Internet/Intranet信息安全系统的设计及实现

介绍了Ｉｎｔｅｒｎｅｔ／Ｉｎｔｒａｎｅｔ信息安全系统的主要安全服务机制，分析了身份认证，数据加密，数字签名，信息认证的工作原理和安全性能，同时说明了该系统在Ｉｎｔｅｒｎｅｔ／Ｉｎｔｒａｎｅｔ网络环境中的适用性和技术特点。     

基于双重分组和密钥计数的并行认证模式

由于CBC-MAC模式不可并行处理,提出了一种基于双重分组的并行认证模式(PKCB).PKCB模式同并行认证模式PMAC相比,安全性和速率都有显著提高,PKCB认证模式与CTR(计数器)加密模式结合可构成分组密码算法的一种全工作模式.在此基础上提出了一种基于密钥计数的并行认证模式(KCTR-MAC).KCTR-MAC模式安全性比PMAC模式高得多,而速率未降低,KCTR-MAC认证模式和CTR加密模式结合也可构成分组密码算法的一种全工作模式(2CTR),2CTR模式的综合性能不亚于标准模式CCM(CTR with CBC-MAC),是一种安全快速的实用模式.     

短切玻璃纤维增强硬质聚氨酯泡沫塑料的压缩性能

研究了短切玻璃纤维（GF）增强硬质聚氨酯泡沫塑料（RRPUF）的压缩性能,探讨了影响RRPUF压缩性能的因素,考察了RRPUF的密度,GF含量GF长度对RRPUF压缩性能的影响,发现RRPUF的压缩模量和压缩强度随含量增加而增加,尽管理论分析认为GF长度有一临界值,超过该临界值再增加GF长度就无意义了,但本工作中,RRPUF的压缩模量随GF长度在3～12mm范围内增加而升高,随RRPUF的密度增加,压缩模量显著增加,文中还介绍了压缩模量计算公式并计算了RRPUF的压缩装置,发现计算值与实测值     

MVI56-AFC流量计算模块在天然气计量系统中的应用

详细地介绍了MVI56-AFC流量计算模块的性能特点和工作原理,以及利用MVI56-AFC流量计算模块计算天然气压缩因子,并由上位组态软件读取MVI56-AFC计算的压缩因子,生成天然气流量计检定计算表,从而完成天然气流量计的实流检定.     

条件接收系统中机顶盒和智能卡安全通信协议

提出了条件接收系统中智能卡和机顶盒安全通信的协议.协议使用了Schnorr身份方案实现机顶盒对智能卡的认证,并使用一个非对称密码系统实现智能卡对机顶盒的认证.协议最小化了智能卡的在线计算负担,同时保持与其它协议同样的安全水平.对协议的安全性和性能进行了分析.分析结果表明,协议对于恶意攻击是鲁棒的,并且非常适合于只有有限处理能力的智能卡.而且,协议为不同的条件接收系统使用同样的机顶盒提供了可能,因为在协议中机顶盒不需要事先存储任何条件接收系统的秘密私有数据.     

孔径对球体开孔泡沫铝压缩及吸能性能的影响

目的 研究在准静态压缩过程中,不同孔径（泡沫铝内部胞孔的直径）对球体开孔泡沫铝压缩性能及吸能性能的影响。方法 针对3种不同孔径的泡沫铝试样进行准静态压缩实验。通过准静态压缩试验得出泡沫铝的应力-应变曲线,并通过应力-应变曲线计算得到吸能-应变曲线。结果 当泡沫铝孔径从5 mm增加到9 mm时,球形孔开孔泡沫铝的屈服强度增加了4.6862 MPa,最大吸能效率由24.45%提升到27.71%,力学性能和吸能性能均得到提升。结论 泡沫铝的压缩性能和吸能性能随着球体开孔泡沫铝孔径的增加而增强。     

