信息安全中的光学加密技术

光学加密技术作为一种新的加密手段,近年来得到了快速发展,成为现代加密技术的重要研究内容之一.简要概括光学加密技术的产生和发展过程.就影响较大的几种光学加密技术,如双随机相位编码方法、基于分数傅里叶变换的加密方法、基于菲涅耳变换的加密方法、基于联合变换相关器的加密系统、利用离轴数字全息的加密系统和利用相移干涉技术的加密系统以及基于相位恢复算法的加密技术等作了分类评述和讨论.介绍各种加密方案的技术特点和实现方法,讨论实际应用中尚存在的问题,并对其应用前景作了进一步阐述.     

WSN中典型的攻击模型与安全策略研究

如何提高无线传感器网络的安全性这一问题,己经成为了当今信息领域研究的新热点。对无线传感器网络中的典型攻击模型,以及当前针对这些攻击的防范和检测策略进行了综合分析,并在深入评估现有安全策略的优势与不足的基础上,指明了无线传感器网络安全策略研究的新方向。     

谈中小型MIS的数据加密与安全性

本文讨论了中小型MIS的数据加密与安全性，给出了移位等数据加密的变换方式及数据库的安全保护措施与步骤。     

计算机局域网络的安全性和保密技术

文章着重讨论了计算机网络安全研究中的重要内容之一－数据加密技术。首先,文章概括介绍了网络信息加密的基本结构原理;其次,通过从技术角度的分析比较,提出了一种探索性方案－网络安全卡,供大家参考,讨论。     

密码学在产品数据管理领域的应用

人类进入了网络时代,企业为了提升竞争力,纷纷上马ERP,MIS,PDM等应用系统,而这些系统也渐渐从局域网扩展到互联网.网络安全,数据安全正受到日益关注.文章就计算机密码学在企业PDM（产品数据管理）中的应用作一探讨.     

基于Petri网的数字媒体分发协议的安全性证明

 安全协议的形式化证明是目前的一个热点和难点问题.本文以一种数字媒体分发协议(DMDP)为例,采用基于Petri网模型并结合进程代数和逻辑归纳方法对其进行形式化证明,新的方法有效避免了状态空间爆炸问题.在证明过程中,采用协议安全性等价原则,对分发协议进行简化,使证明更加简洁.文章同时对证明方法的完备性进行了讨论,说明了Petri网模型证明协议安全性的有效性.     

用于多媒体加密的基于身份的密钥协商协议的安全性

最近Yi等(2002)提出了一个用于多媒体加密的基于身份的密钥协商协议。协议建立在Diffie-Hellman 密钥交换协议和RSA公钥密码体系之上。Yi等分析了协议的安全性,并认为该协议对于恶意攻击是鲁棒的。然而,本文证明该协议对于某些攻击如伪造秘密信息和篡改交换消息是脆弱的,并分析了该协议受到这些攻击的原因。本文指出由于该协议内在的缺陷,该协议可能难于改善。     

Characterization of Security Notions for Probabilistic Private-Key Encryption

The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. Here, we focus on the case of private-key encryption. Extending security notions from the public-key setting, we define security in the sense of both indistinguishability and non-malleability against chosen-plaintext and chosen-ciphertext attacks, considering both non-adaptive (i.e., ``lunchtime') and adaptive oracle access (adaptive here refers to an adversary's ability to interact with a given oracle even after viewing the challenge ciphertext). We then characterize the 18 resulting security notions in two ways. First, we construct a complete hierarchy of security notions; that is, for every pair of definitions we show whether one definition is stronger than the other, whether the definitions are equivalent, or whether they are incomparable. Second, we partition these notions of security into two classes (computational or information-theoretic) depending on whether one-way functions are necessary in order for encryption schemes satisfying the definition to exist. Perhaps our most surprising result is that security against adaptive chosen-plaintext attack is (polynomially) equivalent to security against non-adaptive chosen-plaintext attack. On the other hand, the ability of an adversary to mount a (non-adaptive) chosen-plaintext attack is the key feature distinguishing computational and information-theoretic notions of security. These results hold for all security notions considered here.     

