移动网络可信匿名认证协议

针对终端接入移动网络缺乏可信性验证问题,提出一种移动网络可信匿名认证协议,移动终端在接入网络时进行身份验证和平台完整性认证。在可信网络连接架构下,给出了可信漫游认证和可信切换认证的具体步骤,在认证时利用移动终端中预存的假名和对应公私钥对实现了用户匿名隐私的保护。安全性分析表明,协议满足双向认证、强用户匿名性、不可追踪性和有条件隐私保护。协议中首次漫游认证需要2轮交互,切换认证需1轮即可完成,消息交换轮数和终端计算代价优于同类可信认证协议。     

A new efficient authentication protocol for mobile networks

This paper proposes a new efficient authentication protocol for mobile networks. The user, service provider and key distribution center authenticate mutually in the proposed protocol. In addition, the user and service provider will generate a secret session key for communication in this protocol. We prove the proposed protocol by using BAN logic. In our protocol, the key distribution center of the networks does not need to maintain the secret key database of users by using the key derivation function. The proposed protocol is based on symmetric cryptosystem, challenge–response and hash chaining. It only needs four message exchange rounds for intra-domain initial phase and seven message exchange rounds for inter-domain initial phase. Our initial phase only takes 17% and our subsequent phase requires 26% communication cost of Chien and Jan's protocol. The proposed protocol is more efficient than the others. It is suitable to apply in the mobile networks.     

Cryptanalysis of an optimized protocol for mobile network authentication and security

Yi et al. presented a protocol for mobile network authentication and key distribution based upon the DSA signature scheme. The protocol can be divided into two phases, i.e., registration phase and service phase. In this paper, we show that their scheme is insecure on the registration phase since an attacker can easily forge a certification for any exit or dummy user in their protocol and then pretend to be a legal user to communicate with other entities.     

Anonymous handover authentication protocol for mobile wireless networks with conditional privacy preservation

With the development of the wireless communication technology and the popularity of mobile devices, the mobile wireless network (MWN) has been widely used in our daily life. Through the access point (AP), users could access the Internet anytime and anywhere using their mobile devices. Therefore, MWNs can bring much convenience to us. Due to the limitation of AP’s coverage, the seamless handover frequently occurs in practical applications. How to guarantee the user’s privacy and security and identify the real identity when he/she brings harm to the system becomes very challenging. To achieve such goals, many anonymous handover authentication (AHA) protocols have been proposed in the last several years. However, most of them have high computation costs because mobile nodes need to carry out the bilinear pairing operations or the hash-to-point operations. Besides, most of them cannot satisfy some critical requirements, such as non-traceability and perfect forward secrecy. In this paper, we first outline the security requirements of AHA protocols, and then propose a new AHA protocol to eliminate weaknesses existing in previous AHA protocols. Based on the hardness of two famous mathematical problems, we demonstrate that the proposed AHA protocol is secure against different kinds of attacks and can meet a variety of security requirements. It can be seen from the details of implementations that the proposed AHA protocol also has much less computation cost than three latest AHA protocols.     

An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks

We address the problem of mutual authentication and key agreement with user anonymity for mobile networks. Recently, Lee et al. proposed such a scheme, which is claimed to be a slight modification of, but a security enhancement on Zhu et al.’s scheme based on the smart card. In this paper, however, we reveal that both schemes still suffer from certain weaknesses which have been previously overlooked, and thus are far from the desired security. We then propose a new protocol which is immune to various known types of attacks. Analysis shows that, while achieving identity anonymity, key agreement fairness, and user friendliness, our scheme is still cost-efficient for a general mobile node.     

An access authentication protocol for trusted handoff in wireless mesh networks

WMNs (Wireless Mesh Networks) are a new wireless broadband network structure based completely on IP technologies and have rapidly become a broadband access measure to offer high capacity, high speed and wide coverage. Trusted handoff in WMNs requires that mobile nodes complete access authentication not only with a short delay, but also with the security protection for the mobile nodes as well as the handoff network. In this paper, we propose a trusted handoff protocol based on several technologies, such as hierarchical network model, ECC (Elliptic Curve Cryptography), trust evaluation and gray relevance analysis. In the protocol, the mobile platform's configuration must be measured before access to the handoff network can proceed and only those platforms whose configuration meets the security requirements can be allowed to access the network. We also verify the security properties through formal analysis based on an enhanced Strand model and evaluate the performance of the proposed protocol through simulation to show that our protocol is more advantageous than the EMSA (Efficient Mesh Security Association) authentication scheme in terms of success rate and average delay.     

Geo-encryption protocol for mobile networks

We propose a geo-encryption protocol that allows mobile nodes to communicate securely by restricting the decryption of a message to a particular location and time period. Our protocol will handle the exchange of movement parameters, so that a sender is able to geo-encrypt messages to a moving decryption zone that contains a mobile node’s estimated location. We also present methods for estimating the node’s movement parameters to allow for geo-encryption. Finally, we evaluate our model by measuring the induced overhead to the network and its performance in terms of decryption ratio.     

