共查询到20条相似文献,搜索用时 93 毫秒
1.
2.
《信息通信技术》2016,(2):53-57
云计算的安全问题是云计算技术的核心问题之一。近年来,针对云计算中用户访问的安全问题提出了多个安全认证方案。但是,这些方案大都存在安全漏洞、流程复杂等缺陷,因此不适用于云计算环境。文章首先对一个高效的基于身份云计算认证协议进行分析,指出其算法的错误,并对其进行修正。其次提出一个适用于云计算环境下安全的用户认证方案。方案基于无对运算的无证书密码体系,避免基于身份认证方案的密钥泄露问题。在尽可能简化运算的前提下,提升了安全性。同时,方案使用临时身份代替用户真实身份,从而实现了用户匿名性。为了避免重放攻击,在方案中使用时戳以进一步增强了安全性。与现有相关协议相比,提出的方案有更高的安全级别和尽可能小的认证时延,因此更适合于云计算环境。 相似文献
3.
4.
针对用户快速认证问题,对动态用户认证协议作了介绍,并指出了其可能的安全隐患.提出了对动态用户认证协议的改进方案,并对改进协议的性能进行讨论,并论述了该协议在异构环境下无线传感器网络中的应用. 相似文献
5.
6.
量子算法和量子计算机对装备保障信息网络的认证方案已构成严重的潜在威胁。针对当前装备保障信息网络身份认证方案无法抵抗量子计算机攻击、认证效率相对较低的问题,引入格理论的本原格抽样算法和双峰高斯抽样技术,提出了装备保障信息网络在量子环境下安全且快速的身份认证方案,给出了方案的正确性、安全性的理论证明以及方案运行效率的比较分析。结果表明,基于随机预言机证明模型,该方案在小整数解问题困难性假设下达到了适应性选择身份和选择消息攻击的存在性不可伪造性;在保证安全的前提下,新方案在私钥提取阶段和身份认证阶段的运行效率均高于已有的几个同类格基身份认证方案。这为提高我国装备保障信息网络安全认证能力提供了新的思路和方法。 相似文献
7.
基于数字签名的交互式用户身份鉴别方案 总被引:2,自引:0,他引:2
该文首先利用Harn数字签名方案建立了基于身份的交互式用户认证与双向认证方案,并首次将这种基于身份的交互式用户认证方案推广为基于身份的交互式共享认证方案,使得认证系统的n名验证者中t名以上验证者才能验证用户身份的有效性,从而可以有效地防止认证系统个别管理人员的作弊行为,提高了认证系统的安全级别与可用性。 相似文献
8.
针对静态口令身份认证技术易受攻击的安全缺陷,在事件同步一次性口令产生机制的基础上,结合公钥密码体制,设计并实现了一种新的一次性口令双向认证方案。与传统的挑战/响应双向认证方案相比,该方案实现简单、执行效率高,适用于电子商务过程中的身份认证,能够实现网络环境下用户和服务器的双向认证,避免各种攻击,可以大大提高用户访问的安全性,有效保护用户信息。 相似文献
9.
传统的身份认证技术对于多播身份认证并不适用,因为多播身份认证有它自身的特殊要求.主要阐述了几种针对多播身份认证独特特点的解决方案,并分别总结了这些方案的优点,并指出了他们的缺点,最后对这些方案进行了比较,并介绍了一种可能用于改进多播的身份认证的技术. 相似文献
10.
11.
12.
首先介绍了WCDMA系统鉴权的概念,具体分析了他的过程,重点介绍了鉴权与密钥协商(AKA)、算法协商、密钥管理等几个关键问题,分析了其对WCDMA系统安全特性的实现。 相似文献
13.
This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
14.
15.
A new two-factor authenticated key agreement protocol based on biometric feature and password was proposed.The protocol took advantages of the user’s biological information and password to achieve the secure communication without bringing the smart card.The biometric feature was not stored in the server by using the fuzzy extractor technique,so the sensitive information of the user cannot be leaked when the server was corrupted.The authentication messages of the user were protected by the server’s public key,so the protocol can resist the off-line dictionary attack which often appears in the authentication protocols based on password.The security of the proposed protocol was given in the random oracle model provided the elliptic computational Diffie-Hellman assumption holds.The performance analysis shows the proposed protocol has better security. 相似文献
16.
云计算中基于认证数据结构的数据外包认证模型 总被引:2,自引:0,他引:2
利用认证数据结构(ADS,authenticated data structures)的安全特性,分析并设计了面向云计算的基于ADS的数据外包认证模型,给出了模型的形式化定义、数据查询认证协议与数据更新认证协议;对ADS在模型实际应用时遇到的关键问题进行分析,设计了扩展数据一致性证据生成算法和扩展验证算法,从而实现了ADS在模型中的有效融入。最后从安全性和效率两方面对模型的性能进行分析比较,结果表明模型以较高效率实现了数据的正确性与一致性认证。 相似文献
17.
Hao proposed the YAK as a robust key agreement based on public‐key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two‐party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie‐Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. 相似文献
18.
提出了一个实现组织集合交集认证策略的新型组织隐藏的密钥协商协议,2个匿名用户从属的组织集合存在交集且元素个数至少为一个门限值时可以完成一次成功的秘密认证和密钥协商,同时保证集合交集之外的组织信息机密性。新协议在随机预言机模型下可证安全,并且在计算和通信性能上仍具备一定的优势。 相似文献
19.
由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman(Computational Diffie-Hellman,CDH)问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK(extended Canetti-Krawczyk)模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明:新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务. 相似文献
20.
A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card
下载免费PDF全文
![点击此处可从《International Journal of Communication Systems》网站下载免费的PDF全文](/ch/ext_images/free.gif)
Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献