韩国加密标准的安全性分析

SEED是韩国的数据加密标准,设计者称用线性密码分析攻击SEED的复杂度为2^335.4,而用本文构造的15轮线性逼近攻击SEED的复杂度为2³²⁸.为了说明SEED抵抗差分密码分析的能力,设计者首先对SEED的变体SEED^*做差分密码分析,指出9轮SEED*对差分密码分析是安全的;利用SEED^*的扩散置换和盒子的特性,本文构造SEED^*的9轮截断差分,因此10轮SEED^*对截断差分密码分析是不免疫的.本文的结果虽然对SEED的实际应用构成不了威胁,但是显示了SEED的安全性并没有设计者所称的那样安全.     

网络安全与信息加密技术浅析

随着网络技术的飞速发展,网络安全问题日益重要,而加密技术则是网络安全技术中的核心技术,本文介绍了网络与信息安全技术体系结构,对目前信息加密技术进行了分析,阐述了加密算法的优缺点,同时对加密技术的发展趋势进行了描述。     

密钥托管加密系统及其安全性分析

本文在介绍密钥托管加密系统各部分组成及其功能的基础上，讨论了各部分之间的关系，并总结出密钥托管加密系统的一般模型，然后据此对密钥托管加密系统环境的安全性进行了分析。     

无线局域网安全加密算法的研究

分析讨论无线局域网的安全现状及现有的安全机制存在的问题,主要研究目前常见的安全加密算法WEP,详细阐述WEP加密算法的原理、指出WEP协议自身存在的安全漏洞,并针时漏洞和攻击提出了改进型的WEP加密算法建议,仿真实验表明改进后的加密算法对无线局域网的安全防范有非常好的加强作用.     

A Security Framework for NoC Using Authenticated Encryption and Session Keys

Network on Chip (NoC) is an emerging solution to the existing scalability problems with System on Chip (SoC). However, it is exposed to security threats like extraction of secret information from IP cores. In this paper we present an Authenticated Encryption (AE)-based security framework for NoC based systems. The security framework resides in Network Interface (NI) of every IP core allowing secure communication among such IP cores. The secure cores can communicate using permanent keys whereas temporary session keys are used for communication between secure and non-secure cores. A traffic limiting counter is used to prevent bandwidth denial and access rights table avoids unauthorized memory accesses. We simulated and implemented our framework using Verilog/VHDL modules on top of NoCem emulator. The results showed tolerable area overhead and did not affect the network performance apart from some initial latency.     

基于可提取哈希证明系统的多策略加密方案

哈希证明系统由Cramer-Shoup在2002年首次提出,到目前为止仍是密码工作者的研究热点之一.进而,Wee在2010年提出可提取哈希证明系统的概念,其可用来构造基于查找性困难假设的公钥加密方案.本文在可提取哈希证明系统之上,通过重新定义系统参数的意义,扩大了可提取哈希证明系统的密码学应用范围.我们利用可提取哈希证明系统的框架构造了一个基本的基于Diffie-Hellman关系的All-But-One可提取哈希证明系统.在此基础上细粒度了辅助输入,引入权重计算,给出了一个基于标签和可变策略的CCA加密方案,并进行了详细的安全性证明.特别的,该方案比可提取具有更丰富的抽象表达,即是All-But-N的,也即在提取模式中由标签决定的分支数量可以有n个.同时,该方案是基于困难性可搜索问题,本质上是基于计算性的Diffie-Hellman问题.     

