共查询到20条相似文献,搜索用时 31 毫秒
1.
泛在网络是标准的异质异构网络,保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析,指出该协议有着高认证时延,且面临着用户身份泄露、中间人攻击、DoS攻击等安全威胁,此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证,使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞,该文提出一种改进的安全认证协议,将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善,为用户和接入点的身份信息提供有效性保护,避免主会话密钥泄露,采用椭圆曲线Diffie Hellman算法生成对称密钥,在每次认证会话时生成随机的共享密钥,并实现用户终端与家乡域网络的相互认证。通过开展实验,对协议进行比较分析,验证了新协议的有效性及高效率。 相似文献
2.
3.
4.
Khedr Walid I. Hosny Khalid M. Khashaba Marwa M. Amer Fathy A. 《Wireless Networks》2020,26(6):4657-4675
Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.
相似文献5.
为解决无线通信网络中不同用户之间的通信安全问题,通常会采用身份认证协议来确保通信双方身份的合法性。该认证协议应能抵抗重放攻击、延时攻击等威胁,同时认证过程中的计算量应尽量小。本文针对SEAHA (secure and efficient handover authentication)认证方案存在的计算量大、不能抵抗伪装攻击的问题提出了一种基于双线性对和离散对数难题(DLP)的无证书两方认证协议。该协议中基站和节点共同生成节点密钥对来抵抗伪装攻击,利用离散对数难题生成会话密钥降低认证过程中的计算量。安全分析和性能分析结果表明,提出协议在保证安全性的前提下,有效降低了认证过程计算量。 相似文献
6.
针对3G鉴权与密钥协商协议(3GPP AKA)中存在的安全缺陷,结合攻击者可能发起的攻击提出了一种可以防止重定向攻击,利用存在安全漏洞的网络发起的主动攻击,SQN同步缺陷和用户身份信息泄露的改进协议(ER AKA,Efficient and Robust Authentication and Key Agreement),并对其安全性和效率进行了分析,分析表明通过该协议可以以较少的存储资源和计算资源为代价有效的解决上述安全性问题并减少3G系统中安全性处理的信令交互次数。 相似文献
7.
Arezou Ostad‐Sharif Morteza Nikooghadam Dariush Abbasinezhad‐Mood 《International Journal of Communication Systems》2019,32(12)
Wireless body area networks (WBANs) are a network designed to gather critical information about the physical conditions of patients and to exchange this information. WBANs are prone to attacks, more than other networks, because of their mobility and the public channel they use. Therefore, mutual authentication and privacy protection are critical for WBANs to prevent attackers from accessing confidential information of patients and executing undetectable physical attacks. In addition, in the authentication and key agreement process, messages should be transferred anonymously such that they are not linkable. In this paper, we first indicate that one of the most recently introduced authentication protocol is vulnerable to the wrong session key agreement attack and desynchronization attack. Second, we propose a lightweight authentication and key agreement protocol, which can withstand the well‐known attacks and provide the anonymity feature. Eventually, we analyze the security of our proposed protocol using both Automated Validation of Internet Security Protocols and Applications (AVISPA) and random oracle model and compare its performance with the related works. The results demonstrate the superiority of our proposed protocol in comparison with the other protocols. 相似文献
8.
Mohammad Javad Sadri Maryam Rajabzadeh Asaar 《International Journal of Communication Systems》2020,33(14)
Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system. 相似文献
9.
10.
可证明安全的异构无线网络认证协议 总被引:1,自引:0,他引:1
异构无线网络中互连的安全问题是当前研究的关注点,针对3G网络和WLAN(无线局域网)所构成的异构互连网络中认证协议的安全和效率问题,提出了一种基于离线计费方法的认证协议。该协议通过对WLAN服务网络身份进行验证,抵御了重定向攻击的行为;采用局部化重认证过程,减少了认证消息的传输延时,提高了认证协议的效率。仿真结果表明,该协议的平均消息传输延时相对于EAP—AKA协议缩短了大约一半。通过Canetti—Krawczyk(CK)安全模型对新协议进行了安全性证明,证明该协议具有SK—secure安全属性。 相似文献
11.
