Two Layer Symmetric Cryptography Algorithm for Protecting Data fromAttacks

Many organizations have insisted on protecting the cloud server from the outside, although the risks of attacking the cloud server are mostly from the inside. There are many algorithms designed to protect the cloud server from attacks that have been able to protect the cloud server attacks. Still, the attackers have designed even better mechanisms to break these security algorithms. Cloud cryptography is the best data protection algorithm that exchanges data between authentic users. In this article, one symmetric cryptography algorithm will be designed to secure cloud server data, used to send and receive cloud server data securely. A double encryption algorithm will be implemented to send data in a secure format. First, the XOR function will be applied to plain text, and then salt technique will be used. Finally, a reversing mechanism will be implemented on that data to provide more data security. To decrypt data, the cipher text will be reversed, salt will be removed, and XOR will be implemented. At the end of the paper, the proposed algorithm will be compared with other algorithms, and it will conclude how much better the existing algorithm is than other algorithms.     

A Secure Three-Factor Authenticated Key Agreement Scheme for Multi-Server Environment

Multi-server authenticated key agreement schemes have attracted great attention to both academia and industry in recent years. However, traditional authenticated key agreement schemes in the single-server environment are not suitable for the multi-server environment because the user has to register on each server when he/she wishes to log in various servers for different service. Moreover, it is unreasonable to consider all servers are trusted since the server in a multi-server environment may be a semi-trusted party. In order to overcome these difficulties, we designed a secure threefactor multi-server authenticated key agreement protocol based on elliptic curve cryptography, which needs the user to register only once at the registration center in order to access all semi-trusted servers. The proposed scheme can not only against various known attacks but also provides high computational efficiency. Besides, we have proved our scheme fulfills mutual authentication by using the authentication test method.     

Alternate video broadcasting scheme for popular videos

A video segment broadcasting scheme can reduce server and network bandwidth by periodically broadcasting popular videos that are most likely demanded by clients, instead of responding to each client requests. When video segments broadcast on a channel, in general, alternate broadcasting schemes periodically transmit all segments on a given channel with the same transmission period, which reduces the transmission efficiency of stream channels and requires sufficient client storage space for video segments broadcast on simultaneous channels. The author proposed a novel alternate video broadcast scheme, a delayed buffering broadcast that requires lower server bandwidth and client buffer space compared with those of previous approaches. In addition, the study provides an analytical analysis of the scheme, including a lower bound on the video segment transmission rate for any alternate broadcast scheme. It also derives an upper bound on its storage requirements from the client side. Using the performance study of the proposed scheme and simulation results, the author establishes that the proposed scheme uses fewer server channels and storage resources than previously reported alternate video broadcast schemes for any given client waiting time.     

EA-RDSP: Energy Aware Rapidly Deployable Wireless Ad hoc System for Post Disaster Management

In post disaster scenarios such as war zones floods and earthquakes, the cellular communication infrastructure can be lost or severely damaged. In such emergency situations, remaining in contact with other rescue response teams in order to provide inputs for both headquarters and disaster survivors becomes very necessary. Therefore, in this research work, a design, implementation and evaluation of energy aware rapidly deployable system named EA-RDSP is proposed. The proposed research work assists the early rescue workers and victims to transmit their location information towards the remotely located servers. In EA-RDSP, two algorithms are proposed i.e., Hop count Assignment (HCA) algorithm and Maximum Neighbor Selection (MNS) algorithm. The EA-RDSP contains three types of nodes; the client node sends information about casualty in the disaster area to the server, the relay nodes transmit this information from client node to server nodes via multi-hop transmission, the server node receives messages sent by client node to alert rescue teams. The EAM-RDSP contains three types of nodes; the client node sends information about casualty in the disaster area to the server, the relay nodes transmit this information from client node to server nodes via multi-hop transmission, the server node receives messages sent by client node to alert rescue teams. The proposed EA-RDSP scheme is simulated using NS-2 simulator and its performance is compared with existing scheme in terms of end-to-end delay, message delivery ratio, network overhead and energy consumption.     

