥,降低了系统对通信信道安全性能的要求. 相似文献
18.
Securing Mobile Ad Hoc Networks with Certificateless Public Keys 总被引:2,自引:0,他引:2
Yanchao Zhang Wei Liu Wenjing Lou Yuguang Fang 《Dependable and Secure Computing, IEEE Transactions on》2006,3(4):386-399
This paper studies key management, a fundamental problem in securing mobile ad hoc networks (MANETs). We present IKM, an ID-based key management scheme as a novel combination of ID-based and threshold cryptography. IKM is a certificateless solution in that public keys of mobile nodes are directly derivable from their known IDs plus some common information. It thus eliminates the need for certificate-based authenticated public-key distribution indispensable in conventional public-key management schemes. IKM features a novel construction method of ID-based public/private keys, which not only ensures high-level tolerance to node compromise, but also enables efficient network-wide key update via a single broadcast message. We also provide general guidelines about how to choose the secret-sharing parameters used with threshold cryptography to meet desirable levels of security and robustness. The advantages of IKM over conventional certificate-based solutions are justified through extensive simulations. Since most MANET security mechanisms thus far involve the heavy use of certificates, we believe that our findings open a new avenue towards more effective and efficient security design for MANETs 相似文献
19.
基于AES-128的高性能智能安全卡的设计与实现 总被引:1,自引:0,他引:1
一种高性能智能安全卡的设计和实现方案基于AVR单片机,结合USB 接口技术,采用Rijndael算法(AES-128)和分布式CA认证体制体现了数据处理速度快、安全性强、数据吞吐量高、应用方便等特点。 相似文献
20.
Binod Vaidya Sang-Soo Yeo Dong-You Choi SeungJo Han 《Personal and Ubiquitous Computing》2009,13(7):457-469
Mobile ad hoc network (MANET) is an appealing technology that has attracted lots of research efforts. On-demand routing protocol
such as AODV may suffer from frequent topological changes. Due to frequent communication failures, multipath MANET is preferred
than single-path MANET in many applications as former is used for achieving robustness and load balancing and improving reliability.
Although multipath MANET is attractive solution, there are still some major flaws that prevent commercial growth. Security
is one of these main barriers; MANETs are known to be particularly vulnerable to security attack. The paper presents a design
of robust and secure framework for multipath MANET. In this paper, we propose not only a robust multipath routing protocol
but also an extended security scheme. We discuss security analysis for proposed security scheme. And we also conduct simulation
to evaluate such a framework through different performance metrics. Results show that the proposed routing protocol achieves
better performance in terms of various metrics than other protocols. 相似文献