TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Jiang-pei Xu,Li-ji Wu,Xiang-jun Yang,Yu-zhong Wang,Xiang-min Zhang

DOI: https://doi.org/10.1109/WOCC.2013.6676466

2013-01-01

Abstract:Generally, Java Card mainly consists of the following parts: COS (Chip Operating System), JCVM (Java Card Virtual Machine), and API (Application Programming Interface). As a multi-application system, Java Card itself is very complicated, so it may inevitably exist some security vulnerabilities inside. Based on these parts of Java Card, we can find out some detectable points to its security vulnerabilities. This paper presents a method containing a specific case to test Java Card on array access, aiming to detect the possible security vulnerabilities of JCVM. In this paper, three different kinds of Java Cards have been tested and the test result has been described. From the test result, we successfully find out a security vulnerability of JCVM.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Qin Jun,Wang Zhengfei,Tan Zijing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.12.002

2006-01-01

Abstract:The protection of sensitive data in database is an important aspect on information security.It becomes more and more exigent to incorporate security features into DBMS.In this paper,a methed is presented that makes DBMS support database encryption by modifying the implementation of DBMS.This method doesn't affect the functionality of DBMS and decreases the performance of DBMS little.This paper also presents correlative key management architecture that makes the management of key secure and effective.Finally,the performance of database encryption is assessed by experimenting on TPC-H data set.

Zhicong Li,Li Ling

DOI: https://doi.org/10.3969/j.issn.1007-757X.2018.04.019

2018-01-01

Abstract:Compared with the traditional Native card,the Java smart card is more open and versatile,and has been widely used abroad.In the field of domestic mobile payment,if Java Card technology is applied,mobile payment can take advantage of its rich functionality and high security to deal with the new requirements emerging from the development of mobile payment industry.The first part of this paper briefly introduces the Java Card platform.The second part discusses the technical architecture of Java Card.Then the third part analyzes the advanced features of the Java Card platform.And the fourth part is about the security of the Java Card platform.The application of Java Card technology in mobile payment field is discussed in the fifth part.

Mei Hong,Hui Guo,Bin Luo

DOI: https://doi.org/10.1109/FGCN.2008.25

2008-01-01

Abstract:A multi-service smart card system enables users to access different services over an open network with a single smart card. Due to its highly economic and social benefits, the multi-service smart card system has drawn much attention in industrial and academic areas. However, the big hindrance to its wide employment is the risk of breaching user service confidentiality and privacy across different service systems. This paper proposes a secure multi-service system model to overcome such a problem. The model allows users to access different services with a single password. The privacy and service confidentiality are achieved through a set of protections-password protection, user identity protection, and service transaction protection-to guarantee the user¿s anonymity to all service systems and ensure high unlinkability between different services.

李莹,殷中科,曹晓,邓水光

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.03.002

2012-01-01

Abstract:The security performance of the Schnorr signature protocol for JavaCard was analyzed in order to enhance security and improve the efficiency. A linear cryptanalysis scheme based on key-recovery attack against the signature protocol was presented, and the feasibility of the attacking method was proved by a case of successful attack. On this basis, a notion of security preprocessing was proposed, which is a linear detection based scheme. The linear detection random numbers and corresponding variables were stored in the special areas of JavaCard. This approach can avoid generation of random number and the complexity modular exponentiation when the digital signature is created in card. Security performance analysis result shows that the proposed scheme not only can promote the operation speed effectively with the same hardware platform and cryptography intensity, but also avoids a type of linear cryptanalysis.

Wayne Jansen,Tom Karygiannis

2002-01-01

Abstract:In current mobile agent systems, the research of protecting a host from possibly malicious mobile agents has made great progress, but reverse problem, namely protecting the agent from malicious hosts has not. This paper puts forward a scheme that uses JavaCard to provide a secure execution environment. First, attack of agent is analyzed. Then the detailed solution based on JavaCard is given.

YUAN Chun,WEN Zhen-kun,ZHANG Ji-hong,ZHONG Yu-zhuo

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.11.023

2006-01-01

Abstract:Researchers on security database concern more and more the security threats from DBA(database administrator),for its resulting in increasing crime to internet commercial databases which exist in the mode of ASP(Application service provider) recently,and its theoretic and technical hardness.Traditional access control could not provide enough security for the purpose,cryptographic security database becomes a promising scheme favored by its computing complexity of mathematical difficulties.We analyse various and up to date security threats to distributed database application systems,and give an overview for cryptographic access control and encryption database technology.Each class and approach is described and evaluated with its cryptographic principle,algorithm characters and positive and negative performance.We focus on the term of cryptanalysis of the schemes,which is considered the crucial points of the technology.

