共查询到19条相似文献,搜索用时 101 毫秒
1.
2.
由于无线射频识别(RFID)系统资源的限制,现有组证明协议大多采用对称密码算法,会带来安全和隐私保护方面的问题。为此,将公钥密码算法引入到组证明协议设计中。针对基于椭圆曲线密码(ECC)的组证明协议存在易受跟踪攻击的问题,提出一种改进方案,并对其安全性进行分析。分析结果表明,该协议能够抵抗跟踪攻击、伪造证明攻击、重放攻击和假冒攻击,具有较好的安全性,适合于RFID系统应用。 相似文献
3.
针对现有的RFID认证协议所面临的安全隐私保护问题,利用Hash函数加密的方法,提出了一种能抵抗拒绝服务攻击且高效的RFID安全认证协议。通过在阅读器上进行随机数的比较与识别,从而使该协议可抵抗拒绝服务攻击,并且在后台数据库中存储标签标识符的两种状态,以便实现电子标签与后台数据库的数据同步。从理论上分析了协议的性能和安全性,并利用BAN逻辑对协议的安全性进行了形式化证明。分析结果表明,该协议能够有效地实现阅读器和电子标签之间的相互认证,能有效地抵抗拒绝服务攻击且与其他协议比较,整个RFID系统的计算量减小,适用于大规模使用标签的RFID系统。 相似文献
4.
安全协议在维护网络安全的过程中,都需要采用密码算法来达到其安全的目的.在其运行的初始阶段,要进行复杂计算,并需保存相关状态信息,这使得其存在拒绝服务攻击的安全隐患.本文分析针对安全协议的拒绝服务攻击方式,并重点讨论防御攻击的puzzle方法,定量的研究其防御拒绝服务攻击的过程,给出了难度系数的调整公式,进一步提出请求成功率保证算法,能根据需要动态调整防御拒绝服务攻击的强度,进而提高安全协议的安全性和系统的运行效率. 相似文献
5.
针对量子计算机对现有RFID系统的公钥密码体制(RSA、ECC)的安全性带来了巨大冲击,提出了一种基于NTRU密码体制的RFID相互认证协议,NTRU密码体制能够抵抗量子攻击且加解密速度快、密钥短、安全性高。将NTUR密码体制和具有不可预测性的真随机数发生器相结合,保证每次传输的数据都具有不可预测性,能够有效抵抗跟踪攻击、假冒攻击、重放攻击等安全隐私问题,并且实现了三方相互认证。通过GNY逻辑对协议安全性进行了形式化证明,证明了协议的可行性,最后与其他相关协议对比分析,表明所提出协议的安全性和计算效率更高。 相似文献
6.
7.
8.
IPSec中密钥交换协议IKE的安全性分析与改进 总被引:1,自引:0,他引:1
介绍了IKE协议,研究了IKE协议的安全性问题。对中间人攻击进行了分析并提出了一种改进cookie生成算法;针对拒绝服务攻击分析了系统安全性缺陷,并针对此类缺陷作出了算法改进;在前两种改进方案的基础上设计了一种新的口令认证密钥交换协议,经验证,新的口令认证密钥交换协议更安全有效。 相似文献
9.
10.
11.
WTLS握手协议不满足前向安全性,非匿名验证模式下不满足用户匿名性,完全匿名模式下易遭受中间人攻击.DH-EKE协议具有认证的密钥协商功能,将改进的DH-EKE集成到WTLS握手协议中,只需使用可记忆的用户口令,不需使用鉴权证书及数字签名.该方案适用于完全匿名的验证模式,可抵御中间人攻击和字典式攻击,且在服务器中不直接存储口令,攻击者即使攻破服务器获得口令文件也无法冒充用户,能够在WTLS握手协议中实现简单身份认证和安全密钥交换. 相似文献
12.
13.
