DNS隐私问题现状的研究

域名系统（DNS）作为互联网运行必不可少的基础设施,它能将易记的域名转换成互联网资源的IP地址。DNS由于天然的开放性,导致其备受安全问题困扰。而隐私问题则是近些年DNS安全上的热点问题。通过回顾DNS的查询操作,分析了DNS查询每个环节可能存在的隐私隐患,发现DNS受到的隐私攻击主要有链路上窃听和服务器上的隐私收集。结合近些年DNS隐私的相关的研究,分析了DNS上可能泄漏的隐私数据、影响范围以及可能带来的危害。整理了目前已知的解决方案,分析对比了各种方案在可靠性、匿名化程度、可部署性上的表现。最后从技术、部署难度和法律层面为后续研究提供了一些建议。     

TLS1.3后量子安全迁移方案、实现和性能评测

本文分析了NIST量子安全标准化进程第二轮和中国密码算法设计竞赛获奖的格基后量子密码算法,并从性能、安全级别和消息长度等方面对它们进行了比较;探讨了将这些算法集成到TLS 1.3的可行性和途径,通过将后量子密钥封装算法和签名算法及其混合模式集成到标准TLS 1.3,我们实现了一个后量子安全TLS 1.3软件库,可以进行后量子安全握手以对抗量子对手.此外,我们构建了一个测试TLS 1.3协议在各种网络条件下性能的实验框架,允许我们独立控制链路延迟和丢包率等变量,隔离出单独的网络特性,从而在一台电脑上模拟客户机-服务器网络实验,检查各种后量子算法对建立TLS 1.3连接产生的影响.实验结果表明,TCP的分段机制可以保证具有超长公钥/密文/签名的后量子格基密码算法在TLS 1.3协议正常运行;尽管网络延迟会隐藏大部分后量子算法的性能差异,但是在高质量的链路上,计算速度是决定因素;当网络丢包率较大时,具有较短传输数据的后量子算法将展现出带宽优势.我们的实验结果也为在不同网络条件下如何选择后量子算法提供指导,有助于将后量子算法进一步标准化和将TLS 1.3向后量子安全发展和迁移.     

TLS1.3后量子安全迁移方案、实现和性能评测

本文分析了NIST量子安全标准化进程第二轮和中国密码算法设计竞赛获奖的格基后量子密码算法,并从性能、安全级别和消息长度等方面对它们进行了比较;探讨了将这些算法集成到TLS 1.3的可行性和途径,通过将后量子密钥封装算法和签名算法及其混合模式集成到标准TLS 1.3,我们实现了一个后量子安全TLS 1.3软件库,可以进行后量子安全握手以对抗量子对手.此外,我们构建了一个测试TLS 1.3协议在各种网络条件下性能的实验框架,允许我们独立控制链路延迟和丢包率等变量,隔离出单独的网络特性,从而在一台电脑上模拟客户机-服务器网络实验,检查各种后量子算法对建立TLS 1.3连接产生的影响.实验结果表明,TCP的分段机制可以保证具有超长公钥/密文/签名的后量子格基密码算法在TLS 1.3协议正常运行;尽管网络延迟会隐藏大部分后量子算法的性能差异,但是在高质量的链路上,计算速度是决定因素;当网络丢包率较大时,具有较短传输数据的后量子算法将展现出带宽优势.我们的实验结果也为在不同网络条件下如何选择后量子算法提供指导,有助于将后量子算法进一步标准化和将TLS 1.3向后量子安全发展和迁移.     

隐私数据库——概念、发展和挑战

作为隐私数据的存储和管理者,隐私数据库正受到越来越多的关注.在综合国内外研究成果的基础上,对隐私数据库的概念和特性进行了阐述,并详细介绍了当前主流的隐私数据模型.对目前隐私数据库访问控制机制和释放控制机制的研究现状和研究成果进行了总结,并分析了现有研究成果中存在的一些问题.最后,本文讨论和分析了目前隐私数据库研究中的热点和难点问题.     

