摘要:
Generating honeywords for each user's account is an effective way to detect whether password databases are compromised. However, there are several underlying security issues associated with honeyword techniques that need to be addressed, for example, (1) How to make it more difficult for an attacker to find an accurate match of "username-real password"? (2) How to prevent the intersection attack in multiple systems caused by password reuse without reducing usability? (3) How to reduce the success rate of targeted password guessing? In this study, we first propose a "matching attack" model and find that although Erguler's honeyword system can achieve perfect flatness, the success rate of the attacker is 100% under matching attack. Secondly, we propose a new honeyword approach named Superword that isolates the direct relationship between username and the corresponding hashed password in password files. Additional honeypots are mixed with real accounts to detect online guessing attacks. The analysis reveals that our approach makes a matching attacker difficult to find a real password from N password hashes. Since there is no connection between the username and password in password files, our honeyword system also alleviates the multiple systems intersection attack and targeted password guessing. (c) 2019 Elsevier Ltd. All rights reserved.
摘要:
Since Sweeney first proposed the k-anonymity algorithm to protect the security of published data, many researchers have proposed improved algorithms based on the framework of k-anonymity. However, the existing algorithms have not reached the optimal performance in anonymity. An effective anonymity algorithm should be able to solve a basic contradiction-optimal accuracy and security trade-off. To achieve the goal, this paper first develops a new quantitative criterion for the basic contradiction based on classical probability theory. Specifically, the criterion is used to measure the possibility that the individual might experience privacy disclosure and the degree of global security and global accuracy. Through this criterion, then we can derive an optimal division theory to obtain a certain global accuracy by the minimum global security loss. The experiment result shows that the performance of our new algorithm nearly reaches the optimal balance between accuracy and security.
作者机构:
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, China;School of Computer, Central China Normal University, China
期刊:
Wireless Personal Communications,2019年107(1):57-79 ISSN:0929-6212
通讯作者:
Guo, Yajun
作者机构:
[Liang, Xinyu; Guo, Yajun] Cent China Normal Univ, Sch Comp, Wuhan 430079, Hubei, Peoples R China.
通讯机构:
[Guo, Yajun] C;Cent China Normal Univ, Sch Comp, Wuhan 430079, Hubei, Peoples R China.
关键词:
RFID;Tag identification;Anti-collision
摘要:
Anti-collision protocols have long been an important research field in RFID systems, and the collision tree (CT) protocol is very typical. Some researchers have improved CT to achieve better performance. However, these schemes still encounter the problem of too many collisions occurring at the beginning of the tags identification. In order to reduce the initial redundant collision, we propose a Probability-based Query Tree protocol (PQT). PQT divides all tags into several small subsets before the tags to be identified, and the protocol is composed of three parts: Inverse Probability Function (IPF), Total Time Slot Function (TTSF), and Mapping Table. The inverse probability function quantifies the possibility that a subset contains tags. The total time slot function measures the number of total time slots, and is used to obtain an optimal position to divide tags in the beginning. The mapping table is presented as an adaptive method in practical applications. In performance analysis, the identification efficiency of PQT is close to the optimal value. Simulation results further show that PQT outperforms the other existing anti-collision protocols.
摘要:
Here we propose a trajectory privacy model to solve privacy and security problems with radio-frequency identification (RFID) systems. The model first formalizes an Adversary Model and then defines an adversary indistinguishability privacy game and interval security privacy game according to the ability of the adversary. Based on the privacy game between adversary and challenger, the author gives the definition of weak trajectory privacy and strong trajectory privacy. Finally, we analyzed the privacy protection level of present RFID systems with the help of this trajectory privacy model. It can be seen that the trajectory privacy model can effectively analyze and find the privacy vulnerabilities of RFID security protocols.
作者机构:
[宋建华] School of Computer Science and Information Engineering, Hubei University, Wuhan, Hubei 430062, China;[王志皓] China Electric Power Research Institute, Beijing 100192, China;[韩兰胜] School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, Hubei 430074, China;[郭亚军] School of Computer Science, Central China Normal University, Wuhan, Hubei 430079, China
通讯机构:
School of Computer Science and Information Engineering, Hubei University, China
关键词:
射频识别;混合树;防碰撞算法
摘要:
在 RFID 系统中,阅读器读取标签的效率与解决标签发生碰撞的方法密切相关。目前采用多叉树查询是一种较好的多标签防碰撞方法。它能减少碰撞时隙,再通过额外的查询来减少空闲时隙。但额外的查询也增加了新的开销。本文提出了一个自调整混合树 RFID 多标签防碰撞算法,该算法根据最高两个碰撞位的特征,在不增加额外查询的条件下,自调整搜索树的叉数,从而避免了一些碰撞时隙和空闲时隙。通过对算法的性能分析和仿真结果可以看到,自调整混合树 RFID 多标签防碰撞算法具有较少的时间复杂度和通信复杂度,识别效率也明显高于其他多叉树算法。