首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到17条相似文献,搜索用时 125 毫秒
1.
Forward secrecy is an important security property in key agreement protocol. Based on Ham's protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Ham's protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user's secret key and it is very beneficial to today's communication with portable devices.  相似文献   

2.
Protocols for authentication and key establishment have special requirements in a wireless environment. This paper presents a new key agreement protocol HAKA (home server aided key agreement) for roaming scenario. It is carried out by a mobile user and a foreign server with the aid of a home server, which provides all necessary authentications of the three parties. The session key can be obtained by no one except for the mobile user and the foreign server. HAKA is based on Diffie-Hellman key exchange and a secure hash function without using any asymmetric encryption. The protocol is proved secure in Canetti-Krawczyk (CK) model.  相似文献   

3.
Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits: (1) it can resist all the attacks listed in introduction; (2) less storage memory requirement due to no verification table stored in server; (3) low computational cost due to hash functions based operations; (4) even if the smart card is lost, the new system is still secure; (5) As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.  相似文献   

4.
Two common kinds of security mechanisms used in session initial protocol (SIP) are analyzed.An improved HTTP digest authentication scheme is put forward based on the existing SIP authentication theories.This mechanism is combined with the merits of the HTTP digest authentication and the public key encryption,so the communicating parties complete two-way authentication and public key exchange in pre-calling,and the session key can be randomly generated in post-calling.The mixture of security encryption mechanism with public key encryption and symmetric-key encryption algorithm can ensure the security for network communication data.The emulation of the scheme is verified,and the security analysis is conducted in the end.The researches show that the simulations efficiency of this method is about 78% of HTTP’s,and it can prevent four kinds of attacks including impersonating a server,offline password guessing attacks,relay-attack,and session monitoring.  相似文献   

5.
ID-based constant-round group key agreement protocols are efficient in both computation and communication, but previous protocols did not provide valid message authentication. An improvement based on attack analysis is proposed in this paper. The improved method takes full advantage of the data transmitted at various stages of the protocol. By guaranteeing the freshness of authentication messages, the authenticity of the generator of authentication messages, and the completeness of the authenticator, the improved protocol can resist various passive and active attacks. The forward secrecy of the improved protocol is proved under a Katz-Yung (KY) model. Compared with existing methods, the improved protocol is more effective and applicable.  相似文献   

6.
A novel video data authentication model based on digital video watermarking and MAC (message authentication code) in multicast protocol is proposed in this paper, The digital watermarking which composes of the MAC of the significant vid eo content, the key and instant authentication data is embedded into the insignificant video component by the MLUT (modified look-up table) video watermarking technology. We explain a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DOS (denial of service) attack. So the video packets can be authenticated instantly without large volume buffer in the receivers. TESLA (timed efficient stream loss tolerant authentication) does not explain how to select the suitable value for d, which is an important parameter in multicast source authentication. So we give a method to calculate the key disclosure delay (number of intervals). Simulation results show that the proposed algorithms improve the performance of data source authentication in multicast.  相似文献   

7.
The user anonymity mechanism provided in GSM and UMTS network is analyzed,and a new approach to solve the anonymity of mobile subscriber is proposed in this paper.Using the ciphering algorithm with a dynamic key and a static key,the method allows mobile subscribers to connect network with user anonymity,and it can be seamlessly integrated with the existing authentication algorithms.The analyses reveal that the proposed scheme can provide the integrity protection of messages,prevent the replay attacks,and be implemented easily.  相似文献   

8.
Based on public key, a quantum identity authenticated (QIA) system is proposed without quantum entanglement. The public key acts as the authentication key of a user. Following the idea of the classical public key infrastructure (PKI), a trusted center of authentication (CA) is involved. The user selects a public key randomly and CA generates a private key for the user according to his public key. When it is necessary to perform QIA, the user sends a sequence of single photons encoded with its private key and a message to CA. According to the corresponding secret key kept by CA, CA performs the unitary operations on the single photon sequence. At last, the receiver can judge whether the user is an impersonator.  相似文献   

