LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

Jian Wang,Haihang Wang,Chengxiang Tan

2009-01-01

Journal of Computational Information Systems

Abstract:The wireless way that terminal devices connected to mobile networks communicate with fixed-IP networks brings serious hidden trouble to security. To ensure the security of mobile access, a mobile security access system (SMAS) based on IPSec VPN is designed and implemented. This system adopts multi-factor authentication mechanism based on both smart card and X. 509 certificates to meet security requirement, and adaptive VPN dial-up policy and hardware encryption card to improve system efficiency. Test results show that the system can ensure the communications security between mobile devices and fixed-IP networks perfectly with a high efficiency. Copyright © 2009 Binary Information Press.

陆敏锋,平玲娣,李卓

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.051

2010-01-01

Abstract:Aiming at the problem that the IPSec-based VPN product, this paper designs and achieves a IPSec-based VPN test system running on the Linux platform. This paper introduces the IPSec protocol and its architecture, and presents the design and achievement of the test system through analyzing the principle of the IPSec protocol. Experiment result shows that this test system is feasible and effective.

QIAN Ya-li,ZHAO Guang-zhou

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.01.009

2007-01-01

Abstract:The three configurations of long-distance monitor and control area protecting system was introduced.The actualization of communication module was discoursed,the module was divided into two parts,one was the Modem and COM communication actualization,the other was the monitor layer and measure layer communication actualization.

Yang Haomiao,Sun Shixin,Xu Jiyou

DOI: https://doi.org/10.13382/j.jemi.2008.02.017

2008-01-01

JOURNAL OF ELECTRONIC MEASUREMENT AND INSTRUMENT

Abstract:The design of encryption system for SMS(short message service) of mobile phone was introduced,which adopts ARM processor S3C2410,GSM module TC35 and embedded Linux Operating System.Using identity-based encryption algorithm,the private information in the short message is securely encrypted and transmitted so that only the designated recipient of this message is able to decrypt and understand what it contains.The private key stored in the mobile phone is periodically updated non-interactively.Test result shows that the confidentiality and real-time requirements of the system could be achieved with the processor and the algorithm mentioned above.In addition,the system features forward security,i.e.,even if the mobile phone was lost,the previous encrypted short message would remain secret.Consequently,the system could meet the security requirements of SMS for mobile commerce system.

Chi-Chun Lo,Yu-Jen Chen

DOI: https://doi.org/10.1109/30.809184

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

telecommunications,engineering, electrical & electronic

吴越,疏朝明,卜勇华,胡爱群,毕光国

DOI: https://doi.org/10.3321/j.issn:1000-436x.2003.08.025

2003-01-01

Abstract:This paper has an overall research on security communication mechanism for IPSec based Virtual Private Network,discusses fundamental principles of various security service such as data origin authentication,integrity protection,anti-replay protection and their software implementation,illustrates the details of the security key exchange mechanism on non-secure public IP based network through a set of parameters negotiation,then presents a software implementation of Client/Server model WN key exchange upon LINUX operation system ,at last it gives IPSec security analysis and prospective view of the future research.

杨传舜,李明禄

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.z1.242

2004-01-01

Abstract:This paper introduces the scheme of a secure SMS platform, which is based on Web service technology and Web service security model. It introduces Web service and Web service security architecture. It describes the detail design of secure SMS platform in demo project. It also discusses some possible potential problems of Web service and WS-Security technology, including performance,responsibility and extensibility.

