一种基于信息隐藏的移动终端认证方案

提出了一种用信息隐藏技术代替加密技术来实现的移动终端认证方案,以图像作为信息隐藏的载体,借鉴Kerberos[1]认证协议中相互认证的思想,实现了移动终端身份认证。在认证过程中使用了隐写术[2]和数字水印[3],前者用于认证信息的传递,后者保证认证图像的唯一性,同时实现各服务器之间的身份认证。二者相辅相成,更好地保证了认证信息的隐蔽与安全。针对于Kerberos系统中可能会发生的重放攻击,文中采用时间戳连同协商随机数的方法得以解决。     

信息技术类设备强制性认证产品范围解析

文章通过对3C认证中信息技术类产品的解析,明确认证过程中产品的界定,避免客户在认证过程中产生不必要的麻烦.     

一类基于数字签名的密钥认证方案

 本文基于文献[1]中提出的数字签名方案,产生一种新的密钥认证方案,同时给出基于一般的ElGamal数字签名方案的密钥认证方案.在这种新的密钥认证方案中,认证信息由用户独立产生,不通过TC或KAC,认证过程没有应用Hash函数.     

LED灯具PSE认证中的光炫测试介绍

PSE认证是日本强制性认证。LED灯具的光炫测试,是LED灯具申请PSE认证中特有的一个测试项目,区别于LED灯具的其他认证(如UL认证、CE认证)测试项目。很多国内厂商对LED灯具的光炫测试都不太了解,该文介绍了光炫测试中使用的测试设备,具体测试方法及判定要求。     

USBKey用户认证平台的研究和实现

论文主要介绍了USBKey用户认证平台的理论研究和实现方法,从企业信息化发展中出现的用户认证问题出发,提出了USBKey认证可行性和必要性,并分析了不同身份认证技术的优缺点,选择了企业统一认证的适用方式——USBKey认证,实现了以USBKey为介质的用户安全认证系统平台。     

电子商务安全认证技术研究

安全认证是密码学的重要应用方向,也是信息安全领域中常用的技术之一。文章分析和研究了电子商务安全认证技术,阐述了安全认证技术的主要内容及常用的身份认证方法,并指出安全认证有多种机制和多种实现方法,在实际运用中应视具体情况而择之。     

身份认证技术及其发展趋势

身份认证技术是信息安全的核心技术之一,其任务是识别、验证网络信息系统中用户身份的合法性和真实性。对认证技术作了简要介绍,并对新兴技术：基于量子的认证技术、基于身份的认证技术、思维认证、行为认证、自动认证作了详细的阐述。     

802.11i EAP-TLS认证机制

目前解决无线局域网通信安全的方法主要有认证和加密这两种,而EAP-TLS是目前应用最广泛的认证机制,802.11i EAP-TLS认证机制通过认证中心签发的证书对双方身份进行认证,同时在认证过程中产生并分配临时密钥,加强了无线局域网的通信安全.     

802.11i EAP-TLS认证机制

目前解决无线局域网通信安全的方法主要有认证和加密这两种,而EAP-TLS是目前应用最广泛的认证机制,802.11i EAP-TLS认证机制通过认证中心签发的证书对双方身份进行认证,同时在认证过程中产生并分配临时密钥,加强了无线局域网的通信安全.     

基于PKI的防火墙安全认证系统设计

论文首先介绍了身份认证在防火墙系统中的重要性以及目前防火墙系统中主要的认证技术,接着,简单介绍了PKI技术的理论基础和PKI/CA安全服务体系,并针对目前防火墙系统中认证方法的缺陷,结合目前国内外对防火墙技术安全认证方面的新要求,提出了基于PKI身份认证技术的防火墙安全认证系统的设计。     

The KryptoKnight family of light-weight protocols forauthentication and key distribution

An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight     

移动计算网络环境中的认证与小额支付协议

本文在分析现有移动用户认证协议与因特网认证协议基础上,针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行小额电子支付的协议,该协议的新颖之处在于把小额支付方案融入认证协议当中,使移动用户可以利用笔记本电脑或掌上电脑进行付费的网面浏览、购买低价位信息商品以及进行移动电子商务,同时也为移动用户漫游时的记费提供了依据.协议不仅在公共参数的存储空间需求和用户端计算负荷上是适当的,而且可以保护用户不被错误收费,同时提供服务网络防止用户抵赖的合法证据.该协议基于一个全局的公钥基础设施,适用于未来的基于第三代移动通信系统的网络计算环境.     

基于MGC的软交换安全认证机制研究

分析了软交换网络安全认证的特点和相关协议,结合工程实践提出了基于媒体网关控制器(Media GatewayControllor,MGC)的软交换网络安全认证机制,并对该机制实现的基本原理、使用协议和认证信息流程分别进行了阐述和说明,实现了软交换系统设备注册、动态接入识别、用户授权访问等安全认证功能。     

基于椭圆曲线的隐私增强认证密钥协商协议

认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议.     

Systematic design of a family of attack-resistant authenticationprotocols

Most existing designs for two-way cryptographic authentication protocols suffer from one or more limitations. Among other things, they require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, and they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use. Designing suitable cryptographic protocols that cater to large and dynamic network communities but do not suffer from these problems presents substantial problems. It is shown how a few simple protocols, including one proposed by ISO, can easily be broken, and properties that authentication protocols should exhibit are derived. A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described. Examples of protocols of that family that presents various advantages in specific distributed system scenarios are discussed     

Handover keying and its uses

Mobile nodes must authenticate themselves in order to use network services. When mobile nodes roam into a new cell, they must re-authenticate to the new layer 2 and 3 devices. This re-authentication process can take as long as two seconds, which is unacceptable for applications such as voice over IP. In this article we present several recently developed authentication protocols that can reduce the reauthentication delay. Both intra-domain and inter-domain handover scenarios are discussed. We mainly focus on two protocols ? 802.11r and EAP Re-authentication Protocol for handover keying. These two protocols use security key hierarchies to avoid full authentication. An application of these protocols is presented for the control and provisioning of a wireless access-point network.     

移动计算网络环境中的认证与支付研究

该文针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行电子支付的方案，该方案的新颖之处在于把小额支付方案融入认证协议当中，方案不仅在公共参数的存储空间需求和用户端计算负荷上是适当的，而且可以保护用户不被错误收费，同时提供服务者防止用户抵赖的合法证据。该方案基于一个全局的公钥基础设施，适合于未来的基于第三代移动通信系统的网络计算环境。     

Strong roaming authentication technique for wireless and mobile networks

When one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network‐enabled devices into secure roaming over wireless networks is of essential importance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy‐preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authentication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd.     

Three-party password authenticated key agreement protocol with user anonymity based on lattice

With the rapid development of quantum theory and the existence of polynomial algorithm in quantum computation based on discrete logarithm problem and large integer decomposition problem,the security of the algorithm was seriously threatened.Therefore,two authentication key agreement protocols were proposed rely on ring-learning-with-error (RLWE) assumption including lattice-based implicit authentication key agreement scheme and lattice-based explicit authentication key agreement scheme and proved its security.The implicit authentication key agreement protocol is less to communicate and faster to authentication,the explicit authentication key agreement protocol is more to secure.At the same time,bidirectional authentication of users and servers can resist unpredictable online dictionary attacks.The new protocol has higher efficiency and shorter key length than other password authentication key agreement protocols.It can resist quantum attacks.Therefore,the protocol is efficient,secure,and suitable for large-scale network communication.     

Prediction-based secured handover authentication for mobile cloud computing

Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.