Hash函数结合相互认证的智能卡远程双向安全认证方案

摘　要 针对现有基于智能卡的远程安全认证方案的不足,提出一种基于Hash函数的智能卡远程双向安全认证方案。在注册阶段中,用户设定他的身份和密码,同时系统产生一个随机数与提交的身份、密码进行运算,获得安全参数。在登陆和相互认证阶段,根据用户输入的身份、密码和系统的安全参数,智能卡和服务器通过Hash运算实现双向认证,避免非法登陆。在密码修改阶段,在智能卡确认用户合法性后,用户可以随意改变密码通过安全性能分析表明,该方案提供了前向保密性和用户匿名性,能够抵御拒绝服务攻击、伪造攻击、重放攻击、智能卡丢失攻击、密码猜测攻击和服务器欺骗攻击。与现有方案相比,该方案在保持较低计算复杂度的同时提供了很高的安全性能。     

基于三粒子W态的身份认证

无认证中心的认证协议一般由通信双方相互认证.事先共享纠缠态或身份密钥,结构简单,但不适于扩展成通信网络.通过引入可信第三方认证中心,并利用三粒子W纠缠态的稳健性,提出了一个基于W态的身份认证协议,使得合法通信用户可以在认证中心的协助下进行安全身份认证,身份认证的同时即完成了纠缠粒子的分发.认证完成后,合法通信用户可安全共享EPR纠缠态并在第三方的控制下进行量子直传通信.针对窃听者常用攻击手段进行了安全性分析,结果表明在身份认证过程中可以有效的抵御伪装攻击,截取重发攻击与纠缠攻击等.基于第三方的通信结构具有可扩展性、实用性和受控性.     

零知识证明的量子身份认证协议

零知识证明的量子身份认证是由一个绝对公正的第三方CA主持的协议.协议的实现是基于远程态制备,量子辅助克隆的量子操控手段.在认证过程中,只有CA知道量子身份证的信息,认证参与方Alice和Bob在不知道量子身份证的信息的基础上可完成认证工作.提出了如何提高认证成功概率的方法.协议由量子力学原理保证,有绝对的安全性. 关键词： 量子身份认证 零知识证明 远程态制备 量子态辅助克隆     

基于网络的量子身份认证方案

根据通信网络规模的大小,提出了两个身份认证方案,一种是直接认证,一种是基于认证服务器的认证.方案的实施过程中采用一种动态方式,即合法通信者之间每次可动态获得一个新的认证密钥.所提方案易于实现,具有可证明安全性,安全性由量子不可克隆性和方案本身的动态特性保证.     

基于W态的跨中心量子网络身份认证方案

利用量子隐形传态原理和量子纠缠交换技术,提出了基于W态的跨中心量子网络身份认证方案,实现了分布式量子通信网络中对客户的身份认证.该方案分为注册阶段和身份认证阶段,认证系统包括主服务器和客户端服务器.客户所有的操作都在客户端服务器上进行,不直接与主服务器进行通信.身份认证全部由服务器根据量子力学原理进行,保证了认证方案的安全性.最后,对该方案进行了安全性分析.     

基于W态的跨中心量子网络身份认证方案

利用量子隐形传态原理和量子纠缠交换技术,提出了基于W态的跨中心量子网络身份认证方案,实现了分布式量子通信网络中对客户的身份认证.该方案分为注册阶段和身份认证阶段,认证系统包括主服务器和客户端服务器.客户所有的操作都在客户端服务器上进行,不直接与主服务器进行通信.身份认证全部由服务器根据量子力学原理进行,保证了认证方案的安全性.最后,对该方案进行了安全性分析.     

