LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

朱建新,杨小虎

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.12.004

2001-01-01

Abstract:Network security is an important research area in the application of information system now,How to implement effective access control based on user's identity is very important. This paper briefly introduces the concept and technology of authentication first,and analyze the technology of biometric identification,then points out that fingerprint-based biometric identification in networking environment combining data transfer encrypt is a reliable method for control user's access and protect information system,and describes the design and implementation of fingerprint-based authentication system in networking environment.

Muhammad Bilal,Can Wang,Zhi Yu,Abid Bashir

DOI: https://doi.org/10.1109/icsess49938.2020.9237635

2020-01-01

Abstract:Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.

Wen Li,Lingdi Ping,Kuijun Lu,Xiaoping Chen

DOI: https://doi.org/10.1109/ICIE.2009.33

2009-01-01

Abstract:As traditional network security cannot meet the security requirements, the international research shows that network security is on the way to Trustworthy Internet and that the trustworthy issue becomes a hot topic in the future Internet. Trust evaluation of users' behavior is an important part of Trustworthy Internet and a rational trust model plays a key role in the evaluation. This paper concludes many principles of the trust model by analyzing existing trust models and proposes a novel trust model including both the direct and indirect trust. In our model, the direct trust is more trustworthy and is weighted more with the more and more interactions and the indirect evaluation becomes less and less important. The subjective factor is considered to make the direct trust obey the principle of "rise-lowly, decline-quickly". Furthermore, recommenders' credibility is taken into account in the indirect trust evaluation, which can avoid the denigration and make indirect trust more objective. We also consider the process of referral of the credibility to gain more information to evaluate the indirect trust effectively. Credibility evaluation is the basis of the filtering of low credibility and the improvement of trust evaluation. Finally, several experiments are shown to illustrate the properties of the model. © 2009 IEEE.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Bin Han,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1007/978-3-642-27287-5_76

2012-01-01

Abstract:Internet identity management (IIDM), which is a core issue of network security, has drawn close attention from governments and IT experts all over the world. This article makes a worldwide review on the development status of IIDM at first. Then a new definition of trusted IIDM is brought forward. As a realization of the concept, we represent a creative design of IIDM mode, as well as a technique solution of online information system introducing biometrics. Our study is innovative and valuable on the research and application of IIDM.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Chengqi Wang,Xiao Zhang,Lijia Xie,Zhiming Zheng

DOI: https://doi.org/10.14257/ijsia.2017.11.9.04

2017-01-01

International Journal of Security and Its Applications

Abstract:To satisfy the security requirements of patients' privacy and data's security for health Internet of Things (IoT), various authentication schemes are proposed as guaranteed countermeasures. In particular, Wang et al. built an identity-based authentication scheme with extended Chebyshev chaotic maps. Nevertheless, considering service misuse attack and Denial-of-Service attack, Wang et al.' s method works inadequately. Also it is insufficient to provide efficient password change phase, fast error detection and session key agreement. As a remedy, we propose a novel dynamic identity authenticated key agreement scheme. Our scheme achieves resistance to the known attacks in order to meet the desirable security requirements. Furthermore, the presented scheme practically enables both user revocation/re-registration and biometric information protection, which are significant features ignored by most previous schemes. We confirm the effectiveness of our scheme via comprehensive comparisons in terms of resistance, functionality and performance.

吴和生,范训礼,谢俊元

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.05.044

2003-01-01

Computer Science

Abstract:Some usual one-time password authentication protocols are analyzed. A practical efficient one-time pass-word authentication implementing method is presented based on the symmetric algorithm, which conquers usual chal-lenge-response protocol weakness and can protect user's identity and avoid replay attack etc. It also can boost up thesecurity of the application security system by integrating with it in networks. And the correlative issues are discusseddeeply such as security, reliability and so on.

Ning Sun,Tao Li,Gongfei Song,Haoran Xia

DOI: https://doi.org/10.1155/2021/6676946

2021-03-24

Mobile Information Systems

Abstract:In the process of implementing the Internet of Things, the object itself has identity information and identification equipment and encounters difficulties in communication security during the process of entering the network communication. Just like the Internet and wireless sensor networks, there are security issues in information transmission. Therefore, it is of great significance to study the mobile Internet of Things network security technology depression to protect the communication information in the mobile Internet of Things. This paper mainly studies the network security technology of intelligent information terminal based on mobile Internet of Things. This article will analyze and compare the mainstream encryption algorithms of the current mobile Internet and choose a safer and more secure HASH algorithm. We study the flow of key management, key generation, key distribution, verification key distribution, key update, key storage, key backup, and key validity time setting for mobile Internet of Things, using an existing identity cryptosystem. Based on encryption, the design technology of key management and authentication in this paper is improved. Compared with other methods, the storage consumption of this method on GWN is relatively medium. In the initial stage, the storage is 32 bytes, then in registration stage 1, it reaches 84 bytes, in registration stage 2, it is 82 bytes, and then, in the login authentication phase, the number of bytes rose and reached 356 bytes in authentication phase 3. Experimental results show that this protocol has certain advantages in ensuring safety performance.

computer science, information systems,telecommunications

XU WEI,ZHANG LI

DOI: https://doi.org/10.3969/j.issn.1008-0570.2006.33.016

2006-01-01

Abstract:Tax- declare online systems have some hidden trouble of security using the mode' user and password' at present.First the current technology of identity authentic is analyzed.Then a scheme of identity authentic in Tax- declare online system is designed. The scheme use the mode ' USBKey and PKI' .At last feasibility of the scheme is analyzed.

Haojie Lu

2009-01-01

Abstract:User authentication is mostly carried out by sending a pair of username and password to the server in insecure network,since most users have not a certificate.Just based on this fact,some attacks are achieved.The method of phishing and the common mechanism of protecting key are analyzed,and an authentication scheme employing trusted computing technology is proposed.Since the scheme combines protected storage,authentication chain,and password partition etc,thieving only the password will not have an affect on user security.In the end,the proposed approach is proven to protect against phishing attacks.

Zhang Mingjie,Luo Yi,Niu Hanchun

DOI: https://doi.org/10.3969/j.issn.1000-0801.2007.12.004

2007-01-01

Abstract:The report presents an authentication system based on dynamic-password SIM,following the analysis of the ordinary authentication methods for Internet application. With this system, a business model is suggested for the Internet secured authentication,by which telecom company would run a new service with various business customers.

Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

E. Ghazizadeh,Z. S. Shams Dolatabadi,R. Khaleghparast,M. Zamani,A. A. Manaf,M. S. Abdullah

DOI: https://doi.org/10.1155/2014/561487

2014-01-01

Abstract and Applied Analysis

Abstract:The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO) and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM) and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP), TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

Ping Wang,Ding Wang,Xinyi Huang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160483

2016-01-01

Abstract:Identity authentication is the first line of defense for information systems ,and passwords are the most widely used authentication method .Though there are a number of issues in passwords regarding security and usability , and various alternative authentication methods have also been successively proposed , password‐based authentication will remain the dominant method in the foreseeable future due to its simplicity ,low cost and easiness to change .T hus ,this topic has attracted extensive interests from worldwide researchers ,and many important results have been revealed .This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics ,distribution and reuse rate .Next we summarize the primary cracking algorithms that have appeared in the past 30 years , and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker .Then ,we revisit the various statistical‐based evaluation metrics for measuring the strength of password distributions .Further ,we compare the state‐of‐the‐art password strength meters .Finally ,we summarize our results and outline some future research trends .