共查询到18条相似文献,搜索用时 125 毫秒
1.
2.
3.
针对Split场景下,家乡代理不支持EAP协议的问题,提出了一种基于diameter-EAP协议的认证方案。认证服务器在对移动节点进行认证时,通过支持EAP协议的接入路由器对移动节点进行身份认证,为移动节点和MIP6服务提供者配置共享密钥,用于服务提供者对移动节点的认证。采用BAN逻辑对协议的安全性进行了形式化证明,并比较分析了该方案的性能,分析结果表明,该协议的密钥性能达到了RFC4004的水平。 相似文献
4.
针对移动IPv6(MIPv6)层次化切换中各节点之间的身份认证问题,提出一种新的基于MIPv6快速层次化切换的认证机制。利用改进的IBS签名方案和层次化的网络结构,从域间切换和域内切换两个角度分别论述了移动节点和新访问域之间的双向认证和切换性能的问题。分析结果表明基于MIPv6快速层次化切换的认证机制效率高,安全性好,仅需来回一次消息交互就能实现切换与接入认证和绑定更新的同步。 相似文献
5.
6.
针对异构融合网络认证协议的效率和安全性不能兼顾的问题,提出了一种高效的认证协议,该协议包括全认证过程和快速重认证过程。通过全认证过程减少消息交互数量,快速重认证过程减少认证实体相结合的方式降低认证延迟,利用哈希链的随机性和单向性来保证信息的安全性和新鲜性。采用了形式化分析工具AVISPA对协议的安全性进行分析,同时与现有协议进行对比,结果分析表明,该认证协议在保证安全性的基础上提高了认证效率,有效改善了异构融合网络的性能。 相似文献
7.
5G 万物互联为用户带来极致网络体验的同时也提出了新的挑战,用户的超低时延体验、移动状态下无顿感的获取业务以及安全防护问题备受关注。移动边缘计算能够满足 5G 低时延、大连接、高带宽的严苛要求,作为一种多信任域共存的计算范式,多实体之间、跨信任域之间互联互通频繁,身份认证作为安全防护的第一道关口尤为重要。通过对现有边缘计算范式下的身份认证机制研究,提出了一种通过构建信任域的基于预认证的轻量级快速切换认证方案,不同区域间移动的用户能实现快速安全的切换认证。所提方案将服务和计算由云端下沉到边缘侧,生物指纹技术被用于用户端以抵御终端被盗攻击,不同区域的边缘服务器采用预认证的方式来满足快速切换需求,用户与边缘服务器采用实时协商共享会话密钥的方式建立安全通道,认证方案以异或和哈希运算来保证轻量级。对所提方案从安全性与性能两方面进行评估,其中,安全性从理论设计分析和形式化工具验证两方面进行。采用形式化分析工具AVISPA验证了在存在入侵者的情况下所提方案的安全性,与其他方案相比所提方案更安全。性能主要从认证方案的计算成本和通信成本进行评估,仿真表明,所提方案在通信成本上有较好的优势,计算开销能够满足资源受限的移动终端用户需求。后续需要从两方面对方案进行改进,一是要加强方案可扩展性的改进以确保用户及边缘服务器能随时加入退出。二是要加强方案普适性的改进以满足第三方服务商的接入部署。 相似文献
8.
随着移动网络技术的快速发展,越来越多的电子、IP设备以移动的方式应用到移动网络中.然而,当移动路由器(或其他移动客户端)移动到外地后,存在着外地服务提供者(外地的固定接入路由器)对服务请求者(移动路由器、移动节点等)的鉴别和信任问题.对现有的一些网络认证协议以及移动网络工作原理进行了研究,并提出了一种方案实现了移动网络... 相似文献
9.
各种类型的移动平台如智能手机、平板电脑、嵌入式系统快速普及,并渗透到生活和工作的方方面面,但是移动平台在带给大家丰富多彩的应用和方便快捷的生活的同时,也带来了许多新的安全问题。身份认证和接入认证是保护移动平台的第一道屏障。结合多点触控技术、重力感应技术和图形密码,设计、开发了适用于移动平台的几种身份认证方案,包括绘制曲线认证方案、图像选择认证方案、多点指划认证方案和重力感应认证方案。所设计的方案较之单纯的口令式密码,设置口令和验证口令直观方便,通过简单的操作即可产生较大的密钥空间。经分析,所提方案操作方便,安全性较高。 相似文献
10.
11.
In this paper, we present a solution that reduces the time spent on providing network access in multi-domain mobile networks where the authentication process is based on the Extensible Authentication Protocol (EAP). The goal is to achieve fast and smooth handoffs by reducing the latency added by the authentication process. This process is typically required when a mobile user moves from one authenticator to another regardless of whether the new authenticator is in the same domain (intra-domain) or different domain (inter-domain). To achieve an efficient solution to this problem, it has been generally recognized that a fast and secure key distribution process is required. We propose a new fast re-authentication architecture that employs a secure three-party key distribution protocol which reduces the number of message exchanges during the network access control process. Our approach is proved to preserve security and verified by means of a formal tool. The resulting performance benefits are shown through our extensive simulations. 相似文献
12.
