共查询到20条相似文献,搜索用时 231 毫秒
1.
基于OWDP的高速IP网络性能实时监测技术及其安全实现 总被引:1,自引:0,他引:1
本文旨在提出一种安全的基于 OWDP的高速 IP网络性能监测方案 .在分析了 OWDP协议以及基于 OWDP的高速 IP网络性能实时监测体系的基础上 ,本文分析了协议以及该监测体系所存在的安全性问题 ,并提出了一种面向OWDP的基于改进的 Otway- Rees身份认证协议的安全性实现方案 .这一方案面向网络性能实时监测要求 ,既保留了OWDP协议简单高效的特点 ,也为高速 IP网络性能监测过程的抗攻击性提供了强有力的安全保障 相似文献
2.
针对基于会话初始协议(SIP)的IP多媒体子系统(IMS)网络安全机制,分析了SIP协议存在的安全隐患,将身份密钥协商协议IBAKA和头域敏感信息完整性保护等机制有效结合,提出了基于身份密码的轻量级SIP安全方案。分析了该方案的安全性,并从安全性和抗攻击性方面与几种典型方案进行比较。比较结果表明,该方案克服了SIP协议的安全隐患,提高了协议的安全性。 相似文献
3.
4.
5.
6.
RC4流密码算法易受弱密钥攻击、区分攻击和错误引入攻击。针对上述攻击,提出了一种基于随机置换的改进算法,该算法采用动态的状态表进行非线性运算,扩展状态表中的元素的取值空间,密钥序列的输出由状态表的前一状态和后一状态共同决定,提高了算法的安全性。分析了改进算法的正确性、安全性以及抗攻击性。实验验证了改进算法的密钥流随机性和效率优于RC4算法。 相似文献
7.
认证密钥协商协议是一种重要的安全协议,然而设计安全的此类协议却是十分困难的。本文分析了陈铁明等人于2008年提出的一个认证密钥协商协议,指出该协议不能抵抗密钥泄露伪装攻击。首先给出了具体攻击方法,然后在原有协议的基础上提出了一个新的改进协议,最后对改进协议的安全性质进行了分析。分析表明,改进协议满足较高的安全性,提供了已知密钥安全、完善前向安全、抗密钥泄露伪装攻击、未知密钥共享以及无密钥控制等安全属性,并且改进协议在计算效率和安全性方面取得了较好平衡,更加适合实际网络通信需要。 相似文献
8.
9.
基于LPN设计的认证协议结构简单、计算量低且抗量子攻击,适用于射频识别等轻量级设备,但无法同时满足低成本和强安全性要求。为此,对具有s-MIM安全的两轮认证协议的通用构造方法进行改进,使其能够达到可证明的一般中间人安全。利用改进的构造方法,实例化一个基于LPN的抗一般中间人攻击的两轮认证协议Auth-Hash。实验结果表明,与LPNAP协议相比,该协议具有较小的密钥存储空间和通信开销。 相似文献
10.
11.
12.
利用Yang等人的一个基于身份的并且错误容忍的会议密钥分配方案,提出了一种改进的会议密钥分配协议算法,并分析了该协议的正确性和安全性。分析结果表明,该方案不但实现了即使存在恶意参与者的情况下,诚实参与者也能协商出一个共同的会议密钥的目的;而且能够有效地抵抗被动攻击和主动攻击,安全高效,具有很强的实用性。 相似文献
13.
Recently, Yang et al. proposed an efficient user identification scheme with key distribution, in which it is possible for the user to anonymously log into a system and establish a secret key shared with the system. Mangipudi and Katti later demonstrated a Deniable-of-Service (DoS) attack on the Yang et al. scheme and then proposed an improvement to withstand such an attack. However, this paper demonstrates an identity disclosure attack to show that neither schemes’ claimed user anonymity requirement can be achieved. We further propose a novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. The proposed scheme not only withstands the attacks mentioned above, but also achieves the following: (i) user anonymity, (ii) key distribution, (iii) mutual authentication, and (iv) key confirmation. The performance of our scheme is of greater efficiency than that of previously proposed schemes in terms of communication costs and computational complexities. 相似文献
14.
