共查询到20条相似文献,搜索用时 0 毫秒
1.
为解决射频识别系统易受传统攻击和物理克隆攻击等问题,提出一种基于物理不可克隆函数的轻量级射频识别安全认证协议.采用随机数、轻量级杂凑函数、轻量级分组算法和基于物理不可克隆函数等密码原语来实现通信安全.协议可防范窃听、篡改、假冒、重放和物理克隆等多种攻击方式,可有效降低计算处理和存储资源消耗,比较适合于低成本、低功耗且硬... 相似文献
2.
3.
基于智能卡的动态身份认证机制 总被引:3,自引:0,他引:3
由于每次登录时用户提交的认证信息都是固定不变的,传统的口令认证机制容易遭受回放攻击。本文根据一个关于互素数的定理,提出了一种基于智能卡的动态身份认证机制。用户每次登录时,智能卡根据从服务器发来的challenge和事先嵌入智能卡的参数信息,为合法用户计算当前的认证信息。由于每次用户提交的认证信息都是动态可变的,从而有效地防止了回放攻击。 相似文献
4.
A multi-layer authentication scheme for HEVC compressed video is proposed. The combination of CU sizes, which is unique to HEVC and sensitive to video manipulation, is considered along with other elements in the HEVC coding standard to generate the authentication tag. Temporal dependency was enforced, where the authentication tag generated in one slice is embedded into its subsequent slice. By design, the authentication tag is repeatedly but selectively embedded into various elements in a HEVC video, including nonzero DCT coefficients, QP parameter values, and prediction modes, depending on the bit segment in the generated tag. Our scheme offers three layers of authentication to detect and localize the tampered regions in a HEVC video, as well as verifying the source/sender of the video using a shared secret key. Video sequences from various classes (resolutions) are considered to verify the performance of the proposed multi-layer authentication scheme. Results show that, at the expense of slight degradation in perceptual quality, the proposed scheme is robust against several common attacks. A functional comparison is performed between the proposed multi-layer authentication scheme and the conventional schemes. 相似文献
5.
名字解析系统作为信息中心网络的重要组成部分,负责建立、维护和发布信息名字和地址之间的映射关系,提供名字解析服务。移动节点在使用名字解析系统服务时,存在代理之间切换认证的场景。针对该场景简单性、高效性和安全性的要求,结合无线网络中的切换认证机制,提出一种基于票据的名字解析系统切换认证机制。移动节点利用认证服务器预签名的票据进行接入认证,之后使用原代理分发的票据进行切换认证。认证过程减少移动节点计算量大的操作和认证双方交互次数。移动节点分别通过四次通信和二次通信完成接入认证和切换认证。分析表明该机制不仅具有多种安全特性如隐私保护、双向认证、前向和后向安全性、抵抗重放攻击和伪造攻击,而且计算代价减少48%,通信开销降低至少25%。 相似文献
6.
7.
Fragile watermarking scheme for image authentication 总被引:5,自引:0,他引:5
Hongtao Lu Ruiming Shen Fu-Lai Chung 《Electronics letters》2003,39(12):898-900
A simple fragile watermarking scheme for image authentication is proposed. The insertion of a binary watermark is accomplished by replacing the least significant bit of the host image with a random binary image obtained by random permutations and suitable XOR operations among bitplanes. The proposed scheme is secure, fast, and capable of detecting and localising modification, and is immune of the well-known quantisation attack. 相似文献
8.
9.
10.
11.
12.
为了减少传感器节点的资源利用并提高网络的安全性,提出了一种基于信任度的认证方案。该方案在计算节点信任度时引入时间片、安全行动系数和交互频度来计算节点信任度,这样使得自私节点很难伪装成正常节点,信任度与当前节点行为紧密相关,并防止节点通过很少的交易次数来达到较高的信任度,再利用信任度来判断一个节点是否可信,有效地提高了应用的安全性,对恶意节点的攻击起到一定的阻碍作用。然后设计了身份标识、密码、智能卡相结合的认证方案,并且用户在与传感器节点认证之前,网关查询网络中节点的信任度,从而找到可信的节点与用户进行认证,实现可信的传感器节点、网关节点和用户三者之间的交互认证,并且用户能方便地更改密码。安全性分析、性能分析及仿真实验的结果表明,与已提出的认证方案相比,该方案能够抵制重放攻击、内部攻击、伪装攻击等,同时计算花费少,适合于对安全性和性能有要求的无线传感器网络。本文网络版地址:http://www.eepw.com.cn/article/276364.htm 相似文献
13.
