A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, base on Sood et al.?s protocol (2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture (2012). Li et al. claim that the proposed scheme can make up the security weaknesses of Sood et al.?s protocol. Unfortunately, our further research shows that Li et al.?s protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don?t need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.?s paper, but also some other security features, such as traceability and identity protection.     

Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment

Recently, Liao and Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment, and claimed that their scheme was intended to provide mutual authentication, two-factor security, replay attack, server spoofing attack, insider and stolen verifier attack, forward secrecy and user anonymity. In this paper, we show that Liao and Wang's scheme is still vulnerable to insider's attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable. Furthermore, it fails to provide mutual authentication. To remedy these flaws, this paper proposes an efficient improvement over Liao–Wang's scheme with more security. The computation cost, security, and efficiency of the improved scheme are well suited to the practical applications environment.     

A new electronic traveler’s check scheme based on one-way hash function

Nowadays, electronic commerce is booming on the Internet and becoming more popular. Many kinds of electronic services have been developed. The most successful are the electronic payment systems such as the electronic cash/check and wallet. Most electronic payment systems are based on an elaborate discrete logarithm that raises an important issue regarding efficiency. Therefore, Hsien et al. proposed an electronic traveler’s check system in 2001 using a discrete logarithm. In this paper, we propose a new electronic traveler’s check system based on one-way hash function to improve efficiency and cost. Furthermore, our proposed scheme supports an on-line and off-line electronic traveler’s check system of practical flexibility for use in the real world.     

无单向Hash函数的数字多签名方案

Shieh等人提出了一种适用于移动代码的并列多签名和顺序多签名方案,但是,Hwang、Chang分别对所依据的基本签名方案提出了伪造攻击.对Shieh的并列多签名方案提出一种伪造攻击,接着提出新的没有使用单向Hash函数和消息冗余模式的基本签名方案,并提出了新的顺序多签名和并列多签名方案.该方案既具有Shieh方案的优点又克服了其不足,还可抵抗已知的伪造攻击.     

一个匿名的基于生物特征的多服务器的密钥认证协议方案的研究

随着通讯技术的快速发展,用户的口令与生物特征值的结合越来越普遍。最近,Chuang等提出了一个基于用户口令和生物特征值的匿名的多服务器的认证密钥协议方案。本文指出了Chuang等协议容易受到丢失智能卡攻击、伪装攻击、重放攻击和服务器伪装攻击,并且没有提供匿名性。因此针对上述协议的安全缺陷,本文提出了一个新的、有效的基于生物特征的多服务器的密钥认证协议。通过详细的安全和性能分析,证明出本文所提出的协议能够抵抗多种攻击,并且提供匿名性,与Chuang等协议相比,该新协议更加安全和实用。     

Security of robust generalized MQV key agreement protocol without using one-way hash functions

The MQV key agreement protocol has been adopted by IEEE P1363 Committee to become a standard, which uses a digital signature to sign the Diffie–Hellman public keys without using any one-way hash function. Based on the MQV protocol, Harn and Lin proposed a generalized key agreement protocol to enable two parties to establish multiple common secret keys in a single round of message exchange. However, the Harn–Lin protocol suffers from the known-key attack if all the secret keys established are adopted. Recently, Tseng proposed a new generalized MQV key agreement protocol without using one-way hash functions. Tseng claimed that the proposed protocol is robust since the new protocol can withstand the forgery attack and the known-key attack. In this paper we show that this protocol is not secure since the receiver can forge signatures. We also propose an improved authenticated multiple-key agreement protocol, which is secure against the forgery attack and the known-key attack.     

An efficient key assignment scheme based on one-way hash function in a user hierarchy

In order to solve the problems resulted from dynamic access control in a user hier-archy,a cryptographic key assignment scheme is proposed by Prof.Lin to promote the performing ability and to simplify the procedure,However,it may cause the security in danger as the user changes his secret key;besides,some secret keys may be disclosed due to the unsuitable selection of the security classes‘‘‘‘‘‘‘‘ identities.Through setting up a one-way hash function onto Lin‘‘‘‘‘‘‘‘s schem,the propsed modification can greatly improve the security of Lin‘‘‘‘‘‘‘‘s scheme.     

基于单向哈希函数的远程口令认证方案

首先分析了Wu-Chieu认证方案和Le-Lin-Chang认证方案存在的安全缺陷;然后提出了一种基于单向哈希函数和Diffie-Hellman密钥交换协议的远程口令认证方案.该认证方案不仅修正了上述两种认证方案存在的安全缺陷,而且实现了用户与远程系统之间的双向认证.由于该认证方案不要求用户与远程系统之间维护时间同步机制,更适用于大规模分布式网络环境.     

