共查询到19条相似文献,搜索用时 109 毫秒
1.
2.
3.
目前,国家电网公司已确立IP多媒体子系统(IP multimedia subsystem,IMS)作为下一代电网行政交换网的主流技术,针对国家电网的信息安全要求,电力IMS网络安全接入问题需要进一步的探讨。文中对IMS网络的安全架构进行详细分析,综合分析了IMS AKA(authentication and key agreement)的接入流程,并指出IMS AKA现存的一些安全漏洞。针对这些漏洞,提出了一种模糊用户身份的IMS网络安全接入认证算法。该算法首先使用基于模幂运算的无密钥加密技术生成一次性标识来模糊用户身份以达到身份保护的目的,然后再通过椭圆曲线加密技术来优化认证密钥协商模块。通过性能和安全性分析,该算法能够有效降低计算成本,减少存储空间,提高了应对攻击的能力,保证了电力IMS业务的安全接入。 相似文献
4.
为实现PoC系统安全的身份认证,本文提出了一种应用层绑定接入层的双重认证方案,该方案依靠核心网中的公共鉴权服务器和服务网络中的SIP代理服务器完成了接入层和应用层的鉴权,实现了用户IP地址和手机号码的有效绑定和客户端与服务器的双向鉴权功能,在相同安全等级的情况下,降低了认证信息交换次数和系统开销,较好的实现了身份认证功能。 相似文献
5.
第三代无线通信系统接入安全机制 总被引:1,自引:0,他引:1
第1代(1G)无线通信系统在设计中几乎没有考虑对系统和用户的安全保护措施。第2代(2G)无线通信系统对此做了极大的改进,提供了网络实体鉴权和机静陛的保护。尽管如此,在第2代无线通信系统中。安全机制还是存在着很多不足。第3代(3G)无线通信系统是当前通信领域研究开发的热点。本文主要介绍了3G系统网络接入安全机制的设计原则和架构,并对3G系统网络接入安全机制采用的鉴权和密钥分配(Authentication and Key Agreement)协议进行了深入探讨。 相似文献
6.
7.
WiMAX以其极高的接入速率成为当前无线宽带接入技术研究的热点,EAP-AKA是其对应的鉴权和密钥管理协议,本文分析了EAP-AKA协议的认证流程和安全性能,指出了其安全缺陷. 相似文献
8.
由于我国并未掌握蜂窝鉴权与话音加密算法(CAVE)的实现,使得CDMA网络并未实现真正的安全。提出了一种基于椭圆曲线的CDMA网络鉴权方案,通过公钥签名机制完成对用户身份的识别和管理。与CAVE算法相比,该方案除具备自主知识产权外,还减轻了鉴权中心的负担。最后通过实验证明这种鉴权方案是完全可行的。 相似文献
9.
10.
随着我国移动互联网进入快速增长时期,移动互联网的安全问题已经成为影响其发展的重要因素之一。目前在接入安全保障上主要采用双向认证鉴权、在无线空口采用加强型加密机制以及针对WiFi接入用AES算法替代RC4,在承载网上主要部署异常流量监控和清洗技术,以及采用网络溯源技术等来解决安全问题。 相似文献
11.
IP Multimedia Subsystem (IMS) is widely considered as the main solution for the next generation multimedia rich communication. In order to provide multi-level security service in IMS to mobile users for multimedia applications, it is insufficient to take the security benefits into consideration, but adequately analyzing the impact of security policies in IMS on the performance cost quantitatively is also necessary and significant. In this paper, we first propose a novel study of IMS performance by a QPN model to much more precisely describe SIP signaling in IMS, and made performance evaluation. Then we defined totally seven levels of IMS security policies according to IMS specifications in 3GPP and proposed QoP partition model which quantitatively reflects strength of protection of SIP signaling and users’ security needs. Further more, we did our original contributions to use the QPN model to evaluate the impacts of security mechanism on system performance cost quantitatively. With the multi-view security partition introduced, different security policies could be adjusted according to the application and users’ security requirements, so that multi-level security service can be provided to diverse users and applications for a better tradeoff between security requirements and system performance in IMS. 相似文献
12.
13.
《Information and Software Technology》2003,45(14):979-991
Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for eliciting and analysing these types of requirements, because they do not allow complex organisational structures and procedures that underlie policies to be represented adequately. This paper discusses roles and why they are important in the analysis of security. The paper relates roles to organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies. 相似文献
14.
15.
16.
韩庆绵 《网络安全技术与应用》2011,(1):32-34
本文介绍了IMS网络的安全体系结构,分析了IMS终端用户接入IMS网络时需要进行基于3GPP AKA的网络与用户之间的双向认证。通过分析AKA认证过程,实现了AKA算法,实现了网络对终端的认证,通过系统联试,并用EtherPeek抓包软件对客户端注册到网络的过程进行数据分析,证明了IMS网络实现AKA认证过程的正确性。 相似文献
17.
《Computer Networks》2007,51(16):4697-4709
International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web Services which allow multimedia applications to be implemented on top of different fixed and mobile network types. These established middleware services are also applicable to the new IP Multimedia Subsystem (IMS) forming the heart of emerging next generation networks. The main objective of this kind of middleware services is to simplify and unify service creation and – as applications are realized in so-called application servers which can be flexibly connected to dedicated network gateways – also to expose available network capabilities to third parties. This results in an inherent increase of security threats and increases the risk of attacks on network resources. This article describes the security requirements and challenges to Web services-based NGN middleware. Based on this analysis the paper presents the middleware security mechanisms at application level providing end-to-end security based on standard such as XML Digital Signatures, XML Encryption and SAML (Security Assertion Markup Language). Furthermore, we propose additional security means in the form of intrusion detection and prevention (IDP) system protecting applications middleware against SQL injection attacks which are not mitigated by existing solutions. 相似文献
18.
刘国强 《数字社区&智能家居》2014,(11):7321-7322
随着IMS网络的快速发展,IMS边缘汇聚层的网络安全成为重点关注之,该文针对IMS边缘汇聚层来自互联网的各种主要安全威胁,提出相应的防范方法和措施,通过设置ACL策略等,有效了保证了网络的安全。 相似文献
19.
纸病检测机的热接装置模型参数具有随温度而变化的时变特性,采用常规PID控制方法不能满足较高工艺要求,为了提高包材接头的热接质量,避免由于接头质量差造成包材断头的情况发生;为此,对某液态软包装使用的IMS公司生产的纸病检测机热接装置进行改进,应用一种参数模糊自适应PID控制方法,并设计了基于单片机的温度控制硬件装置;实践证明该方法有较高的稳态精度和跟踪性,装置简单,运行效果较好;更好地满足了生产的要求,使灌装机生产过程更流畅,提高了生产效率。 相似文献