利用SOAP扩展实现Web服务中SOAP消息的安全

在利用SOAP消息与Web服务进行通信时,消息本身受到来自网络的各种安全性威胁.虽然SOAP的规范不涉及安全问题,但是允许安全问题作为扩展而被处理.文中通过对.NET framework的SOAP扩展机制的分析,提出了一种利用SOAP扩展加密Web服务中SOAP消息的方法.在对称加密和非对称加密的原理及Web服务技术的基础上,给出了一个具体的实施方案,使SOAP消息在进入公共网络前实现稳健加密.     

基于SOAP扩展的Web服务安全模型

结合WS-Security安全规范,提出了一个基于简单对象访问协议（Simple Object Access Protocol,即SOAP）扩展的Web服务安全模型系统．该模型进行了常规SOAP的扩展和授权信息的扩展．它有以下4个特点：端到端的安全性、应用的独立性、传输的独立性、存储消息的安全性．     

集成CORBA的Web服务平台中CORBA客户端的设计与实现

利用web服务技术把已有的CORBA系统封装起来并向外界提供服务时，在服务端处理和响应客户端发送过来的SOAP消息、进行CORBA系统服务调用，并能向客户端返回处理结果。     

Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

一种高效的Web服务访问控制器设计

针对基于SOAP扩展的Web服务安全模型中的访问控制器,进行了详细的设计,有效地克服了传统的访问控制技术中的不足,可以减少授权管理的复杂性．     

智能交通系统与系统间通信协议研究

针对智能交通通信系统存在的“互操作”和“互换性”差的问题,在介绍NTCIP协议框架的基础上,分析了其C2C通信协议的优劣,提出了用XML/SOAP来实现C2C通信的方案。     

The RSA Cryptoprocessor Hardware Implementation Based on Modified Montgomery Algorithm

RSA (Rivest-Shamir-Adleman)public-key cryptosystem is widely used in the information security area such as encryption and digital signature. Based on the modified Montgomery modular multiplication algorithm, a new architecture using CSA(carry save adder)was presented to implement modular multiplication. Compared with the popular modular multiplication algorithms using two CSA, the presented algorithm uses only one CSA, so it can improve the time efficiency of RSA eryptoproeessor and save about half of hardware resources for modular multiplication. With the increase of encryption data size n, the clock cycles for the encryption procedure reduce in T(n^2), compared with the modular multiplication algorithms using two CSA.     

用WSE 3.0实现Web服务安全中的签名与加密

签名和加密是实现Web服务安全中的常用技术.Web服务安全开发工具包WSE 3.0的推出,为Web Services安全问题提供了新的解决方案.本文给出了用WSE 3.0实现部分签名和加密的具体过程,具有广泛的实用性.     

恶意主机上Mobile Agent安全解决方案

根据非对称加密原理提出了恶意主机上Mobile Agents（MA）的安全解决方案。在该方案中，只有得到许可的主机才能执行MA的代码，交换的数据也要求加密。当MA返回源主机后可根据MA执行过程中的信息判断是否有目标主机对其有恶意行为。分析了恶意主机上MA所受到的安全威胁，并用所提出的方案逐一分析解决了MA所受到的安全威胁。     

一种基于Logistic混沌序列的加密隐藏算法

利用混沌序列的随机性和不可预测性,可将其作为密钥进行数据加密.同时,传统的加密技术所得到的密文容易被攻击者发现,影响了信息的安全性.本文有效地引入信息隐藏方法,提出了基于Logistic混沌序列并将加密与隐藏相结合的算法,防止密文在传送中被监测到,提高了信息的安全性.     

Keyword search encryption scheme resistant against keyword-guessing attack by the untrusted server

The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage （testing） server. The testing （query） secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.     

Identity-based Encryption with Non-Interactive Opening

An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.     

