LI Jian-jun,GUO Wei-qing,XU Duan-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.15.056

2006-01-01

Abstract:Authentication is the core and the first gateway to computer security system. With mentality of middleware and the tokencard authentication system, the improved project of GINA and extensional technology on Windows are introduced and a more flexible mecha- nism for the two-factor authentication module is provided. With the virtual tokencard technology, the Tokencard make the multi-role logon authentication possible and it proves to be more flexible and reliable.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Yan Shen,Qi-fei Zhang,Ling-di Ping,Yan-Fei Wang,Wen-juan Li

DOI: https://doi.org/10.1109/trustcom.2012.41

2012-01-01

Abstract:In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.

Yuanchao Shu,Jiming Chen,Fachang Jiang,Yu Gu,Zhiyu Dai,Tian He

DOI: https://doi.org/10.1145/2070942.2071025

2011-01-01

Abstract:To bridge the gap between insufficiency of existing proximity authentication solutions and the increasing demand of high security guarantee for access control systems, we develope a WISP-based access control system combing electronic and mechanical authentication methods. In our authentication, encryption complexity is changeable and trusted users can share privileges with each other. During experiments, our system has achieved 95% authentication accuracy rate with up to 3 different users.

李钟华,李由,李伟华

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.11.040

2004-01-01

Abstract:Security problems regarding the network are due not only to malicious outsiders or hackers,but also to malicious users inside the organization.By the technology of VPN,Private path can be created to transfer important data,Secure communication can be done by the end-to-end data encryption.In this paper,VPNs for sections which constructed in a company's VPN can extend the private path to the sections of the company and guard important information of sections from being blabbed inside the organization's network.

Zhengrong Xiao,Yang Li,Jie Li

DOI: https://doi.org/10.2991/iiicec-15.2015.357

2015-01-01

Abstract:Proposed a solution on existing mobile communication network system solutions and validated. Verification test of the gateway device construction show that IPSec gateway support IPSec functions, support IPSec VPN users access multiple functions; support IPSec different access VPN users can access different functions, support for AC and DC power supply mode, according to the site requires access to the appropriate power system.

Haichun Gao

2004-01-01

Abstract:The constant development of VPN service brings a lot of challenge toVPN management,this paper presents one kind of computer techniques-multi-agent technique to manage VPN. The technique possesses features of intelligence,cooperation,flexibility and expansion etc. It can solve problems of different network architectures and different network service providers. Both client and service provider will win together. This multi-agent based computer technique is very important for solving these problems.

ZHANG Shu-kui

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.01.044

2006-01-01

Abstract:The paper introduces a Mobile VPN designed framework and corresponsive technologies. By analyzing features of current mobile network . Furthermore, the paper designs a concrete service system in combination with other relevant technologies .The paper presents the four different approach of authentication , describes its realization process and application value. Finally the paper brings forward the extensibilities of the methods.

朱昌盛,余冬梅,王庆梅,谢鹏寿,包仲贤

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.11.041

2002-01-01

Abstract:The advent of VPN makes it possible for enterprises to transform private confidential massage securely and economically through the Internet. Security tunneling technology is the core technology of VPN, while L2TP IPSec are two tunneling technologies most widely used at present. As the two main accesses to IP network, the combination of L2TP IPSec can share the advantage of L2TP's low cost, initiative, mutual-communication and IPSec's high security, reliability，learn from others' strong points to offset one's weakness, to a great extent, to construct a secure, reliable and low-cost VPN.

Jian Wang,Haihang Wang,Chengxiang Tan

2009-01-01

Journal of Computational Information Systems

Abstract:The wireless way that terminal devices connected to mobile networks communicate with fixed-IP networks brings serious hidden trouble to security. To ensure the security of mobile access, a mobile security access system (SMAS) based on IPSec VPN is designed and implemented. This system adopts multi-factor authentication mechanism based on both smart card and X. 509 certificates to meet security requirement, and adaptive VPN dial-up policy and hardware encryption card to improve system efficiency. Test results show that the system can ensure the communications security between mobile devices and fixed-IP networks perfectly with a high efficiency. Copyright © 2009 Binary Information Press.

BAI Xue-feng,LIU Yang,LI Yang

DOI: https://doi.org/10.3969/j.issn.1673-1603.2011.04.020

2011-01-01

Abstract:For the convenience of staff outside the campus network to quickly access the campus network resources,OpenVPN open source project based on the combination of online and campus authentication system,NAT,DNS,access control,allowing users to program the client to establish connection with the OpenVPN server safe,quick access to campus network resources.

