Fully secure revocable attribute-based encryption

Distributed information systems require complex access control which depends upon attributes of protected data and access policies. Traditionally, to enforce the access control, a file server is used to store all data and act as a reference to check the user. Apparently, the drawback of this system is that the security is based on the file server and the data are stored in plaintext. Attribute-based encryption (ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism, even though the file server is compromised, we can still keep the security of the data. Besides the access control, user may be deprived of the ability in some situation, for example paying TV. More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters. And few of previous ABE constructions realize revocation of the users’ key. This paper presents an ABE scheme that supports revocation and has full security in adaptive model. We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.     

Efficient peer-to-peer file sharing in 3G networks

In 3G networks upgraded with high speed packet access (HSPA) technology, the high access bandwidth and advanced mobile devices make it applicable to share large files among mobile users by peer-to-peer applications. To receive files as quickly as possible is essential for mobile users in file sharing applications, since they are subject to unstable signal strength and battery failures. While many researches present peer-to-peer file sharing architectures in mobile environments, few works focus on decreasing the time spent in disseminating files among users. In this paper, we present an efficient peer-to-peer file sharing design for HSPA networks called efficient file sharing (EFS) for 3G networks. EFS can decrease the dissemination time by efficiently utilizing the upstream-bandwidth of mobile nodes. It uses an adaptive rearrangement of a node’s concurrent uploading transfers, which causes the count of the node’s concurrent uploading transfers to lower while ensuring that the node’s upstream-bandwidth can be efficiently utilized. Our simulations show that, EFS achieves much less dissemination time than other protocols including Bullet Prime and a direct implementation of BitTorrent for mobile environments.     

Personalization method of e-catalog based on user interesting degree

The user interesting degree evaluation index is designed to fulfill the users’ real needs, which includes the user’ attention degree of commodity, hot commodity and preferential commodity. User interesting degree model (UIDM) is constructed to justify the value of user interesting degree; the personalization approach is presented; operations of add and delete nodes (branches) are covered in this paper. The improved e-catalog is more satisfied to users’ needs and wants than the former e-catalog which stands for enterprises, and the improved one can complete the recommendation of related products of enterprises.     

A probability approach to anomaly detection with twin support vector machines

AbstractClassification of intrusion attacks and normal network flow is a critical and challenging issue in network security study. Many intelligent intrusion detection models are proposed, but their performances and efficiencies are not satisfied to real computer networks. This paper presents a novel effective intrusion detection system based on statistic reference model and twin support vector machines (TWSVMs). Moreover, a network flow feature selection procedure has been studied and implemented with TWSVMs. The performances of proposed system are evaluated through using the fifth international conference on knowledge discovery and data mining in 1999 (KDD’99) data set collected at MIT’s Lincoln Labs and the results indicate that the proposed system is more efficient and effective than conventional support vector machines (SVMs) and TWSVMs.     

Web数据库中最小失败子查询问题研究

随着网络的普及,越来越多的网络用户通过Web数据库提供的查询接口进行数据查询。但是用户往往会遇到发出查询条件而没有返回结果的现象即空查询结果问题。造成这种情况的原因可能是一方面用户查询意图模糊,不能够准确地描述查询要求。另一方面,用户明确查询需求但Web数据库却找不到任何符合查询条件的结果。针对这种情况可以分析发现找到造成查询失败的子查询条件是解决问题的关键。本文的主要研究分两个步骤:首先,将用户发出的查询条件分解为单个的原子查询条件;然后找到造成查询失败的最小失败子查询(Minimal Failing Sbuquery,MFS)集合。     

A General Attribute and Rule Based Role-Based Access Control Model

Growing numbers of users and many access control policies which involve many different resource attributes in service-oriented environments bring various problems in protecting resource.This paper analyzes the relationships of resource attributes to user attributes in all policies, and propose a general attribute and rule based role-based access control(GAR-RBAC) model to meet the security needs. The model can dynamically assign users to roles via rules to meet the need of growing numbers of users. These rules use different attribute expression and permission as a part of authorization constraints, and are defined by analyzing relations of resource attributes to user attributes in many access policies that are defined by the enterprise. The model is a general access control model, and can support many access control policies, and also can be used to wider application for service. The paper also describes how to use the GAR-RBAC model in Web service environments.     

