基于Logistic的混沌加/解密图像算法研究

混沌序列具有伪随机性、对初始条件强敏感性、遍历性等特点,它展现出优良的密码学性能.混沲加密是常用的数字图像加密方法之一.在此,提出一种基于Logistic的混沌加/解密模型,在图像加/解密算法中加以应用,用VB.NET实现该加/解密算法,支持多种图像格式条件下,能正确识别和显示加/解密后的图像.     

CCPRM数位加解密模块及其应用

文章设计并定义了一种特别的加、解密方法(CcPRM),该方法以可录介质ID为依据,通过页存储模块内数据的移位实现了数据的加、解密过程;此方法采用FPGA芯片实现,具有高速,高保密特点;该模块植入SD卡后,储存卡实现了存储资料的加密保护,具有高速,高保密特点.     

CCPRH数位加解密模块及其应用

文章设计并定义了一种特别的加、解密方法(CcPRM),该方法以可录介质ID为依据,通过页存储模块内数据的移位实现了数据的加、解密过程;此方法采用FPGA芯片实现,具有高速,高保密特点;该模块植入SD卡后,储存卡实现了存储资料的加密保护,具有高速,高保密特点.     

Web信息管理系统数据库加密技术研究

为了提高Web信息管理系统数据库的安全性,建立一个数据库加密模型.该模型采用中闻件技术,将加密系统放在中间层.引入加/解密模块和安全认证模块,来保障数据库系统的安全.为了防止字典式攻击,用户登录验证模块采用了口令加盐技术.对Web信息系统袁单数据的加密使用了开源jQuery插件jCryption.Web数据库中的敏感数据由加密中间件完成加密和解密.加密中间件由加/解密引擎、密钥管理及数据库连接模块等组成.加密中间件的加密算法主要采用AES算法和RSA算法.AES主要用于加密数据,而RSA算法用于完成密钥的加密.该加密模型已在榆林学院工资查询系统上得到了应用,结果表明,该模型能够有效提高Web信息管理系统的安全性.     

微过滤驱动中文件加密标识的实现

分析了企业信息化过程中面临的信息安全问题.针对文件透明加解密系统的开发过程中难于区分文件是否已经加密的问题,提出了一种基于微过滤驱动的文件加密标识实现方法.首先给文件增加一个4kB“隐藏”的文件头,将加密标识、加密算法、密级信息等嵌入其中,然后对文件的操作(查询、读/写等)进行偏移设置,使得文件透明加解密系统的研发更加高效.试验结果表明该方法具有有效性.     

VoIP系统中加密算法的应用研究

针对目前语音信息加密不足的现状,在VoIP终端设备中设计并实现了基于FPGA的AES算法的加解密模块。首先介绍了具有加解密能力的VoIP系统的总体实现结构;其次重点介绍了加密算法各个子模块的实现方法,并通过硬件描述语言在FPGA芯片内部加以实现;最后,通过编写Testbench文件对PCI的部分功能和加解密进行了仿真测试。仿真结果表明,该系统成功实现了数据传输接口和语音的快速加解密功能,为数据的快速安全实时传输提供了可靠保证。加解密算法的实现占用的FPGA资源少,速度快,吞吐率高,性能稳定。     

移动硬盘加解密板卡的设计与实现

针对移动硬盘数据安全问题,分析、优化了AES加密算法,提出了Microbalze与轮内、轮间三级流水线AES加解密IP核结合的架构,设计并实现了一种介于硬盘与电脑USB接口之间的加解密安全卡.仅需在电脑USB与硬盘间串联该安全卡,普通硬盘便可以升级为加密硬盘.在Spartan6-Nexys3FPGA开发板上实验结果表明,该加解密系统能在120MHz时钟下达到174.08Mb/s的吞吐率,系统吞吐率高、资源消耗低.     

