序列模式发现的结构化动态优化方法

给出单模式、二模式和三模式3种序列模式发现的基本概念,给出二模式和三模式的表示方法。该表示方法不会产生实际不存在的候选序列,从而有效地缩小候选空间,提高序列模式的计算速度。结合Apriori方法,基于3种基本模式,应用无冗余的模式增长原则和三级动态优化方法,提出一种序列模式发现的结构化动态优化方法。     

基于随机Hough变换的零基线正弦曲线检测

研究零基线正弦曲线的随机Hough变换的最小点集、收敛映射和动态链接表结构3个基本问题,提出改进的三点拟合零基线正弦曲线的方法,给出零基线正弦曲线的随机Hough变换检测算法,并分析算法的计算性能和存储量性能。仿真实验表明该方法的有效性。     

基于社会特性的P2P资源查找策略

提出一种基于社会特性的P2P资源查找策略。将具有类似兴趣的节点组织成多个兴趣簇,形成一个多簇相互交叠的重叠网络拓 扑。节点通过相似度比较,选择与自己兴趣度最相似的候选节点建立邻居关系,结合带偏向的随机走动策略和跨簇节点广度优先搜索策略,进行资源查找。实验结果表明,该策略的查找成功率较高。     

改进代理多重签名方案的安全性分析

对一个代理多重签名方案进行分析,指出该方案中存在的安全性漏洞,包括代理授权的不当会导致代理人有能力修改代理授权证书,所有原始签名人合谋可以伪造出代理人的数字签名,原始签名者能够合谋伪造出一个有效的代理多重签名,以及任何合法的签名者可能被别人陷害。     

车载CAN网络中直接NM逻辑环的实现

为实时监控车载网络中的节点,在使用控制器区域网络(CAN)总线的车载网络中,设计并实现一种基于OSEK/VDX规范直接网络管理(NM)的车载NM系统。由车载网关通过CAN总线收集各网络节点的故障信息,通过IPv6无线网络上传至远程故障诊断服务器,并将得到的故障处理信息下发至有关节点,实现车载CAN网络与远程故障诊断服务器的信息交互。测试结果表明,各网络节点上线后能快速建立稳定的逻辑环通信,并为远程故障诊断提供操作平台。     

基于关联图的加权关联规则挖掘算法

针对交易数据库中数据项重要性不同的现象,引入加权支持度和最小支持期望的概念,提出一种基于关联图的加权关联规则模型,并在该模型基础上,设计了改进的加权关联规则挖掘算法。该算法扫描数据库仅一次,采用关联图存储频繁2项集信息,通过构建基于图的剪枝策略,减少验证频繁项集的计算量,有效提高加权频繁项集的生成效率。     

基于重启型随机游走模型的图上关键字搜索

基于重启型随机游走模型和个人化PageRank算法,提出一种新的图上关键字搜索算法。该算法将向量空间模型和随机游走模型进行有效的结合,使查询搜索得到的结果可以匹配查询关键字,通过充分挖掘利用图中隐含的结构信息,更好地提供搜索结果。实验结果证明了该算法的有效性。     

J2ME中面向对象的持久存储管理研究

针对J2ME程序数据持久存储的问题,根据移动信息设备简表,提出一种采用缓存机制的面向对象的数据持久存储管理方案。该方案将数据封装为对象,在应用程序和持久存储之间采用数据管理层分离应用程序的数据访问逻辑和数据存储逻辑,并采用缓存机制提高数据访问效率。通过实验验证该方案的可行性,实验结果表明该缓存机制提高了频繁访问数据的访问效率。     

基于热扩散模型的测试程序分类

提出基于热扩散模型的测试程序分类方法,根据峰值温度的高低对SPEC CPU2000的测试程序进行分类。讨论测试程序的热扩散特征和程序行为之间的对应关系。实验结果表明基于热扩散模型分类是一种有效的程序分类方法,其分类结果为不同类型多线程工作负载的组合提供了参考。     

基于改进PCNN和互信息熵的自动图像分割

脉冲耦合神经网络(PCNN)由于其良好的脉冲传播特性在图像分割中得到了广泛应用。针对其需要人机交互通过实验确定其相关参数等问题,改进PCNN模型,以像素对比度作为链接矩阵,以互信息作为迭代终止的判决依据,提出基于改进脉冲耦合神经网络的自动图像分割。实验结果表明,该方法实时性好、自适应性强,分割出的目标轮廓清楚。     

Simple password-based three-party authenticated key exchange without server public keys

Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security.     

Provably secure three-party password authenticated key exchange protocol in the standard model

Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.     

Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings—Communications 152 (2) (2005) 138-143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.’s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future.     

An efficient client–client password-based authentication scheme with provable security

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.     

Robust biometric-based three-party authenticated key establishment protocols

This paper proposes secure and efficient biometric-based three-party authenticated key establishment (B3AKE) protocols to minimize the computation costs of each participant and fit three-party communication. The proposed B3AKE protocols adopts a three-factor authentication mechanism which uses biometric, token, and passwords for users unlike the related protocols. In addition, the proposed B3AKE protocols are composed of four sub-protocols, which are registration, biometric-based three-party authenticated key transport, biometric-based three-party authenticated key agreement (B3AKA), and password update. In order to exploit the key block size, speed, and security jointly, the proposed B3AKA protocol is based on symmetric key cryptosystems and elliptic curve cryptography. As a result, the proposed B3AKE protocols not only are secure against well-known cryptographical attacks but also provide perfect forward secrecy. Furthermore, the number of rounds is smaller by one round than the related protocols and the asymmetric key encryption/decryption operations do not need to establish a session key and authenticate between two users and a server. Thus, the proposed B3AKE protocols are very useful in limited computation and communication resource environments to access remote information systems since it provides security, reliability, and efficiency.     

A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks

Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.     

基于验证元的三方密钥交换协议的分析和改进

对现有的一个典型的基于验证元的三方密钥交换协议——ZZJ协议进行分析,指出它的不安全性。在此基础上针对现有的大多数基于验证元的3PAKE协议均难以抵御服务器密钥泄露攻击的现状,提出一个新的基于验证元的三方密钥交换协议——NZZJ协议。通过安全性分析,证明该协议能够抵御服务器密钥泄露攻击、未知密钥共享和内部人攻击等常见的安全威胁。     

基于RSA的网关口令认证密钥交换协议

网关口令认证密钥交换协议是一个三方协议,使得用户和网关在服务器的协助下建立起一个安全的会话密钥,从而实现用户和网关之间的安全通信.已有的网关口令认证密钥交换协议都是基于Diffie-Hellman密钥交换设计的.利用张木想所设计的PEKEP协议,提出了基于RSA体制的可证明安全的网关口令认证密钥交换协议.在随机预言模型...     

基于椭圆曲线密码体制的可认证的密钥交换协议

椭圆曲线密码体制逐渐应用于各种安全协议中.分析了DH密钥交换协议不能抵抗中间人攻击得弱点,基于椭圆曲线离散对数难解性,利用椭圆曲线密码体制的数字签名方案,提出了基于身份认证的密钥交换协议.安全性分析表明,该协议提供身份认证、密钥认证性、密钥的可知安全性、前向保密性,并有效能够防止中间人攻击和重放攻击.把椭圆曲线密码应用于密钥交换协议的认证过程,能有效提高密钥交换协议的安全性和实用性.     

An novel three-party authenticated key exchange protocol using one-time key

Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.