城市一卡通IC卡在线加值之解决方案

论文首先对城市一卡通IC卡在线加值解决方案的国内外发展背景进行了分析论述,提出IC卡在线加值要以住建部密钥系统为安全基础保证,并分析了IC卡在线加值安全保证的住建部密钥系统的的重要性,并对住建部密钥的结构进行分解分析；提出了IC卡在线加值系统的系统层次,安全容错方法,并归纳了在线充值的数据处理流程.     

一种基于网络安全的复合加密算法的研究

加密技术是保护网络安全的主要手段之一.在传统的DES RSA复合加密算法中,DES不仅存在着弱密钥和半弱密钥,而且在代数结构上存在着互补对称性,在一定程度上降低了破解密文的难度.文中提出一种新的复合加密算法TRA,在提高加密强度的前提下,解决以上问题.描述了TRA的模型和加密过程,并通过相关数据对该算法进行测试,分析了该算法的正确性、复杂度、安全性和效率等,并与传统的复合加密算法进行比较.     

An identity-based encryption scheme with compact ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).     

Chosen ciphertext secure fuzzy identity based encryption without ROM

Two new constructions of chosen-ciphertext secure fuzzy identity-based encryption(fuzzy-IBE) schemes without random oracle are proposed.The first scheme combines the modification of chosen-plaintext secure Sahai and Waters'"large universe"construction and authenticated symmetric encryption, and uses consistency checking to handle with ill-formed ciphertexts to achieve chosen-ciphertext security in the selective ID model.The second scheme improves the effciency of first scheme by eliminating consistency checking.This improved scheme is more effcient than existing chosen-ciphertext secure fuzzy-IBE scheme in the standard model.     

Chosen ciphertext secure identity-based broadcast encryption in the standard model

To give concurrent consideration both the efficiency and the security (intensity of intractable problem) in the standard model, a chosen ciphertext secure identity-based broadcast encryption is proposed. Against the chosen ciphertext security model, by using identity (ID) sequence and adding additional information in ciphertext, the self-adaptive chosen identity security (the full security) and the chosen ciphertext security are gained simultaneously. The reduction of scheme’s security is the decisional bilinear Diffie-Hellman (BDH) intractable assumption, and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption. So the security level is improved, and it is suitable for higher security environment.     

GSM-R系统的安全策略研究与改进

由于网络结构与用户终端移动性本身的制约,GSM-R本身存在着一些网络安全隐患,本文旨在提出GSM-R系统安全策略的改进方案.文章结合GSM-R系统在铁路上的应用,简要阐述了现有GSM-R系统所采用的安全机制和存在的安全缺陷.针对GSM-R系统采用的单向认证和信息加密的局部性两个方面分别提出了相应的改进方案,即系统的双向认证和端到端加密,并详细描述了认证过程和加密过程.     

基于混沌系统的量子彩色图像加密算法

为了提高图像安全性,将混沌系统引入到量子图像加密领域. 首先通过Chen混沌将图像按位异或;然后将彩色图像表示为量子的叠加态,通过Logistic混沌序列产生幺正矩阵对量子图像进行置乱;再次产生一个混沌序列对每个像素的红绿蓝三基色进行随机互换,达到对量子图像加密的目的;最后,在经典计算机上进行了模拟实验,结果表明加密后图像直方图更为平滑,像素平均分布在0～255范围内,图像相邻像素相关性低,加密图像红绿蓝像素相关系数平均值分别为0.001 6、0.001 7和0.003 8,并且密钥敏感性高,能有效抵抗穷举攻击和统计攻击,算法具有良好的有效性和可行性.      

运用于京沪高铁动车组WTD技术中的加密算法与运行保障机制

WTD技术（车载无线传输网关技术）通过利用随车配置的WTD设备与动车组之间的通信,对车辆的实时信息进行采集、处理和发送,使得在地面接收端的信息处理系统能够有效的监控与管理动车组.对应用于京沪高铁WTD技术的通信安全与通信保障的需求变得迫切.本文通过引入Blowfish加密算法与特殊设计的运行保障机制,使得改进后的WTD技术不仅能够进行安全的通信,并能够提供长时间的高效稳定的数据传输服务.