Ubiquitous Computing Identity Authentication Mechanism Based on D-S Evidence Theory and Extended SPKI/SDSI

Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.

Authentication Mechanism for Secret Sharing Using Boolean Operation

A lossless image secret sharing using a simple Boolean operation is proposed. The concept of visual cryptography in the secret sharing scheme is used to redesign a lossless secret sharing scheme. To ensure that the reconstructed image is the true secret image, an authentication mechanism is imported into the proposed scheme to verify whether the shadows are authentic before reconstructing the secret image. The proposed scheme delivers much more effective performance than Chen and Wu＇s scheme.

Advanced Authentication Mechanisms for Identity and Access Management inCloud Computing

Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.

BDSec:Security Authentication Protocol for BeiDou-Ⅱ Civil Navigation Message

Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.

Trust Access Authentication in Vehicular Network Based on Blockchain

Data sharing and privacy securing present extensive opportunities and challenges in vehicular network.This paper introducestrust access authentication scheme’as a mechanism to achieve real-time monitoring and promote collaborative sharing for vehicles.Blockchain,which can provide secure authentication and protected privacy,is a crucial technology.However,traditional cloud computing performs poorly in supplying low-latency and fast-response services for moving vehicles.In this situation,edge computing enabled Blockchain network appeals to be a promising method,where moving vehicles can access storage or computing resource and get authenticated from Blockchain edge nodes directly.In this paper,a hierarchical architecture is proposed consist of vehicular network layer,Blockchain edge layer and Blockchain network layer.Through a authentication mechanism adopting digital signature algorithm,it achieves trusted authentication and ensures valid verification.Moreover,a caching scheme based on many-to-many matching is proposed to minimize average delivery delay of vehicles.Simulation results prove that the proposed caching scheme has a better performance than existing schemes based on central-ized model or edge caching strategy in terms of hit ratio and average delay.

Hybrid Trust Based Reputation Mechanism for Discovering Malevolent Node in MANET

A self-contained connection of wireless links that functions without any infrastructure is known as Mobile Ad Hoc Network(MANET).A MANET’s nodes could engage actively and dynamically with one another.However,MAN-ETs,from the other side,are exposed to severe potential threats that are difficult to counter with present security methods.As a result,several safe communication protocols designed to enhance the secure interaction among MANET nodes.In this research,we offer a reputed optimal routing value among network nodes,secure computations,and misbehavior detection predicated on node’s trust levels with a Hybrid Trust based Reputation Mechanism(HTRM).In addition,the study designs a robust Public Key Infrastructure(PKI)system using the suggested trust evaluation method in terms of“key”generation,which is a crucial component of a PKI cryptosystem.We also concentrate on the solid node authenticating process that relies on pre-authentication.To ensure edge-to-edge security,we assess safe,trustworthy routes to secure computations and authenticate mobile nodes,incorporating uncertainty into the trust management solution.When compared to other protocols,our recommended approach performs better.Finally,we use simulations data and performance evaluation metrics to verify our suggested approach’s validity Our approach outperformed the competing systems in terms of overall end-to-end delay,packet delivery ratio,performance,power consumption,and key-computing time by 3.47%,3.152%,2.169%,and 3.527%,3.762%,significantly.

A Distributed Secure Mechanism for Resource Protection in a Digital Ecosystem Environment

The dynamic interaction and collaboration of the loosely coupled entities play a pivotal role for the successful implementation of a Digital Ecosystem environment. However, such interaction and collaboration can only be promoted when information and resources are effortlessly shared, accessed, and utilized by the interacting entities. A major requirement to promote an intensive sharing of resources is the ability to secure and uphold the confidentiality, integrity and non-repudiation of resources. This requirement is extremely important in particular when interactions with the unfamiliar entities occur frequently. In this paper, we present a distributed mechanism for improving resource protection in a Digital Ecosystem environment. This mechanism can be used not only for any secure and reliable transaction, but also for encouraging the collaborative efforts by the Digital Ecosystem community members to play a major role in securing the environment. Public Key Infrastructure is also employed to provide a strong protection for its access workflows.

A Cooperative Jamming Scheme Based on Node Authentication for Underwater Acoustic Sensor Networks

Cooperative jamming(CJ)is one of the important methods to solve security problems of underwater acoustic sensor networks(UASNs).In this paper,we propose a Cooperative Jamming Scheme based on Node Authentication for UASNs to improve the effect of CJ by selecting suitable jamming source for found illegal nodes.In the node authentication,all nodes will be identified by their trust value(TV).TV is calculated according to three types of evidence:channel-based trust evidence,behavior-based trust evidence and energy-based trust evidence.Besides,to deal with cases where legal nodes may be suspected,the historical TV and trust redemption will be considered when calculating TV.In cooperative jamming,according to the link quality,several nodes are selected to jam illegal nodes.Both simulation and field experiment show that the proposed scheme can accurately find the illegal nodes in the time-vary channel and improve the security of the network.

