The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the...The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.展开更多
Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed ...Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.展开更多
In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be a...In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority (PKI/CA) to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.展开更多
Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnesse...Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.展开更多
Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobilit...Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure (PKI) security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol (CBSRP) to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority (CA) with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.展开更多
文摘The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.
基金National Natural Science Foundation of China(No.61271152)Natural Science Foundation of Hebei Province,China(No.F2012506008)the Original Innovation Foundation of Ordnance Engineering College,China(No.YSCX0903)
文摘Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.
基金Supported by the National Natural Science Foun-dation of China (50335020)
文摘In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can't longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority (PKI/CA) to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.
基金supported in part by the National Natural Science Foundation Project of China under Grant No.62062009the Guangxi Innovation-Driven Development Project under Grant Nos.AA17204058-17 and AA18118047-7.
文摘Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.
文摘Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure (PKI) security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol (CBSRP) to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority (CA) with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.