梁健,李建华,石荣

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.09.097

2002-01-01

Abstract:At present, remote access VPN is mainly on the base of L2TP protocol and IPsec protocol. But both of them have some shortcomings. This article gives a particular analysis on them and puts forward two stronger solutions, L2TP/IPsec solution and an IKE solution based on PKI and hybrid authentication.

ZHOU Jing-li,WANG Yu,YU Sheng-sheng

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.028

2006-01-01

Abstract:To solve the disadvantage of Web entry method of SSL VPN,a method of using dynamic password to entry is(pre-)(sented.)It can be used to prevent the password from being stolen and cracked,thus the security of SSL VPN system is improved.

Xun Chen,Jiqiang Liu,Yanfeng Shi,Zhen Han

DOI: https://doi.org/10.1007/978-3-662-48683-2_6

2015-01-01

Abstract:Simple username and password are used as the only credential for virtual private network (VPN) access in most authentication schemes. The absence of strong security measures in user's platform invites attacks on integrity and confidentiality of data in private networks and consequently posts threats to other users who use the same VPN service. An authentication scheme based on verifying platform attributes is presented in this paper, which contains a notion of multi-level classification to satisfy different VPN systems. The implementation of the attribute expression and the authentication framework under an example of access policy is provided. Two cryptographic methods are introduced to achieve privacy protection in the network communication, including hash value conversion and attribute based encryption. Trusted computing is also included to guarantee the authenticity of platform attributes. This authentication scheme is distinctive that combines platform attributes with traditional credentials for VPN access attestation.

白跃彬,刘轶,郑守淇,侯宗浩

DOI: https://doi.org/10.3321/j.issn:0253-987X.2001.08.014

2001-01-01

Abstract:An authentication solution for remote access based on both a security authentication model and MAC has been designed and implemented to the high performance network access server. This model possesses the structure of client/server. It can greatly enhance the security and scalability of authentication system. Attacks by hackers could be readily identified thus achieving protection to the system. The main objectives of this approach are security, user friendly and easily implemented.

赵鹏,罗平,刘蓓洁

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.z1.027

2002-01-01

Abstract:Currently, most VPNs are based on Internet Protocol which has disadvantages in speed, expansibility and quality of service etc. Accordingly, we bring forward a solution of VPN on Multiprotocol Label Switching (MPLS) backbone network. We introduce Certificate Authority (CA) in this solution because both MPLS and IPSec haven't made a clear definition of authorizing identity. Taking advantages of MPLS in transporting efficiency, authorizing identity by CA, exchanging keys by Internet Key Exchange Protocol (IKE) and encrypting data by IPSec protocol, we construct a secure and efficient VPN on MPLS backbone network. Furthermore, we describe the realization of every component of MPLS VPN in detail.

LIU Xin,MAO Yu-ming

DOI: https://doi.org/10.3969/j.issn.1672-2892.2005.01.015

2005-01-01

Abstract:Now the network security service is provided by the security gateway.The most widely used protocol is Internet Key Exchange protocol (IKE).The initial IKE standards work well for peers with fixed IP address.But with the development of the network,especially after the mobile network is introduced,the methods of accession have been multiplied,which has aroused a problem that the IP address of the computer is no longer fixed.How to provide the security service in such a kind of network is a current focus.In this paper,how to combine the IKE with the Authentication Methods is introduced.The advantages and disadvantages of the ways are discussed.The situations in which such ways could work best are analyzed. In the end a conclusion is drawn that in the network in which the IP address is not fixed,the performance of the IKE could be promoted.

LIN Chen,LI Zhi-tang

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.06.007

2007-01-01

Abstract:The VPN technology is an efficient way to solve the end-to-end security problem in networks. The most pivotal aspect is to build the fit network security policies, which consist of one or more rules that describe the specific actions. This paper studies the security policy module, proposes a security policy model,and analyses the roles and the state translation of rules in security policy management tools. The results of experiment show that our VPN system can work normally and steadily.

Xiaodong Wang

2010-01-01

Abstract:In order to solve the security problems existed in the process of remote authentication which based on classical cryptography or biometric only,proposed a dual network authentication system based on the feature template of face recognition,which bound face with cryptography.Experimental results indicate that face recognition is efficient,and the system analysis shows that the proposed system can not only provide solutions to many of these problems such as playback,fraud and alteration etc.,but also be a real-time system.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.