3G系统全网安全体制的探讨与分析

文章基于3GPP体制探讨了3G系统的安全机制，重点分析了3G认证与密钥分配协议、加密与完整性保护的过程及其安全性，并针对核心网部分，从ATMPRM出发讨论了将安全功能置于ATM协议栈中不同位置时的几种安全方案。     

Distributed detection of replica node attacks with group deployment knowledge in wireless sensor networks

Several protocols have been proposed to mitigate the threat against wireless sensor networks due to an attacker finding vulnerable nodes, compromising them, and using these nodes to eavesdrop or undermine the operation of the network. A more dangerous threat that has received less attention, however, is that of replica node attacks, in which the attacker compromises a node, extracts its keying materials, and produces a large number of replicas to be spread throughout the network. Such attack enables the attacker to leverage the compromise of a single node to create widespread effects on the network. To defend against these attacks, we propose distributed detection schemes to identify and revoke replicas. Our schemes are based on the assumption that nodes are deployed in groups, which is realistic for many deployment scenarios. By taking advantage of group deployment knowledge, the proposed schemes perform replica detection in a distributed, efficient, and secure manner. Through analysis and simulation experiments, we show that our schemes achieve effective and robust replica detection capability with substantially lower communication, computational, and storage overheads than prior work in the literature.     

移动Ad Hoc网络的安全体系结构研究

移动Ad Hoc网络是一种特殊的自组织无中心多跳的无线网络，网内节点所具有的移动和分布特性使得安全成为网络设计的重点。本文首先对移动Ad Hoc网络的特点进行了介绍，然后结合移动Ad Hoc网络的特点分析了移动Ad Hoc网络面临的安全威胁，最后从系统体系结构的角度对移动Ad Hoc网络的安全问题进行了详细讨论。     

整机电子产品企业标准制定刍议

整机电子产品企业标准是企业产品的法律依据。从技术、工艺、安全、检验等参数进行规定,能反映产品性能、技术水平,较全面分析引用标准;采用强制标准、强调采用国际标准等方面来制定企业标准。     

ZigBee同频攻击检测抑制模型研究

针对ZigBee通信中易遭受同频攻击导致数据阻塞和失真问题,该文提出一种同频攻击检测模型。该模型利用信号频谱的高斯分布规律和同频攻击对变换域幅值的影响进行同频攻击检测。在此基础上,通过嵌入空闲频带信道跳变机制和基于可变退避周期及接入概率的自适应退避算法,给出了同频攻击检测抑制方案。实验结果表明,该文模型和方案可以有效抵御同频攻击。     

第三代移动通信系统的网络安全问题

本文综述了ＧＳＭ网络的安全机制,第三代移动通信系统应采取的安全机制,合法的窃听及ＥＴＳＩ加密算法的生成过程。     

密钥ESCROW技术

描述美国政府开发的密钥Escrow中期系统,讨论SKIPJACK算法、加密芯片、系统保护、操作安全和芯片编程。     

MSSQL SERVER数据库服务器的安全问题和安全配置

微软的SQLServer是一种广泛使用的数据库 ,很多电子商务网站、企业内部信息化平台等都是基于SQLServer上的 ,由于数据库是个极为复杂的系统 ,SQLServer数据库又是属于“端口”型的数据库 ,数据库系统中存在的安全漏洞和不当的配置通常会造成严重的后果 ,甚至破坏整个系统。本文将主要谈论有关SQLServer数据库的安全配置以及一些相关的安全和使用上的问题     

Securing Scan Control in Crypto Chips

The design of secure ICs requires fulfilling means conforming to many design rules in order to protect access to secret data. On the other hand, designers of secure chips cannot neglect the testability of their chip since high quality production testing is primordial to a good level of security. However, security requirements may be in conflict with test needs and testability improvement techniques that increase both observability and controllability. In this paper, we propose to merge security and testability requirements in a control-oriented design for security scan technique. The proposed security scan design methodology induces an adaptation of two main aspects of testability technique design: protection at protocol level and at scan path level. Without loss of generality, the proposed solution is evaluated on a simple crypto chip in terms of security and design cost.