The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
With the development of e-commerce, SSL protocol is more and more widely applied to various network services. For the defect of SSL authentication, this paper analyses two kinds of drawbacks in SSL handshake, and respectively conducts fake certificate and conversion from HTTPS to HTTP data to attack. Both of them are dangerous to HTTPS communication. For that reason, we have proposed three different...
Trusted channels establish trust of endpoint by linking endpoint configuration information to secure channels. Many trusted channels for client-server applications are established based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Two existing solutions for building trusted channels are shown to be vulnerable to collusion attacks in this paper. Then we propose a protocol...
Bare PC applications do not use an operating system or hard disk. We present a lightweight VoIP security scheme for a bare PC softphone that consists of an RSA-based key exchange, AES voice encryption, and SHA-1 data integrity and authentication. The scheme is easily extended to incorporate replay protection and a key derivation function as specified in SRTP for example. Experimental results comparing...
The wireless application protocol (WAP) is a protocol stack for wireless communication networks. Wireless transport layer security (WTLS) is the security protocol of the WAP and it operates over the transport layer. Analysis of the WTLS agreement reveals that the certification process in the handshake agreement presents a risk of intermediary anonymous attack that we denote man-in-the-middle-attack...
Users' confidential data in transit on the WWW are protected by the HTTP's authentication scheme or the SSL protocol. However, the former has several weak points in terms of security, while the latter has a few problems against its wide deplotmemt. To alleviate the problems, we propose a scheme for user-initiated server authentication and two schemes for protecting against the cross-site-scripting...
To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls...
Grid computing provides users with transparent access to substantial compute and storage resources. Up to now the main focus lay in the development of Grid infrastructures and the development of services providing access to grid resources. This leads to a negligence of security aspects, which, for example, leads to the recommendation of open wide port ranges on firewalls protecting the Grid resources...
In this paper, we propose a secure binding update authentication scheme in FMIPv6 for wireless vehicular networks. The scheme guarantees mutual authentication, secrecy, and integrity based on pre-authentication. We analyze the security of the binding update authentication scheme and the security requirements using AVISPA Tool that supports a rigorous analysis of security.
IETF (Internet Engineering Task Force) has proposed the use of PMIPv6 (Proxy Mobile IPv6) over Mobile IPv6 which has the problem of handover latency and signaling overhead caused by binding update(BU). However, considering that PMIPv6 provides the fast handover only in intra-domain, not inter-domain. IETF is debating whether to go back to the previously proposed method, MIPv6, which allows handover...
Web database is a combined production with database technology and Web technology, it stores and manages a great deal of data, if they are embezzled or juggled, which maybe bring enormous political and economic losses to the society. So it is imperative to properly establish security for Web database against illegitimate intrusion. The host identity protocol (HIP) is designed by the Internet Engineering...
When a password is encrypted by a hash algorithm the resultant is called hashed password. In a server client based communication system such as Yahoo Messenger, AIM, passwords of clients are hashed by MD5 and passed to the server for authentication. This type of transmission is always a subject of interception by the hackers. These hashed passwords are passed through the Internet as a data packet...
Most users have multiple accounts on the Internet where each account is protected by a password. To avoid the headache in remembering and managing a long list of different and unrelated passwords, most users simply use the same password for multiple accounts. Unfortunately, the predominant HTTP basic authentication protocol (even over SSL) makes this common practice remarkably dangerous: an attacker...
This paper presents the security strategy used by WAP and I-Mode. It includes security transport protocol, the type of certificate, the performance of gateway, smartcard and authenticate scheme. It will first be illustrated from the architecture, and then discussed application situation. All of these schemes of WAP will be compared with the similar adopted technology of I-Mode. Through comparing,...
Although Dynamic Host Configuration Protocol for IPv6 (DHCPv6) protocol was defined in 2003, it was designed as a framework rather than a complete solution to the automatic configuration in IPv6 networks. There are still some unsolved problems and new options yet to be defined. One example of such case is Fully Qualified Domain Name (FQDN) option, which final version has been published in late 2007...
The modern industrial communication networks are increasingly based on open protocols and various platforms, which are used in the IT (Information Technology) office and the Internet In general, for the TCP/IP protocol suite, a wide range of cryptography-based secure communication now is available. In automation and control systems, which have a number of security relevant characteristics distinct...
The diameter protocol is recommended by IETF as AAA (authentication, authorization and accounting) protocol criterion for the next generation network. Because the IPv6 protocol will be widely applied in the intending all-IP network, mobile IPv6 application based on diameter protocol will play more important role in authentication, authorization and accounting. In this paper, the implementation of...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.