Guangsong LiAuthor Vitae Jianfeng MaAuthor VitaeQi JiangAuthor Vitae Xi ChenAuthor Vitae 《Journal of Parallel and Distributed Computing》2011,71(7):906-914
Fast re-authentication schemes during handover of a mobile station are essential to seamless services for real-time multimedia applications in wireless local area networks. Although much research has been done to reduce re-authentication latency, the schemes developed so far either suffer from heavy burden problems or degrade the security level. In this paper, a novel ticket-based approach is proposed for re-authentication during handover. The mobile station receives handover tickets from the authentication server as a proof of authorization, and it presents the corresponding ticket when associating with a new access point. Our scheme reduces re-authentication delay to the delay of 2-way handshake between a mobile station and an access point. Furthermore, this scheme imposes less burden over the entities compared with other proactive key pre-distribution schemes, while satisfying 802.11i security requirements. 相似文献
13.
Internet Key Exchange version 2 (IKEv2) is taking the responsibility for distribution and management of reliable authentication key. IKEv2 can secure fast hand off, confidentiality of data, safe transmission, and multihoming to transmission node. In this paper, we designed and constructed the network based on real mobile node and experimented the modeling of IKEv2 protocol through the simulation. We analyzed the resetting of authentication key and re-exchange problem. And we experimented the effect that key exchange is affected by a limited bandwidth based on data analysis. To overcome delay time, we proposed multi-interface of node and analyzed performance and latency for authentication setting and exchange process. The simulation results show that re-authentication of key is impossible to reset because of limited bandwidth of network. Also, the use of proposed multi-interface can minimize key exchange latency that happened by hand off for IPSec transmission. 相似文献
14.
Future generations wireless systems, which integrate different wireless access networks together, will support a secured seamless mobility and a wide variety of applications and services with different quality of service (QoS) requirements. Most of the existing re-authentication protocols during vertical handover still have certain limitations such as man in the middle, eavesdropping and session hijacking attacks, and unacceptable delay for real time applications. In this article, we propose two re-authentication schemes to secure handover between 3GPP LTE and WLANs systems: Initial Handover Re-authentication Protocol, and Local Re-authentication Protocol. The second proposed protocol is executed locally in a WLAN network without contacting the authentication server of the home network for credentials verification. In fact, after a successful execution of the Initial Handover Re-authentication Protocol, the local key (LK) is shared between USIM and the authentication server of the WLAN. It is then used for securing handover and traffic in WLAN networks. Performance evaluation results obtained using simulation analysis show that the proposed re-authentication protocol enhances handover parameters such as handover latency, handover blocking rate and packet loss rate. Additionally, the proposed enhanced fast re-authentication protocol has been modeled and verified using the software AVISPA and is found to be safe. 相似文献
15.
提出了一种IEEE 802.11 WLAN环境下基于移动预测的快速安全切换方法。使用平均切换位置模型从邻居APS图中选择被扫频的AP,将重认证过程与扫频过程合并一起进行,用单播方式发送探测帧。既减少了整个切换过程的时延也保护了扫频过程。仿真结果表明该方法明显地减小了切换时延。 相似文献
16.
The inclusion of cloud services within existing identity federations has gained interest in the last years, as a way to simplify the access to them, reducing the user management costs, and increasing the utilization of the cloud resources. Whereas several federation technologies have been developed along the years for the Web world (e.g. SAML, Oauth, OpenID), non-web application services have been largely forgotten. The ABFAB IETF WG was created to define an architecture and a set of technologies for providing identity federation to non-Web application services, such as the cloud. ABFAB provides a way to use the existing EAP/AAA infrastructure to perform federated access control to any kind of application service, thanks to the definition of a new GSS-API mechanism called GSS-EAP. However, the ABFAB architecture does not define an efficient way of providing SSO. This paper defines a way to include such an SSO support into ABFAB, by introducing the required extensions to make use of the EAP Re-authentication Protocol (ERP), the IETF standard for providing fast re-authentication in EAP. Moreover, to demonstrate the feasibility of the proposed extensions, we have implemented a proof-of-concept based on Moonshot, the open-source implementation of ABFAB, and OpenStack as an example of cloud service. Finally, using this prototype we have completed a performance analysis that compares our proposal with the standard ABFAB operation. This analysis confirms the substantial reduction in terms of computational time and network traffic that can be achieved using ERP for providing efficient SSO to cloud service access in ABFAB-based identity federations. 相似文献
17.
由于WiFi高的数据传输能力和WiMAX更大的覆盖范围,集成的WiFi/WiMAX网络在将来有很大的发展潜力。针对无线网络中实时业务低时延的需求,提出了一种WiFi/WiMAX混合网络中的快速安全认证模型。该模型基于EAP-TLS协议,将认证过程分为两个阶段:预认证和重认证。通过采用预认证,当MS在WiFi和WiMAX之间切换时,大大减少了认证延时,能在一定程度上支持混合网络中的实时服务。 相似文献
18.
3G与WLAN互连是当前研究的一个热点,EAP-AKA是其对应的认证与密钥协商协议。详细分析该协议,修正其中的安全缺陷;并利用哈希链技术和CPK算法实现重认证本地化;最后对该改进方案进行安全性分析。 相似文献