《Computer Standards & Interfaces》2005,27(2):185-190
In 2003, Yang et al. presented a conference key distribution system that was intended to provide user anonymity. Subsequently, Lin et al. pointed out a security flaw in Yang et al.'s scheme based on solving linear equations and proposed a modified scheme. Accordingly, the current paper reviews the schemes proposed by Yang et al. and Lin et al., highlights the weakness in both schemes, and then proposes a new conference key agreement scheme with user anonymity. 相似文献
15.
Identity-based fault-tolerant conference key agreement 总被引:1,自引:0,他引:1
Xun Yi 《Dependable and Secure Computing, IEEE Transactions on》2004,1(3):170-178
Lots of conference key agreement protocols have been suggested to secure computer network conference. Most of them operate only when all conferees are honest, but do not work when some conferees are malicious and attempt to delay or destruct the conference. Recently, Tzeng proposed a conference key agreement protocol with fault tolerance in terms that a common secret conference key among honest conferees can be established even if malicious conferees exist. In the case where a conferee can broadcast different messages in different subnetworks, Tzeng's protocol is vulnerable to a "different key attack" from malicious conferees. In addition, Tzeng's protocol requires each conferee to broadcast to the rest of the group and receive n - 1 message in a single round (where n stands for the number of conferees). Moreover, it has to handle n simultaneous broadcasts in one round. In this paper, we propose a fault-tolerant conference key agreement protocol, in which each conferee only needs to send one message to a "semitrusted" conference bridge and receive one broadcast message. Our protocol is an identity-based key agreement, built on elliptic curve cryptography. It is resistant to the different key attack from malicious conferees and needs less communication cost than Tzeng's protocol. 相似文献
16.
Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. In this paper, we give crypt-analysis to Hwang et al.’s certificateless encryption scheme which is the first concrete certificateless encryption scheme that can be proved to be secure against “malicious-but-passive” key generation center (KGC) attack in the standard model. Their scheme is proved to be insecure even in a weaker security model called “honest-but-curious” KGC attack model. We then propose an improved scheme which is really secure against “malicious-but-passive” KGC attack in the standard model. 相似文献
17.
18.
At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. The security was proven under the strong RSA assumption in the random oracle model. In this paper, unfortunately, we show that the signature scheme is universally forgeable, i.e., an adversary can recover the private key of a user and use it to generate forged signatures on any messages of its choice having on average eight genuine signatures. This means, that realizing a deterministic identity-based signature scheme in composite order groups is still an open problem. In addition, we show that a preliminary version of the authenticated key exchange protocol proposed by Okamoto in his invited talk at ASIACRYPT 2007 is vulnerable to the key-compromise impersonation attack and therefore cannot be secure in the eCK model. We also show that the two-party identity-based key agreement protocol of Hölbl et al. is vulnerable to the unknown key-share attack. 相似文献
19.
We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme
allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice),
into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then
be recovered with Bob’s private key. In this paper, in the identity-based setting, we first investigate the relationship between
so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based
unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security
for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the
proxy and Bob cannot expose Alice’s private key. In this paper, we extend the notion to the identity-based setting, and present
an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the
standard model but also achieves the master secret security at the same time. 相似文献
20.
公钥加密关键字搜索(PEKS)允许用户发送关键字陷门给服务器,服务器可以通过陷门定位到包含用户搜索的关键字的密文。为了消除已有基于身份加密的关键字搜索(IBEKS)方案中服务器和接收者之间的安全信道,Wu等人提出了一种指定服务器基于身份加密的关键字搜索(dIBEKS)方案。可是,Wu等人提出的dIBEKS方案不满足密文不可区分性。为了克服Wu等人方案的不足,本文提出一种指定服务器基于身份加密的多关键字搜索方案。安全性分析表明,本文所提方案同时满足了密文不可区分、陷门不可区分和离线关键字猜测攻击的安全性。效率分析显示,本文的方案更高效。
相似文献