校园网PPPOE接入认证系统的研究与实现

为了解决网络用户方便、快速、安全的接入并访问校内外资源,本文研究了PPPOE校园网认证及授权系统的体系结构和有关实现技术,提出并实现了PPPOE、RADIUS和MYSQL同步认证结合的校园网认证系统。文中详细介绍了PPPOE服务器的建立过程以及RADIUS、MYSQL的配置方法,并对PPPOE服务器进行性能优化,通过PPPOE连接实验及测试,成功建立了一套安全、高效和稳定的校园网接入认证系统。     

用户身份认证技术在计算机信息安全中的应用

用户身份认证是安全的第一道大门,是各种安全措施可以发挥作用的前提。在计算机信息安全领域中,身份认证是一门重要课程。通过概述信息用户身份认证技术在学校数字校园网络中的应用,阐述了身份认证系统的设计目标,提出了身份认证系统要能以多种方式加以运用,然后对基于PHP的互联网身份认证系统的原理及实现进行了分析,对动态口令用户身份验证流程进行了研究。最后,对依托图片动态验证码实现身份认证和应用MD5算法实现身份验证方法进行了举例分析。     

用VPN集成加密设备强化基层电子政务信息安全

当前,电子政务信息系统已经成为转变政府职能、提高行政效率的有效手段。基层政府部门电子政务系统具有建设资金有限、用户数量少且分散的特点,常依托互联网运行,重要和敏感信息面临巨大安全风险。本文针对该安全需求,提出研制与VPN系统集成的加密设备,实现基于互联网电子政务系统安全、高速加密传输和用户身份鉴别,解决该类系统面临的主要信息安全问题,并最大程度降低传输专线、电子CA认证等系统建设的高昂成本。     

Compact Keccak Hardware Architecture for Data Integrity and Authentication on FPGAs

ABSTRACT

Cryptographic hash functions play a crucial role in networking and communication security, including their use for data integrity and message authentication. Keccak hash algorithm is one of the finalists in the next generation SHA-3 hash algorithm competition. It is based on the sponge construction whose hardware performance is worth investigation. We developed an efficient hardware architecture for the Keccak hash algorithm on Field-Programmable Gate Array (FPGA). Due to the serialization exploited in the proposed architecture, the area needed for its implementation is reduced significantly accompanied by higher efficiency rate. In addition, low latency is attained so that higher operating frequencies can be accessed. We use the coprocessor approach which exploits the use of RAM blocks that exist in most FPGA platforms. For this coprocessor, a new datapath structure allowing parallel execution of multiple instructions is designed. Implementation results prove that our Keccak coprocessor achieves high performance in a small area.     

Investigating the Viability of Multifactor Graphical Passwords for User Authentication

ABSTRACT

Authentication using images (i.e., graphical passwords) is claimed to be one of the alternatives for overcoming weaknesses in the traditional username and password authentication. This paper reports on the study to explore the feasibility of combining two graphical password methods for better security. A graphical password prototype scheme, the Enhanced Graphical Authentication System (EGAS), was developed (which combines the methods of clicking on the image (i.e., click-based) and selecting a series of images (i.e., choice-based). The EGAS was tested by 30 participants randomly chosen from the authors’ university and two evaluations were made; namely user performance of the combined method and the feasibility of authentication strategies toward the introduced method itself. From both evaluations, it is found that positive results have been obtained, which suggest that these methods could be combined together effectively without giving impediment to users.     

Vulnerability Analysis of the Grid Data Security Authentication System

ABSTRACT

A password-based authentication is still the most prevalent authentication method because of its convenience and easy implementations. Since a password is transmitted via network, it has an inherent vulnerability of password exposure to an attacker. A one-time password system reduces the risk of a security breach even when a password is exposed to an attacker, because the password is only meaningful at a given time. A grid data security system uses a technology, GridOne?, which allows the use of a one-time password without requiring preinstalled hardware or software infrastructures, and it provides strong security over conventional password-based authentication systems. We analyzed the weakness of the grid data security authentication system and provide a suggestion to compensate for its vulnerability.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Authentication of the 31 species of toxic and potent Chinese materia medica by microscopic technique assisted by ICP-MS analysis, part 4: four kinds of toxic and potent mineral arsenical CMMs

Toxic and Potent Chinese Materia Medica (T/PCMM) is a special and very important category of Chinese medicines. They have long been used in traditional medical practice and are being used more and more widely throughout the world in recent years. As there may be many fatal toxic effects caused by misusing or confusion of T/PCMM, their quality and safety control arouse increasing attention internationally. Researches on the accurate identification to ensure the safe use of T/PCMM are acquired; however, there are few reports on authentication. We are carrying out a series of studies on 31 T/PCMM originating from plants, animals, minerals, and secreta. In our previous studies, we proved that modern microscopic authentication is a simple, fast, effective, low cost, and less toxic method for identifying animal, seed, and flower T/PCMM. In the present study, we focused on the authentication of four kinds of mineral arsenicals, including orpiment (mainly containing As₂S₃), realgar (mainly containing As₄S₄), arsenolite, and arsenic trioxide (mainly containing As₂O₃). We examined the macroscopic and microscopic characteristics of the above minerals and found that they all can be easily identified and authenticated by using light microscopy coupled with polarized microscopy. Moreover, the authentication results for arsenolite and arsenic trioxide are confirmed by ICP‐MS analysis. We are sure that the morphological and microscopic characteristics indicated here are indispensable to establishing standards for these four mineral T/PCMMs. Microsc. Res. Tech. 74:1‐8, 2011. © 2010 Wiley‐Liss, Inc.     

一种基于HIP的移动性管理机制

主机标识协议（Host Identity Protocol,HIP）是一种综合解决主机移动、多宿主及安全问题的有效方案,为了解决现有HIP机制在处理主机移动时存在切换延迟大、丢包率高等问题,提出了一种高效的基于HIP的移动性管理机制。该机制在基于HIP的层次化设计模型基础上,采用FMIPv6中的快速切换思想,引入了链路层触发机制、预先绑定更新机制和分组缓存转发机制。有效解决了移动主机在不同区域范围内的切换问题,降低了切换延迟和丢包率,改善了移动主机的切换性能,实现了透明、平滑、快速的网络切换。     

家庭网络安全研究

目前,家庭网络是重点研究领域之一,家庭网络提供重要服务之一是远程控制家庭网络里的信息家电,由于家庭网络由异构网络协议和各种服务模型组成,远程控制服务导致家庭网络受到各种安全威胁.分析了国内外家庭网络研究现状和存在的安全威胁,对家庭网络安全研究的各种方法的优缺点进行了分类分析和总结,提出了家庭网络安全研究的科学问题与研究和发展方向,从而为家庭网络安全研究相关技术的进一步研究提供一定的理论基础.为用户提供简单易用、安全可靠的家庭网络环境,并提供隐私保护是家庭网络安全研究的最终目标.