共查询到20条相似文献,搜索用时 203 毫秒
1.
2.
3.
4.
5.
《电子技术与软件工程》2017,(10)
针对ZigBee网络节点入网认证机制中存在认证机制不完善、协调器的负载过大的不足,设计了基于多因子的ZigBee安全认证机制,以特定周期更新的新鲜因子并将其与节点硬件信息绑定,匹配节点上传的密钥信息因子和配置因子完成身份认证以防止非法节点入网对整个网络造成危害。安全性分析及测试结果表明,该机制在保证网络节点入网安全的前提下实现了协调器的负载均衡,改善了其综合性能。 相似文献
6.
7.
8.
提出一种以量子加密技术为核心的软件定义网络(Software-defined Network,SDN)的南向安全防护策略,建立了基于量子密钥分发的SDN网络模型并分析了该模型下的身份认证、量子密钥分发和自适应免疫窃听流程。推导出了本策略下窃听攻击强度、用于检测窃听的量子态数目的比例α、系统发现窃听者的概率、密钥分发效率之间的定量关系。通过动态仿真分析确立了不同攻击强度下系统参数α的最优选值区间。SDN控制器可根据该仿真结果,动态地决策系统中α的取值进行自适应免疫密钥分发,实施更为精准的窃听免疫方案。 相似文献
9.
PKMv2协议研究 总被引:1,自引:0,他引:1
IEEE 802.16的安全子层采用了认证客户端/服务器密钥管理协议,在该协议中基站(服务器)能够对分发给客户端SS的密钥进行控制.IEEE 802.16系列标准的安全性主要基于PKM协议.在初始授权密钥交换期间,BS使用基于数字证书的SS认证对客户端SS进行认证.PKM协议使用公钥密码技术建立SS与BS之间的共享密钥,SS也使用PKM协议支持周期性重认证和密钥更新.文章首先分析了PKMv2中安全子层的协议栈,然后给出了相互认证、授权密钥生成和安全认证的流程.同时,从支持的认证算法、安全关联种类和加密算法等方面将PKMv2和PKMv1进行了比较,并对PKMv2可能存在的安全威胁进行了详细的分析. 相似文献
10.
七号信令网中基于MTP3层的安全机制研究 总被引:1,自引:0,他引:1
七号信令系统作为电信网络的神经系统,其安全问题日益严重.给出了SS7网络面临的主要安全威胁,分析了攻击者利用网络缺乏认证机制,通过MTP3层的网络管理消息对七号信令网实施攻击.提出用密钥交换协议和认证头协议对MTP3层进行安全保护,增强SS7网络的安全性. 相似文献
11.
Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme. 相似文献
12.
Boaz Barak Ran Canetti Yehuda Lindell Rafael Pass Tal Rabin 《Journal of Cryptology》2011,24(4):720-760
Research on secure multiparty computation has mainly concentrated on the case where the parties can authenticate each other
and the communication between them. This work addresses the question of what security can be guaranteed when authentication
is not available. We consider a completely unauthenticated setting, where all messages sent by the parties may be tampered with and modified by the adversary without the uncorrupted parties being able
to detect this fact. In this model, it is not possible to achieve the same level of security as in the authenticated-channel
setting. Nevertheless, we show that meaningful security guarantees can be provided: Essentially, all the adversary can do is to partition the network into disjoint sets, where in each set the
computation is secure in of itself, and also independent of the computation in the other sets. In this setting we provide, for the first time, nontrivial security guarantees in a
model with no setup assumptions whatsoever. We also obtain similar results while guaranteeing universal composability, in some variants of the common reference string
model. Finally, our protocols can be used to provide conceptually simple and unified solutions to a number of problems that
were studied separately in the past, including password-based authenticated key exchange and nonmalleable commitments. As an application of our results, we study the question of constructing secure protocols in partially authenticated networks,
where some of the links are authenticated, and some are not (as is the case in most networks today). 相似文献
13.