边缘智能融合区块链：研究现状、应用及挑战

边缘智能集网络、计算、存储和智能于一体,将智能推向网络边缘,为互联时代的低延迟关键计算开辟了道路。为进一步满足万物互联下的敏捷连接、数据优化、实时边缘业务处理、安全和隐私保护等关键需求,区块链存在着加速边缘智能的巨大潜力。边缘智能和区块链两种技术相互融合,优势互补。在此背景下,本文旨在探讨边缘智能与区块链的关系,从区块链驱动的边缘智能和边缘智能驱动的区块链两个方面介绍边缘智能融合区块链的最新研究现状,应用与挑战,进而为泛在智能服务开辟新的视野。     

油气行业:趋势、挑战和和机遇

全球经济都需要仰仗石油,这种碳基能源是全世界交通,运输和发电行业的基础。从2006年到2030年,预计全球每年能源的平均增长率将达到1.3%,而碳氢化合物能源仍然还要占到2030年总体能源需求的80%,其中石油和天然气就将占有60%的份额。过去几     

大语言模型安全现状与挑战

大语言模型因其出色的文本理解和生成能力，被广泛应用于自然语言处理领域并取得了显著成果，为社会各界带来了巨大的便利。然而，大语言模型自身仍存在明显的安全问题，严重影响其应用的可信性与可靠性，是安全学者需广泛关注的问题。文中针对大语言模型自身的安全问题，首先从基于大语言模型的恶意应用问题切入，阐述提示注入攻击及其相应的防御方法；其次，介绍大语言模型幻觉带来的可信问题，对幻觉问题的量化评估、幻觉来源和缓解技术是当前研究的重点；然后，大语言模型隐私安全问题强调了个人及企业数据的保护问题，一旦在进行人机交互时泄露商业秘密和个人敏感信息，将可能引发严重的安全风险，当前研究主要通过可信执行环境和隐私计算技术来进行风险规避；最后，提示泄露问题关注攻击者如何窃取有价值的提示词进行获利或通过个性化提示词泄露个人隐私。提升大语言模型的安全性需要综合考虑模型隐私保护、可解释性研究以及模型分布的稳定性与鲁棒性等问题。     

同态加密技术及其在云计算隐私保护中的应用

云计算技术的快速发展使得云服务模式具备了广阔的应用空间,这种模式使用户具备了过往无法比拟的计算能力和存储空间等优势。在云服务模式下用户的隐私安全问题是其推广和应用中面临的首要问题,如何在计算数据的过程中既保证数据的隐私性,又保证其可用性是面临的一大难题,同态加密技术作为解决这一问题的关键手段,是近年来国际国内学界的热点问题。本文介绍了云计算隐私安全和同态加密研究进展、同态加密算法的分类、安全理论基础、全同态加密方案的实现技术以及同态加密技术在云计算隐私保护的应用,重点对各类同态加密方案的优缺点进行了介绍和分析,提出了未来的研究方向。     

机器学习中差分隐私的数据共享及发布：技术、应用和挑战

近年来,基于机器学习的数据分析和数据发布技术成为热点研究方向。与传统数据分析技术相比,机器学习的优点是能够精准分析大数据的结构与模式。但是,基于机器学习的数据分析技术的隐私安全问题日益突出,机器学习模型泄漏用户训练集中的隐私信息的事件频频发生,比如成员推断攻击泄漏机器学习中训练的存在与否,成员属性攻击泄漏机器学习模型训练集的隐私属性信息。差分隐私作为传统数据隐私保护的常用技术,正在试图融入机器学习以保护用户隐私安全。然而,对隐私安全、机器学习以及机器学习攻击三种技术的交叉研究较为少见。本文做了以下几个方面的研究:第一,调研分析差分隐私技术的发展历程,包括常见类型的定义、性质以及实现机制等,并举例说明差分隐私的多个实现机制的应用场景。初次之外,还详细讨论了最新的Rényi差分隐私定义和Moment Accountant差分隐私的累加技术。其二,本文详细总结了机器学习领域常见隐私威胁模型定义、隐私安全攻击实例方式以及差分隐私技术对各种隐私安全攻击的抵抗效果。其三,以机器学习较为常见的鉴别模型和生成模型为例,阐述了差分隐私技术如何应用于保护机器学习模型的技术,包括差分隐私的随机梯度扰动(DP-SGD)技术和差分隐私的知识转移(PATE)技术。最后,本文讨论了面向机器学习的差分隐私机制的若干研究方向及问题。     

可信数据库—概念、发展和挑战

数据库的可信性正受到越来越多的关注。综述了国内外研究成果,提出了可信数据库的基本概念。对保证数据库可信性的访问控制、密文查询、隐私保护机制的研究现状和研究成果进行了总结,分析了现有研究成果中存在的一些问题,提出了可信数据库研究中存在的一些难点问题。     

DNS的RPZ安全防护系统的构建、配置与验证

DNS(domain name system)作为网络的重要基础服务设施, 是终端访问互联网必要的一环. 近年来, 越来越多尝试将用户通过DNS系统引入恶意服务器的攻击, 对互联网安全产生重要威胁. 防范与化解针对恶意域名或IP的访问, 如钓鱼网站、垃圾邮件、勒索软件、色情网站等, 无论是对于运营商还是网络监管机构都具...     

