Buffered Cross-Bar Switches, Revisited: Design Steps, Proofs and Simulations Towards Optimal Rate and Minimum Buffer Memory

Regarding the packet-switching problem, we prove that the weighed max-min fair service rates comprise the unique Nash equilibrium point of a strategic game, specifically a throughput auction based on a “least-demanding first-served” principle. We prove that a buffered crossbar switch can converge to this equilibrium with no pre-computation or internal acceleration, with either randomized or deterministic schedulers, (the latter with a minimum buffering of a single-packet per crosspoint). Finally, we present various simulation results that corroborate and extend our analysis.      

Formal Proofs for the Security of Signcryption

Signcryption is an asymmetric cryptographic method that provides simultaneously both message confidentiality and unforgeability at a low computational and communication overhead. In this paper we propose realistic security models for signcryption, which give the attacker power to choose both messages/signcryptexts as well as recipient/sender public keys when accessing the signcryption/unsigncryption oracles of attacked entities. We then show that Zheng's original signcryption scheme is secure in our confidentiality model relative to the Gap Diffie-Hellman problem and is secure in our unforgeability model relative to a Gap version of the discrete logarithm problem. All these results are shown in the random oracle model.     

基于游戏的密码协议自动化安全性证明

Provable security has become a popular approach for analyzing the security of cryptographic protocols. However, writing and verifying proofs by hand are prone to errors. This paper advocates the automatic security proof framework with sequences of games. We make slight modifications to Blanchets calculus to make it easy for parsing the initial game. The main contribution of this work is that it introduces algebraic properties with observational equivalences to automatic security proofs, and thus can deal with some practical cryptographic schemes with hard problems. We illustrate the use of algebraic properties in the framework by proving the semantic security of the ElGamal encryption scheme.     

Stronger Security Proofs for RSA and Rabin Bits

The RSA and Rabin encryption functions are respectively defined as E _N (x) = x ^e mod N and E _N (x) = x ² mod N , where N is a product of two large random primes p , q and e is relatively prime to φ (N) . We present a simpler and tighter proof of the result of Alexi et al. [ACGS] that the following problems are equivalent by probabilistic polynomial time reductions: (1) given E _N (x) find x; (2) given E _N (x) predict the least-significant bit of x with success probability 1/2 + 1/poly(n) , where N has n bits. The new proof consists of a more efficient algorithm for inverting the RSA/ Rabin function with the help of an oracle that predicts the least-significant bit of x . It yields provable security guarantees for RSA message bits and for the RSA random number generator for modules N of practical size. Received 12 July 1996 and revised 8 January 1999     

Security of Blind Signatures Revisited

We revisit the security definitions of blind signatures as proposed by Pointcheval and Stern (J Cryptol 13(3):361–396, 2000). Security comprises the notions of one-more unforgeability, preventing a malicious user to generate more signatures than requested, and of blindness, averting a malicious signer to learn useful information about the user’s messages. Although this definition is well established nowadays, we show that there are still desirable security properties that fall outside of the model. More precisely, in the original unforgeability definition is not excluded that an adversary verifiably uses the same message m for signing twice and is then still able to produce another signature for a new message \(m'\ne m\). Intuitively, this should not be possible; yet, it is not captured in the original definition, because the number of signatures equals the number of requests. We thus propose a stronger notion, called honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that turns any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.     

基于Hash协议的射频识别系统安全对策

RFID巨大的市场潜力和广阔的发展空间使人们不得不考虑其安全应用问题。文章分析了射频识别系统的不安全因素和可能遭受的非法攻击的环节,给出了几种基于Hash协议的射频识别系统安全解决方案。     

Switched-Current Filters Revisited: Square-Root Domain Sampled-Data Filters

In this brief, the well-known switched-current (SI) filtering technique is revisited using the concept of the square-root domain (SRD) filtering. It is proved that SI filters are a subclass of the SRD filters, where sampled-data signal processing is performed. This is achieved by considering typical lossless and lossy SRD sampled-data integrator configurations, using a set of complementary SRD operators which are based on the quadratic I-V relationship of MOS transistor operated in the saturation. Circuit examples are given, where linear-domain integrator and third-order filter configurations were derived using appropriate SRD sampled-data building blocks     

Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs

The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs. An extended abstract of this work appeared in the 2nd Theory of Cryptography Conference (TCC), 2005. This research was supported in part by Grant No. 2004240 from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel. Yehuda Lindell: Some of this work was carried out while Y. Lindell was at IBM T.J. Watson.     

