移动网络可信匿名认证协议

针对终端接入移动网络缺乏可信性验证问题,提出一种移动网络可信匿名认证协议,移动终端在接入网络时进行身份验证和平台完整性认证。在可信网络连接架构下,给出了可信漫游认证和可信切换认证的具体步骤,在认证时利用移动终端中预存的假名和对应公私钥对实现了用户匿名隐私的保护。安全性分析表明,协议满足双向认证、强用户匿名性、不可追踪性和有条件隐私保护。协议中首次漫游认证需要2轮交互,切换认证需1轮即可完成,消息交换轮数和终端计算代价优于同类可信认证协议。     

面向移动终端的隐式身份认证机制综述

面向移动终端的隐式身份认证机制通过监测移动终端环境以及用户行为等信息对用户进行透明且持续地认证,能够增强现有身份认证机制的可用性与安全性。该文对隐式身份认证技术的研究现状进行介绍。介绍了基于本地与基于网络的隐式身份认证框架;归纳总结出五类数据采集方式;对基于机器学习等多种用户分类算法进行了介绍,分析比较了各算法的正确率;归纳出两类访问控制机制,并对隐式身份认证所面临的模拟行为攻击以及用户隐私泄漏安全问题进行了讨论。     

基于用户使用移动设备习惯的隐式认证初探

在移动设备(特别是手机)上输入密码是非常麻烦的。随着越来越多的人使用移动设备访问Internet服务,或者从事移动商务活动,人们希望能够简化身份认证操作。为此,提出一种新的身份认证方法——隐式认证,它直接利用用户使用设备的习惯来认证用户,免除了用户输入密码的麻烦;给出了可用于隐式认证的数据及其来源,探讨了可用于隐式认证的具体方法和隐式认证的系统体系结构。所述技术对于隐式认证的进一步研究和应用具有实际意义。     

A novel transparent user authentication approach for mobile applications

ABSTRACT

With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authentication can be applied continually and transparently (i.e., without obstructing the user’s activities) to authenticate legitimate users, which is maintained beyond the point of entry. To this end, this paper suggests a novel transparent user authentication method for mobile applications by applying biometric authentication on each service within a single application in a secure and usable manner based on the risk level. A study involving data collected from 76 users over a one-month period using 12 mobile applications was undertaken to examine the proposed approach. The experimental results show that this approach achieved desirable outcomes for applying a transparent authentication system at an intra-process level, with an average of 6% intrusive authentication requests. Interestingly, when the participants were divided into three levels of usage (high, medium and low), the average intrusive authentication request was 3% which indicates a clear enhancement and suggests that the system would add a further level of security without imposing significant inconvenience upon the user.     

Seed-based authentication for mobile clients across multiple devices

Authenticating users for mobile cloud apps has been a major security issue in recent years. Traditional passwords ensure the security of mobile applications, but it also requires extra effort from users to memorize complex passwords. Seed-based authentication can simplify the process of authentication for mobile users. In the seed-based authentication, images can be used as credentials for a mobile app. A seed is extracted from an image and used to generate one-time tokens for login. Compared to complex passwords, images are more friendly to mobile users. Previous work had been done in seed-based authentication which focused on providing authentication from a single device. It is common that a mobile user may have two or more mobile devices. Authenticating the same user on different devices is challenging due to several aspects, such as maintaining the same credential for multiple devices and distinguishing different users. In this article, we aimed at developing a solution to address these issues. We proposed multiple-device authentication algorithms to identify users. We adopted a one-time token paradigm to ensure the security of mobile applications. In addition, we tried to minimize the authentication latency for better performance. Our simulation showed that the proposed algorithms can improve the average latency of authentication for 40% at most, compared to single-device solutions.     

