共查询到18条相似文献,搜索用时 109 毫秒
1.
认证是无线局域网的一种最重要的服务。EAP-IKEv2是一个新的基于EAP协议的认证和密钥分配协议。该文详细分析了EAP-IKEv2协议的流程和安全性,并使用协议分析工具AVISPA验证了EAP-IKEv2安全性,结果说明EAP-IKEv2能够保证EAP客户端和认证服务器的双向认证。 相似文献
2.
可扩展认证协议(EAP)支持多种认证机制。章在介绍EAP工作机制的基础上,提出了一种新的EAP协议及其在可扩展因件接口(EFI)上的应用。 相似文献
3.
4.
5.
6.
7.
针对Split场景下,家乡代理不支持EAP协议的问题,提出了一种基于diameter-EAP协议的认证方案。认证服务器在对移动节点进行认证时,通过支持EAP协议的接入路由器对移动节点进行身份认证,为移动节点和MIP6服务提供者配置共享密钥,用于服务提供者对移动节点的认证。采用BAN逻辑对协议的安全性进行了形式化证明,并比较分析了该方案的性能,分析结果表明,该协议的密钥性能达到了RFC4004的水平。 相似文献
8.
9.
10.
无线网络中身份认证协议选择方法 总被引:3,自引:0,他引:3
无线网络中通常存在多种身份认证协议可供选择,如何选择一个能够满足用户个性化需求的协议是个尚未解决的问题。从用户的角度出发,针对无线网络的特点,在综合考虑了用户最为关心的几个要素,如协议的安全性、能量消耗、认证时间以及用户偏好的基础上,提出了解决方案。将能量消耗定义为用户发送、接收消息能量消耗以及交互过程中密码操作所涉及的能量消耗之和。其中,密码操作包括Hash算法、RSA密钥交换、数字签名以及对称加解密算法。实验部分对EAP‐PEAP ,EAP‐TLS ,EAP‐TTLS‐MD5和EAP‐TTLS‐MSCHAPV2这4种最为常用的协议进行比较,结果表明不管用户如何设置权值,EAP‐TTLS/MSCHAPV2和EAP‐TTLS/MD5总是优于EAP‐PEAP ,EAP‐TLS 。该方案通过考虑用户对身份认证协议的安全性以及性能方面的要求,按照用户的个性化需求进行了协议方案的选择。 相似文献
11.
Yuh-Min Tseng 《Computer Standards & Interfaces》2009,31(1):128-136
Due to the rapid growth in popularity of Wireless Local Area Network (WLAN), wireless security has become one of many important research issues. For the WLAN security, the IEEE 802.1X standard provides an authentication framework that is based on the Extensible Authentication Protocols (EAP). In the EAP framework, there are many authentication protocols that have been proposed, in which each authentication protocol has some strengths and weaknesses, respectively. Most EAP authentication protocols lack two features: identity protection and withstanding man-in-the-middle attacks. In this paper, we first propose a novel symmetric-key based certificate distribution scheme based on Universal Subscriber Identity Module (USIM) cards in a cellular network. The symmetric-key based certificate distribution scheme allows mobile subscribers to obtain temporary certificates from the corresponding cellular network. Combining the proposed certificate distribution scheme with the EAP-TLS (Transport Layer Security) protocol, we present a new EAP authentication protocol called USIM-based EAP authentication protocol. The new EAP authentication protocol combining with USIM cards is an extension of the EAP-TLS protocol and also follows the EAP framework in the IEEE 802.1X standard. Compared to other EAP authentication protocols, the proposed protocol provides mutual authentication, strong identity protection and roaming capability between the cellular network and the WLAN networks. 相似文献
12.
基于公钥密码体制的Kerberos协议的改进 总被引:2,自引:0,他引:2
随着计算机网络的发展,网络安全问题已变得日益重要,而身份认证在安全系统中的地位极其关键,是最基本的安全服务。Kerberos协议是基于私钥密码系统的身份认证协议。文中首先对Kerberos协议的认证原理进行分析;然后基于公钥体制的加密技术和Kerberos协议,提出了一个安全性更高的身份认证协议;最后分析了两种协议的异同。 相似文献
13.
