zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

WANG Jun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2012.23.013

2012-01-01

Abstract:Along with the social informatization is getting higher and higher,the data stored in the DBMS to security requirements are also gradually improve.Systems generally will require the user to input the password,that is,by setting a password to protect the security of the database.It’s talking about commonly used methods of password analysis about database encryption.It’s obvious that encryption algorithm has been greatly enhanced in the new version through to the contrast analysis between an encrypted database of Access 2003 and an encrypt ed database of Access 2010,improved the password security of Access 2010.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Ping Wang,Ding Wang,Xinyi Huang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160483

2016-01-01

Abstract:Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

王德强,张锐,谢立,宋娇

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.12.004

2002-01-01

Computer Science

Abstract:Being an important part of Information System, Database Security has absorbed much attention fordecades. First, we bring forth the Database Security's contents, properties of data: sensitivity, integrity and availabil-ity. Several access control models to guarantee these properties are described in this paper. Due to the challengesbrought by advanced DBMSs such as OODBMS and ADBMS, we also discuss some security topics in these fields. Atthe end of this paper, the encryption control and inference control are reviewed together with some trend of thedatabase security technology in the future.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Jiwei Li,Xuewei Ding,Yuchen Jiang,Yongqi Ai,Zhen Jia,Xinyi Zhang

DOI: https://doi.org/10.1145/3661638.3661710

2024-01-01

Abstract:Due to the limited ability to authenticate user access attributes, the control effect of database access is difficult to achieve the desired state. Therefore, an identity based database security access control method is proposed. In the stage of building identity trust relationships in cloud services, a trust transfer model was designed, with a trust chain consisting of guarantee nodes and recommendation nodes, allowing users to establish a direct trust relationship between accessing the database through identity authentication. The cloud service provider (CSP) was used as a trusted third party to establish mutual trust relationships between different domains, and the identity authentication gateway was used as a special identity of the domain trust proxy, Use a gateway token as the information credential for trust transfer, thereby achieving secure transfer of user identity between different domains. In the access control stage, the authentication of cloud service identity is achieved by combining trust relationships, and the permission to request database access is determined. In the test results, the interception rate of designing database access control methods for abnormal access has always been stable at over 98.0%, which can effectively ensure the security of database information, with the shortest response time and the least impact from the scale of concurrent access requests.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Xiaoqi Chen

DOI: https://doi.org/10.1088/1742-6596/1648/3/032102

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract with the rapid development of computer technology, global informatization has become the general trend of human development. Network computer accounting information system has brought convenient and fast information services to human beings, and has become an important guarantee for the development of enterprises. However, due to the characteristics of computer network, such as openness, interconnection and infinite space-time, the problem of network computer accounting information systematization has become very prominent, and security control is particularly important. It is the basic guarantee for the normal operation of the network computer accounting information system to recognize these security problems and take necessary preventive techniques and countermeasures. This paper discusses the security control of computer accounting information system based on network in the aspects of operating system control, database management, application program, etc., and introduces the authority system of SQL server.

Gilbert Notoatmodjo,Clark D. Thomborson

2009-01-01

Abstract:The security of many computer systems hinges on the secrecy of a single word - if an adversary obtains knowledge of a password, they will gain access to the resources controlled by this password. Human users are the 'weakest link' in password control, due to our propensity to reuse passwords and to create weak ones. Policies which forbid such unsafe password practices are often violated, even if these policies are well-advertised. We have studied how users perceive their accounts and their passwords. Our participants mentally classified their accounts and passwords into a few groups, based on a small number of perceived similarities. Our participants used stronger passwords, and reused passwords less, in account groups which they considered more important. Our participants thus demonstrated awareness of the basic tenets of password safety, but they did not behave safely in all respects. Almost half of our participants reused at least one of the passwords in their high-importance accounts. Our findings add to the body of evidence that a typical computer user suffers from 'password overload'. Our concepts of password and account grouping point the way toward more intuitive user interfaces for password-and account-management systems.

王会,安常青,李学农,黄辉

DOI: https://doi.org/10.3969/j.issn.1000-7024.2002.04.005

2002-01-01

Abstract:In campus accounting system based on identity certification, it is very important to confirm the identity of users and prevent IP address embezzlement. Taking identity certification system of campus network for example, this article describes the theory and implement in detail.

BT Hsieh,HM Sun,T Hwang

DOI: https://doi.org/10.15388/informatica.2003.014

2003-01-01

Informatica

Abstract:In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off-line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off-line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.

Suyun Borjigin

2024-05-31

Abstract:Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is useless. If unauthorized inputs are invalidated, remote attacks can be disabled. Thus, credential secrets and account input fields can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks. Thus, the usability-security tradeoff and password reuse issues are resolved; local authentication password storage is no longer necessary. More importantly, the password converter acts as an open hashing algorithm, meaning that its intermediate elements can be used to define a truly unique identity for the login process to implement a novel dual-identity authentication scheme. In particular, the system-managed elements are concealed, inaccessible, and independent of any personal information and therefore can be used to define a perfect unforgeable process identifier to identify unauthorized inputs.

Cryptography and Security,Emerging Technologies,Systems and Control

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

WANG Ke,ZOU Jia,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.027

2008-01-01

Abstract:Malicious software can enter and do damage to a computer system.This paper presents a real-name software authentication concept with a system security mechanism based on the public key digital signature technique composed of a software identification model and a software authentication model.The implementation scheme for the software identification tool is based on static and dynamic authentication in Windows.The algorithm checks whether the code is what it claims to be and its integrity to prevent malicious-ware from running on the system to more strongly ensure the computer system security.

马晨华,陆国栋,裘炅,赵阳

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.22.018

2003-01-01

Abstract:This paper builds a center encryption server to provide centralized encryption services for entire database environment. This solution separates encryption keys from the encrypted data stored in the database and prevents intruders from stealing the crucial information. In order to offer a better key management strategy and a better access control scheme, a user identity code model is developed. By introducing the model into the encryption system, the encryption key management can be enhanced,and many problems in access control can be prevented effectively.

LU Li,SONG Jin-lin,DENG Feng,DAI Hong-wei,GAO Xiang

2008-01-01

Abstract:Objective To develop a security system for stomatological electronic medical record network system.Methods On the basis of Windows 2000/XP operation system,XML based on HL7,oracle9i database,client/server architecture,the stomatological electronic medical record network security system was built up by usernames and passwords encipherment with MD5 technique,roll allocation,rank management and right constraint,trail reservation,auditment and tracing,DES encipherment,data backup,real-time monitoring,network security control and double servers warm-back-up.Results The stomatological electronic medical record network security system based on local-area network was successfully built up,and was assured in imput,revision,preservation and transportion.Conclusion This system met the security management needs for stomotological hospital information system and improved the information management in stomotological hospitals.