基于攻击层次的重放攻击分类

从密码协议消息块、块间、步间和协议间4个攻击层次，提出了基于攻击层次的重放攻击分类．这种分类方法不仅包含了Syverson的分类，还将重放攻击扩展到了协议层次．给出了各层次可行的重放攻击实施的方式．根据此分类可以从块、块间、步间和协议间4个层次，快速地检查并发现安全协议中是否存在重放攻击．     

一种面向多对象的网络系统安全风险评估方法

针对传统多对象评估问题中单个对象逐一评估的缺陷,提出了一种基于评估对象和评估基准之间广义权距离的面向多对象的信息系统安全风险评估方法.在充分分析网络信息系统安全性因素的基础上,建立了系统安全风险评估模型,并对资产、威胁性及脆弱性指标进行了标准化赋值;通过构造问题的拉格朗日函数,求解系统的安全状态矩阵,进而确定系统所处的安全风险等级.算例分析表明,该方法合理有效.     

NETWORK MANAGEMENT WITH SECURED MOBILE AGENT

IntroductionMobile Agents equipped with intelligence,of-fer new technology that helps automate NetworkManagement activities,which are increasingly be-coming complex due to exponential growth of in-ternet users,and thus demanding higher levels ofhuman manager expertise and involvement.Well-known network management protocols that areused to monitor and manage network devices in-clude Simple Network Management Protocol ( SN-MP) and Common Management Information Proto-col ( CMIP) ,SNMP be…     

Research on High Power Inter-Channel Crosstalk Attack in Optical Networks

While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is one of the security issues which have negative effect on information security in optical networks.Optical fiber in optical networks has some nonlinear characteristics,such as self phase modulation(SPM),cross phase modulation(XPM),four-wave mixing(FWM)and stimulated Raman scattering(SRS).They can be used to implement high power inter-channel crosstalk attack by malicious attackers.The mechanism of high power inter-channel crosstalk attack is analyzed.When an attack occurs,attack signal power and fiber nonlinear refractive index are the main factors which affect quality of legitimate signals.The effect of high power inter-channel crosstalk attack on quality of legitimate signals is investigated by building simulation system in VPI software.The results show that interchannel crosstalk caused by high power attack signal leads to quality deterioration of legitimate signals propagated in the same fiber.The higher the power of attack signal is,the greater the fiber nonlinear refractive index is.The closer the channel spacing away from the attack signal is,the more seriously the legitimate signals are affected by attack.We also find that when attack position and power of attack signal are constant,attack signal cannot infinitely spread,while its attack ability shows a fading trend with the extension of propagation distance.     

Security Mechanisms of Wired Equivalent Privacy and Wi-Fi Protected Access in WLAN： Review and Analysis

An analysis of WLAN security mechanisms of wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) discovers that the current literature is not totally creditable in its judgment on the security value of WEP and WPA.Based on the respective performances of WEP and WPA under certain typical attacks,this paper substantiates the judgment that WEP has quite a few vulnerabilities concerning confidentiality and integrity,but at the same time challenges the judgment on WPA with that WPA is robust enough to confront potential typical attacks and is not so unreliable as the current literature believes,although it has some vulnerabilities in its message integrity code (MIC).     

Ontology-based approach for legal provision retrieval

In this paper, we present an ontology-based approach for legal provision retrieval. The approach aims at assisting the man who knows little about legal knowledge to inquire appropriate provisions. Legal ontology and legal concept probability model are main functional components in our approach. Legal ontology is extracted from Chinese laws by the natural language processing (NLP) techniques. Legal concept probability model is built from corpus, and the model is used to bridge the gap between legal ontology and natural language inquiries.     

广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。     

地铁突发事件应急体系脆弱性评价研究

随着地铁网络的持续扩大,对地铁突发事件应急体系的脆弱性防范也相应提高,完善地铁突发事件应急体系能够有效提高地铁应对突发事件的能力。针对地铁突发事件应急体系的脆弱性进行研究,构建应急体系脆弱性评估指标,利用层次分析法,确定指标权重,通过运用模糊数学的相关理论,使用模糊综合评价法对地铁突发事件应急体系脆弱性进行评价,最后通过实例分析,验证该方法在评价地铁突发事件应急体系脆弱性上的可行性。     

Robust password and smart card based authentication scheme with smart card revocation

User authentication scheme allows user and server to authenticate each other, and generates a session key for the subsequent communication. How to resist the password guessing attacks and smart card stolen attacks are two key problems for designing smart cart and password based user authentication scheme. In 2011, Li and Lee proposed a new smart cart and password based user authentication scheme with smart card revocation, and claimed that their scheme could be immunity to these attacks. In this paper, we show that Li and Lee＇s sctleme is vulnerable to off-line password guessing attack once the information stored in smart card is extracted, and it does not provide perfect forward secrecy. A robust user authentication scheme with smart card revocation is then proposed. We use a most popular and widely used formal verification tool ProVerif, which is based on applied pi calculus, to prove that the proposed scheme achieves security and authentication.     