为满足高安全级别场景(如军事、国家安全、银行等)的应用需求,进一步提高无线传感器网络用户认证协议的安全性,提出了基于生物特征识别的三因素用户认证协议.针对Althobaiti协议无法防御节点妥协攻击、模拟攻击、中间人攻击和内部特权攻击的安全缺陷,增加智能卡和密码作为协议基本安全因素,并利用生物特征标识信息生成函数与回复函数处理的生物特征标识作为附加安全因素;在密钥管理中,为每个节点配置了与网关节点共享唯一密钥,保证认证过程的独立性与安全性;实现用户自主选择与网关节点的共享密钥,提高公共信道通信的安全性;在网关节点不参与的情况下,设计密码和生物特征标识更新机制,保证二者的新鲜性.通过Dolev-Yao拓展威胁模型的分析与AVISPA的OFMC分析终端的仿真,结果证明该认证协议克服了Althobaiti协议安全缺陷,且对计算能力的需求小于公钥加密.权衡安全性与计算成本,该协议适用于资源受限且安全需求高的无线传感器网络应用. 相似文献
12.
该文针对现有车载网络切换认证协议存在的安全性、隐私等方面的不足,在LIAP协议的基础上提出改进方案。首先将随机数与伪标识串联,再用二次模运算对串联的信息进行加密,以生成动态身份标识保护用户位置隐私;与此同时,在移动终端切换过程中,新路侧单元重新生成新会话秘密序列,并与终端伪标识进行异或加密,对LIAP协议中存在的平行会话攻击进行安全防护。理论分析及实验表明,改进协议不仅满足终端匿名性和抵御各种攻击的安全需求,也实现了较快的切换速度,与同类切换认证协议相比,实用中具明显优越性。 相似文献
13.
14.
The authentication protocol is vital for the security of the wireless sensor network to resist the known threats, such as eavesdropping, replay attack, man‐in‐the‐middle attack, etc. In this paper, a lightweight authentication protocol for vehicular ad hoc networks is proposed using the symmetric encryption, the group communication method, and the proactive authentication technique, which not only achieves the desired security goals but also guarantees the practical anonymity and the accountability. The analysis demonstrates that the proposed protocol works properly in the high‐density and the low‐density traffic environment. 相似文献
15.
Internet protocol (IP) is the kernel of the TCP/IP protocol family. Because IP is the only one that is shared by all high‐level protocols in TCP/IP. So the security of the IP is particularly important to the whole communication network. Fortunately, IPsec provides excellent protection for the kIP security. As a part of the IPsec, Internet Key Exchange (IKE) protocol can achieve security association negotiation, key generation, and identity authentication. The study of IKEv2, both in its application and security analysis, has been relatively mature. When the Internet Engineering Task Force published the Internet‐Draft IKEv3 protocol, there is not much attention and research on it. In this paper, we analyze the security and authentication of IKEv3 by formal verification and show that IKEv3 is susceptible to reflection attack and DoS attack. Then we propose a new variant of the IKEv3 protocol, which both resists reflection attack and mitigates the impact of the DoS attack. 相似文献
16.
In this paper, we propose an improved and efficient authentication and key agreement (AKA) protocol named “Secure-AKA” to prevent Universal Mobile Telecommunication System (UMTS) network from various attacks like man-in-the-middle attack, redirection attack, replay attack, active attacks in the corrupted UMTS networks, and especially denial of service attack. This protocol completely eliminates the need of counter synchronization between a mobile station and its home network, and protects the actual identity of each user over the network by generating a temporary identity during the authentication. The Secure-AKA protocol generates minimum communication and computation overheads as compared to UMTS-AKA, S-AKA, AP-AKA, EURASIP-AKA, COCKTAIL-AKA, X-AKA, and EXT-AKA protocols. On an average, Secure-AKA protocol reduces 65 % of the bandwidth consumption during the authentication process in comparison to UMTS-AKA, which is the maximum reduction of bandwidth by any AKA protocol referred in the paper. 相似文献
17.
