万久士,李翔,林祥

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.04.039

2010-01-01

Abstract:A large number of dynamic pages should be collected and interpreted in monitoring system of network media. A scheme based on JSSh(JavaScript Shell Server) is proposed for dynamic web page collection and interpretation. In the scheme, the Web browser with perfect page layout function is used to interpret dynamic pages. Experiment shows that the scheme is adaptive and has considerable reliability for collection of dynamic web page. The efficiency for information collection could fairly meet the requirement of monitoring system.

申伟,李翔,林祥

DOI: https://doi.org/10.3969/j.issn.1673-629x.2009.03.047

2009-01-01

Abstract:As development of Internet technology,there are more and more Web pages that can't be visited without identity authentication.In order to implement content security management over these Web pages,the abilities of current information collection unit should be improved.In order to resolve problem that traditional information collection unit can not retrieve Web page through identity authentication,proposes project the Information Collection Unit for Website which Need Identity Authentication.After introducing of Cookie technology and Website's identity authentication negotiation,adds Cookie content negotiation mechanism to original information collection unit to retrieve Web page that original unit can't support.In addition,provides an experiment to prove effectivity and practicability of new information collection unit.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Zhanghong Chen,Qinming He,ShenKang Wang

2001-01-01

Abstract:The exploding of information on the Internet requires new tool to deal with the information collecting work. While machine understanding relies heavily on the semantic of the web. Without semantically enriched content, the Web cannot reach its full potential. This paper describes a system to add semantic to semistructured data, which is the most common form on the web. We developed a script language to describe the semantic of the data and a processor to grab information according to the script. Since the system works on the web client side and does not need support by web servers, it can deal with the large amount of existing webs.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Guanglei Zhao,Xianping Si,Jingcheng Wang,Xiao Long,Ting Hu

DOI: https://doi.org/10.1109/ICMIC.2011.5973767

2011-01-01

Abstract:This paper presents a novel mutual identity authentication scheme which can be applied securely in Internet of Things. Based on secure hash algorithm(SHA), feature extraction and elliptic curve cryptography(ECC), we propose an asymmetric mutual authentication scheme between the platform and the terminal node, which imposes light computation and communication cost, through security analysis it is also shown that the proposed scheme is secure and feasible for applications in the Internet of Things.

He,Wei,Li,Xiu,Liu,Wenhuang

DOI: https://doi.org/10.3969/j.issn.1008-0570.2005.33.001

2005-01-01

Abstract:This paper investigates the importance of uniform identity authentication system for building knowledge sharing platform, and presents the general framework of this system. An architecture based on kerberos Protocol and Security Assertion Markup Language is used to solve the issue of the Single User Sign-on to Multiple Services. This paper also discusses the issue of organizing user's id and access control lists with the distributed directory tree method, and a real application model is presented. This system can provide a very effective and secure access on knowledge sharing system.

Haijiang Xie,Jizhong Zhao

DOI: https://doi.org/10.1007/s12083-014-0287-x

IF: 3.488

2014-01-01

Peer-to-Peer Networking and Applications

Abstract:The state of art authentication schemes are tightly linked with encryption or crypto systems, which provides concrete foundations to move towards the concept of access control by confirming the user identity. However the openness of the computer network makes the identity credentials vulnerable even transmitted as cipher text especially in lots of peer-to-peer (P2P) networks. The malicious attackers can possibly steal and fake the user identity by eavesdropping, hijacking, cryptanalysis and forging. In this paper, a novel identity authentication mechanism is proposed based on the reverse usage of the Network Covert Channel (NCC) which is originally designed by attackers to create stealth communication. Different from NCC, where the packet intervals can be exploited as the data carrier to transmit the unauthorized information, we exploit such capability in Network-Covert-Channel-based Identity Authentication (NCCIA) to transmit the identity tag. By validating user identity in a covert manner, we provide a more secure authentication method compared with many existing approaches. A NCCIA demo system is designed on a FTP Platform to verify our method. The experiments demonstrate the NCCIA can prevent the attackers from eavesdropping while maintaining transmission efficiency.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Xiong Li,Jian Ma,Wendong Wang,Yongping Xiong,Junsong Zhang