由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman(Computational Diffie-Hellman,CDH)问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK(extended Canetti-Krawczyk)模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明:新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务. 相似文献
14.
针对Diffie-Hellman密钥交换协议和ECDH密钥协商协议的缺陷,给出了一种改进后的可认证密钥协商协议。该协议具有等献性、密钥不可控、密钥确认、完美前向安全以及抗已知密钥攻击等安全特性。跟以往的密钥协商协议相比,其管理简单、开销较低、安全性高、扩展性较好且实现了身份认证,以较低的计算成本和较高的运算效率实现了通信双方安全的会话密钥协商与密钥验证,能够较好地适用于大规模网络的端到端密钥管理。 相似文献
15.
16.
随着我国海洋、太空等国家利益不断拓展,国内安全应急事件处置,以及空间科学探索任务等的不断深入,对空天地一体化网络跨地域、跨空域安全通信、传输提出了更高的要求。针对其面临的安全威胁进行深入的分析,并提出了一体化网络安全防护未来发展亟待解决的关键技术,为后期开展空天地一体化网络安全防护研究指明了方向。 相似文献
17.
The secure and reliable group communication gains popularity in imbalanced mobile networks due to the increase demand of the group-oriented applications such as teleconferences, collaborative workspaces, etc. For acquiring the group security objectives, many authenticated group key agreement (AGKA) protocols exploiting the public key infrastructure have been proposed, which require additional processing and storage space for validation of the public keys and the certificates. In addition, the most of the AGKA protocols are implemented using bilinear pairing and a map-to-point (MTP) hash function. The relative computation cost of the bilinear pairing is approximately two to three times more than the elliptic curve point multiplication (ECPM) and the MTP function has higher computation cost than an ECPM. Due to the limitation of communication bandwidth, computation ability, and storage space of the low-power mobile devices, these protocols are not suitable especially for insecure imbalanced mobile networks. To cope with the aforementioned problems, in this paper, we proposed a pairing-free identity-based authenticated group key agreement protocol using elliptic curve cryptosystem. It is found that the proposed protocol, compared with the related protocols, not only improves the computational efficiencies, but also enhances the security features. 相似文献
18.
提出一种新的适于Ad hoc网可认证密钥协商协议。基于签密技术。在同一逻辑步内同时实现了认证和加密功能,提高了密钥协商效率;基于身份的公钥密码系统,降低了建立和管理公钥基础设施的代价;应用椭圆曲线上双线性对,使得该协议能以短的密钥和小的计算量实现同等安全要求。与已有密钥协商协议相比,新协议计算和传输量小,带宽要求低,安全性高,适合能源和带宽受限的Ad hoc网络。 相似文献
19.
The effective tremendous deployment of ad hoc networks is incontestably braked by their unreliability in terms of security and quality of services. In this paper, we focus on security problems and show that despite of efforts made in the ad hoc security field, many security issues still jeopardize correct MANETs routing operation. For such threats, we propose an IDS (Intrusion Detection System) solution for which cryptographic-based solutions are ineffective. Actually, authenticated nodes legitimately present in the network are able to send faked routing messages to compromise the routing and then communication between nodes. To cope with such security attacks, we propose an IDS dedicated to the OLSR protocol and well fitted to its characteristics and operation. In addition, our IDS is implemented on all network’s nodes which act cooperatively by continually analyzing routing messages semantics. When an intrusion is detected, alerts are flooded and intruders are banished from the network. We have finally implemented this IDS and performances evaluation shows the intrusion detection effectiveness. 相似文献
20.
基于无证书公钥密码体制的密钥管理 总被引:1,自引:0,他引:1
移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势。然而,移动通信网络链路的开放性、网络拓扑结构的动态性、移动资源的有限性等特点使其容易遭受更严重的安全威胁。针对在移动IPv6环境下,采用无证书的公钥密码体制,部署和实现移动IPv6网络的密钥管理问题。提出了一种新的接入注册解决方案,该方案可以解决具有高敏感性要求移动网络的安全保护问题。 相似文献