金康双,王泽兵,冯雁,陈海燕

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.034

2004-01-01

Abstract:Session Initiation Protocol(SIP) is the Internet Engineering Task Force (IETF) standard for IP telephony,and it has a promising applied prospect.In this work,the security authentication mechanism used by SIP is described.Moreover an experimental performance analysis of the SIP security mechanisms is provided,which based on the open source Java implementation of a SIP proxy server.

Meng Li,Xiaohu Yang

DOI: https://doi.org/10.1109/ICCET.2010.5486114

2010-01-01

Abstract:Nowadays, more and more J2EE applications are deployed in distributed environment. Existing session management models are no longer competent in this context. In order to satisfy the demand on performance, scalability and reliability of session maintenance, this paper presents an improved HTTP session management model in distributed environment with a simplified heterogeneous front-end and a distributed cache based back-end. Theoretical analysis based on graph theory and probability theory is applied to both existing model and the improved model, which proves that the latter is much better in many aspects. A prototype session manager based on this model is implemented. The result of a performance benchmark upon a standard J2EE application shows its improvement.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Bao Liu,Minhua Shi,Deren Chen

2001-01-01

Abstract:Web Services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the Web. Yet the problem emerges as different Web Services interoperate each other. In this paper we recommend the Simple Object Access Protocol (SOAP)[1] as the communication standard in the Web Services Architecture to solve the problem.First, we describe what is Web Services and present the architecture of it. Then, according to the challenge that Web Services faces, we address the key enabling technologies of which SOAP be composed. SOAP has many advantages that other binary protocols, such as Java RMI, do not have. Finally, by introducing an E-business model based on the integration of SOAP, UDDI [2], MQ [3] etc., we show the manner and flow of SOAP to implement Web Services architecture.

Mh Shi,Dr Chen,Lj Zhang

2002-01-01

Abstract:With the advent of dynamic e-business and its open standards-based supporting technologies, valuable legacy applications that support essential business processes in enterprises can join this new area of distributed computing. In this paper, we introduce a framework for enterprise integration with universal web services model. We propose an integration framework based on the Software Integration Markup Language (SIML), which is an XML based markup language designed to describe e-business applications and enterprise integration.

Haojiang Gao,Xiao Tian-yuan

2011-01-01

Abstract:To overcome the shortcomings of SAML(security assertion markup language),the following improvements are done.Web sites group-based session life cycle is defined.Reverse query on-line user(RQOU) protocol,and logout of fixed logon(SOFL) protocol is designed.Avoiding duplication login method is given.Domain-crossed SSO problem is resolved.A data synchronization strategy is stated,which simplifies legacy system integration.A SSO system based on these designs is used in a state-owned bank in China,which has reduced system management costs and improved productivity,and then satisfies the enterprise requirements.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

Wang Changji,Yang Bo,Wu Jianping

DOI: https://doi.org/10.1007/s11767-005-0007-z

2005-01-01

Abstract:In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang’s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang’s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.

Jian-bin Hu,Hu Xiong,Zhong Chen

2012-01-01

Abstract:Seamless roaming is highly desirable for wireless communications, and security such as authentication and privacy preserving of mobile users is challenging. Recently, Wu et al. and Wei et al. proposed two authentication schemes that guarantee user anonymity in wireless communications, respectively. However, Kang et al. pointed out some security flaws of Wu et al.’s and Wei et al.’s authentication schemes and showed how to overcome the problems regarding anonymity and the forged login messages. In this paper, we will show that Kang et al.’s improved scheme still did not provide user anonymity as they claimed and give a further improvement to fix the problem without losing any features of the original scheme.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1109/ISCC.2013.6754982

2013-01-01

Abstract:With the rapid development of the Internet, web service technology has been extensively used in distributed applications and is highly likely to replace other various technologies for the distributed application development. However, concerning most hard issues of the web services authentication, no proper solutions have been discovered and available for use now. Due to its dynamic and cross-domain characteristics, web services authentication is confronted with new challenges and difficulties. Each service or autonomous domain may have their separate authentication technologies and identity token types. Meanwhile, the same services may adopt different authentication technologies in terms of different application scenarios. Therefore, the difficult question arises as how to design an integrated and flexible architecture to enhance trust in web services. According to our findings, presented in this paper is a policy-based architecture for web services authentication termed PBA4WSA. Compared with the other architectures, the PBA4WSA can better satisfy the characteristics of web services.

Cheng Zhan,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.007

2008-01-01

Abstract:Web Service security problem is one of the highlighted topics in information security area recently.This article presents two security mechanisms for Web Services,transport-level security and message-level security.Then the security technology used to implement message-level security is introduces in detail.Finally,it gives a conclusion to Web Service security and proposes a new Web Service layered security model.

XU Feng,LIN Guo-Yuan,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.02.001

2005-01-01

Computer Science

Abstract:Security is currently one of the biggest concerns about future development of Web services. This paper brief reviews the state of the research for access control in the Web service environment. In this paper,we first discuss the way to study the access control technology from the protocol stack of the Web services. Then we discusscd the access control technology of XML documents and the SOAP protocol,as well as correlation standard. Finally,the conclusion is given and the problems are pointed out,which should be resolved in further reserach.

HU He,ZHANG Qin,CHEN Guo-qing,YANG Yang

DOI: https://doi.org/10.3724/SP.J.1087.2011.00577

2011-01-01

Journal of Computer Applications

Abstract:In order to achieve the goal of unified scheduling and unified management in application system,unified authentication and authorization has become more and more important and sophisticated.The background and the goal of unified authentication and unified authorization system were analyzed firstly,then the unified authentication,authorization and Web services were analyzed and compared,and a unified method of authentication and authorization in enterprise combining the Web services was proposed;therefore,it was more convenient to administer the concrete application system for administrator,which truly reconstructed completely unified authentication and authorization,and the design and implementation of the concrete service specification(or interface) by the practical project were given.

Bruce Ndibanje,Hoon-Jae Lee,Sang-Gon Lee

DOI: https://doi.org/10.3390/s140814786

IF: 3.9

2014-08-13

Sensors

Abstract:Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.