自定义博客皮肤VIP专享

*博客头图:

格式为PNG、JPG,宽度*高度大于1920*100像素,不超过2MB,主视觉建议放在右侧,请参照线上博客头图

请上传大于1920*100像素的图片!

博客底图:

图片格式为PNG、JPG,不超过1MB,可上下左右平铺至整个背景

栏目图:

图片格式为PNG、JPG,图片宽度*高度为300*38像素,不超过0.5MB

主标题颜色:

RGB颜色,例如:#AFAFAF

Hover:

RGB颜色,例如:#AFAFAF

副标题颜色:

RGB颜色,例如:#AFAFAF

自定义博客皮肤

-+
  • 博客(9)
  • 资源 (6)
  • 收藏
  • 关注

转载 OpenSSL证书生成

利用OpenSSL生成库和命令程序,在生成的命令程序中包括对加/解密算法的测试,openssl程序,ca程序.利用openssl,ca可生成用于C/S模式的证书文件以及CA文件.下面以C/S模式说明证书文件的生成步骤:证书文件生成:一.服务器端    1.生成服务器端的私钥(key文件);      openssl genrsa -des3 -out server.key 10

2013-04-12 00:19:28 977

转载 利用openssl创建一个简单的CA

本文旨在利用开源openssl软件,在Linux(或UNIX/Cygwin)下创建一个简单的CA。我们可以利用这个CA进行PKI、数字证书相关的 测试。比如,在测试用Tomcat或Apache构建HTTPS双向认证时,我们可以利用自己建立的测试CA来为服务器端颁发服务器数字证书,为客户端 (浏览器)生成文件形式的数字证书(可以同时利用openssl生成客户端私钥)。  该简单的CA将建立在

2013-04-12 00:18:34 944

转载 用OpenSSL编写SSL,TLS程序 - Win32版

用OpenSSL编写SSL,TLS程序 - Win32版一、简介:SSL(Secure Socket Layer)是netscape公司提出的主要用于web的安全通信标准,分为2.0版和3.0版.TLS(Transport Layer Security)是IETF的TLS 工作组在SSL3.0基础之上提出的安全通信标准,目前版本是1.0,即RFC2246.SSL/TLS提供的安全机

2013-04-12 00:08:53 7846

转载 openssl开发过程中的一些总结

1.从客户端到服务器的ssl连接的建立过程:#define CERTFILE_PATH "/root/CA/client.pem"#define CERTKEY_PATH "/root/CA/clientkey.pem"#define CACERT_PATH "/root/CA/cacert.pem"

2013-04-12 00:03:10 1800 1

转载 python urllib2模块介绍

简介:urllib2是python的一个获取url(Uniform ResourceLocators,统一资源定址器)的模块。它用urlopen函数的形式提供了一个非常简洁的接口。这使得用各种各样的协议获取url成为可能。它同时也提供了一个稍微复杂的接口来处理常见的状况-如基本的认证,cookies,代理,等等。这些都是由叫做opener和handler的对象来处理的。以下是获取url最简

2013-04-07 22:27:50 2304

转载 python urllib介绍

python urllib的使用介紹2008-02-22 10:26一。该模块的用途:1。从制定的URL获取数据2。对URL字符串进行格式化处理二。__version__='1.17'的urllib模块中的主要函数和类介绍:1。函数:(1)def urlopen(url, data=None, proxies=None)参数说

2013-04-07 22:24:36 464

原创 socket 中sockopt选项。主要是setsockopt和getsockopt使用

下面是打印系统支持的opt项目setsockopt(level,optname,value)getsockopt(level,optname[,buflen])'''Created on 2013-4-6@author: Administrator'''import socketsolist=[x for x in dir(socket) if x.startswi

2013-04-06 23:24:59 863

原创 python str与bytes之间的转换

今天用python调用windows api的时候出了点问题,ctypes.c_char_p()这个函数,只接受bytes型或是int型的数据,但是我的传入参数却是str类型的,所以需要把str转换成bytes型的。转换的方法如下: bytes object b = b"example" str object s = "example"

2013-04-06 22:00:07 26324

原创 python写的C/S程序

服务器端server.py #!/usr/bin/env pythonimport socket,oshost=''port=4567s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)s.bind((host,port))s.