Certificateless message recovery signatures providing girault’s level-3 security

A digital signature with message recovery is a signature that the message itself (or partial of the message) is not required to be transmitted together with the signature. It has the advantage of small data size of communication comparing with the traditional digital signatures. In this paper, combining both advantages of the message recovery signatures and the certificateless cryptography, we propose the first certificatelss signature scheme with message recovery. The remarkable feature of our scheme is that it can achieve Girault’s Level-3 security while the conventional certificateless signature scheme only achieves Level-2 security. The security of the scheme is rigorously proved in the random oracle model based on the hardness of the k bilinear Diffie-Hellman inverse (k-BDHI) problem.     

Aero-optical characteristics of supersonic flow over blunt wedge with cavity window

The optical rays that form the image of an object and propagate a supersonic flow over a vehicle are refracted by the density variations. A numerical analysis of the aero-optical characteristics of supersonic flow over blunt wedge with a cavity window is carried out. A hybrid method of Reynold averaged Navier-Stokes and direct simulation Monte Carlo (RANS/DSMC) is employed to simulate the flowfield. Refraction factor is introduced to evaluate the flowfield’s aero-optical characteristic. The results show that mean flow’s aero-optical effects are mainly caused by the shock wave, the expansion wave and the turbulent boundary layer. Fluctuation flow’s aero-optical effects are mainly caused by the turbulent boundary layer and the shock wave induced by the cavity window. The aero-optical effects at the leading side of window are caused by the mean density variations, while the effects at the trailing side are caused by the density fluctuations. Different draft angles of the cavity window are investigated. The airborne optical devices of supersonic vehicle should be mounted in the middle of the cavity window with a large draft angle.     

Chosen ciphertext secure identity-based broadcast encryption in the standard model

To give concurrent consideration both the efficiency and the security (intensity of intractable problem) in the standard model, a chosen ciphertext secure identity-based broadcast encryption is proposed. Against the chosen ciphertext security model, by using identity (ID) sequence and adding additional information in ciphertext, the self-adaptive chosen identity security (the full security) and the chosen ciphertext security are gained simultaneously. The reduction of scheme’s security is the decisional bilinear Diffie-Hellman (BDH) intractable assumption, and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption. So the security level is improved, and it is suitable for higher security environment.     

基于网络服务状态分析的安全态势定量感知方法

针对网络安全状况量化分析难的现状,运用博弈论开展基于影响模型的网络安全态势定量感知方法研究.该方法将网络服务状态作为基本态势要素,综合考虑网络系统中存在的攻防行为,建立了网络安全态势博弈模型,并对状态空间、策略集和效用函数等模型参数给出了明确定义,经仿真实验找到该模型的Nash均衡解,在均衡局势下攻防双方达到收益平衡,完成了对网络安全态势的定量刻画.研究表明,该方法无需考虑攻击行为细节,具有效率高、实时性较强等特点,全面完成了对网络安全态势的量化分析,为安全管理员正确决策提供支持.     

An efficient threshold key-insulated signature scheme

To tackle the key-exposure problem in signature settings, this paper introduces a new cryptographic primitive named threshold key-insulated signature (TKIS) and proposes a concrete TKIS scheme. For a TKIS system, at least k out of n helpers are needed to update a user’s temporary private key. On the one hand, even if up to k−1 helpers are compromised in addition to the exposure of any of temporary private keys, security of the non-exposed periods is still assured. On the other hand, even if all the n helpers are compromised, we can still ensure the security of all periods as long as none of temporary private keys is exposed. Compared with traditional key-insulated signature (KIS) schemes, the proposed TKIS scheme not only greatly enhances the security of the system, but also provides flexibility and efficiency.     

Precise zero-knowledge arguments with poly-logarithmic efficiency

Precise zero-knowledge was introduced by Micali and Pass in STOC’06. This notion captures the idea that the view of a verifier can be reconstructed in almost same time. Following the notion, they constructed some precise zero-knowledge proofs and arguments, in which the communicated messages are polynomial bits. In this paper, we employ the new simulation technique introduced by them to provide a precise simulator for a modified Kilian’s zero-knowledge arguments with poly-logarithmic efficiency (this modification addressed by Rosen), and as a result we show this protocol is a precise zero-knowledge argument with poly-logarithmic efficiency. We also present an alternative construction of the desired protocols.     