一种移动互联网络匿名认证协议

针对移动互联网络安全性的匿名需求,论文在基于身份的公钥系统的基础上,设计了一个双向匿名认证协议,该协议提出移动互联网络通信中的匿名身份认证和密钥协商方案,实现了通信双方的相互认证,并使移动网络向移动用户提供匿名服务,保护用户身份信息,分析表明协议具有很强的匿名性,而且高效可行,满足移动互联网络匿名性的安全需求。     

一种高效的移动微支付和认证协议*

针对移动计算网络的技术特点,提出了一种适合移动用户与收费服务网络进行微支付和相互认证的协议。该协议的创新之处在于将微支付方案融入到认证协议中,使移动用户可利用笔记本电脑或掌上电脑浏览收费网页、购买低价信息商品以及进行移动电子商务,并能为移动用户漫游计费提供依据。协议不仅在公共参数的存储空间需求和用户端计算负荷方面是合理的,而且能够确保用户不被错误收费,并为服务网络提供防止用户抵赖的合法证据。该协议基于一个全局的公钥基础设施,适用于基于第三代移动通信系统的网络计算环境。     

移动可信接入轻量级认证与评估协议

为增强移动终端可信网络接入认证与评估协议的可用性,降低网络通信负载及终端计算负载,提出一种轻量级的身份认证与平台鉴别评估协议。协议基于接入双方在首次接入时共享的认证密钥以及对方的可信平台配置信息,在不需要可信第三方参与的情况下,完成快速的身份认证与鉴别评估。协议减少了网络数据交换次数以及接入双方的计算工作量,在保证接入认证与评估所需的安全属性的同时,还增强了平台配置信息的机密性以及抵抗重放攻击的能力。安全性和性能分析表明,所提协议适合无线网络通信环境下的移动终端可信网络接入。     

一种更具实用性的移动RFID认证协议

针对Doss协议的不足,提出了一种改进的轻量级移动RFID认证协议。首先使用二次剩余混合随机数加密的方法提高后台服务器识别速度;在阅读器端添加时间戳生成器,抵御阅读器冒充及重放攻击。新协议标签端只采用成本较低的伪随机数生成、模平方以及异或运算,遵循了EPC C1G2标准,且实现了移动RFID环境下的安全认证。理论分析及实验显示了新协议提高了Doss协议后台识别速度,并满足标签和阅读器的匿名性、阅读器隐私、标签前向隐私等安全需求,更有效抵抗已有的各种攻击：重放、冒充、去同步化攻击等。与同类RFID认证协议相比,实用性更佳。     

A hybrid user authentication protocol for mobile IPTV service

IPTV, a technological convergence that combines communication and broadcasting technologies, delivers customized, interactive TV content and other multimedia information over wired and wireless connections. Providing secure access to IPTV services calls for authentication, without proper and secure authentication mechanisms, an individual impersonating a subscriber could steal a service. This paper proposes a new authentication protocol to authenticate IPTV users. The authors based the proposed protocol, a hybrid authentication protocol providing lightweight, personalized user authentication, on RFID (radio-frequency identification) and USIM (Universal Subscriber Identity Module) technologies. In the proposed protocol, USIM performs highly personalized authentication, and the authenticated subscriber’s RFID tags can have a temporary authority to execute authentication. These RFID tags become Agent Tags authorized to authenticate subscribers. Agent Tags identify and authenticate themselves to RFID readers in the set-top box, thus, simplifying the authentication process.     

无线传感器网络的安全认证协议研究

在对现有无线传感器网络公钥认证机制进行研究的基础上,提出了一种新的基于椭圆曲线公钥算法的部分分布式认证协议PDAP(partly distributed authentication protocol).在协议中,综合采用了门限秘密共享及证书合成的思想,将数字证书应用于无线传感器网络.同时,针对传感器节点计算能力、存储空间和能量有限的特点,对传统X.509证书的结构重新设计,通过重构的数字证书实现了节点的分布式认证.分析结果表明,该协议能够满足资源有限的无线传感器网络的安全性要求.     

An authentication protocol offering service anonymity of mobile device in ubiquitous environment

With the advent of ubiquitous era, various devices and services using wireless network are increasing. For communications in wireless network, mobile devices are used and various services are increasingly provided through mobile devices. The AAA (Authentication, Authorization, and Accounting) that authorizes and manages the mobile devices is processing the standardization for various application services for the purpose of the standardization of authentication, authorization, and accounting to provide safety and reliability of various services and protocols of both wired and wireless network. However, even if AAA exists the development of network varies vulnerabilities and attack types, and accordingly the exposure of information appears as the biggest problem. Therefore, this study suggests the safe authentication method that protects against information exposure by guaranteeing anonymity of service with temporal ID, and provides efficiency because AAA authentication server is based on the ticket given to a service server without the need of re-authentication when mobile node authorized from the AAA authentication server receives service.     

