Roles of subsidiary managers in multinational corporations: The effect of dual organizational identification

Abstract and Key Results

Design and Evaluation of DNS as Location Manager for HIP

Host Identity Protocol (HIP) is designed to provide secure and continuous communication by separating the identifier and locator roles of the Internet Protocol (IP) address. HIP also has efficient solutions to support host mobility. In this paper, we propose a location management scheme based on Domain Name System (DNS) for HIP. In the proposed scheme, a new DNS HIP resource record is used to translate a domain name into a host identity tag and an IP address. We also develop an analytical model to study the performance of DNS as location manager in terms of success rate, which takes into account the velocity of mobile nodes, the radius of a subnet, the regional network size, the packet transmission delay between the mobile node and the rendezvous server, and the packet processing delay at the DNS and the rendezvous server. The performance results show that for a reasonable range, the DNS is a feasible solution for location management with high success rate for HIP.

Escrow-free encryption supporting cryptographic workflow

Since Boneh and Franklin published their seminal paper on identity based encryption (IBE) using the Weil pairing, there has been a great deal of interest in cryptographic primitives based on elliptic-curve pairings. One particularly interesting application has been to control access to data, via possibly complex policies. In this paper we continue the research in this vein. We present an encryption scheme such that the receiver of an encrypted message can only decrypt if it satisfies a particular policy chosen by the sender at the time of encryption. Unlike standard IBE, our encryption scheme is escrow free in that no credential-issuing authority (or colluding set of credential-issuing authorities) is able to decrypt ciphertexts itself, providing the users' public keys are properly certified. In addition we describe a security model for the scenario in question and provide proofs of security for our scheme (in the random oracle model).     

基于轻量目录访问协议和SOAP的统一认证框架设计

首先分析现有的统一认证系统的特点并指出其在应用集成上存在的不足,由此提出一个基于轻量目录访问协议和SOAP的统一认证实现框架,利用目录技术实现了对网络用户和网络应用的统一管理,利用SOAP将认证服务封装为一个Web服务,提供对Web Service实现框架的支持,使网络管理更加简单有效.     

基于用户身份加密体系中的门限代理签密方案

基于用户身份的加密体系是一种新型的公钥加密体系,在这种体系中,用户的身份标志或是从身份标志中衍化出来的字符串序列就是他们的公钥。在一个门限值为(t,n)的代理签名方案中,源签名人可以把他(或她)的签名权利委派给n个代理签名人,从而使得任何大于等于t个代理签名人可以代表源签名人对信息进行签名,而小于等于(t-1)个代理者却没有这种权利。然而,在许多情况下人们希望一个方案能同时满足保密性、可认证性以及不可否认性。文章提出了一种在双线性对偶映射下的基于用户身份加密体系中的门限代理签密方案,并且分析了该方案的安全性。     

一次性口令身份认证方案的分析与改进

分析了文献[1]中的一次性口令的身份认证方案，发现由于原方案是一个单向认证协议，因此不能抵抗中间人攻击，该文在不增加计算复杂度的前提下，对原方案进行了改进，使其成为一个安全的双向认证协议，并将其中的关键信息进行了加密保护，改进后的方案克服了原方案存在的安全漏洞，并保留了原方案的所有安全特性，且具有更高的安全性。     

基于中国剩余定理的无线局域网安全方案

针对无线局域网中用户的不确定性,提出一种基于中国剩余定理的用户身份认证方案.该方案的优点是为每个用户分配私人密钥,并借助于简单模运算,便可判断该用户对AP的访问权;更新用户时,无需修改其他用户的私人密钥,管理方便、快捷.     

分布式认证系统浅析

随着应用系统的发展,单一的认证服务器负荷越来越大且安全性不高,分布式认证系统可以很好的解决这一问题,且可以达到对现有应用系统的良好集成。本文就对客户端/服务器（C/S）模式和浏览器/服务器（B/S）模式下两个典型的分布式认证系统进行了分析研究。     

基于身份的电子邮件系统

1984年,为了简化密钥管理并取消公钥证书的使用,Shamir提出了基于身份的密码学概念.在这种密码学模式下,用户的身份信息如用户的名字、Email地址或者IP地址可以直接用作用户的公钥.文章基于三个开放源码库:GNU Multiple Precision(GMP)、OpenSSL和IBE库,设计并实现了一个基于身份的电子邮件系统.该系统具有邮件加密、解密、签名、验证功能.     

Secure communications for cluster-based ad hoc networks using node identities

Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least.