Zeyu Lei,Yuhong Nan,Yanick Fratantonio,Antonio Bianchi

DOI: https://doi.org/10.14722/ndss.2021.24212

2021-01-01

Abstract:SMS messages containing One-Time Passwords (OTPs) are a widely used mechanism for performing authentication in mobile applications. In fact, many popular apps use OTPs received via SMS as the only authentication factor, entirely replacing password-based authentication schemes. Although SMS OTP authentication mechanisms provide significant convenience to end-users, they also have significant security implications. In this paper, we study these mobile apps' authentication schemes based on SMS OTPs, and, in particular, we perform a systematic study on the threats posed by "local attacks," a scenario in which an attacker has control over an unprivileged third-party app on the victim's device. This study was carried out using a combination of reverse engineering, formal verification, user studies, and large-scale automated analysis. Our work not only revealed vulnerabilities in third-party apps, but it also uncovered several new design and implementation flaws in core APIs implemented by the mobile operating systems themselves. For instance, we found two official Android APIs to be vulnerable by design, i.e., APIs that inevitably lead to the implementation of insecure authentication schemes, even when used according to their documentation. Moreover, we found that other APIs are prone to be used unsafely by apps' developers. Our large-scale study found 36 apps, sharing hundreds of millions of installations, that misuse these APIs, allowing a malicious local attacker to completely hijack their accounts. Such vulnerable apps include Telegram and KakaoTalk, some of the most popular messaging apps worldwide. Finally, we proposed a new and safer mechanism to perform SMS-based authentication, and we prove its safety using formal verification.

马淑萍,阳小华,李海燕

DOI: https://doi.org/10.3969/j.issn.1673-0062.2004.02.018

2004-01-01

Abstract:In current VPN applications,IPSec-based VPN is followed with great interests.This paper analyzes safe system structure,implementation strategy of IPSec and problems needed to pay attention to.Some integrated solutions to realize VPN are also provided.

Guan-Hua Tu,Chi-Yu Li,Chunyi Peng,Yuanjie Li,Songwu Lu

DOI: https://doi.org/10.1145/2976749.2978393

2016-01-01

Abstract:SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.

徐树山,张春,宁彦卿,王志华

DOI: https://doi.org/10.3969/j.issn.1672-3600.2003.05.008

2003-01-01

Abstract:The transport protocols of SMS (Short Message Service)base on PSTN (Public Switch Telephone Network) was analyzed in detail in this paper. We also presented a rough SOC(System On Chip) scheme for SM-TE (Short Message Terminal Equipment) .

Safa Hamdare,Varsha Nagpurkar,Jayashri Mittal

DOI: https://doi.org/10.14445/22315381/IJETT-V11P230

2014-05-20

Abstract:Security of financial transaction in e-commerce is difficult to implement and there is a risk that users confidential data over the internet may be accessed by hackers. Unfortunately, interacting with an online service such as a banking web application often requires certain degree of technical sophistication that not all Internet users possess. For the last couple of years such naive users have been increasingly targeted by phishing attacks that are launched by miscreants who are aiming to make an easy profit by means of illegal financial transactions. In this paper, we have proposed an idea for securing e-commerce transaction from phishing attack. An approach already exists where phishing attack is prevented using one time password which is sent on users registered mobile via SMS for <a class="link-external link-http" href="http://authentication.But" rel="external noopener nofollow">this http URL</a> this method can be counter attacked by man in the <a class="link-external link-http" href="http://middle.In" rel="external noopener nofollow">this http URL</a> our paper, a new idea is proposed which is more secure compared to the existing online payment system using OTP. In this mechanism, OTP is combined with the secure key and is then passed through RSA algorithm to generate the Transaction password. A copy of this password is maintained at the server side and is being generated at the user side using a mobile <a class="link-external link-http" href="http://application.So" rel="external noopener nofollow">this http URL</a> that it is not transferred over the insecure network leading to a fraudulent transaction.

Cryptography and Security,Social and Information Networks

Wang Jian,Liu Xu,Ji Xiaoyong

DOI: https://doi.org/10.1109/ICEE.2010.898

2010-01-01

Abstract:Information security is a necessary safeguard for mobile e-commerce and a secure communication system to obtain high quality secure communication in wireless environment is introduced, which is integrating three kinds of encryption algorithms including AES, RSA and CPRS chaos encryption. Secure communication framework based on three-layer encryption model is proposed: (1) AES layer of system code decrypt, system boot and the system self-destruct; (2) RSA layer of authentication, key negotiation and key management functions; (3) CPRS layer of communication data stream encryption and decryption. The implementation and optimization of the above-mentioned three kinds of algorithms are discussed. The experiments show the three kinds of encryption algorithms are safe and reliable to achieve a high degree of secure communication.

AN Ji-yong,XIA Shi-xiong

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.27.018

2010-01-01

Abstract:By analyzing MPLS VPN can not fully ensure security and integrity of data and it’s difficult to access to VPN for the mobile user. Taking advantage of MPLS VPN and IPSec VPN, and forwarding a new project of IPSec based MPLS VPN and IPSec VPN based CE device for ensuring data security and accessing to VPN for mobile users. The project can share the advantages of IPSec’s high security and mobility and MPLS’S high speed switching, QOS guarantee and flow engineering as well as expand ability.

