共查询到20条相似文献,搜索用时 31 毫秒
1.
With the broad implementations of the electronic business and government applications,robust system security and strong privacy protection have become essential requirements for remote user authentication schemes.Recently,Chen et al.pointed out that Wang et al.’s scheme is vulnerable to the user impersonation attack and parallel session attack,and proposed an enhanced version to overcome the identified security flaws.In this paper,however,we show that Chen et al.’s scheme still cannot achieve the claimed security goals and report its following problems:(1) It suffers from the offline password guessing attack,key compromise impersonation attack and known key attack;(2) It fails to provide forward secrecy;(3) It is not easily repairable.As our main contribution,a robust dynamic ID-based scheme based on non-tamper resistance assumption of the smart cards is presented to cope with the aforementioned defects,while preserving the merits of different related schemes.The analysis demonstrates that our scheme meets all the proposed criteria and eliminates several grave security threats that are difficult to be tackled at the same time in previous scholarship. 相似文献
2.
3.
一种代理多重数字签名方案的安全性分析 总被引:17,自引:2,他引:17
对Qi和Harn的代理多重数字签名方案,提出了一种伪造攻击,利用该伪造攻击,n个原始签名者中任何一个签名者都能伪造出一个有效代理多重数字签名,并对Qi和Harn的代理多重数字签名方案进行了改进,提出了一种新的安全的代理多重数字签名方案。 相似文献
4.
一种代理多签名体制的安全性分析 总被引:3,自引:0,他引:3
对Ji和Li的基于椭圆曲线离散对数问题的代理多签名体制提出了两个伪造攻击。利用这两个伪造攻击,任何一个原始签名人都能伪造出一个有效的代理多重数字签名。并对Ji和Li的代理多签名体制进行了改进,提出了新的安全的基于椭圆曲线离散对数问题的代理多签名体制。 相似文献
5.
Patarin proposed the dragon scheme,pointed out the insecurity of the dragon algorithm with one hidden monomial and suggested a candidate dragon signature algorithm with a complicated function.This paper presents an algebraic method to attack the candidate dragon signature algorithm.The attack borrows the basic idea of the attack due to Kipnis and Shamir,and utilizes the underlying algebraic structure of the candidate dragon signature algorithm over the extension field to derive a way to enable the variable Y be viewed as a fixed value.The attack recovers the private keys efficiently when the parameters are n≤25 and D=「logqd」≤3. 相似文献
6.
7.
VoIP(语音IP)或互联网电话技术是指通过互联网(而非公共交换电话网络,亦即PSTN)传送的通信服务--语音、传真和/或语音、信息应用. 相似文献
8.
Certificateless cryptography is an attractive paradigm for public key cryptography as it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity‐based cryptography. Recently, an efficient certificateless signature scheme without using pairings was proposed by He, Chen and Zhang. They claimed that it is provably secure under the discrete logarithm assumption in the random oracle model. However, in this paper, we show that their scheme is insecure against a type II adversary who can access to the master secret key of the system. Copyright © 2012 John Wiley & Sons, Ltd. 相似文献
9.
姚蕾 《智能计算机与应用》2018,(3):172-174,178
大数据时代,数据是各类信息系统应用的核心,所有信息系统正常运行都是建立在数据安全存储的前提之下.如何保证数据的安全性是本文的研究重点,本文对卷实时保护算法进行研究,力求找到提升数据安全性的方法. 相似文献
10.
Shin-Jia Hwang En-Ti Li 《Communications Letters, IEEE》2003,7(4):195-196
Due to the special requirements of the mobile code system, Shieh et al. (see IEEE Trans. Veh. Technol., vol.49, p.1464-73, July 2000) proposed some multisignature schemes based on a new digital signature scheme with message recovery. One major characteristic of these schemes is to avoid using one-way hash functions and message redundancy schemes. However, this causes some security flaw. An attack is proposed to show that the underlying signature scheme is not secure. To overcome the attack, the message redundancy schemes may be still used. 相似文献
11.
