Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

HONG Huan-jian,TENG Ran-ran,ZHENG Jian-hua,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.08.048

2006-01-01

Abstract:In any security applications based PKI,the validation of the digital certificates is important to the system's security.This paper briefly describes the actual implementation of the On-line Certificate Status Protocol(OCSP) on Internet and explains why the crypto-mobile-phone cannot check the certificate status on-line as on Internet.It introduces a new certificate revocation status-broadcasting scheme that efficiently resolves the problem of checking certificate revocation status in wireless environment and improves the security level of crypto-mobile-phone.

Alberto Benito Peral,Ana Lucila Sandoval Orozco,Luis Javier García Villalba,Tai-Hoon Kim

DOI: https://doi.org/10.3390/e20050319

2018-04-26

Abstract:Nowadays, there is a lot of critical information and services hosted on computer systems. The proper access control to these resources is essential to avoid malicious actions that could cause huge losses to home and professional users. The access control systems have evolved from the first password based systems to the modern mechanisms using smart cards, certificates, tokens, biometric systems, etc. However, when designing a system, it is necessary to take into account their particular limitations, such as connectivity, infrastructure or budget. In addition, one of the main objectives must be to ensure the system usability, but this property is usually orthogonal to the security. Thus, the use of password is still common. In this paper, we expose a new password based access control system that aims to improve password security with the minimum impact in the system usability.

Hong-Sheng Huang,Cheng-Che Chuang,Jhih-Zen Shih,Hsuan-Tung Chen,Hung-Min Sun

2024-09-18

Abstract:The efficiency of checking certificate status is one of the key indicators in the public key infrastructure (PKI). This prompted researchers to design the Online Certificate Status Protocol (OCSP) standard, defined in RFC 6960, to guide developers in implementing OCSP components. However, as the environment increasingly relies on PKI for identity authentication, it is essential to protect the communication between clients and servers from rogue elements. This can be achieved by using SSL/TLS techniques to establish a secure channel, allowing Certificate Authorities (CAs) to safely transfer certificate status information. In this work, we introduce the OCSP Stapling approach to optimize OCSP query costs in our smart grid environment. This approach reduces the number of queries from the Device Language Message Specification (DLMS) server to the OCSP server. Our experimental results show that OCSP stapling increases both efficiency and security, creating a more robust architecture for the smart grid.

Cryptography and Security

吴和生,范训礼,谢俊元

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.05.044

2003-01-01

Computer Science

Abstract:Some usual one-time password authentication protocols are analyzed. A practical efficient one-time pass-word authentication implementing method is presented based on the symmetric algorithm, which conquers usual chal-lenge-response protocol weakness and can protect user's identity and avoid replay attack etc. It also can boost up thesecurity of the application security system by integrating with it in networks. And the correlative issues are discusseddeeply such as security, reliability and so on.

ZHANG Chunrui,XU Ke,HAO Xiangdong,LIU Yuan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.10.035

2009-01-01

Abstract:Many applications of engineering simulation need to control remote logins to linux systems and control them. However, almost all such applications use a username-password method for the identity authentication which is net very secure since the password can be easily guessed. This paper presents a digital certificate method for identity authentication in the SSH protocol to improve login security. A remote linux login system was developed to provide single sign-on. The results show that the certificate system for remote linux logins improves application security and workability.

Mariano Luis T. Uymatiao,William Emmanuel S. Yu

DOI: https://doi.org/10.1109/icist.2014.6920371

2014-04-01

Abstract:The main objective of this research is to build upon existing cryptographic standards and web protocols to design an alternative multi-factor authentication cryptosystem for the web. It involves seed exchange to a software-based token through a login-protected Transport Layer Security (TLS/SSL) tunnel, encrypted local storage through a password-protected keystore (BC UBER) with a strong key derivation function (PBEWithSHAANDTwofish-CBC), and offline generation of one-time passwords through the TOTP algorithm (IETF RFC 6239). Authentication occurs through the use of a shared secret (the seed) to verify the correctness of the one-time password used to authenticate. With the traditional use of username and password no longer wholly adequate for protecting online accounts, and with regulators worldwide toughening up security requirements (i.e. BSP 808, FFIEC), this research hopes to increase research effort on further development of cryptosystems involving multi-factor authentication.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

Yuan Zhang,Chunxiang Xu,Hongwei Li,Kan Yang,Nan Cheng,Xuemin Shen

DOI: https://doi.org/10.1109/tmc.2020.2975792

IF: 6.075

2021-06-01

IEEE Transactions on Mobile Computing

Abstract:Password-based single-sign-on authentication has been widely applied in mobile environments. It enables an identity server to issue authentication tokens to mobile users holding correct passwords. With an authentication token, one can request mobile services from related service providers without multiple registrations. However, if an adversary compromises the identity server, he can retrieve users' passwords by performing dictionary guessing attacks (DGA) and can overissue authentication tokens to break the security. In this paper, we propose a password-based threshold single-sign-on authentication scheme dubbed PROTECT that thwarts adversaries who can compromise identity server(s), where multiple identity servers are introduced to authenticate mobile users and issue authentication tokens in a threshold way. PROTECT supports key renewal that periodically updates the secret on each identity server to resist perpetual leakage of the secret. Furthermore, PROTECT is secure against off-line DGA: a credential used to authenticate a user is computed from the password and a server-side key. PROTECT is also resistant to online DGA and password testing attacks in an efficient way. We conduct a comprehensive performance evaluation of PROTECT, which demonstrates the high efficiency on the user side in terms of computation and communication and proves that it can be easily deployed on mobile devices.

computer science, information systems,telecommunications

Zhang Mingjie,Luo Yi,Niu Hanchun

DOI: https://doi.org/10.3969/j.issn.1000-0801.2007.12.004

2007-01-01

Abstract:The report presents an authentication system based on dynamic-password SIM,following the analysis of the ordinary authentication methods for Internet application. With this system, a business model is suggested for the Internet secured authentication,by which telecom company would run a new service with various business customers.

