基于动态身份远程用户认证方案的研究

针对基于动态身份远程用户认证,可有效防止用户关键信息泄露,保证已认证用户通过授权获取网络服务.针对Wen-Li提出的基于动态身份远程用户认证与密钥协商方案进行安全性分析,指出该方案存在安全缺陷,可能导致泄露用户部分关键信息,进而遭受网络攻击.在保留Wen-Li方案优点基础上提出一种改进的远程用户认证方案,重新设计了认证过程中的会话密钥和密钥确认消息,与Wen-Li方案相比,改进方案能够抵御中间人攻击以及盗窃智能卡攻击,并增强了方案的前向安全性.     

基于智能卡的动态身份认证机制

由于每次登录时用户提交的认证信息都是固定不变的,传统的口令认证机制容易遭受回放攻击。本文根据一个关于互素数的定理,提出了一种基于智能卡的动态身份认证机制。用户每次登录时,智能卡根据从服务器发来的challenge和事先嵌入智能卡的参数信息,为合法用户计算当前的认证信息。由于每次用户提交的认证信息都是动态可变的,从而有效地防止了回放攻击。     

NFC技术与NFC手机测试方法

介绍NFC技术的工作原理、手机的实现方案和NFC手机作为非接触式智能卡、非接触式智能卡阅读器及进行点对点通信时的应用场景,分析NFC手机的主要测试项目、测试重点与在各应用场景下的测试要点,并给出几个测试用例做范例,为NFC手机质量保证可提供借鉴。     

一种基于智能卡的会话密钥交换和认证方案

基于RSA算法的安全性和求解离散对数问题的困难性 ,给出一种将密钥交换和身份认证有效结合的会话密钥管理方案 ,并对其安全性进行了分析。智能卡管理中心 (SMC)用于智能卡的分发和管理 ,系统所有用户均使用SMC的一个公开密钥 ,由通信双方独立实现共享密钥交换和身份认证 ,而无需智能卡管理中心的参与或预先获取对方的公开密钥证书     

基于相互认证和密钥协商机制的智能卡远程安全认证方案

分析2011年Muniyandi等人提出的一种基于椭圆曲线密码(ECC)体制的智能卡进行远程认证方案,发现该方案缺乏密钥协商机制,不能有效抵抗伪装攻击、认证表盗窃攻击、离线猜测攻击和智能卡丢失等攻击。提出一种改进方案,融入相互认证和密钥协商机制来克服以上缺陷,确保前向和后向保密性,且用户能够自由修改密码,同时对用户信息进行匿名保护。与现有智能卡认证方案相比,该方案具有较高的安全性能,且具有较小的计算开销。     

一种基于双向认证的网络钓鱼防范机制研究

随着互联网行业的迅速发展,日常生活方式在互联网上的真实投射,导致互联网诈骗已经成为一个越来越大的威胁。互联网诈骗存在多种方式,其中网络钓鱼就是互联网诈骗中威胁巨大且发展最快的一种。钓鱼攻击者最常用的一个薄弱环节就是:银行可以通过用户信息如用户名、密码等来确认用户的身份,但是用户无法通过关键信息确认银行的身份是否真实。对于防御网络钓鱼攻击,可靠的双向认证是至关重要的,服务商和用户双方应该建立起双向认证的关系。对此,文章提出了一个简单易用的双向认证模型。该双向认证模型将个体特征与智能卡相结合,利用用户的个体特征认证智能卡所有者的身份,同时将个体特征作为认证方案中随机数产生的种子以及密钥和口令生成的参数,解决服务器与用户的双向认证问题,从机理上对钓鱼攻击进行了防范。     

基于智能卡和密码保护的WSN远程用户安全认证方案

针对无线传感器网络（WSN）用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。     

一种基于智能卡的双向身份认证方案

计算机网络的普及使更多的资源和应用可以利用网络远程获得,所以身份认证问题成为网络安全研究中的重要课题。当前主要的身份认证方法有以下几种：基于口令的身份认证;基于生物特征的身份认证;基于智能卡的身份认证以及几种方式的混合认证。结合密码学和智能卡技术的身份认证方案也被多次提出,许多专家和学者还提出了多种改进的方案。但是,这些方案均会出现一些不可避免的漏洞。针对多种方案的漏洞,该文提出了一种在智能卡中引入公钥密码算法的认证方案,并对其安全性进行了分析,该方案的安全性和优越性也在文中得到体现。     

ePass统一身份认证的平台

北京飞天诚信科技有限公司将推出其自主知识产权的身份认证产品ePass的最新版本。该产品进一步提升了ePass产品在身份认证过程中的兼容性和安全性能。 新版ePass产品用于标识用户身份的智能卡不再固化于ePass内部。用户可根据不同的使用环境,自行     

一种改进的基于ECC双因子身份认证协议

随着信息技术和网络技术的快速发展,互联网实名制已经成为网络监督和管理的重要趋势,而用户身份认证又是实名制管理体系中的关键技术。首先介绍了基于智能卡的身份认证协议,讨论了该协议存在的不足,并在此基础上,提出了一种基于ECC双因子的身份认证协议,通过椭圆曲线离散对数难题和时间戳因素确保协议的安全性,解决了丢失智能卡攻击的问题,并且保持了协议的高效性。     

NFC — the intuitive contactless technology becomes reality

Near Field Communication (NFC) is opening-up completely new perspectives for the mobile communication industry. It enables contactless peer-to-peer communication, reading/writing of contactless cards and, when combined with a smart card IC, emulation of a contactless card. NFC has taken major steps towards market acceptance: ISO standards are in place for the interface and communication protocols, many leading companies in the field are promoting it within the NFC Forum, and numerous field trials are being deployed around the world. Different architectures are being considered for NFC and security mobile phone architectures. The first Philips cellular system solution integrating NFC hardware and software illustrates a successful implementation of one of these architectures.     

