一种新的远端移动代理的安全保护机制

在目前的移动代理系统中，保护主机免受恶意代理攻击的研究已经取得了很大的进展，而对于远端移动代理免受恶意主机攻击的问题，尚没有很好的解决方案，文中提出了一种利用JavaCard为远端移动代理，提供安全的执行环境的保护机制，并在此基础上引入了基于布尔代数运算的代码分割算法以提高本方案的安全性．实验结果证明该方案具有较好的安全性和健壮性．     

利用SOAP扩展实现Web服务中SOAP消息的安全

在利用SOAP消息与Web服务进行通信时,消息本身受到来自网络的各种安全性威胁.虽然SOAP的规范不涉及安全问题,但是允许安全问题作为扩展而被处理.文中通过对.NET framework的SOAP扩展机制的分析,提出了一种利用SOAP扩展加密Web服务中SOAP消息的方法.在对称加密和非对称加密的原理及Web服务技术的基础上,给出了一个具体的实施方案,使SOAP消息在进入公共网络前实现稳健加密.     

GSM-R系统的安全策略研究与改进

由于网络结构与用户终端移动性本身的制约,GSM-R本身存在着一些网络安全隐患,本文旨在提出GSM-R系统安全策略的改进方案.文章结合GSM-R系统在铁路上的应用,简要阐述了现有GSM-R系统所采用的安全机制和存在的安全缺陷.针对GSM-R系统采用的单向认证和信息加密的局部性两个方面分别提出了相应的改进方案,即系统的双向认证和端到端加密,并详细描述了认证过程和加密过程.     

铁路通信网络安全的分析测试与可信防御研究

为了保障我国铁路通信系统的网络安全,提出了一种基于可信计算和软件定义网络（software-defined networking,SDN）相结合的铁路通信网安全体系架构. 首先,从我国铁路通信系统网络整体架构出发,采用故障树分析方法,以“恶意人员造成铁路业务中断”为故障树的顶事件,对系统所面临的网络安全风险进行分析;其次,进行了仿真测试,根据测试结果拟合了一个恶意人员针对铁路通信系统的威胁场景. 通过仿真测试结果和分析表明,本文所提出的架构可以更好地应对大规模、针对性强的网络攻击行为,从而保障和提高我国高速铁路通信网络安全.      

INTRANET关键技术及其信息安全新方案的研究

对Intranet关键技术的实现方法及其方案进行了讨论；在信息安全方面，对于Intranet网络上采用的数据加密、数字水印、身份验证、网络反病毒、防火墙等安全技术进行了理论分析与探讨，并提出了新方案．其宗旨在于为Intranet安全性建设提供理论参考，同时提出安全性Intranet管理建设的原则．     

高速公路桥梁施工测量的平面控制

论述公路上的桥梁建筑物，在勘测设计阶段，与公路本身有所不同，在控制测量精度要求上有差异。提出在加密测量平面控制中国家标准和行业标准有关规范的执行及执行规范的依据原则。     

新型昆合加密方案XHES的研究

将公钥密钥分配技术和对称密码加密体制结合起来，提出并实现了一类高效快捷的混合密码加密方案XHES．该方法兼有两类加密体制的优点：既有对称密码加密体制的加密速度快，强度高的优点，又拥有公钥密码体制在密钥分发与管理上的优势．与之前的各种加密技术相比，不仅具有快速的加密速度，安全高效的密钥管理优势，而且无需各种烦琐的鉴别认证过程以及昂贵的专用保密信道，能够抵抗各种已知的攻击方案，安全性很高，操作简单、高效，能够应用于各种软硬件环境之中．     

计算机数据安全隐患及防护措施

从分析计算机数据的物理安全和逻辑安全两个方面入手,对电磁波辐射、联网及病毒对计算机数据安全的威胁进行了论述,指出这是威胁计算机数据安全的主要因素,并提出了数据备份、数据安全删除、辐射屏蔽、病毒及入侵防护、文档加密等相应的安全防护措施和方法。     

基于脆弱数字水印的人脸图像的安全性

针对人脸识别系统中人脸图像数据可能受到攻击，导致人脸图像被恶意添加、替换、篡改等安全隐患，采用脆弱数字水印方法，解决上述人脸识别系统中人脸图像数据安全问题．用人脸原始图像的小波低频系数的高7位生成低频压缩图像，作为水印．通过混沌置乱加密，将水印直接嵌入到原始人脸图像的最低有效位平面，区分人脸图像篡改并定位检测．实验结果表明，采用脆弱数字水印的人脸图像对恶意添加、替换、篡改都有很高的敏感度．嵌入脆弱数字水印对人脸图形的特征提取的识别率以及识别速度的影响都很小．     

铁阜高速公路某边坡滑坡稳定性分析

铁阜高速公路K237 858~K238 026段边坡开挖后,发生滑坡,威胁到公路建设安全,根据滑坡体工程地质条件、对该边坡稳定性进行工程地质分析和数值计算分析,并对滑坡的治理原则及方案提出了建议。     