《Computer Networks》2007,51(13):3715-3726
Most users have multiple accounts on the Internet where each account is protected by a password. To avoid the headache in remembering and managing a long list of different and unrelated passwords, most users simply use the same password for multiple accounts. Unfortunately, the predominant HTTP basic authentication protocol (even over SSL) makes this common practice remarkably dangerous: an attacker can effectively steal users’ passwords for high-security servers (such as an online banking website) by setting up a malicious server or breaking into a low-security server (such as a high-school alumni website). Furthermore, the HTTP basic authentication protocol is vulnerable to phishing attacks because a client needs to reveal his password to the server that the client wants to login.In this paper, we propose a protocol that allows a client to securely use a single password across multiple servers, and also prevents phishing attacks. Our protocol achieves client authentication without the client revealing his password to the server at any point. Therefore, a compromised server cannot steal a client’s password and replay it to another server.Our protocol is simple, secure, efficient and user-friendly. In terms of simplicity, it only involves three messages. In terms of security, the protocol is secure against the attacks that have been discovered so far including the ones that are difficult to defend, such as the malicious server attacks described above and the recent phishing attacks. Essentially our protocol is an anti-phishing password protocol. In terms of efficiency, each run of our protocol only involves a total of four computations of a one-way hash function. In terms of usability, the protocol requires a user to remember only one password consisting of eight (or more) random characters, and this password can be used for all of his accounts. 相似文献
14.
15.
Improving the novel three-party encrypted key exchange protocol 总被引:1,自引:0,他引:1
In 2004, Chang and Chang proposed a three-party encrypted key exchange (ECC-3PEKE) protocol without using the server's public keys. They claimed that their proposed ECC-3PEKE protocol is secure, efficient, and practical. Unlike their claims, the ECC-3PEKE protocol, however, is still susceptible to undetectable on-line password guessing attacks. Accordingly, the current paper demonstrates the vulnerability of Chang–Chang's ECC-3PEKE protocol regarding undetectable on-line password guessing attacks and than presents an enhancement to resolve such security problems. 相似文献
16.
口令认证是最简单,方便和应用最广泛的一种用户认证方式。最近,Tsaur等人指出了Chang等人的口令更新协议存在拒绝服务攻击并且不能提供口令的后向安全。随后,他们给出了一种改进的口令更新协议,并声称该协议是安全的。文中,分析了Tsaur等人的口令更新协议,指出了其方案是易受离线字典攻击的,且不能提供口令的前向和后向安全性。最后,提出一种改进的口令更新协议,并分析其安全性。 相似文献
17.
研究了马尔可夫跳变信息物理系统(CPSs)在模态依赖拒绝服务(DoS)攻击下的安全控制问题.提出了一种新颖的模态依赖事件触发策略来减少网络资源消耗.特别地,DoS攻击被设置为依赖系统模态,从而更贴近实际的应用.基于Lyapunov Krasovskii泛函方法建立了闭环系统在DoS攻击下渐近一致有界的充分性条件.更进一步,根据矩阵技术设计了所需的安全控制器.最后,通过一个实例说明了该方法的有效性. 相似文献
18.
19.
Philip MacKenzie Sarvar Patel Ram Swaminathan 《International Journal of Information Security》2010,9(6):387-410
There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which
two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only
ones that have been proven secured against offline dictionary attacks were based on Diffie–Hellman key exchange. We examine
how to design a secure password-authenticated key exchange protocol based on RSA. In this paper, we first look at the OKE
and protected-OKE protocols (both RSA-based) and show that they are insecure. Then we show how to modify the OKE protocol
to obtain a password-authenticated key exchange protocol that can be proven secure (in the random oracle model). This protocol
is very practical; in fact, it requires about the same amount of computation as the Diffie–Hellman-based protocols. Finally,
we present an augmented protocol that is resilient to server compromise, meaning (informally) that an attacker who compromises
a server would not be able to impersonate a client, at least not without running an offline dictionary attack against that
client’s password. 相似文献