A genetic tango attack against the David–Prasad RFID ultra‐lightweight authentication protocol

Radio frequency identification (RFID) is a powerful technology that enables wireless information storage and control in an economical way. These properties have generated a wide range of applications in different areas. Due to economic and technological constrains, RFID devices are seriously limited, having small or even tiny computational capabilities. This issue is particularly challenging from the security point of view. Security protocols in RFID environments have to deal with strong computational limitations, and classical protocols cannot be used in this context. There have been several attempts to overcome these limitations in the form of new lightweight security protocols designed to be used in very constrained (sometimes called ultra‐lightweight) RFID environments. One of these proposals is the David–Prasad ultra‐lightweight authentication protocol. This protocol was successfully attacked using a cryptanalysis technique named Tango attack. The capacity of the attack depends on a set of boolean approximations. In this paper, we present an enhanced version of the Tango attack, named Genetic Tango attack, that uses Genetic Programming to design those approximations, easing the generation of automatic cryptanalysis and improving its power compared to a manually designed attack. Experimental results are given to illustrate the effectiveness of this new attack.     

X-ray microtomography (microCT) of the progression of sulfate attack of cement paste

High-resolution X-ray computed tomography (i.e., microCT or microtomography) was used to study the sulfate attack of cylinders of Type I cement paste cast with water-cement (w/c) ratios of 0.45, 0.50 and 0.60. Damage levels in samples exposed to a Na₂SO₄ solution with 10,000 ppm sulfate ion concentration were qualitatively rated from 0 (no damage) to 4 (extreme damage) based upon visual examination of the samples' exteriors and microtomography of the samples' interiors. The greater the w/c ratio, the more rapid the onset of sulfate damage. The corners of the cylinders appeared to be particularly susceptible to spalling, and damage may have continued into the cement paste by formation of subsurface cracks.     

轻量级PRESENT加密算法功耗攻击研究

PRESENT密码算法是2007年提出来的一种轻量级分组密码算法, 适合于物联网环境下的安全加密。对PRESENT加密算法结构进行了深入研究, 提出了其适合功耗攻击的两个最佳攻击点, 详细介绍了针对PRESENT加密系统进行功耗分析攻击的设计与实现过程, 实验结果表明未加防护措施的PRESENT加密系统不能抵御一阶差分功耗分析攻击, 从而给PRESENT加密算法的安全改进提供一定的设计参考。     

解决组合公钥共谋攻击和密钥碰撞的新方法

以解决组合公钥体制中共谋攻击和密钥碰撞问题为目的。首先,针对线性共谋攻击,提出了一种新的构造种子矩阵的方法,使得种子密钥和大于基点加法群的阶数,从而使密钥之间不能相互线性表示。其次在密钥的生产过程中,引入系数破坏了层不同和层互斥不同的关系,为解决选择共谋攻击提供了一种有效的方法,同时增强了抵御随机共谋攻击的能力。最后,在密钥产生的流程中,通过公钥对比来避免密钥碰撞,为解决密钥碰撞问题提出了一种新方法。     

两个高效无证书签名方案的替换公钥攻击

对新近提出的两个高效无证书签名方案进行安全性分析,指出这两个签名方案都能受到替换公钥攻击。任意攻击者都可以通过替换签名人的公钥从而达到对任意选择的消息成功伪造签名,分析这两个签名方案能受到替换公钥攻击的根本原因。最后通过这两个攻击总结分析了无证书签名方案设计过程需要注意的要点,这对无证书签名方案的设计具有借鉴意义。     

Sulfate attack of concrete building foundations induced by sewage waters

A case history of a severe degradation of concrete foundation plinths and piers of an about-35-year-old building located in Northern Italy is described. Significant amounts of gypsum, near ettringite and/or thaumasite were detected by X-ray diffraction analyses performed on ground concrete samples. Large gypsum crystals were mainly located at the interface between the cement paste and aggregates, as observed by scanning electron microscopy coupled to energy-dispersive spectroscopy microanalysis. The degradation effects increased with decreasing the distance of concrete structures from an absorbing well located in the courtyard of the building. The well was recognized as the sulfate source due to the microorganism metabolism of sulfur compounds present in the sewage. Consequences of this attack were a very poor bond strength between cement paste and aggregates and a severe cracking of the concrete cover of the steel reinforcement.     

Analysis of impersonation attacks on systems using RF fingerprinting and low-end receivers

Recently, physical layer security commonly known as Radio Frequency (RF) fingerprinting has been proposed to provide an additional layer of security for wireless devices. A unique RF fingerprint can be used to establish the identity of a specific wireless device in order to prevent masquerading/impersonation attacks. In the literature, the performance of RF fingerprinting techniques is typically assessed using high-end (expensive) receiver hardware. However, in most practical situations receivers will not be high-end and will suffer from device specific impairments which affect the RF fingerprinting process. This paper evaluates the accuracy of RF fingerprinting employing low-end receivers. The vulnerability to an impersonation attack is assessed for a modulation-based RF fingerprinting system employing low-end commodity hardware (by legitimate and malicious users alike). Our results suggest that receiver impairment effectively decreases the success rate of impersonation attack on RF fingerprinting. In addition, the success rate of impersonation attack is receiver dependent.     

含碳硫硅酸钙腐蚀产物的微观结构与生成机理

通过X射线衍射分析、扫描电镜、X射线光电子能谱分析、Fourier变换红外光谱分析及激光Raman光谱分析等现代测试技术,分析英国某桥墩基部腐蚀产物的微观结构,证实所取样品中含有大量的碳硫硅酸钙晶体,已发生了明显的碳硫硅酸钙型硫酸盐侵蚀.探讨了碳硫硅酸钙的腐蚀机理.     

基于中位数的用户信誉度排名算法

针对推荐系统易受Spammer攻击的影响,从而导致对象的实际得分不准确的问题,提出基于中位数的用户信誉度排名算法。通过衡量用户信誉度调整用户打分权重,根据中位数具有不易受极端打分影响的特性,选取用户打分与对象得分差距的中位数作为降低用户信誉度的标准,不断迭代调整用户信誉度以及最终得分直至收敛。在多个真实数据集上的运行结果证明,相比现有排名算法,该算法具有更合理的信誉度分布和更高的排名结果准确度,通过该算法预处理后的数据集在SVD++上运行可以得到更低的均方根误差。     

基于攻击树的安全芯片穿透性測试评估

随着安全芯片应用范围的不断扩大和应用环境的日趋复杂,需要通过穿透性测试验证芯片的安全性,同时有必要对测试进行评估。为此,提出一种基于攻击树模型的安全芯片穿透性测试评估方法。分析安全芯片的穿透性测试过程,采用攻击树模型作为穿透性测试的描述模型,在此基础上提出攻击事件的多属性赋值方法、攻击代价的推算方法和攻击路径的分析方法。应用结果表明,该方法可准确评估安全芯片穿透性测试结果。