Vulnerability Analysis of the Grid Data Security Authentication System

ABSTRACT

A password-based authentication is still the most prevalent authentication method because of its convenience and easy implementations. Since a password is transmitted via network, it has an inherent vulnerability of password exposure to an attacker. A one-time password system reduces the risk of a security breach even when a password is exposed to an attacker, because the password is only meaningful at a given time. A grid data security system uses a technology, GridOne?, which allows the use of a one-time password without requiring preinstalled hardware or software infrastructures, and it provides strong security over conventional password-based authentication systems. We analyzed the weakness of the grid data security authentication system and provide a suggestion to compensate for its vulnerability.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Authentication of the 31 species of toxic and potent Chinese materia medica by microscopic technique assisted by ICP-MS analysis, part 4: four kinds of toxic and potent mineral arsenical CMMs

Toxic and Potent Chinese Materia Medica (T/PCMM) is a special and very important category of Chinese medicines. They have long been used in traditional medical practice and are being used more and more widely throughout the world in recent years. As there may be many fatal toxic effects caused by misusing or confusion of T/PCMM, their quality and safety control arouse increasing attention internationally. Researches on the accurate identification to ensure the safe use of T/PCMM are acquired; however, there are few reports on authentication. We are carrying out a series of studies on 31 T/PCMM originating from plants, animals, minerals, and secreta. In our previous studies, we proved that modern microscopic authentication is a simple, fast, effective, low cost, and less toxic method for identifying animal, seed, and flower T/PCMM. In the present study, we focused on the authentication of four kinds of mineral arsenicals, including orpiment (mainly containing As₂S₃), realgar (mainly containing As₄S₄), arsenolite, and arsenic trioxide (mainly containing As₂O₃). We examined the macroscopic and microscopic characteristics of the above minerals and found that they all can be easily identified and authenticated by using light microscopy coupled with polarized microscopy. Moreover, the authentication results for arsenolite and arsenic trioxide are confirmed by ICP‐MS analysis. We are sure that the morphological and microscopic characteristics indicated here are indispensable to establishing standards for these four mineral T/PCMMs. Microsc. Res. Tech. 74:1‐8, 2011. © 2010 Wiley‐Liss, Inc.     

家庭网络安全研究

目前,家庭网络是重点研究领域之一,家庭网络提供重要服务之一是远程控制家庭网络里的信息家电,由于家庭网络由异构网络协议和各种服务模型组成,远程控制服务导致家庭网络受到各种安全威胁.分析了国内外家庭网络研究现状和存在的安全威胁,对家庭网络安全研究的各种方法的优缺点进行了分类分析和总结,提出了家庭网络安全研究的科学问题与研究和发展方向,从而为家庭网络安全研究相关技术的进一步研究提供一定的理论基础.为用户提供简单易用、安全可靠的家庭网络环境,并提供隐私保护是家庭网络安全研究的最终目标.     

无线传感器网络上基于Tate对的身份认证方案设计与实现

身份密码学已在安全认证中得到了较广泛的应用。双线性对是近几年发展起来的一个构造密码体制的重要工具。在研究双线性对构造密码体制的基础上,提出了一个基于ID的标准身份认证方案。该方案在被动攻击下可防止冒充,同时在性能上比较高效。在TinyOS的传感器网络环境下实现了该身份认证方案。仿真结果证明该认证方案有效可行。     

3GPP认证与密钥协商协议安全性分析

通用移动通信系统采用3GPP认证与密钥协商协议作为其安全框架,该协议对GSM存在的安全隐患作了有效的改进.对3GPP认证与密钥协商协议进行安全性研究,分析其容易遭受4种类型攻击方式.为了解决上述存在的安全隐患,提出在位置更新与位置不变两种情况下的基于公钥密码学的认证与密钥协商协议,采用形式化的分析方式证明了所提出算法的安全性,并将该协议与已有协议在安全性方面进行了比较.结果显示,所提出的协议算法能够极大地增强3GPP认证与密钥协商协议的安全性.     

一种改进的Hash函数RFID双向安全认证协议

RFID得到了越来越广泛的关注和应用,但是其存在安全和隐私保护的问题值得重视和关注。在现有的RFID认证协议的基础上,提出了一种改进的双向安全认证算法,利用HASH函数的单向性,较好地解决了RFID的安全隐患问题。该协议具有抗重放、抗分析、防伪造、防跟踪等特性,并且适用于大型分布式系统。     

对一种身份认证协议的改进及其形式化分析①

基于口令的远程身份认证协议是目前认证协议研究的热点。2005年,Sung-Woon Lee等人提出了一个低开销的基于随机数的远程身份认证协议即Lee-Kim-Yoo协议,首先分析了此协议中所存在的安全性缺陷,随后构造了一个基于随机数和Hash函数,并使用智能卡的远程身份认证协议,最后用BAN逻辑对修改后的协议进行了形式化的分析,结果表明修改后的协议能够达到协议的安全目标。     

一种基于H.264视频内容认证的水印算法

提出一种基于H.264视频内容认证的半脆弱水印,该水印方案对视频内容恶意篡改敏感,而对于视频重编码等内容保持操作鲁棒。水印方案建立在视频压缩域上利用图像块之间不变的能量关系构建基于内容的特征码。由于DCT系数块能量主要集中在低频部分,所以用低频部分来生成特征码,用高频部分来嵌入水印。实验结果证明算法是有效的,并且较好地实现了篡改定位。     

一个安全高效的学生综合管理系统

为了解决学生管理系统的安全性和效率问题,分析了已有系统的不足,提出了一个安全高效的学生综合管理系统的解决方案。该方案利用C/S结构安全中间件,进行SQL Server 2000安全设置弥补TDS(TabularData Stream)协议漏洞、与已有数据库系统数据共享等方法,保证了管理系统的可用性和有效性,克服了已有系统存在的安全性不高、效率低下的不足。基于PowerBuilder的前端和SQL SERVER 2000的后台的系统运行结果表明,该方案可行有效。