EAP-AKA是应用于3G网络的身份认证和密钥分配协议。本文在详细分析EAP-AKA协议认证过程的基础上,使用改进的认证测试方法对其安全性进行验证分析。验证结果说明,EAP-AKA协议能够满足对等端和EAP服务器间的双向身份认证。 相似文献
14.
IP multicast is best-known for its bandwidth conservation and lower resource utilization. The present service model of multicast makes it difficult to restrict access to authorized End Users (EUs) or paying customers. Without an effective receiver access control, an adversary may exploit the existing IP multicast model, where a host or EU can join any multicast group by sending an Internet Group Management Protocol (IGMP) join message without prior authentication and authorization. We have developed a novel, scalable and secured access control architecture for IP multicast that deploys Authentication Authorization and Accounting (AAA) protocols to control group membership.The principal feature of the access control architecture, receiver access control, is addressed in this paper. The EU or host informs the multicast Access Router (AR) of its interest in receiving multicast traffic using the IGMP protocol. We propose the necessary extensions of IGMPv3 to carry AAA information, called IGMP with Access Control (IGMP-AC). For EU authentication, IGMP-AC encapsulates Extensible Authentication Protocol (EAP) packets. EAP is an authentication framework to provide some common functions and a negotiation of the desired authentication mechanism. Thus, IGMP-AC can support a variety of authentications by encapsulating different EAP methods. Furthermore, we have modeled the IGMP-AC protocol in PROMELA, and also verified the model using SPIN. We have illustrated the EAP encapsulation method with an example EAP method, EAP Internet Key Exchange (EAP-IKEv2). We have used AVISPA to validate the security properties of the EAP-IKEv2 method in pass-through mode, which fits within the IGMP-AC architecture. Finally, we have extended our previously developed access control architecture to accomplish inter-domain receiver access control and demonstrated the applicability of IGMP-AC in a multi-domain environment. 相似文献
15.
EAP-AKA(Extensible Authentication Protocol-Authentication and Key Agreement)是WLAN的认证和密钥分配协议;认证测试是一种以串空间理论为基础的安全协议分析验证方法。运用认证测试方法对EAP-AKA协议的双向身份认证过程进行了分析证明,结果说明EAP-AKA能够保证移动终端和认证服务器之间的双向认证。 相似文献
16.
17.
作为整个现代网络安全的基础,该文提出了验证的概念,它是会话初始化协议(SIP)网络中合并了可扩展认证协议(EAP)验证体系的一种机制。研究表明,SIP验证可以由EAP验证体系进行扩展而现有的AAA基础结构可以为SIP用户再次用于验证。实施验证的过程中使用了DIAMETER基础协议。这个基本协议工具使用低权目录访问协议(LDAP)而且必须使用接口,DIAMETER网络访问服务器请求(NASREQ)应用命令码的一个子集和AVP以在运行中实现扩展验证协议(EAP)传输。 相似文献
18.
无线传感器网络节点间认证及密钥协商协议 总被引:4,自引:2,他引:2
无线传感器网络的特性使它面临着比传统无线网络更大的安全挑战,其安全解决方案必须兼顾安全性和系统性能等因素。节点间认证及密钥协商是构建安全网络最基本的协议,是密钥管理协议和安全路由协议等的实现基础。很明显,包括传统Adhoc在内的各种无线网络领域中的安全认证及密钥协商机制都无法适用于无线传感器网络。为此,在充分考虑无线网络攻击方法和无线传感器网络自身特点的基础上,结合基于ID的公钥密码技术,提出了椭圆曲线双线性对上的无线传感器网络节点安全认证及密钥协商协议。分析发现,该协议不仅满足安全性要求,同时,能够适合无线传感器网络的特殊应用要求。 相似文献