共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
该文针对TCP/IP协议的特点,提出了一种基于IP的端到端加密传输机制。通过修改操作系统的IP协议软件,应用对称密码技术对IP数据报进行加密/解密处理,使得网络中传输的IP数据报只有通信双方能够识别,可以为互联网络上两台主机之间提供加密的安全通信。安全管理工作由独立的安全服务器完成,采用公钥密码技术向安全客户端传输安全通信所使用的对称密钥。与现有的安全通信技术相比,这种机制具有思想简单、易于实现,对IP以上层协议软件和应用程序完全透明等优点。 相似文献
3.
Sermpinis Thomas Vlahavas George Karasavvas Konstantinos Vakali Athena 《International Journal of Information Security》2021,20(4):553-570
International Journal of Information Security - Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital... 相似文献
4.
《Computer Communications》2007,30(1):117-121
Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environments. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. Recently, Peyravian and Jeffries proposed password-based protocols for remote user authentication, password change, and session key establishment over insecure networks without requiring any additional private- or public-key infrastructure. In this paper we point out security flaws of Peyravian–Jeffries’s protocols against off-line password guessing attacks and Denial-of-Service attacks. 相似文献
5.
随着目前网上商务的发展,安全已变得越来越重要。网景公司开发出的安全套接字协议(Secure Sockets Layer Protocol,SSL)很好地实现了这一点,同时它也是在电子商务及网络安全通讯中使用的最为广泛的安全协议。然而,SSL协议本身还有一些不足和有待改进的地方,本文深入地研究分析了SSL协议的原理和存在的问题,给出了相应改进方案,并用模糊控制算法将这些改进方案应用于SSL协议中,模拟试验表明,改进的SSL协议具有明显的优点。 相似文献
6.
《Computer Networks》2007,51(9):2234-2248
Smart cards are secure tokens that have provided security services to a wide range of applications for over thirty years. Along with other technology advances, smart card technology has changed dramatically as well. However, its communication standards, largely unchanged, do not match with those of mainstream computing, which has limited its success in the Internet age. For nearly a decade, researchers have sought to connect smart cards to the Internet. The benefits are plentiful, including providing services over the Internet and eliminating smart card specific infrastructure. A key to this quest is to equip smart cards with a secure and effective networking capability. Various approaches have been taken to find this key. There is still much work to do. This paper reviews years of research in this area, looks at the state of the art, and analyzes and compares various networking options for smart cards. Furthermore, the paper outlines remaining technical challenges for making smart cards a part of the Internet world. 相似文献
7.
《Card Technology Today》2004,16(5):1-16
The Norwegian State Lottery, Norsk Tipping, is to issue 2.1 million multi-application smart cards to all its users as part of a major national e-commerce project. The scheme will allow the purchase of lottery tickets and betting on sporting events through Norsk Tipping's network of agents or over the Internet. In addition, the cards will enable secure access to a number of online public services, as well as allowing secure identification and payment to other e-commerce providers. 相似文献
8.
Internet电子邮件的广泛使用使得电子邮件的安全成为值得关注的问题,分析了一种基于S/MIME的安全电子邮件系统的原理和结构,最后结合作者搭建的PKI安全平台,提出和实现了PKI与S/MIME的安全邮件解决方案,有效地解决了邮件的安全问题. 相似文献
9.
Lack of widely available Internet security has discouraged some commercial users. The author describes efforts to make cryptographic security more widely available and looks at efforts to secure the Internet infrastructure. Security capabilities must continue to evolve to meet increasingly sophisticated threats. The Internet community is now more aware of the importance of security. This awareness, coupled with new technology, should produce a much more secure Internet that is appropriate for widespread commercial use 相似文献
10.
《Computer Networks and ISDN Systems #》1997,29(15):1799-1808
The explosive growth witnessed in the Internet over the last few years has encouraged companies to connect to it and to offer services to their customers over it. Concerns about security are holding them back from all but the most restrictive connectivity.This paper explores the use of a military development, the Compartmented Mode Workstation in a commercial setting, as a platform that is secure enough to implement services that are accessed over the Internet. Two applications have been investigated in detail, a firewalled Domain Name System and a World Wide Web service with enhanced authentication. Finally, there is discussion of how other Internet-based services might benefit from the application of CMW technology. 相似文献
11.
