Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stab...Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.展开更多
With the continuous development of satellite communication and Internet of things technology,more and more devices can access space information networks(SIN)and enjoy satellite services everywhere in the world.However...With the continuous development of satellite communication and Internet of things technology,more and more devices can access space information networks(SIN)and enjoy satellite services everywhere in the world.However,due to the openness of the air-to-ground channel,the device will face a series of security threats when accessing SIN,such as replay attacks,eavesdropping attacks,impersonation attacks,and man-in-the-middle attacks.These security threats will lead to illegal entity access and further endanger the reliability and availability of the system.Although scholars have proposed many enhanced security access authentication protocols,most of them have been proved to have security vulnerabilities.In addition,with the development of quantum computing,the previous authentication protocols based on some asymmetric cryptographic mechanisms such as discrete logarithm and elliptic curve cryptographic mechanisms may face new security challenges.In this context,this paper proposes a novel antiquantum access authentication protocol based on ring learning with errors(RLWE),which meets more security requirements and greatly reduces the authentication delay through prenegotiation.Through the security analysis and performance analysis,it is shown that our protocol can be more suitable for delaysensitive IoT devices to access SIN while ensuring higher security.展开更多
This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devo...This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.展开更多
With the popularity of the Internet and improvement of information technology,digital information sharing increasingly becomes the trend.More and More universities pay attention to the digital campus,and the construct...With the popularity of the Internet and improvement of information technology,digital information sharing increasingly becomes the trend.More and More universities pay attention to the digital campus,and the construction of digital library has become the focus of digital campus.A set of manageable,authenticated and secure solutions are needed for remote access to make the campus network be a transit point for the outside users.Remote Access IPSEC Virtual Private Network gives the solution of remote access to e-library resources,networks resources and so on very safely through a public network.It establishes a safe and stable tunnel which encrypts the data passing through it with robust secured algorithms.It is to establish a virtual private network in Internet,so that the two long-distance network users can transmit data to each other in a dedicated network channel.Using this technology,multi-network campus can communicate securely in the unreliable public internet.展开更多
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
文摘Satellite networks are recognized as the most essential communication infrastructures in the world today,which complement land networks and provide valuable services for their users.Extensive coverage and service stability of these networks have increased their popularity.Since eavesdropping and active intrusion in satellite communications are much easier than in terrestrial networks,securing satellite communications is vital.So far,several protocols have been proposed for authentication and key exchange of satellite communications,but none of them fullymeet the security requirements.In this paper,we examine one of these protocols and identify its security vulnerabilities.Moreover,we propose a robust and secure authentication and session key agreement protocol using the elliptic curve cryptography(ECC).We show that the proposed protocol meets common security requirements and is resistant to known security attacks.Moreover,we prove that the proposed scheme satisfies the security features using the Automated Validation of Internet Security Protocols and Applications(AVISPA)formal verification tool and On-the fly Model-Checker(OFMC)and ATtack SEarcher(ATSE)model checkers.We have also proved the security of the session key exchange of our protocol using theReal orRandom(RoR)model.Finally,the comparison of our scheme with similar methods shows its superiority.
基金supported by the National Natural Science Foundation of China under Grant 61672092.
文摘With the continuous development of satellite communication and Internet of things technology,more and more devices can access space information networks(SIN)and enjoy satellite services everywhere in the world.However,due to the openness of the air-to-ground channel,the device will face a series of security threats when accessing SIN,such as replay attacks,eavesdropping attacks,impersonation attacks,and man-in-the-middle attacks.These security threats will lead to illegal entity access and further endanger the reliability and availability of the system.Although scholars have proposed many enhanced security access authentication protocols,most of them have been proved to have security vulnerabilities.In addition,with the development of quantum computing,the previous authentication protocols based on some asymmetric cryptographic mechanisms such as discrete logarithm and elliptic curve cryptographic mechanisms may face new security challenges.In this context,this paper proposes a novel antiquantum access authentication protocol based on ring learning with errors(RLWE),which meets more security requirements and greatly reduces the authentication delay through prenegotiation.Through the security analysis and performance analysis,it is shown that our protocol can be more suitable for delaysensitive IoT devices to access SIN while ensuring higher security.
文摘This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.
文摘With the popularity of the Internet and improvement of information technology,digital information sharing increasingly becomes the trend.More and More universities pay attention to the digital campus,and the construction of digital library has become the focus of digital campus.A set of manageable,authenticated and secure solutions are needed for remote access to make the campus network be a transit point for the outside users.Remote Access IPSEC Virtual Private Network gives the solution of remote access to e-library resources,networks resources and so on very safely through a public network.It establishes a safe and stable tunnel which encrypts the data passing through it with robust secured algorithms.It is to establish a virtual private network in Internet,so that the two long-distance network users can transmit data to each other in a dedicated network channel.Using this technology,multi-network campus can communicate securely in the unreliable public internet.