日显重要的"非传统安全"问题--兼论中印在非传统安全领域合作

近几年来,"非传统安全"、"非传统安全领域"、"非传统安全威胁"等字眼频频见诸报端.国内外专家、学者也正在展开对"非传统安全"问题的研究,但何谓"非传统安全"和"非传统安全威胁",目前却无定论.至于说非传统安全问题,它包括很多内容,涉及恐怖主义、跨国分裂主义、毒品、走私、能源、跨国犯罪等一系列问题.美国发生9·11事件以来,中国与印度都面临恐怖主义、能源安全等非传统安全问题的挑战,这就需要中印加强合作,共同应对这些影响国际和平与发展的挑战.     

A Strategy for Middleman Attack Prevention in Remote Desktop Protocol

This paper introduces the middleman attack methods which are against the remote desktop protocol(RDP),discusses advantages and disadvantages of several current mainstream prevention strategies,and puts forward a new prevention strategy.The strategy,taking advantage of the original key agreement process of the RDP,designs a piecewise authentication scheme of the key agreement.Using the strategy can achieve the purpose of prevention and detection of middleman attacks.Finally,the security of the strategy is analyzed.     

基于本体的软件需求共享系统设计

从基于语义的信息共享思路出发,设计了一种基于本体的面向特定领域软件需求共享系统,系统分为5层：源文档层、索引本体层、检索层、管理层、表示层.系统基于本体对需求进行语义检索,定义了需求本体系统及描述方法,本体的实例影射到按项目编目存储的需求文档.     

Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

ID-Based Threshold Decryption Secure Against Chosen Plaintext Attack

Introduction Inthresholddecryptioncryptosystems,the powertodecryptissharedamongasetofdecryp-tionservers.In2001,D.BonehandM.Franklin proposedapracticalidentity-basedencryption(IBE)schemefromtheweilpairing.Combining thetwoconceptstogether,some“ID-basedthresh-olddecryption”schemeshavebeenconstructed.In suchschemes,anentity'spublickeyisderiveddi-rectlyfromitsidentity.Atrustedthirdparty calledtheprivatekeygenerator(PKG)usesthe masterkeytogenerateprivatekeysforallentities.Eachdecryptionserve…     

一种关联多本体的科技奖励检索方法

现有的科技奖励检索都是基于关键词的匹配,忽略了对用户查询的语义理解。针对传统信息检索存在的问题以及结合当前面向实际应用的基于本体的语义检索的特点,提出一种关联多本体的科技奖励检索方法。通过对科技奖励项目的领域本体构建,对概念相似度计算方法的改进及关联多本体概念,使扩展词语更能表达用户检索意图。实验结果表明,该方法对比传统查询检索和单独本体扩展检索获得了更好的召回率和准确率。     

Adopting Context Mediation in Information Integration to Resolve Semantic Heterogeneity in Distributed Environment

Ontology-based semantic information integration resolve the schema-level heterogeneity and part of data level heterogeneity between distributed data sources. But it is ubiquitous that schema semantics of information is identical while the interpretation of it varies with different context, and ontology-based semantic information integration can not resolve this context heterogeneity. By introducing context representation and context mediation to ontology based information integration, the attribute-level context heterogeneity can be detected and reconciled automatically, and hence a complete solution for semantic heterogeneity is formed. Through a concrete example, the context representation and the process in which the attribute-level context heterogeneity is reconciled during query processing are presented. This resolution can make up the deficiency of schema mapping based semantic information integration. With the architecture proposed in this paper the semantic heterogeneity solution is adaptive and extensive.     

具有可追查性的抗合谋攻击(t,n)门限签名方案

在分析王斌和李建华的无可信中心门限签名方案(王-李方案)以及X ie-Yu改进方案安全缺陷的基础上,提出了一种新的具有可追查性的抗合谋攻击(t,n)门限签名方案;对新方案的安全性进行了分析,并与现有方案的效率进行了比较.结果表明:该方案不仅能够从根本上抵抗合谋攻击和伪造签名攻击,而且在保证匿名性的前提下,能够真正实现签名成员身份的可追查性,同时通过构造安全的分布式密钥生成协议保证群私钥的不可知性,因此比现有方案具有更高的安全性.此外,新方案的计算量和通信量与王-李方案接近,但优于X ie-Yu方案.     

基于蜜网技术的主动防御系统在校园网中的应用

文章以主动防御技术中的蜜网技术为研究基础,结合防火墙、入侵检测和数据库等网络技术,设计了一个校园网主动防御系统,并通过现有的开源软件加以实现。实际应用情况表明,该系统能很好的对网络攻击做出检测,准确地搜集到攻击者详细的活动信息,从而发现未知的攻击方法、攻击手段,并能帮助校园网网络安全管理部门对未知的攻击方法、攻击手段做出有针对性的防御策略。     

An identity-based encryption scheme with compact ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).