大规模灾难性DNS安全事件智能防护系统设计研究

随着互联网业务的快速发展,基于域名解析的应用问题层出不穷,DNS作为互联网最重要的基础服务,其安全隐患也日益突出,本文设计了一种大规模灾难性DNS安全事件智能防护系统,通过建立大型容灾数据库,实现单个及大规模域名解析故障时,及时恢复业务,同时通过数据库中海量数据的分析,建立疑似攻击源自动发现和处置机制,系统可实现大幅提升DNS解析正确率、安全性及投诉处理效率.     

Trust model for certificate revocation in ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in ad hoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model.     

学科试题库安全保密系统的设计与实现

文章针对学科试题库安全与保密问题，提出了适用于学科试题库的安全保密系统，并证明了该系统的安全性。该系统具有身份识别、访问权限控制、信息加密、解密以及管理功能。     

3G系统全网安全体制的探讨与分析

文章基于3GPP体制探讨了3G系统的安全机制，重点分析了3G认证与密钥分配协议、加密与完整性保护的过程及其安全性，并针对核心网部分，从ATMPRM出发讨论了将安全功能置于ATM协议栈中不同位置时的几种安全方案。     

票信通产品在信息管税工作中的应用探讨

票信通产品是中国联通利用网络优势与税务机关联合推出的一个网络发票服务产品。文章分析网络发票在我国的应用现状,提出平台的技术架构,介绍票信通产品的主要业务功能。并阐述推广此业务的意义。     

物联网中安全问题研究

物联网作为一种新型的网络架构,被称为继计算机和互联网后信息产业界的第三次革命浪潮。但传统的物联网中没有很好的将安全机制进行阐述和定义,因此,本文通过研究和分析现有的物联网中存在的安全问题,将保护层的概念引入到传统意义的物联网架构中,并对保护层的工作原理和机制进行深入的分析和研究。     

PUFPass: A password management mechanism based on software/hardware codesign

Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability.     

如何建构基于网络环境的医院信息系统安全保障体系

本文提出了如何从硬件和使用、网络规划、软件建设和管理制度各环节构建和保障医院信息系统安全保障体系．     

Controlled elements for designing ciphers suitable to efficient VLSI implementation

This work considers the problem of increasing the performance of the ciphers based on Data-Dependent (DD) operations (DDO) for VLSI implementations. New minimum size primitives are proposed to design DDOs. Using advanced DDOs instead of DD permutations (DDP) in the DDP-based iterative ciphers Cobra-H64 and Cobra-H128 the number of rounds has been significantly reduced yielding enhancement of the “performance per cost” value and retaining security at the level of indistinguishability from a random transformation. To obtain further enhancement of this parameter a new crypto-scheme based on the advanced DDOs is proposed. The FPGA implementation of the proposed crypto-scheme achieves higher throughput value and minimizes the allocated resources than the conventional designs. Design of the DDO boxes of different orders is considered and their ASIC implementation is estimated.