共查询到20条相似文献,搜索用时 15 毫秒
1.
Qi Jiang Jianfeng Ma Youliang Tian 《International Journal of Communication Systems》2015,28(7):1340-1351
As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol (SIP) is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart‐card‐based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two‐factor authentication protocols. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
2.
Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al . proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al . claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al . protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al . protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
3.
随着VoIP技术的发展,VoIP技术结合卫星通信网络的应用越来越广泛。Inmarsat卫星系统是地球同步轨道系统,网络传播时延大,卫星VoIP电话的语音通信是否可行值得研究。结合VoIP关键技术和海事卫星通信语音通信应用场景,探讨了基于Inmarsat卫星网络实现VoIP技术的方案,并分析出此方案下VoIP系统通话过程的单向时延为350 ms,低于ITU G.114的400 ms的要求。在实际使用环境中进行了测试和验证,结果表明,基于Inmarsat网络下实现VoIP的方案是可行的。该方案实现复杂度低,可以方便地实现Inmarsat网络与地面电话网之间的互联互通,也可以为我国自主研制的宽带卫星通信系统实现VoIP技术提供参考。 相似文献
4.
Qi Xie 《International Journal of Communication Systems》2012,25(1):47-54
The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
5.
Qi Xie Na Dong Duncan S. Wong Bin Hu 《International Journal of Communication Systems》2016,29(3):478-487
Two‐factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off‐line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off‐line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off‐line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security‐enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
6.
7.
Saru Kumari Muhammad Khurram Khan 《International Journal of Communication Systems》2014,27(12):3939-3955
With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
8.
Madhusudhan R Manjunath Hegde Imran Memon 《International Journal of Communication Systems》2018,31(11)
In remote system security, 2‐factor authentication is one of the security approaches and provides fundamental protection to the system. Recently, numerous 2‐factor authentication schemes are proposed. In 2014, Troung et al proposed an enhanced dynamic authentication scheme using smart card mainly to provide anonymity, secure mutual authentication, and session key security. By the analysis of Troung et al's scheme, we observed that Troung et al' s scheme does not provide user anonymity, perfect forward secrecy, server's secret key security and does not allow the user to choose his/her password. We also identified that Troung et al's scheme is vulnerable to replay attack. To fix these security weaknesses, a robust authentication scheme is proposed and analyzed using the formal verification tool for measuring the robustness. From the observation of computational efficiency of the proposed scheme, we conclude that the scheme is more secure and easy to implement practically. 相似文献
9.
提出一个对使用者的身份做认证的方法,这个方法是基于智能IC卡作媒介,当使用者登入系统时,将个人的智能IC卡插入终端机,再根据指示键入个人身份识别码及口令,此时智能IC卡针对使用者识别码及口令,利用电子签章做适当运算,再传回给系统做验算,以使模型易于使用又不失安全性。 相似文献
10.
在未来的无线通信网络中,如4G,不同的无线技术和基础架构将并存。在这些异构的网络环境中,移动管理是一个关键问题。文中提出了一种新的移动管理方案,这种方案基于两个协议:主机标识协议(HIP)和会话初始化协议(SIP)。文中称这种方案为HSIP(HIP—SIP)。与SIP相比,HSOP有更好的性能,其信令开销小,延迟短,切换速度快。 相似文献
11.
一种基于软交换的教学实验系统开发与应用 总被引:2,自引:1,他引:2
随着交换技术的快速发展,“交换原理”课程内容在不断更新,软交换和SIP协议等已成为本课程的主要内容之一。为了提高教学效果,本文设计并实现了一种以软交换为核心的分布式会议系统。该实验系统中的会议应用由业务层的应用服务器、Web服务器和媒体服务器实现,呼叫控制功能由软交换完成,业务媒体流由IP网络承载。 相似文献
12.
基于智能卡的动态身份认证机制 总被引:3,自引:0,他引:3
由于每次登录时用户提交的认证信息都是固定不变的,传统的口令认证机制容易遭受回放攻击。本文根据一个关于互素数的定理,提出了一种基于智能卡的动态身份认证机制。用户每次登录时,智能卡根据从服务器发来的challenge和事先嵌入智能卡的参数信息,为合法用户计算当前的认证信息。由于每次用户提交的认证信息都是动态可变的,从而有效地防止了回放攻击。 相似文献
13.
