基于认证的反射DDoS源追踪新方案研究

利用基于密钥集序列的消息认证码理论，以动态概率包标记和现代代数理论为基础，针对当前危害甚大的分布式反射拒绝服务攻击，提出了一种新的基于认证的源IP追踪方案。通过采用一种新的动态概率序列，既达到了较高的追踪收敛率，又能有效过滤掉攻击者伪造的垃圾数据包。采用基于密钥集序列的HMAC算法，对标记信息进行认证，防止攻击者修改已有的标记信息，达到较高的安全性和抗干扰性。     

A non-intrusive biometric authentication mechanism utilising physiological characteristics of the human head

This paper proposes and evaluates a non-intrusive biometric authentication technique drawn from the discrete areas of biometrics and Auditory Evoked Responses. The technique forms a hybrid multi-modal biometric in which variations in the human voice due to the propagation effects of acoustic waves within the human head are used to verify the identity of a user. The resulting approach is known as the Head Authentication Technique (HAT). Evaluation of the HAT authentication process is realised in two stages. First, the generic authentication procedures of registration and verification are automated within a prototype implementation. Second, a HAT demonstrator is used to evaluate the authentication process through a series of experimental trials involving a representative user community. The results from the trials confirm that multiple HAT samples from the same user exhibit a high degree of correlation, yet samples between users exhibit a high degree of discrepancy. Statistical analysis of the prototype performance realised system error rates of 6% False Non-Match Rate (FNMR) and 0.025% False Match Rate (FMR).     

Authentication of Individuals using Hand Geometry Biometrics: A Neural Network Approach

Biometric based systems for individual authentication are increasingly becoming indispensable for protecting life and property. They provide ways for uniquely and reliably authenticating people, and are difficult to counterfeit. Biometric based authenticity systems are currently used in governmental, commercial and public sectors. However, these systems can be expensive to put in place and often impose physical constraint to the users. This paper introduces an inexpensive, powerful and easy to use hand geometry based biometric person authentication system using neural networks. The proposed approach followed to construct this system consists of an acquisition device, a pre-processing stage, and a neural network based classifier. One of the novelties of this work comprises on the introduction of hand geometry’s related, position independent, feature extraction and identification which can be useful in problems related to image processing and pattern recognition. Another novelty of this research comprises on the use of error correction codes to enhance the level of performance of the neural network model. A dataset made of scanned images of the right hand of fifty different people was created for this study. Identification rates and Detection Cost Function (DCF) values obtained with the system were evaluated. Several strategies for coding the outputs of the neural networks were studied. Experimental results show that, when using Error Correction Output Codes (ECOC), up to 100% identification rates and 0% DCF can be obtained. For comparison purposes, results are also given for the Support Vector Machine method.     

一种安全的远程用户认证方案

基于椭圆曲线上的双线性映射设计的远程用户认证方案，因安全性好、计算复杂度较小近年来成为了研究的热点。Manik提出了一种基于双线性映射的远程用户认证方案，随后Chou等指出其方案针对假冒攻击是不安全的，并给出了一种改进方案，但Thulasi指出该改进方案仍是不安全的。该文对已有的攻击方法进行了简单分析，提出了一种新的改进方案，并对其安全性进行了分析，新的方案针对已有的攻击方法是安全的，从而解决了基于双线性映射的远程用户认证方案的安全问题。     

基于WLAN的域间认证和密钥协商协议

根据无线用户访问对象的不同,分别提出了无线用户和本地域及异地域之间的双向认证协议,包含了用于后续通信的会话密钥协商,具有较好的安全性.协议引入了别名机制,防止了用户信息的泄漏,算法主要涉及对称加密和散列函数计算,相比公钥体制具有更小的计算开销,较适合无线设备.     

