2008 Vol. 33, No. 10
Firstly some weaknesses of TCG trusted platform module(TPM) are pointed out,then a new type trusted platform module is introduced.It is a second generation trusted platform module in China.There are rich compution and encryption resources in it;its functions are powerful its performances are advanced.This module not only accords with the technical standard of TCG on TPM,but also accords with the technical standard of China on TCM.The results of practical tests show that the speed of encrypting and decrypting is very higher,therefor it completely satisfies the requirements of different applications of trusted platform module.
Network security situation awareness technology is a novel technology to defend attacks and intrusions and provide global network security situation in an active and real-time style.The hierarchical realization model of network security situation awareness is built.The corresponding realization method of each layer is put forward respectively,including network security situation element extraction based on multi-classifier fusion,hierarchical situation assessment based on statistical learning and dynamic situation prediction based on back propagation neural network with genetic algorithm.Experimental results show that the proposed realization methods are feasible and reasonable.
Considering the secure network connection and dependable routing of the routers,a routing model is proposed based on the trust theory.This model takes the trusted network connection as the starting point,and then analyzes the interactive behaviors between routers,referring to the complex theory,and appraisal the network security risk and network gain brought by the connection of the routers entities to quantify the trust relationship.For the second,a dependable flooding algorithm of trust is carried out.At last,a routing algorithm based on the minimum of trust degree routing entropy is presented,which does well in avoiding routers with low trust degree and takes into account the routing efficiency.This model aims to be used in the next-generation connection-oriented Internet which is controllable and trustworthy.
Based on matrix multiplication secret sharing theory,a new compressible image sharing scheme is proposed.Taking advantage of compressible matrix projection,this scheme directly creates shadow image so as to,consequently,effectively overcome the drawback which requires the secret image is permutated before it is shared in literature.Besides,its complex degree is lower than the scheme's one in literature.Meanwhile,this scheme reduces the size of each shadow image to become 1/t of the secret image's one.
Through theoretical analyzing the classical Farid high order statistic linear prediction model based on discrete Haar wavelet,a R-Farid linear prediction model is proposed by revising its inconsistent relativity area,and then it is defined as Farid high order statistic model,a R-Farid high order statistic model is designed.Experimental results show that it really improves the steganalysis accuracy rate.
Trusted platform module(TPM) proposed by TCG was a subordinate device and the root of trusted measurement was put into BIOS,which faces the threat to be tampered.In order to solve the problem,a novel design of Trusted platform control module(TPCM),in which the root of trusted measurement has been incorporated into the module.Therefore it is helpful to solve problems of protecting the root and the original point of measurement;meanwhile,a new kind of scheme is proposed based on the module,which establishes an active trust transitive architecture.Based on above implementation,the module shows a critical feature of controlling effect on whole platform.
SMS4 algorithm is the first commercial algorithm published by the government.The embedded system also needs a commercial algorithm to protect the data security.Paper give a model how to using the SMS4 in embedded system is given.At last,the relationship a model and embedded system is deeply discussed.
Software fault tolerance technique is used to ensure high reliability.In order to evaluate the quality of fault-tolerant systems,expected execution time and cost must be considered.A new evaluation strategy is proposed to evaluate,evaluating the system with three groups of quality factors,which is the capability,the time and the cost.By using them,the system's integrative quality factor can be calculated.When applying this strategy,we compare the quality of software systems which is consist of different fault-tolerant components.The results can be used to improve fault-tolerant system.To achieve the required optimal result,several optimization schemes are given to meet different project demands.
Key management is one of the most challenging security problems in wireless sensor networks.Most of the existing key management schemes is supposed used in homogeneous wireless sensor networks in which all the sensor nodes have the same structure and capability.But the homogeneous wireless sensor network does not good at improving the network's life time as well as connectivity.Since there are some different nodes that can establish the same pairwise key between them in some random key pre-distribution schemes,a key management scheme is proposed based on polynomial for heterogeneous wireless sensor networks(HWSN).From the simulations,it is clear that the key management scheme proposed can substantially improve the network connectivity with low storage requirement and enhance the network security level.
Most of current digital watermarking algorithms for relational databases can only embed digital watermark into numeric data.They seldom deal with nonnumeric data.Therefore,research on digital watermarking algorithms that can embed watermark into non-numeric data is very important,which will expand the application of digital watermarking.The particularity of embedding digital watermark into non-numeric data is analyzed.A simple substitution algorithm is firstly proposed,which can embed digital watermark into single attribute.Then an improving approach is proposed to extend the previous algorithm to multiple attributes.On the purpose of making less change to the statistics of the data in watermarking,a statistic control algorithm is then proposed to improve the previous two algorithms.Finally,some relative experiments are designed to test the proposed algorithms.The experimental results show that the algorithms are effective and robust.
