信息化进程的研究

针对信息化发展中各个阶段的显著特点,将其划分为信息化建设、信息安全保障和信息安全评价指标体系3个重要过程;并针对每个过程进行了研究,说明了3个阶段之间的关联关系;提出了适应于中国国情的信息安全保障IA(Information Assurance)的运筹(Operational)机制;研究了以安全基线政策(Security Baseline Policy)为核心的信息安全评价指标体系(Indicator)。最后,总结了每个信息化过程的发展特征,分析了今后的发展方向。     

一种适合Java环境的中文快速排序和模糊检索方法

涉及中文字符串记录的数据库管理是Java开发中的常见问题。由于Java语言对中文支持不足,导致中文字符串记录的排序不能很好地满足应用要求。该文在与当前中文排序方法比较分析的基础上,提出了一种通用的排序方法,适用于Java环境下中文字符串和数字类型记录的排序过程,较好地解决了中文字符串数据集记录的排序问题,并且针对记录添加和检索时易出现的谐音拼写错误,提出了谐音检索方法,提高了检索过程的容错和纠错性能。     

A performance evaluation of scalable live video streaming with nano data centers

To improve the efficiency and the quality of a service, a network operator may consider deploying a peer-to-peer architecture among controlled peers, also called here nano data centers, which contrast with the churn and resource heterogeneity of peers in uncontrolled environments. In this paper, we consider a prevalent peer-to-peer application: live video streaming. We demonstrate how nano data centers can take advantage of the self-scaling property of a peer-to-peer architecture, while significantly improving the quality of a live video streaming service, allowing smaller delays and fast channel switching. We introduce the branching architecture for nano datacenters (BAND), where a user can “pull” content from a channel of interest, or content could be “pushed” to it for relaying to other interested users. We prove that there exists an optimal trade-off point between minimizing the number of push, or the number of relaying nodes, and maintaining a robust topology as the number of channels and users get large, which allows scalability. We analyze the performance of content dissemination as users switch between channels, creating migration of nodes in the tree, while flow control insures continuity of data transmission. We prove that this p2p architecture guarantees a throughput independently of the size of the group. Analysis and evaluation of the model demonstrate that pushing content to a small number of relay nodes can have significant performance gains in throughput, start-up time, playback lags and channel switching delays.     

基于动态门控特征融合的轻量深度补全算法

稠密深度图在自动驾驶和机器人等领域至关重要,但是现今的深度传感器只能产生稀疏的深度测量,所以有必要对其进行补全.在所有辅助模态中, RGB图像是常用且易得的信息.现今的许多方法都采用RGB和稀疏深度信息结合进行补全.然而它们绝大部分都是利用通道拼接或逐元素求和简单的对两种模态的信息进行融合,没有考虑到不用场景下不同模态特征的置信度.提出一种以输入深度稀疏分布为指导,结合双模态信息量的动态门控融合模块,通过动态产生融合权重的方式对两个模态特征进行更高效的结合.并且根据不同模态的数据特征设计了精简的网络结构.实验结果表明所提出模块和改进的有效性,提出的网络在两个有挑战性的公开数据集KITTI depth completion和NYU depth v2上,使用了很少的参数量达到了先进的结果,取得了性能和速度的优秀平衡.     

Container-Based Internet of Vehicles Edge Application Migration Mechanism

Internet of Vehicles (IoV) applications integrating with edge computing will significantly drive the growth of IoV. However, the contradiction between the high-speed mobility of vehicles, the delay sensitivity of corresponding IoV applications and the limited coverage and resource capacity of distributed edge servers will pose challenges to the service continuity and stability of IoV applications. IoV application migration is a promising solution that can be supported by application containerization, a technology forseamless cross-edge-server application migration without user perception. Therefore, this paper proposes the container-based IoV edge application migration mechanism, consisting of three parts. The first is the migration trigger determination algorithm for cross-border migration and service degradation migration, respectively, based on trajectory prediction and traffic awareness to improve the determination accuracy. The second is the migration target decision calculation model for minimizing the average migration time and maximizing the average service time to reduce migration times and improve the stability and adaptability of migration decisions. The third is the migration decision algorithm based on the improved artificial bee colony algorithm to avoid local optimal migration decisions. Simulation results show that the proposed migration mechanism can reduce migration times, reduce average migration time, improve average service time and enhance the stability and adaptability of IoV application services.     

Revisiting the security of secure direct communication based on ping-pong protocol[Quantum Inf. Process. 8, 347 (2009)]

A. Chamoli and C.M. Bhandari presented a secure direct communication based on ping-pong protocol[Quantum Inf. Process. 8, 347 (2009)]. M.Naseri analyzed its security and pointed out that in this protocol any dishonest party can obtain all the other one’s secret message with zero risk of being detected by using fake entangled particles (FEP attack) [M. Naseri, Quantum Inf. Process. online]. In this letter, we reexamine the protocol’s security and discover that except the FEP attack, using a special property of GHZ states, any one dishonest party can also take a special attack, i.e., double-CNOT(Controlled NOT) attack. Finally, a denial-of-service attack is also discussed.     

指定验证者签名方案的安全性分析

对Kang等人和张学军提出的2个基于身份的指定验证者签名方案(Kang方案和Zhang方案)进行安全性分析,指出在Kang方案中,非指定验证者也可以验证签名的有效性,不能抵抗伪造攻击和授权攻击,Zhang方案也不满足不可伪造性、强壮性和不可授权性。     

基于认证协议的Web单点登录优化设计

针对Kerberos认证协议Web环境中进行单点登录存在的安全隐患,基于Schnorr协议的挑战/响应方式,结合Secure Cookies、HttpSession解决Web环境下HTTP协议的无状态性及服务器间的安全会话。实验结果表明,该方案性能稳健,响应速度快,防攻击力强,具有良好的实用价值和应用前景。     

Multi-party covert communication with steganography and quantum secret sharing

In this paper, we address the “multi-party covert communication”, a stronger notion of security than standard secure multi-party communication. Multi-party covert communication guarantees that the process of it cannot be observed. We propose a scheme for steganographic communication based on a channel hidden within quantum secret sharing (QSS). According to our knowledge nobody has ever raised the scheme, providing us the motivation for this work. To an outside observer, participants will engage in a typical instance of QSS, just like the others. But when the session is over, covert multi-party communication has already been done. Further analysis shows that the amount of hidden information one can acquire is 0, even if either an outside observer guesses the covert communication is carrying on or a dishonest participant is eavesdropping.     

An efficient secure proxy verifiably encrypted signature scheme

Verifiably encrypted signature is an important cryptographic primitive, it can convince a verifier that a given ciphertext is an encryption of signature on a given message. It is often used as a building block to construct an optimistic fair exchange. In this paper, we propose a new concept: a proxy verifiably encrypted signature scheme, by combining proxy signature with a verifiably encrypted signature. And we formalize security model of proxy verifiably encrypted signature. After a detail construction is given, we show that the proposed scheme is provably secure in the random oracle model. The security of the scheme is related to the computational Diffie–Hellman problem.