Dharminder Dharminder Pradeep Kumar Dadsena Pratik Gupta Sathya Sankaran 《International Journal of Satellite Communications and Networking》2023,41(1):14-28
Satellite's communication system is used to communicate under significant distance and circumstances where the other communication systems are not comfortable. Since all the data are exchanged over a public channel, so the security of the data is an essential component for the communicating parties. Both key exchange and authentication are two cryptographic tools to establish a secure communication between two parties. Currently, various kinds of authentication protocols are available to establish a secure network, but all of them depend on number–theoretical (discrete logarithm problem/factorization assumption) hard assumptions. Due to Shor's and Grover's computing algorithm number theoretic assumptions are breakable by quantum computers. Although Kumar and Garg have proposed a quantum attack-resistant protocol for satellite communication, it cannot resist stolen smart card attack. We have analyzed that how Kumar and Garg is vulnerable to the stolen smart card attack using differential power analysis attack described in He et al and Chen and Chen. We have also analyzed the modified version of signal leakage attack and sometimes called improved signal leakage attack on Kumar and Garg's protocol. We have tried to construct a secure and efficient authentication protocol for satellites communication that is secure against quantum computing. This is more efficient as it requires only three messages of exchange. This paper includes security proof and performance of the proposed authentication and key agreement protocol. 相似文献
18.
2018年6月26日,Wi-Fi联盟推出了WPA3协议,这是新一代的安全认证协议。文中通过对Wi-Fi联盟官方文档的分析、Wi-Fi安全认证协议迭代版本的比较,分析了WPA3协议的安全性,还根据现网中安全认证协议遭受的攻击威胁,分析了Wi-Fi6框架中WPA3协议遇到的安全挑战,并提出了基于WPA3协议的无线网络部署建议。 相似文献
19.
One of the key problems in radio frequency identification (RFID) is security and privacy. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they cannot provide security against some RFID attacks. Strong authentication and strong integrity (SASI) is the first ultra-lightweight authentication protocol introduced rotation shift operation and RFID authentication protocol with permutation (RAPP) is a new ultra-lightweight authentication protocol with permutation. In this paper, we give the security analysis on these two protocols. An active attack is presented on RAPP, and using the property of the left rotation and permutation operations, we can deduce the relationship of bits of random number or secret keys at different positions, thus obtain all the secrets shared by the reader and the tag. A passive full-disclosure attack is proposed on SASI. Using SASI’s construction weakness, our attack can reveal all the secrets shared by the reader and tag by eavesdropping about 48 rounds of the authentication messages. 相似文献
20.
Authentication and key agreement (AKA) provides flexible and convenient sercices. Most traditional AKA protocols are designed to apply in single-server environment, where a user has to register at different servers to access different types of network services and the user have to remember or manage a large number of usernames and passwords. Later, multi-server AKA protocols resolve the repeated registration problem of single-server AKA protocols, where a user can access different servers to get different services using a single registration and the same username and password. Recently, in 2015, Lu et al proposed a light-weight ID based authentication and key agreement protocol for multi-server architecture, referred to as LAKA protocol. They claimed their protocol can overcome all shortcomings which existed in Xue et al’s protocol. Unfortunately, our further research shows that LAKA protocol still suffers from server spoofing attack, stolen smart card attack etc. To overcome the weakness of LAKA protocol, an energy-efficient and lightweight authentication and key agreement protocol for multi-server architecture is proposed (abbreviated to ELAKA). The ELAKA protocol not only provides the security features declared by LAKA protocol, but also has some other advantages. First, the ELAKA protocol can realize authentication and key agreement just by three handshakes with extremely low communication cost and computation cost between users and servers, which can achieve a delicate balance of security and performance. Second, ELAKA protocol can enable the user enjoy the remote services with privacy protection. Finally the ELAKA protocol is proved secure against known possible attacks by using BAN logic. As a result, these features make ELAKA protocol is very suitable for computation-limited mobile devices (such as smartphone, PAD, tablets) in comparison to other related existing protocols. 相似文献