共查询到18条相似文献,搜索用时 265 毫秒
1.
2.
保护协商证书隐私的策略签名方案 总被引:1,自引:1,他引:0
信任协商过程中主体间通过交互披露信任证和访问控制策略逐渐建立信任关系,策略和信任证都可以是隐私信息,需在建立信任的协商过程中得以保护。该文提出了一种基于策略签名方案(PBSS),它采用基于身份的环签名实现对符合协商策略的证书集匿名性以保护,以信任委托断言作为策略认证的身份信息,在符合协商策略的多组证书子集中用满足策略的一组证书签名消息,验证方能证明签名方提供符合策略的证书集,但不能获得签名方提供证书的真实信息。该文在随机预言模型中给出了PBSS方案的安全性证明,在BDH问题是困难的假设下,该方案被证明是安全的。本方案只需要2个配对运算,算法中配对计算量与策略的表达式和证书集大小无关,计算量上比Bagga(2006)提出的PCPC方案低。 相似文献
3.
4.
2002年,Boneh和Silverberg提出了多线性表理论和基于多线性表的多方Diffe-Hellman密钥交换协议,H.K.Lee等人在该协议基础上利用证书对参与者进行身份认证,解决了该协议容易遭受中间人攻击的问题,H.M.Lee等人进一步引入基于身份的公钥密码技术替代数字证书,提高了密钥协商的效率,形成了ID-MAK协议.在本文中,我们对ID-MAK协议进行了安全性分析,发现ID-MAK协议没有真正实现它所宣称的身份认证,不能抵御主动攻击,敌手可冒充任意合法成员参与到密钥协商中获取组密钥.本文在计算多线性D-H问题假设下提出了两个ID-MAK协议改进方案,两个改进协议只需一轮即可协商一个组密钥,本文还给出了相应的成员动态变化和组密钥更新协议.本文最后对我们改进的协议进行了安全性分析. 相似文献
5.
6.
7.
8.
自动信任协商是一种通过逐步暴露证书和访问控制策略以确立协商双方信任关系的方法。如何实现协商的高效性和安全性一直是研究的热点。因此,文章提出一种高效安全的ATN框架,其中引入了可信计算平台,并利用重叠的虚拟化组织去评估可信度,基于可信度来自适应地调整协商策略,该框架不仅可以保证整个协商过程的安全性,而且还可以通过减少证书交换的次数来简化协商过程,防止在协商过程中不必要的信息的泄露。 相似文献
9.
10.
11.
12.
XeNA is a new model for the negotiation of access within an extended eXtensible Access Control Markup Language (XACML) architecture. We bring together trust management through a negotiation process and access control management within the same architecture. The negotiation process based on resource classification methodology occurs before the access control management. A negotiation module at the core of this negotiation process is in charge of collecting resources required to establish a level of trust and to insure a successful evaluation of access. The access control management is based on an extended Role-Based Access Control (RBAC) profile of XACML. This extended profile responds to advanced access control requirements and allows the expression of several access control models within XACML. 相似文献
13.
Vehicular ad hoc networks (VANETs) are usually operated among vehicles moving at high speeds, and thus their communication relations can be changed frequently. In such a highly dynamic environment, establishing trust among vehicles is difficult. To solve this problem, we propose a flexible, secure and decentralized attribute based secure key management framework for VANETs. Our solution is based on attribute based encryption (ABE) to construct an attribute based security policy enforcement (ASPE) framework. ASPE considers various road situations as attributes. These attributes are used as encryption keys to secure the transmitted data. ASPE is flexible in that it can dynamically change encryption keys depending on the VANET situations. At the same time, ASPE naturally incorporates data access control policies on the transmitted data. ASPE provides an integrated solution to involve data access control, key management, security policy enforcement, and secure group formation in highly dynamic vehicular communication environments. Our performance evaluations show that ASPE is efficient and it can handle large amount of data encryption/decryption flows in VANETs. 相似文献
14.
Deduplication is widely used in cloud storage service to save bandwidth and storage resources,however,the security of client deduplication still flaws in an external attack to access a user’s private data.Xu-CDE,a deduplication solution of encrypting data for multi-client was first proposed,which could protect the privacy of data from the external attackers and honest but curious server,with favorable theoretical meaning and representativeness.However,in Xu-CDE,the user ownership authentication credentials were lack of instantaneity protection,which could not resist replay attack.As an improvement to the flaw,the protocol MRN-CDE (MLE based and random number modified client-side deduplication of encrypted data in cloud storage) was proposed,adding random number in order to ensure the instantaneity of the authentication credentials,and using the algorithm of MLE-KPto extract key from original file to replace the file itself as an encryption key.As a consequence,the new protocol improved security while significantly reduced the amount of computation.After the safety analysis and the actual tests,results show that based on Xu-CDE,the proposed protocol MRN-CDE has stronger security of ownership,and improves time efficiency.Specially,the new protocol works better on large files in cloud with a certain value. 相似文献
15.
16.
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes. 相似文献
17.
文件过滤驱动在内网安全中的应用模型研究 总被引:1,自引:0,他引:1
针对当前企业内网中普遍存在着难控制,易泄密的现状,文中提出了一种基于Windows文件过滤驱动技术的内网安全应用模型。该模型以用户访问控制,数据透明加密和文件操作审计三方面功能为主,将内网终端从二个不可信的实体转变为可信实体。同时,它能比较有效的协调用户使用方便性和数据安全性之间的矛盾,在内网安全中具有一定的实用价值。 相似文献
18.
Neeli R. Prasad Mahbubul Alam Marina Ruggieri 《Wireless Personal Communications》2004,29(3-4):205-219
Security and privacy architecture for various access networks have often been considered on the upper service layers in the form of application and transport security and from lower layers in the form of security over wireless networks. Today there is no trust relationship between the stakeholders of different access network types for e.g. wireless mesh network, wireless PAN, wireless LAN, cellular network, satellite etc. and each have their own security mechanism. What is common for these access networks is the networking layer which is IP based. In order to provide seamless service across these heterogeneous access networks there must be a trust relationship among the stakeholders for authentication, authorization, accounting and billing of end user. However, what is still missing is a general solution which is both adaptable to the network types and conditions and also takes into account end system capabilities as well as enabling inter-domain AAA negotiation. This paper proposes a light-weight AAA infrastructure providing continuous, on-demand, end-to-end security in heterogeneous networks. 相似文献