基于KryptoKnight的移动用户认证协议

本文基于KryptoDnight[6],为个人通信系统设计了一轻量级认证与密钥分配协议．该协议与现有的协议相比，新协议具有很高的安全性和运行效率，特别适合用作PCS移动环境中的低层网络协议     

具有纠错能力的认证会议密钥分配方案和安全广播通信方案

本文提出了一种构造具有纠错能力的认证会议密钥分配方案和安全广播 有效方法，该方法不是采用传统的加密技术而是利用幻民错码技术，由该方法构造的两个方案不仅安全，而且可以提高通信的可靠性。     

ATM网络信息安全技术

本文描述ATM网络中的信息安全、可能受到的威胁、安全结构和端系统之间的鉴别技术。     

基于Rabin和DH协议的身份验证和密钥协商方案

提出了一种具有身份验证的密钥协商方案,并证明了其安全性。该方案的特点是:(1)在离散对数问题难解的假设前提下。可抵抗被动攻击和主动攻击;(2)身份验证与密钥协商紧密结合;(3)认证服务中心负责签发证书,但不直接参与身份验证和密钥协商过程;(4)只需要两次模指数运算。     

由传统认证码(A-CODE)构造有仲裁人的认证码(A~2-CODE)

本文利用密钥分享方案,特别是(k,n)-门限方案和智力扑克协议作为工具,从目前所有的无仲裁人的认证码可以构造出安全高效的有仲裁人的认证码.分析表明,得到的新码可以抵抗来自各方(包括通信双方,敌方,仲裁人,以及某一方与某些仲裁人的合谋)的欺骗攻击,同时具有原码的所有优良性能。它的实现比较简单,为了抵抗来自仲裁人的攻击,只需增加一定的冗余度,所增加的冗余比特的多少随着安全度要求的变化而变化。     

Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards.     

Secret image sharing based on cellular automata and steganography

Recently Lin and Tsai [Secret image sharing with steganography and authentication, The Journal of Systems and Software 73 (2004) 405-414] and Yang et al. [Improvements of image sharing with steganography and authentication, The Journal of Systems and Software 80 (2007) 1070-1076] proposed secret image sharing schemes combining steganography and authentication based on Shamir's polynomials. The schemes divide a secret image into some shadows which are then embedded in cover images in order to produce stego images for distributing among participants. To achieve better authentication ability Chang et al. [Sharing secrets in stego images with authentication, Pattern Recognition 41 (2008) 3130-3137] proposed in 2008 an improved scheme which enhances the visual quality of the stego images as well and the probability of successful verification for a fake stego block is 1/16.In this paper, we employ linear cellular automata, digital signatures, and hash functions to propose a novel (t,n)-threshold image sharing scheme with steganographic properties in which a double authentication mechanism is introduced which can detect tampering with probability 255/256. Employing cellular automata instead of Shamir's polynomials not only improves computational complexity from to O(n) but obviates the need to modify pixels of cover images unnecessarily. Compared to previous methods [C. Lin, W. Tsai, Secret image sharing with steganography and authentication, The Journal of Systems and Software 73 (2004) 405-414; C. Yang, T. Chen, K. Yu, C. Wang, Improvements of image sharing with steganography and authentication, The Journal of Systems and Software 80 (2007) 1070-1076; C. Chang, Y. Hsieh, C. Lin, Sharing secrets in stego images with authentication, Pattern Recognition 41 (2008) 3130-3137], we use fewer number of bits in each pixel of cover images for embedding data so that a better visual quality is guaranteed. We further present some experimental results.     

Office认证机制中密钥导出函数安全性分析

微软Office2007及其后续版本采用ECMA-376的文件加密格式,其安全性主要通过用户认证和文件加密实现,而密钥导出算法是整个安全机制的核心。为此,研究ECMA-376密钥导出算法的安全性,利用Game-Playing技术计算该密钥导出算法与随机函数的不可区分优势的上限。通过该理论和攻击实例对Office安全性进行分析,结果表明,当用户口令字符长度大于6时,Office具有一定的安全性。     

物联网中安全问题研究

物联网作为一种新型的网络架构,被称为继计算机和互联网后信息产业界的第三次革命浪潮。但传统的物联网中没有很好的将安全机制进行阐述和定义,因此,本文通过研究和分析现有的物联网中存在的安全问题,将保护层的概念引入到传统意义的物联网架构中,并对保护层的工作原理和机制进行深入的分析和研究。     

一种基于图像内容的小波域半脆弱水印算法

在充分考虑图像视觉屏蔽特性的基础上,提出一种小波域图像半脆弱水印算法.嵌入水印基于小波低频子带系数产生,该方案通过自适应地修改小波变换后水平与垂直细节子带系数以嵌入水印,嵌入水印具有较好的透明性.实验结果证明了算法对非恶意攻击的鲁棒性和对恶意攻击的脆弱性.