量子消息认证协议

研究了在量子信道上实现经典消息和量子消息认证的方法。给出了一个基于量子单向函数的非交互式经典消息认证加密协议。证明了给出的协议既是一个安全的加密方案,也是一个安全的认证方案。利用该认证加密协议作为子协议,构造了一个量子消息认证方案,并证明了其安全性。与BARNUM等给出的认证方案相比,该方案缩减了通信双方共享密钥的数量。     

基于PGP的安全电子邮件系统设计与实现

PGP算法是当前应用于电子邮件通信最流行的加密传输技术,本文在分析PGP加密算法核心技术基础上, 提出了以PGP为客户端加密算法,CA中心提供密钥管理和认证服务,符合RFC3156和ITU X.509行业标准的安全电子邮件系统的设计和实现方案。     

传感器网络加密方案的探讨

提出了一种传感器网络中的加密方案,该方案不需要基站的参与,认证密钥和加密密钥可由通信双方根据共享的会话密钥自主地计算,因而具有良好的可扩展性;方案在加密过程中使用了计数器和消息认证码,从而较好地满足了传感器网络的安全需求.     

基于证书认证的安全多媒体会议系统MCS/CA的设计与实现

文章综述了CSCW应用中现有的安全控制方法，提出了在CSCW系统中引入基于X．509证书认证方法的安全控制模型，并设计和实现了一个带证书的安全多媒体会议系统原型MCS／CA。与传统的会议系统相比，MCS/CA增加了证书申请、基于证书的身份认证和通信会话密钥协商以及数据加密传输等安全控制机制。     

基于移动网络的电力移动终端安全通信探究

以基于移动网络的电力移动终端安全通信为研究对象,首先介绍基于移动网络的电力移动终端安全需求,其次分析传统安全认证加密的缺陷,并提出了一种新的认证加密方法,最后对该方法进行深入的研究分析,希望能够为相关研究提供一定的参考.     

移动网络环境下实现电力移动终端的安全通信

为了防范移动网络环境中所客观存在的恶意攻击、软件漏洞等安全风险,文中提出一种基于端到端信息交换的加密和认证的电力移动终端安全解决方案。在所设计的方案中,与当前地理位置相关联的对话伙伴经过处理的指纹用于生成寿命较短的对称密钥,同时还结合了加密算法、指纹特征和用户虹膜特征,确保在整个认证通信过程中的数据安全。测试结果表明,该方案能够在移动网络环境中高效实现对电力移动终端的身份验证和信息加密。     

一个新的具有指定接收者(t,n)门限签名加密方案

提出了一个具有指定接收考验证的签名加密方案。该方案是数字签名与公钥密码体制的有机集成。与普通数字签名方案相比，除了具有认证性、数据完整性外还具有保密性和接收方的隐私性。然后又利用门限方案首次构造了一个（t,n)门限签名加密方案。该(t,n)门限签名方案具有数据传输安全、顽健性、通信代价更小、执行效率更高等特点。     

基于MIMO-OFDM的5G通信跨层安全传输技术研究

在对5G通信跨层安全传输技术进行研究的过程中,将MIMO-OFDM应用于5G通信跨层安全传输技术中,提出一种基于MIMO-OFDM的5G通信跨层安全传输技术。首先对5G通信系统的认证模型进行构建,以通过物理层对5G通信网络进行安全认证。基于MIMO-OFDM系统制订5G通信跨层安全传输方案,方案包括两个方向,一个方向是加密发射端,另一个方向是解密接收端,以实现5G通信跨层安全传输。通过对比实验验证该技术的接收者误码率低于现有技术,实现了性能提升。     

SHA-1算法及其在FPGA加密认证系统中的应用

本文对安全散列算法以及安全散列值的计算方法进行了深入的分析,给出了安全散列值的计算步骤,论证了安全散列算法的安全性和可靠性,最后提出了一种SHA-1(SecureHashAlgorithm安全哈希算法)算法在加密认证系统的应用。整个认证系统通过1-wire总线,使FPGA完成与DS28E01-100加密芯片的通信,主机内核采用了Xilinx公司设计开发的8位微控制器软核PicoBlaze。实验证明该设计能够完成加密认证系统的过程。     

基于IBC的短波自组网密钥管理方案

针对短波通信在传输过程中连通率低及容易遭受敌方截获和攻击的缺点,提出一种基于IBC体系的短波自组网密钥管理方案。该方案采用对称加密技术保证报文加解密的效率;运用公钥密码体制强安全性保证种子密钥的安全协商;引入Hash函数对报文进行认证,验证报文的真实性与完整性;基于通信双方的一次一密加密体制,保证密文的安全传输。实验结果表明,该方案能有效抵御敌方的攻击,保证网络的安全通信。     

一种安全的量子明文直接传送方案

介绍了一种安全的量子明文直接传送方案—乒乓协议,该协议通过对EPR纠缠对的局域操作能够进行确定性量子通信。     

Everlasting Multi-party Computation

A protocol has everlasting security if it is secure against adversaries that are computationally unlimited after the protocol execution. This models the fact that we cannot predict which cryptographic schemes will be broken, say, several decades after the protocol execution. In classical cryptography, everlasting security is difficult to achieve: even using trusted setup like common reference strings or signature cards, many tasks such as secure communication and oblivious transfer cannot be achieved with everlasting security. An analogous result in the quantum setting excludes protocols based on common reference strings, but not protocols using a signature card. We define a variant of the Universal Composability framework, everlasting quantum-UC, and show that in this model, we can implement secure communication and general multi-party computation using signature cards as trusted setup.     

