一种基于单向散列函数的人机结合认证系统

本文基于单向散列函教的特性,提出了一种新型的身份认证方案。该方案不仅能够提供通信双方的相互认 证,而且能防范重放和窃听等攻击手段。     

一种基于IPv6的报文认证安全散列算法

提出了在IPv6报文认证中，一种用于构建MAC的安全散列算法。该算法散列码长度采用160bit，大大提高了信息安全强度。在该算法的实施中，采用双线并行机制，且在每步迭代操作中使用不同的扩展字，极大地增强了在循环问寻找冲突的复杂度。在实现IPSec时，可将其作为认证算法。     

单向散列函数的原理、实现和在密码学中的应用

简要介绍了单向散列函数的有关理论及实现情况 ,并且以密码学中广泛应用的单向散列函数MD5为例 ,详细介绍了它的原理和实现过程。最后简要介绍了单向散列函数在当前的应用 ,并且提出了一种利用单向散列函数实现的新的用户密钥管理方案     

基于散列函数的数字签名

散列函数又称哈希函数(hash)。它以任意长度的子串为输入，其输出为固定长度的伪随机子串。由于给定输入后输出是固定的，因此它是确定函数。其固定的输出长度较短，一般只有几十个字节。如目前业界使用的MD5函数，输出为16个字节；SHA1为20个字节。散列函数的输入空间是无限集合，而输出是有限集合，因此散列函数不是一一映射。散列函数输出长度愈长，安全性愈高。     

基于MD5的迭代散列算法

分析网络中用户名、密码的存储方式及其存在的风险。在此基础上分析MD5散列算法的弱点及其破译手段。针对这些破译方法提出基于MD5的迭代散列算法。该算法可以避免第二类生日攻击,并有效提高第一类生日攻击的复杂度,对于破解效率最高的彩虹表也具有免疫性,能够加强密码的安全性能,从而提高网络中信息传递和存储的安全性。     

基于Logistic映射的单向散列函数研究

混沌动力学系统在一定的参数范围内出现混沌运动,且其产生的混沌序列具有良好的伪随机性、遍历性和初值敏感性。通过采用Logistic混沌映射构造单向散列函数采生成散列值,实验结果表明：该方法实现简单,对初值有高度的敏感性,具有良好的单向散列性能。     

基于混沌映射的散列函数加密算法分析及设计

混沌序列具备散列函数所要求的单向性、扩散性、初值敏感性等非常多的特性,在混沌映射的基础上可以设计出优秀的散列函数来进行加密算法设计。密码学和混沌两者有着类似的结构和紧密的关系,这也使得混沌密码算法成为当代信息安全的重要研究内容。作为一种新的构造散列函数的方法,混沌映射正得到越来越多的关注。本文主要研究一种基于广义混沌映射的散列函数的加密算法,通过更改混沌方程的控制参数和状态值,更改混沌映射的方程获得不同的散列结果,可以更有效的防止攻击。     

一种基于单向散列函数的WirelessHART网络密钥管理方案

为保证WirelessHART网络的前向安全及后向安全,提供密钥更新的广播认证和节点被捕获后的密钥更新策略,提出了一种基于单向散列函数的WirelessHART网络密钥管理方案.引入双散列密钥链实现密钥更新的广播认证,解决了全网共享密钥更新次数受限的问题,结合广播和单播通信执行全网共享密钥更新,增强了密钥更新的可靠性....     

Hash函数的安全性研究

Hash函数用于数据完整性和消息认证,需要满足特定的密码学需求,其中最重要的就是抗碰撞。生日攻击是通用的寻找碰撞的方法,可用于攻击任何类型的Hash函数。文章讨论了生日攻击的碰撞阈值,以及平衡度对于碰撞阈值的影响,并指出近似碰撞的碰撞阈值的度量。最后提出了在新的高安全度Hash函数的设计中应该考虑到的几个问题。     

基于报文哈希链的签名认证方法

针对TCP/IP协议缺乏内生安全机制引起的网络安全问题,以及IPSec等附加的安全增强技术存在效率低的问题,提出了一种基于报文哈希链的签名认证方法。该方法将所传输报文的哈希值通过迭代哈希形成一个关于报文序列的哈希链,通信双方通过报文哈希链确保报文序列的完整性;在进行报文签名认证时,通信双方只需按一定间隔对数据报文进行签名认证就能确保多个报文的完整性和不可抵赖性,并能显著提高报文安全传输的效率。通过实验证明,在相同网络环境以及通用软件实现方式下,基于报文哈希链的签名认证方法的平均比特率比IPSec逐包签名方法的平均比特率有显著提高,且这种签名认证方法能有效防范中间人攻击。     

Interactive two-channel message authentication based on Interactive-Collision Resistant hash functions

We propose an Interactive Message Authentication Protocol (IMAP) using two channels; an insecure broadband channel and an authenticated narrow-band channel. We consider the problem in the context of ad hoc networks, where it is assumed that there is neither a secret key shared among the two parties, nor a public-key infrastructure in place. The security of our IMAP is based on the existence of Interactive-Collision Resistant (ICR) hash functions, a new notion of hash function security. Our IMAP is based on the computational assumption that ICR hash functions exist. It performs better than message authentication protocols that are based on computational assumptions. That is, while achieving the same level of security, the amount of information sent over the authenticated channel in our IMAP is smaller than the most secure IMAP and Non-interactive Message Authentication Protocol (NIMAP) in the literature. In other words, if we send the same amount of information over the authenticated channel, we can allow much stronger adversaries compared to the existing protocols in the literature. Moreover, our IMAP benefits from a simple structure and works under fewer security assumptions compared to other IMAPs in the literature. The efficient and easy-to-use structure of our IMAP makes it very practical in real world ad hoc network scenarios.     