改进PBFT算法的配电物联网接入认证方法

随着物联网与配电网深度融合,海量终端设备接入系统给配电物联网安全稳定运行带来巨大挑战。针对传统身份认证方式过于中心化且无法承载大规模终端等现状,设计一种基于区块链共识机制的配电物联网终端接入认证方法。由配电物联网网关负责对待接入终端节点登记注册,采用共识算法进行分布式认证,将合法终端上链存储。在传统PBFT算法的基础上,设计了配电物联网终端共识算法。该算法引入权重机制,根据终端节点权重选取认证节点,缩小共识规模;引入可验证随机函数增强主节点安全,避免启动视图切换协议,提高共识效率;结合实际应用场景优化一致性协议,降低通信开销。实验分析表明该方法可有效规避多种网络攻击,通信开销和吞吐量优于其他方法,系统抗攻击性较强,满足配电物联网对认证效率和系统可靠性等要求。

WEB远程服务器接口数据访问安全防护算法仿真

数据在远程服务接口传输的过程中,容易受到黑客的攻击,导致传输数据被盗取,为保证服务器的安全传输,提出WEB远程服务器接口数据访问安全防护算法。建立访问安全防护模型,利用安全代理和密钥授权中心,实现WEB远程服务器接口数据的安全存储。设计用户身份验证机制,保证WEB远程服务器接口数据在开放环境中的安全性。通过设计容错策略,在链路失效情况下实现WEB远程服务器接口数据的安全访问与防护。实验结果表明,所提算法的身份验证精度高、数据加解密完整度高。

美国开业护士执业管理概况及对我国的启示

开业护士通过提供系统化和全面的护理服务,在提高初级医疗质量、解决全科医生短缺问题方面发挥重要作用。本文综述了美国开业护士的发展现状、教育体系、注册认证及执业管理,对高质量的培训体系和持续再认证机制进行分析,旨在为建立具有中国特色的开业护士资格认证及评价管理体系提供参考。

深度学习促发素养生成的过程机制与实现路径

在素养导向的教育教学改革中,教师常面临“传授知识还是发展素养”的两难选择。事实上,知识和素养并非两极对立的,关键是如何“化知识为素养”。深度学习作为“过程-结果”的统一体,为核心素养落地提供了有效路径。基于现有文献和学习科学理论视角,本研究认为深度学习促发“素养生成”是以“知识—素养—行动”为主线、学习者内部认知与外部环境相互作用的过程。其前提是设计基于情境活动的学习经历,通过“情境化与去情境”的迭代学习不断优化学习者面向迁移的认知模型。因此,教师应抓住深度学习“化知识为素养”的内在机制和关键路径,创建技术赋能的真实性学习环境,开展面向迁移和专家思维发展的情境化教学,实施基于整合情境的素养评价,推进课堂教学从传统“知识本位”向“素养导向”的变革。

数据采集流程认证机制的演化博弈分析

数字经济的高速发展已经受到了质疑,数据安全问题已成为各国政府数据治理的一项挑战。本文以标准视角,创新性地提出数据采集流程认证机制,界定了必要采集和非必要采集数据的概念,在构建平台企业和消费者双方博弈的基础上,利用动态演化博弈分析了双方的稳定策略与博弈路径,通过模拟仿真进一步讨论了平台企业认证成本对双方博弈路径的影响。研究结果表明:(1)平台企业“完成认证”、消费者“全部授权”是博弈理想的稳定策略;(2)平台企业初始策略选择会影响消费者的策略选择,最终形成“U型”曲线;(3)平台企业的认证成本会影响模型演化的速度和结果。研究结果为平台企业个人数据采集流程认证的建立提供了理论依据,为政府制定相关政策提供了参考,对于数字经济的健康发展具有重要的理论意义和实践价值。

基于PUF的安全认证协议的对比分析

随着数字化和互联网的普及,安全性和隐私保护成为了重要关注点。物理不可克隆函数(Physical Unclonable Function,PUF)作为一种基于硬件特性的安全机制,为身份认证提供了一种新的途径。本文综述了基于PUF的安全认证协议的种类和特点,将其分为基于weak PUF和基于strong PUF两种方式,并在类型和性能等方面进行了对比分析。同时本文还对比了不同安全认证协议的安全性,揭示了它们各自面临的安全风险。最后,本文深入探讨了基于PUF的安全认证协议的应用前景,探究了其所面临的挑战与解决方案,同时描绘了未来发展的趋势和展望。

