共查询到19条相似文献,搜索用时 171 毫秒
1.
2.
基于三种密码体制的会话密钥分配协议 总被引:3,自引:0,他引:3
简介了基于对称密钥密码体制、公钥密码体制的会话密钥分配协议,着重介绍了基于近年来新兴的量子密码体制的一种会话密钥分配协议,最后给出了几点设计会话密钥分配协议的原则。 相似文献
3.
依据实际实验,对黑客常用的网络入侵方法进行了分析和总结,并对NIPS的在线检测和入侵防护方法做了具体的介绍(包括NIPS的特征匹配、协议分析和异常检测的特点)。通过检测攻击行为的特征,来检查当前网络的会话状态,避免受到欺骗攻击,这点对于网络入侵在线检测和入侵防护是非常有效的。 相似文献
4.
在分布式系统中,客户向对方证实自己的身份以及建立会话密钥已是非常重要,密码协议的实施就是达到这种目的的有效方法。但密码协议的设计容易出错。本文给出了一种密码协议分析和检测模型,该模型对密码协议的描述简单而且直观。在此模型中,协议被描述成状态变换系统,通过对系统状态的检测,能够发现协议中存在的泄漏。最后,给出了如何将改进的TMN协议模型化,并找出了一种新的攻击,同时,给出了TMN协议的进一步改进。 相似文献
5.
针对飞信协议尚未公开与复杂互联网环境带来的飞信各类应用相关协议识别困难以及单包通联关系缺失等问题,基于SIP协议的基本框架,从文本聊天、文件传输以及音/视频通信三方面解析了飞信常用业务的协议交互过程;提出了端口与正则表达式相结合的飞信协议识别方法和基于会话还原的飞信通联关系提取方法,能够从大量混杂的数据包中快速定位飞信业务报文,获得飞信多种通信行为的通联关系。实验结果证明了本文方法的有效性。 相似文献
6.
7.
认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议. 相似文献
8.
指出Bellare和Rogaway在1995年提出的三方密钥分发模型——Bellare-Rogaway 3PKD模型的安全性定义存在缺陷。为此,设计了一个新的三方密钥分发协议P-Flaw。该协议在Bellare-Rogaway 3PKD模型下是可证明安全的。但是通过分析发现该协议不能够抵抗服务器欺骗攻击、已知会话密钥攻击和重放攻击等攻击形式,其原因在于Bellare-Rogaway 3PKD模型不能够对分发的会话密钥进行源识别。利用匹配会话的概念,修正了Bellare-Rogaway 3PKD模型的安全性定义。 相似文献
9.
10.
SIP,会话发起协议。未来的信息网是一个基于全IP的网络平台,在这个平台上运营商能够为用户提供丰富的综合性新业务,需要一个公共的协议来进行多设备供应商之间、多协议之间的翻译和互通,SIP框架思想是实现下一代网络解决方案的正确手段。本文对SW进行了概括性的介绍并说明如何建立SIP会话,并与ITU-T提出的H.323比较,说明SW的优越性。 相似文献
11.
A formal method for analyzing the security of cryptographic protocols is presented. This method is based on an original representation of the participants' knowledge. The author proves the probabilistic properties of the cryptographic protocols and models the possible attacks on these protocols. This method is applied to well-known protocols like the Kerberos authentication protocol and the X.509 standard 相似文献
12.
Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography 总被引:1,自引:0,他引:1
Byzantine agreement requires a set of parties in a distributed system to
agree on a value even if some parties are maliciously misbehaving. A new
protocol for Byzantine agreement in a completely asynchronous network is
presented that makes use of new cryptographic protocols, specifically
protocols for threshold signatures and coin-tossing. These cryptographic
protocols have practical and provably secure implementations in the
random oracle model. In particular, a coin-tossing protocol based on
the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical
and theoretically optimal because it tolerates the maximum number of
corrupted parties, runs in constant expected rounds, has message and
communication complexity close to the optimum, and uses a trusted dealer
only once in a setup phase, after which it can process a virtually unlimited
number of transactions. The protocol is formulated as a transaction processing service in a
cryptographic security model, which differs from the standard
information-theoretic formalization and may be of independent interest. 相似文献
13.
The recently proposed universally composable security framework for analyzing security of cryptographic
protocols provides very strong security guarantees. In particular,
a protocol proven secure in this framework is guaranteed to
maintain its security even when run concurrently with arbitrary
other protocols. It has been shown that if a majority of the parties are
honest, then universally composable
protocols exist for essentially any cryptographic task
in the plain model (i.e., with no set-up assumptions beyond that of
authenticated communication).