2013-04-06 14:38:21 2523

RPA程序和代码实现RPA程序和代码实现

RPA

2021-06-04

分布式文件系统架构

分布式文件系统架构

2013-01-21

A Novel RFID Authentication Protocol with Ownership Transfer.doc

A Novel RFID Authentication Protocol with Ownership Transfer Han Jia1, Jun Wen2 School of Computer Science and Technology, University of Electronic Science and Technology of China,Chengdu, China 1depart@126.com, 2wenjun@uestc.edu.cn Abstract. RFID technology has a wide application in many fields. However, there are many security and privacy issues. The paper presents a RFID security proposal to enhance security levels. It is established as following steps. It first builds a security communication channel, then implements tags and corresponding reader authentication, finally solves the ownership transfer issue. This protocol involves minimal interaction between tags and corresponding reader, which can efficiently lower the computational burden on the tag. Its security is verified by BAN logic. Keywords: Radio Frequency Identification; authentication; BAN; security and privacy 1 Introduction RFID is one of the rapidly developing techniques in recent years. It is widely used in many fields, such as retail trade, libraries, car tracking, product identification and passport. It would play an important role in the future. RFID system consist of tags, readers and a database server. In the life of tag, it may transfer ownership on many occasions, for example, it occurs when a manufacture delivers it to a retailer. Therefore, the seamless ownership transfer of tag is required in RFID system. It may suffer from attacks when both of previous owner and new owner accessed the information of the tag during the processing of ownership transfer. After the operation, the previous owner cannot access the information of tag. Typically, the tag have 5~10K logic gates, can store only hundreds bits. With the limit logic gates, about between 300 and 3000 gates can be devoted to security function. There is no such security transfer mechanism in RFID system due to limited computation capabilities and storage on tags. RFID system may suffer from some security threats. They are listed as follows: Replay attack: An attacker transmits the information he got and spoofs legitimate tag. This attack may leak out the information of tag. Impersonation: An attacker forges a tag or a reader as an authenticated one to steal the information in the database server. Eavesdropping: It is easy for eavesdroppers to get the signal from the open wireless circumstance, which lead to leak the business information. Dos attack: An attacker transmits some messages to interrupt the communication among tags, readers and database servers. De-synchronization attack: The difference between the key in tags and the one in database results in the authenticated tag cannot be recognized. Windowing problem: During the process of ownership transfer, both the old and new owners possess the information to authenticate the tag. This paper proposes a RFID protocol that can resist the above attacks. It adopts random numbers to make sure every round of access is fresh. The message transmitted in the channel is cipher text to preventing leakage of the tag’s information. If the bad occasion of de-synchronization happens, this protocol provides the corresponding mechanism to recover it. The major contribution of this paper is to present a novel security and privacy RFID method with group ownership transfer. This protocol involves minimal interaction between reader and tags. The proposed method provides not only security but also efficiency. This paper is organized as follows. Section 2 describes related work of RFID. Section 3 presents a new mutual authentication method. Section 4 verifies this protocol’s security by BAN Logic. Section 5 draws a conclusion. 2 Related work Previous papers have done some research in RFID security. [1] pointed out there are several practical scenarios of group transfer. In addition, group transfer can substantially expand the application of RFID system. [2] is one of the earlier ownership transfer protocol. Unfortunately, there is a flaw in their solution that allows killing of the tag. [3] improved the protocol [2], [3]added some message to the last message form the database to the reader. However, this would lead to de-synchronization, and it cannot resist Dos attacks. [4] proposed a protocol to achieve group ownership transfer with the help of database server, which played a role of trusted third party. However, it may leak out the owner’s privacy. [5] adopted a dynamic ID to avoid a replay attack, but it may suffer form a Dos attack. [6] adopted one-time secret to prevent attacks in his protocol, the secrets shared between tags and servers are changed once ownership transfer occurs. It may lead to de-synchronization even if a trusted third party is used. [7] achieved ownership transfer without TTP. This protocol vulnerable to suffer from eavesdropping attacks by the previous owner, and it cannot resist Dos attacks. The above solutions can be divided into two kinds according to the involvement of a Trusted Third Party (TTP). One not involving a TTP requires many rounds to complete authentication. The other involving a TTP relies on the security and robustness of server, which required the TTP to be online anytime. 