共查询到20条相似文献,搜索用时 50 毫秒
1.
一种基于单向散列函数的人机结合认证系统 总被引:1,自引:0,他引:1
本文基于单向散列函教的特性,提出了一种新型的身份认证方案。该方案不仅能够提供通信双方的相互认 证,而且能防范重放和窃听等攻击手段。 相似文献
2.
一种基于IPv6的报文认证安全散列算法 总被引:2,自引:0,他引:2
提出了在IPv6报文认证中,一种用于构建MAC的安全散列算法。该算法散列码长度采用160bit,大大提高了信息安全强度。在该算法的实施中,采用双线并行机制,且在每步迭代操作中使用不同的扩展字,极大地增强了在循环问寻找冲突的复杂度。在实现IPSec时,可将其作为认证算法。 相似文献
3.
4.
散列函数又称哈希函数(hash)。它以任意长度的子串为输入,其输出为固定长度的伪随机子串。由于给定输入后输出是固定的,因此它是确定函数。其固定的输出长度较短,一般只有几十个字节。如目前业界使用的MD5函数,输出为16个字节;SHA1为20个字节。散列函数的输入空间是无限集合,而输出是有限集合,因此散列函数不是一一映射。散列函数输出长度愈长,安全性愈高。 相似文献
5.
分析网络中用户名、密码的存储方式及其存在的风险。在此基础上分析MD5散列算法的弱点及其破译手段。针对这些破译方法提出基于MD5的迭代散列算法。该算法可以避免第二类生日攻击,并有效提高第一类生日攻击的复杂度,对于破解效率最高的彩虹表也具有免疫性,能够加强密码的安全性能,从而提高网络中信息传递和存储的安全性。 相似文献
6.
基于Logistic映射的单向散列函数研究 总被引:3,自引:0,他引:3
王磊 《计算机工程与设计》2006,27(5):774-776
混沌动力学系统在一定的参数范围内出现混沌运动,且其产生的混沌序列具有良好的伪随机性、遍历性和初值敏感性。通过采用Logistic混沌映射构造单向散列函数采生成散列值,实验结果表明:该方法实现简单,对初值有高度的敏感性,具有良好的单向散列性能。 相似文献
7.
8.
10.
Hash函数的安全性研究 总被引:11,自引:1,他引:10
Hash函数用于数据完整性和消息认证,需要满足特定的密码学需求,其中最重要的就是抗碰撞。生日攻击是通用的寻找碰撞的方法,可用于攻击任何类型的Hash函数。文章讨论了生日攻击的碰撞阈值,以及平衡度对于碰撞阈值的影响,并指出近似碰撞的碰撞阈值的度量。最后提出了在新的高安全度Hash函数的设计中应该考虑到的几个问题。 相似文献
11.
针对TCP/IP协议缺乏内生安全机制引起的网络安全问题,以及IPSec等附加的安全增强技术存在效率低的问题,提出了一种基于报文哈希链的签名认证方法。该方法将所传输报文的哈希值通过迭代哈希形成一个关于报文序列的哈希链,通信双方通过报文哈希链确保报文序列的完整性;在进行报文签名认证时,通信双方只需按一定间隔对数据报文进行签名认证就能确保多个报文的完整性和不可抵赖性,并能显著提高报文安全传输的效率。通过实验证明,在相同网络环境以及通用软件实现方式下,基于报文哈希链的签名认证方法的平均比特率比IPSec逐包签名方法的平均比特率有显著提高,且这种签名认证方法能有效防范中间人攻击。 相似文献
12.
We propose an Interactive Message Authentication Protocol (IMAP) using two channels; an insecure broadband channel and an
authenticated narrow-band channel. We consider the problem in the context of ad hoc networks, where it is assumed that there
is neither a secret key shared among the two parties, nor a public-key infrastructure in place. The security of our IMAP is
based on the existence of Interactive-Collision Resistant (ICR) hash functions, a new notion of hash function security. Our
IMAP is based on the computational assumption that ICR hash functions exist. It performs better than message authentication
protocols that are based on computational assumptions. That is, while achieving the same level of security, the amount of
information sent over the authenticated channel in our IMAP is smaller than the most secure IMAP and Non-interactive Message
Authentication Protocol (NIMAP) in the literature. In other words, if we send the same amount of information over the authenticated
channel, we can allow much stronger adversaries compared to the existing protocols in the literature. Moreover, our IMAP benefits
from a simple structure and works under fewer security assumptions compared to other IMAPs in the literature. The efficient
and easy-to-use structure of our IMAP makes it very practical in real world ad hoc network scenarios. 相似文献
13.
