Distributed servers architecture for networked video services

In an on-demand video system, the video repository generally has limited streaming capacities and may be far from the users. In order to achieve higher user capacity and lower network transmission cost, distributed servers architecture can be used, in which multiple local servers are placed close to user pools and, according to their local demands, dynamically cache the contents streamed from the repository. We study a number of caching schemes as applied in the local servers depending on whether the repository is able to multicast movie contents to the local servers or not, and whether the local servers can exchange their cached contents among themselves or not. Our caching schemes keep a circular buffer of data for the movie requested, and hence movies are partially cached. By adjusting the size of the buffer, such caching is able to achieve better tradeoff between network channels and local storage as compared to the traditional caching in which a movie is treated as an entity. For each caching scheme, we study the tradeoff between the local storage and the network channels, and address how the total cost of the system can be minimized by appropriately sizing the buffer. As compared to a number of traditional operations (request batching and multicasting, true-VOD, etc.), we show that distributed servers architecture is able to achieve much lower system cost to offer on-demand video services     

基于本体论的个性化影片推荐技术研究

个性化影片推荐服务是解决目前网络及家庭数字电视应用中影片资源迅速增长,用户"信息迷航"的有效方法.针对影片点播应用,给出了个性化影片推荐服务的体系结构、影片数据建模、用户兴趣偏好模型进行了研究,实现无需用户输入传统推荐方法所需相关个性兴趣信息即可返回与用户当前兴趣相关的影片推荐列表,提出了基于本体论的影片模型,并建立用户兴趣偏好模型,给出了对推荐过程中结合用户信息反馈对推荐结果进行自适应的调整算法.     

A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor

User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real‐time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric‐based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man‐in‐the‐middle attack. We then aim to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.     

VOD节目线程的幂级分配广播方案

在传统的ＶＯＤ广播中，如果希望每１０分钟得到一次收看一部１２０分钟影片的机会，需要１２个视频频道，假设客户端能够在硬盘上缓存影片某些部分，金字塔广播方案能够将带宽缩减到５．７个频道。幂级分配广播方案则仅需要４个频道，对于长度为Ｄ分钟的影片，如果想要将观看者的等待时间缩减到Ｄ／Ｍ分钟，仅需要安排Ｎ（Ｍ）个视频频道来循环广播该影片，其中Ｎ（Ｍ）＝ｌｏｇ２（Ｍ＋１），此方案大幅减少了单个视频点服务的占用     

Broadcasting video with the knowledge of user delay preference

In designing a video broadcasting system, the delay preference of a user is traditionally regarded as unknown. In fact, such preference can be known upon user's arrival by employing some techniques such as: (i) delay-dependent charging, where users are offered different levels of pay-per-view (PPV) depending on the maximum delay they are willing to tolerate; or (ii) reservation, where a user specifies the exact play-time of a movie in advance, and he/she is charged according to the length of the reservation period. We explore, for the first time, the impact of such delay knowledge on request scheduling and system cost in terms of user loss and stream requirement. For delay-dependent charging, we propose "delay-aware broadcasting" (DAB) and its variant based on reservation (DAB-r), where allocation of server streams is driven by the delay tolerance of a user. DAB-r offers differentiated grade of services according to user PPV (and thereof classes). As compared with a system where user delay preference is not known, our schemes achieve substantially lower user loss rate, higher revenue, and better fairness. Regarding reservation system, we consider a scheme where clients can pre-buffer video data. Unicast streams are used to merge requests back to the on-going broadcast streams. We show that a reservation system achieves substantially lower stream requirement as compared to an on-demand system based on "patching".     

