SESAME认证协议的研究与分析

分布式文件系统的安全性问题越来越突出,随着Internet的广泛应用,跨越大型网络的文件系统的使用容易受到来自网络的攻击,认证问题日益重要。目前使用较多的是基于对称密钥密码体制的Kerberos认证系统。本文对基于公钥密码体制的SESAME认证和访问控制协议进行了研究和分析,指出了由了采用了公钥密码体制,SESAME技术能够实现单点登录、强用户认证、用户和系统间的交互认证、基于角色的访问控制和用户的授权等功能。     

基于Kerberos身份认证的研究及改进

本文对网络安全中实现身份认证的Kerberos协议进行了详细的介绍,并分析了其局限性.在此基础上,提出了一种基于公钥密码的Kerberos改进协议.     

一种基于纠错编码的公钥体制改进Kerberos协议的方法

Kerberos协议是用于保护网络内部各种提供服务的服务器的一种常用协议。首先介绍了该协议的实现过程,分析了它的优点和薄弱环节。然后提出一种用公钥体制改进Kerberos协议的方法,采用这种新方法有效地提高了原协议的安全性,并且大体保持了协议原有的架构。最后分析了基于Goppa纠错码的公钥体制的特点,以及它适合用于改进Kerberos协议的原因。     

一种基于纠错编码的公钥体制改革Kerberos协议的方法

Kerberos协议是用于保护网络内部各种提供服务的服务器的一种常用协议，首先介绍了该协议的实现过程，分析了它的优点和薄弱环节，然后提出一种用公钥体制改进Kerberos协议的方法，采用这种新方法有效地提高了原协议的安全性，并且大体保持了协议原有的架构，最后分析了基于Goppa纠错码的公钥体制的特点，以及它适合用于改进Kerberos协议的原因。     

改进的Rabin密码体制安全性分析

Shamir和Schorr对Rabin数字签名方案提出一种有效的攻击方法,称为Shamir攻击.为了避免Shamir攻击,本文提出一种有效的比特位扰乱法(Bit Perturbation).基于Rabin公钥密码体制,Harn和Kiesler提出一种改进的公钥密码体制、数字签名方案和认证加密方案.本文指出Harn和Kiesler提出的密码体制是不安全的,并设计一种安全的数字签名方案.     

无线局域网的安全措施

本文首先对无线局域网中的安全现状进行了分析，指出了目前在网络安全方面存在的漏洞。认证是系统安全的基础，本文着重于无线局域网中认证体制的设计，提出了利用。Kerberos协议和IEEE802．1x协议实现认证以及基于公钥体制认证协议的两种方案，并介绍了如何利用基于公钥体制的Kerberos协议来实现认证的方法。     

一种基于公钥的新型Kerberos域间认证方案

描述了一种基于公钥加密的新型Kerberos域间认证方案.鉴于以往Kerberos域间认证方案中域间存在密钥数量庞大和系统安全性不够强的问题,引入了中介KDC和公钥加密体制对Kerberos域间认证方案进行改进.改进方案中,中介KDC和与之相关的非中介KDC共享对方公钥.通过可行性、安全性分析可知,该方案使系统更安全,密钥的管理和维护更容易.     

基于双线性对的无证书代理重加密方案

无证书公钥密码体制是在基于身份的公钥密码体制的基础上提出的新型公钥密码体制,它避免了密钥托管问题,也不需要使用公钥证书。代理重加密可以针对同一明文,实现不同用户公钥加密的密文之间的转换,在这个过程中半可信的代理者不能获得关于消息M的任何信息。文中将无证书公钥密码体制和代理重加密结合起来,介绍了一个基于双线性对的无证书代理重加密方案,该方案在标准模型下是抗适应性选择消息攻击的。     

对基于公钥密码体制的IBS协议的改进

分析了基于公钥密码体制的IBS协议,针对其中存在的一些不足和缺陷,提出改进方案。最后对改进后的协议进行形式化分析,证明改进后协议的不可否认性和公平性。     

多变量强指定验证者签名方案

指定验证者签名在实际的网络信息中有着广泛的应用,验证者不能将签名任意地传播给第三方。强指定验证者签名方案更加强了签名者的隐私,除了指定验证者任何人都不能验证签名的有效性。该文提出一个基于多变量公钥密码体制(MPKCs)的一般强指定验证者签名方案,将多变量公钥密码体制应用到指定验证者签名方案中,如果多变量公钥密码体制在已知攻击,包括代数攻击,线性化攻击,秩攻击和差分攻击等下是安全的,则新方案满足正确性、不可伪造性、不可传递性的安全性要求。并给出一个具体的基于pFLASH签名体制的强指定验证者签名方案,具有明显的效率优势,新方案在量子计算攻击下是安全的。     

计算可靠的Diffie-Hellman密钥交换协议自动证明

针对Diffie-Hellman密钥交换协议,提出了采用观测等价关系的建模方法,证明了该方法的可靠性,并利用该方法扩展了自动工具CryptoVerif的验证能力。发现了对公钥Kerberos协议自动证明中敌手能力模型的缺陷,并提出了修正方法。利用扩展的CryptoVerif自动证明了基于Diffie-Hellman的Kerberos协议的安全性,验证了该扩展方法的有效性。与现有大部分证明方法不同的是,该证明方法既保留了自动证明工具的易用性,又保证了计算模型下的强可靠性。     