In order to implement image splicing blind detection,a new splicing detection scheme is proposed based on the model consisting of features from hidden Markov model and some image quality metrics(IQMs) extracted from the given test image,which are sensitive to spliced image.This model can measure statistical differences between original image and spliced image.Kernel-based support vector machine(SVM) is chosen as a classifier to train and test the given image.Experimental results show that the new splicing detection scheme has some advantages of highaccuracy and widelapplication.
The emergence of general security hardware provides operating system and electronic equipment with a hardware-based security protection,but there were few studies about using the hardware to provide system-level security protection directly.A multi-kernel structure SmartMK was proposed to support applications of different security levels and different types;based on the trusted platform module(TPM) and the new CPU security technology,the strong separation and secure communications mechanisms between multi-kernel were realized and the security of the operating system operating environment was achieved by the hardware and software together.A mandatory access control model was offered to the SmartMK reduce the complexity of access control.Performance testing and application of SmartMK showed that it can effectively strengthen the system security while guaranteeing the system's efficiency.
In order to realize fast and real time decision for Web resource access control,an improved algorithm called AC-BMH-QS is proposed.This algorithm based on existing algorithms contains two progresses for pretreatment and matching.The reversed finite automaton is built in pretreatment progress with values of two displacement functions calculated.The finite automaton is matched with object string in matching progress,in which the larger value of two functions is the distance that automaton moves.Factors that influence performance are analyzed according to examination results.And the results show that this algorithm could predigest calculation and advance efficiency.
Saving energy and security are a pair of contradictions demand of application research in wireless sensor networks(WSN).In order to reconcile this pair of contradictions,energy-efficient secure topology control protocol(ESTCP),an energy-efficient secure topology control protocol for wireless sensor networks is presented.In ESTCP,structured topology is formed according to node locations.In order to control new nodes in different situations securely adding to network,techniques of one way hash chain and symmetric cryptographic key are adopted in ESTCP.And temporal clusters are formed among new nodes for reducing energy consumption caused by new nodes authentication.Analysis and simulation results show that ESTCP effectively guarantees the security of topology control in consuming less resource.
Aimed at the problem that grids are more prone to failures,and existing failure detection algorithms can not satisfy the unique requirement of grids,an efficient and scalable failure detection algorithm is then presented.According to the characteristics of grids and the small world theory,the authors established a small world based grid system model and a fault detection model;Combined unreliable fault detection method with heartbeat strategy and grey prediction model,they designed a dynamic heartbeat mechanism,and presented the efficient and scalable fault detection algorithm for grid systems further.They also analyzed the performance of the algorithm theoretically,such as how to select performance factors,as well as accuracy,completeness and scalability of the algorithm.At last,experimental result demonstrates that the algorithm is valid and effective,can be used for fault detection under grid environments.
The problems of existing authentication frameworks are analyzed,and a universal authentication protocol is proposed for the multi-domain.Moreover,entity authentication for cross-domain is supported in the protocol.Especially,by using the modular approach under the Canetti-Krawczyk model,the security of entity authentication is analyzed.It is shown that the proposed protocol is secure and could achieve the security requirements,and the protocol is a secure and fast authentication with high expansibility.This protocol can be applied to the authentication between the networks which use the difference authentication frameworks.
Inspired by the self-adaptation,diversity,memory ability in artificial algorithm,and combining the robustness and distribution in multi-agent system's architecture,an immune multi-agent active defense model for network intrusion is established;the concept of immune agent is introduced;and its logical structure and running mechanism are established.This model implements the multi-layer and distributed active defense mechanism for network intrusion.Experiment results show that this model is a good solution to the network security defense.
Two copies of stego-image are needed in the active steganalysis proposed by Chandramouli,as an improvement,a method of active steganalysis is proposed in which only one copy of stego-image is needed and the practicability is enhanced.An estimate of a cover image by wavelet-domain hidden Markov tree(HMT) is obtained;and the estimate is regarded as another stego-image which is different in the embed ratio.Then cover image and the secret message are separated by using the independent component analysis(ICA).Simulation experiments validate the advantage of HMT model,and give the results of blind separation.