基于3G网络和CAN总线的汽车远程控制系统设计

针对传统汽车远程控制系统时延高、安全性差等问题,提出了新的远程控制方案,实现了远程服务器通过车载控制终端对车载网络中各节点设备的远程控制;在远程服务器与车载控制终端通信过程中采用3G网络、TCP协议和AES加密,降低了系统的通信时延,提高了系统的可靠性和安全性;车载控制终端与各节点设备采用CAN总线网络进行通信,实现了对各节点的有效控制;经过测试,系统能很好地满足远程服务器对车门窗、车灯、报警器和发动机等节点设备远程控制时延和安全性的要求,各节点响应快,可靠性高,具有较强的实时性和良好的扩展性。     

一种网络多用户量子认证和密钥分配理论方案

提出了一种网络多用户量子认证和密钥分配理论方案.类似于现代密码学中的网络认证体系结构提出了一种基于网络中用户与所属的可信服务器之间共享Einstein-Podolsky-Rosen(EPR)纠缠对进行身份认证和密钥分配的分布式客户机/服务器体系结构.基于该体系结构实现网络中任意用户之间的身份认证和密钥分配.可信服务器只提供用户的身份认证以及 交换粒子之间的纠缠使得两个想要秘密通信的用户的粒子纠缠起来.密钥的生成由发起请求 的用户自己完成.网络中的用户只需和所属的可信服务器共享EPR纠缠对通过经典信道和量子 信道与服务器通信.用户不需要互相共享EPR纠缠对，这使得网络中的EPR对的数量由O(n²)减小到O(n). 关键词： 量子认证 量子密钥分配 客户机/服务器 纠缠交换     

PLC为控制器的空调机组联网监控的实现

提出PLC通过串口服务器转换通讯协议连接于以太网,实现对两台空调机组的局域网内远程集中控制的技术方案,并介绍各个实现步骤。     

带身份认证的量子安全直接通信方案

针对传统量子安全直接通信方案中需提前假设通信双方合法性的问题,提出一种带身份认证的基于GHZ态(一种涉及至少三个子系统或粒子纠缠的量子态)的量子安全直接通信方案.该方案将GHZ态粒子分成三部分,并分三次发送,每一次都加入窃听检测粒子检测信道是否安全,并在第二次发送的时候加入身份认证,用以验证接收方的身份,在第三次发送完粒子之后,接收方将所有检测粒子抽取出来,之后对GHZ态粒子做联合测量,并通过原先给定的编码规则恢复原始信息.本方案设计简单、高效,无需复杂的幺正变换即可实现通信.安全性分析证明,该方案能抵御常见的内部攻击和外部攻击,并且有较高的传输效率、量子比特利用率和编码容量,最大的优势在于发送方发送信息的时候不需要假设接收方的合法性,有较高的实际应用价值.     

Blockchain-based group authentication scheme for 6G communication network

The ultimate objective in this period is to turn present technology into intelligent global habitats that ease daily interactions. The emerging Industry 4.0 has provided exciting potential technologies that have sped up the transition from the Internet of Things (IoT) to the Internet of Everything using advancements in artificial intelligence (IoE). A secure data transmission method and much higher networking rates are required by the exponential increase in the development and implementation of various 4.0-related industries, even if a blockchain currently employs a fast network like 5G. This highlights how 6G is required to meet the requirements of real-time applications. This research suggests a group-based handover authentication strategy for 6G heterogeneous networks, taking into account the handover of group users in real-world scenarios, to increase the efficiency and guarantee the security of the authentication process. The system consists of four components: the user UE, the access points gNB and eNB, the servers AAA and AAA*, and the widely used blockchain. Additionally, it is split into the EPC (evolved packet core) and 6GC domains by various network topologies (6G core network). To access network services, the UE must first carry out initial authentication and key negotiation with the local server. The system then performs handover authentication as well as batch authentication for individual and group users in handover scenarios, depending on the user count. The suggested scheme accomplished global switching authentication without making the switching process more difficult, accomplished group switching authentication by utilizing blockchain and aggregated signature technologies, and decreased the one-by-one authentication time by Yan using the D–H key exchange idea to accomplish known randomness security. Through formal examination and additional security analysis of the suggested protocol using the AVISPA tool, the results demonstrate that the protocol is secure.     

Quantum Dialogue with Authentication Based on Bell States

We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.     

