基于国密算法和PUF的企业用户身份认证系统

针对当前企业信息系统登录方法安全性和可扩展性的不足,设计一种基于国密算法和PUF（物理不可克隆函数）的企业用户身份认证系统。该系统借鉴FIDO U2F（线上快速第二因子身份认证）认证框架,以身份识别令牌作为认证第二因子,使用国产加密算法实现安全性的自主可控,同时在身份令牌中集成了PUF和真随机数发生器,以达到提升安全性和可扩展性的目的。安全性分析表明,该系统的安全性显著高于现有技术实现。实验测试结果表明,该系统运行开销较低,稳定可靠,能够方便、快捷地部署在企业信息系统中。     

无证书抗私钥泄漏的加密方案

针对大量的边信道攻击和冷启动攻击泄漏密码系统的秘密信息进而导致传统密码方案不安全的问题,提出了一种能在私钥泄漏情况下保持安全的无证书加密方案。基于q-ABDHE困难问题假设,从理论上证明了方案的安全性;通过提取器的使用实现了抗泄漏特性。理论分析表明提出的方案容许私钥的相对泄漏率可以达到1/8。     

一种基于混合密码体制的网络数据安全方案

在分析了当今金融系统沿用多年的传统加密体系的种种不足之处后，设计了一个完整的基于混合密码体制的网络数据保护方案，充分利用了BLOWFISH、RSA、MD5多种算法的优点，确保了方案的高效性和安全性。     

密钥管理与密钥生命周期研究

许多系统借助加密技术来保证信息在存储、传输过程中的安全性,而密码系统中所使用的密钥或口令的安全性则成为系统的薄弱环节[1]。文章探讨了控制密钥的发布、使用和更新的一些密钥管理技术;介绍了对称加密系统、非对称加密系统、私人密钥和公开密钥等基本概念;讨论了密钥分割法、密钥分层法的基本思想;着重分析了密钥生命周期的各个阶段,最后给出了一种利用密钥分层技术实现保密通信的应用方案。     

基于生物特征的密钥生成研究

PIN和密码作为加密密钥要么容易遗忘,要么容易遭到字典攻击.基于用户特定的生物特征信息生成的密钥不仅随身携带不会丢失,而且破译困难.它是目前信息安全领域里的一个研究热点.从击键特征、声音和手写签名等生物行为特征详细概述了生物特征生成密钥的框架,并介绍密钥生成系统的安全性.     

TSV: A novel energy efficient Memory Integrity Verification scheme for embedded systems

Embedded systems are ubiquitous in this era of portable computing. These systems are empowered to access, store and transmit abundance of critical information. Thus their security becomes a prime concern. Moreover, most of these embedded devices often have to operate under insecure environments where the adversary may acquire physical access. To provide security, cryptographic security mechanisms could be employed in embedded systems. However, these mechanisms consume excessive energy that cannot be tolerated by the embedded systems. Therefore with the focus on achieving energy efficiency in cryptographic Memory Integrity Verification (MIV) mechanism, we present a novel energy efficient approach called Timestamps Verification (TSV) to provide Memory Integrity Verification in embedded systems. This paper elaborates the proposed approach along with its theoretical evaluation, simulation results, and experimental evaluation. The results prove that the energy savings in the TSV approach are in the range of 36–81% when compared with traditional MIV mechanisms.     

Applying cryptography within the ASPeCT Project

This article considers the application of cryptographic techniques within the ASPeCT project. ASPeCT is concerned with the provision of certain advanced security features within future mobile telecommunications systems, and we concentrate on two areas of interest within ASPeCT where cryptography is directly being used to provide security solutions: the provision of Trusted Third Party services and the secure billing of value-added information services.     

基于密码信息技术的网上招投标安全解决方案

密码信息技术是实现网络安全的关键技术之一,本文首先介绍相关的密码信息技术,然后基于公钥基础设施(PKI)、对称加密、Hash函数和(t,n)门限密钥分配等密码技术提出解决网上招投标安全问题的方案,并且指出第三方认证机构(CA)在网上招投标安全中的地位。     

基于Linux的通用加密文件系统Waycryptic的设计与实现

近年来,保护个人敏感数据成为人们关注的热点问题.使用加密技术是一种比较成功的保护方法.本文提出一种通用的加密文件系统—Waycryptic,将加密技术集成到文件系统层,应用程序完全不用任何修改就可以获得透明、动态、高效和安全的加密功能,加密文件可以不受限制地存放于任何物理文件系统,同时允许加密文件方便地在多个用户间共享以及指定账号恢复加密文件.Iozone和Bonnie测试程序的结果显示Waycryptic的性能令人满意,适合于具有安全要求的个人或多用户系统.     

Secure administration of cryptographic role-based access control for large-scale cloud storage systems

Cloud systems provide significant benefits by allowing users to store massive amount of data on demand in a cost-effective manner. Role-based access control (RBAC) is a well-known access control model which can be used to protect the security of cloud data storage. Although cryptographic RBAC schemes have been developed recently to secure data outsourcing, these schemes assume the existence of a trusted administrator managing all the users and roles, which is not realistic in large-scale systems. In this paper, we introduce a cryptographic administrative model AdC-RBAC for managing and enforcing access policies for cryptographic RBAC schemes. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks are performed only by authorised administrative roles. Then we propose a role-based encryption (RBE) scheme and show how the AdC-RBAC model decentralises the administrative tasks in the RBE scheme thereby making it practical for security policy management in large-scale cloud systems.     