Mei Hong,Hui Guo

2009-01-01

International Journal of Security and Its Applications

Abstract:A multi-service smart card system enables users to access different services over an open network with a single smart card. Due to its highly economic and social benefits, the multi-service smart card system has drawn much attention in industrial and academic areas. However, the big hindrance to its wide employment is the risk of breaching users privacy and their service confidentiality across different service systems.This paper proposes a secure multi-service system model to overcome such problems. The model allows users to access different services with a single password. The privacy and service confidentiality are achieved through a set of protections-password protection, user identity protection, and service transaction protection-to guarantee the users anonymity to all service systems and ensure high unlinkability between different services

Bao Yong

Abstract:A new model of database encryption system based on extended stored procedure is introduced,and its main module is given. Extended stored procedure and user-defined functions are used in the model to encapsulate dynamic link library so as to implement data encryption.And a smart card is used to store two levels of keys.The safety of database system is improved based on without affecting the original function.

Engineering,Computer Science

孙克辉,盛利元,杨宏

2003-01-01

Abstract:The information security of smart IC card is the base of its existing and developing. In this paper,the basic structure of smart IC card is introduced,and on the basis of the analysis for present state of information encryption techniques,the principles of several usual information encryption algorithms,such DES,RSA,and their realization are discussed in detail,At last,a new encryption method-chaos sequence encryption is analyzed bricfly.

Wenting Li,Yaosheng Shen,Ping Wang

DOI: https://doi.org/10.1007/s11265-017-1305-z

2017-01-01

Abstract:Smart-card-based user authentication is a significant security mechanism that allows remote users to be granted access to services and resources in distributed computing environments. In this paper, we review three password-based authentication schemes with smart cards proposed by Mishra et al., in JISA 2015, Wu et al. in SCN 2015 and Moon et al. in IJNS 2017, respectively. We demonstrate that: (1) Despite being armed with a formal security proof in all schemes, Mishra et al.’s scheme actually cannot achieve the claimed feature of user anonymity and is vulnerable to a new insider attack scenario; and (2) Wu et al.’s scheme remains being susceptible to de-synchronization attack as they stated to overcome the weaknesses of Kumar et al.’s scheme. (3) Moon et al.’s scheme cannot achieve user anonymity and is susceptible to a novel impersonation attack. Furthermore, with the cryptanalysis of these three schemes and our previous protocol design and analysis experience, we figure out two principles to design more robust smart-card-based user authentication schemes. The proposed principles would be helpful to protocol designers for proposing schemes with desirable user friendliness and security.

Kun Gu,Liji Wu,Xiangyu Li,Xiangxin Zhang

DOI: https://doi.org/10.1109/cis.2011.149

2011-01-01

Abstract:Information security is very important for the smart cards. Electromagnetic analysis (EMA) attack is a common method of side channel attacks which is a serious threat for the security of smart cards. So it is necessary to build a system to estimate the ability of the smart card to resist EMA attack. In this paper, an automatic EMA system for smart cards is designed and implemented. This system can measuring the electromagnetic field of smart card and can also carry out EMA attack. To verify the effectiveness of this system, an EMA attack was successfully carried out by it on a FPGA which 3DES cryptographic algorithm was loaded and implemented. 3DES is widely used in bank IC card and USB key. It is important to make sure of the safety of these financial IC cards. The experimental results showed that the applicable electromagnetic field signal can be traced to estimate the ability of the security device to resist EMA attack.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Yiqi Dai,Jie Shang,Wei Chen,Su Zhongmin

1995-01-01

Abstract:At present, the prevalent database security management mechanism is deficient for the demand of security in many occasions. Therefore database encryption is an important method to solve the problem, and key distribution in management is the critical technique to construct an encrypted database. Key transformation, a new scheme for key distribution, is proposed in this paper, with its security and efficiency strictly demonstrated. Particularly, the two-level transform table introduced in this paper is characteristic of good operability, strong security, high running speed and low memory request. The database encryption management tool (DBEMT) based on this scheme shows satisfactory results.

Yong Zhang

DOI: https://doi.org/10.1109/EEBDA56825.2023.10090574

2023-02-24

Abstract:This paper innovatively proposes a database access information security management method under the big data platform. This paper first designs and implements a network information security management system based on B/S architecture. The system consists of a safety management platform management center, a WEB console, an agency center and a processing center. At the same time, the system covers a total of five sub-modules including security monitoring management, security policy management, event analysis and processing, security incident response and system management. Secondly, this paper constructs an attribute-based multi-authorization encryption system, which reduces the number of matching operations and improves the efficiency of password utilization. Then, this paper builds a user hierarchical role key tree in the big data platform user role authentication center, and describes the relationship between the big data platform user role and the encryption key of extremely sensitive information. Finally, simulation experiments are carried out in this paper. The results show that the establishment of the encryption system enhances the security of web page access information, and realizes the security management of information platform access information under the big data platform.

Computer Science