共查询到20条相似文献,搜索用时 46 毫秒
1.
本文讨论了为什么要实现密钥协商的Kerberos化(Kerberized Internet Negotiation of Keys,简称KINK)和怎样在IKE(Internet Key Exchange,简称IKE)的基础上进行KINK,提出了一种在Linux系统中实现KINK的方案。 相似文献
2.
3.
针对Kerberos单点登录协议存在的口令攻击、重放攻击、密钥需要托管和效率不高等问题,引入一种无对数运算的无证书隐式认证与密钥协商协议对其进行了改进。在随机预言机模型下证明了新协议的强安全性,分析了改进后Kerberos单点登录协议的优势。引入的密钥协商协议仅需3次点乘运算和2次哈希运算,计算开销较低。采用隐式认证方式,避免了原Kerberos中第三方对信息的无举证窃听,有效克服了中间人攻击。 相似文献
4.
5.
Kerberos认证协议容易遭受口令攻击和重放攻击,且需要2次双线性对运算、2次指数运算和1次椭圆曲线上的点乘运算,计算量大。为此,利用高效的无证书密钥协商对Kerberos协议进行改进。用户与认证服务器之间通过使用无证书签密技术抵抗伪造攻击。分析结果证明,改进协议符合密钥协商的6个基本安全要求,满足已知密钥安全性、完美前向安全性、抗未知密钥共享安全性、密钥不可控性、已知会话临时信息安全性,能抵抗口令攻击、重放攻击、中间人攻击及密钥泄漏伪装攻击,并且仅需3次点乘运算,具有较高的效率。 相似文献
6.
基于口令的跨域密钥协商协议和Kerberos协议无法抵抗口令猜测攻击,在金融、航天等通信安全需求高的场所,需要一种更有效的协议来保证通信安全。给出一种新的基于PKI体系的跨域密钥协商协议,采用公钥算法保证数据传输的安全,结合使用Diffie-Hellman协议生成会话密钥。协议有效地解决了利用预置共享密钥参与加/解密实施中间人攻击,以及Kerberos弱口令导致的攻击者可以实施口令猜测攻击的问题。跨域通信的公钥信息仅存储在各自域认证服务器,域内用户不需要配置跨域服务器的公钥信息,降低了配置复杂度、域内用户和域认证服务器之间密钥管理的复杂性,同时提高了域服务器鉴别身份的能力和信息机密性,使其免疫多种攻击,具有良好的前向安全性和扩展性。 相似文献
7.
为解决SSL协议在实际应用中存在的诸如加密密钥可能会被破解,更改密钥规范消息可能被拦截丢弃,不能抗抵赖等问题,引入Kerberos机制,隐藏重要参数,提出基于SSL的"双密钥机制"认证密钥协商协议,并对其进行系统的安全性分析。 相似文献
8.
基于PKI的Kerberos跨域认证协议的实现与分析 总被引:3,自引:0,他引:3
一、引言认证是一种用于确认实际通信双方是否是对方所声称的人的一种技术。随着网络应用日益普及、电子商务的日渐发展,网上交易、网上支付等的安全性越来越受到人们的重视。而在这些过程中,确认通信双方的身份是十分重要的。在传统的Kerberos协议中,用户根据职能、单位、需求等可以划分为不同的域,每个域中有各自的Ker-beros服务器,域中用户通过该Kerberos服务器认证,以访问域中服务。Kerberos协议本身就支持跨域认证:在实现过程中,首先通过交换域间密钥将两个域中的票证发放服务器(TGS)互相注册为对方域中的用户(两个方向上的域间密钥往往不同),然后,当一个域中的注册用户希望访问外域服务时,他向本地TGS服务器发送一个请求,申请外域TGT,本地TGS服务器用域间密钥加密外域TGT发放给用户;用户向外域 相似文献
9.
针对Kerberos协议的弱点和安全性问题,提出了一个基于混合加密机制的Kerberos改进方案,目的是防范口令攻击和内部攻击。给应用服务器和AS服务器分配公钥和私钥,用户与服务器之间的会话密钥由DH密钥交换生成。给出了改进后的 Kerberos 协议的六个步骤,并对安全性进行分析。分析结果表明,新方案能够增强Kerberos协议的安全性,而且比公钥加密机制高效。 相似文献
10.
Kerberos协议是一个被广泛采用的、基于可信任第三方提供安全认证服务的网络认证协议。利用共享的会话密钥,Kerberos协议保证了通信的机密性和完整性。描述了Kerberos5协议最新版本的基本原理,介绍了协议的详细过程,通过对比前一版本,分析了其改进之处和仍存在的不足。 相似文献
11.