NETWORK MANAGEMENT WITH SECURED MOBILE AGENT

IntroductionMobile Agents equipped with intelligence,of-fer new technology that helps automate NetworkManagement activities,which are increasingly be-coming complex due to exponential growth of in-ternet users,and thus demanding higher levels ofhuman manager expertise and involvement.Well-known network management protocols that areused to monitor and manage network devices in-clude Simple Network Management Protocol ( SN-MP) and Common Management Information Proto-col ( CMIP) ,SNMP be…     

Reputation-based collaborative spectrum sensing scheme in cognitive radio networks

Collaborative spectrum sensing is proposed to improve the detection performance in cognitive radio (CR) networks. However, most of the current collaborative sensing schemes are vulnerable to the interference of the malicious secondary users (SUs). In this paper we propose a reputation-based collaborative spectrum sensing scheme to improve the security of cooperative sensing by mitigating the impacts of misbehaviors. The fusion center calculates the reputation rating of each SU according to their history reports to weight their sensing results in the proposed scheme. We analyze and evaluate the performance of the proposed scheme and its advantages over previous schemes in expansibility and integrity. Simulation results show that the proposed scheme can minimize the harmful influence from malicious SUs.     

基于ECC的移动自组网成员控制方案

基于Pederson分布式密钥产生方案,采用椭圆曲线密码体制提出一个分布式密钥产生协议,该方案高效且能抵制内外恶意节点的攻击,并采用门限数字签名方案给出一个安全的移动自组网的成员控制方案.通过方案的性能和安全性分析得出结论,该成员控制策略非常适合于资源受限的移动自组网.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

基于TCM的可信事件日志生成方法

系统事件日志记录是系统安全审计最重要的数据源.现有的日志保护机制主要解决事件日志生成后的数据完整性保护方面的问题,但对于日志数据生成阶段的可信生成方面还没有解决.本文主要贡献是提出了一种基于TCM模块的可信事件日志生成方法,为事件日志提供了生成时的数据完整性、可认证性等安全特性,增强了事件日志数据的可信性,通过分析证明了本方法的有效性和可实施性.     

DESIGN OF A DIGITAL SIGNATURE SCHEME BASED ON FACTORING AND DISCRETE LOGARITHMS

Objective Focusing on the security problem of authentication and confidentiality in the context of computer networks, a digital signature scheme was proposed based on the public key cryptosystem. Methods Firstly,the course of digital signature based on the public key cryptosystem was given. Then, RSA and ELGamal schemes were described respectively. They were the basis of the proposed scheme. Generalized ELGamal type signature schemes were listed. After comparing with each other, one scheme, whose Signature equation was (m r)x=j s modФ(p) , was adopted in the designing. Results Based on two well-known cryptographic assumptions, the factorization and the discrete logarithms, a digital signature scheme was presented. It must be required that s“ was not equal to p‘q“ in the signing procedure, because attackers could forge the signatures with high probabilities if the discrete logarithms modulo a large prime were solvable. The variable public key “e“ is used instead of the invariable parameter “3“ in Ham‘s signature scheme to enhance the security. One generalized ELGamal type scheme made the proposed scheme escape one multiplicative inverse operation in the signing procedure and one modular exponentiation in the verification procedure.Conclusion The presented scheme obtains the security that Harn‘s scheme was originally claimed. It is secure if the factorization and the discrete logarithms are simultaneously unsolvable.     

Provably Secure Short Proxy Signature Scheme from Bilinear Maps

An enhanced formal model of security for proxy signature schemes is presented and a provably secure short proxy signature scheme is proposed from bilinear maps. The proposed proxy signature scheme is based on two short secure signature schemes. One is used for delegating the signing rights and computing the standard signature; the other is used for computing proxy signature. Finally, a security proof of the proposed proxy signature scheme is showed by reducing tightly the security of the proposed proxy signature scheme to the security of the two basic signature schemes. The proposed proxy signature scheme has the shortest ordinary signatures and proxy signatures. Moreover, the proxy signature generation needs no pairing operation and verification needs just two pairing operation.     

A universal composability framework for analysis of proxy threshold signature

The universal composability framework is a new approach for designing and analyzing the security of cryptographic protocols. In this framework, the security of protocols is maintained under a general protocol composition operation. In the paper, we propose the universal composability framework for the analysis of proxy threshold signature and present a universally composable secure proxy threshold signature scheme which is the first one in this area. The proposed scheme is suitable for the mobile agents, which should migrate across different environment through network. Furthermore, we give the concrete analysis of the reduction to prove the security of the proposed scheme.     

A secure trust model for P2P systems based on trusted computing

Trust is one of the most important security requirements in the design and implementation of peer-to-peer （P2P） systems. In an environment where peers＇ identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer＇s identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing （TC） technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group （DAWG） is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.