国产平台下可靠文件传输软件的设计及实现

在国产自主可控平台加速推广的当下,为实现文件在测控数据传输网不同软硬件平台之间的可靠、快速传输,本文根据相关技术规范,基于文件交换协议(File Exchange Protocol,简称FXP协议),设计并实现功能完备、运行稳定的可靠文件传输软件。软件具备模块化、可移植、基于TCP协议满足用户可靠性需求、基于UDP协议满足用户传输效率需求、兼容不同软硬件平台等的功能特点,并具备满足安全编程需求的软件特性,立足核心代码设计、验证,对软件功能和稳定运行两个方面做了进一步的改良和提升,以满足跨不同软硬件平台稳定运行、恶劣网络环境中可靠传输、畅通网络环境中尽力快速传输的新要求。     

The shadow approach: An orphan detection protocol for mobile agents

Orphan detection in distributed systems is a well-researched field for which many solutions exist. These solutions exploit well defined parent-child relationships given in distributed systems. But they are not applicable in mobile agent systems, since no similar natural relationship between agents exist. Thus new protocols have to be developed. In this paper one such protocol for controlling mobile mobile agents and for orphan detection is presented. The shadow approach presented in this paper uses the idea of a placeholder (shadow) which is assigned by the agent system to each new agent. This defines an artificial relationship between agents and shadow. The shadow records the location of all dependent agents. Removing the root shadow implies that all dependent agents are declared orphan and are eventually be terminated. We introduce agent proxies that create a path from shadow to every agent. In an extension of the basic protocol we additionally allow the shadow to be mobile.The shadow approach can be used for termination of groups of agents even if the exact location of each single agent is not known.     

Engineering TCP transmission and retransmission mechanisms for wireless networks

Transmission Control Protocol (TCP) provides mechanisms for reliable data communications. Although it works well in wired networks, it fails to offer satisfactory performance in lossy and wireless environments. And in the multi-hop wireless infrastructure, packet delivery suffers high cumulative loss rate if traveling over multiple wireless hops. The Selective acknowledgment (SACK) is one header option that might be used to combat segment corruptions in air channels. In this paper, an alternative set of flow control mechanisms is proposed to handle high packet loss rate in a wireless medium. Using a measurement-based mechanism, sustainable segment delivery is achievable through a novel size-reduction method. Multiple segment retransmission mechanisms are introduced to reduce successive timeout events. One single byte loss is sufficient to waste all other bytes in a file received at a destination. That is, a good TCP flow control mechanism should provide a high successful file transmission completion rate, and this is set as our design goal. Through thorough simulations, our proposed multi-segment retransmission designs perform with higher successful file transfer rate and fewer timeout events than NewReno and SACK under a wide range of packet loss probabilities.     

基干Snort的IPv6协议分析技术

在TCP/IP协议的基础上,分别讨论了数据包的封装与分解,IPv6数据包结构和过渡技术,提出了一种准确高效的探测入侵的新技术-协议分析技术,然后详述了协议分析技术在Snort中的应用过程,详细介绍了IPv6解码的过程.结果表明:在Snort中添加IPv6解码模块,使Snort具有了对IPv6数据包的检测能力.     

Simulatable certificateless two-party authenticated key agreement protocol

Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public-key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the so-called key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations. In this paper, we first propose a security model for AKA protocols using certificateless cryptography. Following this model, we then propose a simulatable certificateless two-party AKA protocol. Security is proven under the standard computational Diffie-Hellman (CDH) and bilinear Diffie-Hellman (BDH) assumptions. Our protocol is efficient and practical, because it requires only one pairing operation and five multiplications by each party.     

基于SOAP消息的过度加密攻击检测算法

分析Web服务中的过度加密攻击场景、攻击特点以及SOAP消息特征,提出一种基于简单对象访问协议消息(SOAP)消息的过度加密攻击检测算法。通过检测标签ReferenceList的属性个数统计SOAP消息的加密次数,并将统计出的加密次数与预先设定的阈值进行比较,从而判断是否存在过度加密攻击。在.net WSE安全平台下验证了该检测算法的有效性。     

改进的TCP/RED模型的稳定性分析

TCP自同步特性可提高网络稳定性,TCP/RED拥塞控制模型忽略了TCP自同步特性。针对该问题,提出包含TCP自同步特性更接近实际网络的改进TCP/RED拥塞控制模型。应用Nyquist稳定性判据给出当改进模型在复平面上属于某一不包含-1+j0点的下半平面时的稳定性条件,得到比TCP/RED模型更宽松的RED参数设置范围。NS2仿真验证了该稳定性条件的有效性。     

PANA与Diameter协议结合的体系结构

通过分析Diameter协议和PANA在工作模式及协议结构方面的结合性,提出一套将两者结合使用的完整方案,包括两者结合点关键设备的体系结构和基于Open Diameter开源软件包的实现方法。实验结果证明,该方案可以满足网络系统对认证、授权、计费的复杂要求。     

基于NETCONF的SNMP MIB数据转换

针对SNMP网络管理技术难以满足网络配置管理需求的现状,利用XML在网络管理中的应用优势,提出一种SNMP管理信息库(MIB)到XML格式的数据转换模式。该模式对SNMP MIB数据进行合理的压缩和分类,分析MIB描述规范SMI和XML的语法特征并进行相应转换。该数据转换模式解决了NETCONF目前在数据建模方面的不足,使该协议实现具有更好的通用性和可扩展性。     

改进的无线网络TCP协议跨层设计方法

针对传统TCP协议的拥塞控制机制在无线网络中不能很好地解决数据丢失的问题,提出一种改进的无线网络TCP协议跨层设计方法——NTCP。NTCP将传统TCP功能分割为传输速率控制和数据完整性控制2个部分,避免使用转发节点信息的方法,最大限度地利用无线资源。该方法与传统TCP-Reno方法相比,能提高无线网络的吞吐量,其稳定性和速率自适应能力也有较好的改善。