共查询到20条相似文献,搜索用时 15 毫秒
1.
The concept of multi‐server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi‐server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi‐server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi‐server environments compared to other protocols with similar nature. 相似文献
2.
认证协议是网络环境中一类重要的安全协议,对协议进行形式化分析是保障其安全性的主要手段。文章以BAN逻辑为工具.分析了网络中常用的Kerbems认证协议。结果表明。Kerbems协议达到了预期的认证目标。 相似文献
3.
假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。 相似文献
4.
文章以近几年公钥密码学研究的热点椭圆曲线密码体制为例。说明密钥数据的结构及其存储问题。所设计的公钥密码系统是一个开放式系统。在用户终端建立私钥库PrKD和公钥库PuKD,产生各种密钥。同时完成数据加解密、签名及验证功能;在密钥服务器上建立一个公钥库SevD,存放密码系统中所有用户的公钥信息。为用户提供公钥发布和交换功能。按照不同的安全性要求,PrKD中的数据要求完全保密。SevD的数据要求防止篡改。 相似文献
5.
To attain ubiquitous connectivity of everything, Internet of Things (IoT) systems must include “multimedia things.” Internet of Multimedia Things (IoMT) is a heterogeneous network of smart multimedia things connected together and with other physical devices to the Internet so as to achieve globally available multimedia services and applications. Due to the ever increasing amount of multimedia data in IoT environments, securing these systems becomes crucial. This is because these systems are easily susceptible to attacks when information or any service is accessed by the users. In this paper, we propose a secure three‐factor remote user authentication scheme for IoMT systems using ECC. The formal security proof performed using ROR model and BAN logic confirms that an attacker will not be able to extract sensitive user information. Through informal security analysis, we justify the resistance of the scheme against several security attacks. The performance comparison shows that the scheme is efficient in terms of computational cost, security features, and attack resistance. Furthermore, simulation of the scheme using AVISPA and Proverif proves that the scheme is secure against all active and passive attacks. 相似文献
6.
7.
Anil Kumar Sutrala Ashok Kumar Das Neeraj Kumar Alavalapati Goutham Reddy Athanasios V. Vasilakos Joel J. P. C. Rodrigues 《International Journal of Communication Systems》2018,31(8)
In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme. 相似文献
8.
9.
10.
一种改进的椭圆曲线算法及在电子商务中的应用 总被引:2,自引:2,他引:2
徐小平 《微电子学与计算机》2004,21(4):74-77
椭圆曲线公钥密码体制(ECC)具有最高的位安全强度。文章分析了ECC的优势,讨论了椭圆曲线的数学基础和离散对数问题的复杂性,并对现有的ECC数字签名算法(ECDSA)进行了改进,进一步加快了运算速度,缩短了数据传输的时间。将改进的椭圆曲线密码体制应用在电子商务中实现数字签名,取得了较好的效果。 相似文献
11.
Arezou Ostad‐Sharif Dariush Abbasinezhad‐Mood Morteza Nikooghadam 《International Journal of Communication Systems》2019,32(5)
The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria. 相似文献
12.
Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes. 相似文献
13.
Yoo‐Jin Baek 《ETRI Journal》2010,32(3):362-369
While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost. 相似文献
14.
文章分析了有限域上椭圆曲线密码体制的基本操作,针对实现中计算量最大的两个问题乘法和求逆运算,提出了VLSI并行算法,设计了相应的脉动阵列,并指出了它在椭圆曲线密码体制实现中的重要意义。 相似文献
15.
Efficient Implementation of Pairing-Based Cryptosystems 总被引:1,自引:0,他引:1
Pairing-based cryptosystems rely on the existence of bilinear,
nondegenerate, efficiently computable maps (called pairings) over certain groups. Currently,
all such pairings used in practice are related to the Tate pairing on elliptic curve groups
whose embedding degree is large enough to maintain a good security level, but small enough
for arithmetic operations to be feasible. In this paper we describe how to construct
ordinary (non-supersingular) elliptic curves containing groups with arbitrary embedding
degree, and show how to compute the Tate pairing on these groups efficiently. 相似文献
16.
Leila Benarous Benamar Kadri Salim Bitam Abdelhamid Mellouk 《International Journal of Communication Systems》2020,33(10)
Privacy in Vehicular Ad Hoc Networks (VANET) is fundamental because the user's safety may be threatened by the identity and the real‐time spatiotemporal data exchanged on the network. This issue is commonly addressed by the use of certified temporal pseudonyms and their updating strategies to ensure the user's unlinkability and anonymity. IEEE 1609.2 Standard specified the process of certifying pseudonym along with certificates structure. However, the communication procedure between the certifying authority and the requesting vehicle was not defined. In this paper, a new privacy‐preserving solution for pseudonym on‐road on‐demand refilling is proposed where the vehicle anonymously authenticates itself to the regional authority subsidiary of the central trusted authority to request a new pseudonyms pool. The authentication method has two phases, the first one uses anonymous tickets, and the second one is a challenge‐based authentication. The anonymous tickets are certificates that do not include the identity of the user. Instead, it contains a reference number and the certifying authority signature. The challenge authentication is identity‐less to preserve the privacy, yet it is used to prevent the misuse of tickets and the impersonation of its owner. Our proposed scheme is analyzed by the use of Burrows, Abadi and Needham (BAN) logic to demonstrate its correctness. It is also specified and checked by using the Security Protocol ANimator (SPAN) and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tools. The logical demonstration proved that this privacy‐preserving authentication is assured. The SPAN and AVISPA tools illustrated that it is resilient to security attacks. 相似文献
17.
椭圆曲线密码体制是安全性最高的公钥密码体制,它的安全性是基于椭圆曲线上的离散对数问题,同时椭圆曲线参数的选择对系统的安全性也至关重要。本文首先介绍了椭圆曲线密码体制的基本概念和相关数论知识,其次阐述了选择安全椭圆曲线的原则,最后详细介绍了如何通过选取合适的椭圆曲线参数来产生安全椭圆曲线,并对这些参数的合理性进行了验证。结果表明,按照这种方式所选取的椭圆曲线,抵御现有算法攻击能力大大增强。 相似文献
18.
Hu Bin Jin Chenhui 《电子科学学刊(英文版)》2006,23(1):54-57
Proxy signature is a special digital signature which enables a proxy signer to sign messages on behalf of the original signer. This paper proposes a strongly secure proxy signature scheme and a secure multi-proxy signature scheme based on elliptic curve cryptosystem. Contrast with universal proxy signature schemes, they are secure against key substitute attack even if there is not a certificate authority in the system, and also secure against the original signer's forgery attack. Furtherlnore, based on the elliptic curve cryptosystem, they are more efficient and have smaller key size than other system. They can be used in electronics transaction and mobile agent environment. 相似文献
19.