移动通信中的密钥托管方案

本文以文献（３）中移动通信网的安全密解分配协议为基础,提出了一种适用于数字移动通信网的密钥托管方案,该方案能够保证移动用户间的安全通信,实现网络中心与通信双方的相互认证,并提供给法律执行机构实时监听无线通信的能力。     

基于修正EIGamal签名的移动用户认证方案

本文根据L.Harn提出的修正EIGamal签名方案和Rabin公钥加密体制,提出了数字移动通信网中一种高效的认证与密钥分配方案.与[6]的方案相比,新方案具有以下改进(1)由于采用了修正EIGamal签名方案,用户在预备阶段的计算量有所降低.(2)在实时呼叫建立阶段,网络的计算负荷有所减少.(3)方案中没有采用单钥体制,因此降低了方案实现时的成本.分析结果表明,该方案不仅具有较低的计算复杂度,而且具有很高的安全性.     

基于修正ElGamal签名的移动用户认证方案

本文根据L.Harn提出的修正ElGamal签名方案和Rabin公钥加密体制,提出了数字移动通信网中一种高效的认证与密钥分配方案。与[6]的方案相比,新方案具有以下改进:(1)由于采用了修正ElGamal签名方案,用户在预备阶段的计算量有所降低。(2)在实时呼叫建立阶段,网络的计算负荷有所减少。(3)方案中没有采用单钥体制,因此降低了方案实现时的成本。分析结果表明,该方案不仅具有较低的计算复杂度,而且具有很高的安全性。     

TETRA数字集群系统端到端保密通信的实现

文章研究了TETRA数字集群系统的端到端保密通信技术,通过分析TETRA系统所面临着的安全威胁,提出了一种端到端加密的设计方案,包括密钥管理及移动台端到端的加密通信,实现了TETRA集群系统内从发送端用户到接收端用户间的信息通信全程保密.     

计算机支持的协同工作中的安全机制

分析和比较了3种可在协同工作中采用的安全机制，包括基于单钥体制、基于公钥体制，以及基于混合方式的安全机制。单钥体制更适合于保密通信，公钥体制更适合于分配单钥体制的密钥，而混合方式则兼有单钥体制及公钥体制的优点，因而更符合协同工作系统对于安全机制的要求。     

一种基于移动网络的端到端认证机制

为基于移动网络的业务通信双方-业务签约者和业务提供者之间建立一种端到端的相互信任关系,提出了一种新的基于移动网络的应用服务端到端认证机制。研究了移动网络业务通信的发展趋势和安全威胁,介绍了3GPP中的通用鉴权框架的认证机理,指出了它的不足,并且提出了改进方法。介绍了端到端认证机制的总体框架和协议流程,并对其安全性、通用性、灵活性进行了分析。给出了该认证机制的应用场景。     

基于移动设备的USB Key身份认证方案

提出一种基于移动设备的USB Key身份认证方案,主要用于解决在移动设备端传统身份认证技术中存在的安全问题。在移动设备端使用USB Key身份认证技术可以很好地提高移动设备对用户身份认证的安全性。主要从两方面进行论述:移动设备端是如何获取USB Key中的数字证书并进行身份认证,从而保证移动设备环境下的安全;移动设备端的用户是如何进行身份认证,从而保证应用服务的安全性。通过安全性分析和实验可得出,这种身份认证技术可有效地抵御移动设备端账户和服务攻击。     

一种基于移动公网的安全专网认证与密钥协商方案

针对移动公网保障端到端安全的不足,提出了一种基于改进的Diffie-Hellman密钥交换协议机制的安全专网认证和密钥协商设计方案。该方案可以在终端接入移动公网的基础上,实现通信双方端到端的相互认证,同时协商出独立于网络的密钥。性能分析表明,该方案结构简单,安全高效,符合移动通信系统的要求。     

可完全脱离信赖第三方的认证系统

本文基于最子密码提出了一种新的认证体系,并提出了几个基于最子密的认证方案,这些方案以最近提出的量子密码学为基础,实现了单钥体制认证方案和双钥体制认证方案中能实现的认证功能,并具有这两种体 中无法实现的优点,特点是该方案的认证性和可信赖第三方（trusted third party)无关,其认证体系的建立过程量种动态过程。     