SSH在校园网安全中的研究及应用

随着校园网的飞速发展,其应用也日益广泛。由于网络攻击和入侵行为日趋复杂,传统防御技术已经无法有效的保护校园网络。为防御网络中的安全威胁,SSH提供更加安全的认证、加密和数据完整性技术。提出在校园网络中使用SSH技术抵御网络攻击,从而达到加强校园网安全性的目的。     

第三代移动通信系统3G UMTS空中接口安全算法研究

由于3G移动通信系统网络的开放性以及无线通信的传播特性，安全问题成为3G移动通信系统的核心问题之一。f8算法和f9算法是3GUMTS安全体系中所采用的安全性算法之一，f8算法是机密性算法，对用户数据和信令数据进行加密：f9算法是完整性算法，对信令数据进行完整性认证。f8算法和f9算法共同构成了3GUMTS空中接口的安全体系。     

基于对称密码体制的移动支付安全协议研究

移动支付随着网络技术、移动终端设备的高速发展而成为一种趋势,不少国家为推动其发展已经做出必要的部署。因为支付环境复杂、支付终端设备性能有限,具有高度安全性的移动支付安全协议至关重要。文章首先介绍了移动支付的相关内容,然后分析了Hash链认证出错问题并给出相应的出错控制方案以保证整个Hash链的有效性。然后将Hash链认证方式增加到具有良好安全机制的3G网络基础设施的安全组件上从而实现了安全高效、易于推广实施的移动支付安全协议。     

WS2软涂层刀具的材料优选及涂层制备

运用有限元软件分析了不同基体材料和过渡层的基体表面WS2软涂层的残余热应力。结果表明弹性模量和热膨胀系数等参数是影响涂层残余热应力大小的主要因素。采用中频磁控溅射、多弧离子镀外加离子束辅助沉积工艺制备了4种WS2软涂层刀具并对其性能进行了测试,分析结果符合有限元计算的结论,发现残余热应力对WS2软涂层刀具的性能产生很大的影响,并发现Zr过渡层能有效促进WS2Ⅱ型织构的生长。     

基于接入控制器模式的公共无线局域网安全体系设计

公共无线局域网面临网络安全、用户数据保护、身份认证、移动管理及网络服务等多方面的挑战。将现有的公共无线局域网分为WISP—owned,Operator—owned以及for Enterprise 3种类型,并分别讨论了各种类型的特征及其架构。在此基础上提出一种基于接入控制器模式的通用安全体系,可应用于目前大多数类型的公共无线局域网。提出了一种802．1X和Web认证的混合型认证协议,该协议在进行Web认证时将利用802．1X协商后产生的密钥进行,可有效地抵抗窃取服务、基站伪装、消息窃听等攻击,并与现有公共无线局域网Web认证相兼容。     

Cloud Security Service for Identifying Unauthorized User Behaviour

Recently, an innovative trend like cloud computing has progressed quickly in Information Technology. For a background of distributed networks, the extensive sprawl of internet resources on the Web and the increasing number of service providers helped cloud computing technologies grow into a substantial scaled Information Technology service model. The cloud computing environment extracts the execution details of services and systems from end-users and developers. Additionally, through the system’s virtualization accomplished using resource pooling, cloud computing resources become more accessible. The attempt to design and develop a solution that assures reliable and protected authentication and authorization service in such cloud environments is described in this paper. With the help of multi-agents, we attempt to represent Open-Identity (ID) design to find a solution that would offer trustworthy and secured authentication and authorization services to software services based on the cloud. This research aims to determine how authentication and authorization services were provided in an agreeable and preventive manner. Based on attack-oriented threat model security, the evaluation works. By considering security for both authentication and authorization systems, possible security threats are analyzed by the proposed security systems.     