Standardization in Information Technology Security

The author overviews the international standards developed by SC 27 “IT Security techniques” of the ISO/IEC Joint Technical Committee “Information technologies.” The standards include cryptographic mechanisms, evaluation and testing of products and information systems, countermeasures, and security services. Both published standards and those under development are considered.     

SPA:新的高效安全协议分析系统

研制高效的自动分析系统是密码协议安全性分析的一项关键任务,然而由于密码协议的分析非常复杂,存在大量未解决的问题,使得很多现有分析系统在可靠性和效率方面仍存在许多局限性．该文基于一种新提出的密码协议代数模型和安全性分析技术,设计并实现了一个高效的安全协议安全性自动分析系统(Security Protocol Analyzer,SPA)．首先对协议安全目标进行规范,然后从初始状态出发,采用有效的搜索算法进行分析证明,试图发现针对协议的安全漏洞．使用该系统分析了10多个密码协议的安全性,发现了一个未见公开的密码协议攻击实例．实验数据显示,该系统与现有分析工具相比,具有较高的分析可靠性和效率,可作为网络系统安全性评测以及密码协议设计的有效辅助工具．     

The elliptic curve cryptosystem: A synopsis

There are three types of public key cryptographic systems that are currently considered both secure and efficient. These cryptographic systems, classified according to the mathematical problems upon which they are based, are: the Integer Factorization Systems (of which the RSA algorithm is the most well known example), the Discrete Logarithm Systems (such as the US Government's Digital Signature Algorithm), and the Elliptic Curve Cryptosystem (ECC).¹ Although much has been written about the RSA algorithm and the Digital Signature Algorithm (DSA), little about the ECC appears in the literature written for information systems security practitioners. This is perhaps because the ECC, since its introduction in 1985, has been a subject of interest to more mathematicians than security professionals.     

基于动态二进制插桩的密钥安全性检测

针对加密软件中的密钥安全性问题,提出一种基于动态二进制插桩的密钥安全性检测方法。该方法面向CryptoAPI加密应用程序,首先通过对CryptoAPI密钥应用模式的分析,指出潜在的密钥安全性漏洞;然后以动态二进制分析平台Pin为支撑,动态记录程序运行期间的加解密过程信息;在此基础上设计关联性漏洞检测算法,实现对密钥安全性的检测。测试结果表明,该方法能够有效检测出两大类密钥安全性漏洞。     

Why not DES?

The controversy over the security of DES arose in the mid-1970s when Martin Hellman and Whitfield Diffie suggested that the 56 bit cipher key was too short to prevent solution by exhaustive research. Aside from the question of cryptographic security there is the problem of a large number of persons utilizing the same cryptographic algorithm which increases greatly the possible economic returns which might be realized in breaking the system. The idea of a “standard” is contrary to good cryptographic practice. The federal government uses DES only for non-classified information.     

基于椭圆曲线的密码体制

论述了基于椭圆曲线的三类密码体制。第一类体制提供了一种签名和认证的机制。第二类体制在发送方加密信息 ,在接收方解密信息 ,具有加密功能。第三类体制将会产生共享密钥 ,可以保证双方通信的安全性。主要对这三种体制结合具体的算法加以说明 ,从而对基于椭圆曲线的密码体制有一个宏观的把握     

How trustworthy is trusted computing?

One of the biggest issues facing computer technology today is data security. The problem has gotten worse because users are working with sensitive information more often, while the number of threats is growing and hackers are developing new types of attacks. Because of this, many technology experts advocate development of trusted computing (TC) systems that integrate data security into their core operations, rather than implementing it via add-on applications. The paper discusses cryptographic trusted computing and trusted computing initiatives.     

Logics for reasoning about cryptographic constructions

We present two logical systems for reasoning about cryptographic constructions which are sound with respect to standard cryptographic definitions of security. Soundness of the first system is proved using techniques from non-standard models of arithmetic. Soundness of the second system is proved by an interpretation into the first system. We also present examples of how these systems may be used to formally prove the correctness of some elementary cryptographic constructions.     

虚拟柔性加工单元网络信息安全的数据加密与数字签名方案

虚拟柔性加工单元是虚拟制造系统研究的核心。虚拟柔性加工单元的网络环境为单元内部和单元与客户之间交互信息建立了一条快速通道,同时也带来了信息交换安全性的问题。文章分析了虚拟单元的网络环境与信息安全需求,比较了常见密码方案。根据虚拟单元网络信息安全特点,提出了一种适合单元网络环境的数据加密与数字签名方案。最后给出了一种安全可行的密钥交换协议。     

Cryptographic transformations of non-shannon sources of information

Existing methods of modelling cryptosystems and their cryptographic security are considered. The construction of cryptographic transformations for Kolmogorov sources of information is investigated. A new computational model of cryptosystems is proposed. New asymmetric cryptosystems are investigated that are ideally resistant in this model.