基于单向哈希函数的远程口令认证方案

首先分析了Wu-Chieu认证方案和Le-Lin-Chang认证方案存在的安全缺陷;然后提出了一种基于单向哈希函数和Diffie-Hellman密钥交换协议的远程口令认证方案.该认证方案不仅修正了上述两种认证方案存在的安全缺陷,而且实现了用户与远程系统之间的双向认证.由于该认证方案不要求用户与远程系统之间维护时间同步机制,更适用于大规模分布式网络环境.     

基于Hash函数和贝叶斯方法的垃圾短信在线过滤系统

提出了一种综合集成黑白名单过滤模块和综合评价函数模块的垃圾短信在线过滤系统架构,引入了两层Hash函数和基于朴素贝叶斯的概率计算方法,对疑似垃圾短信从内容、长度、频率等特征上进行深入分析,实现了海量短信的实时高效过滤,并有效地解决了传统垃圾短信过滤系统中存在的问题。     

Efficient multi-server authentication scheme based on one-way hash function without verification table

Following advances in network technologies, an increasing number of systems have been provided to help network users via the Internet. In order to authenticate the remote users, password-based security mechanisms have been widely used. They are easily implemented, but these mechanisms must store a verification table in the server. If an attacker steals the verification table from the server, the attacker may masquerade as a legal user. To solve the verification table stolen problem, numerous single server authentication schemes without verification tables have been proposed. These single authentication schemes suffer from a shortcoming. If a remote user wishes to use numerous network services, they must register their identity and password in these servers. In response to this problem, numerous related studies recently have been proposed. These authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. This study proposes an alternative multi-server authentication scheme using smart cards. The proposed scheme is based on the nonce, uses one-way hash function, and does not need to store any verification table in the server and registration center. The proposed scheme can withstand seven well known network security attacks.     

Image authentication based on perceptual hash using Gabor filters

Image authentication is an important topic in image forensics, which tells whether an image is tampered or not or even tells the tampered regions. To implement image authentication, image hash techniques have been reported recently. In this paper, we investigate existing image hash algorithms, and design an novel image hash based on human being's visual system. In this algorithm, we capture the perceptual characters of the image using Gabor filter which can sense the directions in the image just like human’s primary visual cortex. For a given image, we compute the reference scale, direction and block to make sure the final hash can resist against rotation, scale, and translation attacks while maintain the sensitivity to local malicious manipulations. In addition, it has another promising ability to locate the tampered image blocks, and approximately determining the type of tampering methods (delete, add, modify) and the original direction of each block. This ability is very useful in forensics. The experimental results show that the strategy of the reference metrics works quite well and our method is much more effective than the other state of art image hash methods. Moreover, our method can still locate the content-altering changes even undergo some content-preserving manipulations.     

移动环境下的一种基于双向认证的哈希链签名方案*

在基于哈希函数的签名方案的基础上,提出了一种新的基于双向认证的哈希链签名方案,能够防止用户双方作弊及外部攻击。并对其签名和认证的速度进行了实验测试,相对于基于公钥算法的数字签名方案,该方案的执行速度有明显提高。     

基于hash函数的一次群签名模型

针对基于大整数的素数分解和离散对数问题的传统数字签名不能抵抗量子时代量子计算的攻击问题,提出一种基于hash函数的一次群签名模型。该模型基于hash函数的单向性,由hash运算完成密钥生成、签名和验证,获得了更高的效率,并且可有效抵抗量子时代量子计算的攻击。通过实验,对签名模型进行验证,效率比ECC(密钥长度为224)高21倍,可达RSA-2048的102倍。     

Keyed hash function based on a chaotic map

Secure hash functions play a fundamental role in cryptographic and Web applications. They are mainly used, within digital signature schemes, to verify the integrity and authenticity of information. In this paper, we propose a simple and efficient keyed hash function based on a single chaotic map. Theoretical and simulation results demonstrate that the suggested scheme satisfies all cryptographic requirements of secure keyed hash functions such as strong confusion and diffusion capability, good collision resistance, high sensitivity to message and secret key, etc. Furthermore, it is fast and can be easily implemented through software or hardware. Moreover, the length of the hash value is flexible without any impact on the algorithm. This function is shown to have better statistical performance than many existing hash functions. Thus, the suggested hash function seems to be a good candidate as a secure keyed hash function for use in cryptographic applications.     

基于无证书代理重签名的车载自组网消息认证方案

基于代理重签名和无证书公钥密码体制,提出了一个安全的车载自组网消息认证方案。认证中心利用代理重签名技术,可转换车载单元对消息的签名为路边单元的签名,从而降低了根据签名识别车辆身份的风险,实现通信消息的匿名性。采用无证书公钥密码体制将各实体的私钥分为两部分,有效解决了车载自组网中的证书管理与密钥托管问题。如果车辆发布虚假消息,认证中心能准确追溯到车辆的真实身份,并召回违法车辆。与Huang方案相比,新方案具有较高的安全性和较低的通信开销。