A study of the energy consumption characteristics of cryptographic algorithms and security protocols

Security is becoming an everyday concern for a wide range of electronic systems that manipulate, communicate, and store sensitive data. An important and emerging category of such electronic systems are battery-powered mobile appliances, such as personal digital assistants (PDAs) and cell phones, which are severely constrained in the resources they possess, namely, processor, battery, and memory. This work focuses on one important constraint of such devices-battery life-and examines how it is impacted by the use of various security mechanisms. In this paper, we first present a comprehensive analysis of the energy requirements of a wide range of cryptographic algorithms that form the building blocks of security mechanisms such as security protocols. We then study the energy consumption requirements of the most popular transport-layer security protocol: Secure Sockets Layer (SSL). We investigate the impact of various parameters at the protocol level (such as cipher suites, authentication mechanisms, and transaction sizes, etc.) and the cryptographic algorithm level (cipher modes, strength) on the overall energy consumption for secure data transactions. To our knowledge, this is the first comprehensive analysis of the energy requirements of SSL. For our studies, we have developed a measurement-based experimental testbed that consists of an iPAQ PDA connected to a wireless local area network (LAN) and running Linux, a PC-based data acquisition system for real-time current measurement, the OpenSSL implementation of the SSL protocol, and parameterizable SSL client and server test programs. Based on our results, we also discuss various opportunities for realizing energy-efficient implementations of security protocols. We believe such investigations to be an important first step toward addressing the challenges of energy-efficient security for battery-constrained systems.     

基于SSL协议的电子商务信息安全策略的研究

随着电子商务的不断发展,人们对信息安全的要求也越来越高.讨论了SSL协议的加密通信原理,以及如何将SSL实际运用在电子商务系统中,解决重要业务数据的传输安全.     

基于SSL安全协议电子支付终端的实现

通过网络进行交易和电子支付,安全问题越来越重要。SSL协议现已成为加密通讯的全球化标准。嵌入式的电子商务终端在SSL协议的保护下,安全问题得到了保证。本文在嵌入式LINUX系统平台的基础上,提出了一种嵌入式SSL安全协议的实现方案,并开发出基于INTERNET的安全电子支付终端。该终端的安全性在实验中得到了验证。     

New directions in cryptography

Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.     

A framework for secure download for software-defined radio

This article proposes a framework for establishing secure download for software-defined radio (SDR) that follows the current recommendations of SDR-related organizations, and can be employed in a variety of SDR architectures. The main goals of the security system are verification of the declared identity of the source that produces the software to be downloaded, control and verification of integrity of the downloaded data, disabling of the ability to run unauthorized software on the software-defined terminal, and secrecy of the transmitted data to prevent problems such as loss of intellectual property contained in the software. The system includes the following parties: manufacturers of the terminal hardware and software; government authorities relevant for SDR and users of SDR terminals. The underlying ideas for system development include employment of four different cryptographic techniques and tamper-resistant hardware. The cryptographic techniques employed are a secret key encryption technique, a public key encryption technique, a technique for cryptographic hashing, and a technique for digital signature. An important feature of the system is that it provides the possibility to exchange cryptographic components in an automatic manner. The proposed system is flexible, highly secure to protect both users and manufacturers, and provides a framework for the secure commercial implementation of SDR     

基于国家标准的SSL VPN安全网关研究与实现

SSL VPN安全网关为传输层和应用层协议提供安全隧道,利用安全隧道技术,在传输层实现互联网网络信息的安全保护,能够利用公共网络为用户建立虚拟的专用网络,提供比专网更加安全的通信信道。SSL VPN安全网关以国家密码管理局审批的密码卡为基础密码器件,为其提供密钥运算、密钥保护、密钥备份恢复等功能;操作系统采用裁剪的Linux系统,同时,严格遵循国家密码管理政策和相关设计规范,实现了基于传输层的SSL VPN安全网关,为各种应用提供了身份认证和安全传输的需求。在政府、金融、运营商、能源、交通等领域具有广泛的用途,有明显的社会效益和经济效益。文章对此展开了分析。     

SSL中间人攻击原理与防范

安全套接层SSL协议是实现网络通信安全的关键技术之一,对信息传输起到了加密和认证的作用,但并非毫无漏洞。论文先介绍了SSL协议和中间人攻击的原理,然后重点分析SSL协议在握手阶段基于X.509数字证书的信任协商不足问题,再结合ARP重定向欺骗,具体分析了SSL中间人攻击的实现原理和过程,最后给出一些防范SSL中间人攻击的建议。     

基于SDN的量子密码通信网络设计与研究

软件定义网络(SDN)采用OpenFlow技术分离网络设备的数据平面和控制平面,实现灵活控制网络资源的目的。基于此,设计了量子密码通信网络模型,实现灵活控制密码通信网络整体量子密匙资源,确保了信息的安全传输。此外,提出了综合到端可用密匙和跳数的路由算法,提高了QKD生成密匙的有效利用率。由测试结果可知,通过基于SDN的量子密码通信网络及路由算法,可提高量子密匙资源利用率,提高网络性能。