一种适合协同工作系统的安全认证方案

针对网络化协同工作系统的安全认证需求，综合应用Kerberos协议、X．509证书和口令认证技术，借鉴PKI的思想，设计了一种适合网络化协同工作系统的灵活而易于扩展的安全认证方案。这个方案能够保证证书的安全分发，满足网络化协同工作系统对分散、动态的用户安全身份认证的要求。     

Verifiable Distributed Oblivious Transfer and Mobile Agent Security

The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent’s privacy and the hosts’ privacy. In this paper, we introduce a new cryptographic primitive called Verifiable Distributed Oblivious Transfer (VDOT), which allows us to replace a single trusted party with a group of threshold trusted servers. The design of VDOT uses a novel technique called consistency verification of encrypted secret shares. VDOT protects the privacy of both the sender and the receiver against malicious attacks of the servers. We also show the design of a system to apply VDOT to protect the privacy of mobile agents. Our design partitions an agent into the general portion and the security-sensitive portion. We also implement the key components of our system. As far as we know, this is the first effort to implement a system that protects the privacy of mobile agents. Our preliminary evaluation shows that protecting mobile agents not only is possible, but also can be implemented efficiently. This work was supported in part by the DoD University Research Initiative (URI) program administered by the Office of Naval Research under grant N00014-01-1-0795. Sheng Zhong was supported by ONR grant N00014-01-1-0795 and NSF grants ANI-0207399 and CCR-TC-0208972. Yang Richard Yang was supported in part by NSF grant ANI-0207399. A preliminary version of this paper was presented at the DialM-POMC Joint Workshop on Foundations of Mobile Computing in 2003. Sheng Zhong received his Ph.D. in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory. Yang Richard Yang is an Assistant Professor of Computer Science at Yale University. His research interests include computer networks, mobile computing, wireless networking, sensor networks, and network security. He leads the LAboratory of Networked Systems (LANS) at Yale. His recent awards include a Schlumberger Fellowship and a CAREER Award from the National Science Foundation. He received his B.E. degree from Tsinghua University (1993), and his M.S. and Ph.D. degrees from the University of Texas at Austin (1998 and 2001).     

Ownership-attached unblinding of blind signatures for untraceable electronic cash

In an untraceable electronic cash protocol based on blind signatures, an identified customer can withdraw a blinded electronic cash from the bank and the unblinding operation is adopted by the customer to transform the blinded electronic cash into a valid one. Before performing the operation, the blinded electronic cash is protected well since attackers cannot convert it into a valid electronic cash without the blinding factor corresponding to the operation. However, after unblinding, the electronic cash will suffer from the theft attacks since it is not protected by any security mechanism. This paper introduces a new unblinding operation called ownership-attached unblinding which attaches the identities of a designated payee and a specified transaction to the blinded electronic cash and then produces an ownership-attached electronic cash other than a bare one such that the cash can withstand the theft attacks during the entire transaction because it is valid for the designated payee and the specified transaction only. Furthermore, the proposed scheme does not largely increase the computation cost required for each customer so that it also is a customer efficient protection solution for untraceable electronic cash and especially suitable for mobile clients and smart-card users.     

安全保障义务补充责任辨析——以第三人侵犯人身权为限

对经营者因违反安全保障义务所担当的补充责任这一制度的设定的合理性提出质疑，以公平性原则为切入点，对此问题提出了自己的一些看法。     

基于身份的一次性盲公钥方案

在现有方案的基础上,通过分析超椭圆曲线双线性对和基于身份的特点,给出了一个改进的基于身份的一次性盲公钥方案。该方案由用户和可信中心共同完成用户密钥的生成,克服了密钥托管问题,避免了由可信中心进行密钥管理所产生的安全隐患。新构造的方案能够抵抗伪造性攻击,具有不可欺骗性,又保证了一次性盲公钥的独立性,是安全可靠的。而且方案中用户在通讯时可以使用不同的公钥,解决了Internet通信中的匿名认证问题,实现了用户隐私的有效保护。     

计算机网络安全问题及防范对策

文章简单阐述了当前计算机网络所面临的主要安全威胁,并在此基础上提出了分层控制的方案,建立了不同层次间网络安全的防范措施,希望以此来提高网络安全性。     

数字化背景下的网络信息安全管理问题研究

随着网络技术的飞速发展和广泛应用,信息安全问题正日益突出显现出来,受到越来越多的关注。文章介绍了网络信息安全的现状,探讨了网络信息安全的内涵,分析了网络信息安全的主要威胁,最后给出了网络信息安全的实现技术和防范措施,以保障计算机网络的信息安全,从而充分发挥计算机网络的作用。     

服务器虚拟化带来的信息安全风险以及影响策略

服务器虚拟化大大提高了服务器的资源利用率,对客户来说是十分有利的。但是,也带来了一些诸如破坏正常的网络架构、可能致使系统服务器超载等信息安全风险,需要采取一定的影响策略予以解决。能采取的影响策略有:安装兼容性杀毒软件、不间断地进行服务器硬件的容量分析等。     

网络媒体发展中的信息安全问题探讨

现代信息化的技术的进步给我们的社会生活带来的很大帮助,而网络媒体就是信息化技术的一个产物,它能迅速成为市场的一大宠儿,不仅有着他自身独有的优势和特点,还有与之相适应的外部条件,传统媒体在某些方面已经不能适应现代产业的发展,人们正在寻求一种迅速、容量大的传播方式,于是网络媒体的出现众望所归。但是由于我国的网络媒体的出现时间尚短,难免有着这样那样的问题,随着网络媒体为越来越多的人所接受,其问题也更加严重,尤其是传播不良的信息荼毒青少年的思想健康,网络受到黑客、病毒的侵袭,网上传播虚假信息、盗窃数据库资料等等,信息安全问题突出,这些问题越来越受到全世界的关注,成为全球共同注意的事情。     

网络安全之解析与防范

在网络中,恶意程序、流氓软件、木马黑客等随处可见,搞得我们提心吊胆,生怕自己的爱机遭遇伤害或信息外露,或卡号被盗取等的灾难面临。因此,查、杀、防毒意识就被提升到了一个空前的高度。