移动Ad Hoc网MAC协议的一种改进算法

着重分析了影响公平性的退避算法,对用于无线局域网的乘性增加、线性减少(MILD)退避算法进行了改进.运用NS2仿真工具对改进算法后的信道接入的公平性进行了分析.结果表明,与BEB算法相比,改进后的MILD退避算法能大幅度提高信道接入的公平性.     

AHBP: An efficient broadcast protocol for mobile Ad hoc networks

Broadcast is an important operation in many netowkr protocols.It is utilized to discover routes to unknown nodes in mobile ad hoc networks(MANETs) and is the key factor in scaling on -demand routing protocols to large networks.This paper presents the Ad Hoc Broadcast Protocol(AHBP)and its performance is discussed.In the protocol,messages,are only rebroadcast by broadcast relay gateways that constitute a connected dominating set of the network.AHBP can efficiently reduce the redundant messages which make flookding-like protocols perform badly in large dense networks.Simulations are conducted to determine the performance characteristics of the protocol.The simulation results have shown excellent reduction of broadcast redundancy with AHBP.It also contributes to a reduced level of broadcast collision and congestion.     

An anonymous distributed routing protocol in mobile ad-hoc networks

This paper proposes an efficient anonymous routing protocol for mobile ad hoc networks (MANETs). This protocol considers symmetric and asymmetric links during the wireless communication of MANETs. A MANET is one type of self-organized wireless network that can be formed by several wireless devices such as laptops, tablet PCs, and smartphones. Different wireless transmission ranges of different mobile devices lead to a special communication condition called an asymmetric link. Most research on this topic focuses on providing security and anonymity for the symmetric link without considering the asymmetric link. This paper proposes a novel distributed routing protocol beyond the symmetric and asymmetric links. This protocol guarantees the security, anonymity, and high reliability of an established route by avoiding unreliable intermediate nodes. The routes generated by the proposed protocol are shorter than previous research. The proposed protocol enhances MANET performance in assuring security and anonymity.     

USBKey辅助的无证书移动IP注册认证协议

移动IP中无线链路的开放性和节点的移动性,给移动节点的注册带来潜在的安全威胁。针对移动节点的注册安全问题,提出了一种USBKey辅助的注册认证协议。该协议通过USBKey保护移动节点的私钥以加强移动注册的安全性,结合数字信封技术与数字签名技术,实现相关协议实体的身份认证和注册信息的安全保护。分析结果表明,该协议可保证注册信息的完整性和机密性,可以有效抵御常见的安全攻击,保证移动节点的注册安全,并且比多数相关协议的注册认证迟延更小。     

USIM-based EAP-TLS authentication protocol for wireless local area networks

Due to the rapid growth in popularity of Wireless Local Area Network (WLAN), wireless security has become one of many important research issues. For the WLAN security, the IEEE 802.1X standard provides an authentication framework that is based on the Extensible Authentication Protocols (EAP). In the EAP framework, there are many authentication protocols that have been proposed, in which each authentication protocol has some strengths and weaknesses, respectively. Most EAP authentication protocols lack two features: identity protection and withstanding man-in-the-middle attacks. In this paper, we first propose a novel symmetric-key based certificate distribution scheme based on Universal Subscriber Identity Module (USIM) cards in a cellular network. The symmetric-key based certificate distribution scheme allows mobile subscribers to obtain temporary certificates from the corresponding cellular network. Combining the proposed certificate distribution scheme with the EAP-TLS (Transport Layer Security) protocol, we present a new EAP authentication protocol called USIM-based EAP authentication protocol. The new EAP authentication protocol combining with USIM cards is an extension of the EAP-TLS protocol and also follows the EAP framework in the IEEE 802.1X standard. Compared to other EAP authentication protocols, the proposed protocol provides mutual authentication, strong identity protection and roaming capability between the cellular network and the WLAN networks.     

物联网环境下移动节点可信接入认证协议

无线传感器网络（WSN）中的移动节点缺乏可信性验证,提出一种物联网（IoT）环境下移动节点可信接入认证协议。传感器网络中移动汇聚节点（Sink节点）同传感器节点在进行认证时,传感器节点和移动节点之间完成相互身份验证和密钥协商。传感器节点同时完成对移动节点的平台可信性验证。认证机制基于可信计算技术,给出了接入认证的具体步骤,整个过程中无需基站的参与。在认证时利用移动节点的预存的假名和对应公私钥实现移动节点的匿名性,并在CK（Canetti-Krawczyk）模型下给出了安全证明。在计算开销方面与同类移动节点认证接入方案相比,该协议快速认证的特点更适合物联网环境。