共查询到20条相似文献,搜索用时 140 毫秒
1.
李勇 《网络安全技术与应用》2005,(5):14-15
本文以实例,分析了电子政务的安全需求,基于信息安全和信息保障的思想,提出了可生存的电子政务安全策略模型。基于这一模型构建的电子政务系统,具有更好的安全性,健壮性和可生存性。 相似文献
2.
本文在研究当前电子政务模型的基础上,分析了电子政务的安全需求,基于信息安全和信息保障的思想,提出了可生存的电子政务安全策略模型。基于这一模型构建的电子政务系统,具有更好的安全性、健壮性和可生存性。 相似文献
3.
系统可生存性研究综述 总被引:2,自引:0,他引:2
系统可生存性是信息安全的新研究方向,是对传统安全观念的突破和创新。本文首先给出了开展系统可生存性研究的必要性以及系统可生存性若干定义;基于此,结合可生存性的评测和增强技术研究,从计算系统可生存性、网络可生存性、服务可生存性以及软件可生存性4个角度,综述了可生存性的研究现状,并进行了国内外对比分析;随后探讨了可生存系统的设计与实现问题,最后描述了系统可生存性的发展趋势。 相似文献
4.
针对Ad Hoc网络可生存性的威胁因素,采用基于本地群的安全复原策略,在邻节点管理机制和本地协同投票机制的基础上提出双层安全实施架构,建立群内移动节点之间安全基础上的群间的安全联动;并以Ad Hoc网络路由协议AODV的内部误用为例,说明安全策略的实施. 相似文献
5.
系统可生存性是信息安全的新研究方向,是对传统安全观念的突破和创新。针对电子政务网络特点与安全威胁,提出电子政务系统安全可生存性模型,并对模型进行分析,设计电子政务数据库系统内部容忍体系。 相似文献
6.
7.
8.
9.
随着计算机网络技术的发展,对网络核心设备的安全研究成为发展的热点。高速边缘路由器是骨干网和互联网/内部网之间的高速接入设备,在网络安全的研究中具有重要的意义。高速边缘路由器中的安全数据库管理包含了对安全策略的管理和对安全关联的管理,它的合理性和高效性是制约高速边缘路由器系统性能的重要因素。目前,安全数据库系统普遍采用集中式体系结构完成对安全策略和安全关联数据的管理,在系统的并行性、灵活性和访问效率方面都存在着较大的缺陷;分布式管理则由于各分布子系统间的一致性维护问题在高速边缘路由器中被充分放大而无法满足高速边缘路由器的设计要求。本文基于ForCES协议框架提出了一种高速边缘路由器的体系结构CeDita,并详细分析了基于该体系结构的安全数据库混合式管理模型SDM的特点。该模型综合了集中式管理的视图统一、操作简单等特点以及分布式管理的本地访问特点,具有较强的并行性、可扩展性和高效性,是一种适于路由器实现的高效的数据库管理模型。 相似文献
10.
为有效评估网络信息系统(NIS)的可生存性,将联合分析法和层次分析法有机结合,提出一种综合评价方法。借鉴网络安全等级的思想,对NIS不同方面重要性进行分级,获取用户期望产品和目标的价值和优先权,解决评估NIS的可生存性问题。通过在两个层次上对NIS进行测量:一是调查NIS关于组织策略目标的各方面的全局性能;二是专门调查NIS可生存性的性能,即在受到攻击时如何维持自身的性能。实验结果表明该方法有效,并易于推广应用。利用该方法调查与可生存性相关的性能,帮助NIS管理者在安全与耗费之间做出权衡,以保证NIS可生存性的最佳安全等级。 相似文献
11.
With the widespread use of cluster systems and ever increasing threat to computer security, it becomes more necessary to design and build secure cluster systems. Most cluster systems rely on security products like firewalls for their security, but they cannot guarantee security of intra-cluster communications, which can be a weak spot that hackers exploit for further security attacks. A recent study by Lee and Kim (2007) [22] proposed a security framework to protect intra-cluster communications by encrypting and authenticating all packets with fine-grained security where any two communicating processes dynamically generate and share a cryptographic key, called a session key. However, the fine-grained security scheme can incur serious performance degradation in large-scale cluster systems since it may take a long time to access session keys. To solve this problem, we propose to incorporate a session key cache inside a cluster interconnect card to speed up accesses to the session keys and build an analytical cluster traffic model to estimate the behavior of the cache in large-scale cluster systems. For further performance improvement, we propose a prefetching scheme speculating job scheduler’s decision without OS interventions. Simulation results indicate that the session key cache with the prefetching scheme decreases the network latency by 50% on average, compared to the configurations without the enhancements. 相似文献
12.
