浅谈基于哈希函数的RFID身份认证协议

对基于哈希函数的RFID身份认证协议进行了简要的介绍,对多个协议的安全性能进行了详细的分析和比较,指出其存在的安全缺陷,并提出相应的改进思路。     

一种改进SSH协议主机认证方法

安全外壳(SSH)是目前广泛应用的网络安全协议。文中首先介绍了SSH协议的体系结构及通信流程,分析了标准SSH“第一次使用时信任”主机认证机制,研究了该机制的缺陷。然后提出了采用认证服务器机制进行主机认证,改进了协议的安全性能,经测试,该方法较传统方法更简单有效,且表现出良好等安全性。     

一个基于门限思想的身份认证协议

文中提出了一个基于门限思想的身份认证协议。该协议适用于开放式网络环境中有多个服务提供者和用户请求服务需要保密的情况，同时，它还能实现会话密钥交换功能。与Lee-chang协议【1】相比，我们提出的这个协议降低了通信量和计算量，并且能克服Lee-chang协议存在的两个安全缺陷。     

基于P2P技术的AKA认证机制研究

移动互联网中基于AKA认证的现有架构容易导致单点失效,服务器遭受恶意注册攻击,而且3GPP—AKA协议本身存在安全缺陷,文章对原有认证模型进行改进,提出基于P2P架构的认证服务器部署方案,同时改进AKA的认证流程,最后对本方案的安全性进行分析。     

基于身份的异构无线网络匿名漫游协议

分析了一种基于身份的认证模型的安全缺陷,指出该方案存在身份伪装攻击,无法实现用户身份认证.提出了一种改进方案用于实现异构无线网络匿名漫游.与原方案相比,改进之处主要体现在2方面:第一,弥补了原协议的安全缺陷,并且在CK模型下是可证明安全的;第二,简化了协议流程,提高了协议的效率.     

匿名无线认证协议的匿名性缺陷和改进

分析了朱建明,马建峰提出的匿名无线认证协议的匿名性安全缺陷,提出了一种改进的匿名无线认证协议(IWAA),并用对其匿名性进行了形式化的安全分析。分析表明改进后的协议不仅实现了身份认证,而且具有很强的匿名性,满足无线网络环境匿名性的安全需求。     

一种新的三方认证密钥协商协议

目前大部分基于身份的三方认证密钥协商协议都存在安全缺陷,文中在Xu等人提出的加密方案的基础上,设计了一种基于身份的三方认证密钥协商协议.该协议的安全性建立在BDDH假设基础上,经安全性分析,协议具有已知密钥安全,PKG前向安全,并能抵抗未知密钥共享攻击和密钥泄露伪装攻击,因此该协议是一个安全的三方密钥协商协议.     

一种改进的Woo-Lam协议

串空间是一种基于定理证明的,新兴的安全协议形式化分析模型.认证协议使用密码技术实现网络环境下的身份认证和信息保密.本文针对Woo-Lam协议的不足,对其进行改进,提出了一种新的Woo-Lam协议,使其成为双向认证协议,并基于串空间模型,然后对改进的Woo-Lam协议进行分析证明,结果证明了改进的Woo-Lam协议为双向认证协议.最后通过比较了改进前后的Woo-Lam协议,得出了结论.     

基于Hash函数的RFID改进协议及其仿真

针对现有的Hash链协议存在的安全隐患和效率的问题,提出了一个基于Hash函数的RFID改进认证协议,经过分析该协议可以有效解决重传攻击、跟踪、假冒攻击、前向安全性等安全问题,同时采用Verilog HDL硬件编程语言,对读写器和标签之间的信号流进行仿真。由于在改进协议中仅使用了Hash函数,所以文中提出的改进协议更适合于低成本的RFID系统。     

一种改进SVO逻辑的新方法

安全协议的形式化验证能有效检验安全协议的安全性,BAN类逻辑的发展极大的促进了这一领域的研究,而SVO逻辑是BAN类逻辑的佼佼者.本文通过增加和改进SVO逻辑的推理规则以及公理,提出了一种改进SVO逻辑的新方法,使其可以更好的分析认证协议.本文运用改进SVO逻辑对Needham-Schroeder认证协议进行形式化分析,发现改进的SVO逻辑能证明Needham-Schroeder认证协议能够达到预期目标.     

RFID认证协议研究

Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology. To date, researchers have proposed many RFID authentication protocols. However, these protocols have many flaws due to lack of theoretical support in designing these protocols. In this work, first we present the security and privacy requirements in RFID authentication protocols. Then we examine related works and point out problems in designing RFID authentication protocols. To solve these problems, we propose and briefly prove three theorems. We also give necessary examples for better understanding these theorems with concrete protocols. At last, we give our suggestions on designing secure and private authentication protocols. The security and privacy requirements, theorems, and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.     

RFID匿名认证协议的设计

在分析RFID协议安全需求的基础上,基于通用可组合安全模型,设计了一个低成本的RFID匿名认证协议,在标准模型下证明了RFID匿名认证协议的安全性.设计的协议提供匿名、双向认证和并发安全,并且协议的实现对于一般的RFID结构都是切实可行的.     

标准模型下可证明安全的RFID双向认证协议

目前RFID(radio frequency identification)系统安全问题日益突出,为了实现RFID系统信息安全与隐私保护,在标准模型提出了一个基于HB协议的RFID双向安全认证协议。利用规约技术证明协议的安全性,将攻击者的困难规约到伪随机函数与真正随机函数的不可区分性上。协议仅使用轻量级的伪随机发生器以及向量点乘运算,具有较高的安全性和效率。通过从安全性及性能两方面与其他认证协议进行比较,表明协议适用于低成本及存储资源受限的RFID标签。     

一种RFID系统的Tag-Reader双向安全认证协议

为了保证RFID系统的信息安全,本文在分析现有RFID认证协议的基础上,提出一种基于Grain-Mac流密码加密算法的双向安全认证协议,采用流密码和密钥动态更新的方法实现了标签与阅读器的双向认证。仿真结果表明,该协议成本低、效率高、安全性好,且能够有效抵抗拒绝服务攻击,达到了预期的效果。     

一种基于零知识证明的RFID鉴别协议

电子标签将取代条码的地位,但由于低成本的电子标签只具有很弱的计算能力,甚至不能完成基本的对称密钥加密操作,为其提供安全性存在一定困难。讨论了在射频识别(RFID)技术中存在的安全性风险,指出了应用身份鉴别协议的必要性,分析了目前广泛应用的两种鉴别体制的缺陷,提出了一种适合于RFID技术的基于零知识证明的鉴别协议,并对其进行了验证和性能分析。     

Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.

As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol (SIP) is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart‐card‐based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two‐factor authentication protocols. Copyright © 2014 John Wiley & Sons, Ltd.     

UCAP:a PCL secure user authentication protocol in cloud computing

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.