共查询到19条相似文献,搜索用时 140 毫秒
1.
提出一种基于认证中心CA的网络安全解决方案,实现了以下功能:(1)认证中心的基本功能:证书的签发、证书的更新、证书的状态查询、证书的撤销、证书的归档等;(2)双证书机制,将用户的签名密钥对与加密密钥对相分离;(3)将用户签名私钥保存到用户证书载体.此方案不但解决了网上用户身份认证和信息安全传输的问题,而且更有效保护了用户的隐私,提高应用系统的安全性. 相似文献
2.
3.
4.
5.
现有确定性删除方案忽略了用户数据与用户身份的关联性,使用户的删除行为暴露给攻击者或云服务提供商。为解决此问题,提出一种基于区块链的云数据匿名确定性删除方法。该方法改进了可链接环签名方案,使用户可以通过控制签名中的链接标记在匿名情况下实现确定性删除;同时,它利用区块链记录删除行为,使其具有不可抵赖性。理论分析和实验表明:该方法不仅能满足用户数据的确定性删除要求,而且具有匿名性可以切断用户数据与其身份的关联,从而有效避免攻击者或云服务提供商对用户行为的追踪分析。 相似文献
6.
7.
8.
保护协商证书隐私的策略签名方案 总被引:1,自引:1,他引:0
信任协商过程中主体间通过交互披露信任证和访问控制策略逐渐建立信任关系,策略和信任证都可以是隐私信息,需在建立信任的协商过程中得以保护。该文提出了一种基于策略签名方案(PBSS),它采用基于身份的环签名实现对符合协商策略的证书集匿名性以保护,以信任委托断言作为策略认证的身份信息,在符合协商策略的多组证书子集中用满足策略的一组证书签名消息,验证方能证明签名方提供符合策略的证书集,但不能获得签名方提供证书的真实信息。该文在随机预言模型中给出了PBSS方案的安全性证明,在BDH问题是困难的假设下,该方案被证明是安全的。本方案只需要2个配对运算,算法中配对计算量与策略的表达式和证书集大小无关,计算量上比Bagga(2006)提出的PCPC方案低。 相似文献
9.
10.
SA-IBE:一种安全可追责的基于身份加密方案 总被引:1,自引:0,他引:1
基于身份加密(Identity-Based Encryption, IBE)方案中,用户公钥直接由用户身份得到,可以避免公钥基础设施(Public Key Infrastructure, PKI)系统的证书管理负担。但IBE存在密钥托管问题,即私钥生成器(Private Key Generator, PKG)能够解密用户密文或泄漏用户私钥,而现有解决方案一般需要安全信道传输私钥,且存在用户身份认证开销大或不能彻底解决密钥托管问题的缺陷。该文提出一种安全可追责的基于身份加密方案,即SA-IBE方案,用户原私钥由PKG颁发,然后由多个密钥隐私机构并行地加固私钥隐私,使得各机构无法获取用户私钥,也不能单独解密用户密文;设计了高效可追责的单点PKG认证方案;并采用遮蔽技术取消了传输私钥的安全信道。文中基于标准的Diffie-Hellman假设证明了SA-IBE方案的安全性、解决密钥托管问题的有效性以及身份认证的可追责性。 相似文献
11.
在vBNN-IBS签名基础上提出了一种抗DoS攻击的多用户传感器网络广播认证方案DDA-MBAS,利用散列运算及用户信息进行虚假数据过滤。与现有的多用户传感器网络广播认证方案相比,DDA-MBAS在抵抗节点妥协攻击、主动攻击的基础上,以较低的能耗过滤虚假消息并有效地限制了妥协用户发起的DoS攻击及共谋攻击的安全威胁。 相似文献
12.
13.
Jia‐Lun Tsai Nai‐Wei Lo Tzong‐Chen Wu 《International Journal of Satellite Communications and Networking》2014,32(5):443-452
An authentication scheme is one of the most basic and important security mechanisms for satellite communication systems because it prevents illegal access by an adversary. Lee et al. recently proposed an efficient authentication scheme for mobile satellite communication systems. However, we observed that this authentication scheme is vulnerable to a denial of service (DoS) attack and does not offer perfect forward secrecy. Therefore, we propose a novel secure authentication scheme without verification table for mobile satellite communication systems. The proposed scheme can simultaneously withstand DoS attacks and support user anonymity and user unlinkability. In addition, the proposed scheme is based on the elliptic curve cryptosystem, has low client‐side and server‐side computation costs, and achieves perfect forward secrecy. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
14.
Privacy-enhanced,Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability 总被引:1,自引:0,他引:1
In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy
services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked
down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and
make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context
authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication
and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication
capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain,
into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication
and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the
service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing
a service session.
相似文献
Wenjing LouEmail: |
15.
针对现有基于椭圆曲线密码(elliptic curve cryptography,ECC)体制的 RFID(radio frequency identification device)安全认证方案不能满足相互认证、隐私保护和前向安全性等要求,提出一种基于Montgomery型椭圆曲线密码的认证方案。利用Montgomery型椭圆曲线来降低计算量,并提供标签和服务器之间的相互认证,具有匿名性和前向安全性。通过分析表明,该方案能够抵抗重放攻击、标签伪装攻击、服务器欺骗攻击、DoS攻击、位置跟踪攻击和克隆攻击。与现有方案相比,该方案在保证较低的内存、计算和通信需求的情况下,提供了较高的安全性能,能够满足RFID系统的安全性要求。 相似文献
16.
为了加强ElGamal型数字签名方案的安全性,最近祁明等人对两类ElGamal型数字签名方案的安全性和基于两类签名方案的通行字认证方案进行了分析和讨论,并且提出了两类改进型的方案.本文首先指出了他们提出的第一个p型方案是不安全的,攻击者可以伪造任意消息的数字签名.本文证明了广义ElGamal型数字签名方案都不能抵御代换攻击.本文最后还证明了他们提出的两类改进型方案也不能抵御同态攻击,因而并不具有所说的安全性. 相似文献
17.
In this digital era, two entities can exchange the messages over internet even through the physical distance between them is much far. Before exchange they require to authenticate each other via authentication scheme. Biometric is one of the unique feature for each entity and can be accustomed to identify the authenticity of the entity. Motivated by this, many researchers had proposed the various schemes based on biometric feature for authentication using smart card. As smart card is not a temper resistance consummately, various attacks have been identified by the researchers in the biometric based authentication schemes. In this paper we review Wen et al.’s scheme and we find that Wen et al.’s scheme is vulnerable to insider attack, denial of service attack and user anonymity cannot achieve by them. Then we propose new remote user authentication algorithm where our algorithm is secure. 相似文献
18.
In global mobility networks, anonymous user authentication is an essential task for enabling roaming service. In a recent paper, Jiang et al. proposed a smart card based anonymous user authentication scheme for roaming service in global mobility networks. This scheme can protect user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Jiang et al.’s scheme, and show that the scheme is in fact insecure against the stolen-verifier attack and replay attack. Then, we also propose a new smart card based anonymous user authentication scheme for roaming service. Compared with the existing schemes, our protocol uses a different user authentication mechanism, which does not require the home agent to share a static secret key with the foreign agent, and hence, it is more practical and realistic. We show that our proposed scheme can provide stronger security than previous protocols. 相似文献
19.
Pardeep Kumar Andrei Gurtov Mika Ylianttila Sang‐Gon Lee HoonJae Lee 《ETRI Journal》2013,35(5):889-899
Wireless sensor networks (WSNs) are used for many real‐time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security‐performance‐balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end‐party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real‐world WSNs applications. 相似文献