DNS权威服务器选择方式研究

本文研究了DNS权威服务器的选择问题.为了提升域名的容灾能力和解析的性能,大多数的域都会配置有多个DNS权威服务器.当DNS递归服务器收到针对该域名的查询时,需要选择其中的一个DNS权威服务器进行查询.但具体选择的方式并不明确,且相关RFC标准也没有对递归服务器采用何种方式选择权威服务器做出规定,本文分析了各个常见的DNS服务器版本对权威服务器的选择算法,分析这些算法的选择效果和影响其选择效果的因素.并对全国范围内的开放DNS递归服务器进行测量,分析其对权威服务器的选择效果.     

基于虚拟化的考试服务器性能测试

目前以计算机技术为基础的考试系统应用广泛,考试系统的安全性、稳定性有待提升。本文以学院计算机基础考试系统为研究对象,进行了基于VMwave软件的虚拟化考试服务器性能测试。文中提出了性能测试方法,选择了测试工具,比较了测试结果。实验表明利用虚拟技术构建的考试服务器能够正常运行,且稳定性和安全性得到虚拟化技术支持。     

基于SPECpower＿ssj2008的服务器能耗比对比分析

目前服务器能耗比的重要性越来越受到关注,使用国际权威的服务器能耗比基准测试工具SPECpower＿ssj2008,对某款服务器在不同CPU工作模式和内存配置下的能耗比进行了测试和对比分析。首先,在测试过程中发现SPECpower＿ssj2008测试结果与CPU工作模式特性不符,使用系统综合性能测试工具Unixbench对服务器能耗比进行测量,测试结果与CPU工作模式特性相符;然后,经过分析与实验,发现服务器内存容量较小导致SPECpower＿ssj2008读写硬盘操作增多,引起进程被阻塞,得分较低;最后,得出在使用SPECpower＿ssj2008进行测试时应保证服务器内存容量足够,避免出现进程被阻塞的结论。     

基于云的域名解析服务模型

针对现行域名解析系统存在各种性能和安全上的问题(例如,查询延迟、更新延迟、易受DoS攻击等),提出了一种新型的、可增量部署的、和现行DNS兼容的、具有更好性能的域名解析服务模型。此服务模型基于云技术,利用云及其网络架构来发布DNS记录,响应用户的域名解析请求,提供域名解析服务。在此服务模型中,云的节点服务器实现了域名解析器和权威域名服务器的功能,域名的权威DNS记录被发布到各节点服务器,DNS查询结果直接由节点服务器返回给用户(现行的DNS则需要访问多级域名服务器来完成对域名解析器中未缓存的DNS记录的解析)。理论分析和实验证明,此服务模型与现行的各种域名解析服务相比,其DNS查询延迟、更新延迟、故障应变能力、可靠性等各方面性能都有显著提高。     

路由服务器宣告诞生

路由器也许的确是企业网络必不可少的设备,但至今还没人指责它不便管理。Hughes Network Systems公司为了减轻网管人员的劳动,推出了Global LAN7000和8000系列产品,该系列产品不再采用必须由手工建立的路由选择表,而是利用一个能自动映射地址的外部路由服务器。 Hughes是率先实现这种体系结构的路由器生产厂家。其名字和编址服务(NAS)路由服务器不仅能将LAN地址映射为WAN SVC(交换虚电路),而且能在某个站点上对整个网络实施控制。这就使得网络管理员能在某个控制台集中监控性能和安全性,而不必对一个一个路由器进行监控。与此     

高校实验教学用FTP服务器的构建

为了保证学生实验所需数据的安全性,提出了一种用于高校实验教学的FTP服务器的构建方法。首先,介绍了FTP服务器的网络架构。其次,设计了FTP服务器的构建过程,可有效保证学生数据的安全性。实践证明,文中构建方法操作方便,可靠性高。     

网络名字服务器的应用与实现

名字服务是号码本服务的重要组成部分,已在网络中获得广泛应用。本文所介绍的名字服务器可以提供采用X.500号码本协议(1988)的名字服务,文中着重说明了客体信息的组织方式和客体的命名方法,对名字服务器的用与软件开发也作了详细介绍     

服务器推技术在实验演示系统中的应用

分析了实验演示系统中使用服务器推技术的必要性,在此基础上,首先比较了服务器推送信息与传统拉取信息技术,然后介绍了服务器推技术的发展现状以及实现的不同方案,接着论述了服务器推技术实现过程中的难点与关键点,给出了服务器推技术使用的数据结构和程序流程.最后,经过系统测试,表明实验演示系统采用服务器推技术,工作性能良好,能够达到功能与性能要求.     

