Key processing with control vectors

A method is presented for controlling cryptographic key usage based on control vectors. Each cryptographic key has an associated control vector that defines the permitted uses of the key within the cryptographic system. At key generation, the control vector is cryptographically coupled to the key by way of a special encryption process. Each encrypted key and control vector are stored and distributed within the cryptographic system as a single token. Decryption of a key requires respecification of the control vector. As part of the decryption process, the cryptographic hardware verifies that the requested use of the key is authorized by the control vector. This article focuses mainly on the use of control vectors in cryptosystems based on the Data Encryption Algorithm.     

Protecting against key-exposure: strongly key-insulated encryption with optimal threshold

Key-insulated encryption schemes use a combination of key splitting and key evolution to protect against key exposure. Existing schemes, however scale poorly, having cost proportional to the number t of time periods that may be compromised by the adversary, and thus are practical only for small values of t. Yet in practice t might be large. This paper presents a strongly key-insulated encryption scheme with optimal threshold. In our scheme, t need not be known in advance and can be as large as one less than the total number of periods, yet the cost of the scheme is not impacted. This brings key-insulated encryption closer to practice. Our scheme is based on the Boneh-Franklin identity-based encryption (IBE) scheme [9], and exploits algebraic properties of the latter. Another contribution of this paper is to show that (not strongly) key-insulated encryption with optimal threshold and allowing random-access key updates (which our scheme and all others known allow) is equivalent to a restricted form of IBE. This means that the connection between key-insulated encryption and IBE is not accidental. Supported in part by NSF grants CCR-0098123, ANR-0129617 and CCR-0208842, and by an IBM Faculty Partnership Development Award. Supported in part by an NSF graduate fellowship.     

一种密钥管理的新方案

本文提出了一种新的4级密钥管理方案.该方案通过一个密码操作核心的精心设计,为各用户使用系统的各种功能提供了方便的手段,同时确保了系统的安全性.此外,该方案还大大降低了系统开发费用和保密通信的复杂度.因此,该方案克服了以往方案中的缺陷,已被正在开发的系统SUTU采用.     

Exploring the security landscape: NoC-based MPSoC to Cloud-of-Chips

In this paper, we present a detailed and systematic overview of communication security aspects of Multi-Processor Systems-on-Chip (MPSoC) and the emerging potential threats on the novel Cloud-of-Chips (CoC) paradigm. The CoC concept refers to highly scalable and composable systems, assembled not only at system design-time using RTL, like traditional SoC, but also at integrated circuit (IC) packaging time thanks to 3D-IC integration technology. Practical implementation of CoC systems needs to solve the problem of scalable, configurable and secure communication not only between different functional blocks in a single ICs, but also between different ICs in a single package, and between different packages on the same or different PCBs and even between different systems. To boost such extremely flexible communication infrastructure CoC system relies on Software-Defined Network-on-Chip (SDNoC) paradigm that combines design-time configurability of on-chip systems (NoC) and highly configurable communication of macroscopic systems (SDN). This study first explores security threats and existing solutions for traditional MPSoC platforms. Afterwards, we propose SDNoC as an alternative to MPSoC communication security, and we further extend our discussion to CoC systems to identify additional security concerns. Moreover, we present a comparison of SDNoC based approach over existing approaches and discuss its potential advantages.     

数字证书在环保行业的应用分析

目前国家环保部正在开展的国家环境信息与统计能力建设项目中,采用数字证书为业务系统提供强身份认证服务。详细论述了数字证书在环保部的应用模式,指出了今后的工作方向,同时也指出了现有应用模式的不足之处。     

结构化对等网络特性及关键技术分析

本文简述了对等网络的概念及分类,分析了结构化对等网络特性、存在问题和关键技术,指出结构化对等网络的发展前景。     

Lotus Domino/Notes在OA系统中的应用

Lotus Domino/Notes是实现和运行办公自动化的最有效的平台之一。本文介绍了Lotus Domino/Notes在办公自动化方面的优势,提出了OA系统的设计思路,并对系统应用Lotus Domino/Notes的部分关键技术进行了讨论。     

一个高性能Key/Value数据库XDB的设计与实现

传统SQL数据库在管理大数据、性能和扩展性等方面的不足使得其不能胜任如大规模数据挖掘、商务智能及社交网络等应用场景,而NoSQL数据库由于其在上述应用领域优良的特性近年来得到很快发展。本文在分析现有开源NoSQL数据库产品Kyoto Cabinet和Tair的不足基础上,设计并实现了一个高性能的Key/Value数据库XDB。XDB分段流水并发处理Key/Value请求,并采用一致性算法保证在并发环境中对Key/Value记录读写的相关性,在随机写入和顺序写入实验中,相比于Kyoto Cabinet,XDB的性能分别提高6倍和15倍。     

物联网技术发展与应用

近年来许多国家将物联网技术列为国家战略新兴产业。文章介绍了物联网的概念和基本特征,分析了物联网关键技术,详细阐述了物联网技术在交通、电网、工业监测、物流、医疗和智能家居等领域的应用。     

稀有金属伟晶岩过度冷却与侵位之关系——基于野外地质观察及年代学的思考

稀有金属伟晶岩的结晶过程是认识其成矿作用的重要方面。前人利用冷却模型所推测出的侵入变质围岩的伟晶岩冷却时间为几天至几千年,但对侵位于花岗岩中伟晶岩的结晶过程缺乏相关研究。基于此,对新疆大喀拉苏及镜儿泉地区稀有金属伟晶岩的野外地质观察及年代学研究显示,两处伟晶岩的侵位模式不同,侵位时花岗岩围岩的温度有别。大喀拉苏1号伟晶岩(年龄为(248.4±2.1)～(228.4±0.3)Ma)主要侵位于较冷花岗岩围岩(年龄为(261.4±2.1)Ma)的席理面,边缘可能出现过度冷却。最新铌钽铁矿U-Pb年代学显示,镜儿泉1号锂辉石伟晶岩形成时代为(250.8±1.0)Ma,熔体侵位于温度较高的花岗岩(年龄为(252.9±1.9)Ma)内部断层,其冷却结晶受花岗岩温度及区域地热梯度制约,冷却时间可能超过3 Ma。综上所述,过度冷却模型的适用性、铌钽铁矿U-Pb同位素体系的封闭温度都需要进一步研究,以解释同位素年龄与冷却模型所得结晶时间的显著差异。