基于集群架构的物联网终端动态认证仿真

为有效提高物联网终端认证的安全性,基于集群架构对物联网终端动态进行认证仿真。设计的认证策略主要基于双注册因子和对应认证结构,包括常数量和编码特征密匙,在此基础上设定集群架构下物联网双因子注册流程,第一认证因子与服务器达成一致,通过用户初始注册信息终端服务器生成注册凭证,第二因子通过SAS服务器认证,并生成注册会话密匙,完成最终双因子注册,根据注册因子,以X.509V3作为核心签发结构,构造认证数字证书,搭配公共密匙基础设置(PKI),确定身份认证协议,采用"挑战-应答"的形式完成物联网移动终端的认证实现集群架构下,当前物联网终端的整体认证工作。实验数据表明,在标准内核攻击下,设计的物联网终端认证方法可以有效保证自身数据的完整性,提高认证安全和可信性。     

移动网络与云环境下的重认证和访问控制策略研究

随着手机、电脑等移动设备的普遍使用,人们越来越习惯于用智能设备存储个人信息。但近些年来,由于移动设备丢失导致的用户隐私泄露事件屡见不鲜,如何实现互联网云环境下身份认证以及信息安全性的提高已经成为人们极为关注的问题。基于这个问题本文提出了一种访问策略的更新,设计动态演化的隐式重认证方法,使得智能终端能够持续地识别用户是否合法,对抗恶意用户的模拟攻击,防止未授权用户造成数据泄露。通过分析及研究以期为相关工作者提供一定的帮助。     

大数据环境下智慧校园的设计与实现

随着“互联网+”时代的到来,智慧校园作为教育信息化的重要部分,其建设已经刻不容缓。智慧校园综合运用了移动互联、大数据等技术,将高校中各类数据进行整合、分析和共享。本文设计了大数据环境下智慧校园总体架构模型,该模型从下到上依次为基础设施层、数据层、应用支撑层、业务应用层和终端展现层。智慧校园将学校各种应用集合在一个信息门户中,统一身份认证,并对校园展示系统进行了优化,对学生在学校中产生的数据进行分析和处理,给出更便于学生学习和生活的各种数据。在终端展现层,设计了更为方便的移动端,让用户能够随时随地的感受到智慧校园。     

IMS网络AKA认证过程的研究与实现

本文介绍了IMS网络的安全体系结构,分析了IMS终端用户接入IMS网络时需要进行基于3GPP AKA的网络与用户之间的双向认证。通过分析AKA认证过程,实现了AKA算法,实现了网络对终端的认证,通过系统联试,并用EtherPeek抓包软件对客户端注册到网络的过程进行数据分析,证明了IMS网络实现AKA认证过程的正确性。     

基于用户社会关系的移动终端认证方案

针对现有用户间社会关系身份认证方案存在用户信任度计算不合理、身份票据缺少认证权重、认证阈值无法随着用户间熟悉程度改变而改变的问题,提出了一种云计算环境下基于用户社会关系的移动终端认证方案。该方案从通信产生的信任度与属性产生的信任度两个方面综合计算用户间的信任度,并根据用户间的熟悉程度为身份票据设置动态权重和动态认证阈值,最后改进了身份票据的生成、认证过程。实验结果表明,所提方案改进了已有的用户间社会关系身份认证方案存在的不足,对于移动终端的资源消耗仅为已有方法的三分之一,更加适合在移动云计算环境中使用。     

A strong user authentication scheme with smart cards for wireless communications

Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.     

An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures

As a smart phone becomes a daily necessity, mobile services are springing up. A mobile user should be authenticated and authorized before accessing these mobile services. Generally, mobile user authentication is a method which is used to validate the legitimacy of a mobile login user. As the rapid booming of computer networks, multi-server architecture has been pervasive in many network environments. Much recent research has been focused on proposing password-based remote user authentication protocols using smart cards for multi-server environments. To protect the privacy of users, many dynamic identity based remote user authentication protocols were proposed. In 2009, Hsiang and Shih claimed their protocol is efficient, secure, and suitable for the practical application environment. However, Sood et al. pointed out Hsiang et al.’s protocol is susceptible to replay attack, impersonation attack and stolen smart card attack. Moreover, the password change phase of Hsiang et al.’s protocol is incorrect. Thus, Sood et al. proposed an improved protocol claimed to be practical and computationally efficient. Nevertheless, Li et al. found that Sood et al.’s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack and consequently proposed an improvement to remove the aforementioned weaknesses. In 2012, Liao et al. proposed a novel pairing-based remote user authentication protocol for multi-server environment, the scheme based on elliptic curve cryptosystem is more secure and efficient. However, through careful analyses, we find that Liao et al.’s protocol is still susceptible to the trace attack. Besides, Liao et al.’s protocol is inefficient since each service server has to update its ID table periodically. In this paper, we propose an improved protocol to solve these weaknesses. By enhancing the security, the improved protocol is well suited for the practical environment.     

