一个无线Hand-Off认证协议的分析与改进

通过分析文献[1]中Wang提出的一个匿名移动无线认证方案中的Hand-Off认证协议,发现了其存在安全漏洞,无法抵抗中间人发起的重放攻击,针对该协议存在的安全漏洞对原协议进行了改进,改进后的协议可以安全的实现用户与机站之间的身份认证,并可以有效地抵抗中间人发起的重放攻击。     

基于模型检测的无线传感网安全协议形式化分析与改进

针对Zhang等人提出的一种基于位置的无线传感网络安全方案,开展基于模型检测的形式化分析与改进研究。首先采用模型检测工具SPIN对邻居节点认证协议进行分析和验证,发现节点移动后将导致邻居节点无法认证的问题;为了支持节点可移动,直接对协议给出一种改进方案,采用模型检测对改进后的协议重新建模分析,又发现存在中间人攻击的威胁;最后根据模型检测结果,进一步提出用时间戳替换随机数的改进方案,有效抵御了中间人攻击。本文的工作表明,模型检测不仅能实现对无线传感器网络安全协议的形式化分析与验证,还可有效协助完成安全协议的设计与改进。     

双主体认证协议抵御DoS攻击的安全方案

认证协议存在的一定的拒绝服务(DoS)攻击隐患。该文在cookie机制和工作量证明方法思想的基础上,采用弱认证和强认证相结合的方法,提出了双主体认证协议抵御DoS攻击的安全方案,给出了方案的实现细节和部分实验数据,分析了该方案的安全性。应用该方案对Lowe的NSPK协议进行改进,并分析了改进后协议的性能。     

基于口令的群密钥分发协议的分析与改进

本文分析了文献中提出的一个基于口令的群Diffie-Hellman密钥交换协议的安全性,发现其存在安全漏洞,无法抵抗用户发起的离线字典攻击。针对原协议存在的安全漏洞,我们对该协议进行了改进,改进后的协议保留了原方案的所有安全特性,并且可以有效的抵抗离线字典攻击,比原协议具有更高的安全性。     

基于视觉密码的Kerberos改进协议

介绍Kerberos协议认证系统,分析Kerberos协议存在的局限性。提出一种基于视觉密码的新的认证方案。该方案将视觉密码技术融入Kerberos协议中,对改进前后协议的安全性进行比较分析,结果表明,该方案能有效地解决口令猜测攻击和重放攻击。     

对一个基于身份的密钥协商协议的分析与改进

根据2007年王圣宝等人提出的一类基于身份的密钥协商协议的特点,对私钥泄漏模仿攻击的分类进行了扩充,之后具体分析了王等人的协议,发现该协议不能抵抗扩充的私钥泄漏模仿攻击。进一步分析了存在攻击的原因,并对协议进行了改进,最后对改进后的协议的安全性质进行了分析。     

基于SPIN的远程证明协议的形式化分析及改进

远程证明是解决移动支付安全问题的有效手段之一。通过对可信计算远程证明协议进行分析,发现用户平台配置信息的隐私性、用户的认证性和远程验证者的认证性存在脆弱点,使用SPIN模型检测工具,应用模型检测方法对协议进行了形式化分析,检测出破坏性攻击漏洞。针对协议中的漏洞对协议进行改进,提出了一种基于用户属性加盐哈希的方法,通过用户属性保证协议的安全传输。最后使用SPIN检测改进后的协议,证明了改进方案的有效性、安全性,阻断了发现的攻击。     

一种带优先级和认证的ARP防攻击改进

详细分析当前局域网中普遍存在的地址解析协议攻击类型以及这些攻击的危害性。针对这些攻击的特点提出带确认机制、带分段优先级的地址解析协议改进方案。在XINU操作系统中应用此改进方案进行各种地址解析协议攻击的验证。实验表明,该改进能够很好抵御地址解析协议溢出攻击、地址解析协议欺骗攻击,且对地址解析协议报文结构没有改动,即不存在与传统地址解析协议的兼容性问题。     

针对中间人攻击的IKEv2形式化分析与改进

基于BSW逻辑对互联网密钥交换协议（IKEv2）进行了形式化分析,证明协议在预共享密钥认证方式下存在中间人攻击,提出一个改进方案,并利用扩展的BSW逻辑分析了改进后的协议能够抵御中间人攻击,且能够满足协议的认证性、秘密性和完整性。     

对Zhou-Gollmann不可否认协议的一种新改进*

Zhou和Gollmann于1996年提出了一个简单有效的公平不可否认协议,但Kim等人发现协议不具有时限性并提出了一个改进方案,虽然该改进方案解决了协议的时限性问题,但却导致了另一种攻击——拒绝服务攻击。针对这一攻击,提出了一种新的改进方法,分析表明改进后的协议能提供时限性和公平性。     

A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol

In TCC ’07, Abdalla et al. presented a protocol compiler that transforms any authenticated 2-party key exchange protocol into an authenticated group key exchange (GKE) protocol. Abdalla et al.’s compiler is certainly elegant in its genericness, symmetry, simplicity and efficiency. However, this compiler is not as secure as claimed. Under a reasonable assumption, the GKE protocol constructed by the compiler (from a 2-party protocol) fails to achieve implicit key authentication. We here reveal this security problem with the compiler and show how to address it.     