9.
Blind signature allows a user to get a signature of a signer on an arbitrary message,and the verifier can convince that the signature is indeed signed by the signer without leaking any information about the message.This property is necessary when the user’s privacy needs protection,such as a bank bill,a trade secret,etc.As an alternative of public key infrastructure,the identity-based system can simplify the key management procedures in certificate-based public key systems.Inspired by the requirement of identity-based blind signature in the post quantum world,we research on identity-based blind signature based on hard lattice problems under the random Oracle model.We propose a construction built upon the blind signature by Rückert,and it is proved to be one-more unforgeable against selective identity and chosen message attacks(s ID-CMA)and unconditionally blind.The proposed scheme has 2 moves,and its security can be reduced to the small integer solution(SIS)problem.  相似文献   

10.
Digital signature scheme is a very important research field in computer security and modern cryptography. A(k,n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not he generatedby any h 1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key.  相似文献   

11.
为适应密码技术在无线通信中的应用要求,Aydos、Mangipudi等人以椭圆曲线密码为基础,分别提出了适用于无线通信网络的身份认证和密钥交换协议.而研究发现,这些协议中仍存在中间人攻击、服务后否认、假冒攻击等安全隐患,且不能提供前向保密性.为此,本文提出一个安全的身份认证和密钥交换协议,经验证说明该协议不仅能防止上述安全隐患,而且执行效率更好,适于为无线通信环境中用户端与服务器间进行相互认证,建立一个双方共享的会话密钥.  相似文献   

12.
针对现有SIP协议安全方案无法检测窃听、以及经典密码体制面临量子计算攻击时的脆弱性问题,提出了一种将量子用户身份认证及密钥协商与SIP协议结合的方案。SIP服务器制备三粒子W态并将其中两个粒子分发给SIP用户,首先对随机插入的粒子进行测量以检测窃听,然后通过量子操作与测量验证用户身份;密钥协商阶段,三方不需制备与分发新的W态,仍基于持有的W态进行随机测量,SIP用户根据有效测量结果生成初始会话密钥.性能分析表明本方案能够对抗伪装攻击与窃听攻击,有效提高SIP协议安全性。  相似文献   

13.
The certificateless authenticated key agreement protocol proposed by Mandt et al does not haVE the property of key-compromise impersonation (K-CI) resilience. An improved protocol with a simple modification of their protocol is proposed in this paper. In particular, our improved protocol is proved to be immune to the K-CI attack and at the same time possess other security properties.  相似文献   

14.
基于双线性对的域间认证与密钥协商协议   总被引:1,自引:0,他引:1  
结合代理签名和签密方案的特点,以双线性对为工具,设计了一个域间电子商务的认证与密钥协商协议。该协议能够实现移动用户与服务提供商之间的双向认证和移动用户的匿名性,并且会话密钥保持了新鲜性,做到一次一密钥,保证了协议的公平性和实用性,能够克服重放攻击、拒绝服务攻击、中间人攻击和密钥泄漏假冒攻击。  相似文献   

15.
身份认证问题是网络安全中的重要研究课题.Wu和Chieu提出了一种对用户友好的基于智能卡的远程用户认证方案,但Khan指出该方案存在安全缺陷,容易遭受假冒攻击、服务器欺骗攻击以及智能卡偷窃攻击.该文针对Khan提出的安全缺陷,提出了一种新的认证方案,该方案能有效抵御Khan指出的各种攻击,同时实现了双向认证并设计了口令更改方法.  相似文献   

16.
Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.  相似文献   

17.
A conspiracy attack is proposed to show that Wang-Li‘s scheme is insecure, because any t or more group members can impersonate other t members to sign any message without holding the responsibility. To avoid the conspiracy attack, this paper presents a new (t, n) threshold signature scheme with traceable signers.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号