SUN能否东山再起

“我们提供的是全世界功效最高的计算系统,SUN将再次超越竞争对手。”这是SUN公司总裁兼首席运营官JonathanSchwartz在该公司2005年第四季度新品发布会上说的一句话。此次发布会上,SUN公司宣布SUNFireT1000和T2000服务器开始供货。这两款服务器采用基于酷线程技术(Cool Threads)的多线程UltraSPARCT1处理器,运行Solaris10操作系统,另外因其极低的功耗而被冠以“绿色经济型”服务器的美誉。根据权威的服务器标准性能评估组织SPEC和NotesBench的测试,这两款CoolThreads服务器取得了7项基准性能测试的世界记录,在系统性能、功耗…     

媒体服务器的体系结构与性能分析

分析了几种流行的媒体服务器体系结构，在此基础上详细分析了衡量媒体服务器的I／O性能，存储性能、可靠性、可扩展性，可用性，安全性等因素，对于多媒体通信系统中媒体服务器的选型具有重要的指导性意义。     

Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application

With the recent advances in ubiquitous communications and the growing demand for low-power wireless technology, smart IoT device (SID) to access various Internet of Things (IoT) resources through Internet at any time and place alternately. There are some new requirements for integration IoT servers in which each one is individually gathering its local resources in Internet, which cooperatively supports SID to get some flexibility or temporary contract(s) and privileges in order to access their corresponding desired service(s) in a group of collaboration IoT servers. However, traditional access control schemes designed for a single server are not sufficient to handle such applications across multiple collaboration IoT servers to get rich services in IoT environments. It does not take into account both security and efficiency of IoT servers, which securely share their resources. Therefore, the collaboration IoT-based RBAC (Role-based Access Control) with trust evaluation (TE) algorithm model to reducing internal security threats in intra-server and inter server for the massive IoT integrated application is proposed in this paper. Finally, the three trust evaluation algorithms including a local trust evaluation algorithm, a virtual trust evaluation algorithm and a cooperative trust evaluation algorithm in the proposed collaboration IoT-based RBAC model, which are designed and presented for reducing internal security threats in collaborative IoT servers.

     

云环境下安全的可验证多关键词搜索加密方案

云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器.然而,加密后的外包数据破坏了数据间的关联性.尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息.此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带...     

Novel chaotic block encryption scheme for WSN based on dynamic sub key

In view of high efficiency and security requirements in WSN encryption algorithm,a lightweight chaotic block encryption algorithm was designed and a novel scheme of dynamic sub keys extension was proposed.To greatly reduce the computing burden of WSN nodes,this scheme made full use of WSN cloud servers monitoring platform,which was powerful in data computing and processing,and transfered the sub keys synchronization task from nodes to cloud servers.Experimental results and performance analysis show that the scheme has good characteristics of diffusion,confusion and statistical balance,strong key security and high algorithm efficiency.It has a good application prospect in the field of WSN communication encryption.     

Exploring New Vista of Secured and Optimized Data Slicing for Big Data: An IOT Paradigm

Security and privacy are useful concerns in the context of big data. The Internet of Things (IoT) serves both to bolster and to ease security worries. IoT gadgets raise immense new security challenges, particularly with regards to things like basic framework. Be that as it may, they additionally offer approaches to help keep clients progressively secure by adding additional obstructions of safeguard to information and people. In order to sustain the integrity of data and to provide in order to implicit security for any big database, data slicing is constructive. Data slicing implicitly provides the preservation and the query performance to the database users. The sliced data are stored at servers in a distributed system to protect the data from the attackers. In this article, an intelligent and efficient model is developed to partition the polynomial data securely and to store at various servers in a distributed system. An auto-key generator spawns an encryption key to encrypt the polynomial data as a higher level security. Encrypted data is partitioned by an efficient Fast Fourier transform Technique. A novel clustering methodology entitled as Binary Reverse Clustering is introduced to optimize the performance as well as to reduce the servers’ requisition. Moreover, the novel clustering technique is compared with the traditional clustering algorithm.

