一种基于IBC的零信任安全解决方案

传统IT网络安全架构基于内网安全的假设,安全边界一旦被突破,传统网络安全防护就可能失效,导致网络系统受到严重破坏.为解决上述问题,设计了一种基于标识密码的零信任安全方案.在防护网络中,所有用户和设备都被赋予唯一访问标识,基于国产密码体系搭建标识密钥基础设施,构建统一身份认证体系,对系统主体及客体实施身份认证和加密传输,...     

Identity-based cloud storage integrity checking from lattices

With the rapid development of cloud storage,more and more users are storing their data in the cloud.To verify whether the users’ data stored in the cloud is corrupted,one effective method is to adopt cloud storage integrity checking schemes.An identity-based cloud storage integrity checking scheme was proposed on the small integer solution problem over ideal lattices,and it was proven to be secure against the adaptive identity attacks of clouds in the random oracle model.To validate the efficiency of the scheme,extensive experiments were conducted to make performance-comparisons between the scheme and the existing two identity-based cloud storage integrity checking schemes.The experimental results show that the online tag-generation time and the proof-verification time of the scheme are respectively reduced by 88.32%～93.74% and 98.81%～99.73%.     

Security Architecture on the Trusting Internet of Things

By analyzing existed Internet of Things' system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes' validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes' authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided.     

Research on algorithm for raster map multi-level sharing based on region incrementing color visual cryptography

In view of the characteristics of raster map,important data of the map were divided into different map layers by using the idea of map segmentation.A regional incremental color visual cryptographic scheme for raster map sharing was designed,and a model based on this scheme was proposed.At the same time,the specific application process was given.In order to solve the problem of large pixel expansibility and poor visual effect of image recovery in traditional regional incremental visual cryptography scheme,random numbers and the access structure optimization were used.Construction of the method was simple and the additional overhead of generating and saving the encryption matrix was avoided.The experimental results show that the scheme can achieve multilevel raster map sharing with the map’s perfect recovery,meanwhile the extension of the scheme pixel is greatly reduced.     

Constructions and Properties of General (k,n) Block‐Based Progressive Visual Cryptography

Recently, Hou and others introduced a (2, n) block‐based progressive visual cryptographic scheme (BPVCS) in which image blocks can be gradually recovered step by step. In Hou and others’ (2, n)‐BPVCS, a secret image is subdivided into n non‐overlapping image blocks. When participants stack their shadow images, all the image blocks associated with these t participants will be recovered. However, Hou and others’ scheme is only a simple 2‐out‐of‐n case. In this paper, we discuss a general (k, n)‐BPVCS for any k and n. Our main contribution is to give two constructions (Construction 1 and Construction 2) of this general (k, n)‐BPVCS. Also, we theoretically prove that both constructions satisfy a threshold property and progressive recovery of the proposed (k, n)‐BPVCS. For , Construction 1 is reduced to Hou and others’ (2, n)‐BPVCS.]     

破解HFEM公钥密码方案

为设计后量子公钥密码,赵永哲等人提出了一种基于BMQ问题新的公钥方案。利用有限域上遍历矩阵的性质,从该方案公钥能够直接求出其等价私钥,从而破解了该HFEM公钥密码方案。     

基于中间件的入侵容忍体系结构研究

分析了入侵容忍模型和MAFTIA体系结构及其中间件,将入侵容忍策略应用在中间件的执行过程中,保证不同系统之间具有相同的安全策略.在中间件层实现了基于门限密码技术的密钥管理服务,使得参与者只能拥有一定数量的密钥份额才能恢复密钥进行解密,防止恶意参与者的攻击行为,有效地保护了系统中信息的机密性与完整性.     

Low area field-programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Lightweight ciphers are increasingly employed in cryptography because of the high demand for secure data transmission in wireless sensor network, embedded devices, and Internet of Things. The PRESENT algorithm as an ultra-lightweight block cipher provides better solution for secure hardware cryptography with low power consumption and minimum resource. This study generates the key using key rotation and substitution method, which contains key rotation, key switching, and binary-coded decimal-based key generation used in image encryption. The key rotation and substitution-based PRESENT architecture is proposed to increase security level for data stream and randomness in cipher through providing high resistance to attacks. Lookup table is used to design the key scheduling module, thus reducing the area of architecture. Field-programmable gate array (FPGA) performances are evaluated for the proposed and conventional methods. In Virtex 6 device, the proposed key rotation and substitution PRESENT architecture occupied 72 lookup tables, 65 flip flops, and 35 slices which are comparably less to the existing architecture.