适用于Intranet的分层鉴别与密钥分配协议

根据ISO制定的网络安全结构,结合Internet的具体特点,提出了一种解决Internet安全性的安全模式,并设计了一个适用于Internet环境的鉴别与密钥分配协议。新协议采用分层机制,在低层利用Intranet的已有鉴别与密钥分配协议,在高层则采用双钥密码体制设计了一个跨Intranet的鉴别与密钥分配协议。该协议不必更换客户机原有的应用软件,只需增加一个网际鉴别服务器,在原鉴别服务器的数据库中增添网际鉴别服务器的密钥即可实现跨Intranet保密通信。新协议与已有协议有很好的兼容性,安全性高,有利于网络的安全管理,并可以在各种远程访问中建立Intranet间的端—端保密通信。     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

移动自组网中基于多跳步加密签名 函数签名的分布式认证

移动自组网Manet(Mobile Ad Hoc Network)是一种新型的无线移动网络,由于其具有网络的自组性、拓扑的动态性、控制的分布性以及路由的多跳性,所以,传统的安全机制还不能完全保证Manet的安全,必须增加一些新的安全防范措施.本文探讨了Manet所特有的各种安全威胁,提出了一种基于多跳步加密签名函数签名的安全分布式认证方案,即将移动密码学与(n,t)门槛加密分布式认证相结合,并采用了分布式容错处理算法和私钥分量刷新技术以发现和避免攻击者假冒认证私钥进行非法认证以及保护私钥分量和认证私钥不外泄.     

协议组合逻辑安全的4G无线网络接入认证方案

针对4G无线网络中移动终端的接入认证问题,基于自证实公钥系统设计了新的安全接入认证方案,并运用协议演绎系统演示了该方案形成的过程和步骤,用协议组合逻辑对该方案的安全属性进行了形式化证明.通过安全性证明和综合分析,表明该方案具有会话认证性和密钥机密性,能抵御伪基站攻击和重放攻击,并能提供不可否认服务和身份隐私性,同时提高了移动终端的接入效率     

An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client–server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client–server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.’s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.’s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client–server environment. Performance analysis shows that our protocol has better performance than Wu et al.’s protocol and Yoon et al.’s protocol. Then our protocol is more suited for mobile client–server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

Design and Implementation to Authentication over a GSM System Using Certificate-Less Public Key Cryptography (CL-PKC)

Recent years, the mobile technology has experienced a great increment in the number of its users. The GSM’s architecture provides different security features like authentication, data/signaling confidentiality and secrecy of user yet the channel is susceptible to replay and interleaved. It always remains relevant as it is important in all types of application. Global system for mobile (GSM) communications has become the most popular standard for digital cellular communication. The GSM security system depends on encryption, authentication algorithms and information from SIM card. In this research paper, we proposed the design and implementation of a new authentication scheme by using certificate-less public key cryptography (CL-PKC) over the GSM system was attempted to miss some system detail. This research paper, we also proposed the GSM system and its security and public key cryptography with a focus in the CL-PKC; the CL-PKC is a simple, useful and robust security scheme designed and implemented over GSM. Our approach is more efficient than other competing topologies. We solved the GSM problem in A3 algorithm such as eavesdropping and this problem solved by CL-PKC because of its robustness against this type of attack by providing mutual authentication make the system more secure.     

An efficient heterogeneous key management approach for secure multicast communications in ad hoc networks

In a mobile wireless ad hoc network, mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. Instead, the mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range. As the use of wireless networks increases, security in this domain becomes a very real concern. One fundamental aspect of providing confidentiality and authentication is key distribution. While public-key encryption has provided these properties historically, ad hoc networks are resource constrained and benefit from symmetric key encryption. In this paper, we propose a new key management mechanism to support secure group multicast communications in ad hoc networks. The scheme proposes a dynamic construction of hierarchical clusters based on a novel density function adapted to frequent topology changes. The presented mechanism ensures a fast and efficient key management with respect to the sequential 1 to n multicast service.