共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
3.
Remote user authentication schemes allow an authorized user to access the resources of remote servers. A dynamic ID authentication scheme further provides the property of user anonymity, that is, information of user identification will not be compromised even if communicated messages are intercepted. When it comes to the mobile user authentication, the client‐side processing capability is usually concerned the most. In this paper, the author proposes an efficient mobile dynamic ID authentication and key agreement scheme without trusted servers. For facilitating the application of mobile devices with limited processing capability, our scheme is optimized for the client‐side computation. Moreover, compared with related works, the proposed scheme is also more secure. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
4.
5.
The quest for personal control over mobile location privacy 总被引:2,自引:0,他引:2
《Communications Magazine, IEEE》2004,42(5):130-136
How to protect location privacy of mobile users is an important issue in ubiquitous computing. However, location privacy protection is particularly challenging: on one hand, the administration requires all legitimate users to provide identity information in order to grant them permission to use its wireless service; on the other hand, mobile users would prefer not to expose any information that could enable anyone, including the administration, to get some clue regarding their whereabouts; mobile users would like to have complete personal control of their location privacy. To address this issue, we propose an authorized-anonymous-ID-based scheme; this scheme effectively eliminates the need for a trusted server or administration, which is assumed in the previous work. Our key weapon is a cryptographic technique called blind signature, which is used to generate an authorized anonymous ID that replaces the real ID of an authorized mobile device. With authorized anonymous IDs, we design an architecture capable of achieving complete personal control over location privacy while maintaining the authentication function required by the administration. 相似文献
6.
The mobility and openness of wireless communication technologies make Mobile Healthcare Systems (mHealth) potentially exposed to a number of potential attacks, which significantly undermines their utility and impedes their widespread deployment. Attackers and criminals, even without knowing the context of the transmitted data, with simple eavesdropping on the wireless links, may benefit a lot from linking activities to the identities of patient’s sensors and medical staff members. These vulnerabilities apply to all tiers of the mHealth system. A new anonymous mutual authentication scheme for three-tier mobile healthcare systems with wearable sensors is proposed in this paper. Our scheme consists of three protocols: Protocol-1 allows the anonymous authentication nodes (mobile users and controller nodes) and the HSP medical server in the third tier, while Protocol-2 realizes the anonymous authentication between mobile users and controller nodes in the second tier, and Protocol-3 achieves the anonymous authentication between controller nodes and the wearable body sensors in the first tier. In the design of our protocols, the variation in the resource constraints of the different nodes in the mHealth system are taken into consideration so that our protocols make a better trade-off among security, efficiency and practicality. The security of our protocols are analyzed through rigorous formal proofs using BAN logic tool and informal discussions of security features, possible attacks and countermeasures. Besides, the efficiency of our protocols are concretely evaluated and compared with related schemes. The comparisons show that our scheme outperforms the previous schemes and provides more complete and integrated anonymous authentication services. Finally, the security of our protocols are evaluated by using the Automated Validation of Internet Security Protocols and Applications and the SPAN animator software. The simulation results show that our scheme is secure and satisfy all the specified privacy and authentication goals. 相似文献
7.
Azeem Irshad Shehzad Ashraf Chaudhry Muhammad Shafiq Muhammad Usman Muhammad Asif Anwar Ghani 《International Journal of Communication Systems》2019,32(14)
The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis. 相似文献
8.
9.
Multicast is rapidly becoming an important mode of communication and a good platform for building group-oriented services. To be used for trusted communication, however, current multicast schemes must be supplemented by mechanisms for protecting traffic, controlling participation, and restricting access of unauthorized users to data exchanged by the participants. In this paper, we consider fundamental security issues in building a trusted multicast facility. We discuss techniques for group-based data encryption, authentication of participants, and preventing unauthorized transmissions and receptions. We also describe the application of these principles and techniques in designing an architecture for secure multicast in a mobile environment. 相似文献
10.
To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment. 相似文献
11.
12.
智能终端的普及和移动互联网的迅速发展极大地改变了通信服务产业链。面对移动互联网行业,SIM卡作为天然的鉴权工具却无法发挥其优势。我们希望探索一种基于SIM卡的移动互联网应用鉴权机制,利用SIM卡现有能力,将SIM卡通信鉴权的便利性带到移动互联网的应用鉴权中,使用户享受更安全便捷,无感知的应用鉴权方式,同时为众多移动互联网应用提供开放性的平台化接入服务。 相似文献
13.
