基于Schnorr签名体制的远程用户认证系统

提出了一个新的基于Schnorr签名体制和智能卡的远程用户认证系统，系统不需要使用传统的通行字表，并可防范重放攻击，能够安全而有效地工作在通信链路不安全的网络环境中。     

实现双向认证的安全电子邮件系统的研究

分析了目前广泛应用的几种安全电子邮件协议在实际应用中存在的不足，特别是在安全机制方面的不足，提出了一种基于认证中心(CA)的在线认证的安全电子邮件系统实现方案，该系统实现了安全电子邮件系统中收、发邮件的双向不可否认性和不可抵赖性。     

用户信任度的评估方法研究

针对“账号密码一致性”用户认证方法的不足，提出了一种对用户进行信任度评估的方法，并给出了其详细的定义和实现策略。该方法在一定程度上提高了“账号密码”身份认证方法的有效性。     

Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards.     

应用于移动环境中的WLAN接入网结构

文章介绍了把无线局域网接入与GSM,GPRS漫游融合在一起的运营无线局域网(OWLAN),分析了OWLAN的主要系统单元及功能,讨论了基于用户识别模块(SIM)的鉴权、漫游和计费机理。     

An Efficient Lightweight Authentication and Key Agreement Protocol for Patient Privacy

Tele-medical information system provides an efficient and convenient way to connect patients at home with medical personnel in clinical centers. In this system, service providers consider user authentication as a critical requirement. To address this crucial requirement, various types of validation and key agreement protocols have been employed. The main problem with the two-way authentication of patients and medical servers is not built with thorough and comprehensive analysis that makes the protocol design yet has flaws. This paper analyzes carefully all aspects of security requirements including the perfect forward secrecy in order to develop an efficient and robust lightweight authentication and key agreement protocol. The secureness of the proposed protocol undergoes an informal analysis, whose findings show that different security features are provided, including perfect forward secrecy and a resistance to DoS attacks. Furthermore, it is simulated and formally analyzed using Scyther tool. Simulation results indicate the protocol’s robustness, both in perfect forward security and against various attacks. In addition, the proposed protocol was compared with those of other related protocols in term of time complexity and communication cost. The time complexity of the proposed protocol only involves time of performing a hash function T_h, i.e.,: O(12T_h). Average time required for executing the authentication is 0.006 seconds; with number of bit exchange is 704, both values are the lowest among the other protocols. The results of the comparison point to a superior performance by the proposed protocol.     

一种用于松散耦合的分布式信息系统的身份认证协议

随着计算机网络和信息系统的飞速发展,在现有的异构的信息系统基础上共享信息的要求越来越迫切,本文提出了构造松散耦合的分布式信息系统的方法来解决这个问题,ＬＣＤＩＳ中的一个关键总是就是其安全性。本文首先提出了ＬＣＤＩＳ的概念,并对其进行了形式化的描述。由于ＬＣＩＤＩＳ具有自身的特点,因此不能直接采用 身份认证协议。我们针对其特点,提出了一种专用的身份认证协议。该协议已经成功地用于实际的松散耦合的分布式     

消息认证码研究

消息认证码（Message Authentication Code，MAC）是密码学中一个重要的研究方向，它是保证消息完整性的基本算法，被广泛应用于各种安全系统中。本文研究了各种消息认证码，对当前流行的MAC进行了分类，介绍了它们各自的构造方法及优缺点，并对某些MAC进行了比较，最后提出了进一步可做的工作。     

USBKey身份认证系统的设计与实现

系统地介绍了在研制开发利用计算机的标准USB接口及实现一种低成本、高可靠、简便易用、基于硬件(USBKey)的身份认证系统的过程中所攻克的关键技术及实现方法,包括用于实现实时监测用户是否在线的心跳机制、USBKey ID的惟一性方案、加密方案、用户的公钥、用户的私钥以及扰码的加密算法及记录方法、读码、写码、通信时的安全机制等.     

用ECDSA协议实现试卷分析系统数字签名的设计

为了适应高校新的培养和管理模式,设计了基于校园网的试卷分析系统.在该系统中,成绩和试卷分析内容的录入,由教师登录到试卷分析管理系统直接录入,然后加上数字签名,有效地防止了非法用户录入或者修改试卷分析的内容以及学生的成绩.由于椭圆曲线离散对数问题具有抗攻击性强、计算量小、处理速度快等优点,因此本文中的数字签名采用基于椭圆曲线的ECDSA协议,提高了系统的效率和安全性.