共查询到20条相似文献,搜索用时 93 毫秒
1.
李文进 《信息安全与通信保密》2007,2(6):189-191
论文提出一种基于AES的口令认证协议。协议不使用公开密钥算法,仅采用AES进行远程用户的身份认证,具有速度快、安全性高的特点,易于采用令牌(Token)或IC卡硬件实现。最后,对认证协议的安全性进行了讨论。 相似文献
2.
对可扩展认证协议(EAP)和远程用户拨入认证系统(RADIUS)协议进行了阐述,给出了基于移动IPv6的AAA(认证、授权、计费)体系架构。针对移动IPv6移动用户接入认证问题,提出了基于EAP/RADIUS的移动IPv6接入认证构架,通过EAP与RADIUS服务器协作的方式实现对移动用户的接入认证。 相似文献
3.
上海电信认证计费系统担负着上海电信400多万宽/窄带用户的认证授权功能,在宽带业务中占有非常重要的地位.文章简要分析上海电信认证计费系统目前存在的认证问题,通过数据分析,找到目前影响系统性能的原因,并提出了解决方案.通过在Radills(远程拨号用户认证协议)中增加动态黑名单的功能,对那些异常认证数据进行判断,并加以拦... 相似文献
4.
针对用户快速认证问题,对动态用户认证协议作了介绍,并指出了其可能的安全隐患.提出了对动态用户认证协议的改进方案,并对改进协议的性能进行讨论,并论述了该协议在异构环境下无线传感器网络中的应用. 相似文献
5.
为进一步提高计算机远程网络通信安全,对计算机远程通信网络技术进行详细阐述,并重点从安全协议的角度对计算机远程网络通信技术的安全性进行研究,并通过增设同步计数器和变更认证网关的方式对GPRS认证协议进行优化。结果表明优化后的认证协议有更高安全性,网关认证负载更低,效率更高,能够有效确保计算机远程网络通信安全。 相似文献
6.
在SSL(安全套接层)VPN(虚拟专用网络)用户远程接入静态账户+手机短信令牌验证的加强型身份认证方式基础上,探讨与企业统一身份认证系统的对接方式,这样既保证了身份认证的足够安全性,又提升了用户的使用体验。设计利用RADIUS(远程认证拨号用户服务)属性值来传递用户角色分类信息,在SSL VPN网关和边界防火墙上可做到用户网络访问的细粒度安全控制。 相似文献
7.
传统的WLAN(无线局域网)认证模式其繁琐的认证流程不但降低了网络的效率,更重要的是影响了用户的体验效果。从WLAN用户认证便利性出发,给出了基于MAC(媒体接入控制)的无感知认证解决方案,EAP-SIM/AKA(扩展认证协议-用户识别模块/鉴权与密钥协商)无感知认证解决方案和PEAP(受保护的扩展认证协议)无感知认证解决方案等3种解决方案,并分析了各自的优缺点。 相似文献
8.
9.
当前用户登录网页安全协议认证方法难以抵御临时密钥泄露攻击,导致用户登录不安全,为此提出了一种基于多重密钥的用户登录网页安全协议认证解决方案.根据用户登录网页的过程,作出用户登录网页的安全协议初始化假设,得到用户的初始密钥,构建密钥阵列,设计双向认证流程,避免读写标签的非法使用.配置服务器端的公共密钥,确定用户和密钥一一... 相似文献
10.
针对基于动态身份远程用户认证,可有效防止用户关键信息泄露,保证已认证用户通过授权获取网络服务.针对Wen-Li提出的基于动态身份远程用户认证与密钥协商方案进行安全性分析,指出该方案存在安全缺陷,可能导致泄露用户部分关键信息,进而遭受网络攻击.在保留Wen-Li方案优点基础上提出一种改进的远程用户认证方案,重新设计了认证过程中的会话密钥和密钥确认消息,与Wen-Li方案相比,改进方案能够抵御中间人攻击以及盗窃智能卡攻击,并增强了方案的前向安全性. 相似文献
11.
Mobile IPv6 is only adapted to the mobile’s movements within its own administrative domain. As Mobile IPv6 is expected to be the basis for beyond 3G networks, a solution for inter-domain security is required allowing the visited domain to authenticate any mobile to grant it access. As such, new concepts known as AAA for Authentication, Authorization, Accounting were defined by the IETF. The IETF is currently defining the Diametr protocol to support those three functions in a Mobile IPv4 environment. Today’s difficulty is to adapt the Diameter protocol to Mobile IPv6. After introducing the Mobile IPv6, IPsec and Diameter protocols, this paper presents our solution (IETF draft of December 2001), and an IETF alternative for adapting Diameter to Mobile IPv6. It gives a comparison and describes our prototype. 相似文献
12.
Heng Yin Haining Wang 《Networking, IEEE/ACM Transactions on》2007,15(6):1502-1513
As a security mechanism at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage is limited to virtual private networks (VPNs). The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet key exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks the knowledge of the context of applications running at upper layers, making it infeasible to configure application-specific policies in practice. In this paper, we propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine. In turn, the engine translates the application policies into the underlying security policies, and then writes them into the IPsec security policy database (SPD) via the existing IPsec policy management interface. We implement a prototype in Linux (Kernel 2.6) and evaluate it in our testbed. The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers. Configured with the application-aware IPsec policies, both secured applications at upper layers and legacy applications can transparently obtain IP security enhancements. 相似文献
13.
