基于移动信息化的安全接入平台建设

为提高移动信息化接入的安全级别,保障组织内部业务的安全运作,在传统网络安全架构的基础上,使用第二层隧道协议和混合加密技术构建一个安全接入平台。根据平台的功能及其安全性,将移动信息化区域分为5类,并为每一类区域制定安全策略,使原本限制在内网中的业务系统可以安全地在移动终端上使用。实际应用结果表明,该平台可以保证用户身份的匿名性、数据机密性、数据完整性、数据新鲜性及不可抵赖性。     

基于身份的远程用户认证方案

研究近期提出的2个远程用户认证方案,对其进行伪造攻击。利用基于身份的签名思想提出一个基于身份的远程用户认证方案,在实现动态认证的同时无须用户与远程服务器端交互,通信量小,远端服务器无须保存或维护任何口令或验证表,存储代价低,可以避免口令攻击、重放攻击、伪造攻击、中间人攻击等,安全性高。     

基于B／S结构的嵌入式指纹识别与管理终端

提出一种基于B／S结构的嵌入式指纹识别与管理终端。该终端基于S3C4510B微控制器,并在其上移植了uClinux操作系统。它独立完成了指纹的采集、识别、存储及管理等功能,并通过嵌入式WebServer连入Intemet。该文介绍了此终端的软、硬件设计及实现。     

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations： separating a principal executing a run of protocol from the role in the protocol, and inferring a principal＇s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability （SAT） problem and efficiently implemented by a modern SAT solver.     

AVS视频解码的错误检测与掩盖方法

研究了视频误码的语法/语义检测、相关性检测方法和错误掩盖方法,分析了AVS的技术特性。在此基础上提出了一种基于AVS的错误两步检测法和基于图像编码帧类型(I,P,B)的自适应错误掩盖方法。实验结果表明,两步检测法能对AVS码流中的错误进行准确定位,自适应错误掩盖方法对图像的恢复效果显著。同时该方法不中断解码器,不影响解码器的实时解码速度。     

一种安全的LEACH路由算法

在研究低功耗自适应集簇分层型路由协议的基础上,从路由安全的攻防角度入手,分析现有各种路由攻击手段的原理、特点及危害,提出一种基于身份认证的密钥协商安全防范密钥管理对策,同时利用秘密共享技术防范关键点攻击,为无线传感器网络安全路由的设计与实现提供一个可行的方案。     

Lattice Vector Quantization Applied to Speech and Audio Coding

Lattice vector quantization(LVQ) has been used for real-time speech and audio coding systems.Compared with conventional vector quantization,LVQ has two main advantages:It has a simple and fast encoding process,and it significantly reduces the amount of memory required.Therefore,LVQ is suitable for use in low-complexity speech and audio coding.In this paper,we describe the basic concepts of LVQ and its advantages over conventional vector quantization.We also describe some LVQ techniques that have been used in speech and audio coding standards of international standards developing organizations(SDOs).     

基于LDAP和双因素身份认证的统一认证

从目前企业的安全体系和安全策略出发,本文设计了一套适用于目前多种企业应用的统一认证系统,使用LDAP标准协议管理用户信息,实现了统一管理、统一授权;采用了双因素认证服务器作为认证引擎,加强了身份认证的强度。     

A novel electronic cash system with trustee-based anonymity revocation from pairing

Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the user’s identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works.