共查询到20条相似文献,搜索用时 0 毫秒
1.
Shuishuai Xu Xindong Liu Mimi Ma Jianhua Chen 《International Journal of Satellite Communications and Networking》2020,38(1):62-73
As the mobile network progresses fast, mobile communications have a far‐reaching influence in our daily life. In order to guarantee the communication security, a myriad of experts introduced many authentication protocols. Recently, Qi et al presented an enhanced authentication with key agreement protocol for satellite communications, and they proclaimed that their protocol could defend various attacks and support varied security requirements. Regrettably, in this paper, we prove that their protocol was fruitless in resisting smart card stolen or loss attack, supporting perfect forward secrecy and had a fundamental error. To solve these problems, we present an improved protocol based on perfect forward secrecy. In addition, the analysis of our improved protocol suggests that it gets possession of faultless security properties and overcomes the flaws in the protocol of Qi et al perfectly. Thus, our improved protocol can be appropriated for the mobile communications. 相似文献
2.
由于网络安全的需要,利用智能卡的双因子身份鉴别方案越来越受到重视。首先分析了Wang Yan-yan等人提出的基于动态ID的远程用户身份认证方案的安全性,指出其方案的安全缺陷是不能抵抗离线的口令猜测攻击;随后提出了一种改进的方案,改进之后的方案能有效抵抗重放攻击、离线口令猜测攻击、假冒服务器/用户攻击。经过安全分析,新的方案在保留了原方案优点的同时,具有了更高的安全性。 相似文献
3.
针对静态口令身份认证技术易受攻击的安全缺陷,在事件同步一次性口令产生机制的基础上,结合公钥密码体制,设计并实现了一种新的一次性口令双向认证方案。与传统的挑战/响应双向认证方案相比,该方案实现简单、执行效率高,适用于电子商务过程中的身份认证,能够实现网络环境下用户和服务器的双向认证,避免各种攻击,可以大大提高用户访问的安全性,有效保护用户信息。 相似文献
4.
Liping Zhang Shanyu Tang Zhihua Cai 《International Journal of Communication Systems》2014,27(11):2691-2702
Providing a suitable key agreement protocol for session initiation protocol is crucial to protecting the communication among the users over the open channel. This paper presents an efficient and flexible password authenticated key agreement protocol for session initiation protocol associated with Voice over Internet Protocol. The proposed protocol has many unique properties, such as session key agreement, mutual authentication, password updating function and the server not needing to maintain a password or verification table, and so on. In addition, our protocol is secure against the replay attack, the impersonation attack, the stolen‐verifier attack, the man‐in‐the‐middle attack, the Denning–Sacco attack, and the offline dictionary attack with or without the smart card. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
5.
本文研究认证码的构造问题,给出一种在不增加编码规则数量的情况下将Cartesian认证码改变成完备安全认证码的方法,同时给出一种由小的公开认证矩阵构造具有很高安全性的认证码的方法,探讨了认证码的实用性问题。 相似文献
6.
保密通信中,密钥管理至关重要而又非常困难。本文从用户和系统管理的角度,较为详细地阐述了保密通信系统中私人密钥和公开密钥的管理机制。 相似文献
7.
Jung Yeon Hwang Ji Young Chun Dong Hoon Lee 《Wireless Communications and Mobile Computing》2009,9(12):1565-1571
Recently, to provide data confidentiality against intermediate relaying proxies, Hur, Shin, and Yoon proposed a decentralized group key management(GKM) scheme for dynamic networks that uses proxy cryptography. We show that the GKM scheme unfortunately does not provide data confidentiality. We also present a counter measure to fix the security breaches. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
8.
Qi Jiang Jianfeng Ma Youliang Tian 《International Journal of Communication Systems》2015,28(7):1340-1351
As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol (SIP) is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart‐card‐based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two‐factor authentication protocols. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
9.
Qi Xie 《International Journal of Communication Systems》2012,25(1):47-54
The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
10.
网络用户的身份鉴别和密钥交换问题是网络安全的核心问题,目前最常见的鉴别密钥交换协议为基于口令的鉴别密钥交换(PAKE)协议。论文讨论了PAKE协议的设计目的、基本模式及其安全需求,并给出了双方模式和三方模式PAKE协议的交互过程,为网络安全协议的设计提供了参考。 相似文献
11.
叶汝军 《微电子学与计算机》2012,29(3):155-158
研究校园网络平台中安全身份认证技术问题,提出基于快速密钥生成算法的身份认证方式.这种认证方式只需要在初次进行身份认证时从网络平台服务方得到密钥,运用奇数筛选理论减少了身份验证的计算量,提高了校园网络平台中安全身份认证的效率.实验证明,该算法能够实时认证操作者的身份,进一步保证校园网络平台的安全. 相似文献
12.
2009年,Liao—Wang提出了一种基于智能卡的典型远程用户身份鉴别方案,经分析证明该方案存在安全脆弱性,容易受到离线口令猜测攻击,攻击者伪装成服务器的攻击,域内合法用户伪装成域内其他用户的攻击。之后提出了一种安全改进方案,解决了上述脆弱性问题,具有可靠的安全性。 相似文献
13.
End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication 总被引:1,自引:0,他引:1
As great progress has been made in mobile communications, many related researches on this topic have been proposed. In most
of the proposed protocols so far, it has been assumed that the person using the mobile station is the registrar of the SIM
card; as a matter of, the previous protocols for authentication and session key distribution are built upon this assumption.
This way, the mobile user can only verify the identity of the owner of the SIM card. This means that the mobile user can only
know that who registers the SIM card with which he communicates. Note that the human voice can be forged. To make sure that
the speaker at the other end is the right owner of the SIM card, concept of the password is involved to construct the end-to-end
security authentication protocol. In the proposed protocol, each mobile user can choose a password. When two mobile users
want to communicate with each other, either user can request to perform a end-user identification process. Only when both
of the end users input the correct passwords can the correct common session key be established. 相似文献
14.
15.
16.
提出了一种基于智能卡的有效远程双向身份鉴别方案。用户可自由地选择和改变登录口令,无需维护口令目录表或验证表。此外,该方案不仅能够提供通信双方的相互鉴别,而且引入质询随机数代替时间戳,既可保证每次身份鉴别信息的随机性,有效防止重放攻击,又避免了复杂的时间同步问题,极大地增强了应用系统的安全性和实用性。 相似文献
17.
Xuexian Hu Zhenfeng Zhang Qihui Zhang 《International Journal of Communication Systems》2015,28(6):1100-1111
Three‐party password‐authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in a large communication network. However, most current 3PAKE protocols are analyzed in security models that do not adequately address protocol composition problem. In this paper, an ideal functionality for 3PAKE within the universal composability framework is defined, which not only provides security guarantees under arbitrary composition with other protocols but also achieves contributiveness and explicit authentication. Moreover, we propose a generic construction of contributory 3PAKE protocol and prove that it securely realizes the ideal functionality in the static corruption model. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
18.
Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al . proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al . claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al . protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al . protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
19.
针对无线传感器网络(WSN)用户远程安全认证问题,分析现有方案的不足,提出一种新颖的基于智能卡的WSN远程用户认证方案。通过用户、网关节点和传感器节点之间的相互认证来验证用户和节点的合法性,并结合动态身份标识来抵抗假冒攻击、智能卡被盗攻击、服务拒绝攻击、字典攻击和重放攻击。同时对用户信息进行匿名保护,且用户能够任意修改密码。性能比较结果表明,该方案具有较高的安全性能,且具有较小的计算开销。 相似文献
20.
Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security. 相似文献