铁路企业统一身份认证平台的设计与实现

针对铁路企业工作人员使用多个应用系统需要同时记忆多套用户账号信息的现状,文中基于铁路统一用户管理系统的用户数据,设计了一种铁路应用系统用户的统一身份认证系统。该系统采用单点登录、Token、Cookie、Session共享等技术,实现了用户信息与应用系统的分离、统一用户管理、统一认证、一处登录、处处共享等功能,从根本上解决了不同应用系统重复维护用户信息的问题,使用户能够更便捷地访问不同的应用系统,并保证了不同应用系统间用户信息的一致性、安全性和共享性。     

Research on oblivious keyword search protocols with CKA security

An oblivious keyword search (OKS) protocol allows a user to search and retrieve the data associated with a chosen keyword in an oblivious way. It has stronger security attributes than traditional searchable encryption schemes which suffer from keyword guessing attack. Whereas most of the existing OKS protocols are not satisfactory because they mainly have the following flaws: (1) Large ciphertext‐size, relatively low communication, and computation efficiency; (2) Do not protect both user and database's privacy simultaneity. To deal with the above two problems and to obtain strong privacy, we investigate new approaches to design efficient OKS protocols. Our OKS protocol mainly realizes three contributions: (1) Improving privacy for both users and database servers; (2) Realizing compact cipher‐size; and (3) Overcoming particular security flaws occurred in previous OKS protocols. To prove what precise security can be expected in our OKS protocol, a formal chosen keyword attack model is defined to incorporate real attackers' abilities. Chosen keyword attack model is also utilized to analyze and point out security flaws in current OKS protocols. Efficiency and security comparison with existing OKS protocols is described to indicate their appropriate applications.     

A lightweight anonymous two‐factor authentication protocol for wireless sensor networks in Internet of Vehicles

Internet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.     

A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks

Wireless sensor networks (WSNs) are used for many real‐time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security‐performance‐balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end‐party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real‐world WSNs applications.     

基于Unity的无人机三维视景系统设计与实现

当前无人机显示系统主流多为二维显示,缺乏兼顾仿真训练使用和实际飞行使用的实时、逼真的三维态势显示软件,为实现无人机飞行过程中的实时位置、姿态信息、航线信息、飞行轨迹三维显示,满足无人机飞行过程的多视角三维显示,开发基于Unity三维引擎、计算机虚拟仿真技术的无人机三维视景系统,融以逼真的仿真模型,兼容虚、实相结合的应用模式,最大程度地贴近实际操作,提供真实的无人机飞行三维显示。该系统可以帮助用户提高无人机训练保障水平,优化现场指挥调度模式,营造逼真的虚拟环境,提升训练和观摩效果。     

基于运营商网络的零信任架构落地方案研究

本文介绍了零信任思想及相关概念,结合企业安全战略目标预期、现状调研、规划蓝图、规划设计等内容,提出了基于运营商现网建设情况的零信任架构解决方案,根据实际情况适当加强和补充了安全短板,建立以用户身份为中心,以终端设备、访问行为为决策要素的安全架构,总结出适合运营商网络的零信任架构的场景落地及推广建议。     

贵州广播电视台SDH传输系统

遵循国家广电总局62号令对广播电视安全播出的规定,按照新形势下对电视节目提出的更高要求,并综合考虑贵州广播电视台事业的发展以及传输业务的不断增加,设计了SDH传输系统。该系统的设计思路和系统构成特点具有超前意识,解决了贵州广播电视台原传输系统中存在的安全隐患和带宽枯竭问题,保证了节目的安全传输,满足了节目高标清同播的传输要求。     

基于RFID技术的涉密载体动态安全管理系统

针对当前涉密载体的管理现状,详细分析了涉密载体管理过程中存在的安全隐患,并基于RFID技术和数据库技术,提出了涉密载体动态安全管理系统设计方案。该系统包含涉密载体的电子标识、库存安全、借用审批、动态跟踪、动用查询和销毁六个子系统,可实现涉密载体的全生命周期管理。对涉密载体管理单位有着非常好的参考价值和现实意义。     

不准确CSI下智能反射表面辅助的多用户系统物理层安全方案设计

该文研究智能反射表面(Intelligent Reflecting Surface, IRS)辅助的多用户下行系统中的物理层安全的优化问题。多个用户之间的信息需要相互保密,每个时隙,非信息传输的目标用户视为窃听者,因此这是一个多窃听者的安全传输系统。由于信道的时变性,基站拥有窃听信道的信道状态信息(Channel State Information,CSI)为与真实的CSI间存在误差的过时信息。在此条件下,以系统最坏情况下的保密速率最大化为目标,对基站发射信息信号和人工噪声波束成形矢量,以及IRS的相移矩阵进行联合优化。原始优化问题为非凸半正定规划问题,利用松弛变量、惩罚函数、Charnes-Cooper变换和交替迭代优化等方法将原问题转化为凸问题并求解。仿真结果显示,相较于基准方案,该文所提出的优化算法能有效提高系统的保密速率。     