网络病毒行为模式分析

计算机网络在为人类造福的同时，也为病毒的传播提供了便利。在网络环境下，病毒传播的范围扩大了，速度大大加快，网络已成为近年来病毒传播的主要途径。针对病毒在网络上传播的新特点，分析了网络环境下病毒传播的主要模式，包括E-mail传播、主动扫描传播、通过服务器传播等，介绍了业界的一些对策，并给出了一般用户有针对性的应对措施。     

三维Laguerre模型的外存式增量算法及可视化技术

在用Laguerre算法实现纳米级材料微观组织结构可视化仿真的过程中,解决了传统算法在设计实现三维Laguerre模型(L模型)程序化与可视化时计算机内存占用量大、程序数据结构复杂等问题,设计了由大到小、层层嵌套的空间数据结构,用6个三重嵌套结构体数组作为中间变量,实现了三维L模型体、面、线、点之间数据的传递与拓扑关系的表达.在此基础上,以硬盘上的外部文件为动态存储空间,设计了硬盘数据文件与内存结构体数组之间实时联动的数据交互方案,避开了计算机内存的限制.在仿真超大规模纳米级材料的微观组织结构时,程序运行的内存占用量恒定为1.2 MB,仿真规模仅受限于硬盘的大小,存储微观组织结构几何信息的数据最后以文本文件的形式输出,方便了在工程实际中的应用与二次开发.     

Evaluation of Kalman filtering for network time keeping

Time information is critical for a variety of applications in distributed environments that facilitate pervasive computing and communication. This work describes and evaluates a novel Kalman filtering algorithm for end-to-end time synchronization between a client computer and a server of "true" time [e.g., a Global Positioning System (GPS) source] using messages transmitted over packet-switched networks, such as the internet. The messages exchanged have the network time protocol (NTP) format, and the algorithm evaluated, is performed only at the client side. The Kalman filtering algorithm is compared to two other techniques widely used, based on linear programming and statistical averaging, and the experiments involve independent consecutive measurements (Gaussian case) or measurements exhibiting long-range dependence (self-similar case). Performance is evaluated according to the estimation error of frequency offset and time offset between client and server clock, the standard deviation of the estimates and the number of packets used for a specific estimation. The algorithms could exploit existing NTP infrastructure, and a specific example is presented.     

A Proxy Re-Encryption with Keyword Search Scheme in Cloud Computing

With the widespread use of cloud computing technology, more and more users and enterprises decide to store their data in a cloud server by outsourcing. However, these huge amounts of data may contain personal privacy, business secrets and other sensitive information of the users and enterprises. Thus, at present, how to protect, retrieve, and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment. A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server. In this scheme, the user data are divided into files, file indexes and the keyword corresponding to the files, which are respectively encrypted to store. The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes, but re-encrypt the cipher-text of keywords corresponding to the files. Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack. And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption. Furthermore, the scheme does not need to use any secure channels, making it more effective in the cloud environment.     

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage, users store the data on the cloud server who offers convenient internet services. To guarantee the data privacy, users encrypt the data before uploading them into the cloud server. Since encryption can reduce the data availability, public-key encryption with keyword search (PEKS) is developed to achieve the retrieval of the encrypted data without decrypting them. However, most PEKS schemes cannot resist quantum computing attack, because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers. Besides, the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack (KGA). In this attack, a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords. In the paper, we propose a lattice-based PEKS scheme that can resist quantum computing attacks. To resist inside KGA, this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext. Finally, some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.     

Developing a New Security Framework for Bluetooth Low Energy Devices

Wearable devices are becoming more popular in our daily life. They are usually used to monitor health status, track fitness data, or even do medical tests, etc. Since the wearable devices can obtain a lot of personal data, their security issues are very important. Motivated by the consideration that the current pairing mechanisms of Bluetooth Low Energy (BLE) are commonly impractical or insecure for many BLE based wearable devices nowadays, we design and implement a security framework in order to protect the communication between these devices. The security framework is a supplement to the Bluetooth pairing mechanisms and is compatible with all BLE based wearable devices. The framework is a module between the application layer and the GATT (Generic Attribute Profile) layer in the BLE architecture stack. When the framework starts, a client and a server can automatically and securely establish shared fresh keys following a designed protocol; the services of encrypting and decrypting messages are provided to the applications conveniently by two functions; application data are securely transmitted following another protocol using the generated keys. Prudential principles are followed by the design of the framework for security purposes. It can protect BLE based wearable devices from replay attacks, Man-in-The-Middle attacks, data tampering, and passive eavesdropping. We conduct experiments to show that the framework can be conveniently deployed with practical operational cost of power consumption. The protocols in this framework have been formally verified that the designed security goals are satisfied.     