DOI: https://doi.org/10.1016/j.mcm.2012.06.033

2013-01-01

Mathematical and Computer Modelling

Abstract:With the purpose of using numerous different network services with single registration, various multi-server authentication schemes have been proposed. Furthermore, in order to protect the users from being tracked when they login to the remote server, researchers have proposed some dynamic ID based remote user authentication schemes for multi-server environments. Recently, Lee et al. have pointed out the security weaknesses of Hsiang and Shih’s dynamic ID based multi-server authentication scheme, and proposed an improved dynamic ID based authentication scheme for multi-server environments. They claimed that their scheme provided user anonymity, mutual authentication, session key agreement and can resist several kinds of attacks. In this paper, however, we find that Lee et al.’s scheme is still vulnerable to forgery attack and server spoofing attack. Besides, their scheme cannot provide proper authentication if the mutual authentication message is partly modified by the attacker. In order to remove these security weaknesses, we propose a novel smart card and dynamic ID based authentication scheme for multi-server environments. In order to protect the user from being tracked, the proposed scheme enables the user’s identity to change dynamically when the user logs into the server. The proposed scheme is suitable for use in multi-server environments such as financial security authentication since it can ensure security while maintaining efficiency.

Xiong Li,Yongping Xiong,Jian Ma,Wendong Wang

DOI: https://doi.org/10.1016/j.jnca.2011.11.009

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:Generally, if a user wants to use numerous different network services, he/she must register himself/herself to every service providing server. It is extremely hard for users to remember these different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Sood et al. analyzed Hsiang and Shih's multi-server authentication protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication, the session key agreement and can resist several kinds of attacks. However, through careful analysis, we find that Sood et al.'s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect. We propose an efficient and security dynamic identity based authentication protocol for multi-server architecture that removes the aforementioned weaknesses. The proposed protocol is extremely suitable for use in distributed multi-server architecture since it provides user's anonymity, mutual authentication, efficient, and security.

Yanan Sun,Xiaohong Guan,Ting Liu,Yu Qu

DOI: https://doi.org/10.1109/trustcom.2012.80

2012-01-01

Abstract:In the identity authentication, many advanced encryption techniques are applied to confirm and protect the user identity. Although the identity information is transmitted as cipher text in the Internet, the attackers can theft and fraud the identity by eavesdropping, cryptanalysis and forging. In this paper, a new identity authentication mechanism is proposed, which exploits the Timing Covert Channel (TCC) to transmit the identity information. TCC was originally a hacker technique to leak information under supervising, which uses the sending time of packets to indicate the information. In our method, the intervals between packets are applied to indicate the authentication tags. It is difficult for the attackers to eavesdrop, crack and forge the TCC identity, since the packets are too huge to analyze and the noise is different between the users and the attackers. A platform is designed to verify our proposed method. The experiment shows that the intervals and the thresholds are the key factors on the accuracy and efficiency. And it also proves our method is a secure way for identity information, which could be implanted on various network applications.

TAN Jinfu,SONG Anjun,PENG Qinke,Hu Baosheng

DOI: https://doi.org/10.3969/j.issn.1004-373x.2007.18.037

2007-01-01

Abstract:SSO technology is gradually applied in many fields of software systems.This paper introduces the requirements of SSO and analyzes the inner mechanism of SSO in web applications on the basis of Cookie technology.Besides,SSO is further expatiated on the aspect of security and performance,its risks and improvements needing to be done are pointed out.

Hsiao-Ling Wu,Chin-Chen Chang,Long-Sheng Chen

DOI: https://doi.org/10.1016/j.pmcj.2020.101177

IF: 3.848

2020-09-01

Pervasive and Mobile Computing

Abstract:<p>The Internet of Things technology allows devices automatically connect with others or a server for the purposes of exchanging data. People can conveniently integrate data from those devices for a smart home, vehicular ad-hoc network, e-Health, etc. In 2017, Wang et al. proposed a simple authentication scheme for the Internet of Things. Although they formally proved that their scheme is secure, they did not consider the privacy of devices and stolen verifier attack. In this paper, we first demonstrate the weaknesses of Wang et al.'s scheme. Accordingly, we present a higher security level authentication scheme to resist the above weaknesses.</p>