14.
15.
下一代移动技术UMA探讨 总被引:1,自引:0,他引:1
讨论了通过无线IP网络(未授权移动接入)传输语音、消息和多媒体信息的新技术,未授权移动接入技术是向通信技术融合迈进的第一步。介绍了未授权移动接入技术的性能和应用,对未授权移动接入技术的发展进行了预测。 相似文献
16.
17.
Chun‐Guang Ma Ding Wang Sen‐Dong Zhao 《International Journal of Communication Systems》2014,27(10):2215-2227
Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In this paper, we analyze two recent proposals in the area of password‐based remote user authentication using smart cards. First, we point out that the scheme of Chen et al. cannot achieve all the claimed security goals and report its following flaws: (i) it is vulnerable to offline password guessing attack under their nontamper resistance assumption of the smart cards; and (ii) it fails to provide forward secrecy. Then, we analyze an efficient dynamic ID‐based scheme without public‐key operations introduced by Wen and Li in 2012. This proposal attempts to overcome many of the well‐known security and efficiency shortcomings of previous schemes and supports more functionalities than its counterparts. Nevertheless, Wen–Li's protocol is vulnerable to offline password guessing attack and denial of service attack, and fails to provide forward secrecy and to preserve user anonymity. Furthermore, with the security analysis of these two schemes and our previous protocol design experience, we put forward three general principles that are vital for designing secure smart‐card‐based password authentication schemes: (i) public‐key techniques are indispensable to resist against offline password guessing attack and to preserve user anonymity under the nontamper resistance assumption of the smart card; (ii) there is an unavoidable trade‐off when fulfilling the goals of local password update and resistance to smart card loss attack; and (iii) at least two exponentiation (respectively elliptic curve point multiplication) operations conducted on the server side are necessary for achieving forward secrecy. The cryptanalysis results discourage any practical use of the two investigated schemes and are important for security engineers to make their choices correctly, whereas the proposed three principles are valuable to protocol designers for advancing more robust schemes. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
18.
传统的协议栈没有对实现移动性的层次进行准确定位,所以几乎协议栈中的每一层都有实现移动性的方案,但对于移动互联网这种异质网络。分层的协议栈效率很低。根据协议栈和移动互联网移动性的特点,从协议栈的链路层、网络层、传输层和应用层上具体分析了各个层实现移动性的优缺点,通过这些分析可见,要给移动互联网中的移动节点提供良好的移动性支持,跨层实现动性是未来移动性发展的趋势。 相似文献
19.
Decentralized peer-to-peer session initiation protocol (P2PSIP) provides the same services as legacy SIPs such as IMS. However, in relatively open network, the requirement for route efficiency in a complex environment brings about undefined problems. To deploy a controllable P2PSIP network, perfect mechanisms have to be appended, especially in QoS, security, and management. Several proposals for QoS, network address translation (NAT), and interworking have been put forward. In this paper, we propose an integrated architecture for a P2PSIP system as well as a proactive intelligent routing scheme on the media plane used in system. Implementation and simulation show that our solution is suitable for operation and management. 相似文献
20.
The e‐commerce has got great development in the past decades and brings great convenience to people. Users can obtain all kinds of services through e‐commerce platform with mobile device from anywhere and at anytime. To make it work well, e‐commerce platform must be secure and provide privacy preserving. To achieve this goal, Islam et al. proposed a dynamic identity‐based remote user mutual authentication scheme with smart card using Elliptic Curve Cryptography(ECC). Islam et al claimed that the security of their scheme was good enough to resist various attacks. However, we demonstrate that their scheme is vulnerable to insider attack and suffers from off‐line password guessing attack if smart card is compromised. To overcome the deficiencies, we present an improved scheme over Islam's scheme. The security proof and analysis shows that our scheme can also provide user anonymity and mutual authentication, and the security is enough to against relay attack, impersonation attack, and other common secure attackers. The performance analysis shows that the proposed scheme is more efficient than Islam et al's scheme. 相似文献