共查询到20条相似文献,搜索用时 109 毫秒
1.
SET协议安全性分析 总被引:2,自引:0,他引:2
安全电子交易协议SET正逐渐成为实现电子商务系统的工业标准,本文就SEP中的信息保密性、信息完整性、信息完整性、身份认证等安全机制进行了分析与讨论。 相似文献
2.
一种用于松散耦合的分布式信息系统的身份认证协议 总被引:1,自引:0,他引:1
随着计算机网络和信息系统的飞速发展,在现有的异构的信息系统基础上共享信息的要求越来越迫切,本文提出了构造松散耦合的分布式信息系统的方法来解决这个问题,LCDIS中的一个关键总是就是其安全性。本文首先提出了LCDIS的概念,并对其进行了形式化的描述。由于LCIDIS具有自身的特点,因此不能直接采用 身份认证协议。我们针对其特点,提出了一种专用的身份认证协议。该协议已经成功地用于实际的松散耦合的分布式 相似文献
3.
认证协议是身份认证系统最关键的部分,研究和分析系统认证协议,是保证网络安全通信的必要条件。Kerberos是一个典型的认证协议,其使用专门的服务器进行统一的身份认证和权限管理,但是由于当初使用环境的原因,并没有使用公钥体制,这影响了系统的扩展性和易管理性。本文描述了一个身份认证系统认证协议的设计思想,使用公钥对kerberos协议进行了改进,并使用BAN逻辑分析了协议的安全性。 相似文献
4.
5.
改进的基于身份认证密钥协商协议* 总被引:1,自引:1,他引:0
对标准模型下可证安全的基于身份认证密钥协商协议进行安全分析,指出由于传送消息存在冗余,协议不能抵御伪装攻击。为解决上述安全漏洞,提出一个改进的基于身份认证密钥协商协议,并在标准模型下分析其安全性。结果表明,新协议满足基于身份认证密钥协商协议的所有安全要求。 相似文献
6.
杨战海 《计算机技术与发展》2010,20(10)
基于Kerberos协议的典型系统为单点登录身份认证系统,即单域身份认证系统,而关于用户到用户的身份认证系统,多采用NTLM协议.为了研究基于Kerberos协议的用户到用户认证系统,在充分研究Kerberos协议的体系结构和工作流程的基础上,对用户到用户的Kerberos身份认证系统的认证过程进行了详细的设计,分析了用户到用户的Kerberos身份认证系统的典型结构.研究表明,当一个客户端需要访问另一个客户端中运行的服务时,Kerberos身份认证协议支持在两个客户端之间的身份认证. 相似文献
7.
8.
以前用着色Petri网验证协议,大多只验证了其正确性,采用着色Petri网对自行设计的基于PKI的动态身份认证系统的安全性进行了描述和验证;一般在使用传统1-可达性分析方法分析复杂身份认证协议时,会存在状态空间爆炸的问题,为了有效地解决该问题,提出了一种用1-可迭性分析方法和向回分析方法相结合的策略,对该身份认证协议进行了分析,从而验证了该身份认证协议是安全的. 相似文献
9.
EAP-AKA是应用于3G网络的身份认证和密钥分配协议。本文在详细分析EAP-AKA协议认证过程的基础上,使用改进的认证测试方法对其安全性进行验证分析。验证结果说明,EAP-AKA协议能够满足对等端和EAP服务器间的双向身份认证。 相似文献
10.
11.
12.
Mohammad S. Obaidat Author Vitae Mukund Sundararajan Author Vitae 《Journal of Systems and Software》2009,82(12):1941-1949
In this paper we propose two new enhancements to the SOCKS protocol in the areas of IP multicasting and UDP tunneling. Most network firewalls deployed at the entrance to a private network block multicast traffic. This is because of potential security threats inherent with IP multicast. Multicasting is the backbone of many Internet technologies like voice and video conferencing, real time gaming, multimedia streaming, and online stock quotes, among others. There is a need to be able to safely and securely allow multicast streams to enter into and leave a protected enterprise network. Securing multicast streams is challenging. It poses many architectural issues. The SOCKS protocol is typically implemented in a network firewall as an application-layer gateway. Our first enhancement in the area of IP multicast to the SOCKS protocol is to enable the application of security and access control policies and safely allow multicast traffic to enter into the boundaries of a protected enterprise network. The second enhancement we propose is to allow the establishment of a tunnel between two protected networks that have SOCKS based firewalls to transport UDP datagrams. 相似文献
13.
