基于文件过滤的移动存储设备实时监控系统设计与实现

针对Windows NT／2000／2003／XP系列操作系统,设计和实现了一种基于文件过滤驱动的移动存储设备实时监控系统。该系统能够实时捕获移动存储设备的安装,控制并记录移动存储设备的数据读、写操作,可实现对关键文件的授权访问,能阻止从移动存储设备启动可执行程序,从而有效阻断轮渡类木马程序的自动运行,从而保护内部网络安全。     

新品年终大爆发

虽然寒意渐浓，但Windows Mobile设备在这个季节里却异常火爆，经过了近半年的蛰伏，年底终于爆发。横屏显示，640×480像素高分辨率．最高主频达624MHz的全新处理器．Windows Media Player 10．改良后的IE浏览器……这些就是全新的Windows Mobile 2003第二版移动系统给我们带来的变化。希望看多一点．看宽一点．看清楚一点的Follow Me!2004年岁末．搭载了Windows Mobile 2003SE的PDA．手机全线登场。     

无线网络面临的安全威胁及对策分析

随着计算机信息技术和网络技术的发展,无线网络传递由于其独特的特点成为了人们数据和信息传递与交互最为青睐的方式之一,只要无线网络覆盖的区域,人们就可以通过固定设备和移动设备进行数据传递和接收,给人们带来极大的方便,但是无线网络的出现也带来了一定的安全问题,如保密性问题、控制访问问题等,文中主要分析了几种主要的无线网络面临的安全威胁,并提出几点对策。     

基于无线网络的移动智能终端安全认证平台的研究

生产经营中存在的问题就是电网的安全性与移动信息化之间的矛盾,一方面要保障电网的安全运营,另一方面要提高工作效率。本研究就是要开发高效、便捷、安全的基于无线网络的移动智能终端安全认证平台,采用SD智能存储卡作为硬件安全设备,通过运营商3G无线网络建立端到端安全的APN通道,结合目前我局实施的的PKI/CA系统,实现对远程应用系统的安全访问。     

一个用于VPN安全机制的移动代理系统

在虚拟专用网中，提出了一个基于移动代理技术的VPNAgent系统，分析了其体系结构并讨论了实现方法。该系统中的移动代理负责到客户端检测数据，为合法的数据加密和签名。然后护送数据包返回．向工作在防火墙处的静态代理出示签名。静态代理检测该签名，将通过检测的数据包除去签名部分．交与目的主机。实现了虚拟专用网中的合法数据包不必解密即可通过防火墙。     

微软再推新版手机操作系统未来3年是发展关键

微软移动与嵌入式开发大会6月23日在北京举行。本次大会上，微软演示了各种基于Windows Mob11e与Windows Embedded的智能终端产品和各类应用软件，为与会描绘了一个微软移动技术带来的“移动新世界”。微软全球副总裁，负责移动通信及嵌入式系统设备部门产品研发的张亚勤博士在大会上介绍了微软在Windows Moblie与Wmdows Embedded方面的最新技术与长期发展策略，以及微软最新的移动开发平台Windows Moblle 5．0和基于Winldows Moblle 50的信息与安全服务套件。     

基于相互认证的移动RFID安全协议

移动RFID系统是指利用植入RFID读写芯片的智能移动终端,获取标签中的信息,并通过移动网络,访问后台数据库,获取相关信息。然而,由于移动RFID系统的无线通信环境和无可视性读写,带来了很多安全隐患,已经成为制约移动RFID发展的重要因素,针对此问题,在分析了移动RFID网络构成及其安全隐患后,提出了一种基于相互认证的安全协议,该协议引入了一个第3方服务器来为移动读写器和后台数据库提供签名密钥,并且利用椭圆曲线加密体制(ECC)对信息进行签名验证,最后分析表明该协议可以为移动读写器与后台数据库提供安全的通信环境,以应对各种攻击。     

基于非完备大数据的业务预测

高效、精准预测无线网络业务数据,例如业务的到达率、用户数以及吞吐量等,将为网络提供用户的实时需求,是实现无线网络智能化的关键。然而,由于无线网络传输的不可靠性、采集设备故障、采样率低等原因,使得无线大数据具有不可避免的非完备性。将使系统丢失大量有用信息,从而给无线网络业务预测带来巨大挑战。为了应对该挑战,提出了基于非完备数据集的业务预测架构,从缺失值补充以及空时信息挖掘2个维度高效利用非完备数据集,提升预测精度,助力无线网络的智能化。     

一种高效的具有用户匿名性的无线认证协议

提出了一种高效的具有用户匿名性的无线认证协议。利用Hash函数和Smart卡实现了协议的用户匿名性。协议充分考虑了无线网络自身的限制和移动设备存储资源及计算资源的局限性，在认证过程中移动用户只需要进行一次对称加密和解密运算，用户与访问网络、本地网络与访问网络都只进行一次信息交换，而且所有对称加密都使用一次性密钥。本协议具有实用、安全、高效的特点。     

基于Windows API文件存储监控技术

针对Windows操作系统中数据文件访问的安全问题,设计并实现了一种基于Windows API存储监控系统。首先在保证文件信息不被破坏的前提下,引入各种加密方法,对信息进行保护;然后通过用户权限设定、U盘认证、端口控制等途径,在操作系统的应用层实现用户对创建、删除、拷贝、重命名等文件操作的监控和处理,有效防止了涉密文件数据被非法访问。     

