An XML Model for Use Across Heterogeneous Client–Server Applications

Applications that use directory services or relational databases operate in a client–server model, where a client requests information from a server, and the server returns a response to the client. These client–server applications typically have a specific message protocol that is unique to that application. Systems with multiple client–server applications require that there are separate client programs that individually communicate with their respective server programs. A need exists to access information from heterogeneous systems in a standard message request–response format. A generic eXtensible Markup Language (XML) model was developed to obtain data from diverse measurement systems. The objective of this paper is to describe the XML model that abstracts the differences in the underlying heterogeneous client–server message formats and provides a common XML message interface. The XML messages are parsed through a common XML gateway that decides to which application server to forward the messages. The generic XML messages are translated to the correct application server format before being sent to the application server.      

Web分布式虚拟实验室的研究与实现

本文提出了一种基于Web技术的分布式虚拟实验室的构建方法。这种基于Web的实验室可使得用户仅配置了标准的网络浏览器，就可通过网络实现对实验的访问以及操作。在本实验环境的建设中，采用的C／S结构来实现远程访问及控制。通过仿真类实验与远程操作类实验的结合，实现了综合性的实验环境。嵌入式技术作为一种经济且有效的方式，被用于本实验室的底层硬件结构建设中。本文同时还提出了用于确保实验室远程通讯安全进行的用户认证机制。     

Transparent Access to Heterogeneous IoT Based on Virtual Resources

The Internet of Things (IoT) inspires industries to deploy a massive number of connected devices to provide smart and ubiquitous services to influence our daily life. Edge computing leverages sufficient computation and storage at the edge of the network to enable deploying complex functions closer to the environment using Internet-connected devices. According to the purpose of the environment including privacy level, domain functionality, network scale and service quality, various environment-specific services can be provided through heterogeneous applications with sensors and actuators based on edge computing. However, for providing user-friendly service scenarios based on the transparent access to heterogeneous devices in edge computing, a consistent interface shall be provided to deliver services from edge computing to clients. In this paper, we propose transparent computing based on virtual resources to access heterogeneous IoT devices without considering the underlying network configuration at the edge of the networks. For supporting transparent access to different edge computing environments through a consistent interface, the virtual resource of edge gateway is proposed to bridge the Internet and devices which are deployed on the edge of the network. The proposed edge gateway exposes the services of the Internet of Things devices to the Internet using virtual resources that represent the resources of physical devices. The virtual resources provide a consistent interface to enable clients to access devices in edge computing without considering underlying protocols. The virtual resource is generated by the resource directory in the edge gateway through the registration of a device. Based on the device registration, the device information is stored in the gateway to link virtual resources and devices for translating messages according to the destination protocols and identifying physical devices that are represented by virtual resources. Moreover, through collaboration with the service provider, the function of device discovery and monitoring is provided to clients.     

Two Layer Symmetric Cryptography Algorithm for Protecting Data fromAttacks

Many organizations have insisted on protecting the cloud server from the outside, although the risks of attacking the cloud server are mostly from the inside. There are many algorithms designed to protect the cloud server from attacks that have been able to protect the cloud server attacks. Still, the attackers have designed even better mechanisms to break these security algorithms. Cloud cryptography is the best data protection algorithm that exchanges data between authentic users. In this article, one symmetric cryptography algorithm will be designed to secure cloud server data, used to send and receive cloud server data securely. A double encryption algorithm will be implemented to send data in a secure format. First, the XOR function will be applied to plain text, and then salt technique will be used. Finally, a reversing mechanism will be implemented on that data to provide more data security. To decrypt data, the cipher text will be reversed, salt will be removed, and XOR will be implemented. At the end of the paper, the proposed algorithm will be compared with other algorithms, and it will conclude how much better the existing algorithm is than other algorithms.     