MQTT-SE数据加密传输算法

随着日新月异的高新技术不断发展,物联网、大数据、人工智能交叉融合,深度关联.物联网全面融入了我们的生活、工作、社会发展等方方面面.而物联网目前最广泛、最主流的协议当属MQTT协议,低开销低带宽的先天优势促成了海量物联网设备接入网络.但在万物互联时代大背景下,“自由可控,安全可信”是行业发展的理念和标准.目前很多研究者提出了从MQTT出发设计安全算法的方案,但发现“基于MQTT的数据加密传输算法”该论文的核心算法存在密钥泄露的风险,为此指出了其核心算法的缺陷并提出3种新的MQTT-SE算法.分别是基于对称加密的MQTT-SE算法、基于公钥的MQTT-SE算法、基于公钥证书的双向认证MQTT-SE算法.从而达到MQTT传输在低效能环境下的基础上达到高性能安全加密传输的目的.     

Security and Privacy in Solar Insecticidal Lamps Internet of Things: Requirements and Challenges

Solar insecticidal lamps (SIL) can effectively control pests and reduce the use of pesticides. Combining SIL and Internet of Things (IoT) has formed a new type of agricultural IoT, known as SIL-IoT, which can improve the effectiveness of migratory phototropic pest control. However, since the SIL is connected to the Internet, it is vulnerable to various security issues. These issues can lead to serious consequences, such as tampering with the parameters of SIL, illegally starting and stopping SIL, etc. In this paper, we describe the overall security requirements of SIL-IoT and present an extensive survey of security and privacy solutions for SIL-IoT. We investigate the background and logical architecture of SIL-IoT, discuss SIL-IoT security scenarios, and analyze potential attacks. Starting from the security requirements of SIL-IoT we divide them into six categories, namely privacy, authentication, confidentiality, access control, availability, and integrity. Next, we describe the SIL-IoT privacy and security solutions, as well as the blockchain-based solutions. Based on the current survey, we finally discuss the challenges and future research directions of SIL-IoT.     

A Survey on Smart Agriculture: Development Modes,Technologies, and Security and Privacy Challenges

With the deep combination of both modern information technology and traditional agriculture,the era of agriculture 4.0,which takes the form of smart agriculture,has come.Smart agriculture provides solutions for agricultural intelligence and automation.However,information security issues cannot be ignored with the development of agriculture brought by modern information technology.In this paper,three typical development modes of smart agriculture(precision agriculture,facility agriculture,and order agriculture)are presented.Then,7 key technologies and 11 key applications are derived from the above modes.Based on the above technologies and applications,6 security and privacy countermeasures(authentication and access control,privacy-preserving,blockchain-based solutions for data integrity,cryptography and key management,physical countermeasures,and intrusion detection systems)are summarized and discussed.Moreover,the security challenges of smart agriculture are analyzed and organized into two aspects:1)agricultural production,and 2)information technology.Most current research projects have not taken agricultural equipment as potential security threats.Therefore,we did some additional experiments based on solar insecticidal lamps Internet of Things,and the results indicate that agricultural equipment has an impact on agricultural security.Finally,more technologies(5 G communication,fog computing,Internet of Everything,renewable energy management system,software defined network,virtual reality,augmented reality,and cyber security datasets for smart agriculture)are described as the future research directions of smart agriculture.     

论坛情感挖掘研究综述：现状、挑战与趋势

大数据时代,论坛上用户的看法、倾向、观点和争论形成了大量数据。对这些能表达作者情绪的数据进行挖掘,有助于相关人员对信息的理解、把控,亦会对决策形成直接影响。为此,关注论坛情感挖掘十分重要。从论坛数据挖掘相关技术的概念和意义出发,重点讨论了论坛情感挖掘中基于情感词典和基于机器学习两种方法的研究现状,对每种方法的适用任务、不足之处、改进方案、发展趋势等进行对比和阐述。给出论坛情感挖掘领域尚待解决的难题与挑战,并对该技术未来的发展方向做出预测。     

Advances in Control Technologies for Wastewater Treatment Processes:Status,Challenges, and Perspectives

This paper presents a thorough review of control technologies that have been applied to wastewater treatment processes in the environmental engineering regime in the past four decades. It aims to provide a comprehensive technological review for both water engineering professionals and control specialists, giving rise to a suite of up-to-date pathways to impact this field in light of the classified technology hubs. The assessment was conducted with respect to linear control, linearizing control, nonlinear control, and artificial intelligence-based control. The application domain of each technology hub was summarized into a set of comparative tables for a holistic assessment. Challenges and perspectives were offered to these field engineers to help orient their future endeavor.      