Miss. Shweta Kamble,Miss. Pooja Kendre,Miss. Ayesha Siddiqua,Mr. Deshpande G. R

DOI: https://doi.org/10.48175/ijarsct-14204

2023-12-11

Abstract:This paper proposes an authentication system that combines One-Time Password (OTP) and Quick Response (QR) code technologies to enhance security and user experience. The system generates an OTP and a unique QR code for each authentication attempt, which can be scanned using a mobile device to complete the authentication process. The QR code contains encrypted information about the user's identity and the OTP, which is verified by the server. The proposed system provides a secure, convenient, and efficient method for user authentication, which is crucial in today's digital world. An e-authentication system that uses OTP and QR code technology is a secure and efficient method for authenticating users in online transactions. This system combines the benefits of OTP and QR code technology to provide a two-factor authentication mechanism that is convenient for users and effective in preventing unauthorized access. This system aims to address the vulnerabilities of traditional username and password authentication by providing an additional layer of security through two-factor authentication. the system aims to prevent unauthorized access to online services and transactions. The system aims to provide a userfriendly and convenient authentication method that can be easily integrated into existing online platforms. It protect sensitive information and ensure that only authorized users can access online services and transactions

English Else

Lucas Mayr,Gustavo Zambonin,Frederico Schardong,Ricardo Custódio

2024-08-02

Abstract:Electronic documents are signed using private keys and verified using the corresponding digital certificates through the well-known public key infrastructure model. Private keys must be kept in a safe container so they can be reused. This makes private key management a critical component of public key infrastructures with no failproof answer. Therefore, existing solutions must employ cumbersome and often expensive revocation methods to handle private key compromises. We propose a new cryptographic key management model built with long-term, irrevocable digital certificates, each bound to a single document. Our model issues a unique digital certificate for each new document to be signed. We demonstrate that private keys associated with these certificates should be deleted after each signature, eliminating the need to store those keys. Furthermore, we show that these certificates do not require any revocation mechanism to be trusted. We analyze the overhead caused by the frequent generation of new key pairs for each document, provide a security overview and show the advantages over the traditional model.

Cryptography and Security

YANG Yang,HUANG Xiaoqing,CAO Yijia,ZHANG Zhidan,HE Jie

2011-01-01

Abstract:As the security specifications for IEC 61850 P2P communication protocol(real-time communication),IEC 62351-6 recommends the adoption of authentication for ensuring the safety of data transmission.To meet the requirement for the data flow and data security objectives in IEC 61850 digital substations,a method of implementing identity authentication with extended safe message through SHA-1 and DES encryption is put forward.Through the security analysis,it can meet the confidentiality,integrity and validity of the message.Further,by taking the bus fault on the unified star and the ring network in the whole D2-1 substation as an example,the OPNET network simulation and calculation are applied to the process of authentication.It is proved that the substation communication program has both good security and real-time character.

Fajiang Yu,Tong Li,Yang Lin,Huanguo Zhang

DOI: https://doi.org/10.1007/978-3-642-23496-5_11

2011-01-01

Abstract:PKI-based trusted computing platform (TCP) requires platform users to apply for multiple Platform Identity Key (PIK) certificates to provide remote attestation, users must pay the fee of digital certificates, which increases users' economic burdens and leads there is hardly any TCP has really performed the core function of trusted computing, platform remote attestation, so the application of TCP is not very wide. This paper presents a trusted computing cryptography scheme based on Hierarchical Combined Public Key (HCPK), which can reduce the risk of single Private Key Generator (PKG), and let the verifier authenticate TCP directly without third party, so platform users do not need to apply additional digital certificates. This scheme can reduce users' cost of using TCP, and encourage the development of TCP application.

Sajaad Ahmed Lone,Ajaz Hussain Mir

DOI: https://doi.org/10.1108/ijpcc-04-2021-0097

2021-08-19

International Journal of Pervasive Computing and Communications

Abstract:Purpose Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication. Design/methodology/approach The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation. Findings The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments. Originality/value The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.

English Else

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

LI Dong-feng,WEI Ming-Xin,LI Wei-ping

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.09.049

2011-01-01

Abstract:As considerable quantities of complex cryptographic computation should be done on client side in the traditional public key cryptosystems,it's difficult for the PKI technology to be used in the special case with weak computation capability. In addition,the communication between digital certificate and authentication is required,thus to obtain the CRLs as certificate chain and verify the validity of online certificate,this would greatly reduce the application and development of public key cryptographic technology. In the proposed proxy-based application model,the computation and communication are completed via the proxy service,and the client just needs to send standard application request and accept the corresponding response,thus effectively simplifying the application of public key cryptography.