Total quantum coherence and its applications

Quantum coherence is the most fundamental feature of quantum mechanics. The usual understanding of it depends on the choice of the basis, that is, the coherence of the same quantum state is different within different reference framework. To reveal all the potential coherence, we present the total quantum coherence measures in terms of two different methods. One is optimizing maximal basis-dependent coherence with all potential bases considered and the other is quantifying the distance between the state and the incoherent state set. Interestingly, the coherence measures based on relative entropy and \(l_2\) norm have the same form in the two different methods. In particular, we show that the measures based on the non-contractive \(l_2\) norm are also a good measure different from the basis-dependent coherence. In addition, we show that all the measures are analytically calculable and have all the good properties. The experimental schemes for the detection of these coherence measures are also proposed by multiple copies of quantum states instead of reconstructing the full density matrix. By studying one type of quantum probing schemes, we find that both the normalized trace in the scheme of deterministic quantum computation with one qubit and the overlap of two states in quantum overlap measurement schemes can be well described by the change of total coherence of the probing qubit. Hence the nontrivial probing always leads to the change of the total coherence.     

Smart card applications and security

This article gives brief introduction to the security mechanisms used in smart card technology. Firstly we introduce the properties of contact and contactless smart cards; then we give the anatomy of smart card hardware and the popular security features implemented. These security features are arranged in the attack and countermeasure pairs, so it is easier for the readers to understand the security issues in the smart card technology.     

A security framework for reflective Java applications

The advent of component‐based reflective applications raises the issue of protecting baselevel components from the actions performed by metalevel components. However, by their very nature, reflective applications are far more difficult to secure than non‐reflective applications, which certainly explains why the problem has received very little attention so far. In this paper we present a security framework for enforcing access control between metalevel components and the baselevel components they reflect on. Rather than designing a new security architecture from scratch, we extend the standard security architecture of Java to provide security for a fully‐functional proxy‐based MOP for Java. We implement a number of well‐known meta‐level behaviors and study their security requirements, the results of which support our design choices. Copyright © 2003 John Wiley & Sons, Ltd.     

Network security and custom Web applications

This article discusses the security issues of custom application development.     

A security and authentication layer for SCADA/DCS applications

Mid 2010, a sophisticated malicious computer worm called Stuxnet targeted major ICS systems around the world causing severe damages to Siemens automation products. Stuxnet proved its ability to infect air-gapped-segregated critical computers control system. After this attack, the whole ICS industry security was thrust into spotlight. Automation suppliers have already started to re-think their business approach to cyber security. The OPC foundation have made also significant changes and improvements on its new design OPC-UA to increase security of automation applications but, what is still missing and seems to be not resolved any time soon is having security in depth for industrial automation applications. In this paper, we propose a simple but strong security control solution to be implemented as a logic level security on SCADA and DCS systems. The method presented in this work enforces message integrity to build trusts between DCS system components, but it should not be viewed as the main nor the only protection layer implemented on an industrial automation system. The proposed solution can be viewed as a low-level security procedure to avoid malicious attacks such as Stuxnet.     

A security watermark scheme used for digital speech forensics

Based on digital watermark, a speech forensics scheme is proposed. The feature coefficients cross-correlation degree of speech signal is defined, and the property is discussed, which demonstrates that the feature is very robust. Then a new watermark embedding method based on the feature is explored, aiming to enlarge the embedding capacity and solve the security issue of watermark schemes based on public features. In this paper, for each fame of speech signal, it is cut into two parts, and each part is divided into some segments. Then frame number is mapped to a sequence of integers, which are embedded into the segments. The integers can be extracted used for forensics and tamper location after watermarked signal being attacked. Theoretical analysis and experimental results show that the scheme proposed is inaudible and robust against desynchronization attacks, enhances the security of watermark system and has a good ability for speech forensics.     

光学相干层析术在医学中的应用

光学相干层析术是从强散射介质中获取图像最有前途的一种新技术,介绍了其组成和工作原理以及在眼科、心血管系统、消化系统等医学领域的成功应用。     

Requirements for multimedia metadata schemes in surveillance applications for security

Surveillance for security requires communication between systems and humans, involves behavioural and multimedia research, and demands an objective benchmarking for the performance of system components. Metadata representation schemes are extremely important to facilitate (system) interoperability and to define ground truth annotations for surveillance research and benchmarks. Surveillance places specific requirements on these metadata representation schemes. This paper offers a clear and coherent terminology, and uses this to present these requirements and to evaluate them in three ways: their fitness in breadth for surveillance design patterns, their fitness in depth for a specific surveillance scenario, and their realism on the basis of existing schemes. It is also validated that no existing metadata representation scheme fulfils all requirements. Guidelines are offered to those who wish to select or create a metadata scheme for surveillance for security.     

