共查询到20条相似文献,搜索用时 15 毫秒
1.
Tzu-Chun Lin 《电子科技学刊:英文版》2018,16(2):139-144
The deniable authentication protocol is an important notion that allows a receiver to identify the source of a given message, but not to prove the identity of the sender to a third party. Such property is very useful for providing secure negotiation over the Internet. The ID-based deniable authentication protocol based on elliptic Diffie-Hellman key agreement protocol cannot defend the sender spoofing attack and message modification attack. In this paper, we present an improved protocol based on double elliptic Diffie-Hellman scheme. According to the comparison result, the proposed protocol performs better. 相似文献
2.
组密钥是安全组通信中实现信息机密性和完整性的关键.适应于MANET有限的计算、通信资源,MANET组密钥管理协议应具有较少的计算量,较低的运算强度.分析了MANET组密钥管理方案所应具备的性质;结合固定网络环境下具有最小通信量的组密钥协商协议STR协议及基于身份标识的公钥密码技术,提出了一个基于身份标识的贡献式MANET组密钥协商管理协议CEAGKP,具有较小的通信量、较强的安全性与可扩展性,能够很好地适应MANET环境的要求.仿真结果证明了CEAGKP具有较好的伸缩性. 相似文献
3.
移动Ad hoc网络是一种资源有限的移动多跳无线网络。在网络中构建组密钥协商协议时应尽可能地减少资源开销。文中在基于身份的网络安全环境下,设计了一种基于环状结构的组密钥协商协议。该协议采用椭圆曲线上的双线性配对,仅通过单轮通信完成组密钥协商。经过分析,该协议具有等献性,已知密钥安全,无密钥控制等安全属性,适用于Ad hoc网络。 相似文献
4.
SK Hafizul Islam 《Wireless Personal Communications》2014,79(3):1975-1991
In mobile multi-server authentication, a client can access different servers over an insecure channel like Internet and wireless networks for numerous online applications. In the literature, several multi-server authentication schemes for mobile clients have been devised. However, most of them are insecure against ephemeral secret leakage (ESL) attack and other vulnerabilities. For mutual authentication and key agreement, mobile client and server used ephemeral secrets (random numbers) and leakage of these secrets may be possible in practice. Since these are generated by an external source that may be controlled by an adversary. Also they are generally pre-computed and stored in insecure devices. Thus, if the secrets are leaked then the session key would turn out to be known and the private keys of client and server may be compromised from the eavesdropped messages. This phenomenon is called ESL attack. To defeat the weaknesses, in this paper, we design an ESL attack-free identity-based mutual authentication and key agreement scheme for mobile multi-server environment. The proposed scheme is analyzed and proven to be provably secure in the random oracle model under the Computational Diffie–Hellman assumption. 相似文献
5.
徐胜波 《信息安全与通信保密》1997,(2)
根据ISO制定的网络安全结构,结合Internet的具体特点,提出了一种解决Internet安全性的安全模式,并设计了一个适用于Internet环境的鉴别与密钥分配协议。新协议采用分层机制,在低层利用Intranet的已有鉴别与密钥分配协议,在高层则采用双钥密码体制设计了一个跨Intranet的鉴别与密钥分配协议。该协议不必更换客户机原有的应用软件,只需增加一个网际鉴别服务器,在原鉴别服务器的数据库中增添网际鉴别服务器的密钥即可实现跨Intranet保密通信。新协议与已有协议有很好的兼容性,安全性高,有利于网络的安全管理,并可以在各种远程访问中建立Intranet间的端—端保密通信。 相似文献
6.
Internet网络环境中认证与密钥分配的研究 总被引:11,自引:0,他引:11
本文根据ISO制定的OSI安全结构,提出了一种解决intranet安全性问题的全面安全模式,并设计了一个适用于Internet环境的认证与密钥分配协议;新协议采用分层机制,在低层利用intranet本地网的已有认证与密钥分配协议,在高层则采用双钥密码体制来设计跨intranet的认证与密钥分配协议。新协议与已有密码协议有很好的兼容性,且不降低原协议的安全性,并为in-tranet的各种远程访问提供安全保护,有利于网络的安全管理 相似文献
7.
