一种高效的移动云服务环境下隐私保护认证协议

为了解决移动云服务环境的互相认证和隐私保护问题,设计了一种改进的移动云服务环境下隐私保护认证协议.该协议结合基于身份的签密技术和多服务器认证技术,保证用户只需注册一次,就可以访问多个移动云服务提供者,同时认证过程不需要可信第三方参与;该协议在移动终端未使用计算复杂度高的双线性对运算和映射到域上的hash运算,其计算效率显著提高. 通过理论分析和实验结果可知:该协议与目前已有的同类协议相比,在移动端的计算时间为45.242 s,其计算效率约为已有同类协议的2倍;具有用户匿名和不可追踪等安全性质;能够抵抗错误口令登录、更改攻击.      

Provably secure authenticated Diffie-Hellman key exchange for resource-limited smart card

Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices arc becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users＇ device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.     

PVSP在旅游服务系统中的应用

随着web服务提供者的增多,针对用户如何获取提供者的信息、如何将Web服务组织起来形成为一个整体、如何选择适合自己的服务提供者、如何建立用户与服务提供者间的信任关系、如何评价服务质量等问题,文中首先提出了一种实用虚拟服务平台模型(Practical Virtual Service Platform Based on Web Service简称PVSP),提供一个统一的服务来收集并展示各个服务提供者提供的服务,同时用户只需经过一次身份的认证就能访问所有的服务。然后,将此模型应用到旅游服务系统中,研究了系统设计中认证服务器、服务集成、虚拟电子银行等关键技术。实践表明,该系统模型有一定的可行性和实用性。     

计算机数据安全隐患及防护措施

从分析计算机数据的物理安全和逻辑安全两个方面入手,对电磁波辐射、联网及病毒对计算机数据安全的威胁进行了论述,指出这是威胁计算机数据安全的主要因素,并提出了数据备份、数据安全删除、辐射屏蔽、病毒及入侵防护、文档加密等相应的安全防护措施和方法。     

Keyword search encryption scheme resistant against keyword-guessing attack by the untrusted server

The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage （testing） server. The testing （query） secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.     

圆形区域划分的k-匿名位置隐私保护方法

用户位置信息的准确度反比于用户的隐私保护安全系数k（privacy protection level）,正比于查询服务质量;为了平衡由位置信息的准确性引起的隐私保护安全与查询服务质量之间的矛盾,借助位置k-匿名模型,提出了圆形区域划分匿名方法.将整个区域划分为相切圆及相邻的4个相切圆的顶点组成的曲边菱形形成的组合区域,当用户位置区域含有的用户数量不满足隐私保护安全系数要求时,利用区域扩充公式得到合适的匿名区域.实验结果表明该方法减小了匿名区域的面积,提高了相对匿名度,从而平衡了k与QoS的矛盾;并从匿名成功率、服务质量和信息处理时间3个角度确定了基于位置k-匿名隐私保护方法的评估模型.     

Proxy Re-Encryption Based Multi-Factor Access Control for Ciphertext in Cloud

Cloud computing provides a wide platform for information sharing. Users can access data and retrieve service easily and quickly. Generally, the data in cloud are transferred with encrypted form to protect the information. As an important technology of cloud security, access control should take account of multi-factor and ciphertext to satisfy the complex requirement for cloud data protection. We propose a proxy re-encryption (PRE) based multi-factor access control (PMAC) for cipher text in the above background. The PMAC adapts to the privacy and the protection of data confidently. We explain the motivation and some assumptions of PMAC at first. Then we define system model and algorithm. The system model and algorithm show how to create the data with corresponding accessing policy and how to grant and revoke the permission.     