在线动态可重构SoPC系统设计与实现

针对SoPC系统远程实时更新的实际需要,设计并实现了一种基于Virtex-ⅡPro XC2VP30平台的在线动态可重构SoPC系统.该系统应用IRL设计理念和局部动态重构技术,利用Xilinx公司的ISE8.2、EDK8.2、PlanAhead10.1和SystemGen-erator10.1等开发工具,对算术运算和音...     

高速无线数传技术在集群通信系统中的应用

根据目前模拟集群移动通信系统的发展和现状,给出了一种在用户现有的系统和链路资源下实现高速无线数据传输的解决方案,即利用移动用户终端,通过现有的无线集群系统或常规无线通信系统的无线信道对用户系统的数据库进行实时访问,以获取所需的数据信息,采用高速无线数传调制解调器芯片MX909,使系统数据传输速率达到9.6kb s。     

一种高效的移动互联网网站安全监测方法研究与实现

本文对一种高效的移动互联网网站安全监测方法进行了研究,提出了一种高效率的网站安全综合监测技术方案,并进行了实现,能够集中、统一对网站系统的实时安全状态进行监测,可为网站安全管理及监测工作提供汇总的统计数据,量化工作取得的成绩。可实现对移动互联网网站安全情况进行实时统一监测,准确、及时发现各网站存在的安全漏洞等隐患。     

Trajectory privacy protection method based on location obfuscation

In the process of continuous queries,a method of trajectory privacy protection based on location obfuscation was proposed to solve the problem that K-anonymity was difficult to guarantee user privacy in third party architectrue.Firstly,the (G-1) query obfuscation locations through the location prediction was obtained and the dummy location selection mechanism,and then sent them together with the user’s real query location to different anonymizers to form cloaking regions and sent them to the LBS server for queries,and the query results were returned to the user by different anonymizers.In this method,the user’s real query location was confused by the location obfuscation,and the attacker couldn’t deduce the user’s trajectory from a single anonymizer or the LBS server.The method can enhance the privacy of the user’s trajectory and can effectively solve the performance bottleneck in the single anonymizer structure.Security analysis shows the security of the proposed approach,and experiments show this method can reduce the number of interactions between the user and the LBS server and the overhead of the single anonymizer.     

移动终端安全问题探讨

文中研究了移动终端数据安全的传统威胁以及云计算环境下的新挑战。首先从隐私泄露及资费流失等方面阐述了移动终端传统安全威胁;从云端安全隐患以及终端能力开放性等角度分析了云计算环境引发的终端安全新挑战,并以多个著名的安全事件为例,从技术、人以及管理因素等方面出发,探讨了终端安全问题产生的深层次原因,为普通用户、服务提供商以及管理者提供了相应的建议。文中得出结论:保证移动终端数据安全,预防最关键,管理手段为主,技术手段为辅。     

Cloud-Assisted Mood Fatigue Detection System

This paper introduces basic concept of mood fatigue detection and existing solutions as well as some typical solutions, such as mobile sensing and cloud computing technology. In the first place, we sum up main challenges of mood fatigue detection and the direction of future study. Then one type of system implementation is put forward, such system consists of: 1) Wearable devices used to detect the users’ mood fatigue; 2) Clouds data center; 3) Application and service manager. We take overall consideration of many factors like the user’s physiological information, external environment conditions and user behavior, evaluate accurately through big data analytic technology the users’ state of mood fatigue and to what extent shall one keeps vigilant as well as what measures shall be adopted to improve the users’ working performance and alert the users to keep themselves away from the danger. Finally a real system is established in this paper, it is composed of the smart clothing, cloud platform and mobile terminal application.