基于HASH函数的RFID安全双向认证协议研究

针对RFID技术在信息传递过程中容易遭受跟踪攻击、重放攻击等问题,为提高信息在传递过程中的安全性,在已有的RFID安全认证协议的基础上,提出一种基于Hash函数的RFID安全双向认证协议,并对其进行BAN逻辑分析和性能分析。该认证协议不仅运算量小、所需存储空间小、成本低,而且在一定程度上具有防窃听、前向安全性、防位置跟踪、不可分辨性以及防重放攻击等优点,较好地解决RFID技术在信息传输过程中可能遇上的安全隐患问题,适用于RFID环境。     

基于安全SIP环境的IPsec通信

IP网络的安全是目前受关注度最高的安全问题之一。虽然IPsec可在网络层上有效地解决IP网络的安全问题,但是在动态IP环境下,IPsec链路就很难建立起来。同时,处在网络层上的IPsec并不能感知到上层的应用,因此它无法对特定的应用进行保护。提出基于安全SIP环境的IPsec通信,可在安全的SIP环境中,通信双方利用SIP消息来交换IP地址信息和应用信息,并将这些信息引入到IPsec中,在解决动态IP环境下IPsec链路建立的同时,也能通过不同的IPsec策略,对不同的应用进行保护。     

SIP网络安全性研究

针对SIP网络所面临的典型安全威胁,提出了SIP攻击方法的有限状态机描述模型.利用该模型深入研究了注册劫持攻击、INVITE攻击、re-INVITE攻击、会话终止攻击和拒绝服务攻击的原理和方式,并在实际环境下重现了这5种攻击方法.同时提出并实现了针对注册劫持的禁止第三方注册或注册权限级别划分的解决方案,以及针对INVITE攻击、re-INVITE攻击和会话终止攻击提出了改进的HTTP Digest认证协议和Proxy间逐条加密的解决方案,提高了SIP网络的安全性和可用性.     

基于SIP协议下的网络会议分析

随着网络信息时代的到来,网络会议已经在各个领域被广泛应用。对SIP协议与网络会议进行分析,提出相应的设计方法。     

结合S／MIME安全机制的HTTP摘要认证过程浅析

阐述将S／MIME安全机制和HTTP摘要认证进行结合，从而提高SIP通讯安全的设想，该构想的实现可极大的提高多媒体通讯安全。     

结合S/MIME安全机制的HTTP摘要认证过程浅析

阐述将S/MIME安全机制和HTTP摘要认证进行结合,从而提高SIP通讯安全的设想,该构想的实现可极大的提高多媒体通讯安全。     

SIP协议一致性测试研究

SIP(Session Initiation Protocol会话初始化协议)是用来生成、修改、终结一个或多个参与者之间的会话的应用层协议.SIP可应用于IP电话、IMP(Instant message & Presence即时消息与存在)、视频会议、IMS(IP Multimedia Subsystem IP多媒体子系统)等.关于SIP协议的实现很多,需要SIP一致性测试来规范SIP协议实现与RFC3261的符合程度,作为SIP协议实现之间互通的保证.     

SIP协议一致性测试研究

SIP(Session Initiation Protocol会话初始化协议)是用来生成、修改、终结一个或多个参与者之间的会话的应用层协议。SIP可应用于IP电话、IMP(Instant message &Presence即时消息与存在)、视频会议、IMS(IP Multimedia Subsystem IP多媒体子系统)等。关于SIP协议的实现很多,需要SIP一致性测试来规范SIP协议实现与RFC3261的符合程度,作为SIP协议实现之间互通的保证。     

基于多跳双向认证的802.16Mesh网络SA管理机制

IEEE802.16-2004无线城域网(wireless-MAN)标准支持的多跳(Mesh)网络是一种树状网络和adhoc网络结合的新型网络.针对Mesh中使用的单跳单向认证SA(安全关联)管理机制安全和效率上的缺陷,提出了一种和次优修正路由结合的多跳双向认证SA管理机制.与单跳单向机制相比,该机制是前向安全的,对中间节点的攻击具有强安全性,同时减少了系统开销和传输时延.在按需路由建立前使用修正路由传递管理信息可减少服务流建立时延.安全性分析证明了多跳双向机制的安全性,性能比较说明了在效率上的优势.     

