一种改进的大规模移动自组织网络公钥管理方案

由于不需要基础设施和复杂的安全引导过程,证书链成为移动自组织网络公钥管理的一种重要可选方案.现有方案很大程度上依赖于节点的移动性,具有很长的预热期,认证成功率低.通过实验分析表明:对大规模移动自组织网络进行分簇,在随机选取的两个簇首之间以一定的概率相互签发少量的证书,形成的证书图涌现出明显的小世界现象.在此基础上,提出了一种改进的自组织公钥管理方案,利用证书图的小世界特征改进本地证书库的创建和认证过程.仿真结果表明,提出的改进方案在相同环境下认证成功率达到80%以上,比原有方案约50%的认证成功率有很大的提高.     

基于信任度的分布式证书链搜索算法

为解决信任管理中分布式证书链的搜索问题,定义了成员集与权限集的概念,并在此基础上提出了基于信任度的分布式证书链前向、后向和双向搜索算法,分析了算法复杂度,与现有算法进行了比较,并以一个实例说明了算法的应用,结合算法的预处理等功能证明:算法具有一定的实用性和高效性.     

局部完全自组的MANET密钥管理

当网络规模增大时,自组织密钥管理中建立证书链的开销都会急剧增大。为了解决方案的扩展性问题,提出建立一种局部完全自组的密钥管理框架。在该框架中将网络划分为多个域,域内采用局部完全自组织的构架方式,并以门限秘密共享机制和RSA非对称加密体制为基础．为各个域建立虚拟CA。不同域的两个节点可以通过虚拟CA建立域间信任关系。通过多域的划分提高了密钥管理框架的可扩展性．同时降低了远距离节点之间认证的通信开销。     

基于区块链技术的云身份管理信任模型设计

提出了基于区块链技术的云身份管理信任模型,该信任模型允许云服务提供商以动态和分布式的方式自主管理其信任关系,而无需诸如IDP等集中管理机构。该模型通过有效的身份验证机制,允许跨多个域分布的数据使用身份信息来简化操作,优化用户体验。为实现云身份管理的安全性和隐私性提供了身份管理安全问题参考解决方案。通过与传统的云身份管理模型对比,证明了本设计的稳定性。     

基于区块链技术的云身份管理信任模型设计

提出了基于区块链技术的云身份管理信任模型,该信任模型允许云服务提供商以动态和分布式的方式自主管理其信任关系,而无需诸如IDP等集中管理机构。该模型通过有效的身份验证机制,允许跨多个域分布的数据使用身份信息来简化操作,优化用户体验。为实现云身份管理的安全性和隐私性提供了身份管理安全问题参考解决方案。通过与传统的云身份管理模型对比,证明了本设计的稳定性。     

一种基于缓存的快速PKI认证模型

在大规模PKI系统中跨域建立证书信任时,为提供高效的证书路径发现及认证算法,基于缓存机制提出了一种系统、灵活的认证框架.该框架模型对于短期缓存认证提出一次一密以提高安全性;对于较长时期的证书缓存提出证书可靠性指数概念,让用户可在安全和效率间权衡.扩展证书缓存及证书可靠性指数到CA间的认证,满足实际网络环境需要,提高了认证效率,消除了上层CA证书验证服务时存在的性能瓶颈问题.     

A novel trust enhanced grid authentication mechanism

To improve trustworthiness in grid authentication, a novel trust enhanced grid authentication mechanism （TEGAM） is proposed in this paper where trust is divided into trust on grid entity （GE） and trust on third party （TP）. In order to obtain precise trust evaluation on GE＇s behaviors, trust on GE is further subdi- vided into trust as service consumer and trust as service provider. Details for the structure of TEGAM and related TEGAM-based authentication process are also given. Simulation results and prop- erty analysis show that, compared with current trust-based grid authentication techniques, TEGAM can not only help establish explicit and dynamic trust relationships among grid entities but also will significantly increase the efficacy of grid authentication.     

安全高效无证书有序多重签名方案

无证书密码体制(certificateless cryptography,CLC)将用户私钥拆分为部分私钥和秘密值,其中部分私钥由密钥生成中心(key generator center,KGC)生成,而秘密值由用户自己选定,从而解决了基于身份密码体制所固有的密钥托管问题.此外,由于用户公钥由秘密值决定,无需认证中心(certificate authority,CA)对用户的公钥证书进行管理,解决了传统密码体制的证书管理问题.有序多重签名可用于电子政务和电子商务系统实现公文的逐级审批发布,提高认证效率.将有序多重签名和无证书密码相结合,提出一种安全高效的无证书有序多重签名方案,多重签名的长度及验证时间均与签名者个数无关,是紧致的无证书有序多重签名方案.方案使用较少的双线性对且只有一个签名消息,具有较高的计算效率和通信效率.证明了方案在随机预言模型(random oracle model,ROM)下具有不可伪造性.     

Time-Based Dynamic Trust Model Using Ant Colony Algorithm

The trust in distributed environment is uncertain, which is variation for various factors. This paper introduces TDTM, a model for time-based dynamic trust. Every entity in the distribute environment is endowed with a trust-vector, which figures the trust intensity between this entity and the others. The trust intensity is dynamic due to the time and the inter-operation between two entities, a method is proposed to quantify this change based on the mind of ant colony algorithm and then an algorithm for the transfer of trust relation is also proposed. Furthermore, this paper analyses the influence to the trust intensity among all entities that is aroused by the change of trust intensity between the two entities, and presents an algorithm to resolve the problem. Finally, we show the process of the trusts＇ change that is aroused by the time＇s lapse and the inter-operation through an instance.     