14.
为了防止私人数据泄露并完善已有的移动网络匿名漫游认证方案,提出了一种利用椭圆曲线加密结合散列函数的移动网络匿名安全认证方案。该方案利用椭圆曲线加密,结合散列函数,以随机数代替公开密钥加密和时间戳。首先,使用外地代理(FA)的漫游服务之前,计算单向散列函数,移动用户(MU)使用本地代理(HA)注册。然后,建立认证和会话的密钥,采用椭圆曲线加密,若HA一直待在同一FA中,则MU可以用FA更新会话密钥。最后,MU通过公共信道,利用HA修改密码。性能和安全性分析表明,相比其他几种类似方案,提出的方案明显提高了效率和安全性。其中,虚拟计算时间只有2.000 85 s,显著降低了计算开销。 相似文献
15.
A wireless LAN service integration architecture based on current wireless LAN hot spots is proposed so that migration to a new service becomes easier and cost effective. The proposed architecture offers wireless LAN seamless roaming in wireless LAN/cellular mobile networks. In addition, a link-layer-assisted mobile IP handoff mechanism is introduced to improve the network/domain switching quality in terms of handoff delay and packet loss. An application layer end-to-end authentication and key negotiation scheme is proposed to overcome the open-air connection problem existing in wireless LAN deployment. The scheme provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign network. A functional demonstration of the scheme is given. The research results can contribute to rapid deployment of wireless LANs. 相似文献
16.
基于PKI的IPSec-VPN的研究与设计 总被引:3,自引:1,他引:2
虽然将IPSec用在虚拟专用N(VPN)是一种很好的网络安全解决方案,极大地改进了传统IP协议缺乏安全机制的问题,但因其身份鉴别不完善而影响到在复杂环境下的网络安全。PKI是由公开密钥密码技术、数字证书、证书认证机构等基本成分组成的一套安全平台,可提供身份认证和角色控制服务。该文分析了IPsec和PKI在安全上的技术特点,提出了一种如何将PKI证书机制应用到IPsec-VPN中,实现强身份认证和访问控制机制,进而完善VPN安全的方案。 相似文献
17.
近场无线通信(NFC)是一种已经被广泛应用的短距无线通信技术.其中最常见的是将NFC技术应用于移动支付和门禁访问控制等应用.从技术上讲,这些应用利用NFC模拟卡模式将NFC设备模拟成银行卡或门禁卡,然后等待外部阅读器验证.在这类应用场景下,选取合适的安全认证方案是非常重要的.首先,介绍了现有的NFC认证系统和安全方案并分析了系统安全需求和潜在的安全风险.然后,采用Hash、AES和口令Key动态更新机制,提出了一种适用于NFC移动设备的双向认证安全方案,并设计了自同步机制.最后,利用GNY逻辑以形式化证明的形式证明了方案的安全性,分析表明该方案能解决伪造、重放攻击、窃听、篡改、异步攻击等安全问题. 相似文献
18.
s: At present, the main drawbacks of existing k-times attribute-based authentication (abbreviated to k-TABA) schemes and related attribute-based authentication schemes are that the computation cost of the authentication process depends on the size of the access formula and none of these schemes considers the problems of member revocation and attribute update. A new k-TABA scheme was constructed based on the building blocks of direct anonymous attestation, set membership proof and ciphertext-policy attribute-based encryption. Moreover, in order to reduce user's calculation as much as possible, the underlying attribute-based encryption scheme was modified, and then the main decryption operations were outsourced by using the key binding technique of Green et al. The new scheme can be deployed on a trusted platform and support expressive authentication policies. In addition, it also satisfies several ideal properties, such as registration process verifiability, member revocation, attribute update, and so on. The significant performance advantage of the new scheme is that the computation overhead of the user in the authentication phase is constant. 相似文献
19.
Network mobility (NEMO) is a protocol proposed for the mobility management of a whole network.It offers seamless Internet connectivity to the mobile end users.However,the NEMO protocol has not been wid... 相似文献
20.
Self-organized public-key management for mobile ad hoc networks 总被引:6,自引:0,他引:6
In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. We propose a fully self-organized public-key management system that allows users to generate their public-private key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase. 相似文献