3 Paper Preparation A novel RFID security protocol An RFID security method that achieves all requirements based on xor and public key Infrastructure is proposed. The notations using throughout this paper are listed in table1. Table1 Ek() Encryption function (under key k); It maybe xor , symmetrical encryption or asymmetric encryption , which depends the capability of computation about entity. D ( ) Decryption function ; K&K1; The key for encryption ; Different group owner have different key , so it can identify the owner of tag. In this paper, K1 represent a new owner. ID The unique identifier of tag ; Rt The random number generate by tag ; Rr The random number generate by reader; Rs The random number generate by database server; ⊕ XOR operation; Info(ID) The specific information of tag which has this ID . Assume public key infrastructure has been constructed between a reader and a server. The process of protocol is depicted as follows: A section to establish a secure communication channel is as follows: 1. A reader generates a random number Rr, and transmits a ClientHello(contains Rr) which is encrypted using the public key of the server to the database server. 2. A server generates a random number Rs after receiving the random number Rr from the reader. ServerHello(contains Rr and Rs) is encrypted using the reader’s public key, then sends ServerHello to the reader. 3. The Reader checks whether the random number received from server equal to Rr. If true, stores the random number Rs and sends ClientHelloDone to the server. Else it disposes this message and goes to step 1. 4. The server sends ServerHelloDone to the reader when the server receives ClientHelloDone from the reader. In this case, a secure communications channel has been established. A section of mutual authentication is as follows: 5. The Reader sends a request (contains Rr) to a tag. 6. The tag stores Rr and generates a random number Rt. The tag sends Ek(Rt), Ek(ID) to the reader. 7. The reader encrypts Ek(ID)⊕Rs, Ek(Rt), Rs using public key of server and sends them to the server. 8. The server checks whether the random number received from reader equals to Rs. If false, the protocol is terminated, else the server gets Ek(ID) by computing Ek(ID)⊕Rs⊕Rs. The real ID is gotten by decryption function Dk(Ek(ID)). The server searches ID in the database. If it is found, authentication process is successful. The server sends Info(ID) encrypted using the public key of the reader to the reader. If it fails, decrypt Ek(ID) using the last successful authenticated key. If ID is found, the authentication process is successful. The server sends info(ID) encrypted using public key of the reader to the reader and goes to step 9. Else the protocol is terminated. Figure 1 . Authentication Process A section of ownership transfer is as follows: 9. The server gets the public key K1 of new group owner. The server sends Ek(ID⊕Rt), Rt⊕K1, Ek(Rt)and Rr encrypted using the public key of the reader to the reader. Then updates the public key of owner to K1 and stores K as the last successful authentication key. 10. The reader checks whether the Rr is equal to the random number the reader stored. If them equal, goes to the next step, else terminate the protocol. 11. The Reader sends Ek(ID⊕Rt), Ek(Rt)⊕Rr and Rt⊕K1 to the tag. 12. The tag gets Rr by computing Ek(Rt)⊕Rr⊕Ek(Rt) and checks whether Rr equals to the random number the tag stored. If not equal, terminates the protocol. Else the reader is authenticated. 13. The tag checks whether Ek(ID⊕Rt) equals to what it stored. If true, goes to the next step, else terminates the protocol. 14. The tag gets the public key K1 of new group owner by computing Rt⊕K1⊕Rt, and then replaces K with K1. The process of group owner transfer is finished. Figure 2 . Ownership Transfer Process Figure 1 shows the process of mutual authentication. Figure 2 shows the process of group ownership transfer. This protocol can help resist the attack mentioned above. This protocol can adapt the capability of tag computation. If tag has strong computing capability, it can adopt hash or PKI Infrastructure. If tag has weak computing capability, it can adopt xor instead of Ek(), but the premise is public key large enough. 4 Analyzing Protocol with BAN Logic Whether this protocol can achieve the security goal to expect can be proved by formal methods. BAN logic is a well-known authentication logic. Protocol security can be verified by BAN logic to decide whether a protocol can reach expected target and some flaws can thus be found. Syntax and Semantics of BAN logic is shown as follows [8]: P|≡X : P trusts the message X is true , P believes X . PX : P received a message contains X , P sees X . P|~X : P has transmitted a message contains X . P said X . P|⇒X : P controls X #(X) : X is fresh . X has not been transmitted in any message before. PQ : P and Q communicate to each other with the shared key K . No one discovered K except P , Q or a third party trusted by P or Q . {X}K: It means that X is encrypted under K. Rules of BAN