共查询到20条相似文献,搜索用时 171 毫秒
1.
无线局域网的安全措施 总被引:1,自引:0,他引:1
本文首先对无线局域网中的安全现状进行了分析,指出了目前在网络安全方面存在的漏洞。认证是系统安全的基础,本文着重于无线局域网中认证体制的设计,提出了利用。Kerberos协议和IEEE802.1x协议实现认证以及基于公钥体制认证协议的两种方案,并介绍了如何利用基于公钥体制的Kerberos协议来实现认证的方法。 相似文献
2.
PKI-X.509公钥证书及其CA的研究进展 总被引:2,自引:0,他引:2
CA及公钥证书是目前Internet上各类安全应用系统的主要密钥管理方式。本文首先描述了用于在Internet分布式网络环境下管理公钥的PKIX.509证书管理模型及其研究进展,全面分析了构造PKI的主要协议,X.500目录协议和X.509基于证书的认证协议,并对证书存取协议及其最新发展进行了描述。 相似文献
3.
设计一个满足要求的正确的无线认证与密钥协商协议不但要遵循必要的安全设计准则,而且还要考虑到在无线通信环境下的特殊限制。因此必须在不损害协议安全性能的前提下,简化协议的计算量,压缩协议的通信量,本文提出一个基于公钥技术的端到端安全保密无线AKA协议。 相似文献
4.
5.
为了满足空间信息网络异构互联和高动态组网时,实施接入时的访问控制要求,基于Diffie-Hellman 密钥交换,采用签名认证方式,在飞行器与外部子网无任何安全关联的假设条件下,提出了基于有证书的公钥系统模型下的空间信息网络安全接入认证与密钥协商协议,可用于飞行器进入空间信息网或跨子网漫游时,与接入点之间的双向认证与密钥协商过程.分析表明,在DDH(Decisional Diffie-Hellman)假定成立的前提下,所提出的协议在UC(Universally Composable)安全模型下是可证明安全的. 相似文献
6.
RFID标签存在着处理能力弱、存储空间小和电源供给有限等局限性,传统的公钥算法或散列函数等复杂运算不能满足实际应用的需求。针对现有轻量级RFID认证协议的不足,设计了基于广义逆矩阵的RFID安全认证协议LAP。该协议采用了硬件复杂度较低的CRC校验及计算量较小的矩阵运算。通过安全隐私和性能分析,LAP协议适用于低成本、存储与计算受限的RFID标签。 相似文献
7.
8.
9.
一种传感器网络分布式认证方案 总被引:1,自引:0,他引:1
传感器网络的资源受限性给它的安全认证机制设计带来很大的困难。论文在基于椭圆曲线密码体制(ECC)的基础上提出了一种新的分布式认证方案,利用节点群实现公钥算法,在不提高节点计算强度的前提下可以实现节点间的身份认证,并有效提高整个网络的安全性。 相似文献
10.
11.
结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。 相似文献
12.
To solve the issue of networking authentication among GEO and LEO satellites in double-layer satellite network,a secure and efficient authenticated key agreement scheme was proposed.Based on symmetric encryption,the proposed scheme can achieve trust establishment and secure communication between satellites without the trusted third party.Meanwhile,considering characteristics of highly unified clock and predictable satellite trajectory in satellite networks,a pre-calculation method was designed,which can effectively improve the authentication efficiency of satellite networking.Moreover,formal proof and security analysis demonstrate that the scheme can satisfy various security requirements during satellite networking.Performance analysis and simulation results show that the scheme has low computation and communication overhead,which can achieve the authentication of satellite networking in resource-limited scenarios. 相似文献
13.
基于隐形传态的跨中心量子身份认证方案 总被引:3,自引:3,他引:0
基于量子光学中的隐形传态原理和量子纠缠交换技术,提出一个网络中跨中心的量子身份认证方案。在分布式网络系统中,通过客户端和服务端之间,以及服务端相互之间的量子信道共享EPR纠缠对进行信息传输,同时在经典信道上也进行必须的交互协商,实现了无条件安全的量子身份认证。其无条件安全性得到了量子力学原理的保证,与EPR密钥分发协议的安全性相同。与已有的量子身份认证方案相比,该方案克服了点对点的量子身份认证方案的缺点,具有可跨中心认证的优点,扩大了认证的范围,具有更好的灵活性和实用性。 相似文献
14.
R Ghanea-Hercock 《BT Technology Journal》2003,21(4):146-152
The problem of network security is now heavily focused on user and agent authentication. In particular, higher levels of automated
management and autonomous behaviour are economically necessary within security services. This work focuses on a peer-to-peer
(P2P) network architecture in support of an authentication service application. The paper considers whether the key properties
of P2P systems, such as scalability, robustness and resilience, may be of significant value in the context of designing a
secure agent-based user authentication service.
The task of authenticating legitimate network users across distributed systems and services remains a challenging process.
The proposed solution is to use a distributed agent-based application to address the process of client authentication and
the maintenance of user credentials. Using an agent-to-agent platform, an autonomous and scalable defence mechanism has been
constructed. The agent architecture provides a number of security services with the goal of automating the process of user
authentication and trust management. In particular, the agents handle all password, encryption keys and certificate management.
This revised version was published online in July 2006 with corrections to the Cover Date. 相似文献
15.
Sudip Misra Sumit Goswami Gyan Prakash Pathak Nirav Shah Isaac Woungang 《Telecommunication Systems》2010,44(3-4):281-295
Key management is one of the important issues in ensuring the security of network services. The aim of key management is to ensure availability of the keys at both the receiver’s and the sender’s ends. Key management involves two aspects: key distribution and key revocation. Key distribution involves the distribution of keys to various nodes with secrecy to provide authenticity and privacy. Key revocation involves securely and efficiently managing the information about the keys which have been compromised. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing Public Key Infrastructure (PKI) framework in various countries, as it provides optimization of key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority’s key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. In this way, it reduces the time to gain information about the revocation list and ensures availability and, thus, improvement of the system as a whole. Hence, the proposed system results in scalable, reliable and faster PKI infrastructure and will be attractive for the users who frequently change their location in the network. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems. It discusses the architecture as well as the performance of our scheme as compared to the existing scheme. However, our scheme does not call for the entire change in PKI, but is compatible with the existing scheme. Our simulations show that the proposed scheme is better for key revocation. 相似文献
16.
移动自组网中基于多跳步加密签名 函数签名的分布式认证 总被引:26,自引:1,他引:26
移动自组网Manet(Mobile Ad Hoc Network)是一种新型的无线移动网络,由于其具有网络的自组性、拓扑的动态性、控制的分布性以及路由的多跳性,所以,传统的安全机制还不能完全保证Manet的安全,必须增加一些新的安全防范措施.本文探讨了Manet所特有的各种安全威胁,提出了一种基于多跳步加密签名函数签名的安全分布式认证方案,即将移动密码学与(n,t)门槛加密分布式认证相结合,并采用了分布式容错处理算法和私钥分量刷新技术以发现和避免攻击者假冒认证私钥进行非法认证以及保护私钥分量和认证私钥不外泄. 相似文献
17.
终端直通(D2D)作为5G的关键技术,在5G机动专网上具有广阔的应用前景,但D2D的安全性是该技术面临的重要挑战.本文先分析5G机动专网下的D2D网络架构和面临的安全威胁与需求,提出了一种基于5G-AKA的身份注册、DH密钥交换的身份认证与密钥协商方法,再通过对协议的性能分析,证明该方法可以实现数据机密性和完整性保护,... 相似文献
18.
19.
20.
针对无线传感器网络(WSN)用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。 相似文献