完备的具有仲裁的认证码的组合特征

具有仲裁的认证码既要防止发方和收方的互相期骗,又要防止敌手的欺骗,本文安全刻划了完备的具有仲裁的认证码的组合特征。     

有仲裁人认证码的信息论下界

在Ｓｉｍｍｏｎｓ给出的有仲裁人认证码中,主要研究了五种欺骗攻击。Ｊｏｈｎｓｓｏｎ对这些欺骗成功概率的信息论下界进行了研究。本文则给出了有仲裁人认证码中的敌方和收方的ｉ（≥０）阶欺骗攻击成功概率的信息认下界,完善了关于欺骗攻击成功概率的下界的研究。     

由分裂认证码构造有仲裁认证码

本文利用t分裂认证码构造了一类有仲裁认证码(A~2码),并对给出的A~2码中各种攻击成功的概率进行了研究。     

关于双完备认证码的特征

本文刻画了双完备认证码的结构,给出了r阶完备认证码的定义,并给出判定r阶完备认证码的一个充要条件,由组合设计构造了r阶完备认证码。     

可仲裁多重认证码系统的信息论特征

研究了可供认证多个信息的具有仲裁人参加的认证码系统,给出了各方欺骗成功的信息论下界。讨论了系统在某一安全水平下,各参与方应掌握的密钥量的大小,以及收发双方密钥之间的大小。     

基于区组设计的具有仲裁的无条件安全认证码的构造

本文借助区组设计给出一类具有仲裁的无条件安全认证码的构造方法,并给出了一种安全的无条件安全认证码的构造方法,计算了有关参数。     

利用集合知识构造认证码

本文利用集合知识构造认证码,使其r(r>0)阶欺骗攻击成功的概率pr达到文献[2]的下界,即。     

基于区组设计的具有仲裁的无条件安全认证码的构造

本文借助区组设计给出一类具有仲裁的无条件安全认证码的构造方法,并给出一种安全的无条件安全认证码的构造方法,计算了有关参数。     

利用辛几何构作带仲裁的认证码

本文利用辛几何构作一类带仲裁的认证码,计算了码的参数;当编码规则按等概率分布选取时,计算出各种攻击成功的概率并在特殊情况下得到一组完备码。     

利用酉几何进一步构造带仲裁的认证码

该文利用有限域上的酉几何构作了三类新的带仲裁的认证码,计算了码的参数;当编码规则按等概率分布选取时,计算出各种攻击成功的概率。研究结果表明可用酉几何进一步构作多类带仲裁的认证码。     

A cartesian product construction for unconditionally secure authentication codes that permit arbitration

An authentication code consists of a collection of encoding rules associating states of an information source with messages that are to be used to communicate the state to a designated receiver. In order for a collection of encoding rules to be useful as an authentication code there must also exist one or more probability distributions on the rules which, if used by the receiver and transmitter (the insiders) to choose secretly the encoding rule they use, will result in the receiver being able to (probably) detect fraudulent messages sent by an outsider or modifications by him of legitimate messages.Authentication codes that permit arbitration are codes that in addition to protecting the insiders from deception by outsiders, also protect against some forms of insider deception. This is accomplished by making it possible for an arbiter to resolve (again in probability) certain disputes between the transmitter and receiver: the transmitter disavowing a message that he actually sent or the receiver claiming to have received a message that the transmitter did not send.An infinite class of authentication codes that permit arbitration is constructed and some bounds on the probability of a deception going undetected are proven. These codes are shown to be unconditionally secure, i.e., it is shown that the probability of a deception either going undetected or else of being unjustly attributed to an innocent party is independent of the computing capability or investment that a would-be cheater is willing to make.This work was performed at the Sandia National Laboratories and was supported by the U.S. Department of Energy under Contract No. DE-AC04-76DP00789.     

椭圆曲线加密结合散列函数的移动网络匿名安全认证方案

为了防止私人数据泄露并完善已有的移动网络匿名漫游认证方案,提出了一种利用椭圆曲线加密结合散列函数的移动网络匿名安全认证方案。该方案利用椭圆曲线加密,结合散列函数,以随机数代替公开密钥加密和时间戳。首先,使用外地代理（FA）的漫游服务之前,计算单向散列函数,移动用户（MU）使用本地代理（HA）注册。然后,建立认证和会话的密钥,采用椭圆曲线加密,若HA一直待在同一FA中,则MU可以用FA更新会话密钥。最后,MU通过公共信道,利用HA修改密码。性能和安全性分析表明,相比其他几种类似方案,提出的方案明显提高了效率和安全性。其中,虚拟计算时间只有2.000 85 s,显著降低了计算开销。     

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al . proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al . claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al . protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al . protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd.     

Information-theoretic bounds for authentication codes and block designs

Authentication codes with secrecy and with splitting are investigated. An information-theoretic lower bound for the probability of successful deception for a spoofing attack of order r is obtained. The condition necessary on authentication codes to achieve the lower bound is determined as a single simple requirement. Based on the simplicity of the result a construction, by use of so-called partially balanced t-designs, for authentication codes that can achieve the lower bound is suggested.This research was partially supported by a K. C. Wong Fellowship.     

Revised anonymous authentication protocol for adaptive client‐server infrastructure

Rapid evolution in information and communication technologies has facilitated us to experience mobile communication in our daily routine. Mobile user can only avail the services from the server, once he/she is able to accomplish authentication process successfully. In the recent past, several researchers have contributed diverse authentication protocols for mobile client‐server environment. Currently, Lu et al designed two‐factor protocol for authenticating mobile client and server to exchange key between them. Lu et al emphasized that their scheme not only offers invincibility against potential security threats but also offers anonymity. Although this article reveals the facts that their protocol is vulnerable against client and server impersonation, man‐in‐the‐middle, server key breach, anonymity violation, client traceability, and session‐specific temporary attacks, therefore, we have enhanced their protocol to mitigate the above mention vulnerabilities. The enhanced protocol's security strength is evaluated through formal and informal security analysis. The security analysis and performance comparison endorses the fact that our protocol is able to offer more security with least possible computation complexity.     

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.     

无线传感器网络可能受到的攻击形式

文章研究和分析了无线传感器网络面临的安全威胁和可能受到的各种攻击形式。     

Combinatorial design-based quasi-cyclic LDPC codes with girth eight

This paper presents a novel regular Quasi-Cyclic (QC) Low Density Parity Check (LDPC) codes with column-weight three and girth at least eight. These are designed on the basis of combinatorial design in which subsets applied for the construction of circulant matrices are determined by a particular subset. Considering the non-existence of cycles four and six in the structure of the parity check matrix, a bound for their minimum weight is proposed. The simulations conducted confirm that without applying a masking technique, the newly implemented codes have a performance similar to or better than other well-known codes. This is evident in the waterfall region, while their error floor at very low Bit Error Rate (BER) is expected.