A secure mobile healthcare system using trust-based multicast scheme

Due to the introduction of telecommunication technologies in telemedicine services, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. For this reason, this study discusses the characteristics and security issues with wireless and pervasive data communications for a ubiquitous and mobile healthcare system which consists of a number of mobile devices and sensors attached to a patient. These devices form a mobile ad hoc sensor network and collect data that are sent to a hospital or healthcare center for monitoring. Subsequently, this paper discusses the innovation and design of a novel trust evaluation model. We then propose a secure multicast strategy that employs trust in order to evaluate the behavior of each node, so that only trustworthy nodes are allowed to participate in communications, while the misbehavior of malicious nodes is effectively prevented. We analyze the security properties of our multicast scheme and evaluate its performance based on simulation experiments. Our experimental results demonstrate that our scheme not only achieves the necessary data transmission in mobile environments, but also provides more security with reasonably little additional overhead.     

Securing resource-constrained wireless ad hoc networks [accepted from open call]

Huge interest in and demand for services over the information superhighway have pressed various telecommunications research fronts and led to a new form of future Internet consisting of wired and wireless segments where resourceconstrained devices such as mobile devices, smart phones, palm pilots, and wireless sensors may become integral parts of the Internet rather than access-only platforms. One of the key design problems is the security in such heterogeneous networks, particularly over wireless networks with resource constraints. In this tutorial article we discuss a novel approach to addressing security issues, and articulate why and how IDbased cryptography can be effectively applied to address various security problems in resourceconstrained wireless networks.     

A lightweight reconfigurable security mechanism for 3G/4G mobile devices

Wireless communications are advancing rapidly. We are currently on the verge of a new revolutionary advancement in wireless data communications: the third generation of mobile telecommunications. 3G promises to converge mobile technology with Internet connectivity. Wireless data, multimedia applications, and integrated services will be among the major driving forces behind 3G. While wireless communications provide great flexibility and mobility, they often come at the expense of security. This is because wireless communications rely on open and public transmission media that raise further security vulnerabilities in addition to the security threats found in regular wired networks. Existing security schemes in 2G and 3G systems are inadequate, since there is a greater demand to provide a more flexible, reconfigurable, and scalable security mechanism that can evolve as fast as mobile hosts are evolving into full-fledged IP-enabled devices. We propose a lightweight, component-based, reconfigurable security mechanism to enhance the security abilities of mobile devices.     

Constructing secure group communication over wireless ad hoc networks based on a virtual subnet model

Recently, more and more people have begun using mobile devices such as PDAs and notebooks. Our lives have been profoundly affected by such devices. A MANET, a mobile ad hoc network, is an effective networking system facilitating an exchange data between mobile devices, without the support of wireless access points and base stations. A MANET is not restricted to unicast or multicast communication, but can also provide "many-to-many" transmission, which can be treated as a group communication. Until recently, however, the way in which such groups are formed had not drawn much attention. Because communication in wireless networks is broadcast and a certain amount of devices can receive transmitted messages, the risk of unsecured sensitive information being intercepted by unintended recipients is a real concern. Consequently, efforts to ensure the security of group communications in MANETs are essential. This article proposes a virtual subnet model to construct secure group communication over a MANET. With the model, the composition of groups is established as the forming of group keys. Our results show that this approach can completely satisfy the needs for both security and efficiency.     

移动视频监控系统中的关键技术研究

针对移动设备有限的运算存储能力以及目前无线信道窄带高误码等问题,设计并实现了在移动环境下的实时视频监控系统。该系统融合了改进的高级Foveation滤波技术、自适应帧率调节、鲁棒的视频编码等技术。通过采用这些技术,以使有限的编码比特流合理分配,从而极大地提高监控系统的图像质量。同时,为了防止视频监控数据遭到恶意的攻击和篡改,系统集成了水印安全认证模块,保证了监控系统的安全性。     

无线通信中物理层安全问题及其解决方案(英文)

The properties of broadcast nature, high densities of deployment and severe resource limitations of sensor and mobile networks make wireless networks more vulnerable to various attacks, including modification of messages, eavesdropping, network intrusion and malicious forwarding. Conventional cryptography-based security may consume significant overhead because of low-power devices, so current research shifts to the wireless physical layer for security enhancement. This paper is mainly focused on security is...     

Efficient dynamic authentication for mobile satellite communication systems without verification table

The mobile satellite system is an important wireless communication system widely used nowadays. The issue of protecting the transmission security in low‐earth‐orbit satellite networks thus becomes more and more critical. It is known that several authentication schemes for satellite communication systems have been proposed to deal with the issue. However, previous protocols either employ complicated public key computation or have to maintain a verification table. In this paper, the author will introduce a new dynamic authentication protocol for mobile satellite communication systems without using a verification table. The comparison results will also show that the proposed scheme has lower computational costs. Copyright © 2014 John Wiley & Sons, Ltd.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

移动接入解决方案持续监测机制研究

针对处理机密信息的终端用户设备通过移动通信网安全接入相同保密等级的政府机构内部网络或政府合作企业内部网络的问题,美国国家安全局基于商用密码产品和安全产品给出了双层加密和持续监测的移动接入整体解决方案。解决方案提出了持续监测框架、监测点位置、监测数据收集方法,以及监测点选择、告警触发条件等实施要求。对各监测点网络流量特征、安全事件数据汇集手段、系统动态安全模型的分析,可为基于移动通信网等开放网络的虚拟私有专网整体监测方案设计提供参考。