NETWORK MANAGEMENT WITH SECURED MOBILE AGENT

IntroductionMobile Agents equipped with intelligence,of-fer new technology that helps automate NetworkManagement activities,which are increasingly be-coming complex due to exponential growth of in-ternet users,and thus demanding higher levels ofhuman manager expertise and involvement.Well-known network management protocols that areused to monitor and manage network devices in-clude Simple Network Management Protocol ( SN-MP) and Common Management Information Proto-col ( CMIP) ,SNMP be…     

Region of interest based selective encryption scheme for privacy protection in H.264 video

A selective encryption scheme for region of interest （ROI） of H.264 video is proposed to protect the personal privacy in a video. The most important part of video can be protected with less cost and operation by only encrypting the content of ROIs. Human face regions are selected as ROI and detected by using Gaussian skin color model. Independent ROI encoding is realized with the mechanism of flexible macro-block ordering （FMO）. Frames are divided into grid-like slice-groups which can be combined flexibly to form a required ROI. Both luminance component and chrominance component of the macro-blocks in ROI are modified to achieve good encryption quality and location accuracy. In the process of decryption, the encrypted area is located automatically. There is no need to transmit additional position information of ROIs to the end of decryption. The encrypted video is decrypted correctly with the secret key. JM18.4 software is employed to perform the simulation experiment. Experimental results show the accuracy and effectiveness of our scheme to encrypt and decrypt the ROIs in H.264 video.     

A General Attribute and Rule Based Role-Based Access Control Model

Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.     

面向移动终端的实时交通信息服务分析

为了进一步提高我国交通信息服务水平,缓解拥堵,对比研究了现有服务终端的特点,并对用户交通信息需求展开调查.结合服务终端特点及调查结果,构建了面向移动终端的实时交通信息服务系统.系统可向移动终端提供信息查询、信息发布、服务下载等功能,为用户提供出行全程的交通信息服务.     

Efficient peer-to-peer file sharing in 3G networks

In 3G networks upgraded with high speed packet access (HSPA) technology, the high access bandwidth and advanced mobile devices make it applicable to share large files among mobile users by peer-to-peer applications. To receive files as quickly as possible is essential for mobile users in file sharing applications, since they are subject to unstable signal strength and battery failures. While many researches present peer-to-peer file sharing architectures in mobile environments, few works focus on decreasing the time spent in disseminating files among users. In this paper, we present an efficient peer-to-peer file sharing design for HSPA networks called efficient file sharing (EFS) for 3G networks. EFS can decrease the dissemination time by efficiently utilizing the upstream-bandwidth of mobile nodes. It uses an adaptive rearrangement of a node’s concurrent uploading transfers, which causes the count of the node’s concurrent uploading transfers to lower while ensuring that the node’s upstream-bandwidth can be efficiently utilized. Our simulations show that, EFS achieves much less dissemination time than other protocols including Bullet Prime and a direct implementation of BitTorrent for mobile environments.     

Distributed Broker-Agent Architecture for Multimedia Communications Traversing NAT／Firewall in NGN

The forthcoming Next Generation Network (NGN) is an all IP network. Multimedia communications over IP networks are a type of bundled session communications, which cannot directly traverse Network Address Translations (NATs) and firewalls even in NGN. To solve the problem that the existing traversal methods are not suitable for service providers to set up a real system in NGN,a Distributed Broker-agent Architecture (DBA) is addressed. DBA is secure and realizable for service providers and enterprises because it is easy to set up and does not need to upgrade the existing devices like Firewalls, NATs or endpoint devices of subscribers.DBA is composed of two-layer distributed agents, the server proxies and the client agents, in which all multimedia communications use shared tunnels to carry signaling messages and media data between broker-agents, and the call signaling is encrypted over Security Socket Layer (SSL) to guarantee the security of calling. Moreover, the function model and multiplexed connection messages format of DBA are designed, which lays a basis for the protocol in the future NGN. In addition, a simple implementation based on H.323 verifyies the main function of traversing firewalls and NATs.     

欧星通信系统技术与业务

欧星通信系统被越来越多移动用户包括航运用户所重视.本文介绍了欧星通信系统组成与信号覆盖;分析了欧星通信系统技术与业务,系统用户终端技术特性;帮助广大用户全面认识和使用欧星系统通信技术.     

