A novel software key container in on-line media services

Due to the explosive growth of the Internet and the pervasion of multimedia, protection of IP rights of digital content in transactions induces people’s concerns. For fee-based media services, data encryption may be the best solution for protection of the media. The encryption (decryption) keys placement may be a trivial but crucial issue for users. It is a significant issue that how to practically protect user’s key with the password-based cryptographic scheme and at different security levels. Nowadays, key container storing user’s key can be implemented by hardware or software-only. Unfortunately, the hardware key containers require expensive infrastructure; On the other hand, the software-only key containers are either insecure or impractical. Moreover, both of the hardware and software just store user’s key with the single security level. To solve these problems, we propose a novel software key container in on-line media services that can provide an adaptively secure and practical solution to protect user’s key. We use a human-trapdoor distortion function and symmetric cipher to protect user’s key in our key container so that it is computationally infeasible to break the system by using machine attack alone. The idea is to ensure that people must participate to verify each guessed password in the attack. User can adjust the security level of container according to the security requirement. Therefore, the attacker cannot succeed to extract user’s key within a reasonable time and budget.     

Utilizing bloom filters for detecting flooding attacks against SIP based services

Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks and, on top of that, they offer a field for new attacks or variations of existing ones. Among the various threats–attacks that a service provider should consider are the flooding attacks, at the signaling level, which are very similar to those against TCP servers but have emerged at the application level of the Internet architecture. This paper examines flooding attacks against VoIP architectures that employ the Session Initiation Protocol (SIP) as their signaling protocol. The focus is on the design and implementation of the appropriate detection method. Specifically, a bloom filter based monitor is presented and a new metric, named session distance, is introduced in order to provide an effective protection scheme against flooding attacks. The proposed scheme is evaluated through experimental test bed architecture under different scenarios. The results of the evaluation demonstrate that the required time to detect such an attack is negligible and also that the number of false alarms is close to zero.     

Computational intelligence tools for next generation quality of service management

In this paper we explore the interest of computational intelligence tools in the management of heterogeneous communication networks, specifically to predict congestion, failures and other anomalies in the network that may eventually lead to degradation of the quality of offered services. We show two different applications based on neural and neuro-fuzzy systems for quality of service (QoS) management in next generation networks for voice and video service over heterogeneous Internet protocol (V2oIP) services. The two examples explained in this paper attempt to predict the communication network resources for new incoming calls, and visualizing the QoS of a communication network by means of self-organizing maps.     

基于IMS的移动多媒体广播时移系统信令设计

提出一种基于IMS的移动多媒体广播时移系统架构,该架构融合广播网络和无线移动通信网络,为移动多媒体广播提供时移服务,实现服务与接入无关。设计基于SIP的时移信令流程来完成对时移业务的支撑。利用排队论方法对时移请求信令延迟进行理论分析,结果表明信令延迟能够满足实时性需求,证明该系统是完全可行的。     

基于流量和IP熵特性的DDoS攻击检测方法

针对现有DDoS(Distributed Deny of Service)攻击检测率低、误报率较高等问题进行了深入研究。根据DDoS攻击发生时网络中的流量特性和IP熵特性,建立了相应的流量隶属函数和IP熵隶属函数,隶属函数的上下限参数通过对真实网络环境仿真得到。提出了基于流量和IP熵特性的DDoS攻击检测算法,先判断流量是否异常,再判断熵是否异常,进而判断是否发生了DDoS攻击,提高了。由仿真结果可以看出：单独依靠流量或IP熵都不能很好地检测出DDoS攻击。该算法将流量和IP熵特性综合考虑,准确地检测出了DDoS攻击,降低了误报率,提高了检测率。     

Avalon总线的音频编解码控制器IP核设计

介绍了基于Avalon总线的WM8731音频编解码控制器IP核的设计,包括音频数据访问接口模块和Avalon-MM接口模块等,并利用SOPC技术将其封装成可重用的IP核.自定义IP核的使用,有效降低了该芯片的开发难度,同时也使系统易于扩展和升级,具有较高的灵活性.在Quartus Ⅱ和ModelSim下使用VHDL语言完成了控制器的设计、仿真以及Nios Ⅱ系统的构建,并通过SignalTap Ⅱ逻辑分析仪进行了硬件测试.仿真和测试结果表明,该控制器满足WM8731各项时序要求.     

基于XC6SLX45T平台的PCIe数据卡设计

为提升数据传输速率、提高数据处理灵活性,提出一种基于FPGA的的PCIe数据卡设计方法.该方案选用Xilinx公司的XC6SLX45T平台,采用IP核的方式设计了一款PCIe数据卡.该卡采用DMA传输模式,通过DMA读写提高传输速率,其数据传输速率可达到400 Mbps.     

硬盘保护系统研究

介绍了硬盘保护系统的主要功能和在计算机实验室的实际应用,阐述了硬盘分区规划、实验室机器IP地址的自动分配、硬盘保护系统的使用技巧。     

以太网热敏打印机控制装置的研制

利用热敏打印机体积小、速度快、噪音低、打印清晰等优点,结合目前应用十分广泛的基于TCP/IP协议的以太网技术,设计基于以太网的热敏打印机嵌入式控制装置。本文介绍系统开发的总体方案,系统主要包括硬件设计和软件设计,硬件部分以LM3S8962为控制核心,设计打印头步进电机驱动电路,缺纸和温度检测与保护、键盘与TFT、以太网接口等电路。软件部分设计上位机人机界面、以太网通讯软件,控制装置嵌入μC/OS-II实时操作系统,进行任务的划分和应用层任务软件、文字和图形打印,以太网驱动和步进电机驱动、温度检测与保护等软件设计。     

基于SoPC的SD卡控制器IP核的设计

针对目前在嵌入式平台中使用SD卡控制器专用芯片价格昂贵、软件模拟SPI时序控制读写速度较慢的问题,提出了一种基于SoPC技术的SD卡控制器IP核设计的架构方案.采用VHDL语言设计SD卡控制器IP核,利用自定义模块技术将其添加到SoPC中,利用Nios Ⅱ IDE编写SD卡的基础读写驱动软件并移植μC/FS文件系统,实...