IMS中的网络域安全管理模型

本文提出了IMS中的网络域安全管理模型,分别介绍了IMS中的网络域安全管理结构、密钥管理和分配机制以及PKI结构。此模型引入的安全网关用以生成且管理以PKI结构为基础的密钥和证书。IPSec协议用来提供机密性和完整性保护。     

一种基于Hash函数的RFID安全认证方法

近年来,射频识别(RFID)技术得到越来越多的应用,随之而来的是各种RFID安全问题。对现有的基于Hash函数的RFID认证协议进行分析,针对现有技术存在的不足,提出了一种基于Hash函数的低成本的RFID双向安全认证方法,该方法只需要进行一次Hash函数计算,且加入了标签ID动态更新机制,通过在后台数据库中存储旧的标签ID解决同步问题,与现有技术相比具有一定的优越性。     

面向公共安全领域的综合话音接入系统

随着公共安全应急指挥系统通信方式日趋复杂,如何将各种通信手段进行融合互通和协调,实现有效组网成为应急通信保障的一个重要课题;综合话音接入系统基于先进的IP软交换通信技术和DSP信号处理技术,可以将不同频段的无线电台、模拟集群、数字集群、固定电话、无线手机、卫星电话等各类不同类型的通信设备组成一个统一的通信平台,方便大规模、跨地域组网,对提高公共服务部门工作效率和应急指挥能力有着重要的意义。     

跨安全域隔离与交换

长期以来,人们讨论内网安全,实际上就是在解决两个问题,一是如何保证内网的安全,数据不被泄漏,另外一个问题是随着互联网和信息系统日益普及,如何保障网络既要有安全隔离,也需要安全交换,这两个问题就是我们研究的方向。然而,网络隔离和信息交换本质就是要解决信息封闭性和开放性这一对根本矛盾,信息封闭性需要对信息载体和应用环境提供安全保障,     

Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking

The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively.

     

基于数据全生命周期的电信运营商数据安全管理体系

互联网应用的普及极大地推进了现代社会的发展进程,与此同时用户数据的泄露问题愈加严重,整个社会对数据安全问题的重视程度与日俱增。相较于普通的互联网应用系统,电信运营商的业务系统更加复杂庞大,其数据安全保障工作难度更大。同时,电信运营商作为国家形象的代表,具有维护用户利益、社会稳定的使命,因此亟需建立行之有效的数据保护体系。文章通过对电信运营商数据特点的分析,梳理了电信运营商数据安全的实际需求,提出了一种基于数据全生命周期的数据安全管理体系,为电信运营商开展数据安全管理工作提供有效参考。     

Optimal Patterns for Four-Connectivity and Full Coverage in Wireless Sensor Networks

In this paper, we study optimal deployment in terms of the number of sensors required to achieve four-connectivity and full coverage under different ratios of sensors' communication range (denoted by r_c) to their sensing range (denoted by r_s). We propose a new pattern, the Diamond pattern, which can be viewed as a series of evolving patterns. When r_c/r_s ge sqrt{3}, the Diamond pattern coincides with the well-known triangle lattice pattern; when r_c/r_s le sqrt{2}, it degenerates to a Square pattern (i.e., a square grid). We prove that our proposed pattern is asymptotically optimal when r_c/r_s ≫ sqrt{2} to achieve four-connectivity and full coverage. We also discover another new deployment pattern called the Double-strip pattern. This pattern provides a new aspect to research on optimal deployment patterns. Our work is the first to propose an asymptotically optimal deployment pattern to achieve four-connectivity and full coverage for WSNs. Our work also provides insights on how optimal patterns evolve and how to search for them.     

面向数据全生命周期的数据安全风险分析

大数据分析技术和研究对于人类的价值不可估量,全行业对其的关注度也在显然增加。与此同时,大数据带来的安全威胁也接踵而来,这些威胁伴随着数据从产生到消亡的各个阶段,对数据的使用带来了较大的隐患。文章针对数据的各个生命周期进行了安全性分析,并且总结出了各个阶段的风险特征,阐明了数据各个周期的安全性情况,为云计算时代的数据的安全使用提供了有利的借鉴。     

基于杂凑函数的RFID标签数据安全研究与实现

提出一种改进的基于杂凑函数的RFID标签数据的安全认证算法.该算法采用RFID标签和读写器的双向认证机制,并利用BAN逻辑对其进行形式化分析,结果表明该算法具有前行安全性、重传攻击、哄骗攻击、位置跟踪、不可分辨性等特点,能够较好的解决RFID标签数据的安全隐患问题.     

结合安全域的思想建设安全运营中心

安全域的规划和安全运营中心的建设均是安全建设过程中的重要工作,二者的有机结合可以使网络更加清晰,安全管理更加有效。特别是对金融行业,此建设思路能更有效地计划、实施、检验和改进ISO/IEC17799国际标准中提出的信息安全管理系统(ISMS),也是信息安全技术手段向管理手段过渡的重要里程碑。