基于智能卡的远程口令认证方案

提出了一个基于RSA系统和智能卡的远程口令认证系统方案。相对于其他方案,本方案的客户端用户可以自由选择口令,并根据需要自己及时更新口令,服务器端不用保存用户的任何认证信息。方案基于成熟的RSA密码系统和单向安全的hash函数,操作简单,切实可行。     

移动环境下的一种基于双向认证的哈希链签名方案*

在基于哈希函数的签名方案的基础上,提出了一种新的基于双向认证的哈希链签名方案,能够防止用户双方作弊及外部攻击。并对其签名和认证的速度进行了实验测试,相对于基于公钥算法的数字签名方案,该方案的执行速度有明显提高。     

一种基于混沌Hash函数的脆弱水印算法

针对现有分块脆弱水印的缺陷,提出了一种基于混沌Hash函数的脆弱水印算法。该方案通过将原始图像分块后做混沌Hash,生成原始图像的摘要,与由混沌映射生成的混沌二值图像异或后生成二值脆弱水印,置乱加密后嵌入原始图像的LSB平面;认证时通过差值图像定位篡改的区域。理论分析和实验仿真表明提出的水印算法不可见性好,能够有效抵抗VQ攻击,并能够区分篡改的类型,安全性高。     

A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.     

基于hash函数和公钥算法的一次性口令方案*

在分析现有基于挑战／应答一次性口令方案不足的基础上,设计了一种新的基于hash函数和公开密钥加密算法的一次性口令身份认证方案。该方案不仅能够提供通信双方的相互认证、避免各种攻击,而且克服了传统挑战/应答方案认证开销大的缺点,有效地保护了用户身份信息,能防止重放攻击等攻击手段。最后对方案的安全性和效率作了分析。     

Analysis and design of a smart card based authentication protocol

Numerous smart card based authentication protocols have been proposed to provide strong system security and robust individual privacy for communication between parties these days. Nevertheless, most of them do not provide formal analysis proof, and the security robustness is doubtful. Chang and Cheng （2011） proposed an efficient remote authentication protocol with smart cards and claimed that their proposed protocol could support secure communication in a multi-server environment. Unfortunately, there are opportunities for security enhancement in current schemes. In this paper, we identify the major weakness, i.e., session key disclosure, of a recently published protocol. We consequently propose a novel authentication scheme for a multi-server envi- ronment and give formal analysis proofs for security guarantees.     

基于HEVC屏幕图像编码的哈希表的优化算法

仿2维匹配算法对屏幕图像中的非连续色调区域有很好的压缩性能,但该算法中哈希表的空间开销较大,不利于硬件实现。为了减小哈希表的空间,通过对原算法优化提出了一种3字节计算哈希值方法,将源数据看作是一个由以YUV三元组为元素组成的数据集合,然后以YUV三元组为单位计算哈希值,这样不但减少了哈希值的计算量,而且使哈希表的存储空间得到很大的节省。实验结果表明,3字节计算哈希值方法使哈希表的存储空间减少为原算法的1/3,所测试屏幕图像的BD-rate性能也有所提高。     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

采用映射哈希表的频繁模式挖掘方法

大多数对频繁模式挖掘算法的研究都着眼于逻辑层面算法过程的改进,而对数据在计算机内存中的物理存储方式的探索相对较少。以FP-Tree存储结构和FP-Growth算法为基础,提出了FP-Tree头表的顺序存储方式,并在此基础上,利用基于频繁项ID映射的哈希表对FP-Tree的存储方式进行了改进,提出了与之相对应的频繁模式挖掘算法。实验结果表明该算法是快速和有效的。     

基于智能卡的远程认证体制

介绍了2006年 Manik 提出的远程认证体制,对其存在安全缺陷进行了详细分析.在此基础上,提出一种改进的远程认证体制.该体制使用用户智能卡生成一个立即数并使用两种杂凑运算,以改进整个认证体制的安全性能和计算性能.与现有的其它远程认证体制相比,提出的远程认证体制还实现了用户和远程服务器之间的双向认证.     

一种基于主成分的多表图像哈希检索方法

大数据时代的到来,快速而准确的索引算法对信息检索至关重要。针对基于随机投影构成的单表哈希检索方法导致搜索性能低的问题,提出一种基于主成分的多表图像哈希检索方法。为了得到高效的哈希编码保证不同语义样本特征的区分性,首先通过主元分析方法保留训练集具有区分性图像特征,此外利用特征聚类作为学习哈希投影的指引构建多个索引表;其次采用正交旋转矩阵对哈希投影进行优化,保证了相同语义的样本具有相似的哈希码。最后分别在CIFAR-10和Caltech-256数据集上与相关方法进行比较,实验结果表明提出的方法提高了检索性能。     

一种基于随机数的高效远程认证方案

提出了一种基于随机数的高效远程认证方案,无需存储密码字典或验证表,使用随机数替代时间戳,可以有效抵抗重放攻击。用户可以自由更改密码。方案计算开销小、简洁、高效、实用、安全性高。