用VPN集成加密设备强化基层电子政务信息安全

当前,电子政务信息系统已经成为转变政府职能、提高行政效率的有效手段。基层政府部门电子政务系统具有建设资金有限、用户数量少且分散的特点,常依托互联网运行,重要和敏感信息面临巨大安全风险。本文针对该安全需求,提出研制与VPN系统集成的加密设备,实现基于互联网电子政务系统安全、高速加密传输和用户身份鉴别,解决该类系统面临的主要信息安全问题,并最大程度降低传输专线、电子CA认证等系统建设的高昂成本。     

Anatomy of a Data Breach

ABSTRACT

In the wake of undiscovered data breaches and subsequent public exposure, regulatory compliance and security audit standards are becoming more important to protecting critical assets. Despite the increase in the number of data breaches via illicit means, internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised. According to the Identity Theft Resource Center, 336 breaches have been reported in 2008 alone, 69%?greater than this time last year ¹ 1. Identity Theft Resource Center. (2008, July 15). IRTC 2008 Breach List. . This is a concern for security teams, especially since a lack of dedicated resources exists to combat and revert this trend.

This is significantly important to take into consideration when going through the formal audit process to certify adherence to Sarbanes-Oxley (SOX), Graham Leach Bliley (GLBA), Payment Card Industry (PCI), or the Health Insurance and Portability and Accountability Act (HIPAA). With the significant increase in data exposure corporations cannot afford to take shortcuts when it comes to information assurance. Otherwise it is almost certain that one will become a victim of a serious exposure of sensitive information. This paper will explore the several disconnects between established and accepted security audit framework and the variable of hidden infections.     

SSH-Based Device Identity and Trust Initialization

ABSTRACT

Managing devices in distributed network environments is always challenging. There are two fundamental problems that constantly puzzle network administrators. First, how are devices securely identified? Second, how can devices initialize trust between each other? This paper introduces a Secure Shell (SSH) public key-based device identification and trust initialization mechanism. By utilizing the widely deployed SSH protocol stacks, a device's SSH public keys, together with the attributes that describe the name, location, version, capabilities, etc., of a device, are registered as secure device identities. By exchanging the public key using SSH protocol itself, a circle of mutual trust can be initialized between managed devices and a central administration console. The mutual trust allows configuration data to be pushed from the administration console to all the trusted devices. It can also be used as the trust anchor to further initialize other type of trust.     

Analyzing settings for social identity management on Social Networking Sites: Classification,current state,and proposed developments

The rising prevalence of Social Networking Sites (SNS) and their usage in multiple contexts poses new privacy challenges and increasingly prompts users to manage their online identity. To address privacy threats stemming from interacting with other users on SNS, effective Social Identity Management (SIdM) is a key requirement. It refers to the deliberate and targeted disclosure of personal attribute values to a subset of one's contacts or other users on the SNS. Protection against other entities such as the site operator itself or advertisers and application programmers is not covered by SIdM, but could be incorporated in further refinement steps. Features and settings to perform SIdM have been proposed and subsequently implemented partly by some SNS. Yet, these are often isolated solutions that lack integration into a reference framework that states the requirements for successfully managing one's identity. In this article, such a reference framework of existing and desired SIdM settings is derived from identity theory, literature analysis, and existing SNS. Based thereupon, we examine the SIdM capabilities of prevalent SNS and highlight possible improvements. Lastly, we reason about developing a metric to objectively compare the capability of SNS in regards to their support for SIdM.     

跨平台、跨应用的单点登录算法设计与实现

校园网中存在多Web的应用系统,而每个Web应用服务器都有一个身份认证,给教师和学生在使用上带来很多不便.讲述了通过Session的分布式认证系统完成多平台单点登录的安全算法的实现过程.     

基于动态联盟的一种身份信任计算模型

在动态联盟中,身份管理是确保信息安全的一种手段,但是随着联盟成员数日益增多,传统的身份管理难以妥善应对当前较为复杂的环境,尤其当成员之间无交互历史时,数据交换的可靠性无法保障。文中研究了不同计算环境中的多种信任管理方法,并把P2P的推荐评价机制应用到动态联盟的身份管理中,提出了一种基于推荐的身份信任管理的算法。在这种算法中,身份的信任值由多因素加权综合而成,其中推荐信任值在算法中起到关键的作用。该算法试图为解决复杂的动态联盟环境下的身份管理问题提供一种途径。     

一一对应人脸自动识别身份验证的方法与应用

为实现人脸自动识别科技成果的广泛应用,本文规避现有的人脸自动识别的缺陷与不足,借鉴其成熟技术,提出在固定背景和光照的条件下,采用一对一比对,在＂合作用户＂领域中将人脸自动识别应用于身份验证的新方法。通过对人脸自动识别现有成熟技术、发展趋势和发展前景的论证,得出一一对应人脸自动识别身份验证的方法的技术路线完全可行,值得推广应用的结论。     

下采样和插值同一性的实现及其应用

针对常用的图像下采样方法无法满足不同应用需要的问题,提出下采样和插值在实现技术上具有同一性的特点,下采样可以采用插值的大量先进技术。将下采样与插值均看作是对邻域未知像素的预测,建立了统一的像素预测模型。实验结果验证了该同一性的思想,并表明与常用的下采样方法相比,在具有保持特征、保护边缘、维持平滑等特性的基础上,能够使下采样后的图像保持更多的信息,从而为下采样在不同应用中的实现提供了更多可选择的方法。     

基于混沌系统和极化恒等式的数字图像加密算法

混沌系统具有初值敏感性,参数敏感性和类随机性等特性。将图像分成大小为8 8的图像子块,利用经典的Logistic方程产生的混沌序列并对其排序生成匹配模板来改变图像子块的位置,然后利用极化恒等式内积分解加密算法改变图像像素的值。因此,基于混沌系统和极化恒等式的数字图像加密算法使图像的像素的位置和值都发生了变化,实现了图像的混淆和扩散。仿真实验表明该方法进行图像加密具有可行性和安全性。     

基于混沌系统和极化恒等式的数字图像加密算法

混沌系统具有初值敏感性。参数敏感性和类随机性等特性将图像分成大小为88的图像子块,利用经典的Logistic方程产生的混沌序列并对其排序生成匹配模板来改变图像子块的位置,然后利用极化恒等式内积分解加密算法改变图像像素的值因此,基于混沌系统和极化恒等式的数字图像加密算法使图像的像素的位置和值郜发生了变化,实现了图像的混淆和扩散仿真实验表明该方法进行图像加密具有可行性和安全性。