基于分解策略的计算网格资源分配优化

提出多种Agent分别代表用户、服务提供者、资源提供者相互协作解决网格资源分配优化问题.采用双层市场模型解决网格系统资源的最优调度,即网格用户Agent与网格服务Agent相互协作的服务市场,以及网格服务Agent与网格资源Agent所组成的资源市场.为了降低计算复杂性,将分配优化问题分解为两个子问题,分别在资源市场和服务市场中解决.在双层市场中两个子问题所获得的优化值即为主问题的优化值.     

一种基于差分隐私保护的skyline查询方法

为了解决差分隐私保护机制中重复攻击会泄露用户隐私的问题，提出了一种基于动态页敏感度调节的skyline查询方法. 首先，提出了依据最优主导页的计算页敏感度方法，提高页敏感度计算的效率；其次，为了合理设置隐私预算值，提出了基于置信率的隐私预算值调节方法；最后，基于隐私预算值动态更新查询次数的上界，实现了基于差分隐私保护的skyline查询方法. 实验结果表明:所提出方法在隐私预算值设定小于0.8时，隐私数据的泄露数由787个降低到423个.      

基于分布式WebChart的船舶导航系统

为了提高目前WebChart信息传输与交互的效率,分析了WebChart作为船舶导航系统需要解决的海图数据网络传输、实时获取本地导航设备数据、客户端之间信息交互等问题,提出并构建了一种基于分布式WebChart的船舶导航系统。该系统采用数字签名和Java本机接口方法解决了WebChart对本地资源的访问,实现了通过客户端串口对本地传感器信息的读取,并且系统采用了分布式体系结构,船舶用户不仅可以通过网络浏览器浏览海图数据,而且可以在海图平台上相互可见和交互,从而使船舶用户能够方便地通过网络实时、准确地分析和了解其周围的动静态航行环境,获取全面的导航服务。     

高速公路服务区景观设计中的场所精神研究

高速公路服务区作为高速公路系统的辅助设施,承担着保证人流、物流等高速、安全、舒适行驶的重任。服务区既为司乘人员提供加油、休息、食宿等服务,又能够通过合理的景观设计,展现一定的文化内涵。将场所精神理论与高速公路服务区景观设计相结合,从空间使用者的角度加以分析研究,充分尊重并支持人们在服务区中功能上以及精神层面上的需求,促进空间使用者与场所的交流与融合,从而更好地实现服务区各功能空间的价值。     

Ad Hoc网络中基于移动Agent的密钥管理及认证

提出了在Ad Hoc网络中一种基于移动Agent的密钥管理及认证方法.移动Agent在网络中根据一定的运行策略进行移动,并不断地和所经历的节点进行数据交换,在此基础上形成一个节点信息矩阵表,矩阵表中包含了密钥信息.各节点使用其身份作为公钥,主密钥由各节点的私钥分享,从而形成基于身份的门限分布式密钥管理.该方法使用很少的Agent获得较多的全局信息并快速交换密钥信息,减少了系统的开销,具有很高的效率和鲁棒性.     

基于SLA的云计算动态信任评估模型

针对云计算环境中用户如何有效的选择云服务商及签订服务协议的问题,本文提出一种基于服务等级协议SLA的中立第三方动态信任评估系统框架.通过在用户端和云端设置的监测代理,实时监控并采集SLA相关的实际服务数据;通过实际观测的参数、其变化情况及SLA协定的参数,同时结合用户主观评价,计算得到服务质量的信任值,最终形成对云服务商服务可信度的全面的和动态的评价.本文给出了系统框架结构、评估方法和评估输入与流程等信任评估的实现方法.与其他信任评估方法相比,本文提出的模型全面融合了多种数据主客观评价来源,给出了具体流程和方法,具有更好的客观性、准确性和可信性.