12.
基于XML实现安全数据交换服务 总被引:2,自引:0,他引:2
欧阳晋 《网络安全技术与应用》2007,(1):55-57
针对目前日益增长的互联网环境下多应用协同工作的系统运行模式,本文基于XML技术,采用PKI安全体系并结合SOAP技术的运用,设计并实现了一种安全、灵活的数据交换机制,能够为多个业务应用系统协同工作提供统一、安全的数据交换服务。 相似文献
13.
如何将会话初始化协议(SIP)与现有的通信网络有机结合,提供安全可靠的数据及通信服务已成为当今的热点问题。VoIP应用也受到业界的持续关注。安全问题一直都是企业实施VoIP的一个阻碍。提出了一个基于SIP的VoWLAN通信平台,将各种语音服务构建于无线局域网之上。利用虚拟专用网(VPN)、数据加密技术、VLAN和防火墙等必要安全技术和策略,应对在系统中的安全威胁,实现了通话质量可靠、安全性高的企业级VoIP无线网络架构。描述了该系统的设计和实现过程,讨论了其中的关键技术。 相似文献
14.
庄超 《计算机工程与设计》2007,28(6):1285-1289
针对有价值的数字内容不出现在互联网上的问题给出了一个完整的解决方案,并将它应用在联网电子图书出版上.互联网电子图书出版是一个重要的互联网应用,其中的关键问题是数字权利管理,先探讨了透明的版权原子的必要性,并提供了基于透明版权原子的集成的安全图书出版和网络发行的应用框架.分析了互联网电子图书技术生态系统的安全需求,同时给出了对于数字权利管理技术的DRM-C安全协议和透明的版权原子的设计,最后讨论了互联网电子图书出版中主要安全因素. 相似文献
15.
J.F. Zandbelt R.J. Hulsebosch M.S. Bargh R. Arends 《Electronic Notes in Theoretical Computer Science》2008,197(2):91
The Internet today is a highly dynamic environment which frequently requires secure communication between peers that do not have a direct trust relationship. Current solutions for establishing trust often require static and application-specific Public Key Infrastructures (PKIs). This paper presents trusted directory services as a key infrastructural technology for setting up secure Internet connections, providing an alternative to application-specific PKIs. The directory securely binds public keys to peers through their names in a flexible way that matches the dynamic nature of the Internet. We elaborate on this concept by showing how the Domain Name System (DNS) and its security extensions (DNSSEC) can be leveraged for establishing secure Transport Layer Security (TLS) connections in a dynamic way. A simple enhancement of the TLS protocol, called Extended TLS (E-TLS), required for this purpose, is proposed. We describe our E-TLS implementation and we conclude with an evaluation of our results. 相似文献
16.
17.
《Computer Standards & Interfaces》2014,36(2):397-402
Recently, Voice over Internet Protocol (VoIP) has been one of the more popular applications in Internet technology. For VoIP and other IP applications, issues surrounding Session Initiation Protocol (SIP) have received significant attention. SIP is a widely used signaling protocol and is capable of operating on Internet Telephony, typically using Hyper Text Transport Protocol (HTTP) digest authentication protocol. Authentication is becoming increasingly crucial because it accesses the server when a user asks to use SIP services. In this paper, we concentrate on the security flaws in the current SIP authentication procedure. We propose a secure ECC-based authentication mechanism to conquer many forms of attacks in previous schemes. By a sophisticated analysis of the security of the ECC-based protocol, we show that it is suitable for applications with higher security requirements. 相似文献
18.
A public key infrastructure (PKI) is a key component for most of the current and future secure communications architectures and distributed application environments. Thus, the process of migrating UMU-PKI to IPv6 is important for the successful deployment of IPv6 as a basic component of the future Internet. A recent European research project provides an ideal opportunity to migrate the Java-based UMU-PKI to IPv6 and build new security services over it. 相似文献
19.
Dr. Sherali Zeadally Nicolas Sklavos Moganakrishnan Rathakrishnan Scott Fowler 《Information Security Journal: A Global Perspective》2013,22(5):264-277
ABSTRACT Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach. 相似文献
20.