Secure Multi-Party Computation without Agreement

It has recently been shown that authenticated Byzantine agreement, in which more than a third of the parties are corrupted, cannot be securely realized under concurrent or parallel (stateless) composition. This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In particular, this is true for the whole body of work of secure multi-party protocols in the case that a third or more of the parties are corrupted. This is because these protocols strongly rely on the extensive use of a broadcast channel, which is in turn realized using authenticated Byzantine agreement. We remark that it was accepted folklore that the use of a broadcast channel (or authenticated Byzantine agreement) is actually essential for achieving meaningful secure multi-party computation whenever a third or more of the parties are corrupted. In this paper we show that this folklore is false. We present a mild relaxation of the definition of secure computation allowing abort. Our new definition captures all the central security issues of secure computation, including privacy, correctness and independence of inputs. However, the novelty of the definition is in decoupling the issue of agreement from these issues. We then show that this relaxation suffices for achieving secure computation in a point-to-point network. That is, we show that secure multi-party computation for this definition can be achieved for any number of corrupted parties and without a broadcast channel (or trusted pre-processing phase as required for running authenticated Byzantine agreement). Furthermore, this is achieved by just replacing the broadcast channel in known protocols with a very simple and efficient echo-broadcast protocol. An important corollary of our result is the ability to obtain multi-party protocols that remain secure under composition, without assuming a broadcast channel.     

基于Jpcap的Webmail邮件还原技术

基于Smtp和Pop3的邮件还原技术已经日臻成熟,而由于主要Webmail邮件格式不同,Webmail邮件还原技术一直是难点。通过对主要Webmail的内容格式分析,针对不同网站的Webmail建立相应的还原模块,实现对主要Webmail的内容还原。实验结果验证了该技术的有效性。     

基于博弈论的百万富翁协议

在经典的百万富翁协议中,一方在得到最后的财富比较结果后,没有动机将结果告诉另一方,或者告诉另一方一个错误的结果。结合博弈论和密码算法,提出一种百万富翁协议。在此协议中,参与者背离协议的收益小于遵守协议的收益,遵守协议是参与者的最优策略,任何百万富翁的欺骗行为都能被鉴别和发现,因此理性的参与者有动机发送正确的数据。最后每个参与者都能公平地得到最后的财富比较结果。     

面向协同系统的SRTP安全机制的研究

SRTP协议是目前应用广泛的视频流传输协议,也是视频会议协同系统进行安全实时传送的基础。但该协议在加密模式、完整性检测、报文身份验证和抵御重播攻击等方面仍有不足,该文采用增加流加密算法选择器对加密算法选择进行优化组合,通过Hash运算生成散列序列增加完整性保护模块等途径,在保证实时性的同时,增加了报文被解码的难度,改进了完整性校验过程。通过进行相关的系统安全性能评估,验证了该方案对协同系统安全机制改进的可行性及有效性。     

网络设备配置信息备份系统的设计与实现

提出了如何设计开发网络设备配置信息备份系统,实现各种网络设备配置信息的远程备份,并用VBScript语言进行了具体实现。     

计算机远程访问与VPN应用研究

文章介绍了VPN的概念以及目前主流的两种VPN技术：IPSec VPN和SSL VPN。通过对这两种VPN技术在易用性、安全性、可扩展性和可控制性等特点的分析和比较,给出了两种VPN技术各自适用的应用场合。     

利用网络编码优化Ad Hoc网安全路由协议SAODV

网络编码可大大提高网络吞吐量、减少延迟。然而,由于编码意义上网络信息流的复杂性,实际应用中仍存在困难。另一方面,Ad Hoc网作为自组织形式的特殊网络,其安全路由协议是研究重点。针对Ad Hoc网安全路由协议中较优秀的SAODV,提出一种基于网络编码的优化方案,较传统编码易于实现、具有较强实用性。     

一种改进的轻量级嵌入式安全文件系统模型

有效保护各种移动设备中的数据安全是当前嵌入式系统的关键技术之一。针对各种移动设备,特别是资源受限设备,在通用文件系统的基础上,采用适合嵌入式系统的安全访问控制策略,以及对存储器的设备驱动层代码优化,研究并实现了一个轻量级嵌入式安全文件系统。实际应用表明：该模型能够满足嵌入式安全文件系统的性能要求。     

A secure collaboration service for dynamic virtual organizations

Nowadays, various promising paradigms of distributed computing over the Internet, such as Grids, P2P and Clouds, have emerged for resource sharing and collaboration. To enable resources sharing and collaboration across different domains in an open computing environment, virtual organizations (VOs) often need to be established dynamically. However, the dynamic and autonomous characteristics of participating domains pose great challenges to the security of virtual organizations. In this paper, we propose a secure collaboration service, called PEACE-VO, for dynamic virtual organizations management. The federation approach based on role mapping has extensively been used to build virtual organizations over multiple domains. However, there is a serious issue of potential policy conflicts with this approach, which brings a security threat to the participating domains. To address this issue, we first depict concepts of implicit conflicts and explicit conflicts that may exist in virtual organization collaboration policies. Then, we propose a fully distributed algorithm to detect potential policy conflicts. With this algorithm participating domains do not have to disclose their full local privacy policies, and is able to withhold malicious internal attacks. Finally, we present the system architecture of PEACE-VO and design two protocols for VO management and authorization. PEACE-VO services and protocols have successfully been implemented in the CROWN test bed. Comprehensive experimental study demonstrates that our approach is scalable and efficient.     

Traceable content protection based on chaos and neural networks

In this paper, a media content encryption/decryption algorithm is designed based on a chaos system and neural networks, which generates random sequences with chaos, and encrypts or decrypts media contents with neural networks in a parallel way. In this scheme, different decryption keys can be used to recover the media content into different copies. That is, the decryption operation gets the content containing certain random sequence that can be used as the identification. With respect to this property, the scheme is used for secure content distribution. Taking the audio content for example, it is encrypted by a key at the sender side and decrypted by different keys at the receiver side. The differences between decryption keys lead to different decrypted audio copies. If one customer distributes his copy to other unauthorized customers, the chaotic sequence contained in the copy can tell the illegal customer. The performances, including security, imperceptibility and robustness, are analyzed, and some experimental results are given to show the scheme's practicability.