Long-term performance of cement paste during combined calcium leaching-sulfate attack: kinetics and size effect

This paper presents experimental results obtained on cement paste samples (water/cement ratio of 0.4) subjected to a low-concentration (15 mmol/l) external sulfate attack during several weeks. Chemical and microstructural analyses include the continuous monitoring of calcium loss and sulfate consumption within the cement paste, periodic layer by layer X-ray diffraction (XRD)/energy-dispersive spectrometer (EDS) analyses of the solid constituents of the cement matrix (ettringite, portlandite, gypsum) within the calcium-depleted part of the samples. Scanning electron microscopy (SEM) and visual observations are used to follow the crack pattern evolution during the external sulfate attack. The relation between the size of the specimen and crack initiation/development is investigated experimentally by performing tests on samples with different thickness/diameter ratios.     

Data-mining based SQL injection attack detection using internal query trees

Detecting SQL injection attacks (SQLIAs) is becoming increasingly important in database-driven web sites. Until now, most of the studies on SQLIA detection have focused on the structured query language (SQL) structure at the application level. Unfortunately, this approach inevitably fails to detect those attacks that use already stored procedure and data within the database system. In this paper, we propose a framework to detect SQLIAs at database level by using SVM classification and various kernel functions. The key issue of SQLIA detection framework is how to represent the internal query tree collected from database log suitable for SVM classification algorithm in order to acquire good performance in detecting SQLIAs. To solve the issue, we first propose a novel method to convert the query tree into an n-dimensional feature vector by using a multi-dimensional sequence as an intermediate representation. The reason that it is difficult to directly convert the query tree into an n-dimensional feature vector is the complexity and variability of the query tree structure. Second, we propose a method to extract the syntactic features, as well as the semantic features when generating feature vector. Third, we propose a method to transform string feature values into numeric feature values, combining multiple statistical models. The combined model maps one string value to one numeric value by containing the multiple characteristic of each string value. In order to demonstrate the feasibility of our proposals in practical environments, we implement the SQLIA detection system based on PostgreSQL, a popular open source database system, and we perform experiments. The experimental results using the internal query trees of PostgreSQL validate that our proposal is effective in detecting SQLIAs, with at least 99.6% of the probability that the probability for malicious queries to be correctly predicted as SQLIA is greater than the probability for normal queries to be incorrectly predicted as SQLIA. Finally, we perform additional experiments to compare our proposal with syntax-focused feature extraction and single statistical model based on feature transformation. The experimental results show that our proposal significantly increases the probability of correctly detecting SQLIAs for various SQL statements, when compared to the previous methods.     

基于FPGA实现AES的侧信道碰撞攻击

为了解决攻击点在能量迹中具体位置的识别问题,在对侧信道碰撞攻击技术研究的基础上,提出了通过计算能量迹中每个采样点的方差来识别攻击点的方差检查技术。并利用基于相关系数的碰撞检测方法,对一种AES的FPGA实现实施了攻击。实验结果表明,方差检查技术可以有效地识别攻击点在能量迹中的具体位置。     

A genetic tango attack against the David–Prasad RFID ultra‐lightweight authentication protocol

Radio frequency identification (RFID) is a powerful technology that enables wireless information storage and control in an economical way. These properties have generated a wide range of applications in different areas. Due to economic and technological constrains, RFID devices are seriously limited, having small or even tiny computational capabilities. This issue is particularly challenging from the security point of view. Security protocols in RFID environments have to deal with strong computational limitations, and classical protocols cannot be used in this context. There have been several attempts to overcome these limitations in the form of new lightweight security protocols designed to be used in very constrained (sometimes called ultra‐lightweight) RFID environments. One of these proposals is the David–Prasad ultra‐lightweight authentication protocol. This protocol was successfully attacked using a cryptanalysis technique named Tango attack. The capacity of the attack depends on a set of boolean approximations. In this paper, we present an enhanced version of the Tango attack, named Genetic Tango attack, that uses Genetic Programming to design those approximations, easing the generation of automatic cryptanalysis and improving its power compared to a manually designed attack. Experimental results are given to illustrate the effectiveness of this new attack.     