Logic message-meaning rule Rule 1 : P|≡PQ , P{X}K ┣ P|≡Q|~X nonce-verification rule Rule 2 : P|≡#{X} , P|≡Q|~X ┣ P|≡Q|≡X jurisdiction rule Rule 3 : P|≡Q|X , P|≡Q|≡X ┣ P|≡X seeing rules Rule 4 : p(X,Y) ┣ PX Rule 5 : PK ┣PX Rule 6 : P|≡PQ , P{X}K ┣ PX freshness rule Rule 7 : P|≡#{X} ┣ P|≡#{X,Y} belief rules Rule 8 : P|≡X ,P|≡Y ┣ P|≡(X,Y) Rule 9 : P|≡(X,Y) ┣ P|≡X Rule 10 : P|≡Q|≡(X,Y) ┣ P|≡Q|≡X Rule 11 : P|≡Q|~(X,Y) ┣ P|≡Q|~X Assume A represents a tag, B represents a reader, and S represents a database server. KBS represents the shared key between B and S. The initial assumptions are as follows: B|≡B S (1) S|≡B S (2) A|≡AS (3) S|≡AS (4) A|≡S|⇒AS (5) A|≡#(Rt) (6) B|≡#(Info(ID)) (7) B|≡S|⇒Info(ID) (8) A|≡S|⇒K1 (9) The idealization of the RFID protocol is listed as follows: B→S : S→B : B→A : Rr A→B: B→S : S→B : S→B : B→A : , Rr According to BAN Logic, the interpretation of the RFID protocol is as follows: S (10) B (11) A (12) B (13) S (14) B (15) B (16) A, Rr (17) The goals expected to achieve: B|≡Info(ID), A|≡SA Under the Rule 1, formula(15) and the assumption(1) is to obtain the following: B|≡S|~Info(ID) (18) Under the Rule 2, formula(18) and the assumption(7) is to obtain the following: B|≡S|≡Info(ID) (19) Under the Rule 3, formula(19) and the assumption(8) is to obtain the following: B|≡Info(ID) So the goal of B|≡Info(ID) has been proved. Under the message-meaning rule, formula(17) and the assumption (3) is to obtain the following: A|≡S|~ (20) Under the Rule 5 and assumption(6) is to obtain the following : A|≡# (21) Under the Rule 2, formula(20) and (21) is to obtain the following: A|≡S|≡ (22) Under the Rule 9 and formula(22) is to obtain the following : A|≡S|≡ (23) Under the jurisdiction rule, formula(23) and assumption(9) is to obtain the following: A|≡SA From the initial assumption, the goals are deduced by applying logic rules. By analyzing the RFID protocol with BAN Logic, it can verify that the RFID protocol is secure and flawless. The protocol security of above issues is analyzed as follows: This paper adopts random numbers to make sure that every round of communication is fresh. The random numbers are produced every round to prevent the replay attack. The message transmitted in the channel is cipher text so that attacker cannot figure out the original message. If an attacker forge a tag to involve the process of exchanged information, the database server can detect the identification does not exists in database, which will deny its next operations. When de-synchronization happens, the database server can identify the tag by using old owner’s secret key. Then the database server sends the new secret key once again to recover it. This protocol transfers ownership by one-step operation. If this operation success, the old owner cannot access the tag because it does not know the new secret key; otherwise, the tag cannot identify the new owner, it will deny its access. By the way, it can resist windowing problems. 5 Conclusions This paper proposes a RFID protocol, which can be implemented in either high-cost tags or low-cost tags. This protocol’s security has been proved by BAN Logic. In this protocol, three random numbers are involved. How to reduce the random numbers in the protocol and simplify operations is what will be done in the future. References 1. A. Juels.: Yoking-proofs for RFID Tags. Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, Washington DC, USA, 2004, PP. 138-142. 2. K. Osaka, T. Takagi, K. Yamazaki and O. Takahash.: An Efficient and Secure RFID Method with Ownership Transfer. Computational Intelligence and Security, vol. 2, 2006, pp. 1090-1095. 3. Jappinen, P. Hamalainen, H.: Enhanced RFID Security Method with Ownership Transfer. Proceedings of the International Conference on Computational Intelligence and Security. (2008) PP 382-385 4. H. Lei and T. Cao.: RFID Protocol enabling Ownership Transfer to protect against Tractability and Dos attacks. The First International Symposium on Data, Privacy and E-Commerce, 2007(ISDPE 2007). 1-3 Nov. 2007, pp. 508-510. 5. S.Tripathy and S. Nandi.: Robust Mutual Authentication for Low cost RFID Systems. 2006 IEEE International Conference on Industrial Informatics, Aug, 2006, pp, 949-954 6. L. Kulseng.: Lightweight mutual authentication, owner transfer, and secure search protocols for RFID systems. Master of Science thesis, Electrical & Computer Engineering Department, Iowa State University, 2009. 7. T. Dimitrious.: RFIDDOT:RFID delegation and ownership transfer made simple. in Proc.International Conference onComputational Intelligence and Security,2008,PP. 382-385. 8. Kernal Bicakci , Nazife Baykal.: One-Time Passwords:Security Analysis Using BAN Logic and Integrating with Smartcard Authentication[J]. Lecture Notes in Computer Science, 2003:794-801.

2012-11-19

UNP源码 STEVEN

本书是一部UNIX网络编程的经典之作。书中全面深入地介绍了如何使用套接字API进行网络编程。全书不但介绍了基本编程内容,还涵盖了与套接字编程相关的高级主题,对于客户/服务器程序的各种设计方法也作了完整的探讨,最后还深入分析了流这种设备驱动机制。   本书内容详尽且具权威性,几乎每章都提供精选的习题,并提供了部分习题的答案,是网络研究和开发人员理想的参考书。

2012-05-23

java-qq做得有点简单,交作业用的哦

java qq 做得有点简单,交作业用的哦

2010-12-27

PHP小程序 PHP小程序

PHP小程序 PHP小程序PHP小程序PHP小程序PHP小程序PHP小程序PHP小程序PHP小程序

2010-10-16

空空如也

TA创建的收藏夹 TA关注的收藏夹

TA关注的人

提示
确定要删除当前文章?
取消 删除