According to the fact that there are some secure faults in software download schemes due to the lack of trust measurement in software download for mobile equipments,making use of trust mechanism of identity management and secure characteristics such as integrity verification,protect storage,domain isolation,access control and remote platform verifying trusted computing possess,software download service model based on trust measurement of trusted identity management architecture has been put forward,software download service process has been designed,software download service protocol has been studied,the security performance of the protocol has been analyzed,the security performance comparison between several software download schemes has been made,the result shows that the scheme improve security performance of software download effectively.
As the key component of the emerging information security trend: trusted computing,conformance testing on the trusted platform module(TPM) is very necessary.While current works on TPM testing are mainly based on traditional testing methods and experiences;the state machine theory provides solid foundation for correctness of the conformation testing.This paper proposes conformance testing model based on TPM specification,related testing strategies and flexible testing framework for the automation testing.
It is point out that the digital watermarking system is a proof system through researching the watermarking system model.Define the concepts of watermark embedding point and watermark detection point and give the condition of availability and fair of the watermarking system must be met.A novel watermarking scheme based on the structure of correcting code is proposed,and analysis the scheme in theory and get the result that this scheme is robust for some attack and signal processing.Finally,it is pointed out that this scheme can be translate to secure public watermark detecting system based on the extended TPM technology.
A new improved password authentication scheme is proposed,which is user anonymity,can fix the Hwang-Yeh's scheme and provide more other security properties such as server spoofing attacks,forge attacks,etc.According to security properties comparisons among Peyravian-Zunic's scheme,Hwang-Yeh's scheme,Peyravian-Jeffries scheme,and our proposed scheme,the proposed scheme is more secure and practical over insecure network.
To design a signature scheme which are efficient and provably secure in the standard model is suitable for applications.Two signature schemes based on Paterson's and Waters's signature schemes are proposed.A(t,n) threshold signature scheme is presented at first and is provable secure in the standard model under CDH assumption.The other contribution in this paper is to construct a new hierarchical identity based signature scheme.It has a highly efficient signing algorithm which requires only two exponentiation operations and is provably secure under CDH assumption in the standard model.
Binary trust-based delegation authorization mechanism is regarded as a primary method for computational resource access in open dynamic environment.An important problem is how to apply implant a more grain trust control on delegation and authorization combined with subjective trust evaluation.This problem is probed and a subjective trust evaluation is introduced instead of binary trust evaluation.A trusted role based logical system on the semantic of attribution authorization model is proposed.The concepts of trusted role and trust constraint are proposed.The trust control policies for delegation based role trust evaluation and the trust control rules for authorization based on entity trust evaluation are put forward.The computational method for entity trust degree decrease in delegation policies is built up.The policies and rules are expressed in logic syntax and the semantic of delegation authorization logic program is given.Finally,the subjective trust control on delegation and authorization is implemented in logic semantic of attribute based delegation and authorization mechanism.
By analyzing and researching several digital chaotic image encryption algorithms,a kind of chaos-based symmetric image encryption algorithm is designed.The chaotic sequence of Logistic map and Chebyshev map is used as the initialization sequence,and the S-box and memory of the advanced encryption standard(AES) algorithm are used as nonlinear transform.The result of analysis and experiment proved that this algorithm eliminates the relativity of the initialization sequence and the original signal;and the out sequence is of balance,great cycle,high linearity complexity and perfect relativity,which are the basic characters of cipher.By using the memory and compress approach,the analysis method is not in effect which is usually used in analyzing these two chaotic maps;and the algorithm can encrypt in a higher speed.
By analyzing the relationship between the indexes of array accesses and Cache hit or miss,weakly linear dependence between array indexes and its access time was found and verified with array accesses experiment.Based on analyzing the relationship between the indexes of the array accesses during general crypto implementation and the plaintext/ciphertext with the key,the Cache timing based timing difference analysis side channel attack is proposed.The experiment shows that with 4×104 samples,the search space of the sub-key used in the last round of the AES-128 can be reduced from 2128 to 298.
According to the theory of noninterference information flow,a kind of noninterference security model is put forward based on access security of terminal.The terminal access is the basic element of the model;and some security conditions of access are discussed in detail based on it;it is shown that the security policy and isolation are the root of terminal security.And it expands access security into all terminal security.
Survivability refers to the ability for a network system to provide essential services to end users in the presence of failures and/or attacks,and recover full services in a timely manner.According to the requirement of the survivability of MANETs,a more comprehensive model for quantitative evaluation of survivability is proposed.The proposed model considers various types of faults and connection states of mobile hosts,and uses the continuous time Markov chain(CTMC) to describe the survivability of MANETs in a precise manner.Finally,the availability of steady state,connectivity probability,failure frequency and average number of faulty nodes are simulated in MATLAB.