An Efficient Three-Party Authenticated Key Exchange Procedure Using Chebyshev Chaotic Maps with Client Anonymity

Internet of Things (IoT) applications can be found in various industry areas, including critical infrastructure and healthcare, and IoT is one of several technological developments. As a result, tens of billions or possibly hundreds of billions of devices will be linked together. These smart devices will be able to gather data, process it, and even come to decisions on their own. Security is the most essential thing in these situations. In IoT infrastructure, authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit (e.g., via client identification and provision of secure communication). It is still challenging to create secure, authenticated key exchange techniques. The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing, hashing, or modular exponentiation processes. The focus of this paper is to propose an efficient three-party authenticated key exchange procedure (AKEP) using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above. The proposed three-party AKEP is protected from several attacks. The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications, according to statistical experiments and low processing costs. To protect client identification when transferring data over an insecure public network, our three-party AKEP may also offer client anonymity. Finally, the presented procedure offers better security features than the procedures currently available in the literature.     

Measuring system and software reliability using an automated data collection process

The factors which affect the behaviour of the customer's computing environment, which is undergoing a revolution away from a server or timeshare centric model to a client/server or distributed model, can no longer be identified solely through using traditional methods of data collection. Digital Equipment Corporation has developed an automated data collection process, collecting on-system data logging information from customer sites that has yielded consistent, quantitative, high integrity information. This information has been used to proactively focus on direct product and process improvements. This paper describes the on-system data logging process and analysis methodology used by Digital to measure system, product and operating system reliability with examples of the application of the techniques that provide insight into the causes of failures.     

IN/Internet互通下用户拨号接入系统的研究和设计

从技术实现的角度针对ITU－T智能网能力集3草案定义的智能网与因特网的互通模型的呼叫承载网关功能实体进行了研究，并对IUT－T的智能网与因特网的互通模型作出改进。在此基础上提出了基于现有ISP远程用户拨号接入系统实现支持智能网与因特网互通业务的用户拨号接入系统的设计方案。     

EAP-FAST在公共无线局域网安全接入控制中的研究及实现

Cisco公司于2004年提出基于隧道的灵活认证协议（EAP-FAST）以替代存在安全漏洞的LEAP认证协议，该协议具有安全性和易部署性的特点。文章论述了基于8021x协议的EAP-FAST认证协议及其实现技术，并在公共无线局域网(PWLAN)综合实验平台上实现了EAP-FAST认证的客户端、认证者、认证服务器端功能。     

A Key Recovery System Based on Password-Protected Secret Sharing in a Permissioned Blockchain

In today’s fourth industrial revolution, various blockchain technologies are being actively researched. A blockchain is a peer-to-peer data-sharing structure lacking central control. If a user wishes to access stored data, she/he must employ a private key to prove ownership of the data and create a transaction. If the private key is lost, blockchain data cannot be accessed. To solve such a problem, public blockchain users can recover the key using a wallet program. However, key recovery in a permissioned blockchain (PBC) has been but little studied. The PBC server is Honest-but-Curious (HBC), and should not be able to learn anything of the user; the server should simply recover and store the key. The server must also be resistant to malicious attacks. Therefore, key recovery in a PBC must satisfy various security requirements. Here, we present a password-protected secret sharing (PPSS) key recovery system, protected by a secure password from a malicious key storage server of a PBC. We describe existing key recovery schemes and our PPSS scheme.     

Multi-dimensional Security Range Query for Industrial IoT

The Internet of Things (IoT) has allowed for significant advancements in applications not only in the home, business, and environment, but also in factory automation. Industrial Internet of Things (IIoT) brings all of the benefits of the IoT to industrial contexts, allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy. The expansion of the IoT has been set by serious security threats and obstacles, and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control. A privacy-preserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection. The query matrix was then decomposed using auxiliary vectors, and the auxiliary vector was then processed using BGN homomorphic encryption to create a query trapdoor. Finally, the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal. With the application of particular auxiliary vectors, the spatial complexity might be efficiently decreased. The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user's inquiry mode. The results of the experiments reveal that the computing and communication expenses are modest.     

