基于簇结构的移动Ad Hoc网络的认证协议

与传统网络比较,移动AdHoe网络具有拓扑结构不稳定、终端能源有限、有限带宽及自组织等特点,这使得AdHoe网络的安全问题成了一个极具挑战性的研究课题,而安全问题中认证是基础。文中提出一种基于分簇结构的移动AdHoe网络的认证协议,结合门限加密机制和分布式密钥管理方案,实现各级簇头及簇成员的分布式认证。有效防止了恶意节点对消息的截取、修改、伪造、监视和窃听等外部攻击和防范内部被攻破认证节点对分布式认证的干扰。     

一种基于智能卡的安全认证模型

智能卡技术是近年来兴起的一种新的安全技术,在身份认证中得到了越来越广泛的应用。本文提出了一种对Lin-Shen-Hwang方案改进的智能卡远程认证方案。该方案把关于密钥的信息全存放在智能卡中,是一种基于ID的远程双向身份认证方案。它可以避免Lin-Shen-Hwang方案可能遭受的拒绝服务攻击和重放攻击,而且只在客户端就能自由更改密码,增加了用户使用的便利性,并且该方案能够抵抗一些常见的攻击,安全地进行用户身份认证。     

基于ACE的集群呼叫鉴权系统的实现

介绍基于ACE的集群呼叫鉴权系统的设计和实现方法。通过ACE_Even_Handler、ACE_Task、ACE_Reac-tor的派生类的相互配合,程序员可以快速开发UDP网络应用程序。     

基于LDAP和双因素身份认证的统一认证

从目前企业的安全体系和安全策略出发,本文设计了一套适用于目前多种企业应用的统一认证系统,使用LDAP标准协议管理用户信息,实现了统一管理、统一授权;采用了双因素认证服务器作为认证引擎,加强了身份认证的强度。     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.     

A Multi-Stage Secure IoT Authentication Protocol

The Internet of Things (IoT) is a network of heterogeneous and smart devices that can make decisions without human intervention. It can connect millions of devices across the universe. Their ability to collect information, perform analysis, and even come to meaningful conclusions without human capital intervention matters. Such circumstances require stringent security measures and, in particular, the extent of authentication. Systems applied in the IoT paradigm point out high-interest levels since enormous damage will occur if a malicious, wrongly authenticated device finds its way into the IoT system. This research provides a clear and updated view of the trends in the IoT authentication area. Among the issues covered include a series of authentication protocols that have remained research gaps in various studies. This study applies a comparative evaluation of authentication protocols, including their strengths and weaknesses. Thus, it forms the foundation in the IoT authentication field of study. In that direction, a multi authentication architecture that involves secured means is proposed for protocol authentication. Informal analysis can affect the security of the protocols. Burrows-Abadi-Needham (BAN) logic provides proof of the attainment of mutual authentication. NS3 simulator tool is used to compare the performance of the proposed protocol to verify the formal security offered by the BAN logic.     

A post quantum secure construction of an authentication protocol for satellite communication

Satellite's communication system is used to communicate under significant distance and circumstances where the other communication systems are not comfortable. Since all the data are exchanged over a public channel, so the security of the data is an essential component for the communicating parties. Both key exchange and authentication are two cryptographic tools to establish a secure communication between two parties. Currently, various kinds of authentication protocols are available to establish a secure network, but all of them depend on number–theoretical (discrete logarithm problem/factorization assumption) hard assumptions. Due to Shor's and Grover's computing algorithm number theoretic assumptions are breakable by quantum computers. Although Kumar and Garg have proposed a quantum attack-resistant protocol for satellite communication, it cannot resist stolen smart card attack. We have analyzed that how Kumar and Garg is vulnerable to the stolen smart card attack using differential power analysis attack described in He et al and Chen and Chen. We have also analyzed the modified version of signal leakage attack and sometimes called improved signal leakage attack on Kumar and Garg's protocol. We have tried to construct a secure and efficient authentication protocol for satellites communication that is secure against quantum computing. This is more efficient as it requires only three messages of exchange. This paper includes security proof and performance of the proposed authentication and key agreement protocol.     

A Proposed Biometric Authentication Model to Improve Cloud Systems Security

Most user authentication mechanisms of cloud systems depend on the credentials approach in which a user submits his/her identity through a username and password. Unfortunately, this approach has many security problems because personal data can be stolen or recognized by hackers. This paper aims to present a cloud-based biometric authentication model (CBioAM) for improving and securing cloud services. The research study presents the verification and identification processes of the proposed cloud-based biometric authentication system (CBioAS), where the biometric samples of users are saved in database servers and the authentication process is implemented without loss of the users’ information. The paper presents the performance evaluation of the proposed model in terms of three main characteristics including accuracy, sensitivity, and specificity. The research study introduces a novel algorithm called “Bio_Authen_as_a_Service” for implementing and evaluating the proposed model. The proposed system performs the biometric authentication process securely and preserves the privacy of user information. The experimental result was highly promising for securing cloud services using the proposed model. The experiments showed encouraging results with a performance average of 93.94%, an accuracy average of 96.15%, a sensitivity average of 87.69%, and a specificity average of 97.99%.     

Advanced Authentication Mechanisms for Identity and Access Management in Cloud Computing

Identity management is based on the creation and management of user identities for granting access to the cloud resources based on the user attributes. The cloud identity and access management (IAM) grants the authorization to the end-users to perform different actions on the specified cloud resources. The authorizations in the IAM are grouped into roles instead of granting them directly to the end-users. Due to the multiplicity of cloud locations where data resides and due to the lack of a centralized user authority for granting or denying cloud user requests, there must be several security strategies and models to overcome these issues. Another major concern in IAM services is the excessive or the lack of access level to different users with previously granted authorizations. This paper proposes a comprehensive review of security services and threats. Based on the presented services and threats, advanced frameworks for IAM that provide authentication mechanisms in public and private cloud platforms. A threat model has been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protecting cloud platforms from insider attacks, single sign-on failure, brute force attacks, denial of service, user privacy threats, and data privacy threats.     

开放网络环境下基于动态标识的身份认证研究

开放网络的安全性受到越来越多的关注,身份认证是开放网络安全的关键问题之一。本文对开放网络环境下的身份认证作了分析,在此基础上,提出了一个基于动态标识的身份认证模型,并对模型作了安全性分析。