Sources and methods for cryptologic history: Research at the US National Archives–the “Big Two” Record Groups

Abstract

This is the second in a series of columns devoted to sources and methods for cryptologic history. The focus of the series is on primary sources and repositories. We begin with a look at the two major record groups pertaining to cryptology at the US National Archives – Record Group 457, the records of the National Security Agency, and Record Group 38, the records of the Chief of Naval Operations.     

Open for business-Securely!

Security is an issue that has become central to the future business strategies of all enterprises. With the introduction of the X/Open Baseline Security 96 product standard. The Open Group has taken a major step in defining standards to address security within open systems computing environments.Supported by vendors and end-users Baseline Security 96 resolves many of the problems brought about by the lack of standards among vendor products. As additional security products are introduced by The Open Group for distributed computing environments and the public network, organizations will be able to carry on truly global commerce more quickly, more easily and more cost-effectively.Building on its success in delivering collaboratively developed technology such as DCE and DCE Web to the marketplace, Thc Open Group continues to deliver real solutions that address current commercial requirements and environments.     

G&D to acquire secunet

German smart card manufacturer Giesecke & Devrient (G&D) has revealed its plans to purchase a majority stake in the publicly-owned IT security company secunet Security Networks. The move is designed to give G&D a better foothold in the promising market for network access control and other IT security areas.     

新的基于身份认证的群密钥协商协议

群密钥协商（GKA）协议在构建安全多播信道中扮演着主要角色。由于公钥管理的简洁性和高效性,基于身份的认证群密钥协商协议密码系统近年来成为热门研究方向。提出了一个基于Weil对和完全三叉树结构的群密钥协商协议,同时提出了成员加入和离开子协议。对新方案的安全性进行了分析,结果显示,新方案可以抵抗常见的攻击。在性能方面,新方案在参与者较多时有较明显的计算优势。     

Introduction

This issue of the Information Security Technical Report provides a Technical Cryptography Update, and covers current hot topics dealing with a technology that is having more and more impact in the world of information security. Chez Ciechanwicz, assisted by other members of Information Security Group at Rpyal Hollowayy (University of London), has provided a great deal of support in producing this issue.     

一个基于群签名的移动代理安全路由协议

移动代理系统安全一直是个备受关注的问题,尤其是对恶意主机对移动代理(以下简称MA)的攻击的研究目前还处于起步阶段.文献[1]所提出的一种MA安全路由协议的不足并对其改进,其中最重要的一项改进就是将群签名的概念首次引入到MA系统中.改进后的安全路由协议降低了恶意主机集群故意跳过某台应该访问的主机的可能性;免除对不在线或拒绝提供服务的主机的多次徒劳连接;减少每台主机所需持有的其它主机公钥数目和花费在验证MA合法性上的时间;提高MA所有者在追踪过程中查找DoS攻击者的效率.     

改进的基于口令的群密钥协商协议

群密钥协商协议是保证后续群组安全通信的重要手段之一。为此,研究Byun和Lee提出的基于口令的群密钥协商协议,指出该协议不能抵抗不可检测的在线字典攻击。基于这个发现,对该方案进行改进,提出一种新的群密钥协商协议。安全性分析表明,该协议可以抵抗基于口令的群密钥协商协议的常见攻击。     

使用本地组策略保护Windows XP系统的工作环境

通过修改WindowsXP操作系统中的本地组策略编辑器中的计算机设置和用户设置,可以方便地保护我们的电脑工作环境,与修改注册表相比方便了很多。本文举例说明WindowsXP本地组策略的强大功能。     

CyberCIEGE: gaming for information assurance

CyberCIEGE is a high-end, commercial-quality video game developed jointly by Rivermind and the Naval Postgraduate School's Center for Information Systems Security Studies and Research. This dynamic, extensible game adheres to information assurance principles to help teach key concepts and practices. CyberCIEGE is a resource management simulation in which the player assumes the role of a decision maker for an IT dependent organization. The objective is to keep the organization's virtual users happy and productive while providing the necessary security measures to protect valuable information assets.     

Toward a more secure Internet

Lack of widely available Internet security has discouraged some commercial users. The author describes efforts to make cryptographic security more widely available and looks at efforts to secure the Internet infrastructure. Security capabilities must continue to evolve to meet increasingly sophisticated threats. The Internet community is now more aware of the importance of security. This awareness, coupled with new technology, should produce a much more secure Internet that is appropriate for widespread commercial use     

Information systems security research agenda: Exploring the gap between research and practice

This paper undertakes a systematic review of the Information Systems Security literature. The literature review consists of three parts: First, we perform topic modeling of major Information Systems journals to understand the field's debates. Second, we conduct a Delphi Study composed of the Chief Information Security Officers of major corporations in the US to identify security issues that they view as important. Third, we compare Topic Modeling and the Delphi Study results and discuss key debates, gaps, and contradictions within the academic literature. Further, extant Information Systems Security literature is reviewed to discuss where the academic community has placed the research emphasis and what is now required in the discipline. Based on our analysis, we propose a future agenda for Information Systems security research.     