An Asset-Based Approach to Mitigate Zero-Day Ransomware Attacks

This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’ behavior. Current security solutions rely on information coming from attackers. Examples are current monitoring and detection security solutions such as intrusion prevention/detection systems and firewalls. This article envisions creating an imbalance between attackers and defenders in favor of defenders. As such, we are proposing to flip the security game such that it will be led by defenders and not attackers. We are proposing a security system that does not observe the behavior of the attack. On the contrary, we draw, plan, and follow up our own protection strategy regardless of the attack behavior. The objective of our security system is to protect assets rather than protect against attacks. Virtual machine introspection is used to intercept, inspect, and analyze system calls. The system call-based approach is utilized to detect zero-day ransomware attacks. The core idea is to take advantage of Xen and DRAKVUF for system call interception, and leverage system calls to detect illegal operations towards identified critical assets. We utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware attacks. The obtained results are promising and indicate that our prototype will achieve its goals.     

Greyscale image encoding and watermarking based on optical asymmetric cryptography and variational image decomposition

In this paper, a novel greyscale image encoding and a watermarking scheme based on optical asymmetric cryptography and variational image decomposition (VID) are proposed. In this proposed scheme, the greyscale watermark is encoded into a noise-like pattern by the phase-truncated Fresnel transform (PT-FrT)-based optical asymmetric cryptography. The greyscale host image is decomposed into its cartoon part and texture part by the VID technique. After that, the encoded watermark is embedded into the host image’s texture part by a discrete wavelet transform (DWT) based fusion approach. The proposed scheme can achieve a better watermark invisibility and a higher robustness by embedding the watermark into the host image’s texture part. Additionally, the proposed scheme can achieve a high security, because the PT-FrT-based optical asymmetric cryptography can resist some common cryptographic attacks. The feasibility, robustness and security of the proposed scheme have been demonstrated by extensive experiments and comparison with other relevant image encoding and watermarking schemes.     

Customer-oriented Configuration Model for Modular Mechatronic Products: Application in Industrial Robot Design

The contradiction between manufacturing costs and customer demand of mechatronic products can be balanced by configuration design. The article proposes a customer-oriented configuration model for modular mechatronic products which makes up the shortfall in meeting customer needs for the traditional configuration de- sign mode. The elements of the modular mechatronic products configuration model including module,module connection and configuration knowledge are analyzed. And a formal representation method for configuration model elements combining with their characteristics is given. Based on the above research,an abstract configuration model of modular mechatronic products is designed. Finally,an industrial robot is used as an application exam- ple to build a customer-oriented industrial robot configuration model.     

Post-Quantum Blockchain over Lattice

Blockchain is an emerging decentralized architecture and distributed computing paradigm underlying Bitcoin and other cryptocurrencies, and has recently attracted intensive attention from governments, financial institutions, high-tech enterprises, and the capital markets. Its cryptographic security relies on asymmetric cryptography, such as ECC, RSA. However, with the surprising development of quantum technology, asymmetric cryptography schemes mentioned above would become vulnerable. Recently, lattice-based cryptography scheme was proposed to be secure against attacks in the quantum era. In 2018, with the aid of Bonsai Trees technology, Yin et al. [Yin, Wen, Li et al. (2018)] proposed a lattice-based authentication method which can extend a lattice space to multiple lattice spaces accompanied by the corresponding key. Although their scheme has theoretical significance, it is unpractical in actual situation due to extremely large key size and signature size. In this paper, aiming at tackling the critical issue of transaction size, we propose a post quantum blockchain over lattice. By using SampleMat and signature without trapdoor, we can reduce the key size and signature size of our transaction authentication approach by a significant amount. Instead of using a whole set of vectors as a basis, we can use only one vector and rotate it enough times to form a basis. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed anti-quantum transaction authentication scheme over lattice provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the Yin et al. [Yin, Wen, Li et al. (2018)] scheme, our scheme has better performance in terms of energy consumption, signature size and signing key size. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.     

