40 resultados para Security protocol
em Chinese Academy of Sciences Institutional Repositories Grid Portal
Resumo:
IEEE Computer Society
Resumo:
We present a layered architecture for secure e-commerce applications and protocols with fully automated dispute-resolution process, robust to communication failures and malicious faults. Our design is modular, with precise yet general-purpose interfaces and functionalities, and allows usage as an underlying secure service to different e-commerce, e-banking and other distributed systems. The interfaces support diverse, flexible and extensible payment scenarios and instruments, including direct buyer-seller payments as well as (the more common) indirect payments via payment service providers (e.g. banks). Our design is practical, efficient, and ensures reliability and security under realistic failure and delay conditions.
Resumo:
Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.
Resumo:
The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.
Resumo:
Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.
Resumo:
针对用于移动通信的可证安全的双向认证密钥协商协议MAKAP给出了一种有效攻击,指出谊协议存在安全缺陷,它不能抵抗未知密钥共享攻击.分析了这些安全缺陷产生的原因,并给出了一种改进的协议MAKAP-I.改进后的MAKAP-I协议不但是可证安全的,而且无论从计算开销、通信开销、存储开销以及实现成本等方面,都比原MAKAP协议更高效、更实用.
Resumo:
在串空间理论模型引入了描述DH问题的方法以及分析猜测攻击的攻击者能力,对基于口令认证的密钥交换协议的安全性进行了形式化分析.提出一个对DH-EKE协议的简化,并证明了该协议的安全性:口令的秘密性,认证性,以及会话密钥的秘密性.根据分析给出基于口令认证的密钥交换协议抵抗猜测攻击的基本条件.将分析方法应用到基于口令的三方密钥交换协议上,给出单纯基于口令进行密钥交换协议的安全性需要满足的一个必要条件.
Resumo:
分析了朱建明,马建峰提出的匿名无线认证协议的匿名性安全缺陷,提出了一种改进的匿名无线认证协议(IWAA),并用对其匿名性进行了形式化的安全分析。分析表明改进后的协议不仅实现了身份认证,而且具有很强的匿名性,满足无线网络环境匿名性的安全需求。