谭婷,宁闪,宋健,张宝杰

DOI: https://doi.org/10.3969/j.issn.1671-1815.2009.17.027

2009-01-01

Abstract:Based on a deep study of the existing scheme of IPv6 end-to-end secure channels for closed members and IPSec protocols,combining mobile nodes characteristic in mobile IPv6 network,a new extended secure communications scheme is proposed for mobile IPv6.By introducing several distributed network management nodes,and using Mobile IKE(MOBIKE)instead of existing IKE protocol,the existing proposal is appled into mobile IPv6 network environment properly.Finally,the proposal is verified by simulation and analysis of this scheme.

Dong Wang,Xiaosong Zhang,Jiang Ming,Ting Chen,Chao Wang,Weina Niu

DOI: https://doi.org/10.1155/2018/7849065

2018-07-04

Wireless Communications and Mobile Computing

Abstract:Firmware vulnerability is an important target for IoT attacks, but it is challenging, because firmware may be publicly unavailable or encrypted with an unknown key. We present in this paper an attack on Short Message Service (SMS for short) authentication code which aims at gaining the control of IoT devices without firmware analysis. The key idea is based on the observation that IoT device usually has an official application (app for short) used to control itself. Customer needs to register an account before using this app, phone numbers are usually suggested to be the account name, and most of these apps have a common feature, called Reset Your Password , that uses an SMS authentication code sent to customer phone to authenticate the customer when he forgot his password. We found that an attacker can perform brute-force attack on this SMS authentication code automatically by overcoming several challenges, then he can steal the account to gain the control of IoT devices. In our research, we have implemented a prototype tool, called SACIntruder , to enable performing such brute-force attack test on IoT devices automatically. We evaluated it and successfully found 12 zero-day vulnerabilities including smart lock, sharing car, smart watch, smart router, etc. We also discussed how to prevent this attack.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jin-long Hu,Ling Zhang,Yong Xu,Zhao Ye

DOI: https://doi.org/10.3969/j.issn.1000-565X.2012.04.001

2012-01-01

Abstract:As the traditional software-based SIP security schemes are vulnerable to embezzlement, deception and invasion, a dual authentication framework combined with the trusted computing technology is proposed for endpoint system and user identity. Then, a new SIP security scheme for Internet multimedia communication is presented, which takes advantage of the trusted platform module and the direct anonymous attestation algorithm to design a new registration sub-protocol for improving the security of multimedia communication systems. Moreover, the security of the registration sub-protocol is verified by using the provable security model, and the characteristics of the whole scheme are finally analyzed.

LIN Ting-Ting,LAI Xue-Jia

DOI: https://doi.org/10.3724/sp.j.1001.2013.04356

2014-01-01

Journal of Software

Abstract:In traditional cryptographic model, it is assumed that the communication end points and computing environments of a cryptosystem are trusted. But this model becomes increasingly frailer with the development of the attack method. In the white-box attack model, the adversary can get not only access to the same resources as in the traditional cryptographic model but also total visibility of the internal implementation of the cryptosystem and full control over its execution environment, so it has the higher level of secure significance. The white-box SMS4 implementation, which was proposed in 2009, is aimed at protecting SMS4 operated in the white box context against key exposure. In this paper, based on the review of previous research, we propose an efficient attack and explain in detail how to extract the round key embedded in such a white box SMS4 implementation, with worst time complexity 2. As a result, we show that the white-box method is unreliable and provide reference for the secure white-box implementation.

Jun Bi,Jianping Wu,Wenmao Zhang

DOI: https://doi.org/10.1504/ijiids.2007.014950

2007-01-01

International Journal of Intelligent Information and Database Systems

Abstract:The Internet e-mail service based on SMTP protocol is an important information infrastructure. Meanwhile, the instant messaging becomes an emerging Internet application. This paper presents a security e-mail system based on instant messaging protocol to resolve the problem of SPAM. After introducing the design of architecture, client system and server system, this paper presents the security and reputation mechanism. To support the incremental deployment, this paper also discusses the interoperation between XMPP based e-mail system and SMTP based system, and presents the solution for transition from current e-mail system to the new system.