一种基于证书的统一身份管理技术研究

文章提出了一种移动安全接入方案,并针对移动安全接入方案中存在终端登陆、无线VPDN接入、IPSecVPN接入和应用访问等多类用户认证过程,采用基于数字证书的统一身份管理,对用户和智能手机终端进行用户信息标识,可提高移动终端安全接入系统的可管理性和安全性,     

移动IP技术的安全策略

安全问题是移动IP技术的核心和瓶颈.本文从安全的总体构架和IPSec安全协议出发,分物理安全策略、移动终端身份安全、移动IP各实体的多层认证、用户数据传输安全四部分论述了移动IP技术的安全策略,并提出了新的观点和见解,为移动IP技术的实施提供了新的参考和指导.     

A user friendly authentication scheme with anonymity for wireless communications

Secure user authentication is an important issue for wireless environment such as GSM, CDPD, and 3G and 4G wireless systems. Especially, anonymity of the mobile users should be guaranteed to protect the privacy of the mobile users. This paper proposes a user friendly authentication scheme with anonymity for wireless communications that not only can overcome the weaknesses of the previous related schemes, but also can provide efficiency and security to suitable for battery-powered mobile devices in wireless communication systems.     

A trusted access method in software-defined network

In software-defined networks (SDN), most controllers do not have an established control function for endpoint users and access terminals to access network, which may lead to many attacks. In order to address the problem of security check on access terminals, a secure trusted access method in SDN is designed and implemented in this paper. The method includes an access architecture design and a security access authentication protocol. The access architecture combines the characteristics of the trusted access technology and SDN architecture, and enhances the access security of SDN. The security access authentication protocol specifies the specific structure and implementation of data exchange in the access process. The architecture and protocol implemented in this paper can complete the credibility judgment of the access device and user's identification. Furthermore, it provides different trusted users with different network access permissions. Experiments show that the proposed access method is more secure than the access method that is based on IP address, MAC address and user identity authentication only, thus can effectively guarantee the access security of SDN.     

基于Android的海洋生态环境数据展示APP

针对海水养殖企业和管理部门对养殖区海洋生态环境数据的需求,介绍了一种基于Android操作系统的移动终端软件——海洋生态环境数据展示APP.从用户需求出发,以简单实用、操作方便为原则设计APP.在APP开发设计中,运用多媒体框架实现水下视频的直播和点播,以图表形式展示水文数据,借助百度地图展示设备投放地点,并采用极光推送平台接收推送消息提醒用户.运行结果表明该APP具有很强的实用性和高稳定性.     

移动APP演化策略研究

移动互联网时代中,APP用户更注重产品体验,通过评论的方式来表达自己的使用情况和建议。在线评价数据的研究已经成为热点,从评论中获得的用户反馈有助于APP演化升级,但目前针对APP的评论挖掘方兴未艾。从9家APP应用商店中采集得到大量用户评论数据,筛选评论所包含的需求属性和情感倾向,并运用KANO模型对其建模分析,映射属性到魅力、期望、必备等类别。根据APP具体属性和所属KANO类别给出合理有效的更新演化策略:APP演化应优先满足必备和期望属性的需求,并逐步实现魅力属性的需求,并且最终检验了模型的鲁棒性和易移植性。     

基于Android的WAP安全移动支付系统设计和实现

随着智能手机的兴起和普及,移动支付得到广泛的应用,已拥有庞大的用户群体,但用户对移动支付的安全仍心存疑虑。文章在Android平台上应用WPKI机制,采用WAP协议和数字签名,设计并开发了可进行安全通信的浏览器,同时搭建了服务端平台,模拟了一套完整移动支付系统,可以满足数据机密性、完整性、身份认证、用户不可否认性等基本的安全需求。在此基础上,分析了WAP代理服务器中可能出现的用户明文信息泄露的问题,提出了端到端加密的方法,以完善移动用户支付信息的机密性。