Securing ARP and DHCP for mitigating link layer attacks

Network security has become a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security for communications at the application, transport, or network layers, the data link layer security has not yet been adequately addressed. Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) are link layer protocols that are essential for network operation. They were designed without any security features. Therefore, they are vulnerable to a number of attacks such as the rogue DHCP server, DHCP starvation, host impersonation, man-in-the-middle, and denial of service attacks. Vulnerabilities in ARP and DHCP threaten the operation of any network. The existing solutions to secure ARP and DHCP could not mitigate DHCP starvation and host impersonation attacks. This work introduces a new solution to secure ARP and DHCP for preventing and mitigating these LAN attacks. The proposed solution provides integrity and authenticity for ARP and DHCP messages. Security properties and performance of the proposed schemes are investigated and compared to other related schemes.     

三维地形数字仿真系统的设计与实现

在VC^ 6.0下,通过ADO及DataGrid控件管理真实的地形数据,利用OpenGL实现三维地形仿真和交互式动画显示,采用G／S结构模型,封装三维图形为ActiveX控件。应用ASP及ADO技术操作服务端数据库,数据经网络传递给处于客户端的ActiveX控件,由客户端的ActiveX控件完成三维图形的交互显示。     

Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments for Blockchain

Nowadays, as lightweight mobile clients become more powerful and widely used, more and more information is stored on lightweight mobile clients, user sensitive data privacy protection has become an urgent concern and problem to be solved. There has been a corresponding rise of security solutions proposed by researchers, however, the current security mechanisms on lightweight mobile clients are proven to be fragile. Due to the fact that this research field is immature and still unexplored in-depth, with this paper, we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment (TEE) for lightweight mobile clients. This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection. In particular, the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments (LMCPTEE) is built using Intel software guard extensions (SGX) because SGX can guarantee the integrity, confidentiality, and authenticity of private data. By putting lightweight mobile client critical data on SGX, the security and privacy of client data can be greatly improved. We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients, thus build the distributed trusted system architecture. The experiment demonstrates that without relying on the performance of the blockchain, the LMCPTEE is practical, feasible, low-performance overhead. It can guarantee the privacy and security of lightweight mobile client private data.     

协同设计环境下的虚拟企业信息系统

分析了虚拟企业信息系统的需求,提出了基于B／W／D与Internet机制的VEIS体系结构,阐述了VEIS的设计与实现问题,这种构件化的信息系统可以使面向用户的各个应用系统通过纺一的软件总线协议访问业务处理服务器,通过应用数据导,工作统处理层以及规则和协议组成的知识库等三层结构,表达和管理VEIS中的信息。     

基于互联网WWW服务的气动仿真及选型系统

 为了能够方便快捷地进行气动系统的选型和设计，将气动技术和网络技术相结合，在互联网上实现了基于www 服务的气动系统单个元件选型和整个系统仿真的功能． 该系统由ASP和sQI 服务器构成，采用客户端和服务端共同仿真的方式实现．系统升级和更新只在服务器上进行，实现一元化管理．系统提供服务后可以使工作人员在任何地方只要连上互联网就能够对气动系统进行选型和仿真．     

Blockchain-Based SQKD and IDS in Edge Enabled Smart Grid Network

Smart Grid is a power grid that improves flexibility, reliability, and efficiency through smart meters. Due to extensive data exchange over the Internet, the smart grid faces many security challenges that have led to data loss, data compromise, and high power consumption. Moreover, the lack of hardware protection and physical attacks reduce the overall performance of the smart grid network. We proposed the BLIDSE model (Blockchain-based secure quantum key distribution and Intrusion Detection System in Edge Enables Smart Grid Network) to address these issues. The proposed model includes five phases: The first phase is blockchain-based secure user authentication, where all smart meters are first registered in the blockchain, and then the blockchain generates a secret key. The blockchain verifies the user ID and the secret key during authentication matches the one authorized to access the network. The secret key is shared during transmission through secure quantum key distribution (SQKD). The second phase is the lightweight data encryption, for which we use a lightweight symmetric encryption algorithm, named Camellia. The third phase is the multi-constraint-based edge selection; the data are transmitted to the control center through the edge server, which is also authenticated by blockchain to enhance the security during the data transmission. We proposed a perfect matching algorithm for selecting the optimal edge. The fourth phase is a dual intrusion detection system which acts as a firewall used to drop irrelevant packets, and data packets are classified into normal, physical errors and attacks, which is done by Double Deep Q Network (DDQN). The last phase is optimal user privacy management. In this phase, smart meter updates and revocations are done, for which we proposed Forensic based Investigation Optimization (FBI), which improves the security of the smart grid network. The simulation is performed using network simulator NS3.26, which evaluates the performance in terms of computational complexity, accuracy, false detection, and false alarm rate. The proposed BLIDSE model effectively mitigates cyber-attacks, thereby contributing to improved security in the network.     

