PGP工作原理及其安全性

该文介绍了PGP系统的核心算法和工作流程。从加密算法、密钥管理、信任模型等几方面,探讨了PGP的安全性,并给出解决的办法。     

利用PGP软件实现安全收发电子邮件

为了保障邮件在传输过程的安全性,我们引入了PGP邮件加密软件.主要介绍了在实验室环境下PGP软件的安装、创建密钥对,输出和签名公共密钥,发送并接收加密的电子邮件.     

基于安全E-mail协议的电子选举研究

在安全邮件协议PGP中引入公正机构(CA),设计了一个适合大规模选举的电子选举方案。该方案不仅能满足电子选举的安全要求,而且不要求选民在固定地点投票;此外,新方案在一定程度上解决了电子选举中权威机构权力过大及绝对匿名性引发问题,可以在不泄露选票内容的情况下使选举的结果具有可验证性。     

E-mail安全协议PGP

本文从单钥密码IDEA算法、双钥密码RsA算法、单向杂凑算法MD5算法等分析了安全电子邮件协议PGP的实现原理和实现流程;描述了PGP所提供的安全业务;并从RSA、IDEA、MD5、随机数等安全性方面分别研究了PGP的安全性能.     

基于非对称密钥体制的密钥分配管理

本文以RSA体制为例,提出了密钥分配的自产生密钥式协议,详细分析了协议的安全性,并且在此基础上进一步提出了分布式的协议。两协议能比较好地满足网络开放环境下的密钥分配管理问题。     

基于国产加密产品的CA安全认证系统的研究与实现

本文分析了CA安全认证系统功能模型,提出并阐述了CA系统总体架构,包括CA子系统和RA子系统。详细阐述了关键技术实现,包括应用软件功能模块结构设计,以及一种通过控制进程数来优化服务器软件性能的方法。     

建立在椭圆曲线密码系统上基于PKI的移动通讯安全体制

本文提出建立在椭圆曲线密码系统上的一个基于PKI的移动通讯安全体制的设计方案,提供了一种更加安全的注册和认证方法。此系统能够保证网络上的合法用户的注册、以及在一个移动和无线环境下通信双方的相互认证和通信数据的保密性和完整性。通信数据的保密性和完整性由椭圆曲线密码体制(EllicticCurveCryptography)保证,此体制与一个用于密钥分配和管理的可靠的证书授权中心体系相结合。     

如何发送和接收安全电子邮件

该文主要介绍了如何利用个人证书及PGP(Pretty Good Privacy)发送、接收安全电子邮件并分析比较S/MIME和PGP的主要区别。     

安全VPN服务器中IKE协议的设计与实现

研究了安全VPN服务器中IKE协议的设计与实现方法。首先介绍了安全VPN服务器的基本框架 ,并对整个系统的工作流程作了说明 ;其次分析了IKE协议在系统中的位置与作用 ,并对IKE模块的主要功能以及与其它模块的关系进行了分析与描述 ;最后提出了IKE协议的设计与实现方案     

基于XKMS的证书验证机制的研究与实现

提出了一种基于XKMS的证书验证机制,设计了集成在XKMS服务中的证书验证服务模块,描述了证书路径验证算法,改进了XKMS-OCSP机制,并给出了证书验证的过程。     

TM卡技术原理及应用

介绍了一种新型的IC卡--TM卡。主要介绍了它的外型结构、电气原理和数据通讯的协议及时序;文章最后还对其应用进行了相应的论述。本文的目的旨在推动TM卡在我国各领域的应用。     

An economic mechanism to manage operational security risks for inter-organizational information systems

As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not accountable. We model the problem as a signaling-screening game, and outline an incentive mechanism that addresses these problems. Our mechanism proposes formation of secure communities of organizations anchored by Security Compliance Consortium (SCC), with members held accountable to the community for security failures. We study the interconnection decisions with and without the mechanism, and characterize conditions where the mechanism plays roles of addressing moral hazard and hidden information issues by screening the organizations’ security types and/or by providing them incentives to improve. We also discuss the welfare gains and the broad impact of the mechanism.     