The Changing Face of International Cryptography Policy: Part 19 — Assured Products

I receive, as I suspect most other readers of this monthly news Bulletin do, a wide variety of commercial mailings concerning Infosec matters each week. Many of these are, of course, now distributed in electronic form. But, just a few are still actually delivered by the postman. In this house, we always look at the ones with a postage stamp first! They are increasingly rare nowadays but tend to be the most interesting. Most of the others, such as Computer Fraud & Security, come in hermetically sealed plastic bags and they are, sadly, usually the last to be opened! However, among the few remaining organizations that still use paper envelopes to distribute marketing material is CESG — the UK Government's Communications-Electronics Security Group, based here in Cheltenham.     

Silver Bullet Talks with Gunnar Peterson

Gary McGraw interviews Gunnar Peterson, a software security expert and a managing principal at Arctec Group, a Minneapolis-based consulting firm. His work centers around service-oriented architecture (SOA), Web 2.0, and other distributed systems. Peterson's blog, http://1raindrop.typepad.com, is devoted to topics in software security. He also edits IEEE Security & Privacy magazine's Building Security In column with John Stevens from Cigital and Deborah Frincke..     

基于PXI总线的导弹通用计量检定平台设计

为了克服我军现役导弹计量设备体积过大、通用性差、测试资源浪费严重、机动性不强等缺点,在对某型导弹计量设备及测试参数研究的基础上,采用了PXI总线系统和新一代自动测试系统的模块化设计的要求,设计了导弹通用计量检定系统;实现了导弹计量检定设备的通用性和低成本,使导弹计量设备的便携性成为可能;大量工程实践证明,此系统解决了传统计量设备所不能解决的诸多问题,并大大提高了系统的计量效率和精度,因此具有很强的实用性。     

数据库安全研究的现状与问题

虽然经过了多年的努力，但数据库安全的理论研究和具有安全特性的数据库产品仍有令人满意。文中道德介绍了数据库安全与操作系统安全，网络安全的不同点，然后了当前数据库安全研究的几个领域，即安全数据库的语义，推理通道控制和安全的数据模型，最后提出了数据库安全研究发解决的几个问题。     

基于XML的组安全策略描述

1 引言基于多播的安全组通信技术是当今Internet上大规模信息传播应用的基础。安全多播应用情形很多,最典型的分类为单源多播(如付费点播)和多源多播(如多方视频会议),安全需求各不相同,不可能有一个统一的解决方案。 SIMM是为多播应用构造的安全基础设施,应用通过定义策略来配置安全服务,策略是连接动态的用户需求和静态的系统实现之间的桥梁。策略的定义、表示、翻译及实现等是SIMM策略框架的基本内容。     

ISO/IEC standardization of identity management and privacy technologies

To cover projects in the area of identity management, privacy, and biometrics ISO/IEC JTC 1/ SC 27 “IT Security techniques” in 2006 established Working Group 5 “Identity Management and Privacy Technologies”. This text describes the reasoning to have this Working Group within SC 27 and introduces WG 5 and its projects.     

关于移动电子商务安全的研究

移动电子商务是当今电子商务领域最新的发展方向.移动电子商务安全是移动电子商务发展的瓶颈.本文主要对移动商务安全现有解决方案提出探讨.     

信息安全风险管理在报业集团管理中的应用

该文概述了信息安全风险管理的内容和步骤,结合报业集团管理的一些实际情况,论述了信息安全管理在报业集团管理中的应用。     

Roles in information security – A survey and classification of the research area

The concept of roles has been prevalent in the area of Information Security for more than 15 years already. It promises simplified and flexible user management, reduced administrative costs, improved security, as well as the integration of employees’ business functions into the IT administration. A comprehensive scientific literature collection revealed more than 1300 publications dealing with the application of sociological role theory in the context of Information Security up to now. Although there is an ANSI/NIST standard and an ISO standard proposal, a variety of competing models and interpretations of the role concept have developed. The major contribution of this survey is a categorization of the complete underlying set of publications into different classes. The main part of the work is investigating 32 identified research directions, evaluating their importance and analyzing research tendencies. An electronic bibliography including all surveyed publications together with the classification information is provided additionally. As a final contribution potential future developments in the area of role-research are considered.