AES与ECC混合加密算法的无线数据通信系统设计

提出了一种新的无线数据通信数据加密算法。该算法利用高级加密标准AES加密数据，以ECC加密AES算法的密钥，并用ECC实现数字签名，无线数据系统的接收端对接收的信息进行相应的数据解密，得到原始数据。这样既能快速地进行数据加解密，又能很好地解决密钥分配问题，同时也能完成数字签名与验证功能，具有需求存储空间小、运算速度快、带宽需求低、密钥管理方便等优点，非常适合于无线通信网络环境下的数据加解密通信。     

基于多核处理器的加密卡异步并行驱动设计

文中通过对VxWorks下多核编程的研究,根据IPSec层异步加解密调用的需求,设计了一种稳定高效的加密卡缓存和数据收发方案,满足了数据高速加解密的需求。加密卡内含6个加解密信道,6个加解密信道通过一个万兆以太通道与主机端相连。驱动程序接收来自IPSec层的加解密数据并进行缓存后,将报文通过万兆以太通道发送给加密卡上相应的加解密信道进行处理。加密卡处理完成后将加解密数据通过以太通道送回主机端,并返回加密卡驱动层,由加密卡驱动层的回调函数返回IPSec。多核并行运行时,不同的核都可以进行异步加解密操作。测试结果表明,这种设计方案是一种高效的、具有良好兼容性的驱动实现方法。     

条件接收系统的构成

在数字电视传输系统中,为了保障授权用户收看加密电视节目,采用了复杂的条件接收系统。条件接收系统通过多层加密机制,实现对密钥的分配与管理,文章介绍了信息数据加/解扰和加/解密、用户寻址、智能卡授权、节目管理等多项技术措施,详细描述了对公钥加密的RSA算法。     

嵌入式码流录制系统的设计和实现

介绍了一种新型的嵌入式码流录制系统的设计与实现。该系统利用嵌入式技术，采用了FPGA及高端内存映射的高效数据传输机制，并支持实时硬件加密。其具有体积小，成本低，性能优，功能强，扩展性好，可以满足当前高清码流的录制及加密等应用。     

Wireless broadcast encryption based on smart cards

Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.     

子群中完全安全的基于身份的广播加密

In this paper, we show how to use the dual techniques in the subgroups to give a secure identitybased broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security (adaptive security) under three static (i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.     

具有指定接收组门限共享验证签名加密方案

本文提出了一个具有指定接收者验证的签名加密方案.该方案是数字签名与公钥密码体制的有机集成.与普通数字签名方案相比,除了具有认证性、数据完整性外还具有保密性和接收方的隐私性.然后又利用门限方案构造了一个(t,n)门限共享验证签名加密方案.与现有的门限共享验证签名加密方案相比具有数据传输安全、通信代价更小、执行效率更高、能够确切地检查出哪个验证者篡改子密钥等特点.     

A Systolic Design Methodology with Application to Full-Search Block-Matching Architectures

We present a systematic methodology to support the design tradeoffs of array processors in several emerging issues, such as (1) high performance and high flexibility, (2) low cost, low power, (3) efficient memory usage, and (4) system-on-a-chip or the ease of system integration. This methodology is algebraic based, so it can cope with high-dimensional data dependence. The methodology consists of some transformation rules of data dependency graphs for facilitating flexible array designs. For example, two common partitioning approaches, LPGS and LSGP, could be unified under the methodology. It supports the design of high-speed and massively parallel processor arrays with efficient memory usage. More specifically, it leads to a novel systolic cache architecture comprising of shift registers only (cache without tags). To demonstrate how the methodology works, we have presented several systolic design examples based on the block-matching motion estimation algorithm (BMA). By multiprojecting a 4D DG of the BMA to 2D mesh, we can reconstruct several existing array processors. By multiprojecting a 6D DG of the BMA, a novel 2D systolic array can be derived that features significantly improved rates in data reusability (96%) and processor utilization (99%).     

