共查询到19条相似文献,搜索用时 590 毫秒
1.
2.
基于智能卡的多服务器远程认证方案,存在不能抵抗伪造攻击、重放攻击和中间人攻击等问题。针对上述安全性缺陷,提出一种改进的身份鉴别方案。该方案利用自验证的时间戳技术,解决基于时间戳技术的认证方案中存在的时钟同步问题,同时将时间戳作为随机数,有效地避免遭受重放攻击。安全性分析结果表明,与基于智能卡的多服务器远程认证方案相比,该方案继承了其轻量级认证的特征,计算量低,存储量小,实现了服务器对用户的可追踪性,满足实际网络的复杂性要求。 相似文献
3.
现有的基于身份的一轮认证密钥协商方案没能实现强的完美前向性.采用强不可伪造的签名算法对临时公钥进行签名,提出一种改进的基于身份认证密钥协商方案.首先,对Boneh和Boyen提出的强不可伪造的短签名方案进行改造,提出一种强不可伪造的基于身份签名方案;然后,将新签名方案与Ni等人提出的eCK安全的基于身份一轮认证密钥协商方案相结合,提出新的密钥协商方案.进一步,为了实现新方案的可证明安全性,在对比分析eCK-PFS模型和eCK模型的基础上,融合现有安全模型,定义了基于身份认证密钥协商方案分析的强安全模型ID-eCK-PFS.在ID-eCK-PFS模型下,通过安全性规约,证明了新提出的基于身份认证密钥协商方案实现了强安全性,包括抗密钥泄露伪装、抗临时秘密泄露和完美前向安全性等. 相似文献
4.
5.
6.
7.
8.
基于无证书的认证密钥协商方案相比基于PKI的方案具有身份管理的简单性,同时相比基于身份的方案具有无密钥托管性。基于可证安全的无证书加密方案提出了一个两方认证密钥协商方案.通过与其他方案在安全性和有效性方面的比较,该方案满足更多的安全属性要求,如完美前向安全性,PKG前向安全性,已知会话相关临时秘密信息安全性和无密钥托管等安全特性,同时具有良好的计算有效性。 相似文献
9.
10.
《计算机应用与软件》2016,(2)
针对已有的基于身份的认证密钥协商协议存在的安全问题,提出一种改进的基于身份的认证密钥协商协议。该协议采用双线性对运算方法,用户双方的临时和长期私钥结合进行最终会话密钥的计算,解决了原协议中存在的PKG前向安全性问题、单一依赖临时或长期私钥而存在的问题和已知临时会话密钥泄漏攻击的问题。在保证改进协议正确基础上,对协议的安全属性及协议性能进行了分析。采用SVO逻辑对协议进行形式化分析,验证了改进协议的认证性和安全性。结果表明,改进的协议满足基于身份认证密钥协商协议的所有安全性要求,与已有基于身份的认证密钥协商协议相比具有更好的安全属性及计算效率。 相似文献
11.
《Journal of Computer and System Sciences》2006,72(4):690-705
To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp, we can neither trust signed documents when the signers' signature key was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that has accidentally lost his signature key. To withstand forward forgery suffered by linking schemes and to reduce verification cost, Sun et al. proposed four time-stamped signature schemes that are based on absolute temporal authentication. Though Sun et al. claimed that these schemes are quite secure against the forward forgery, we find that they suffered from substitution attacks, by which the signer can backward/forward forge signatures and the time-stamping service can also forge signatures. Finally, we also propose four time-stamped signature schemes to overcome these security flaws. Moreover, the proposed new schemes are more efficient than the Sun et al. schemes. 相似文献
12.
王平水 《计算机工程与设计》2007,28(16):3834-3836
数字签名已经成为网络信息时代身份认证的基本手段之一,为提高基于零知识证明技术的签名方案的安全性,对基于零知识概念的签名方案中签名者伪造签名问题进行了研究,分析了其中存在的潜在问题,提出了一种在不增加计算复杂性的情况下达到抗击签名者伪造签名的简单修改方案,并对该修改方案的可行性、安全性和计算复杂性做了具体分析. 相似文献
13.
对两个基于双线性对的前向安全的代理签名方案进行了安全性分析,发现其方案均存在安全漏洞,并不具有前向安全性。基于RSA签名体制,提出了一个新的前向安全的代理签名方案,并对所提出方案的安全性做了详细的分析和讨论。方案不仅能抵抗伪造攻击和满足代理签名的性质,而且具有前向安全。即使当前时段的代理签名密钥泄露,攻击者也无法得到以前时段的代理签名。 相似文献
14.
15.
印章图像在实际商业交往中的应用很广泛,为确保其在印章域中的安全性,需要考虑一种新的基于印章域数字水印的防伪机制,并且对于打印扫描过程具有强鲁棒性.提出了一种在印章图像中嵌入数字水印以达到防伪目的的新思路,针对传统印章的易伪造弊端,通过将密码签名原理和数字水印技术应用于电子印章之中,并结合COM组件技术实现了机密文档的防篡改功能,身份认证功能及不可否认性功能. 相似文献
16.
17.
The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes. 相似文献
18.
Attribute based signature (ABS) is a significant cryptographic notion providing secure authentication during data sharing. A signer can sign a message using the private keys he processes. However, user’s private key exposure may happen from time to time and this will bring potential threat to the whole system. Thus, key evolving mechanism should be introduced into ABS schemes. Besides, the efficiency of existing ABS schemes can be further improved since the process of signing and verification require massive bilinear pairings, which occupies costly computing resources on mobile terminal devices. To better tackle the above problems and provides a more secure data authentication method in mobile communication systems, in this paper, we firstly propose a key insulated attribute based signature scheme without pairings (KI-ABS-WP). Then we give the formalized definition as well as the concreted constructions of our scheme. In our KI-ABS-WP, uses needn’t run any bilinear pairings, thus the total computation cost has been reduced to a large extent. If key exposure occurs, key insulation mechanism guarantees system’s both backward and forward security. Finally, by security proof and efficiency comparison, our KI-ABS-WP is shown to be more superior for data authentication in mobile communication systems. 相似文献
19.
针对最近一些学者提出的前向安全的代理签名方案以及改进的前向安全的代理签名方案,给出了三种代理签名方案的安全性分析,发现它们是不安全的,均不具有真正的前向安全性。当代理签名人的私钥泄漏以后,原始签名人不去计算以前时段的密钥,就可以伪造代理签名,方案不能抵抗原始签名人的伪造攻击。 相似文献