     

Increasing availability and security of an authentication service

Authentication, the process by which one satisfies another about one's claim of identity, is typically provided by an authentication server via an authentication protocol. Compromise of the authentication service can lead to the compromise of the whole system, and the service is a performance bottleneck because many activities cannot proceed unless the identities of concerned parties can be satisfactorily established. Therefore, a desirable authentication service should be both highly secure and highly available. A general solution in which the authentication server is replicated so that a minority of malicious and colluding servers cannot compromise security or disrupt service is proposed. Some unusual features of such a distributed authentication service, including the tradeoff between availability and security, are discussed. Such a distributed service is also useful when clients cannot identify or agree upon trusted servers prior to authentication. For example, in some cooperative or federated systems, clients simply cannot all trust the same set of servers     

Performance evaluation of DNS servers to build a benchmarking system of DNS64 implementations

DNS64 is an important IPv6 transition technology that facilitates the communication of an IPv6 only client with an IPv4 only server, which becomes a more and more common scenario. Several different DNS64 implementations exist, and their performance is a relevant decision factor for network operators. RFC 8219 has defined a benchmarking methodology for DNS64 servers, which requires the operation of an authoritative DNS server at 220% of the query rate used for DNS64 benchmarking. In this paper, we aim to build an authoritative DNS server that operates at 2.2 million qps (queries per second) rate, thus it facilitates DNS64 benchmarking up to 1,000,000 qps rate. To that end, we compare the performance of BIND, YADIFA, NSD, Knot DNS and FakeDNS (a special purpose software) to find the best suiting one of them. We fully disclose the details of our measurements including the configuration of the DNS implementations, the usage of our improved software tester called dns64perf?++, and the details of the hardware and software measurement environment in the NICT StarBED, Japan. We perform a series of measurements to examine, how the performance of the tested solutions scale up with the number of the active CPU cores from 1 to 32. Besides their performance, we also measure their memory consumption and zone load time. We present and discuss all the results. In addition to successfully building an authoritative DNS server with the required performance, we also make recommendations, which solutions suit to different special needs.

     

SCM: Secure and accountable TLS certificate management

In classical public‐key infrastructure (PKI), the certificate authorities (CAs) are fully trusted, and the security of the PKI relies on the trustworthiness of the CAs. However, recent failures and compromises of CAs showed that if a CA is corrupted, fake certificates may be issued, and the security of clients will be at risk. As emerging solutions, blockchain‐ and log‐based PKI proposals potentially solved the shortcomings of the PKI, in particular, eliminating the weakest link security and providing a rapid remedy to CAs' problems. Nevertheless, log‐based PKIs are still exposed to split‐world attacks if the attacker is capable of presenting two distinct signed versions of the log to the targeted victim(s), while the blockchain‐based PKIs have scaling and high‐cost issues to be overcome. To address these problems, this paper presents a secure and accountable transport layer security (TLS) certificate management (SCM), which is a next‐generation PKI framework. It combines the two emerging architectures, introducing novel mechanisms, and makes CAs and log servers accountable to domain owners. In SCM, CA‐signed domain certificates are stored in log servers, while the management of CAs and log servers is handed over to a group of domain owners, which is conducted on the blockchain platform. Different from existing blockchain‐based PKI proposals, SCM decreases the storage cost of blockchain from several hundreds of GB to only hundreds of megabytes. Finally, we analyze the security and performance of SCM and compare SCM with previous blockchain‐ and log‐based PKI schemes.     

士兵-机器人Ad hoc网络系统的安全问题分析

选取现代战争中未来战场的一个典型应用——士兵-机器人Adhoc网络系统作为研究对象,在分析其组网拓扑和原有的安全机制的基础上,阐述了该系统应用到实际战场上可能存在的安全问题：服务器子网暴露问题、服务器面临来自Internet的攻击、机器人面,临的安全威胁、以及自组网采用的协议本身存在的安全问题。     

Internet time synchronization: the network time protocol

The network time protocol (NTP), which is designed to distribute time information in a large, diverse system, is described. It uses a symmetric architecture in which a distributed subnet of time servers operating in a self-organizing, hierarchical configuration synchronizes local clocks within the subnet and to national time standards via wire, radio, or calibrated atomic clock. The servers can also redistribute time information within a network via local routing algorithms and time daemons. The NTP synchronization system, which has been in regular operation in the Internet for the last several years, is described, along with performance data which show that timekeeping accuracy throughout most portions of the Internet can be ordinarily maintained to within a few milliseconds, even in cases of failure or disruption of clocks, time servers, or networks