X-ray microtomography (microCT) of the progression of sulfate attack of cement paste

High-resolution X-ray computed tomography (i.e., microCT or microtomography) was used to study the sulfate attack of cylinders of Type I cement paste cast with water-cement (w/c) ratios of 0.45, 0.50 and 0.60. Damage levels in samples exposed to a Na₂SO₄ solution with 10,000 ppm sulfate ion concentration were qualitatively rated from 0 (no damage) to 4 (extreme damage) based upon visual examination of the samples' exteriors and microtomography of the samples' interiors. The greater the w/c ratio, the more rapid the onset of sulfate damage. The corners of the cylinders appeared to be particularly susceptible to spalling, and damage may have continued into the cement paste by formation of subsurface cracks.     

轻量级PRESENT加密算法功耗攻击研究

PRESENT密码算法是2007年提出来的一种轻量级分组密码算法, 适合于物联网环境下的安全加密。对PRESENT加密算法结构进行了深入研究, 提出了其适合功耗攻击的两个最佳攻击点, 详细介绍了针对PRESENT加密系统进行功耗分析攻击的设计与实现过程, 实验结果表明未加防护措施的PRESENT加密系统不能抵御一阶差分功耗分析攻击, 从而给PRESENT加密算法的安全改进提供一定的设计参考。     

解决组合公钥共谋攻击和密钥碰撞的新方法

以解决组合公钥体制中共谋攻击和密钥碰撞问题为目的。首先,针对线性共谋攻击,提出了一种新的构造种子矩阵的方法,使得种子密钥和大于基点加法群的阶数,从而使密钥之间不能相互线性表示。其次在密钥的生产过程中,引入系数破坏了层不同和层互斥不同的关系,为解决选择共谋攻击提供了一种有效的方法,同时增强了抵御随机共谋攻击的能力。最后,在密钥产生的流程中,通过公钥对比来避免密钥碰撞,为解决密钥碰撞问题提出了一种新方法。     

两个高效无证书签名方案的替换公钥攻击

对新近提出的两个高效无证书签名方案进行安全性分析,指出这两个签名方案都能受到替换公钥攻击。任意攻击者都可以通过替换签名人的公钥从而达到对任意选择的消息成功伪造签名,分析这两个签名方案能受到替换公钥攻击的根本原因。最后通过这两个攻击总结分析了无证书签名方案设计过程需要注意的要点,这对无证书签名方案的设计具有借鉴意义。     

无理数字典码的测试数据压缩方案

提出了一种无理数字典码的测试数据压缩方案,能有效地压缩芯片测试数据。方案利用无理数序列建立字典,编码时只需进行相容性检查,无需填充无关位,简化了操作步骤;同时,选择局部压缩率最大的一组数据作为最终编码结果,保证压缩效果可以达到局部最优。对ISCAS 89标准电路Mintest集的实验结果显示,该方案的压缩效果优于传统压缩方法,如Golomb码、FDR码、混合定变长码等。     

稀疏卷积非负矩阵分解的语音增强算法

非平稳噪声和低信噪比条件下提高增强语音质量一直以来都是语音增强研究的难题。近年来,卷积非负矩阵分解在语音增强算法中成功应用,本文进一步考虑语音信号在时频域的稀疏性,提出了稀疏卷积非负矩阵分解(Sparse Convolutive Nonnegative Matrix Factorization, SCNMF)的语音增强算法。该算法包括训练和增强两个阶段。训练阶段通过SCNMF算法分别对纯净语音和噪声的频谱进行训练,得到纯净语音和噪声字典,并将其作为增强阶段的先验信息。增强阶段首先通过SCNMF算法对带噪语音的频谱进行分解,然后利用纯净语音和噪声联合字典对语音编码矩阵进行估计,重构增强语音。本文通过实验仿真分析了稀疏因子对增强语音质量的影响。实验结果表明,在非平稳噪声和低信噪比条件下,本文算法增强效果均优于多带谱减、非负矩阵分解、卷积非负矩阵分解等传统的算法。