Sensor networks are ad hoc mobile networks that include sensor nodes with limited computational and communication capabilities. They have become an economically viable monitoring solution for a wide variety of applications. Obviously, security threats need to be addressed and, taking into account its limited resources, the use of symmetric cryptography is strongly recommended. In this paper, a light-weight authentication model for wireless sensor networks composed of a key management and an authentication protocol is presented. It is based on the use of simple symmetric cryptographic primitives with very low computational requirements, which obtains better results than other proposals in the literature. Compared to SPINS and BROSK protocols, the proposal can reduce energy consumption by up to 98% and 67%, respectively. It also scales well with the size of the network, due to it only requiring one interchanged message, independently of the total number of nodes in the network. 相似文献
14.
In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server. 相似文献
15.
The vehicular ad hoc network (VANET) is an emerging type of network which enables vehicles on roads to inter-communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely too heavily on a tamper-proof hardware device, or do not have an effective message verification scheme. In this paper, we propose a multiple level authentication scheme which still makes use of tamper-proof devices but the strong assumption that a long-term system master secret is preloaded into all tamper-proof devices is removed. Instead the master secret can be updated if needed to increase the security level. On the other hand, messages sent by vehicles are classified into two types – regular messages and urgent messages. Regular messages can be verified by neighboring vehicles by means of Hash-based Message Authentication Code (HMAC) while urgent messages can only be verified with the aid of RSUs nearby by means of a conditional privacy-preserving authentication scheme. Through extensive simulation, we show that our multiple level authentication scheme is much more efficient that those RSU-aided authentication scheme as long as the proportion of urgent messages is less than 100%. The verification delay required can be up to 110 times smaller than other protocols. Our implementation shows that batch verification may not be as efficient as expected. In case without batch verification, the verification delay required by our scheme can even be up to 173 times smaller. 相似文献
16.
Salman Shamshad Muhammad Faizan Ayub Khalid Mahmood Saru Kumari Shehzad Ashraf Chaudhry Chien-Ming Chen 《Digital Communications & Networks》2022,8(2):150-161
With the advent of state-of-art technologies, the Telecare Medicine Information System (TMIS) now offers fast and convenient healthcare services to patients at their doorsteps. However, this architecture engenders new risks and challenges to patients' and the server's confidentiality, integrity and security. In order to avoid any resource abuse and malicious attack, employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server. Therefore, several authentication protocols have been proposed to this end. Very recently, Chaudhry et al. identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme. Therefore, they introduced an improved protocol to mitigate those security flaws. Later, Qiu et al. proved that these schemes are vulnerable to the man-in-the-middle, impersonation and offline password guessing attacks. Thus, they introduced an improved scheme based on the fuzzy verifier techniques, which overcome all the security flaws of Chaudhry et al.'s scheme. However, there are still some security flaws in Qiu et al.'s protocol. In this article, we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks. Therefore, we introduce an improved protocol for authentication, which reduces all the security flaws of Qiu et al.'s protocol. We also make a comparison of our protocol with related protocols, which shows that our introduced protocol is more secure and efficient than previous protocols. 相似文献
17.
Raphael C.-W. Phan 《Wireless Networks》2011,17(4):1055-1061
Wireless mesh networks (WMNs) are a kind of wireless ad hoc networks that are multi-hop where packets are forwarded from source to destination by intermediate notes as well as routers that form a kind of network infrastructure backbone. We investigate the security of the recently proposed first known secure authentication and billing architecture for WMNs which eliminates the need for bilateral roaming agreements and that for traditional home-foreign domains. We show that this architecture does not securely provide incontestable billing contrary to designer claims and furthermore it does not achieve entity authentication. We then present an enhanced scheme that achieves entity authentication and nonrepudiable billing. 相似文献
18.
An attack on a remote password authentication scheme proposed by Wang and Chang [1996] is presented. It is shown that the scheme is breakable. An intruder can easily construct a valid login request from a previously intercepted one and replay it later to pass the system authentication process 相似文献
19.
20.
Bayat Majid Barmshoory Mostafa Rahimi Majid Aref Mohammd Reza 《Wireless Networks》2015,21(5):1733-1743
Wireless Networks - Vehicular Ad-hoc Networks (VANETs) will start becoming deployed within the next decade. Among other benefits, it is expected that VANETs will support applications and services... 相似文献