基于SET协议的一种身份认证新模型

SET是电子商务中最有生命力的一种标准 ,也提出了一种最为完善的身份认证模型 ,但极其复杂 ,计算量过大 .本文通过引入身份标识码和支付期有效码等概念 ,提出了一种身份认证新模型 ,减少了计算量 ,且确保了信息的安全性、完整性和不可抵赖性     

Parlay网关中SIP协议映射研究

研究了支持SIP(Session Intiation Protocal)协议的Parlay网关体系结构,说明了SIP协议栈的基本原理和使用方法,重点阐述了Parlay API(Apphcation Programming Interface)和SIP消息间的映射关系,并提出了一种使用SIP映射状态机来实现SIP协议与Paday API映射封装的方法,对推进SIP协议与Parlay API结合和简化业务开发过程有重要意义和应用价值。     

基于信誉评测机制的WSN安全路由协议研究

针对无线传感器网络(WSN)路由协议存在的安全问题,考虑到WSN节点能量低、资源有限的缺陷,提出了一种新型的WSN安全路由协议——VH-GEAR协议。VH-GEAR协议在地理位置能量感知路由(GEAR)协议的基础上引入了纵向(vertocal,V)和横向(horizontal,H)分析相结合的WSN节点信誉评测模型来提高路由协议的安全性,同时通过改进路由协议的信誉更新机制来减小能耗。基于NS2的仿真实验表明,VH-GEAR路由协议能有效识别网络中的恶意节点,减小对合法节点的误判,降低网络能耗,从而加强了网络的安全性,延长了网络的生命周期,提高了网络的整体性能。     

A privacy-preserving authentication protocol with secure handovers for the LTE/LTE-A networks

Long-Term Evolution/Long-Term Evolution Advanced (LTE/LTE-A) is the latest mobile communication technology that is offering high data rates and robust performance to the subscribers. Since LTE/LTE-A standards are established on the Internet Protocol (IP) connectivity and provide compatibility with the heterogeneous networks, these new features create availability of the new security challenges in the LTE/LTE-A networks. Taking into consideration the issues of serious signalling congestion and security loopholes in LTE/LTE-A networks, the authors propose an Efficient Authentication and Key Agreement Protocol for Evolved Packet System (EAKA-EPS) with secure handover procedures. The proposed protocol achieves outstanding results in terms of the optimization of computation and signalling overhead. With this, the protocol guarantees the needed security requirements like protected wireless interface and strong mutual authentication between the entities, and ensures access stratum secrecy at the time of handovers. The formal verification results of the proposed scheme over the security verification and simulation tool “Automated Validation of Internet Security Protocols and Applications (AVISPA)” show that the suggested protocol is safe against various malicious attacks, which are still possible in LTE/LTE-A networks. To the best of the authors’ knowledge, the suggested approach is the first approach that provides perfect secrecy with less computation and communication overhead in the LTE/LTE-A networks.     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

关于SIP网络会议的研究

针对H．323建立小型会议需要中心控制节点，即中心控制节点离开会议后会议就必须结束的缺点，提出了利用SIP实现分布式控制多方会议的方案，通过终端和服务器之间交互SIP信令的方法，实现会议建立者离开会议后仍能保持会议的功能。结果表明，通过此方案可以解决中心控制节点离开会议后会议必须结束的问题。     

A security enhanced mutual authentication scheme based on nonce and smart cards

There are many mutual authentication schemes proposed in the literature for preventing unauthorized parties from accessing resources in an insecure environment. However, most of them based on smart cards have assumed a tamper resistant condition for the smart card. To solve the problem, Huang, Liu, and Chen (2013) proposed a mutual authentication scheme based on nonce and smart cards and claimed that the adversary was not able to attack and access the system even if he could extract the data stored in the smart card. Unfortunately, in this paper, we will demonstrate that Huang et al.’s scheme is vulnerable to the offline password guessing attack and the privileged insider attack. We also propose an improved scheme to overcome the weaknesses.     

异构无线网络的认证算法

本文针对建立在对等方式下的融合网络提出了一种新的认证和密钥更新算法.认证包括三个方面:非漫游状态下的完整认证、漫游状态下的完整认证以及切换状态下的快速认证.密钥更新包括两个方面:非漫游状态下的密钥更新和漫游状态下的密钥更新.在算法中,通过引入认证中心,不仅实现了网络对用户身份的认证,而且实现了节点对网络身份的认证,由此保证了双方身份的合法性;同时为了实现切换的无缝性,采用节点对认证数据包进行中继转发的方式,减少了切换时的认证时间.性能分析表明,该算法能够有效地抵御常见攻击.     

区分服务的无线传感器网络路由协议

在优先级多路径路由协议PRIMAR（PRIoritize MultipAth Routing）的基础上,提出了NRE-PRI—MAR协议：以邻居节点剩余能量（NRE）作为衡量路径优先级大小的依据,通过建立节点的二级路由表来决定下一跳转发节点．仿真实验表明,该协议有效地提高了网络的生存期,实现了区分服务．