Optical correlators for space applications: prospects and problems

Demanding ever-increasing throughput and processing power, space applications push the outer limits of conventional pattern-recognition technology. Optical correlators offer a siren's song of potential advantages over all-electronic devices. Realizing these advantages, however, will be difficult because of limitations on current spatial light modulators, key elements in an optical correlator. We propose a promising architecture that may overcome these limitations     

A hybrid biometric identification framework for high security applications

Research on biometrics for high security applications has not attracted as much attention as civilian or forensic applications. Limited research and deficient analysis so far has led to a lack of general solutions and leaves this as a challenging issue. This work provides a systematic analysis and identification of the problems to be solved in order to meet the performance requirements for high security applications, a double low problem. A hybrid ensemble framework is proposed to solve this problem. Setting an adequately high threshold for each matcher can guarantee a zero false acceptance rate (FAR) and then use the hybrid ensemble framework makes the false reject rate (FRR) as low as possible. Three experiments are performed to verify the effectiveness and generalization of the framework. First, two fingerprint verification algorithms are fused. In this test only 10.55% of fingerprints are falsely rejected with zero false acceptance rate, this is significantly lower than other state of the art methods. Second, in face verification, the framework also results in a large reduction in incorrect classification. Finally, assessing the performance of the framework on a combination of face and gait verification using a heterogeneous database show this framework can achieve both 0% false rejection and 0% false acceptance simultaneously.     

Adaptable,model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple “tenants” of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants—i.e. multi-tenancy—increases tenants’ concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants’ needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants’ security requirements. We use abstract models to capture service provider and multiple tenants’ security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.     

Optical measurement systems and technologies for scientific and industrial applications

The solution of actual problems of science and industry requires application of innovative optical measurement systems. This article presents the results of the Technological Design Institute of Scientific Instrument Engineering in the development of measurement systems for scientific research as well as for application to nuclear safety and to the railway, petroleum, and other industries.     

Stochastic game net and applications in security analysis for enterprise network

Stochastic game theoretic framework has been used in many fields of networks with interactive behaviors. However, further use of this framework is limited due to the following reasons. Firstly, it is difficult to build comprehensive and rigorous models for complex network structures by the state-based game model. Secondly, solving and extending the dynamic behaviors of participators of the network are nearly impossible, because of the complexity of state transitions. Last but not least, general game model is not able to describe and analyze specific events and behaviors in some kinds of networks, like enterprise networks. In this paper, we propose a new modeling paradigm (stochastic game net, or SGN) for stochastic games representation with Petri nets. Based on our graphical tool, stochastic game problems can be described clearly, and the model can be solved and extended easily. Moreover, this paper puts forth a series of methods for modeling and analyzing the competitive game by SGN, which is the main contribution of this work. Our achievements are applied to the security analysis for enterprise networks. The analysis results prove the powerful ability of our achievements in solving the complicated and dynamic game problems. Furthermore, our approaches can be used to calculate the existence and the value of an equilibrium point.     

计算机网络应用中的安全性评价及对策研究

在现代社会中,信息技术的发展给人们带来了以前所不可想象的方便与便捷.计算机网络技术作为信息技术的重要方面之一,也得到了前所未有的进步,从而使得信息资源得到充分的分享和高效的利用.然而,人们在享受计算机网络应用的便利的同时,在计算机网络应用过程中所出现的安全性问题也不可忽视.本文在介绍了部分计算机网络应用现状的基础上,分析了计算机网络应用中所出现的一些安全性问题,并在此基础之上探讨和研究了几点解决计算机网络应用安全问题的对策.     

一个安全协议度量方法及其应用

简要说明了对安全协议进行协议度量和冗余度量的一个基于模态逻辑方法,形式化地给出了协议对安全目标满足度的度量方法定义,并讨论了相应的协议冗余分析和化简方法。给出了对安全协议的内容进行逻辑比较的准则,结合实例分析了两个协议之间的逻辑包含关系。讨论结合逆向推理的两个应用：对基于模态逻辑的协议分析中隐含假设的分析方法,协议设计和生成方法。     

Session-based security enhancement of RFID systems for emerging open-loop applications

Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.