基于PKI的移动代理安全策略研究

移动代理是新型的分布式计算技术,具有移动性和自治性两个特点,与传统的分布式计算模型Client/Server相比具有非常多的优势,有着广阔的应用前景,但安全问题一直困扰着移动代理的应用。针对移动代理系统所受的安全威胁以及带来的安全需求,提出了一种用PKI来实现移动代理系统安全性的方法,并分析了该方法的优点和有待改进的地方。     

移动云服务的数据安全与隐私保护综述

移动云服务相比传统云具有移动互联、灵活终端应用和便捷数据存取等特点。然而,丰富的移动云服务应用也带来了更多的安全与隐私泄露问题。在阐述移动云服务的基本概念、应用与安全问题的基础上,给出了其安全与隐私保护体系结构,主要围绕安全协议与认证、访问控制、完整性验证、移动可信计算和基于加密、匿名、混淆的隐私保护等关键技术,分析其研究现状,论述已有技术的优势和不足,并探讨了未来的研究方向。     

移动代理系统的评测基准

移动代理技术已经成为设计、实现分布式应用的一种极具前景的技术，现有许多移动代理系统已经在研究及商业领域得以实现．但是移动代理系统至今仍然没有得到很广泛的应用，其原因除了使用移动代理系统所涉及的安全性问题之外，另一个主要因素就是缺少一个对移动代理系统性能进行量化评价的基准．本文对于现有的能够对各种不同移动代理系统进行量化评测的基准进行综述，并且讨论哪些因素会对移动代理架构性能产生根本的影响．     

A table masking countermeasure for low-energy secure embedded systems

Future wireless embedded devices will be increasingly powerful, supporting many more applications, including one of the most crucial, which is security. Although many embedded devices offer more resistance to bus probing attacks due to their compact size, susceptibility to power or electromagnetic analysis attacks must be analyzed. This paper presents a table masking countermeasure to resist differential power analysis (DPA) and differential electromagnetic analysis (DEMA). Real power and EM measurements are used to verify the countermeasure using second- and third-order DPA and DEMA attacks on a popular low-energy embedded ARM processor. Results show that the new table masking countermeasure provides increased security without large overheads of energy dissipation compared with previous countermeasures. With the emergence of security applications personal digital assistants, cellphones, and other embedded devices, low-energy countermeasures for resistance to DPA/DEMA are crucial for supporting future wireless embedded systems.     

3G时代的移动电子商务的安全思考

3G移动通信技术已经在国内外广泛应用,受此推动的移动电子商务用户数和应用近年来也在快速增长,但其安全问题也引起人们的高度重视。移动电子商务存在一般电子商务的安全隐患,同时也有基于自身特点的安全问题。而目前有关的安全技术和安全措施的研究和实施,将推动移动电子商务继续发展和逐渐普及。     

A survey on blockchain cybersecurity vulnerabilities and possible countermeasures

Blockchain technology has attracted considerable attention owing to its wide range of potential applications. It first appeared as a cryptocurrency, called Bitcoin, but has since been used in many other business and nonbusiness applications. Unlike most existing systems that are based on centralized frameworks, this new technology utilizes peer‐to‐peer networks and distributed systems which includes blockchain registers to store transactions. Its structure is designed as a digital log file and stored as a series of linked groups, called blocks. Each individual block is locked cryptographically with the previous block. Once a block has been added, it cannot be altered. Many security experts speculate that the inherent cryptographic nature of the blockchain system is sufficient to withstand constant hacking and security threats. However, previous studies on the security and privacy of blockchain technology have shown that many applications have fallen victim to successful cyberattacks. Owing to the increasing demand for cryptocurrency and its current security challenges, previous studies have not focused on blockchain technology cybersecurity vulnerabilities extensively. Here, our study extends upon the previous studies on vulnerabilities and investigates the types of potential attacks. Our study then provides further direction to highlight possible countermeasures against blockchain technology vulnerability to cybersecurity.     