工程制图网络习题集及智能批改系统的研究

分析了工程制图网络习题集及智能批改系统的基本功能,介绍了该系统的界面及系统的架构,并就系统的数据库设计进行了分析,给出了智能批改的实例。在所设计的系统中用户可以在客户机上登陆远程服务器,从服务器上的题库中下载题目。在 AutoCAD绘图环境中完成作业后,立即可以提交到服务器上的作业库中,并可以随时查得批改后的反馈信息。     

An Application of Hydrogen Thermophysical Properties Database “All in One Live CD”

A database for the thermophysical properties of hydrogen that supports a wide range of parameters including high pressures and high temperatures is being developed. The database performance requirements were studied and, in this paper, an application that combines a server–client database and a live CD is proposed. For this, an “All in One Live CD” application has been developed. Web interfaces provide excellent user interfaces for databases. However, there are some disadvantages for web interfaces related to server maintenance and access restrictions. This new application, the “All in One Live CD,” is free of these disadvantages, and provides a database with a property estimation service independent of the computer environment. From a single boot via the “All in One Live CD,” the database becomes accessible on multiple computers so that this feature makes the new application a unique solution as a distribution media.     

Code-based Sequential Aggregate Signature Scheme

This paper proposes the first code-based quantum immune sequential aggregate signature (SAS) scheme and proves the security of the proposed scheme in the random oracle model. Aggregate signature (AS) schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively, and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Because of the aggregation of many signatures into a single short signature, AS and SAS schemes can reduce bandwidth and save storage; moreover, when a SAS is verified, not only the valid but also the order in which each signer signed can be verified. AS and SAS schemes can be applied to traffic control, banking transaction and military applications. Most of the existing AS and SAS schemes are based either on pairing or Rivest–Shamir–Adleman (RSA), and hence, can be broken by Shor’s quantum algorithm for Integer Factoring Problem (IFP) and Discrete Logarithm Problem (DLP). There are no quantum algorithms to solve syndrome decoding problems. Hence, code-based cryptography is seen as one of the promising candidates for post-quantum cryptography. This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory. Specifically, we construct our scheme with the first code based signature scheme proposed by Courtois, Finiasz and Sendrier (CFS). Compared to the CFS signature scheme without aggregation, the proposed sequential aggregate signature scheme can save about 90% storage when the number of signers is asymptotically large.     

一种新的轻量级的RFID认证协议(英文)

无线射频识别技术(RFID)有望在不久的将来取代条形码系统,它的信息存储量以及传输信息的能力相比条形码都有明显的优势。然而,由此引发的用户隐私入侵和系统安全威胁一直是用户日益关注的问题。由于其设备的资源受限,以及无法执行强加密算法,因此于RFID系统中安全协议的执行是一个极大的挑战。为此,近来许多认证协议已被提出以防止未经授权的定位跟踪、检测、假冒、克隆等。本文提出了一种新的有效的轻量级射频识别认证协议,对于某些应用,它已能提供足够的安全级别。该协议中标签只需执行hash和异或运算而阅读器和后台服务器承担大部分的运算量包括伪随机数的产生以及加解密的运算。相比于其他协议,我们实现了防止隐私泄露、伪装等安全攻击的特点,适合于低成本、低计算量的RFID系统。     

A unified global and local interconnect test scheme for Xilinx XC4000 FPGAs

This paper presents a unified global and local interconnect testing scheme for field programmable gate arrays. Adjacency graphs are used to model interconnect resources and their test requirements, and an efficient computer algorithm for automatic derivation of test configurations is given. A device configuration generation tool was developed to reduce the test development cost.     

Measure-Resend Semi-Quantum Private Comparison Scheme Using GHZ Class States

Quantum private comparison is an important topic in quantum cryptography. Recently, the idea of semi-quantumness has been often used in designing private comparison protocol, which allows some of the participants to remain classical. In this paper, we propose a semi quantum private comparison scheme based on Greenberge-Horne-Zeilinger (GHZ) class states, which allows two classical participants to compare the equality of their private secret with the help of a quantum third party (server). In the proposed protocol, server is semi-honest who will follow the protocol honestly, but he may try to learn additional information from the protocol execution. The classical participants’ activities are restricted to either measuring a quantum state or reflecting it in the classical basis{0,1}. In addition, security and efficiency of the proposed schemes have been discussed.