A New Kind of Subjective Trust Model

Based on the outstanding characteristics of Cloud Model on the process of transforming a qualitative concept to a set of quantitative numerical values, a formalized model of subjective trust is introduced by which we can transform between qualitative reputation and quantitative voting data. The present paper brings forward algorithms to compute direct trust and recommender trust. Further more, an effective similarity measuring method used to distinguish two users＇ reputation on knowledge level is also proposed. The given model properly settles the uncertainty and fuzziness properties of subjective trust which is always the weakness of traditional subjective trust model, and provides a step in the direction of proper understanding and definition of human trust.     

一种基于P2P技术的分布式认证方法

Ad hoc网络是采用一种“随机”的方式建立的,其动态的拓扑结构特点决定了在其上无法使用集中式的安全认证方案,即无法使用一个固定的公共密钥设施。文中提出了一个新的信任表示方法,即基于秘密群（也就是簇）的信任表示。使用RSA二进制累加器以分布方式来构建簇,簇中的成员资格验证则是通过对指数幂取模进行零知识证明来完成的。这种信任模型不是中心控制结构的,并且能在网络中迅速配置。     

Research progress of trust evaluation model

Software systems in distributed environment are changing from a close and relatively static form, whose users are familiar with each other, to an open and highly dynamic mode, which can be visited by public. In such circumstance, trust evaluation model becomes focus of intense research at current time. Trust evaluation model establishes a management framework of trust relationship between entities, involving expression and measurement of trust, comprehensive calculation of direct trust value and recommended trust value, and recognition of malicious entities and recommendations. Based on the analysis of several typical trust evaluation models, the classification of trust evaluation ideas and modes is discussed, the questions existing in current research and the directions of future research are pointed out.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

Efficient hierarchical identity based signature scheme in the standard model

Hierarchical identity based cryptography is a generalization of identity based encryption that mirrors an organizational hierarchy. It allows a root public key generator to distribute the workload by delegating public key generation and identity authentication to lower-level public key generators. Most hierarchical identity based signature schemes are provably secure in the random oracle model or the weak models without random oracles such as gauntlet-ID model. Currently, there is no hierarchical identity based signature scheme that is fully secure in the standard model, with short public parameters and a tight reduction. In this paper, a hierarchical identity based signature scheme based on the q-SDH problem that is fully secure in the standard model is proposed. The signature size is independent of the level of the hierarchy. Moreover, our scheme has short public parameters, high efficiency and a tight reduction.     

Trustworthiness Technologies of DDSS

The most significant strategic development in information technology over the past years has been ＂trusted computing＂ and trusted computers have been produced. In this paper trusted mechanisms adopted by PC is imported into distributed system, such as chain of trust, trusted root and so on. Based on distributed database server system （DDSS）, a novel model of trusted distributed database server system （TDDSS） is presented ultimately. In TDDSS role-based access control, two-level of logs and other technologies are adopted to ensure the trustworthiness of the system.     

A Secure MAKAP for Wireless Communication

A mutual authentication and key establishment protocol proposed by Aydos et al, for wireless communication based on elliptic curve cryptography can provide authentication between the user and server and they agreement a session key in the end of it. Unfortunately, Mangipudi pointed out Aydos＇ scheme was incurred the man-in-middle attack denial-of-service attack and impersonation based on man-in-middle attack. Then he proposed an improved scheme m overcome the above weakness. However, there is an attack which can forge the message required in the protocol and impersonation a valid user to the server.     

OvBNN authentication based on cooperative signature for wireless sensor networks

The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key management and secure routing protocol. Although the signature mechanism based on symmetric encryption is high in energy efficiency,it is vulnerable to be attacked and there is a time delay during authentication. Traditional public key encryption mechanism with improvement in security brings in complex algorithm and costs much time,which is not suitable for WSN. In this paper,a signature authentication mechanism,an optimized variant Bellare Namprempre Neven( OvBNN) is presented to quickly complete the authentication by mutual cooperation between nodes so as to make the nodes use the intermediate calculation results of their neighbor nodes directly.Simulation results show that the proposed mechanism is superior to traditional authentication mechanisms both in energy consumption and authentication time.     

基于Ad hoc中密钥管理方案

研究密钥管理方案,提出了一种基于Adhoc中密钥管理方案．该方案采用基于口令认证方法,在Adhoc中建立节点之间的信任关系,实现了节点之间的密钥认证和信息加密,同时减轻了节点的计算量和存储负担．     

Trust Authentication Protocol on the Web

0 IntroductionTihner ter aedxiitsitosn aal c cloosmepdu cteernt esrys tmeamna.g eEmacehnt e snetictuyri tiny idto musaeinsone or more identities to act . The basic assumption in thissystemis the entities had been known.Inclosed systems ,thelegiti mate users had been known,andthe association betweenrights of users and resources was established. Trust relation-ship had been existed actuallyinit .Purpose of authenticationis to distinguish whether or not the users had beenauthorized.However ,it …