张涛 《计算机测量与控制》2015,23(1):86-89
为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值. 相似文献
12.
In modern service-oriented architectures, database access is done by a special type of services, the so-called data access services (DAS). Though, particularly in data-intensive applications, using and developing DAS are very common today, the link between the DAS and their implementation, e.g. a layer of data access objects (DAOs) encapsulating the database queries, still is not sufficiently elaborated, yet. As a result, as the number of DAS grows, finding the desired DAS for reuse and/or associated documentation can become an impossible task. In this paper we focus on bridging this gap between the DAS and their implementation by presenting a view-based, model-driven data access architecture (VMDA) managing models of the DAS, DAOs and database queries in a queryable manner. Our models support tailored views of different stakeholders and are scalable with all types of DAS implementations. In this paper we show that our view-based and model driven architecture approach can enhance software development productivity and maintainability by improving DAS documentation. Moreover, our VMDA opens a wide range of applications such as evaluating DAS usage for DAS performance optimization. Furthermore, we provide tool support and illustrate the applicability of our VMDA in a large-scale case study. Finally, we quantitatively prove that our approach performs with acceptable response times. 相似文献
13.
《Information & Management》2016,53(6):787-802
Discrepant technological events or situations that entail a problem, a misunderstanding or a difficulty with the Information Technology (IT) being employed, are common in the workplace, and can lead to frustration and avoidance behaviors. Little is known, however, about how individuals cope with these events. This paper examines these events by using a multi-method pragmatic approach informed by coping theory. The results of two studies – a critical incident study and an experiment – serve to build and test, respectively, a theoretical model that posits that individuals use a variety of strategies when dealing with these events: they experience negative emotions, make external attributions, and adopt engagement coping strategies directed at solving the event, eventually switching to a disengagement coping strategy when they feel they have no control over the situation. Furthermore, users’ efforts may result in ‘accidental’ learning as they try to overcome the discrepant IT events through engagement coping. The paper ends with a discussion of the results in light of existing literature, future opportunities for research, and implications for practice. 相似文献
14.
Distributed real-time simulation is a young technology field but its practice is under increasing demands. In recent years the author and his collaborators have been establishing a new approach called the distributed time-triggered simulation (DTS) scheme which is conceptually simple and easy to use but widely applicable. The concept was initiated in the course of developing a new-generation object-oriented real-time programming scheme called the time-triggered message-triggered object (TMO) programming scheme. Some fundamental issues inherent in distributed real-time simulation that were learned during recent experimental studies are discussed along with some approaches for resolving the issues. An execution engine developed to support both the TMOs engaged in control computation and the TMOs engaged in DTS is also discussed along with its possible extensions that will enable significantly larger-scale DTSs. 相似文献
15.
Zusammenfassung Mit zunehmender Größe der Softwaresysteme verschärfen sich die für die Software-Herstellung typischen Probleme: Beherrschen großer Objektmengen, Erhalten der Systemkonsistenz, Kontrolle der ständigen Änderungseinflüsse und Gewährleisten einer langen Lebensdauer. Die Disziplin Konfigurationsmanagement bildet den methodischen Ansatz, diese Probleme besser zu beherrschen. Software-Konfigurationsmanagement faßt die Herstellung von Softwaresystemen als eine Abfolge von kontrollierten Änderungen an gesicherten Zwischen- und Endergebnissen auf. Dargestellt werden die Objekte und Funktionen des Software-Konfigurationsmanagements sowie die hierfür in großen Software-Projekten benötigten Methoden, Instanzen und Hilfsmittel. 相似文献
16.
《浙江大学学报:C卷英文版》2014,(11)
正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and 相似文献
17.
Zhao-hui WU 《浙江大学学报:C卷英文版》2014,(10)
正Brain-machine interfaces(BMIs)aim at building a direct communication pathway between the brain and an external device,and represent an area of research where significant progress has been made during the past decade.Based on BMIs,mind information can be read out by neural signals to control 相似文献
18.
《浙江大学学报:C卷英文版》2014,(10)
正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and overseas to the world’s scientific circles,especially to stimulate 相似文献
19.
20.
《浙江大学学报:C卷英文版》2014,(8)
正http://www.zju.edu.cn/jzus http://www.springerlink.com Aim The Journals of Zhejiang University-SCIENCE(A/B/C)are edited by the international board of distinguished Chinese and foreign scientists,and are aimed to present the latest developments and achievements in scientific research in China and overseas to the world’s scientific circles,especially to stimulate 相似文献