一种Web服务安全通信机制的研究与实现 总被引:7,自引:0,他引:7
随着Web服务技术与应用的发展,Web服务安全问题日益突出。Web服务安全通信要求保证应用层SOAP消息的安全传输,而现有的安全传输方案,如SSL,TLS等不适用于应用层的消息安全保护,无法满足上述要求。针对Web服务应用模式,提出了一种基于XML安全技术的Web服务安全通信机制,利用安全会话实现了较高的实体认证安全性和安全通信效率,并为此设计和实现了保证应用层SOAP消息安全传输的SOAPSec系统。该机制具有灵活性和可扩展性,可满足典型Web服务应用场景下的安全通信需求。 相似文献
13.
高海英 《计算机研究与发展》2012,49(8):1685-1689
提出了一种具有私钥产生中心(private key generator,PKG)前向安全性的基于身份的认证密钥协商协议,协议中给出了一种利用用户双方的长期私钥和临时私钥联合计算共享密钥的方法.在标准模型下证明了协议的安全性,并且分析得出,即使攻击者能够同时获得双方的临时私钥或同时获得双方的长期私钥,共享密钥仍然是安全的.性能分析表明,该协议较好地平衡了计算复杂度和安全性这两个协议评价指标. 相似文献
14.
三方口令认证密钥交换协议允许两个分别与服务器共享不同口令的用户在服务器的协助下建立共享的会话密钥,从而实现了用户间端到端的安全通信.现阶段,多数的三方口令认证密钥交换协议都是在随机预言模型下可证明安全的.但在实际应用中,利用哈希函数对随机预言函数进行实例化的时候会给随机预言模型下可证明安全的协议带来安全隐患,甚至将导致协议不安全.以基于ElGamal加密的平滑投射哈希函数为工具,在共同参考串模型下设计了一种高效的三方口令认证密钥交换协议,并且在标准模型下基于DDH假设证明了协议的安全性.与已有的同类协议相比,该协议在同等的安全假设下具有更高的计算效率和通信效率,因此更适用于大规模的端到端通信环境. 相似文献
15.
介绍了会话初始协议的一种扩展,实现了会话描述协议(SDP)和穿越NAT/防火墙的端到端网络安全机制。该解决方案基于安全多用途网际邮件扩充协议(S/MIME)和中间体通信(MIDCOM)协议实现。用户授权代理服务器代替自己加密会话描述信息,该代理选定接收方并为接收域中的SIP代理眼务器加密SDP。当每个终端用户能经由一条安全链接联系到它可信赖的SIP代理并授权该代理加密信号数据时,会话信息就得到了端到端的安全保护。 相似文献
16.
Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions. 相似文献
17.
To secure multimedia communications, existing encryption techniques usually encrypt the whole data stream using the same session key during a session. The use of the session key confronts with tradeoff problem between session key creation latency and security for the real-time multimedia stream. The main feature of our proposed scheme is to selectively encrypt RTP packets using different one-time packet keys in the same session for real-time multimedia applications. The packet key, which has already been used, will never be reused throughout the same session. The use of the one-time packet key enables to improve security strength of real-time multimedia. To solve the issue of the real-time packet key exchanges related to the timely use of the one-time packet keys, this paper suggests the one-time packet key exchange method that does not need to occur on a packet-by-packet basis. 相似文献
18.
Dheerendra Mishra 《Multimedia Tools and Applications》2016,75(23):16017-16038
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model. 相似文献
19.
在基于Web服务自动摘要系统的开发过程中,如何保障Web服务的安全是一个必须解决的难题。该文设计了一种利用SOAP消息头传递验证信息、基于会话的高效Web服务安全通信机制。实验证明,该安全通信方案满足了系统的安全需求。 相似文献