Exploiting empirical variance for data stream classification

Classification, using the decision tree algorithm, is a widely studied problem in data streams. The challenge is when to split a decision node into multiple leaves. Concentration inequalities, that exploit variance information such as Bernstein’s and Bennett’s inequalities, are often substantially strict as compared with Hoeffding’s bound which disregards variance. Many machine learning algorithms for stream classification such as very fast decision tree (VFDT) learner, AdaBoost and support vector machines (SVMs), use the Hoeffding’s bound as a performance guarantee. In this paper, we propose a new algorithm based on the recently proposed empirical Bernstein’s bound to achieve a better probabilistic bound on the accuracy of the decision tree. Experimental results on four synthetic and two real world data sets demonstrate the performance gain of our proposed technique.     

Wrinkle analysis of the space inflatable paraboloid antenna

The presence of wrinkles in the membrane is the main factor to induce the reflector surface inaccuracy of the space inflatable antenna. Based on the commercial finite element package ABAQUS, a numerical procedure for membrane wrinkle analysis was set up and used to analyze a space inflatable antenna which was under inner pressure to evaluate its wrinkle characteristics. First, the inner pressure effect on the reflector’s wrinkle pattern was studied thoroughly. As inner pressure increases, both the number and the amplitude of the wrinkles decrease, but the total deformation of the whole reflector surface increases much. Second, the influence of the interactions between antenna’s parts was investigated comprehensively. Any kind of unwanted interaction deteriorates reflector’s wrinkle characteristics. The works are valuable to the development and research of the space inflatable antenna.     

一种高效的移动云服务环境下隐私保护认证协议

为了解决移动云服务环境的互相认证和隐私保护问题,设计了一种改进的移动云服务环境下隐私保护认证协议.该协议结合基于身份的签密技术和多服务器认证技术,保证用户只需注册一次,就可以访问多个移动云服务提供者,同时认证过程不需要可信第三方参与;该协议在移动终端未使用计算复杂度高的双线性对运算和映射到域上的hash运算,其计算效率显著提高. 通过理论分析和实验结果可知:该协议与目前已有的同类协议相比,在移动端的计算时间为45.242 s,其计算效率约为已有同类协议的2倍;具有用户匿名和不可追踪等安全性质;能够抵抗错误口令登录、更改攻击.      

具有多点记忆功能的视频播放器的设计与研究

具有多点记忆功能的视频播放器能够让用户自行设置视频观看点,同时能够对视频观看点加上关于视频的文字说明,对于用户日后要反复观看和学习的视频,能快速地找到并播放相应的视频片段,提高用户查找视频中特定信息的效率.     

基于粗集和神经网络的用户访问模式挖掘

用户访问模式发现是构建自适应网站的关键技术.提出了一种基于粗糙集和神经网络相结合的用户访问模式的发现方法,建立了用户访问模式的一般模型.针对Web日志数据通常数据量大、冗余,以及页面之间关系不确定的特点,将粗糙集作为前端预处理器,简化信息处理空间,去掉冗余,采用神经网络聚类分类用户群,从而发现用户访问页面的方式.最后,通过实验分析表明文中方法的有效性.     

自动交换光网络连接管理系统的研究设计

分析了自动交换光网络连接管理系统的功能需求,设计了连接管理系统的主类,并将主类划分成表示层、业务逻辑层和数据访问层的多层结构.设计了端到端连接的创建流程,并通过时序图说明了对象之间的交互过程,以及对象协作图说明了对象之间的协作关系以及数据流向.最后,通过试验网对实现的连接管理系统进行了测试验证.     

A new method based on the non-isothermal kinetic equation to estimate the critical temperature of thermal explosion for energetic materials using non-isothermal DSC

A method for estimating the critical temperature of thermal explosion for energetic materials using differential scanning calorimetry (DSC) measurement is derived from the Semenov’s thermal explosion theory and the non-isothermal kinetic equation based on Harcourt-Esson’s kinetic equation. The result obtained from this method coincides completely with that of the Hu-Yang-Liang-Wu method.     

Strong key-insulated signature in the standard model

The only known construction of key-insulated signature (KIS) that can be proven secure in the standard model is based on the approach of using double signing. That is, the scheme requires two signatures: a signature with a master key and a signature with the signer’s secret key. This folklore construction method leads to an inefficient scheme. Therefore it is desirable to devise an efficient KIS scheme. We present the first scheme with such a construction. Our construction derives from some variations of the Waters’ signature scheme. It is computationally efficient and the signatures are short. The scheme is provably secure based on the difficulty of computational Diffie-Hellman (CDH) problem in the standard model.