LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

张亮,刘建伟

DOI: https://doi.org/10.3969/j.issn.1002-0802.2009.01.091

2009-01-01

Abstract:With the improvement of wireless network, there are increasing users wirelessly accessing the Internet through mobile phones. So it is very important to solve the identity authentication problems of wireless access users. Dynamic password has become the new development trend for the Identity Authentication mechanism. It offers stronger security than the static password. In this article, a dynamic password authentication protocol based on callenge/rsponse mechanism is designed. According to this protocol, a dynamic password identity authentication system based on mobile phone token is designed. The composition and authentication processes of this system are described in detail, and its security is analyzed as wel1. The analysis indicates that this system features high security and wide application. It can be conveniently used and implemented in low cost.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Lili Wu,Chen Qiao,Tao Chen,Zhengmin Li

DOI: https://doi.org/10.1109/icctec.2017.00296

2017-01-01

Abstract:The following topics are dealt with: Internet; learning (artificial intelligence); feature extraction; power grids; optimisation; object detection; statistical analysis; power engineering computing; pattern clustering; genetic algorithms.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

ZHOU Jing-li,WANG Yu,YU Sheng-sheng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.028

2006-01-01

Abstract:To solve the disadvantage of Web entry method of SSL VPN,a method of using dynamic password to entry is(pre-)(sented.)It can be used to prevent the password from being stolen and cracked,thus the security of SSL VPN system is improved.

ZHANG Xiao-wei,ZHANG Gui-dong,SHEN Yong-jun

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2009.12.043

2009-01-01

Abstract:As the first defense line of secure application system, the identity authentication is the most important secure service. By analyzing disadvantages of username/password and one-time password, and the threat of malware, we proposed a double factor authentication system based on mobile terminal. Analyzing and testing of the prototype system indicated that the system can resolve problems such as password guess, small integer attack, password leak brought by malware, etc, and have well running efficiency.

ZHANG Jin-ying,ZHENG Yu,LU Xian-hui,HE Da-ke

2005-01-01

Abstract:A password-based remote user authentication scheme was proposed by Lin and Lai, but there were some vulnerabilities in time-stamp and user ID.So an improved scheme based on challenge-response was presented,adopting diplex authentication technologies,fingerprint and smart card.It could achieve mutual authentication and avoid replay attack and masquerade attack.The random factor was generated by the mutual parties to guarantee the authentication fairness.Moreover,user's fingerprint needed not be transmitted in the authentication process to protect user's privacy.

Deyu ZHANG,Lian XU

2013-01-01

Abstract:Authentication as a first line of defense to protect network security,has been widely used in a variety of systems. On the basis of analysis of the shortcomings of traditional dynamic password authentication method,an improved Two-way dynamic password authentication method is proposed to implement mutual trust by increasing a Two-way authentication function,so it can prevent the personating attack. In addition,it adopts small computational calculation methods,which is easy to be accomplished,and it can be applied to the distributed network environment.

Minglei Shu,Chengxiang Tan,Haihang Wang

DOI: https://doi.org/10.1109/ssme.2009.43

2009-01-01

Abstract:Identity authentication is the first line of defense in the security application system to access the mobile network resources. However, as the means of attacking become variety, new requirements have been brought forward for the technology of identity authentication. To improve performance of mobile authentication, this paper presents a novel mobile authentication scheme, which transmits message encrypted with digital certificate to implement authentication between the mobile phone and the server. Theoretical analysis and experiments indicate the scheme satisfies security, non-repudiation and mutual authentication.

Jian Wang,Haihang Wang,Chengxiang Tan

2009-01-01

Journal of Computational Information Systems

Abstract:The wireless way that terminal devices connected to mobile networks communicate with fixed-IP networks brings serious hidden trouble to security. To ensure the security of mobile access, a mobile security access system (SMAS) based on IPSec VPN is designed and implemented. This system adopts multi-factor authentication mechanism based on both smart card and X. 509 certificates to meet security requirement, and adaptive VPN dial-up policy and hardware encryption card to improve system efficiency. Test results show that the system can ensure the communications security between mobile devices and fixed-IP networks perfectly with a high efficiency. Copyright © 2009 Binary Information Press.