A survey of mobile cloud computing: architecture,applications, and approaches

Together with an explosive growth of the mobile applications and emerging of cloud computing concept, mobile cloud computing (MCC) has been introduced to be a potential technology for mobile services. MCC integrates the cloud computing into the mobile environment and overcomes obstacles related to the performance (e.g., battery life, storage, and bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and privacy) discussed in mobile computing. This paper gives a survey of MCC, which helps general readers have an overview of the MCC including the definition, architecture, and applications. The issues, existing solutions, and approaches are presented. In addition, the future research directions of MCC are discussed. Copyright © 2011 John Wiley & Sons, Ltd.     

An infrastructure for detecting and punishing malicious hosts using mobile agent watermarking

Mobile agents are software entities consisting of code, data, and state that can migrate autonomously from host to host executing their code. In such scenario there are some security issues that must be considered. In particular, this paper deals with the protection of mobile agents against manipulation attacks performed by the host, which is one of the main security issues to solve in mobile agent systems. This paper introduces an infrastructure for mobile agent watermarking (MAW). MAW is a lightweight approach that can efficiently detect manipulation attacks performed by potentially malicious hosts that might seek to subvert the normal agent operation. MAW is the first proposal in the literature that adapts software watermarks to verify the execution integrity of an agent. The second contribution of this paper is a technique to punish a malicious host that performed a manipulation attack by using a trusted third party (TTP) called host revocation authority (HoRA). A proof‐of‐concept has also been developed and we present some performance evaluation results that demonstrate the usability of the proposed mechanisms. Copyright © 2010 John Wiley & Sons, Ltd.     

Secure time synchronization protocols for wireless sensor networks

Time synchronization is essential in wireless sensor networks as it is needed by many applications for basic communication. The inherent characteristics of sensor networks do not permit simply applying traditional time synchronization algorithms. Therefore, many new time synchronization algorithms have been proposed, and a few of them provide security measures against various degrees of attacks. In this article we review the most commonly used time synchronization algorithms and evaluate these algorithms based on factors such as their countermeasures against various attacks and the types of techniques used.     

移动代理的安全性问题及对策研究

移动代理由于其灵活、移动、自治等特性被广泛应用,但对移动代理的安全性问题研究仍不充分。文章针对移动代理不同方面的安全问题加以分析,针对性地提出安全保护方案,为移动代理的进一步充分应用给出新思路。通过提高移动代理安全性,使移动代理技术在降低网络负载、减小所占带宽、提高系统效率等方面发挥更大效用。     

可信移动Agent的研究及在分布式网络管理中的应用

为解决分布式网络管理的安全问题,利用移动Agent框架作为底层平台,应用VMC概念将移动Agent和SNMPAgent相融合,构建一种基于可信移动Agent的安全体系结构。实验结果表明,采用此体系结构的网络管理系统能够确保移动Agent的可信性。因此,该体系结构在受到Agent到Agent平台或Agent到Agent攻击情况下的安全性得到评估,证明在网络管理任务中其性能是可信的。     

网络安全迎来3G时代

以第三代移动通信网络的安全结构系统为基础,从3G核心网安全、接入网安全、用户安全和网络应用安全等方面分析了其可能存在的安全威胁和隐患,并以此为依据对3G移动网络的安全问题提出相应的防范对策及建议,从运营商网络安全建设、监管平台建设、规范移动终端、专用网络建设等多角度考虑构建第三代移动通信网络的安全防护体系,最终能够在3G网络安全＂博弈＂中抢占先机,未雨绸缪。     

Security and privacy in RFID and applications in telemedicine

Radio frequency identification systems have many applications in manufacturing, supply chain management, inventory control, and telemedicine. In an RFID system, products and objects are given RFID tags to identify themselves. However, security and privacy issues pose significant challenges on these systems. In this article we first briefly introduce RFID systems. Then two RFID applications in telemedicine are proposed: studying supply and demand of doctors, nurses, and patients in hospitals and healthcare, and developing mobile telemedicine services. The security and privacy issues of RFID, and their solutions are discussed as well.     

