结合时间戳的指纹密钥数据加解密传输方案

目的 对于生物密钥而言，生物特征数据的安全与生物密钥的管理存储都很关键。为了构造能够应用在通信数据传输场景的生物密钥，同时保证生物特征本身的模糊性与密码学的精确性处于一种相对平衡状态，提出一种基于时间戳与指纹密钥的数据加解密传输方案。方法 利用发送方指纹特征点之间的相对信息，与保密随机矩阵生成发送方指纹密钥；借助通信双方的预先设定数与时间戳，生成接收方恢复指纹密钥时所需的辅助信息；利用发送方指纹密钥加密数据，实现密文数据的传输。结果 本文方法在仿真通信双方数据加解密的实现中，测试再生指纹密钥的识别率（GAR）与误识率（FAR）。通过实验数据分析，表明了本文提出的指纹密钥生成方法的可用性，以及指纹密钥作为数字身份所具备的可认证性，其中真实发送方的再生指纹密钥识别率可高达99.8%，并且本方案还可用于即时通信、对称加密等多种场景当中。结论 本文方法利用时间戳确定了通信事件的唯一性与不可否认性，同时实现了指纹密钥恢复时的"一次一密"。此外，方案通过保密随机矩阵实现了发送方指纹密钥的可撤销，极大程度保障了指纹数据的安全性。     

S M3杂凑算法的流水线结构硬件实现

提出一种流水线结构的硬件实现策略,同时采用CSA加法器进行关键路径压缩,极大地提高了工作频率和算法的计算速率．在191 M Hz时钟频率下,实现了73．54 Gb／s的高吞吐率．     

Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.     

Sketch-based data plane hardware model for software-defined measurement

A sketch-based data plane hardware model for software-defined measurement was introduced,and it was implemented in the programmable network device NetMagic.A generic sketch model for collecting flow-level data using high-speed memories on the FPGA was proposed,the control plane collected and cached the data for further process.Count-min sketch and 2-universal hash functions in the SRAM of FPGA for real-time traffic counting of high-speed traffic were implemented; Bloom filter was used to rebuild the original 5-tuple data which solved the irreversibility of sketch.The CERNET backbone trace to evaluate the prototype system was used,the result shows that it has the ability to use the limited hardware resource to measure a large amount of network traffic data with a proper measurement accuracy at the same time.     

对完整轮数ARIRANG加密模式的相关密钥矩形攻击

对SHA-3计划候选算法ARIRANG采用的分组密码组件进行了安全性分析,利用初始密钥的一个线性变换和轮函数的全1差分特征,给出了一个完整40轮ARIRANG加密模式的相关密钥矩形攻击,该攻击是第一个对ARIRANG加密模式的密码分析结果。攻击结果表明:ARIRANG加密模式作为分组密码是不抵抗相关密钥矩形攻击的。     

基于HASH表的多谓词约束下频繁项集挖掘

针对在交易数据库中挖掘出指定顾客相关属性的频繁项集这一问题,提出了基于维约束进行求解的构想.采用模式增长的挖掘方法,但与传统的模式树不同的是将原先每一节点频繁计数值设为在所有可能的谓词约束下该项的计数形成的向量,并利用HASH表进行向量值及项所在层的位置映射,因此,在不同的约束组合下的频繁项集挖掘将不再需要扫描数据库.仿真实验表明该挖掘算法的完备性,通过与先筛选再挖掘的算法进行比较,证明该挖掘算法具有更高的效率.     

An effective single‐hop distributed hash table with high lookup performance and low traffic overhead

Distributed hash tables (DHTs) have been used in several applications, but most DHTs have opted to solve lookups with multiple hops, to minimize bandwidth costs while sacrificing lookup latency. This paper presents D1HT, an original DHT that has a peer‐to‐peer and self‐organizing architecture and maximizes lookup performance with reasonable maintenance traffic, and a Quarantine mechanism to reduce overheads caused by volatile peers. We implemented both D1HT and a prominent single‐hop DHT, and we performed an extensive and highly representative DHT experimental comparison, followed by complementary analytical studies. In comparison with current single‐hop DHTs, our results showed that D1HT consistently had the lowest bandwidth requirements, with typical reductions of up to one order of magnitude, and that D1HT could be used even in popular Internet applications with millions of users. In addition, we ran the first latency experiments comparing DHTs to directory servers, which revealed that D1HT can achieve latencies equivalent to or better than a directory server, and confirmed its greater scalability properties. Overall, our extensive set of results allowed us to conclude that D1HT can provide a very effective solution for a broad range of environments, from large‐scale corporate data centers to widely deployed Internet applications. Copyright © 2014 John Wiley & Sons, Ltd.     

一种信息传输管理平台的实时性保障方法

信息传输管理平台是虚拟试验系统中的信息交互中枢,它的实时性能影响整个虚拟试验的运行.为了提高信息传输管理平台的实时性,分析了网络通信和本地数据特点,在VxWorks操作系统下采用任务划分和优先级设置、缓冲队列通信模式、信号量与中断服务程序优化等关键技术,在数据处理中应用哈希查找算法等2方面保障实时性.在虚拟试验中的性能...     

Performance of the most common non‐cryptographic hash functions

Non‐cryptographic hash functions (NCHFs) have an immense number of applications, ranging from compilers and databases to videogames and computer networks. Some of the most important NCHF have been used by major corporations in commercial products. This practical success demonstrates the ability of hashing systems to provide extremely efficient searches over unsorted sets. However, very little research has been devoted to the experimental evaluation of these functions. Therefore, we evaluated the most widely used NCHF using four criteria as follows: collision resistance, distribution of outputs, avalanche effect, and speed. We identified their strengths and weaknesses and found significant flaws in some cases. We also discuss our conclusions regarding general hashing considerations such as selection of the compression map. Our results should assist practitioners and engineers in making more informed choices regarding which function to use for a particular problem. Copyright © 2013 John Wiley & Sons, Ltd.