本文提出了一种新的使用混沌阵列,基于HVS视觉掩盖自适应的公开图像水印算法,利用四阶累积量定义了视觉掩盖中的噪声敏感度.该方法将混沌阵列作为水印嵌入到图像子块的DCT次低频系数中去,然后根据噪声敏感度进行视觉掩盖.实验结果表明,在噪声敏感度的作用下,视觉掩盖实现了自适应地调整水印嵌入强度;在无原始数据的情况下,通过使用密钥能够清晰地检测出水印的存在;在常见的信号失真和几何失真下(有损压缩,剪切等),水印具有很好的稳健性. 相似文献
8.
一种基于X.509的USB Key政务环境身份认证方案 总被引:1,自引:0,他引:1
针对当前电子政务环境下用户身份认证环节较薄弱的现状,本文提出了一种基于X.509协议的改进的政务环境身份认证方案,并给出此方案的系统设计。此方案是在X.509数字证书的基础上,结合USB KEY的硬件特点所构成的双因子身份认证,能够加强电子政务环境下应用广泛的OA系统的用户身份认证功能。本文亦给出软件部分的实现方法。 相似文献
9.
在无线移动网络环境中,服务器端对其所属客户端的用户进行密钥管理与身份重新确认等处理程序,同时藉由时间点分群验证的方式来减轻服务器端在计算上的负荷量。此外,当进行资料交换的端点发生严重错误而被迫中断联机或需重新激活时,系统将会通过本身的稽核资料对先前已验证的密钥与用户资料进行复原动作,因此可在资源有限的系统当中,避免重复运算的情况发生,同时考虑在不过度增加既有传输成本等前提下,提出安全的密钥管理与回复验证等机制,进而确保复原程序后的密钥与用户资料本身的正确性与完整性。 相似文献
10.
Many protocols have been proposed for solving the user authentication in portable communication system. One of the schemes is based on the delegation concept. Home Location Register (HLR) delegates Mobile Station (MS) to be authenticated by Visitor Location Register (VLR). The main drawback of the scheme is that the HLR is required during the online authentication phase between VLR and MS. In this paper, a double delegation-based authentication and key agreement protocol is proposed. The main advantage of our protocol is that this scheme requires only MS and VLR online. This protocol will thoroughly utilize the proxy signature features to facilitate the operation of this protocol while only requires two members (MS, VLR) to be online at the same time. 相似文献
11.
12.
13.
In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.'s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice. 相似文献
14.
IKE协议是IPSec协议族中的自动密钥交换协议,用于动态的建立安全关联(SA)。文章对IKE协议主模式下预共享密钥认证方式中存在的身份保护缺陷进行了分析,提出了新的修改意见,使得协议更加完整并提高了效率。 相似文献
15.
In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.’s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice. 相似文献
16.
当前许多双向认证与密钥协商(MAKA)协议不具有高效的撤销机制,同时不能抵抗一些新型攻击,如随机数泄露(ESL)攻击、注册中心泄露注册信息(RCDRI)攻击.另一方面,大量的MAKA协议都是基于一个注册中心(RC),这无疑对RC高效性和稳定性是个挑战.本文基于以上问题,结合自认证公钥(SCPK)提出了一个具有多个注册中心的MAKA协议,该协议能够抵抗上述的新型攻击并且具有动态的撤销机制.基于Diffie-Hellman困难假设,在随机预言机模型中给出了协议的安全性证明.由于该协议不涉及双线性对运算,比以往同类型方案在执行效率方面也有很大的优势. 相似文献
17.
18.
An authentication multiple key agreement protocol allows the users to compute more than one session keys in an authentication way. In the paper, an identity-based authentication multiple key agreement protocol is proposed. Its authentication part is proven secure against existential forgery on adaptively chosen message and ID attacks under the random oracle model upon the CDH assumptions. The session keys are proven secure in a formal CK security model under the random oracle model upon the CBDH assumptions. Compared with the previous multiple key agreement protocols, it requires less
communication cost. 相似文献
19.
分析了移动IP的基本原理,根据其面临的安全问题,结合IPSec协议的相关概念,提出了移动IP的密钥管理和认证方案。 相似文献
20.
提出了一种具有身份验证的密钥协商方案,并证明了其安全性。该方案的特点是:(1)在离散对数问题难解的假设前提下。可抵抗被动攻击和主动攻击;(2)身份验证与密钥协商紧密结合;(3)认证服务中心负责签发证书,但不直接参与身份验证和密钥协商过程;(4)只需要两次模指数运算。 相似文献