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting

Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O’Neill (CRYPTO ’07), provides an alternative to randomized public-key encryption in various scenarios where the latter exhibits inherent drawbacks. A deterministic encryption algorithm, however, cannot satisfy any meaningful notion of security when the plaintext is distributed over a small set. Bellare et al. addressed this difficulty by requiring semantic security to hold only when the plaintext has high min-entropy from the adversary’s point of view. In many applications, however, an adversary may obtain auxiliary information that is related to the plaintext. Specifically, when deterministic encryption is used as a building block of a larger system, it is rather likely that plaintexts do not have high min-entropy from the adversary’s point of view. In such cases, the framework of Bellare et al. might fall short from providing robust security guarantees. We formalize a framework for studying the security of deterministic public-key encryption schemes with respect to auxiliary inputs. Given the trivial requirement that the plaintext should not be efficiently recoverable from the auxiliary input, we focus on hard-to-invert auxiliary inputs. Within this framework, we propose two schemes: the first is based on the d-linear assumption for any d≥1 (including, in particular, the decisional Diffie–Hellman assumption), and the second is based on a rather general class of subgroup indistinguishability assumptions (including, in particular, the quadratic residuosity assumption and Paillier’s composite residuosity assumption). Our schemes are secure with respect to any auxiliary input that is subexponentially hard to invert (assuming the standard hardness of the underlying computational assumptions). In addition, our first scheme is secure even in the multi-user setting where related plaintexts may be encrypted under multiple public keys. Constructing a scheme that is secure in the multi-user setting (even without considering auxiliary inputs) was identified by Bellare et al. as an important open problem.     

Pairing-Free Certificateless Key-Insulated Encryption with Provable Security

Certificateless encryption attracts a lot of attention so far by eliminating the key escrow problem in identity-based encryption and public key certificates in the traditional public key cryptography. By considering the threat from the key exposure, it is desirable to incorporate the idea of key-insulated cryptosystem into the certificateless encryption. In this paper, we have designed an efficient certificateless key-insulated encryption (CL-KIE) scheme to achieve this goal. By our approach, the computational performance of our scheme has been improved significantly in terms of reduction on running time and storage. We also gave the security proof of the new CL-KIE scheme against the chosen plaintext attacks (CPAs) in the random oracle, considering the assumption of the computational Diffie-Hellman (CDH) problem.     

信息安全中的DES加密算法

根据密钥类型不同将现代密码技术分为2类：一类是对称加密(秘密钥匙加密)系统；另一类是公开密钥加密(非对称加密)系统。着重讨论DES的加密算法，详细论述了DES的算法流程，并探讨了DES算法的缺陷和漏洞。     

可验证加密及其在网络安全中的应用

在不断发展的网络交易中,公平交换起着重要的作用,而可验证加密是公平交换协议的重要基础之一。首先介绍了可验证加密及其安全的定义,描述了相关的密码技术,最后讨论了有效的可验证加密方案。可验证加密技术的研究与发展对于网络中的公平交换非常重要。     

基于密码学的访问控制和加密安全数据库

在数据库安全领域的研究中,"数据库管理者"对数据库安全带来的安全隐患越来越受到研究者的关注,尤其是在基于互联网的网络应用提供商(Internet service provider)模式的数据库系统中,这种安全威胁更为严重.传统的数据库访问控制(存取控制)方法,对此安全隐患不能提供有效的安全防范.密码学的安全数据库技术,因为其基于数学难解问题的计算复杂性,成为解决数据库安全问题的日渐重要的方法.本文分析了迄今为止各种不同的,针对分布式数据库应用的安全威胁,并对密码学安全数据库中的基于密码学的访问控制算法和加密数据库技术进行了综述,并对各类方法的密码学原理,算法特性以及其优缺点进行了分析和描述.     

基于SDH的自动交换光网络安全保密技术研究

基于SDH的自动交换光网络是指传送平面采用SDH交换方式的自动交换光网络,它通过引入控制平面,实现了网络资源的实时按需分配,从而实现光网络的智能化。自动交换光传送网是未来光传送网的发展方向,是一个容量更大、高度灵活、智能管理及动态配置的光传送网。结合基于SDH的自动交换光传送网的特点,对其传送平面、管理平面和控制平面安全保密技术进行了研究和论述,并提出了相应的设计思路和解决方案。