An End-to-End Authentication Scheme for Healthcare IoT Systems Using WMSN

The healthcare internet of things (IoT) system has dramatically reshaped this important industry sector. This system employs the latest technology of IoT and wireless medical sensor networks to support the reliable connection of patients and healthcare providers. The goal is the remote monitoring of a patient’s physiological data by physicians. Moreover, this system can reduce the number and expenses of healthcare centers, make up for the shortage of healthcare centers in remote areas, enable consultation with expert physicians around the world, and increase the health awareness of communities. The major challenges that affect the rapid deployment and widespread acceptance of such a system are the weaknesses in the authentication process, which should maintain the privacy of patients, and the integrity of remote medical instructions. Current research results indicate the need of a flexible authentication scheme. This study proposes a scheme with enhanced security for healthcare IoT systems, called an end-to-end authentication scheme for healthcare IoT systems, that is, an E2EA. The proposed scheme supports security services such as a strong and flexible authentication process, simultaneous anonymity of the patient and physician, and perfect forward secrecy services. A security analysis based on formal and informal methods demonstrates that the proposed scheme can resist numerous security-related attacks. A comparison with related authentication schemes shows that the proposed scheme is efficient in terms of communication, computation, and storage, and therefore cannot only offer attractive security services but can reasonably be applied to healthcare IoT systems.     

一种新的轻量级的RFID认证协议(英文)

无线射频识别技术(RFID)有望在不久的将来取代条形码系统,它的信息存储量以及传输信息的能力相比条形码都有明显的优势。然而,由此引发的用户隐私入侵和系统安全威胁一直是用户日益关注的问题。由于其设备的资源受限,以及无法执行强加密算法,因此于RFID系统中安全协议的执行是一个极大的挑战。为此,近来许多认证协议已被提出以防止未经授权的定位跟踪、检测、假冒、克隆等。本文提出了一种新的有效的轻量级射频识别认证协议,对于某些应用,它已能提供足够的安全级别。该协议中标签只需执行hash和异或运算而阅读器和后台服务器承担大部分的运算量包括伪随机数的产生以及加解密的运算。相比于其他协议,我们实现了防止隐私泄露、伪装等安全攻击的特点,适合于低成本、低计算量的RFID系统。     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

Blockchain-Enabled EHR Framework for Internet of Medical Things

The Internet of Medical Things (IoMT) offers an infrastructure made of smart medical equipment and software applications for healthcare services. Through the internet, the IoMT is capable of providing remote medical diagnosis and timely health services. The patients can use their smart devices to create, store and share their electronic health records (EHR) with a variety of medical personnel including medical doctors and nurses. However, unless the underlying commination within IoMT is secured, malicious users can intercept, modify and even delete the sensitive EHR data of patients. Patients also lose full control of their EHR since most healthcare services within IoMT are constructed under a centralized platform outsourced in the cloud. Therefore, it is appealing to design a decentralized, auditable and secure EHR system that guarantees absolute access control for the patients while ensuring privacy and security. Using the features of blockchain including decentralization, auditability and immutability, we propose a secure EHR framework which is mainly maintained by the medical centers. In this framework, the patients’ EHR data are encrypted and stored in the servers of medical institutions while the corresponding hash values are kept on the blockchain. We make use of security primitives to offer authentication, integrity and confidentiality of EHR data while access control and immutability is guaranteed by the blockchain technology. The security analysis and performance evaluation of the proposed framework confirms its efficiency.     

Efficient Joint Key Authentication Model in E-Healthcare

Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones. These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things (mIoT). mIoT is an important part of the digital transformation of healthcare, because it can introduce new business models and allow efficiency improvements, cost control and improve patient experience. In the mIoT system, when migrating from traditional medical services to electronic medical services, patient protection and privacy are the priorities of each stakeholder. Therefore, it is recommended to use different user authentication and authorization methods to improve security and privacy. In this paper, our prosed model involves a shared identity verification process with different situations in the e-health system. We aim to reduce the strict and formal specification of the joint key authentication model. We use the AVISPA tool to verify through the well-known HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment. Our model has economic and strategic advantages for healthcare organizations and healthcare workers. The medical staff can increase their knowledge and ability to analyze medical data more easily. Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time. Further, it can help customers prevent chronic diseases with the enhanced cognitive functions support. The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.