一个挂号电子邮件协议的缺陷及改进

Nenadic等设计了一个公平的挂号电子邮件协议,协议的目的是实现互不信任的双方以一种公平的方式交换电子邮件和收据并提供发方不可否认证据和收方不可否认证据,这是通过构造一个可验证和可恢复的加密数字签名(VRES)来实现的,由于采用离线TTP,且没有使用零知识证明,效率非常高。该文通过分析指出该协议在构造可验证的加密数字签名时存在缺陷,从而使得它不能保证公平性,并对其进行了修改。     

一种新的改进口令认证协议

口令认证作为一种简单易用的认证方式,被广泛应用于各种认证场合。最近几年,很多口令认证协议被提出来。2004年Kim和Choi提出一种经典的PAP口令认证协议,这种协议被引入802.11标准之中。随后这种协议被证明不能够抵抗离线字典攻击和重放攻击。2006年Ma等人提出这种协议的改进,随后Yoon等人证明Ma等人提出的协议仍然不能够抵抗离线字典攻击,并提出了改进。对Yoon等人提出的协议进行了分析,指出Yoon等人提出的协议仍然不能够抵抗离线字典攻击,提出了攻击模式。并对Yoon等人提出的协议进行了改进,提出一种T-PAP协议,能够抵抗离线字典和重放攻击。     

Analysis and improvement of an authenticated multiple key exchange protocol

In 2010, Vo et al. (2010) [7] proposed an enhancement of authenticated multiple key exchange protocol based on Lee et al.’s protocol. In this paper, we will show that Vo et al.’s multiple key exchange protocol cannot resist reflection attack. It means that their protocol fails to provide mutual authentication. Furthermore, we propose an improvement of Vo et al.’s protocol. Our proposed protocol with reflection attack resilience can really provide mutual authentication.     

Security weaknesses of authenticated key agreement protocols

In this paper, we analyze the protocols of Tan, Lim et al., Chen et al. and five protocols of Hölbl et al. After the analysis, we found that Tan et al.?s, Lim et al.?s and two protocols of Hölbl et al. are insecure against the impersonation attack and the man-in-the-middle attack, Chen et al.?s protocol cannot withstand the key-compromise impersonation attack, one protocol of Hölbl et al. is vulnerable to the insider attack, one allows an adversary to compute the private key of any user and one protocol allows her to compute the shared secret key.     

On the Relative Soundness of the Free Algebra Model for Public Key Encryption

Formal systems for cryptographic protocol analysis typically model cryptosystems in terms of free algebras. Modeling the behavior of a cryptosystem in terms of rewrite rules is more expressive, however, and there are some attacks that can only be discovered when rewrite rules are used. But free algebras are more efficient, and appear to be sound for “most” protocols. In [J. Millen, “On the freedom of decryption”, Information Processing Letters 86 (6) (June 2003) 329–333] Millen formalizes this intuition for shared key cryptography and provides conditions under which it holds; that is, conditions under which security for a free algebra version of the protocol implies security of the version using rewrite rules. Moreover, these conditions fit well with accepted best practice for protocol design. However, he left public key cryptography as an open problem. In this paper, we show how Millen's approach can be extended to public key cryptography, giving conditions under which security for the free algebra model implies security for the rewrite rule model. As in the case for shared key cryptography, our conditions correspond to standard best practice for protocol design.     

辅助量子比特驱动型通用盲量子计算

应用量子隐形传态将Broadbent等人提出的通用盲量子计算(universal blind quantum computation)模型和辅助量子比特驱动型量子计算(ancilla-driven universal quantum computation)模型进行结合, 构造一个新的混合模型来进行计算。此外, 用计算寄存器对量子纠缠的操作来代替量子比特测量操作。因为后者仅限于两个量子比特, 所以代替后的计算优势十分明显。基于上述改进, 设计了实现辅助驱动型通用盲量子计算的协议。协议的实现, 能够使Anders等人的辅助驱动型量子计算增强计算能力, 并保证量子计算的正确性, 从而使得参与计算的任何一方都不能获得另一方的保密信息。     

A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, base on Sood et al.?s protocol (2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture (2012). Li et al. claim that the proposed scheme can make up the security weaknesses of Sood et al.?s protocol. Unfortunately, our further research shows that Li et al.?s protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don?t need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.?s paper, but also some other security features, such as traceability and identity protection.     

Two efficient two-factor authenticated key exchange protocols in public wireless LANs

Recently, Parks et al. proposed an authentication and key agreement protocol for low-power PDAs in public wireless LANs using two factors including a password and a token, e.g. a smart card. They claimed that their proposed scheme provided mutual authentication, identity privacy, half-forward secrecy and low computation cost for a client including just one symmetric key encryption and five hash operations. In this paper, we point out that Park et al.’s protocol is vulnerable to the dictionary attack upon identity privacy. We propose two schemes with mutual authentication, half-forward secrecy, lower computation cost and less exchanged messages than Park et al.’s protocol. In additional to these properties, identity privacy, which is not satisfied by Park et al.’s protocol, is also provided by our second scheme.