基于智能卡的动态身份认证机制

由于每次登录时用户提交的认证信息都是固定不变的,传统的口令认证机制容易遭受回放攻击。本文根据一个关于互素数的定理,提出了一种基于智能卡的动态身份认证机制。用户每次登录时,智能卡根据从服务器发来的challenge和事先嵌入智能卡的参数信息,为合法用户计算当前的认证信息。由于每次用户提交的认证信息都是动态可变的,从而有效地防止了回放攻击。     

基于Multi-Agent仿真的动态车辆路径算法研究

针对DVRP(Dynamic Vehicle Routing Problem,动态车辆路径问题)的复杂性和灵活性,考虑到DVRP问题中的客户需求、交通流和车队管理,提出将MATSim(Multi-Agent Transport Simulation,多Agent交通仿真)和DVRP算法相结合的策略,利用MATSim仿真框架构造一个动态的现实世界环境,结合DVRP算法来求解DVRP问题。DVRP算法采用的是结合进化算法和局部搜索策略的模因算法,同时给出了3种不同客户拓扑结构下的测试用例,并比较了DVRP算法与蚁群算法和禁忌搜索算法的结果,表明该算法具有更高的效率。     

Dynamic ID authentication scheme using chaotic map

Dynamic ID authentication protects user’s identity from being revealed by any outsider during remote login processes. In independent multi-server environments, a user might have to login different servers for accessing various resources. Password based mechanisms are commonly utilized approaches. Without using complicated modular exponentiation computation, in this paper, the author will propose a Chebyshev chaotic map based dynamic ID authentication scheme for independent multi-server environments in which no trusted relationship exists among servers. The proposed scheme does not rely on the existence of registration center and each user only has to keep one single password for accessing resources of different servers. Compared with related protocols, the proposed one has more superior functionalities and lower computational costs. Furthermore, the session key security of our scheme is formally proved in the random oracle model.     

基于LDAP协议与Kerberos认证机制的统一认证

为开发一个企业级的用户身份认证体系,依据目录服务理论,将LDAP协议和Kerberos认证技术相结合,应用于身份认证服务器的结构设计,进行用户统一身份认证和授权,并进一步分析了系统的安全性。     

User authentication based on foot motion

In nearly all current systems, user authentication mechanism is one time and static. Although such type of user authentication is sufficient for many types of applications, in some scenarios, continuous or periodic re-verification of the identity is desirable, especially in high-security application. In this paper, we study user authentication based on 3D foot motion, which can be suitable for periodic identity re-verification purposes. Three-directional (3D) motion of the foot (in terms of acceleration signals) is collected using a wearable accelerometer sensor attached to the ankle of the person. Ankle accelerations from three directions (up-down, forward-backward and sideways) are analyzed for person authentication. Applied recognition method is based on detecting individual cycles in the signal and then finding best matching cycle pair between two acceleration signals. Using experimental data from 30 subjects, obtained EERs (Equal Error Rates) were in the range of 1.6–23.7% depending on motion directions and shoe types. Furthermore, by combining acceleration signals from 2D and 3D and then applying fusing techniques, recognition accuracies could be improved even further. The achieved performance improvements (in terms of EER) were up to 68.8%.     

一种基于无线局域网的指纹识别技术研究

随着无线网络快速成长．开始将现有的企业网络环境与无线局域网紧密地整合在一起。利用指纹的唯一性、成本低、储存空间小以及安全度高并容易使用等优点,提出了一套生物指纹特征技术来实现企业在无线局域网中的身份认证。该方法在企业在无线网络安全认证上有较大的实用价值。     

Deniable authentication protocol based on Deffie-Hellman algorithm

Deniable authentication is a new kind of authentication, by which means a receiver cannot prove the source of a message to a third party. A deniable authentication protocol, which is based on the Deffie-Hellman key exchange protocol, is presented. It does not require a trusted third party, and the protocol can resist person-in-the-middle attack     

基于随机动态密码的身份认证系统

动态密码在身份认证方面有着广泛的应用,但是由于系统的不安全性容易导致动态密码的泄露。描述了当前各种盗号木马原理,分析了动态密码的安全性以及相关实现机制,给出了基于随机动态密码的身份认证。     

基于NETFPGA的手背静脉身份认证系统

本作品设计并实现了一种基于近红外手背静脉检测生物特征的个人身份认证系统(VAS系统),在Xilinx公司提供的NetFPGA开发平台上完成了系统开发。实现了手背静脉图像的采集、处理、存储和匹配验证等功能,充分发挥了FPGA硬件功能,采用软硬件协同思想,流水线策略和并行处理的方法,移植和优化了软件算法。同时对NetFPGA平台进行了改造和扩展;还实现了灵活、友好的交互界面,安全级别高,扩展性强。     