Robust general N user authentication scheme in a centralized quantum communication network via generalized GHZ states

Quantum communication provides an enormous advantage over its classical counterpart: security of communications based on the very principles of quantum mechanics. Researchers have proposed several approaches for user identity authentication via entanglement. Unfortunately, these protocols fail because an attacker can capture some of the particles in a transmitted sequence and send what is left to the receiver through a quantum channel. Subsequently, the attacker can restore some of the confidential messages, giving rise to the possibility of information leakage. Here we present a new robust General Nuser authentication protocol based on N-particle Greenberger–Horne–Zeilinger (GHZ) states, which makes eavesdropping detection more effective and secure, as compared to some current authentication protocols. The security analysis of our protocol for various kinds of attacks verifies that it is unconditionally secure, and that an attacker will not obtain any information about the transmitted key. Moreover, as the number of transferred key bits N becomes larger, while the number of users for transmitting the information is increased, the probability of effectively obtaining the transmitted authentication keys is reduced to zero.     

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

In three-party password authenticated key exchange(AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of passwordbased AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a wellorganized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool Pro Verif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.     

Cryptanalysis and improvement of quantum broadcast communication and authentication protocol with a quantum one-time pad

The security of quantum broadcast communication(QBC) and authentication protocol based on Greenberger–Horne–Zeilinger(GHZ) state and quantum one-time pad is analyzed. It is shown that there are some security issues in this protocol.Firstly, an external eavesdropper can take the intercept–measure–resend attack strategy to eavesdrop on 0.369 bit of every bit of the identity string of each receiver without being detected. Meanwhile, 0.524 bit of every bit of the secret message can be eavesdropped on without being detected. Secondly, an inner receiver can take the intercept–measure–resend attack strategy to eavesdrop on half of the identity string of the other's definitely without being checked. In addition, an alternative attack called the CNOT-operation attack is discussed. As for the multi-party QBC protocol, the attack efficiency increases with the increase of the number of users. Finally, the QBC protocol is improved to a secure one.     

An efficient deterministic secure quantum communication scheme based on cluster states and identity authentication

A novel efficient deterministic secure quantum communication scheme based on four-qubit cluster states and single-photon identity authentication is proposed. In this scheme, the two authenticated users can transmit two bits of classical information per cluster state, and its efficiency of the quantum communication is 1/3, which is approximately 1.67 times that of the previous protocol presented by Wang et al [Chin. Phys. Lett. 23 (2006) 2658]. Security analysis shows the present scheme is secure against intercept-resend attack and the impersonator's attack. Furthermore, it is more economic with present-day techniques and easily processed by a one-way quantum computer.     

Comment on “Quantum Secure Direct Communication with Authentication Expansion Using Single Photons”

The security of the quantum secure direct communication protocol with authentication expansion using single photons is analyzed. It is shown that an eavesdropper can obtain or even modify the transmitted secret without introducing any error by implementing a simple man-in-the-middle attack after the authentication is successfully carried out. Furthermore, a denial-of-service attack is also discussed. The particular attack strategy is demonstrated and an improved protocol is presented.     

Quantum Secure Direct Communication with Mutual Authentication using a Single Basis

In this paper, we propose a new theoretical scheme for quantum secure direct communication (QSDC) with user authentication. Different from the previous QSDC protocols, the present protocol uses only one orthogonal basis of single-qubit states to encode the secret message. Moreover, this is a one-time and one-way communication protocol, which uses qubits prepared in a randomly chosen arbitrary basis, to transmit the secret message. We discuss the security of the proposed protocol against some common attacks and show that no eavesdropper can get any information from the quantum and classical channels. We have also studied the performance of this protocol under realistic device noise. We have executed the protocol in IBMQ Armonk device and proposed a repetition code based protection scheme that requires minimal overhead.

     

Quantum identity authentication based on ping-pong technique for photons

To prevent active attack, an one-way quantum identity authentication scheme is proposed by employing mechanism of ping-pong protocol and property of quantum controlled-NOT gate. It can verify the user's identity as well as distribute an updated key as the authentication key. Analytical results show the proposed scheme is secure under general individual attack.     

Deterministic Secure Quantum Communication on the BB84 System

In this paper, we propose a deterministic secure quantum communication (DSQC) protocol based on the BB84 system. We developed this protocol to include quantum entity authentication in the DSQC procedure. By first performing quantum entity authentication, it was possible to prevent third-party intervention. We demonstrate the security of the proposed protocol against the intercept-and-re-send attack and the entanglement-and-measure attack. Implementation of this protocol was demonstrated for quantum channels of various lengths. Especially, we propose the use of the multiple generation and shuffling method to prevent a loss of message in the experiment.