A secure authentication and billing architecture for wireless mesh networks

Wireless mesh networks (WMNs) are gaining growing interest as a promising technology for ubiquitous high-speed network access. While much effort has been made to address issues at physical, data link, and network layers, little attention has been paid to the security aspect central to the realistic deployment of WMNs. We propose UPASS, the first known secure authentication and billing architecture for large-scale WMNs. UPASS features a novel user-broker-operator trust model built upon the conventional certificate-based cryptography and the emerging ID-based cryptography. Based on the trust model, each user is furnished with a universal pass whereby to realize seamless roaming across WMN domains and get ubiquitous network access. In UPASS, the incontestable billing of mobile users is fulfilled through a lightweight realtime micropayment protocol built on the combination of digital signature and one-way hash-chain techniques. Compared to conventional solutions relying on a home-foreign-domain concept, UPASS eliminates the need for establishing bilateral roaming agreements and having realtime interactions between potentially numerous WMN operators. Our UPASS is shown to be secure and lightweight, and thus can be a practical and effective solution for future large-scale WMNs. Yanchao Zhang received the B.E. degree in Computer Communications from Nanjing University of Posts and Telecommunications, Nanjing, China, in July 1999, and the M.E. degree in Computer Applications from Beijing University of Posts and Telecommunications, Beijing, China, in April 2002. Since September 2002, he has been working towards the Ph.D. degree in the Department of Electrical and Computer Engineering at the University of Florida, Gainesville, Florida, USA. His research interests are network and distributed system security, wireless networking, and mobile computing, with emphasis on mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and heterogeneous wired/wireless networks. Yuguang Fang received the BS and MS degrees in Mathematics from Qufu Normal University, Qufu, Shandong, China, in 1984 and 1987, respectively, a Ph.D degree in Systems and Control Engineering from Department of Systems, Control and Industrial Engineering at Case Western Reserve University, Cleveland, Ohio, in January 1994, and a Ph.D degree in Electrical Engineering from Department of Electrical and Computer Engineering at Boston University, Massachusetts, in May 1997. From 1987 to 1988, he held research and teaching position in both Department of Mathematics and the Institute of Automation at Qufu Normal University. From September 1989 to December 1993, he was a teaching/research assistant in Department of Systems, Control and Industrial Engineering at Case Western Reserve University, where he held a research associate position from January 1994 to May 1994. He held a post-doctoral position in Department of Electrical and Computer Engineering at Boston University from June 1994 to August 1995. From September 1995 to May 1997, he was a research assistant in Department of Electrical and Computer Engineering at Boston University. From June 1997 to July 1998, he was a Visiting Assistant Professor in Department of Electrical Engineering at the University of Texas at Dallas. From July 1998 to May 2000, he was an Assistant Professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology, Newark, New Jersey. In May 2000, he joined the Department of Electrical and Computer Engineering at University of Florida, Gainesville, Florida, where he got early promotion to Associate Professor with tenure in August 2003, and to Full Professor in August 2005. His research interests span many areas including wireless networks, mobile computing, mobile communications, wireless security, automatic control, and neural networks. He has published over one hundred and fifty (150) papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He also received the 2001 CAST Academic Award. He is listed in Marquis Who’s Who in Science and Engineering, Who’s Who in America and Who’s Who in World. Dr. Fang has actively engaged in many professional activities. He is a senior member of the IEEE and a member of the ACM. He is an Editor for IEEE Transactions on Communications, an Editor for IEEE Transactions on Wireless Communications, an Editor for IEEE Transactions on Mobile Computing, an Editor for ACM Wireless Networks, and an Editor for IEEE Wireless Communications. He was an Editor for IEEE Journal on Selected Areas in Communications: Wireless Communications Series, an Area Editor for ACM Mobile Computing and Communications Review, an Editor for Wiley International Journal on Wireless Communications and Mobile Computing, and Feature Editor for Scanning the Literature in IEEE Personal Communications. He has also actively involved with many professional conferences such as ACM MobiCom’02 (Committee Co-Chair for Student Travel Award), MobiCom’01, IEEE INFOCOM’06, INFOCOM’05 (Vice-Chair for Technical Program Committee), INFOCOM’04, INFOCOM’03, INFOCOM’00, INFOCOM’98, IEEE WCNC’04, WCNC’02, WCNC’00 (Technical Program Vice-Chair), WCNC’99, IEEE Globecom’04 (Symposium Co-Chair), Globecom’02, and International Conference on Computer Communications and Networking (IC3N) (Technical Program Vice-Chair).     

Detecting unauthorized and compromised nodes in mobile ad hoc networks

Security of mobile ad hoc networks (MANET) has become a more sophisticated problem than security in other networks, due to the open nature and the lack of infrastructure of such networks. In this paper, the security challenges in intrusion detection and authentication are identified and the different types of attacks are discussed. We propose a two-phase detection procedure of nodes that are not authorized for specific services and nodes that have been compromised during their operation in MANET. The detection framework is enabled with the main operations of ad hoc networking, which are found at the link and network layers. The proposed framework is based on zero knowledge techniques, which are presented through proofs.     

移动Ad Hoc网络的安全体系结构研究

移动Ad Hoc网络是一种特殊的自组织无中心多跳的无线网络，网内节点所具有的移动和分布特性使得安全成为网络设计的重点。本文首先对移动Ad Hoc网络的特点进行了介绍，然后结合移动Ad Hoc网络的特点分析了移动Ad Hoc网络面临的安全威胁，最后从系统体系结构的角度对移动Ad Hoc网络的安全问题进行了详细讨论。     

基于指纹识别和数字认证的网络商务系统

讨论了一种互联网上实现电子身份认证的系统方案，提出用指纹识别和数字认证相结合的方式来实现具备高安全特性的在线支付，同时介绍了指纹识别算法并给出了整个系统的体系结构及工作流程。     

不稳定信道上的组播实时认证协议

在组播认证协议TESLA的基础上引入消息分散算法,提出一个全新的组播认证协议,它能够为不稳定信道上的组播通信提供实时认证。文章最后给出了该协议详细的性能分析。该文提出的组播认证协议是要为每个数据包增加60～80字节的认证信息就可以为很高丢包率(≈50%)的组播通信提供99%以上的实时认证率。协议还增加了系统的可扩展性,可以为分布更广、组员规模更大的组播应用提供安全认证。