computer science, information systems,telecommunications

He Jiabei,Liu Xuchong,Wu Fan,Chen Chaoyang,Li Xiong

DOI: https://doi.org/10.1007/s11235-022-00911-4

2022-01-01

Abstract:Nowadays, the intelligent transportation system (ITS) has developed prosperously all over the world. As a key technique in ITS, vehicular ad-hoc network (VANET) supports fast transmitting while bringing security problems simultaneously. To ensure efficiency, those unprotected data transmitting at a high speed can be easily eavesdropped on or forged, which will badly damage the ITS. To authenticate the identities of the vehicles in VANETs, signatures with certificates are often employed in historical research, but seldom study discusses the protection of generated data or mutual authentication between participants in VANETs. In order to tackle the problems above, we propose a new mutual authentication scheme for VANET where the private data can be kept away from attackers. In our scheme, the corresponding manager of each region can deal with the dynamic information of vehicles. The security analysis is also carried out and shown to emphasize the reliability of the scheme, such as anonymity, unlinkability and resistance to replay attacks, etc. Besides the resistance to different attacks, the real-time information secrecy can also be protected in our scheme, which is not achieved in the compared schemes. Moreover, the performance evaluation and simulation with NS-3 show that the packet delivery ratio reaches over 99% in most of the application scenarios, which proves that the scheme is efficient and practical.

Hugo Jonker,Jelmer Kalkman,Benjamin Krumnow,Marc Sleegers,Alan Verresen

DOI: https://doi.org/10.48550/arXiv.1808.00840

2018-08-02

Abstract:More and more parts of the internet are hidden behind a login field. This poses a barrier to any study predicated on scanning the internet. Moreover, the authentication process itself may be a weak point. To study authentication weaknesses at scale, automated login capabilities are needed. In this work we introduce Shepherd, a scanning framework to automatically log in on websites. The Shepherd framework enables us to perform large-scale scans of post-login aspects of websites. Shepherd scans a website for login fields, attempts to submit credentials and evaluates whether login was successful. We illustrate Shepherd's capabilities by means of a scan for session hijacking susceptibility. In this study, we use a set of unverified website credentials, some of which will be invalid. Using this set, Shepherd is able to fully automatically log in and verify that it is indeed logged in on 6,273 unknown sites, or 12.4% of the test set. We found that from our (biased) test set, 2,579 sites, i.e., 41.4%, are vulnerable to simple session hijacking attacks.

Cryptography and Security

Bing-Zhe He,Chien-Ming Chen,Yi-Ping Su,Hung-Min Sun

DOI: https://doi.org/10.1016/j.eswa.2013.09.032

IF: 8.5

2013-01-01

Expert Systems with Applications

Abstract:Recently, on-line social networking sites become more and more popular. People like to share their personal information such as their name, birthday and photos on these public sites. However, personal information could be misused by attackers. One kind of attacks called Identity Theft Attack is addressed in on-line social networking sites. After collecting the personal information of a victim, the attacker can create a fake identity to impersonate this victim and cheat the victim's friends in order to destroy the trust relationships on the on-line social networking sites. In this paper, we propose a scheme to protect users from Identity Theft Attacks. In our work, users' personal information can be still kept public. It means that this scheme does not violate the nature of the social networks. Compared with previous works, the proposed scheme incurs less overhead for users. Experimental results also demonstrate the practicality of the proposed scheme.

Yanan Sun,Xiaohong Guan,Ting Liu

DOI: https://doi.org/10.1007/978-3-642-24403-2_13

2011-01-01

Abstract:Authentication is of great importance in information security. Traditional method only focus on encryption of the content itself, which is the same with the later proposed methods named information hiding and digital watermark. Since data transmission is in the open network, it can easily be detected and intercepted by the malicious party. In this paper, we put forward a new method which utilize the communication channel, not the content, as the data carrier, and guarantee the validation of the user's identity during the common data transmission. Specifically, by manipulating the inter-packet delays, we implement a prototype system for authentication and embed the authentication tag within the packet intervals based on network covert channel. By conducting a series of experiments, we prove that our method performs well in LAN and Campus Network.