Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lein Harn,Hung-Yu Lin,Shoubao Yang

DOI: https://doi.org/10.1145/131214.131270

1992-01-01

Abstract:In the absence of systematic techniques to detect the existence of computer viruses, preventing suspicious software from entering the system at the initial point of entry appears to be the best method to protect computing resources against attacks of computer viruses. Currently, software is distributed primarily by diskettes instead of online transmission. Diskettes are more susceptible to modification and masquerading while on-line transmission usually follows proper user/message authentication. A software authentication system is proposed which does not require a mutually trusted center of both software vendors and users, or users' interaction with any key center. Vendors assume responsibility by signing released software and users verify the authenticity of received software before using it. Through such an authentication process, users eliminate the risk of running “unlicensed” or modified programs, thus eliminating the possibility of virus infections.

WANG Ke,ZOU Jia,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.027

2008-01-01

Abstract:Malicious software can enter and do damage to a computer system.This paper presents a real-name software authentication concept with a system security mechanism based on the public key digital signature technique composed of a software identification model and a software authentication model.The implementation scheme for the software identification tool is based on static and dynamic authentication in Windows.The algorithm checks whether the code is what it claims to be and its integrity to prevent malicious-ware from running on the system to more strongly ensure the computer system security.

Li Jiang,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-540-76788-6_6

2007-01-01

Abstract:Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

wentao liu

DOI: https://doi.org/10.1007/978-3-642-25349-2_18

2012-01-01

Abstract:The software protection is the key technology for the shareware and it can delay and prevent the software reverse and cracking. There are many methods such as junk code, anti-debug, virtual machine, deformation, packers, encryption and verification. The software registration is the most important step of protection and it can be implemented by many forms such as network registration, license key or file, dongle. This paper introduces and compares these protection methods. Some architectures of protection based on encryption and verification are provided and they are realized by RSA encryption and many verification methods which include self verification and key data verification. The method use the exe file and DLL file to protect each other and use the license file to check and provide software function. The method uses the RSA in the license key file to register and it can make it difficult to create the key generator for the cracker.

YANG Zhi-cun,XU Xi-bing,LI Yun-zhou,DING Guo-peng

DOI: https://doi.org/10.3969/j.issn.1005-1228.2011.02.011

2011-01-01

Abstract:There are two main methods,i.e.License Key and License File in software copyrights protection area based on soft mode.This paper constructed digital signature adopting public key cryptography technique and Hashing,and then proposed a new license flie generation and validation system,and also gave detailed design and implemention based on Libgcrypt which belongs to GNU.This system is easier and safer to use.

Stuart Heinrich

DOI: https://doi.org/10.48550/arXiv.1311.7182

2013-11-28

Cryptography and Security

Abstract:Many users would prefer the privacy of end-to-end encryption in their online communications if it can be done without significant inconvenience. However, because existing key distribution methods cannot be fully trusted enough for automatic use, key management has remained a user problem. We propose a fundamentally new approach to the key distribution problem by empowering end-users with the capacity to independently verify the authenticity of public keys using an additional media attestment. This permits client software to automatically lookup public keys from a keyserver without trusting the keyserver, because any attempted MITM attacks can be detected by end-users. Thus, our protocol is designed to enable a new breed of messaging clients with true end-to-end encryption built in, without the hassle of requiring users to manually manage the public keys, that is verifiably secure against MITM attacks, and does not require trusting any third parties.

蔡义望,罗平,彭小宁

DOI: https://doi.org/10.3321/j.issn:1000-0054.2003.01.026

2003-01-01

Abstract:A scheme was developed to identify commodity forgery, which assures the security of anticounterfeiting number and the validation procedure. The scheme uses on anticounterfeiting number with as symmetric encryption algorithm and Hash function. Publickey cryptography was used to assure the security of the symmetric key and parallel interface communication was used between the validating server and the Web server to avoid Internet attack and protect important data on the validating server. Various possible test attacks verity the security of the scheme.

LuYao Yang,WeiMing Tong,ZhongWei Li,Tong Wu

DOI: https://doi.org/10.1145/3501409.3501589

2021-01-01

Abstract:In order to solve the problem of poor security protection ability of terminal equipment in current industrial control system, combining digital signature technology based on public key infrastructure and secret sharing scheme, an authentication scheme for distributed industrial control system terminal is proposed in this paper. In the process of authentication, digital signature technology based on public key infrastructure is used to deliver secret shares. The existence of the trusted center T is no longer required. This solves the problem of key escrow, prevents illegal personnel from using the name of trusted center T to deliver fake secret shares to industrial control terminal equipment, and enhances the security and reliability of the whole control system. The analysis shows that the authentication scheme can realize the authentication function between the engineer station and PLC terminal equipment in the multi-machine cooperation scenario in the industrial control system, prevent the intrusion of external personnel, ensure that the network data will not leak, and ensure the data security to the greatest extent.

Siyu Gan,Gu, Chunhua,Xueqin Zhang

DOI: https://doi.org/10.1109/IEEC.2010.5533219

2010-01-01

Abstract:With the rapid development of E-Business systems, the technology of distributed services and security becomes research focus in the field of Internet based applications. The distributed E-Business application platform has strong security requirements and specific demands on secure user authentication. After analyzing the distributed authentication protocol and public key infrastructure (PKI), a method for distributed E-Business application authentication using public key cryptography is introduced in this paper. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved.