A multilayer IP security protocol for TCP performance enhancement in wireless networks 总被引:2,自引:0,他引:2
Yongguang Zhang 《Selected Areas in Communications, IEEE Journal on》2004,22(4):767-776
Transmission control protocol (TCP) performance enhancement proxy (PEP) mechanisms have been proposed, and in some cases widely deployed, to improve TCP performance in all-Internet protocol (IP) wireless networks. However, this technique is conflicted with IP-security (IPsec)-a standard IP security protocol that will make inroad into wireless networks. This paper analyzes the fundamental problem behind this conflict and develops a solution called multilayer IP-security (ML-IPsec). The basic principle is to use a multilayer protection model and a fine grain access control to make IP security protocols compatible with TCP PEP. It allows wireless network operators or service providers to grant base stations or wireless routers limited and controllable access to the TCP headers for performance enhancement purposes. Through careful design, implementation, and evaluation, we show that we can easily add ML-IPsec to existing IPsec software and the overhead is low. We conclude that ML-IPsec can help wireless networks provide both security and performance. 相似文献
14.
IKE协议是IPsec协议簇的重要组成部分,用来动态地建立和维护安全关联SA,是IPsec VPN安全传输的先决条件和保证.文章在研究现有IKE协议的基础上,将公钥基础设施PKI体系引入其中,提出将ECC技术、X 509数字证书、访问控制技术同IKE协议相结合,设计了一个基于PKI身份认证和访问控制的增强型IKE协议,从而提高了IPsec VPN网关的安全性和可扩展性,有效保护了VPN网络资源的安全.最后给出了基于最新Linux2.6内核的实现方案,并对由此构建的IPsec VPN安全网关原型系统的工作过程作了说明. 相似文献
15.
Linking factory floors to the Internet, coupled with the rapid deployment of wireless access networks, is initiating a new paradigm for factory automation-a corporate employee with a handheld computing device can have anytime, anywhere access to the latest factory floor information. Authentication between a factory database and a remote user is crucial for such paradigm; however, existing authentication protocols are inadequate to defend against strong adversaries with break-in capabilities. In this paper, we design and implement the Energy-Efficient and Intrusion-Resilient Authentication (ERA) protocol. Through a novel combination of hash chain,pin, and message authentication code (MAC), ERA can achieve the security self-recovery when strong adversaries compromise either a user's handheld device or a factory authentication server to obtain the authentication secrets. The technique of mutual MAC is proposed to defend against online pin-guessing attacks launched by strong adversaries. Furthermore, an optimization of tuning hash chain iteration is introduced to reduce energy consumption of a handheld device. Analytical and experimental results show that ERA provides a better security guarantee and incurs much less computation and communication overhead than the existing authentication protocols. 相似文献
16.
Man Li 《IEEE network》2003,17(6):36-43
Security is vital to the success of e-commerce and many new valued-added IP services. As a consequence, IPsec is an especially important security mechanism in that it provides cryptographic-based protection mechanisms for IP packets. Moreover, in order for IPsec to work properly, security policies that describe how different IP packets are protected must be provisioned on all network elements that offer IPsec protection. Since IPsec policies are quite complex, manually configuring them on individual network elements is inefficient and therefore infeasible for large-scale IPsec deployment. Policy-based IPsec management strives to solve this problem: Policy-based management employs a policy server to manage a network as a whole; it translates business goals or policies into network resource configurations and automates these configurations across multiple different network elements. Policy-based IPsec management significantly simplifies the task of defining, deploying, and maintaining security policies across a network, thereby significantly simplifying large-scale IPsec deployment. This article describes the motivations, key concepts, and recent IETF developments for policy-based IPsec management. It then applies the key concepts to an example a IPsec VPN service provisioning and further describes an example of an IPsec policy server as well as experience gained from implementing such a server. Challenges facing policy-based IPsec management are also discussed. 相似文献
17.
《Communications Magazine, IEEE》2002,40(5):138-144
This article proposes the interworking between performance enhancing proxies (PEPs) and IPsec in mobile networks. The low-throughput problem due to TCP/IP in a radio access network is illustrated. Performance comparison among different PEPs implemented in the RAN is carried out in order to optimize the spectrum efficiency. By using PEP, end-to-end security is compromised, and we propose a concept to circumvent this problem. Furthermore, we propose a way to utilize PEP for different network loads. We suggest a scheme that allows the coexistence of IPsec and PEP over mobile networks, through adding an intelligent module in the node where the PEP is implemented 相似文献
18.
19.
《Latin America Transactions, IEEE (Revista IEEE America Latina)》2007,5(6):486-493
We study the problem of reducing the latency introduced by authentication and network access control processes required in heterogeneous wireless networks and based on the Extensible Authentication Protocol. We aim to reduce the time spent on providing access and smooth transition between different technologies which require to perform authentication in order to allow network access. We propose a secure protocol which reduces the number of roundtrips during authentication and verify its security properties with a formal tool. 相似文献
20.
Telecommunication Systems - Authentication and key agreement (AKA) protocol is an important security mechanism for access services in mobile communication systems. The 3GPP group has standardized... 相似文献