A nexus of Cyber-Geography and Cyber-Psychology: Topos/“Notopia” and identity in hacking

This paper explores the Cyber-Psychological and Cyber-Geographic aspects of hacking and hacktivism. An examination of the literature related to hackers and hacking reveals a complex nexus of spatial (including cyber-spatial such as “Notopia”) and psychological aspects of hacking, from which emerges a central question of how humans perceive and manipulate their cyber-identities. Concealing (real and cyber) identities is typical in hacking. With our progressive acculturation with identity-less and place-less modes of existence, our cyber-identities through time may be studied from within John Locke’s criterion of “memory” and the spatial-geographical criterion of identity.     

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Recently, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment, and claimed that their scheme was intended to provide mutual authentication, two-factor security, replay attack, server spoofing attack, insider and stolen verifier attack, forward secrecy and user anonymity. In this paper, we show that Liao and Wang's scheme is still vulnerable to insider's attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable. Furthermore, it fails to provide mutual authentication. To remedy these flaws, this paper proposes an efficient improvement over Liao–Wang's scheme with more security. The computation cost, security, and efficiency of the improved scheme are well suited to the practical applications environment.     

基于分段模型检测的云服务跨域认证协议的形式化分析与验证

针对多个云服务之间的跨域认证问题,提出一种基于SAML协议的云服务安全认证方案。阐明了该方案的关键技术机制,建立了云服务安全认证协议抽象模型;采用Casper和FDR软件的组合,通过模型检测法对云服务认证协议进行了形式化分析与验证;通过对安全认证协议进行分段模型检测,解决了安全协议形式化分析验证导致的状态空间爆炸问题。模型检测软件的实验结果验证了云服务跨域认证方案的有效性及安全性。     

基于簇的水声传感器网络的安全认证协议

近年来,基于簇的水声传感器网络得到广泛应用。由于水声传感器多用于军事行业,使得提高水声传感器网络的安全性变得十分重要。针对提高水声传感器网络安全性这一问题,提出了结合ECC Diffie-Hellman密钥交换、一元高阶多项式、双线性映射和哈希函数的安全认证协议。经过分析,该协议满足了认证、访问控制、数据保密性、数据完整性和不可否认性等安全需求。结合BAN逻辑进行形式化分析,证明该协议是安全的;同时,将协议的两个阶段分别与同类型认证协议进行对比,实验结果表明,所提协议的性能在时间或者空间上有所提升。     

WIFI无线登录安全性研究

一直以来,无线网络的安全问题都备受关注,其中认证是保证信息安全的一个重要环节。目前无线认证有多种方式,比如Radius认证,Web认证,端口认证等,本文通过调研分析Radius认证与Web认证两种无线认证方式,来比较在家庭路由认证状态下,两者的性能差异,从而更好的解决目前普遍存在的弱密码问题。     

移动自组织网络安全接入技术研究综述

针对移动Ad hoc网络的特点对其中存在的主要安全威胁进行了分析,给出了MANET中安全接入的概念以及主要的性能要求。在此基础上,对MANET的主要安全接入技术进行了回顾,对各方案的优缺点进行了分析。最后对几类典型的安全接入方案进行了比较,并对未来值得进一步研究的问题进行了展望。     

Cryptanalysis of an identity based broadcast encryption scheme without random oracles

Identity based broadcast encryption allows a centralized transmitter to send encrypted messages to a set of identities S, so that only the users with identity in S can decrypt these ciphertexts using their respective private key. Recently [Information Processing Letters 109 (2009)], an identity-based broadcast encryption scheme was proposed (Ren and Gu, 2009) [1], and it was claimed to be fully chosen-ciphertext secure without random oracles. However, by giving a concrete attack, we indicate that this scheme is even not chosen-plaintext secure.     

A note on the security of PAP

In this letter, we analyze the security of an RFID authentication protocol proposed by Liu and Bailey [1], called privacy and authentication protocol (PAP). We present two traceability attacks and an impersonation attack.     

A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem

Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two improvements of the Yang and Chang's scheme have been proposed recently, however, it has been found that the schemes have similar security flaws as in the Yang and Chang's scheme. In order to remove the security pitfalls of the Yang and Chang and the subsequent schemes, we proposed an enhanced remote user mutual authentication scheme that uses elliptic curve cryptography and identity-based cryptosystem with three-way challenge-response handshake technique. It supports flawless mutual authentication of participants, agreement of session key and the leaked key revocation capability. In addition, the proposed scheme possesses low power consumption, low computation cost and better security attributes. As a result, the proposed scheme seems to be more practical and suitable for mobile users for secure Internet banking, online shopping, online voting, etc.     

公钥基础设施在网络安全中的研究与应用

文章提出了一种基于ＰＫＩ的网络安全模型,旨在为网络服务提供有效认证、访问控制、授权、传输机密性、不可否认性等安全机制。该模型在 ＰＫＩ的基础上,结合了 Ｋｅｒｂｅｒｏｓ的优势,并扩展了其机制中服务票据的思想,提出了由授权服务器签名的授权证书的概念,以保证自治式与集中式访问控制相结合的安全管理模式。