INTRANET关键技术及其信息安全新方案的研究

对Intranet关键技术的实现方法及其方案进行了讨论；在信息安全方面，对于Intranet网络上采用的数据加密、数字水印、身份验证、网络反病毒、防火墙等安全技术进行了理论分析与探讨，并提出了新方案．其宗旨在于为Intranet安全性建设提供理论参考，同时提出安全性Intranet管理建设的原则．     

防火墙技术在铁路Interanet安全系统中的应用

分析了建设铁路Intranet安全系统的实际意义，并结合当前防火墙技术，提出了铁路Intranet安全系统中防火墙的设计原则，针对Intranet网络为路内外用户提供的网络服务，提出相应的防火墙解决方案。     

一种新的远端移动代理的安全保护机制

在目前的移动代理系统中，保护主机免受恶意代理攻击的研究已经取得了很大的进展，而对于远端移动代理免受恶意主机攻击的问题，尚没有很好的解决方案，文中提出了一种利用JavaCard为远端移动代理，提供安全的执行环境的保护机制，并在此基础上引入了基于布尔代数运算的代码分割算法以提高本方案的安全性．实验结果证明该方案具有较好的安全性和健壮性．     

增强型第二层隧道协议eL2TP设计与实现

分析了第二层隧道协议L2TP的工作原理，讨论了该协议的安全缺陷，并列举了攻击者可能进行的攻击手段，针对L2TP协议的安全漏洞，提出了增强型第二层隧道协议eL2TP的概念．通过设计eL2TP的报头格式，以及在第二层隧道协议中引入双向认证、有条件的不定期认证、数据加密和完整性验证等思想，形成在实现上与L2TP兼容、在安全性能上比L2TP更高的增强型第二层隧道协议eL2TP．     

Intranet安全技术的研究

由于历史和技术的原因，我国的Intranet安全没有得到应有的重视，是个薄弱环节，文中对于Intranet网络上采用的数据加密，数字水印，身份验证，网络反病毒，防火墙等安全技术进行了理论分析与探讨，其宗旨在于为Intranet安全性建设提供理论,向时提出安全性Intranet管理建设的原则。     

基于攻击层次的重放攻击分类

从密码协议消息块、块间、步间和协议间4个攻击层次，提出了基于攻击层次的重放攻击分类．这种分类方法不仅包含了Syverson的分类，还将重放攻击扩展到了协议层次．给出了各层次可行的重放攻击实施的方式．根据此分类可以从块、块间、步间和协议间4个层次，快速地检查并发现安全协议中是否存在重放攻击．     

基于蜜网技术的主动防御系统在校园网中的应用

文章以主动防御技术中的蜜网技术为研究基础,结合防火墙、入侵检测和数据库等网络技术,设计了一个校园网主动防御系统,并通过现有的开源软件加以实现。实际应用情况表明,该系统能很好的对网络攻击做出检测,准确地搜集到攻击者详细的活动信息,从而发现未知的攻击方法、攻击手段,并能帮助校园网网络安全管理部门对未知的攻击方法、攻击手段做出有针对性的防御策略。     

Intranet平台上企业MIS系统方案设计

提出了一种基于Intranet的MIS系统结构,构造了一种以Intranet为技术平台的企业级MIS的设计方案．并进一步给出了该方案的网络结构、软件配置、安全措施、实现步骤以及系统的主要功能,最后说明将Intranet技术应用到企业级MIS中会显著提高企业的工作效率．     

百年TUV南德意志集团确保中国轨道交通安全——访TOV南德意志大中华集团总裁兼首席执行官范华德（Dirk von Wahl）先生

随着中国经济的迅猛发展．轨道交通也进入了高速发展期，越来越多的城市开始增建地铁，轻轨、有轨电车等城市公共交通设施。为社会公众提供安全、可靠的轨道交通服务，加强对轨道交通安全设计、验收、并做好风险管理与安全评估。     

一个安全高效的无证书签名方案的分析和改进

对刘倩等提出的一个无证书签名方案进行安全性分析。结果表明,方案存在公钥替换攻击,且方案使用了双线性对运算导致效率下降。在此基础上,提出一个新的不使用双线性对的无证书签名方案,并证明了方案可以抵抗两类攻击者的攻击。最后,将提出的改进方案与已有的无证书签名方案进行效率比较,发现新方案具有较高的效率。     

一种基于Logistic混沌序列的加密隐藏算法

利用混沌序列的随机性和不可预测性,可将其作为密钥进行数据加密.同时,传统的加密技术所得到的密文容易被攻击者发现,影响了信息的安全性.本文有效地引入信息隐藏方法,提出了基于Logistic混沌序列并将加密与隐藏相结合的算法,防止密文在传送中被监测到,提高了信息的安全性.     