Mobile agent security

The agent paradigm is currently attracting much research. A mobile agent is a particular type of agent with the ability to migrate from one host to another, where it can resume its execution. We consider security issues that need to be addressed before multi-agent systems in general, and mobile agents in particular, can be a viable solution for a broad range of commercial applications. This is done by considering the implications of the characteristics given to agents and the general properties of open multi-agent systems. The paper then looks in some more detail at security technology and methods applicable to mobile agent systems.     

Differential Power Analysis on Countermeasures Using Binary Signed Digit Representations

Side channel attacks are a very serious menace to embedded devices with cryptographic applications. To counteract such attacks many randomization techniques have been proposed. One efficient technique in elliptic curve cryptosystems randomizes addition chains with binary signed digit (BSD) representations of the secret key. However, when such countermeasures have been used alone, most of them have been broken by various simple power analysis attacks. In this paper, we consider combinations which can enhance the security of countermeasures using BSD representations by adding additional countermeasures. First, we propose several ways the improved countermeasures based on BSD representations can be attacked. In an actual statistical power analysis attack, the number of samples plays an important role. Therefore, we estimate the number of samples needed in the proposed attack.     

基于Merkle树的安全移动代理路由协议及其推广

本文对Domingo J.等人提出的一个高效的移动代理路由协议进行了分析,指出其具有一个很严重的安全缺陷:不能抵制路由主机间的共谋攻击.在此基础上,利用hash函数,提出了一个基于Merkle树的安全移动代理路由协议,并分析了其安全性、计算复杂度以及信息传输量.结果表明该方案不仅弥补了原有协议的缺陷,而且保持了原协议高效的特点.最后,将该方案其推广至动态路由.     

Privacy‐preserving authentication protocols with efficient verification in VANETs

As an important component of intelligent transportation systems, vehicular ad hoc networks can provide safer and more comfortable driving circumstance for the drivers. However, communication security and privacy issues present practical concerns to the deployment of vehicular ad hoc networks. Although recent related studies have already addressed most of these issues, most of them have only considered a posteriori countermeasures or a priori countermeasures to prevent the attacks of an adversary. To the best of our knowledge, up to now, only two privacy‐preserving authentication schemes can provide a posteriori countermeasures and a priori countermeasures. But, the computational cost of verifying a signature is relatively high or security proof of the scheme is loose in the two schemes. In this paper, we propose two novel privacy‐preserving authentication schemes. The first one cannot only provide a posteriori and a priori countermeasures, but also has low computational cost in the verification phase and tight security proof. The second one can achieve batch verification on multiple messages. Comparison with Wu et al.'s scheme and Chen et al's scheme, our scheme shows higher efficiency in terms of the computational cost of verifying signature.Copyright © 2013 John Wiley & Sons, Ltd.     

门限技术在组播密钥管理中的应用

目前组播协议以其节省带宽等优点被广泛认可,但在安全性和可靠性方面存在着一些问题。针对组播应用中所涉及到的密钥管理问题,提出一种运用动态门限技术和组播安全代理结合的方案,通过构建一个IP组播安全管理系统来实现组播密钥的分发和恢复,进而讨论了由成员加入和退出引起的密钥更新问题,最后针对该系统给出实验测试并讨论了采用此方案引起的更新代价,说明采用该方案可以较好地解决组播应用中的授权管理问题,实现安全组播。     

移动通信基站安防系统的研发

针对目前数量众多的无人值守的移动通信基站经常遇到人为破坏导致通信中断等问题,研究了一种新型智能安防系统,提出了一种新的安防方案,研发了基于全球定位系统(Global Positioning System,GPS)的智能便携终端及其接入平台。从需求分析、方案设计和技术实现等方面阐述了系统的研发过程。安防系统终端为一款基于嵌入式微处理器平台设计的智能设备,具有较强的数据采集与处理、及时报警和跟踪定位等功能。     

Mobile payments in global markets using biometrics and cloud

Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.