近年来,国内信息安全产业虽然有了较快发展,各种产品的技术性能也在不断改进,但与日益迫切的信息安全需求相比,信息安全产品在产品结构、技术水平等方面,仍存在明显的不适应,主要表现在:—现有的主流产品,如防火墙、杀毒软件、IDS、VPN等,往往只偏重于对网络进行边界防护,或者只能对专用网中运行的数据实行粗粒度的安全控制,难以对数据安全实行精确、有效的保护;—大部分产品功能单一,只能满足某一方面的安全需求,用户要解决安全问题往往要像不断打补丁一样反复添置各种产品,造成信息安全建设的低效率、高成本;—不少所谓全面的解决方案,… 相似文献
12.
We show that the scalable multicast security protocol based on RSA, proposed by R. Molva and A. Pannetrat (see ACM Trans. Inform. Syst. Security, vol.3, no.3, p.136-60, 2000), is insecure against collusion attacks. 相似文献
13.
《Journal of Visual Communication and Image Representation》2014,25(5):805-813
The access and distribution convenience of public networks opens a considerable content security threat when sending, receiving, and using multimedia information. In this paper, a content security protection scheme that integrates encryption and digital fingerprinting is proposed to provide comprehensive security protection for multimedia information during its transmission and usage. In contrast to other schemes, this method is implemented in the JPEG compressed domain with no transcoding or decompression, therefore, this scheme is highly efficient and suitable for multimedia information, which is seldom available in an uncompressed form. In addition, a variable modular encryption method is proposed to solve the invalid variable length coding (VLC) problem when a compressed data stream is encrypted directly. Experimental results demonstrate improved security and the efficiency provided by the proposed scheme. The experiments also demonstrate imperceptibility and collusion resistance of fingerprints. 相似文献
14.
Chen-Ch Lin Chi-Sung Laih 《Communications Letters, IEEE》2000,4(7):231-232
The standard drafts, P1363 (1996) and ISO 9796-4 (1998), have adopted the discrete-logarithm based on signature equation, S3, which was originally proposed by Nyberg and Rueppel (1994). They also claimed that the signature scheme based on S3 and S5 can resist the known message attack. In this letter, we propose an extended known message attack to show that the message recovery signature scheme based on S3 and S5 has the security problem 相似文献
15.
Oussema Dabbebi Remi Badonnel Olivier Festor 《International Journal of Network Management》2014,24(1):70-84
The emergence of cloud computing is contributing to the integration of multiple services, in particular VoIP services. While the cloud has recently been used for performing security attacks targeting IP telephony, it also provides new opportunities for supporting the security of this service. In that context, we propose a risk management strategy for VoIP cloud based on security countermeasures that may be outsourced as services. We present the architecture of our solution and its components in the context of services implementing the SIP protocol. We describe the mathematical modelling supporting our approach and detail different treatment strategies for the application of countermeasures. Finally, we quantify the benefits and limits of these strategies based on extensive simulation results. When a countermeasure fails, these strategies allow us to maintain the risk level low at an additional cost of up to 7%, or to accept an additional risk of up to 12%. They can also be combined to obtain a trade‐off between cost and performance. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
16.
本文先以VoLTE为例介绍了传统核心网的安全防护方案和安全域的划分,接着探讨引入NFV后核心网发生了哪些变化,再提出NFV的安全域划分建议,分别对VNF和NFVI层进行安全防护方案的探讨。 相似文献
17.
18.
19.
锦州市数据交换中心是辽宁省党政信息系统及辽宁省社会信用体系的重要组成部分,是实现信息采集、整合、发布、查询载体的安全保障,也是面向社会各界提供信用、信息服务的基础平台。环境安全保障系统建设方案是确保平台信息、信用数据安全和完整,防止恶意攻击和窃取行为,避免无意数据泄露的有效途经。 相似文献