Baohua Zhao,Ningyu An,Xiao Liang,Chunhui Ren,Zhihao Wang

DOI: https://doi.org/10.1007/978-3-030-05755-8_1

2018-01-01

Abstract:In order to solve the security issues existed in RFID authentication in recent years. A mutual identity authentication scheme based on dynamic is proposed after describing and analyzing the problems that RFID authentication technology encounters, which can solve replay attack, man-in-the-middle attack and other security issues. In addition, this paper also describes the techno of Authentication technology. The method proposed refers to tags privacy level between Tag and Reader to achieve mutual authentication, it not only can enhance the privacy protection of the label carrier and protect the identity privacy of the Reader holder, but also has a certain effectiveness advantage.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Liang Hu,Ling Chi,Hong-tu Li,Wei Yuan,Yuyu Sun,Jian-feng Chu

DOI: https://doi.org/10.3837/tiis.2012.01.008

2012-01-01

KSII Transactions on Internet and Information Systems

Abstract:As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

ZHANG Xiaolin,GU Dawu,ZHANG Chi

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020081

2020-01-01

Abstract:Recent studies have shown that attacks against USIM card are increasing, and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access. Considering the USIM card being cloned easily even under 5G network, the identity verification process of the popular mobile applications over mobile platform was analyzed. The application behaviors were profiled while users were logging in, resetting password, and performing sensitive operations, thereby the tree model of application authentication was summarized. On this basis, 58 popular applications in 7 categories were tested including social communication, healthcare, etc. It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions. To address this issue, two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process.

Xiong Li,Jian Ma,Wendong Wang,Yongping Xiong,Junsong Zhang

DOI: https://doi.org/10.1016/j.mcm.2012.06.033

2013-01-01

Mathematical and Computer Modelling

Abstract:With the purpose of using numerous different network services with single registration, various multi-server authentication schemes have been proposed. Furthermore, in order to protect the users from being tracked when they login to the remote server, researchers have proposed some dynamic ID based remote user authentication schemes for multi-server environments. Recently, Lee et al. have pointed out the security weaknesses of Hsiang and Shih’s dynamic ID based multi-server authentication scheme, and proposed an improved dynamic ID based authentication scheme for multi-server environments. They claimed that their scheme provided user anonymity, mutual authentication, session key agreement and can resist several kinds of attacks. In this paper, however, we find that Lee et al.’s scheme is still vulnerable to forgery attack and server spoofing attack. Besides, their scheme cannot provide proper authentication if the mutual authentication message is partly modified by the attacker. In order to remove these security weaknesses, we propose a novel smart card and dynamic ID based authentication scheme for multi-server environments. In order to protect the user from being tracked, the proposed scheme enables the user’s identity to change dynamically when the user logs into the server. The proposed scheme is suitable for use in multi-server environments such as financial security authentication since it can ensure security while maintaining efficiency.

Cuilin Liu,Yongjun Shen,Guidong Zhang,Fang Wen

DOI: https://doi.org/10.1109/ICMSS.2010.5578326

2010-01-01

Abstract:In this paper, we have designed a high-security email system using dynamic password and fingerprint recognition to solve the shortages of traditional system. In order to guarantee the security of users' fingerprint characteristic value, we encrypt it with dynamic password. Using a two-way authentication method, not only ensure authentication server can recognize the users, but also guarantee the users can verify authentication server, effectively prevent Email from counterfeiting and tampering. © 2010 IEEE.

Xiong Li,Jianwei Niu,Yazhi Liu,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1504/ijahuc.2014.066423

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Smart card-based password authentication scheme is one of the most simple and efficient method to identify the legitimacy of a user via an insecure channel. To protect the user from tracking by the attacker, many dynamic ID-based user authentication schemes have been proposed. Recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme using smart cards. However, we find that Chen et al.'s scheme cannot really protect user's anonymity and forward secrecy. Besides, their scheme is inefficient in the authentication phase and cannot resist stolen smart card attack. In this paper, we propose a robust dynamic ID-based user authentication scheme using smart cards to cover the above weaknesses, the proposed scheme can really protect the user's anonymity and is more secure comparing with other related schemes.

Dingguo Yu,Nan Chen,Chengxiang Tan

DOI: https://doi.org/10.1109/etcs.2009.559

2007-01-01

Journal of Computer Applications

Abstract:With the rapid development of mobile networks technology and popularization of mobile device, people can access Internet by mobile device and wireless connection covering the entire mobile communication network (GSM/GPRS/CDMA/3G/802.11etc) at any moment. Business system based on mobile network has been becoming hotspot. Compare with traditional business system, the security risk of business system based on mobile network is more popular and grave. However, the traditional mobile communication technology does not provide the security services such as authentication, confidentiality, and integrity etc. To solve this security problem, in this paper, we designed and implemented a mobile security access system (MSAS) using SSL VPN, CA and smart card technology. It establishes a complete authentication mechanism based on smart card and X. 509 certificates, and uses SSL VPN tunnel to protect the security of a message transmission on the Internet and mobile communication network. It will help some commercial companies and government authorities, who need confidential information transmitted over the air, such as banks providing mobile bank service, policemen exchanging data of criminals, etc, to build secure communications channel, and some secure business system based on fixed-IP network extend to mobile network.