Windows 7操作系统UAC机制及其安全性分析

为了对微软新开发的Windows 7操作系统的安全性能有进一步了解,研究了Windows 7下UAC机制的原理,分析了Windows 7下UAC机制的特征,最后提出了权限提升的方法,进一步说明了在Windows 7下恶意进程权限提升的具体过程.实验结果表明,Windows 7下的UAC机制并不能完全防止恶意进程获取高权限.     

DRM细粒度使用控制模型及其安全机制

为了解决现有数字版权管理中使用控制模型缺乏对细粒度数字内容的灵活和安全使用的问题,基于对一般使用控制模型UCONABC的扩展,提出了形式化的细粒度使用控制理论模型Gran-UCON及其原型系统安全框架和实现机制.该方案将数字资源实体进行细粒度分割,使其粒度减小到具有完整意义的基本单元,进一步通过许可授权加以安全控制.应用实例验证了该模型在数字内容用户终端使用中的安全性和灵活性.     

运算放大器工作原理的深度剖析

通过引入杠杆原理深度剖析运算放大器的工作特性,给出比较器与放大器、积分与比例积分电路、微分与比例微分电路、PID调节器的电路运算本质。如比较器与放大器的本质区别是反馈形式不同,积分电路的积分过程是恒流源对电容的充电过程,比例积分比积分快及比例微分比微分慢是因为串联电容的电阻起分压作用等。将电路原理映射到杠杆原理中,获得输入与反馈电路中的电阻电容对电路增益及相位的变化规律,用Saber软件仿真,结果验证了理论分析的正确性和有效性。     

Appraisal and reporting of security assurance at operational systems level

In this paper we discuss the issues relating the evaluation and reporting of security assurance of runtime systems. We first highlight the shortcomings of current initiatives in analyzing, evaluating and reporting security assurance information. Then, the paper proposes a set of metrics to help capture and foster a better understanding of the security posture of a system. Our security assurance metric and its reporting depend on whether or not the user of the system has a security background. The evaluation of such metrics is described through the use of theoretical criteria, a tool implementation and an application to a case study based on an insurance company network.     

The principle of guarantee availability for security protocol analysis

Conformity to prudent design principles is an established approach to protocol correctness although it is not free of limitations. We term goal availability a design principle that is often implicitly followed, prescribing protocols to aim at principal-centric goals. Adherence to a design principle is normally established through protocol analysis that is an evaluation of whether a protocol achieves its goals. However, the literature shows that there exists no clear guidance on how to conduct and interpret such an analysis, a process that is only left to the analyzer’s skill and experience. Goal availability has the desirable feature that its supporting protocol analysis can be precisely guided by what becomes a principle of realistic analysis, which we call guarantee availability. It prescribes that the outcome of the analysis, which is the set of guarantees confirming the protocol goals, be practically applicable by the protocol participants. In consequence, the guarantees must be based on assumptions that the principals have the capacity to verify. Our focus then turns entirely to protocol analysis, because an analysis conforming to guarantee availability signifies that the analyzed protocol conforms to goal availability. Existing analysis of (both classical and deployed) protocols has been reconsidered with the aim of studying their conformity to guarantee availability. Some experiments clarify the relationships between goal availability and the existing design principles, with particular reference to explicitness. Other experiments demonstrate that boosting an analysis with guarantee availability generally makes it deeper, unveiling additional protocol niceties that depending on the analyzer’s skills may remain overseen otherwise. In particular, an established claim about a protocol (made using a well-known formal method) can be subverted.     

SELinux的安全机制和安全模型

SELinux是美国安全局发布的一个集成在Linux内核中的新型强制访问控制(MAC)机制。为了提供细粒度的访问控制,SELinux采用RBAC模型和TE模型为主体和客体之间的交互设计了大量的安全策略,有效解决了自主访问控制(DAC)的脆弱性和传统MAC的不灵活性等问题。详细研究了SELinux的体系结构、安全模型和安全上下文,并以Apache服务器为例,介绍了如何定制SELinux以实现安全增强。     

PGP算法及其应用

以福建公路信息策略网络系统为应用背景来讨论ＰＧＰ（Ｐｒｅｔｔｙ Ｇｏｏｄ Ｐｒｉｖａｃｙ）算法的应用。