A lightweight authentication scheme based on self‐updating strategy for space information network

The security of space information network (SIN) is getting more and more important now. Because of the special features of SIN (e.g., the dynamic and unstable topology, the highly exposed links, the restricted computation power, the flexible networking methods, and so on), the security protocol for SIN should have a balance between security properties and computation/storage overhead. Although a lot of security protocols have been proposed recently, few can provide overall attacks resistance power with low computation and storage cost. To solve this problem, in this paper we propose a lightweight authentication scheme for space information network. It is mainly based on the self‐updating strategy for user's temporary identity. The scheme consists of two phases, namely, the registration phase and the authentication phase. All the computing operations involved are just hash function (h), the bit‐wise exclusive‐or operation (⊕), and the string concatenation operation (||), which are of low computation cost. The security properties discussion and the attacks–resistance power analysis show that the proposed authentication scheme can defend against various typical attacks, especially denial of service attacks. It is sufficiently secure with the lowest computation and storage costs. Furthermore, the formal security proof in SVO logic also demonstrates that the scheme can satisfy the security goals very well. Copyright © 2016 John Wiley & Sons, Ltd.     

基于ISAKMP框架的密钥交换实现

首先对ＩＥＴＦ制定的适应于不同网络层次、不同安全需求、独立的因特网密钥管理协议ＩＳＡＫＭＰ框架进行具体分析,包括其独立性和功能上的侧重,及其定义的交换类型。而后,就密钥交换和认证如何在ＩＳＡＫＭＰ中以交换方式实现进行讨论。     

一种基于Hash函数的RFID安全认证方法

近年来,射频识别(RFID)技术得到越来越多的应用,随之而来的是各种RFID安全问题。对现有的基于Hash函数的RFID认证协议进行分析,针对现有技术存在的不足,提出了一种基于Hash函数的低成本的RFID双向安全认证方法,该方法只需要进行一次Hash函数计算,且加入了标签ID动态更新机制,通过在后台数据库中存储旧的标签ID解决同步问题,与现有技术相比具有一定的优越性。     

2.4GHz产品巴西Anatel认证的RF要求

详细介绍了巴西Anatel认证RF测试部分对于蓝牙和Wi-Fi 802.11b＋g产品的要求和测试方法,并对于各个测试项目在实际测试中需要注意的问题进行解析,最后分析了相关通用国际标准在认证中的适用性。     

基于统一身份认证的水运系统集成研究与实现

基于统一身份认证,提出了水运信息系统集成应用的逻辑架构,构建了水运信息系统集成综合应用平台。基于统一身份认证的水运信息系统集成综合应用平台,在对组织机构、用户信息、角色权限统一管理的基础上,实现各水运业务子系统的无缝集成和单点登录,有效地解决了行业当前所面临的业务系统蓬勃发展而信息孤岛现象日益严重的矛盾,提高了水运科研单位的服务效率和协同办公能力。     

Design of a user anonymous password authentication scheme without smart card

Recently, Jiang et al. and He et al. independently found security problems in Chen et al.'s remote user authentication scheme for non‐tamper‐proof storage devices like Universal Serial Bus stick and proposed improvements. Nonetheless, we detect that the schemes proposed by Jiang et al. and He et al. overlook a user's privacy. We also observe that Jiang et al.'s scheme is vulnerable to insider attack and denial of service attacks and lacks forward secrecy. We point out that the password changing facility in He et al.'s scheme is equivalent to undergoing registration, whereas in Jiang et al.'s scheme, it is unsuitable. Moreover, the login phase of both the schemes is incapable to prevent the use of wrong password leading to the computation of an unworkable login request. Therefore, we design a new scheme with user anonymity to surmount the identified weaknesses. Without adding much in communication/computational cost, our scheme provides more security characteristics and keeps the merits of the original schemes. As compared with its predecessor schemes, the proposed scheme stands out as a more apt user authentication method for common storage devices. We have also presented a formal proof of security of the proposed scheme based on the logic proposed by Burrows, Abadi and Needham (BAN logic). Copyright © 2014 John Wiley & Sons, Ltd.     

基于动态共享密钥的移动RFID双向认证协议

针对移动无线射频识别认证协议面临的身份认证和隐私保护、动态密钥安全更新和去同步化攻击问题,提出一种可动态更新共享密钥的移动RFID双向认证协议.协议基于Hash密码机制,利用随机数同时进行密钥安全更新和身份认证,并采用对分表存储的当前和历史共享密钥进行动态添加和删除的方法,保留最后一次合法认证后的一致共享密钥.安全性能分析与效率分析表明,该协议能够实现动态密钥安全更新和身份认证、能够在遭受去同步化攻击后保证密钥同步,且具有较强的计算和存储性能.通过和同类RFID认证协议比较,协议弥补了同类RFID协议存在的不足,适用于被动式标签数量庞大的RFID系统.     

无线局域网中鉴权功能的实现

介绍无线局域网的系统结构,提出一种利用IP接入技术和蜂窝鉴权理论实现无线局域网鉴权工作的结构,并详细分析了工作流程。     

Attacks and improvements on the RFID authentication protocols based on matrix

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.