服务器和客户机如何通信是木马研究的一个核心技术,该文讲述了如何利用网络协议躲避了防火墙和系统工具的检查,成功实现了木马的隐蔽通信,给出的源代码均调试通过。 相似文献
14.
因特网的日益发展给人们提供了更多的机会和方便快捷,同时也带来了更多的安全隐患。Kerberos解决了这个问题。Kerberos是一种身份认证协议,提供了集中的身份验证服务器,提供了从服务器端验证用户、用户端验证服务器,以及用户和服务器之间加密报文传输的安全功能。文中研究了Kerberos身份认证协议,完成和分析了运用Kerberos协议实现身份认证和安全通信的客户机/服务器程序的Java实现。 相似文献
15.
《Computer Networks》2007,51(13):3715-3726
Most users have multiple accounts on the Internet where each account is protected by a password. To avoid the headache in remembering and managing a long list of different and unrelated passwords, most users simply use the same password for multiple accounts. Unfortunately, the predominant HTTP basic authentication protocol (even over SSL) makes this common practice remarkably dangerous: an attacker can effectively steal users’ passwords for high-security servers (such as an online banking website) by setting up a malicious server or breaking into a low-security server (such as a high-school alumni website). Furthermore, the HTTP basic authentication protocol is vulnerable to phishing attacks because a client needs to reveal his password to the server that the client wants to login.In this paper, we propose a protocol that allows a client to securely use a single password across multiple servers, and also prevents phishing attacks. Our protocol achieves client authentication without the client revealing his password to the server at any point. Therefore, a compromised server cannot steal a client’s password and replay it to another server.Our protocol is simple, secure, efficient and user-friendly. In terms of simplicity, it only involves three messages. In terms of security, the protocol is secure against the attacks that have been discovered so far including the ones that are difficult to defend, such as the malicious server attacks described above and the recent phishing attacks. Essentially our protocol is an anti-phishing password protocol. In terms of efficiency, each run of our protocol only involves a total of four computations of a one-way hash function. In terms of usability, the protocol requires a user to remember only one password consisting of eight (or more) random characters, and this password can be used for all of his accounts. 相似文献
16.
本文中我们提出一种新的SSLVPN体系结构,以支持所有应用,同时增强抵抗Dos和分类的Dos攻击的能力。SSLVPN的关键优势是不需要特定的客户端软件。当用户要求访问一个服务器时,由JavaApplet编写的SSL客户端模块首先被下载到主机上。但是,并不所有应用都可以很好运行的,因为客户不能通过HTTPS连接某些我们熟知的应用。而且,当SSL端口受到Dos或分类的Dos攻击时,我们不能使用VPN进行连接。改进的VPN同样使用现存SSLVPN中应用的JavaApplet,但是这Applet实现的功能我们称之为动态编码,它通过Java远程方法调用(RMI)实现动态改变。VPN客户端Applet可以和服务器端的VPN服务器和防火墙进行互操作。 相似文献
17.
该文在分析SOCKS协议的实现原理和过程的基础上,讨论并实现了运行在Linux操作系统上,支持SOCKSv5协议和TCP协议,测试SOCKS服务器并发连接数量和吞吐量两项关键性能的软件工具。并以NEC提供的SOCKS服务器软件包Socks5Server为测试对象,并给出了性能测试结果。 相似文献
18.
传统防火墙通过保护网络入口点防止未授权的访问,这并不适用于CORBA在Internet上使用的IIOP协议,因此OMG提出CORBA防火墙安全性,旨在提供控制IIOP透过防火墙通信的标准方式,允许外部有控制地访问CORBA对象。文章介绍了CORBA分布式系统及防火墙,CORBA防火墙相对于传统防火墙的特殊问题,详细阐述了CORBA系统中的解决方案,对TCP防火墙、SOCKS防火墙,GIOP代理防火墙的运行机制进行了分析。 相似文献
19.
Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client–server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client–server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client–server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks. 相似文献
20.