9 resultados para Password-based authentication
em Chinese Academy of Sciences Institutional Repositories Grid Portal
Resumo:
随着隐私保护越来越为人们所关注,对匿名认证技术的研究已经成为学术领域的一个热点。本文主要着眼于匿名认证中的匿名凭证与匿名口令认证密钥协商。 在对匿名凭证技术的研究中,本文重点分析了防止凭证出借与凭证匿名更新两个匿名凭证系统性质的实现。 凭证出借是指匿名凭证系统中,用户可以随意将自己的凭证与他人共享,从而使多人可以同时使用一个凭证。本文提出一种新的防止凭证出借方法,并给出一个具体的实现方案。该方法将凭证出借与用户隐私联系起来,通过凭证本身实现防止凭证出借。凭证匿名更新则是指凭证内容进行更新时,凭证颁发方只能知道变更的内容信息,不知道其他任何信息。本文提出一种新的实现方法,在原有凭证的基础上,用相对较少的计算量来实现对凭证内容的更新,使用户匿名得到一个新的凭证。 在对匿名口令认证密钥协商的研究中,本文首先提出了两个攻击方案:针对Shin等人的TAP(t≥2)协议的内部假扮攻击和针对TAP(t≥2)协议以及Viet等人的k-out-of-n APAKE协议的离线字典攻击。前者破坏了协议的认证性,内部攻击者可以假扮服务器与用户建立会话密钥。后者破坏了协议最基本的对口令的安全保护,使得内部攻击者可以离线猜测组内所有用户口令。然后,本文提出了一个新的两方的匿名口令认证密钥协商协议:NAPAKE,并在Square Computational Diffiee-Hellman困难假设以及Decision Inverted-Additive Diffie-Hellman困难假设下证明其安全性。同时,还进一步将其扩展为D-NAPAKE协议,以实现多方的匿名口令认证密钥协商,该协议可以抵抗上面的两个攻击。
Resumo:
分析了现有的网格认证框架中存在的问题,提出了一种基于身份的多信任域网格认证模型.该模型以基于身份的PKI为基础,避免了基于传统PKI的认证框架的诸多缺点.同时,该模型提供了跨信任域的双向实体认证功能.模拟试验表明,该认证模型比基于传统PKI的认证框架更轻量、更高效.而且由于该模型可以在多信任域的环境下工作,故而比W Mao提出的只能在单一信任域中工作的认证框架更符合网格认证的实际需要.
Resumo:
Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.
Resumo:
The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.
Resumo:
National Natural Science Foundation of China; Dalian University of Technology
Resumo:
Kerberos是一个成熟的产品,广泛应用于金融、邮电、保险等行业.但仍存在一些隐患,例如:重放攻击、密码猜测、会话中选择明文攻击等等.该文针对Kerberos系统登录时可能遭到密码猜测,即所谓的离线字典攻击(Off line Dictionary Attack)的问题,提出一种基于椭圆曲线的零知识证明方法对系统进行改进,并给出相应的协议.
Resumo:
Swertia mussotii is an important species in Tibetan folk medicine. However, it is quite expensive and frequently adulterated, so reliable methods for authentication of putative specimens and preparations of the species are needed to protect consumers and to support conservation measures. We show here that the chloroplast (cp) DNA rpl16 intron has limited utility for differentiating S. mussotii from closely related species, since the cpDNA rpl16 sequences are identical in S. mussotii and two other species of Swertia. However, the rDNA internal transcribed spacer (ITS) sequences differ significantly between S. mussotii and all of 13 tested potential adulterants. Thus, the ITS region provides a robust molecular marker for differentiating the medicinal S. mussotii from related adulterants. Therefore, a pair of allele-specific diagnostic primers based on the divergent ITS region was designed to distinguish S. mussotii from the other species. Authentication by allele-specific diagnostic PCR using these primers is convenient, effective and both simpler and less time-consuming than sequencing the ITS region.