A Multi-homed VPN Architecture Based on Extended SOCKS＋TLS Protocols

IntroductionThe security and performance of corporatenetwork system (end system) is becoming increas-ingly important, so VPN systems are often de-ployed to enhance the security of end systems.AVPN is provisioned over public or a third networkinfrastructure through different security protocols,to provide dedicated connectivity to a closed groupof users. The current tunneled VPNs are morelightweight but without over-provisioning by thenetwork provider give no assured quality of serviceand th…     

Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

铁路通信网络安全的分析测试与可信防御研究

为了保障我国铁路通信系统的网络安全,提出了一种基于可信计算和软件定义网络（software-defined networking,SDN）相结合的铁路通信网安全体系架构. 首先,从我国铁路通信系统网络整体架构出发,采用故障树分析方法,以“恶意人员造成铁路业务中断”为故障树的顶事件,对系统所面临的网络安全风险进行分析;其次,进行了仿真测试,根据测试结果拟合了一个恶意人员针对铁路通信系统的威胁场景. 通过仿真测试结果和分析表明,本文所提出的架构可以更好地应对大规模、针对性强的网络攻击行为,从而保障和提高我国高速铁路通信网络安全.      

Ontology-based model of network and computer attacks for security assessment

With increased cyber attacks over years,information system security assessment becomes more and more important.This paper provides an ontology-based attack model,and then utilizes it to assess the information system security from attack angle.We categorize attacks into a taxonomy suitable for security assessment.The proposed taxonomy consists of five dimensions,which include attack impact,attack vector,attack target,vulnerability and defense.Afterwards we build an ontology according to the taxonomy.In the ontology,attack related concepts included in the five dimensions and relationships between them are formalized and analyzed in detail.We also populate our attack ontology with information from national vulnerability database(NVD)about the vulnerabilities,such as common vulnerabilities and exposures(CVE),common weakness enumeration(CWE),common vulnerability scoring system(CVSS),and common platform enumeration(CPE).Finally we propose an ontology-based framework for security assessment of network and computer systems,and describe the utilization of ontology in the security assessment and the method for evaluating attack efect on the system when it is under attack.     

基于细胞自动机的软键盘布局随机化方案

软键盘被广泛应用于敏感信息输入,但攻击者有可能通过消息截获、控件分析、偷窥、截屏或鼠标记录等方法得到软键盘的输入信息.本文总结和拓展了攻击方法并对相应防御措施进行了探讨;针对键盘布局随机化这一重要防御措施,对现有各方案进行分析;最后设计实现了一种基于细胞自动机的,与输入信息内容和输入过程相关联的软键盘布局随机化方案CAR,实验表明,这一方案具有良好的安全性和可用性.     

路网环境下高速公路机电设备维护管理系统的研究

机电系统涉及通信技术、计算机技术、供电技术、控制技术、管理科学等多个领域,其管理技术难度较大,同时．系统设备发布在路网各路段沿线,其空间的分布性也给设备管理带来了很大的困难。因此,研究路网环境下高速公路机电设备维护管理的特点．利用先进的信息技术．建立基Intranet和GIS机电系统设备维护管理信息系统十分必要。     

Attribute-based signature on lattices

Attribute-based signature is a versatile class of digital signatures. In attribute-based signature, a signer obtains his private key corresponding to the set of his attributes from a trusted authority, and then he can sign a message with any predicate that is satisfied by his attributes set. Unfortunately, there does not exist an attribute- based signature which is resistance to the quantum attacks. This means we do not have secure attribute-based signature schemes in a post-quantum world. Based on this consideration, an attribute-based signature on lattices, which could resist quantum attacks, is proposed. This scheme employs ＂bonsai tree＂ techniques, and could be proved secure under the hardness assumption of small integer solution problem.     

Effects of denial of service attack in mobile ad hoc networks

Mobile ad hoc networks are often deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DoS) attacks launched through compromised nodes or intruders. In this paper, we investigated the effects of flooding attacks in network simulation 2 (NS-2) and measured the packet delivery ratio and packet delay under different flooding frequencies and different numbers of attack nodes. Simulation results show that with the increase the flooding frequencies and the numbers of attack nodes, network performance drops. But when the frequency of flooding attacks is greater than a value, the performance decrease gets smooth. Meanwhile the packet delay firstly increases and then declines to a value of stability at the end.