结合区块链的车联网可信认证与激励机制综述

随着车联网数据共享需求的日益增长,安全可靠的身份认证协议与科学合理的激励机制成为保障车联网络稳定运行的首要条件。区块链作为去中心化的分布式账本为车联网提供了技术完善的数据共享平台,结合区块链技术的车联网成为切实可行的数据共享新思路。该研究总结车联网需求,梳理分析基于区块链的车联网架构并将其分为云端层、机制层与边缘层。对相关文献进行归纳总结,分析现有基于区块链的车联网中认证协议与激励机制存在的问题,对其相应的解决方案进行分类比较。从分布式与集中式两种认证架构总结分析现有的可信认证机制的工作流程与实现方案,梳理现有的激励机制工作并将其归纳为基于价值的激励机制、基于信任的激励机制与基于个体决策的激励机制。从隐私保护与典型攻击两方面总结可信认证与激励机制的现存问题与解决方法,在数据共享、多车辆协同与结合6G技术方面对基于区块链的车联网的未来研究方向作出展望。

基于共识算法的换流站无线传感网安全接入身份认证机制

为了确保换流站无线传感网的安全性和可靠性,文章在换流站无线传感网中构建安全接入身份认证机制,提出了一种基于加权投票的共识算法,对接入换流站无线传感网的无线感知设备进行身份认证和授权,确保接入设备对无线传感网络资源的访问合法性。所提出的共识算法采用了加权投票的思想,根据感知设备拥有的资源和性能2个方面综合考虑并决定权重,通过权重值衡量节点在共识过程中的影响力,从而提高共识过程的公正性和可信度,并有效避免网络中的恶意攻击行为。从平均耗时、吞吐量、出错率和通信量开销等方面进行仿真验证,结果表明所提算法能够更好地适应不同接入终端之间的差异,提高了共识算法的效率和可靠性,为换流站无线传感网提供了有效的安全保障。

基于智能家电身份验证机制的安全评估研究

随着智能家电的广泛普及,其安全性问题越来越受到关注。身份验证机制作为智能家电安全体系的核心组成部分,对于保障用户隐私和设备安全至关重要。本文以智能家电的身份验证机制为切入点,探讨了不同身份验证机制的有效性、加密技术的可靠性及数据传输的安全性与完整性等关键评估要素。以智能空气炸锅为实例,深入分析了其在配网过程中身份验证机制的具体应用。最后展望了未来可能用于智能家电行业的一些新兴身份验证技术,希望为智能家电企业的发展提供一些参考。

Android安全综述

Android是一款拥有庞大市场份额的智能移动操作系统,其安全性受到了研究者的广泛关注.介绍了Android的系统架构,分析了Android的安全机制,从系统安全和应用安全2个角度对其安全性能和相关研究进行了讨论.Android系统安全包括了内核层安全、架构层安全和用户认证机制安全3个方面.内核层和架构层的安全威胁主要来自于安全漏洞,内核层的安全研究集中于将SELinux引入内核层以增强安全性能,架构层的安全研究集中于权限机制的改进和应用编程接口(application programming interface,API)的安全实现、规范使用.用户认证机制直接关系到整个系统的隐私数据安全,实现方式灵活多样,得到了研究者的广泛关注.Android应用安全的研究包括了恶意应用检测和漏洞挖掘2项技术,对恶意应用的伪造技术、应用安装时恶意应用检测技术和应用运行过程中实时行为监控技术进行了讨论,对组件暴露漏洞和安全相关API的调用漏洞2类漏洞的相关研究进行了介绍.最后,总结了Android安全研究现状,讨论了未来的研究方向.

SNMPv1、SNMPv2和SNMPv3的安全性协议分析与比较

针对SNMP的安全威胁，总结了SNMP的安全需求和相应的安全机制，并进一步分析和比较了SNMPv1、SNMPsec、SNMPv2(包括SNMPv2p、SNMPv2c、SNMPv2u和SNMPv2*)以及SNMPv3提供的各种不同的安全机制。

SIP安全机制研究

会话初始协议(SIP)是IETF制订的多媒体通信系统框架协议之一,也是3GPP的IP多媒体子系统(IMS)的重要组成部分。面对复杂、开放的因特网环境,SIP协议自身缺乏有力的安全机制,使其在安全性方面显得较为薄弱。该文从分析SIP的安全威胁入手,针对SIP协议报文明文传送、缺乏有力的身份认证这两大脆弱性,从数据加密和身份鉴定两方面研究了相应的安全解决方案,讨论了如何利用现有技术和手段改善SIP的安全性,并提出了进一步改善SIP安全性的一些思路。