基于单向哈希函数的远程口令认证方案 总被引:1,自引:0,他引:1
首先分析了Wu-Chieu认证方案和Le-Lin-Chang认证方案存在的安全缺陷;然后提出了一种基于单向哈希函数和Diffie-Hellman密钥交换协议的远程口令认证方案.该认证方案不仅修正了上述两种认证方案存在的安全缺陷,而且实现了用户与远程系统之间的双向认证.由于该认证方案不要求用户与远程系统之间维护时间同步机制,更适用于大规模分布式网络环境. 相似文献
14.
15.
Efficient multi-server authentication scheme based on one-way hash function without verification table 总被引:3,自引:0,他引:3
Following advances in network technologies, an increasing number of systems have been provided to help network users via the Internet. In order to authenticate the remote users, password-based security mechanisms have been widely used. They are easily implemented, but these mechanisms must store a verification table in the server. If an attacker steals the verification table from the server, the attacker may masquerade as a legal user. To solve the verification table stolen problem, numerous single server authentication schemes without verification tables have been proposed. These single authentication schemes suffer from a shortcoming. If a remote user wishes to use numerous network services, they must register their identity and password in these servers. In response to this problem, numerous related studies recently have been proposed. These authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. This study proposes an alternative multi-server authentication scheme using smart cards. The proposed scheme is based on the nonce, uses one-way hash function, and does not need to store any verification table in the server and registration center. The proposed scheme can withstand seven well known network security attacks. 相似文献
16.
Lina Wang Xiaqiu Jiang Shiguo Lian Donghui Hu Dengpan Ye 《Soft Computing - A Fusion of Foundations, Methodologies and Applications》2011,15(3):493-504
Image authentication is an important topic in image forensics, which tells whether an image is tampered or not or even tells
the tampered regions. To implement image authentication, image hash techniques have been reported recently. In this paper,
we investigate existing image hash algorithms, and design an novel image hash based on human being's visual system. In this
algorithm, we capture the perceptual characters of the image using Gabor filter which can sense the directions in the image
just like human’s primary visual cortex. For a given image, we compute the reference scale, direction and block to make sure
the final hash can resist against rotation, scale, and translation attacks while maintain the sensitivity to local malicious
manipulations. In addition, it has another promising ability to locate the tampered image blocks, and approximately determining
the type of tampering methods (delete, add, modify) and the original direction of each block. This ability is very useful
in forensics. The experimental results show that the strategy of the reference metrics works quite well and our method is
much more effective than the other state of art image hash methods. Moreover, our method can still locate the content-altering
changes even undergo some content-preserving manipulations. 相似文献
17.
18.
19.
Secure hash functions play a fundamental role in cryptographic and Web applications. They are mainly used, within digital signature schemes, to verify the integrity and authenticity of information. In this paper, we propose a simple and efficient keyed hash function based on a single chaotic map. Theoretical and simulation results demonstrate that the suggested scheme satisfies all cryptographic requirements of secure keyed hash functions such as strong confusion and diffusion capability, good collision resistance, high sensitivity to message and secret key, etc. Furthermore, it is fast and can be easily implemented through software or hardware. Moreover, the length of the hash value is flexible without any impact on the algorithm. This function is shown to have better statistical performance than many existing hash functions. Thus, the suggested hash function seems to be a good candidate as a secure keyed hash function for use in cryptographic applications. 相似文献
20.
基于代理重签名和无证书公钥密码体制,提出了一个安全的车载自组网消息认证方案。认证中心利用代理重签名技术,可转换车载单元对消息的签名为路边单元的签名,从而降低了根据签名识别车辆身份的风险,实现通信消息的匿名性。采用无证书公钥密码体制将各实体的私钥分为两部分,有效解决了车载自组网中的证书管理与密钥托管问题。如果车辆发布虚假消息,认证中心能准确追溯到车辆的真实身份,并召回违法车辆。与Huang方案相比,新方案具有较高的安全性和较低的通信开销。 相似文献