ZigBee网络抵御Sybil攻击的自适应链路指纹认证方案

该文针对ZigBee网络中Sybil攻击破坏节点身份唯一性的问题,提出一种抵御Sybil攻击的自适应链路指纹认证方案。方案首先基于无线链路特征设计了链路指纹,在此基础上,提出了反映信道质量的相干时间估测算法和适应子节点数量变化的保护时隙(GTS)动态申请算法,并给出了Sybil攻击认证流程。安全性分析及实验结果表明,方案在通信环境的安全边界条件下节点认证成功率可达97%以上,且链路指纹无需存储,具有较低的资源需求。     

基于最大秩距离码的McEliece公钥加密方案

提出了基于最大秩距离码新的McElience公钥密码系统，讨论其可行性及安全性．证明了它比基于纠错码的McElience公钥密码系统里安全。而且，通过引入单向函数．使密码系统能有效地抗击消息重发攻击和相关消患攻击。     

Linearly shift knapsack public-key cryptosystem

Two algorithms are proposed to improve the Merkle-Hellman knapsack public-key cryptosystem. an approach to transform a superincreasing sequence to a high-density knapsack sequence is proposed. The algorithm is easy to implement and eliminates the redundancy of many knapsack cryptosystems. A linear shift method is used to improve the security of the knapsack public-key cryptosystem. It is shown that several knapsacks (e.g., the so-called useless knapsack), which cannot be generated by using the Merkle-Hellman scheme, can be generated by the linear shift method. Thus A. Shamir's (1982, 1984) attack to the original knapsack, as well as the low-density attack to the iterated knapsack, cannot be applied to this system successfully. It is interesting to note that the concept of the requirement of being one-to-one in practical enciphering keys is not necessary for this system.<>     

A Secure Digital Signature Algorithm Based on Elliptic Curve and Chaotic Mappings

A digital signature algorithm (DSA) based on elliptic curve and chaotic mappings is proposed to strengthen the security of an elliptic curve digital signature algorithm (ECDSA). To construct this algorithm, a one-way hash function (OWHF) based on two-dimensional (2D) hyperchaotic mappings and an improved elliptic curve public-key cryptography (IECPKC) are proposed, and two key exchange algorithms are introduced. Security analysis shows that this has better capability of resisting per-message secrets attack, repeated use of per-message secrets attack, and duplicate-signature key selection attack than an ECDSA. The proposed scheme is well suited for practical implementation.     

Security of public-key cryptosystems based on Chebyshev polynomials

Chebyshev polynomials have been recently proposed for designing public-key systems. Indeed, they enjoy some nice chaotic properties, which seem to be suitable for use in Cryptography. Moreover, they satisfy a semi-group property, which makes possible implementing a trapdoor mechanism. In this paper, we study a public-key cryptosystem based on such polynomials, which provides both encryption and digital signature. The cryptosystem works on real numbers and is quite efficient. Unfortunately, from our analysis, it comes up that it is not secure. We describe an attack which permits to recover the corresponding plaintext from a given ciphertext. The same attack can be applied to produce forgeries if the cryptosystem is used for signing messages. Then, we point out that also other primitives, a Diffie-Hellman like key agreement scheme and an authentication scheme, designed along the same lines of the cryptosystem, are not secure due to the aforementioned attack. We close the paper by discussing the issues and the possibilities of constructing public-key cryptosystems on real numbers.     

A new scheme based on the MI scheme and its analysis

This article aims at designing a new Multivariate Quadratic (MQ) public-key scheme to avoid the linearization attack and differential attack against the Matsumoto-Imai (MI) scheme. Based on the original scheme, our new scheme, named the Multi-layer MI (MMI) scheme, has a structure of multi-layer central map. Firstly, this article introduces the MI scheme and describes linearization attack and differential attack; then prescribes the designation of MMI in detail, and proves that MMI can resist both linearization attack and differential attack. Besides, this article also proves that MMI can resist recent eXtended Linearization (XL)-like methods. In the end, this article concludes that MMI also maintains the efficiency of MI.     

IKE协议防止中间人攻击性能分析及改进

在基于数字签名认证主模式IKE协议最新研究进展的基础上,针对其安全漏洞,提出了一种改进方案。该方案在遵循ISAKMP框架及IKE交互对称结构的基础上,采用分步认证的方法,能够及早发现并阻止中间人攻击,从而保护通信双方的身份。性能分析表明,该方案是安全、高效、可行的。     

一种高容量盲检测图像指纹算法

针对共谋攻击,提出了一种高容量的空域盲检测图像指纹算法.用抗共谋攻击码(ACC)调制正交基向量生成二值指纹,根据指纹状态对图像灰度值量化嵌入指纹.追踪共谋者时,首先根据待检图像像素灰度所属区间提取指纹,然后计算其与正交基向量的内积得到一新向量,对其用软阈值方式进行处理,最后追踪共谋者.指纹嵌入提取采用量化方式,是一种盲...     

Fingerprint classification through self-organizing feature mapsmodified to treat uncertainties

In this paper, a neural network structure based on self organizing feature maps (SOFM) is proposed for fingerprint classification. In order to be able to deal with fingerprint images having distorted regions, the SOFM learning and classification algorithms are modified. For this purpose, the concept of “certainty” is introduced and used in the modified algorithms. This fingerprint classifier together with a fingerprint identifier, constitute subsystems of an automated fingerprint identification system, named HALafis. Our results show that a network that is trained with a sufficiently large and representative set of samples can be used as an indexing mechanism for a fingerprint database, so that it does not need to be retrained for each fingerprint added to the database