基于Eclipse属性编辑工具的研究

Eclipse基于Java提供了一个可扩展开发平台,允许软件以插件的形式在其上运行,由Eclipse来提供统一的、美观的图形界面。而Eclipse RCP是使用Eclipse结构风格设计弹性的可扩展的应用程序,可重用Eclipse中已存在的方法和编码模式。GEF是一个图形化编辑框架,它允许开发人员以图形化的方式展示和编辑模型。这里采用了Eclipse RCP和GEF的相关技术,结合RCP中的插件技术和GEF中提供的图形编辑工具及请求、命令、策略等技术实现了属性编辑工具。     

一种基于均方差属性加权的K-means算法

在传统的K-means聚类算法基础上提出了一种基于均方差属性加权的MWS-K-means算法.引入特征权重以提高聚类结果的类内相似度(intra-similarities),从而提高聚类精度.考虑到K-means算法采用误差平方和作为聚类准则函数, 而误差平方和与概率论中数字特征的基本描述方法--均方差具有较高相似性,算法中特征权重的计算采用均方差法.根据属性的离散程度对欧氏距离进行加权处理,从而用相对距离代替绝对距离来计算类间相似度.实验结果表明:MWS-K-means算法在聚类精度方面优于标准的K-means算法.     

基于单向散列函数的双向身份鉴别

鉴于散列函数的单向不可逆性，介绍了一种利用散列函数实现网络远程身份鉴别的方法。该方法不需要在服务主机中预存口令表，可以有效防止和及时发现数据被篡改，为网络环境中的访问控制提供了一种简单且安全有效的机制。     

基于NTRU的EPON认证方案研究

设计了一种基于NTRU双向认证方案,该方案将NSS签名算法和HASH函数等技术运用到双向认证中,并嵌入了会话密钥作为后续数据传输的对称密钥.分析结果表明,该方法提高了身份认证的可靠性和数据传输的安全性.     

基于对称多项式的GSM-R身份认证协议

GSM-R(GSM for Railways)网络结构中的一个重要组成部分是身份认证,为了能够解决现有的GSM-R身份认证协议中存在的一些安全隐患,针对SIM卡不易丢失的车载设备,提出了一种基于对称多项式的身份认证协议.该协议在每个移动用户初始认证时分配一个共享多项式,在随后的认证请求中,用户与服务GPRS支持节点(S...     

基于SAML的统一身份认证技术的应用研究

根据统一身份认证系统的核心逻辑,在分析安全断言标记语音SAML的基础上给出了会话管理方法,提出动态账号绑定策略,设计了注销管理的过程,并分析了基于SAML的统一身份认证需要解决的安全方面的问题。基于该方案设计的系统,可把SAML规范和会话管理有机结合,增强了系统的安全性,实现了用户的更好体验。     

Lightweight PUF based authentication scheme for fog architecture

Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

     

基于量子特性的身份认证

利用量子特性实现量子保密通信是目前量子信息学界和密码学界关注的热点问题之一,文章根据利用量子特性提出了一个量子身份认证方案,实现了通信中通信双方的身份认证.该方案实施申采用了动态工作方式,易于实现,具有可证明安全性.     

基于SAML的IMS与IPTV统一认证方法

针对IMS系统与IPTV系统融合发展过程中存在的用户跨域认证问题,提出了一种基于SAML断言的统一认证方法,引入可信第三方,通过SAML断言将不同系统的认证结果进行统一封装,从而支持跨不同系统用户安全认证,为融合过程中的用户认证、授权和计费提供了基础。     

基于Inception_ResnetV2网络模型的服饰属性识别

为解决服饰属性识别困难的问题,文中在Inception_ResnetV2深度网络模型的基础上,先采用预训练模型的方法对数据进行预训练,在卷积层后面接入全局平均池化替代传统的全链接层再连接分类器,来解决训练模型造成的过拟合的问题。同时采用Adam优化器,降低模型收敛速度,最终实现不同种类服饰属性的识别。为验证模型的优越性,与Xception、Inception V4等深度网络模型的训练结果相比,Inception_ResnetV2具有更高的识别率。从而证明基于Inception_ResnetV2的深度网络模型在服饰属性上具有更好的识别能力。     

基于ZedBoard的智能小车

本文介绍了ZedBoard平台下Cortex-A9处理器上运行了嵌入式Linux操作系统,完成了系统调度,移植了Open CV2.3库并实现了视频图像处理,在FPGA中实现了电机控制,传感器接口控制等,并完成了FPGA中IP核的Linux驱动开发。目前该系统配置了高清摄像头,直流电机,超声波传感器,光电传感器,麦克风,RFID,云台等模块控制小车按照预先设置轨道进行行走。