When honest majority is not guaranteed, general feasibility results are
known only when given a trusted set-up, such as in the common reference string
model. Only little was known regarding the existence of
universally composable protocols in the plain model without
honest majority, and in particular regarding the
important special case of two-party protocols. We study the
feasibility of universally composable two-party function
evaluation in the plain model. Our results show that in this
setting, very few functions can be securely computed in the
framework of universal composability. We demonstrate this by
providing broad impossibility results that apply to large classes
of deterministic and probabilistic functions. For some of these
classes, we also present full characterizations of what can and
cannot be securely realized in the framework of universal
composability. Specifically, our characterizations are for the
classes of deterministic functions in which (a) both parties
receive the same output, (b) only one party receives output, and
(c) only one party has input. 相似文献
14.
One of the greatest obstacles to wide-spread deployment of wireless mobile systems is security. Cryptographically strong protocols
and algorithms are required to enable secure communication over links that are easy to monitor and control by an attacker.
While good cryptographic algorithms exist, it is difficult to design protocols that are immune to malicious attack. Good analysis
techniques are lacking. This paper presents extensions to a technique for specifying and analyzing nonmonotonic cryptographic
protocols that use asymmetric keys. We introduce new actions and inference rules, as well as slight modifications to the Update
function. An important observation is that reasoning about the origin of messages is quite different when dealing with asymmetric
key protocols. We also introduce the notion that keys in certificates should be bound to the principals receiving them. We extend the technique to meet the binding requirements and show how the flaw in the Denning
and Sacco public key protocol, which was discovered by Abadi and Needham, is revealed. We demonstrate the extended technique
using one protocol of our own and the Needham and Schroeder public key protocol. We also introduce and analyze a fix to a
known weakness in Needham and Schroeder’s protocol using our extended technique. Finally, we present several applications
of these techniques to protocols for mobile computing over wireless networks.
This revised version was published online in June 2006 with corrections to the Cover Date. 相似文献
15.
16.
为了保证RFID系统的信息安全,本文在分析现有RFID认证协议的基础上,提出一种基于Grain-Mac流密码加密算法的双向安全认证协议,采用流密码和密钥动态更新的方法实现了标签与阅读器的双向认证。仿真结果表明,该协议成本低、效率高、安全性好,且能够有效抵抗拒绝服务攻击,达到了预期的效果。 相似文献
17.
Chin‐Feng Lee Hung‐Yu Chien Chi‐Sung Laih 《International Journal of Communication Systems》2012,25(3):376-385
This paper focuses on two interesting radio‐frequency identification (RFID) cryptographic protocols: the server‐less RFID authentication protocol that allows readers to authenticate tags without the help of any online backend servers, and the RFID searching protocol in which the verifier explicitly specifies the target tag to be searched and authenticated. These two kinds of RFID protocols play important roles in many RFID applications; however, the existing protocols either had security weaknesses or exhibited poor efficiency. This paper shows the weaknesses, and then proposes our server‐less RFID authentication protocol and RFID searching protocol. The proposed protocols greatly enhance the security using one more hashing. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
18.
Canim M Kantarcioglu M Malin B 《IEEE transactions on information technology in biomedicine》2012,16(1):166-175
The biomedical community is increasingly migrating toward research endeavors that are dependent on large quantities of genomic and clinical data. At the same time, various regulations require that such data be shared beyond the initial collecting organization (e.g., an academic medical center). It is of critical importance to ensure that when such data are shared, as well as managed, it is done so in a manner that upholds the privacy of the corresponding individuals and the overall security of the system. In general, organizations have attempted to achieve these goals through deidentification methods that remove explicitly, and potentially, identifying features (e.g., names, dates, and geocodes). However, a growing number of studies demonstrate that deidentified data can be reidentified to named individuals using simple automated methods. As an alternative, it was shown that biomedical data could be shared, managed, and analyzed through practical cryptographic protocols without revealing the contents of any particular record. Yet, such protocols required the inclusion of multiple third parties, which may not always be feasible in the context of trust or bandwidth constraints. Thus, in this paper, we introduce a framework that removes the need for multiple third parties by collocating services to store and to process sensitive biomedical data through the integration of cryptographic hardware. Within this framework, we define a secure protocol to process genomic data and perform a series of experiments to demonstrate that such an approach can be run in an efficient manner for typical biomedical investigations. 相似文献