IETF 6TiSCH工业物联网研究综述：标准、关键技术与平台

互联网工程任务组(IETF)正在制定一套基于IPv6的低功耗工业物联网协议栈6TiSCH,其主要应用于复杂的工业过程控制及自动化领域。IETF 6Ti SCH协议栈在网络层上引入IPv6协议,使得海量的物联网节点可以无缝接入互联网;在链路层引入了IEEE802.15.4e TSCH新协议,可以有效降低节点能耗和增强无线通信可靠性。OpenWSN开源项目提供了一套该协议栈完整实现的代码。对IETF 6TiSCH工业物联网的标准、关键技术与平台进行了系统总结。首先对其发展历程及现状进行了详细的介绍;接着分析了CoAP应用层协议、UDP传输层协议、IPv6网络层协议、IEEE802.15.4e链路层协议及其物理层标准协议;随后总结了其高精度时间同步、资源调度与安全等关键技术,并对其实现平台进行了深入剖析;最后对未来研究可能面临的挑战进行了展望。     

Models for surface reflection of radiance and polarized radiance: Comparison with airborne multi-angle photopolarimetric measurements and implications for modeling top-of-atmosphere measurements

In this paper, we investigate the surface-atmosphere radiative interaction in application to the problem of aerosol satellite remote sensing over land. First, we test different models of the Bidirectional Reflectance and Polarization Distribution Function (BRDF and BPDF) for bare soil and vegetation surfaces using multi-angle, multi-spectral photopolarimetric airborne measurements of the Research Scanning Polarimeter (RSP). Then, we investigate the performance of different models of BRDF and BPDF for modeling top-of-atmosphere measurements. We have found that different BRDF models can describe the RSP measurements equally well. However, for soil surfaces, the different BRDF models show a different dependence on illumination geometry (solar zenith and azimuth angles), as well as a different dependence on viewing angle outside the range of RSP measurements. This implies that different models describe the surface-atmosphere interaction differently, leading for soil surfaces to differences in the top-of-atmosphere reflectance up to 4-5%, whereas at surface level the models agree within 2% for RSP illumination and measurement geometry. For vegetation, the different BRDF models show more similar dependence on illumination geometry, meaning that, in general, the differences in top-of-atmosphere reflectances are smaller than the differences in surface total reflectances. For the BPDF, we compare the empirical model of Nadal and Breon (1999) and the model developed by Maignan et al. (2009) with a newly developed model. The latter model compares better with RSP measurements. It was shown that, though all models have essentially different angular profiles at different illumination and viewing geometries, the difference of the top-of-atmosphere degree of linear polarization is less or is of the same order as the degree of linear polarization difference at the surface level taken at RSP illumination and measurement geometry. For the considered models, it can be up to 0.015 but is mostly below 0.005.     

Chaum's protocol for detecting man-in-the-middle: Explanation,demonstration, and timing studies for a text-messaging scenario

This article explains, demonstrates, and evaluates Chaum’s protocol for detecting a man-in-the-middle (MitM) of text-messaging network communications. MitM attacks pose serious risks to many network communications. Networks often mitigate these risks with robust protocols, such as TLS, which assume some type of public-key infrastructure that provides a mechanism for the authenticated exchange of public keys. By contrast, Chaum’s protocol aims to detect a MitM with minimal assumptions and technology, and in particular without assuming the authenticated exchange of public keys. Chaum assumes that the eavesdropper can “sound like” the communicants but that the eavesdropper cannot fabricate sensible conversations.

Using an encryption function and one-way function, Chaum’s protocol works in three phases. In Phase I, the communicants exchange their public keys. In Phase II, each communicant generates a random string. The first communicant cryptographically commits to that string, and sends the string to the other communicant after receiving the other’s string. In Phase III, using any of four different “scenarios” the communicants verify that each possesses the same two strings. The protocol forces any MitM to cause the communicants to possess different pairs of strings. The text-messaging scenario is similar to a forced-latency protocol proposed by Wilcox-O’Hearn in 2003.

This article implements and experimentally demonstrates the effectiveness of the third scenario, which uses timing to detect a MitM in text-messaging. Even assuming a MitM can send messages without any network latency, the protocol forces the MitM to cause delays noticeable by the communicants. This article is the first to explain, demonstrate, and evaluate Chaum’s protocol, which Chaum described only in an abandoned and nearly inscrutable patent application.