基于H.264/AVC视频安全级别可分的加密方案

针对当前视频数据易复制、易篡改等特征,为了保护视频数据的安全,提出了一种基于H.264/AVC视频编码标准的视频加密方案.利用流密码加密简单、运算速度快等优点,采用高级加密标准(AES)的密码反馈模式(CFB)对H.264/AVC标准的序列参数集(SPS)、图像参数集(PPS)中能加密的语法元素和Ⅰ帧的码流进行加密.针对不同视频应用所需求的安全级别不同,在宏块级别选取一定数量的宏块进行选择性加密,得到安全级别可分的加密方案.最后,从算法的安全性、实时性、压缩率等方面进行分析.实验结果表明,该算法达到了视频内容安全的要求,满足实时性,并且减少了加密数据量.     

Secure‐aware and privacy‐preserving electronic health record searching in cloud environment

Cloud storage has become a trend of storage in modern age. The cloud‐based electronic health record (EHR) system has brought great convenience for health care. When a user visits a doctor for a treatment, the doctor may be necessary to access the history health records generated at other medical institutions. Thus, we present a secure EHR searching scheme based on conjunctive keyword search with proxy re‐encryption to realize data sharing between different medical institutions. Firstly, we propose a framework for health data sharing among multiple medical institutions based on cloud storage. We explore the public key encryption with conjunctive keyword search to encrypt the original data and store it in the cloud. It ensures data security with searchability. Furthermore, we adopt the identity‐based access control mechanism and proxy re‐encryption scheme to guarantee the legitimacy of access and the privacy of the original data. Generally speaking, our work can achieve authentication, keyword privacy, and privacy preservation. Moreover, the performance evaluation shows that the scheme can achieve high computational efficiency.     

改进型SOA-MZI全光异或门的加解密仿真研究

全光加密技术是解决目前光纤通信网的加解密速率瓶颈及物理层潜在的安全威胁的有力保证。针对现有全光异或加解密方案工作速率普遍较低的问题,在传统的SOA-MZI型全光异或门的基础上,利用两段色散互补的G.655单模光纤,并结合一个相位偏移器设计了一种改进型SOA-MZI全光异或方案,以该改进方案作为全光安全处理器在OptiSystem7.0仿真平台上搭建新的全光异或加解密方案,对输入信号比特速率分别为10Gb/s和40Gb/s的加解密方案进行了仿真实验验证。结果表明:基于改进型SOA-MIZ全光异或门的加解密方案可将全光异或加解密速率提高到40Gb/s,并且解密恢复出的明文数据的消光比约可以达到20dB,最大Q值约为25.7,加解密过程不会对通信系统引入额外误码。     

Real-Time Tone-Mapping Processor with Integrated Photographic and Gradient Compression using 0.13 μm Technology on an Arm Soc Platform

Due to recent advances in high dynamic range (HDR) technologies, the ability to display HDR images or videos on conventional LCD devices has become more and more important. Many tone-mapping algorithms have been proposed to meet this end, the choice of which depends on display characteristics such as luminance range, contrast ratio and gamma correction. An ideal HDR tone-mapping processor should have a robust core functionality, high flexibility, and low area consumption, and therefore an ARM-core-based system-on-chip (SOC) platform with a HDR tone-mapping application-specific integrated circuit (ASIC) is suitable for such applications. In this paper, we present a systematic methodology for the development of a tone-mapping processor of optimized architecture using an ARM SOC platform, and illustrate the use of this novel HDR tone-mapping processor for both photographic and gradient compression. Optimization is achieved through four major steps: common module extraction, computation power enhancement, hardware/software partition, and cost function analysis. Based on the proposed scheme, we present an integrated photographic and gradient tone-mapping processor that can be configured for different applications. This newly-developed processor can process 1,024 × 768 images at 60 fps, runs at 100 MHz clock and consumes a core area of 8.1 mm² under TSMC 0.13 μm technology, resulting in a 50% improvement in speed and area as compared with previously-described processors.     

支持属性撤销的适应性安全属性基加密方案

Attribute revocation is inevitable and also important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it remains one of the main obstacles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the user's private keys will be affected when the revocation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the user's private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the attribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system encryption.