Secure and Efficient Mutual Authentication Scheme for NFC Mobile Devices

As the technology of mobile devices spreads fast, the price of mobile devices is getting cheaper. Most of the people have mobile devices, and these devices have the technology of near field communication (NFC). With the long time development and research, the mobile devices use NFC technology on the payment and authentication applications, and replace the smartcard, the access control card, and the credit card by using the card emulation mode. It helps the development of NFC applications. In recent years, more and more users begin using NFC technology on mobile payment and authentication. Many researches have proposed the related NFC authentication protocols, but their schemes are still lack of some security properties and functions, which are necessary for NFC authentication protocols. In this paper, we propose a secure and efficient NFC authentication scheme between two NFC devices by the help of the authentication server that provides mutual authentication.     

An NFC Anti-Counterfeiting Framework for ID Verification and Image Protection

With near field communication (NFC), smart card applications, including mobile payments and ID-based applications, can be integrated and deployed to smartphones. However, some of the physical anti-counterfeiting mechanisms are unavailable when the attributes of physical cards are digitalized. For example, photos and signatures can be used to verify personal identity when carrying out credit card payments or using ID-based applications, but the digital images shown by smartphones are easy to attack and forge. Such risks mean that mobile payments are often limited to relatively small transactions. Personal identification thus plays an important role in such smartphone applications, particularly when several smart cards are integrated into the devices. In this paper, an NFC anti-counterfeiting framework with a two-layered digital image protection mechanism is proposed; in this system, an application certificate signed by the service provider and image metadata are hidden in the personal digital image using digital watermarking, and the image metadata is protected by the secure element in the NFC device. Several procedures are designed to ensure the originality of the photo and signature images, so that the process of digital image authentication is as secure and practical as using printed images on a plastic card. Personal authentication and transactions can then be performed securely with the personal authentication applet (PAA) in an offline authentication process, which is fast and convenient compared to online authentication processes. Using the proposed NFC anti-counterfeiting framework, the authentication process in mobile payments will be more secure and thus can be applied with high value transactions.     

一种适用于NFC移动设备的双向认证安全方案

近场无线通信(NFC)是一种已经被广泛应用的短距无线通信技术.其中最常见的是将NFC技术应用于移动支付和门禁访问控制等应用.从技术上讲,这些应用利用NFC模拟卡模式将NFC设备模拟成银行卡或门禁卡,然后等待外部阅读器验证.在这类应用场景下,选取合适的安全认证方案是非常重要的.首先,介绍了现有的NFC认证系统和安全方案并分析了系统安全需求和潜在的安全风险.然后,采用Hash、AES和口令Key动态更新机制,提出了一种适用于NFC移动设备的双向认证安全方案,并设计了自同步机制.最后,利用GNY逻辑以形式化证明的形式证明了方案的安全性,分析表明该方案能解决伪造、重放攻击、窃听、篡改、异步攻击等安全问题.     

安全芯片在即时通信系统中的应用研究

安全芯片是一款可以独立进行密钥生成,提供多种加密算法,支持公钥基础设施及数字签名等安全认证及保障功能的产品,目前广泛应用于企业级和商业安全领域,提供身份认证服务和数据安全保护.文中提出一种安全芯片在即时通信系统中的应用方案的设计,通过把安全芯片封装到手机的SD存储卡中,通过安全芯片实现终端用户之间的可信安全交互,从而为手机和移动终端设备构建安全可靠的即时通信系统.     

基于2.4 GHz载频的“翼支付”安全认证研究

本文结合上海电信近期推出的2.4GHz翼支付手机刷卡试点业务,在研究中国电信现有通信网络、终端通信机制和安全认证协议的基础上,提出在现有通信系统上构建高安全、可管控、强认证的应用系统架构,以达到支付安全级别要求的体系结构,从而更好地支持上海电信手机刷卡应用系统的后续加载,并可作为目前复杂、多变的网络环境的支付安全模型,以期对2.4GHz手机刷卡支付应用的发展方向提供借鉴。     

移动电子商务用户溯源认证技术研究与应用

在移动电子商务中,由于智能手机、PDA等移动终端硬件设施的局限性和手机操作系统种类繁多等问题,大多数SP只能采用"账号+口令"的方式对用户身份进行认证.为了增强移动互联网用户认证的安全性,针对移动电子商务活动中SP对用户可溯源的需求.本文探讨了在移动互联网网络环境下的用户来源可信及用户身份溯源认证技术.从运营商的角度研究了一种基于移动互联网的身份可溯源认证业务方案.利用该溯源认证业务能够将原有的用户身份认证从应用层扩展到网络层和物理层,实现对用户身份的溯源追踪.有效防止伪造用户身份的攻击行为,确保用户认证过程的可溯源性.     

A new three-factor authentication and key agreement protocol for multi-server environment

Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency.

     

Authentication scheme for multi-cloud environment based on smart card

To solve the problem of the access keys stored in a smart card increasing linearly with the number of registered clouds without third party participated in authentication,an authentication scheme was proposed for multi-cloud environment based on smart card.In the proposed scheme,the authentication was realized between user and multiple clouds without third party participation when the smart card only stored two access key.Thus the storage cost of smart card was reduced effectively.Because there was no public key cryptography,the authentication messages was generated by using XOR homomorphic function and Hash function,thus the computational cost of the smart card and the cloud servers was reduced effectively.Moreover,the proposed scheme also didn’t need to store any user’s information on the cloud servers,thereby reducing the storage and management costs of the cloud servers.The security analysis and the performance analysis show that the proposed scheme is able to resist multiple attacks,which is secure and efficient.