Proxy handoff support for multi-ISP heterogeneous networks

Due to the reusable characteristic of cache, proxy servers are widespread to improve the quality of network services. As popularity and maturity of wireless access technologies continue to grow, 3G/3.5G, Wi-Fi, or WiMAX mobile nodes (MNs) may keep moving across heterogeneous networks. It is unreasonable to let MNs retrieve cached data from the same proxy server along their traveling routes. Hence, proxy handoff is meant to help MNs switch their proxies dynamically. Regarding the realistic network environment, most proxies are provided by Internet service providers (ISP). Once a MN moves across the domain of one ISP, it can not access the data cached in the proxy. This kind of proxy access limitation obstructs cache cooperation and forwarding among proxies. This article is motivated to utilize the Session Initiation Protocol and the mobile agent concept to propose a proxy handoff framework for multi-ISP heterogeneous networks. Different strategies are designed to overcome proxy access limitation. The simulation results compare and analyze the differentiation among three proxy handoff strategies.     

A Secure Rotation Invariant LBP Feature Computation in Cloud Environment

In the era of big data, outsourcing massive data to a remote cloud server is a promising approach. Outsourcing storage and computation services can reduce storage costs and computational burdens. However, public cloud storage brings about new privacy and security concerns since the cloud servers can be shared by multiple users. Privacy-preserving feature extraction techniques are an effective solution to this issue. Because the Rotation Invariant Local Binary Pattern (RILBP) has been widely used in various image processing fields, we propose a new privacy-preserving outsourcing computation of RILBP over encrypted images in this paper (called PPRILBP). To protect image content, original images are encrypted using block scrambling, pixel circular shift, and pixel diffusion when uploaded to the cloud server. It is proved that RILBP features remain unchanged before and after encryption. Moreover, the server can directly extract RILBP features from encrypted images. Analyses and experiments confirm that the proposed scheme is secure and effective, and outperforms previous secure LBP feature computing methods.     

Network Based Real Time Condition Monitoring of Rotating Machinery

1　ＩｎｔｒｏｄｕｃｔｉｏｎＴｈｅｄｅｖｅｌｏｐｍｅｎｔｏｆｎｅｔｗｏｒｋｔｅｃｈｎｏｌｏｇｙｈａｓｐｒｏｖｉｄｅｄｔｈｅｐｏｓｓｉｂｉｌｉｔｙｔｏｍｏｎｉｔｏｒａｌａｒｇｅｇｒｏｕｐｏｆｒｏｔａｔｉｎｇｍａｃｈｉｎｅｓａｎｄｄｉａｇｎｏｓｅｍａｌｆｕｎｃｔｉｏｎｓｉｎｔｈｅｍｉｎｄｉｓｔａｎｔａｎｄｄｉｆｆｅｒｅｎｔｌｏｃａｔｉｏｎｓ.Ｉｎｔｈｉｓｗａｙ ,ｉｎｖｅｓｔｍｅｎｔａｎｄｒｅｓｏｕｒｃｅｓｃａｎｂｅｓａｖｅｄａｎｄｔｈｅｅｆｆｉｃｉｅｎｃｙｏｆｍａｃｈｉｎｅｍａｎａｇｅｍｅｎｔｗｉｌｌ…     

电网调度系统中的客户／服务器通信程序设计

分析了电网调度系统中客户／服务器通信程序的特点,介绍了应用Delphi开发服务器程序和Visualc＋＋开发客户机程序的方法,并给出了具体的开发实例。