The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the...The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.展开更多
Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trad...Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.展开更多
There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability ...There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability to implement least privilege. The result is that delegation is either not implemented or is implemented informally (e.g., by sharing credentials [passwords or hardware tokens] between users), resulting in serious security concerns and a lack of accountability. This paper describes a methodology for delegation based on the persona concept. A persona is a special category of user that embodies only delegated privileges, and which is explicitly assumed only after the "real" human user taking on that persona explicitly chooses it, This paper describes the persona delegation framework in the context of a large enclave-based architecture currently being implemented by a major enterprise. The creation of a persona solves a lot of downstream problems by allowing the persona to be treated like any other entity in the system. That is, identity, authentication, authorization, and other security processes already know how to handle an entity of this type. Benefits of the framework include increased flexibility to handle a number of different delegation business scenarios, decreased complexity of the solution, and greater accountability with only a modest amount of additional infrastructure required.展开更多
文摘The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.
基金supported by the Key Program of NSFC-Guangdong Union Foundation under Grant No.U1135002Young Foundation of Humanities and Social Sciences of MOE (Ministry of Education in China) of under Grant No.11YJCZH160Foundation for Young Scientists of Jiangxi Province of China under Grant No.20133BCB23016
文摘Since network services are provided cooperatively by multiple servers in the lnternet, the authentication protocols for multiserver architecture are required by Internetbased services, such as online game, online trade and so on. Recently, Li et al. analyzed Lee et al.'s protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication and the session key agreement against several kinds of attacks. In this paper, a cryptanalysis on Lee et al.'s scheme shows that Lee et al's protocol is also vulnerable to malicious server attack, stolen smart card attack and leak-of-verifier attack. Moreover, Li e/ al.'s improved protocol is also vulnerable to all these attacks. Further cryptanalysis reveals that Li et al.'s improved protocol is susceptible to collusion attack.
文摘There are many business needs for implementing delegation in IT (Information Technology) systems. However, existing approaches to delegation in IT systems are limited in their usability, flexibility, and capability to implement least privilege. The result is that delegation is either not implemented or is implemented informally (e.g., by sharing credentials [passwords or hardware tokens] between users), resulting in serious security concerns and a lack of accountability. This paper describes a methodology for delegation based on the persona concept. A persona is a special category of user that embodies only delegated privileges, and which is explicitly assumed only after the "real" human user taking on that persona explicitly chooses it, This paper describes the persona delegation framework in the context of a large enclave-based architecture currently being implemented by a major enterprise. The creation of a persona solves a lot of downstream problems by allowing the persona to be treated like any other entity in the system. That is, identity, authentication, authorization, and other security processes already know how to handle an entity of this type. Benefits of the framework include increased flexibility to handle a number of different delegation business scenarios, decreased complexity of the solution, and greater accountability with only a modest amount of additional infrastructure required.