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

ZHANG Chunrui,XU Ke,HAO Xiangdong,LIU Yuan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.10.035

2009-01-01

Abstract:Many applications of engineering simulation need to control remote logins to linux systems and control them. However, almost all such applications use a username-password method for the identity authentication which is net very secure since the password can be easily guessed. This paper presents a digital certificate method for identity authentication in the SSH protocol to improve login security. A remote linux login system was developed to provide single sign-on. The results show that the certificate system for remote linux logins improves application security and workability.

L HARN,SB YANG

DOI: https://doi.org/10.1109/49.223877

IF: 16.4

1993-01-01

IEEE Journal on Selected Areas in Communications

Abstract:In 1984, A. Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he or she only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. The authors here propose three identity-based cryptographic schemes based on the discrete logarithm problem: the user identification scheme, the digital signature scheme, and the key distribution scheme. The schemes are based on the digital signature scheme of G.B. Agnew et al. (1990), which is reviewed.

HAN Jihong,GU Dawu,REN Yanli

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.05.044

2007-01-01

Abstract:In order to enhance the security of digital TV donditional access system,it is necessary to separate smart card and set-top box.So designing a secure,practicable mutual authentication and key agreement system between smart card and set-top box is critical.After analyzing the practical requirement,the paper proposes a mutual authentication and key agreement protocol based on identity-based public key cryptosystem.This protocol can resist man-in-the-middle attack,reflecting attack and interleaving attack.Moreover,comparing with certificate-based protocol,this protocol does not need the help of trusted third party.And it has less traffic,needs reasonable smart card computing amount and less storage space.

Qibin Sun,Shih-Fu Chang,Maeno Kurato,Masayuki Suto

DOI: https://doi.org/10.1109/ISCAS.2002.1011019

2002-01-01

Abstract:This paper presents a new semi-fragile framework aiming at extending public key signature scheme from message level to content level. The content signing procedure includes signature generation and watermark embedding while the content authentication procedure includes watermark extraction and signature verification. One main unique contribution is the novel use of error correction coding (ECC) to address the incidental distortions caused by some acceptable manipulations such as lossy compression. Another unique feature is integration of PKI security infrastructure and the hashing mechanism to achieve security and short signatures/watermarks. In the signing procedure, block-based invariant features are extracted from the image content and then encoded by ECC to obtain their corresponding parity check bits (PCB). All PCBs are then embedded back into image as watermarks for the purpose of authentication and locating content alteration. In addition, codewords are concatenated, hashed and finally signed by content owner's private key to generate a global cryptographic signature. The authentication procedure is the inverse procedure of signing except using content owner's public key for signature verification. After describing the proposed algorithm in details, an implementation example is given by combining our system with invariant features explored in earlier systems. Keywords digital signature, PKI, watermarking, image authentication, integrity protection, error correction coding

Jianhong Chen,Yu Long,Kefei Chen,Jie Guo

DOI: https://doi.org/10.1016/j.ins.2014.02.021

IF: 8.1

2014-01-01

Information Sciences

Abstract:In an attribute-based signature (ABS) system, a signature does not give proof of the identity of the individual who signed a message; it instead gives proof to a claim regarding the attributes that the underlying signer owns. For ABS, investigators have found many practical applications that require signer-attribute privacy. However, this approach is inadequate for handling scenarios in which the signing key is exposed due to viruses, worms or other break-ins that are allowed by operating-system holes. To overcome the limitation of existing ABS systems, we introduce the notion of an attribute-based key-insulated signature (ABKIS), in which signing keys are refreshed at discrete time periods via an interaction between the user and the helper (a physically-secure but computationally-limited device). We formalize this security model and propose a concrete ABKIS scheme, which is proven to be secure under the standard computational Diffie–Hellman assumption. Furthermore, as an application, a time-conditioned attribute-based proxy signature (TC-ABPS) is derived from our proposed ABKIS scheme. Another typical application of our scheme is for anonymous provider authentication in a bidirectional broadcasting service.

Lin Yuxi,Wang Zhaoheng,Wang Xingjun,Che XinYue,Tian Feng,Li Chengyu

2016-01-01

Abstract:Nowadays, more and more people are accustomed to using smart mobiles devices. According to NetMarketShare, in September 2015, Android occupies 53.54% of the smart mobile devices market shares. Digital Right Management (DRM) is recognized as an effective technology to protect the copyright of users. In DRM, the protection of private key is the basis of the system security. This paper presents an improved key distributed storage solution based on user credibility to protect user private key.

Travis Z. Suel

DOI: https://doi.org/10.48550/arXiv.1209.0967

2012-09-05

Abstract:Passwords are a fragile, inadequate, and insecure tool for authenticating users, and are especially fraught with problems when used to secure access to network resources and services. In many cases, passwords provide a false sense of security. Creating passwords which are both secure (i.e., hard for attackers to guess) and easy for humans to remember is, at best, a paradoxical task because these two criteria are diametrically opposed. Fortunately, a far more secure and user-friendly alternative is available. Public-key cryptography provides a means of both identifying and authenticating users without the need for passwords. KeyAuth is a generic and universal implementation of public-key authentication aimed at supplanting password-based authentication and significantly improving the security of network accessible resources by enhancing the usability of frequently used authentication mechanisms. KeyAuth is an application-, language-, operating system-, and protocol-independent public-key authentication service.

Cryptography and Security,Human-Computer Interaction