用VPN集成加密设备强化基层电子政务信息安全

当前,电子政务信息系统已经成为转变政府职能、提高行政效率的有效手段。基层政府部门电子政务系统具有建设资金有限、用户数量少且分散的特点,常依托互联网运行,重要和敏感信息面临巨大安全风险。本文针对该安全需求,提出研制与VPN系统集成的加密设备,实现基于互联网电子政务系统安全、高速加密传输和用户身份鉴别,解决该类系统面临的主要信息安全问题,并最大程度降低传输专线、电子CA认证等系统建设的高昂成本。     

Compact Keccak Hardware Architecture for Data Integrity and Authentication on FPGAs

ABSTRACT

Cryptographic hash functions play a crucial role in networking and communication security, including their use for data integrity and message authentication. Keccak hash algorithm is one of the finalists in the next generation SHA-3 hash algorithm competition. It is based on the sponge construction whose hardware performance is worth investigation. We developed an efficient hardware architecture for the Keccak hash algorithm on Field-Programmable Gate Array (FPGA). Due to the serialization exploited in the proposed architecture, the area needed for its implementation is reduced significantly accompanied by higher efficiency rate. In addition, low latency is attained so that higher operating frequencies can be accessed. We use the coprocessor approach which exploits the use of RAM blocks that exist in most FPGA platforms. For this coprocessor, a new datapath structure allowing parallel execution of multiple instructions is designed. Implementation results prove that our Keccak coprocessor achieves high performance in a small area.     

Investigating the Viability of Multifactor Graphical Passwords for User Authentication

ABSTRACT

Authentication using images (i.e., graphical passwords) is claimed to be one of the alternatives for overcoming weaknesses in the traditional username and password authentication. This paper reports on the study to explore the feasibility of combining two graphical password methods for better security. A graphical password prototype scheme, the Enhanced Graphical Authentication System (EGAS), was developed (which combines the methods of clicking on the image (i.e., click-based) and selecting a series of images (i.e., choice-based). The EGAS was tested by 30 participants randomly chosen from the authors’ university and two evaluations were made; namely user performance of the combined method and the feasibility of authentication strategies toward the introduced method itself. From both evaluations, it is found that positive results have been obtained, which suggest that these methods could be combined together effectively without giving impediment to users.     

Vulnerability Analysis of the Grid Data Security Authentication System

ABSTRACT

A password-based authentication is still the most prevalent authentication method because of its convenience and easy implementations. Since a password is transmitted via network, it has an inherent vulnerability of password exposure to an attacker. A one-time password system reduces the risk of a security breach even when a password is exposed to an attacker, because the password is only meaningful at a given time. A grid data security system uses a technology, GridOne?, which allows the use of a one-time password without requiring preinstalled hardware or software infrastructures, and it provides strong security over conventional password-based authentication systems. We analyzed the weakness of the grid data security authentication system and provide a suggestion to compensate for its vulnerability.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Authentication of the 31 species of toxic and potent Chinese materia medica by microscopic technique assisted by ICP-MS analysis, part 4: four kinds of toxic and potent mineral arsenical CMMs

Toxic and Potent Chinese Materia Medica (T/PCMM) is a special and very important category of Chinese medicines. They have long been used in traditional medical practice and are being used more and more widely throughout the world in recent years. As there may be many fatal toxic effects caused by misusing or confusion of T/PCMM, their quality and safety control arouse increasing attention internationally. Researches on the accurate identification to ensure the safe use of T/PCMM are acquired; however, there are few reports on authentication. We are carrying out a series of studies on 31 T/PCMM originating from plants, animals, minerals, and secreta. In our previous studies, we proved that modern microscopic authentication is a simple, fast, effective, low cost, and less toxic method for identifying animal, seed, and flower T/PCMM. In the present study, we focused on the authentication of four kinds of mineral arsenicals, including orpiment (mainly containing As₂S₃), realgar (mainly containing As₄S₄), arsenolite, and arsenic trioxide (mainly containing As₂O₃). We examined the macroscopic and microscopic characteristics of the above minerals and found that they all can be easily identified and authenticated by using light microscopy coupled with polarized microscopy. Moreover, the authentication results for arsenolite and arsenic trioxide are confirmed by ICP‐MS analysis. We are sure that the morphological and microscopic characteristics indicated here are indispensable to establishing standards for these four mineral T/PCMMs. Microsc. Res. Tech. 74:1‐8, 2011. © 2010 Wiley‐Liss, Inc.     

家庭网络安全研究

目前,家庭网络是重点研究领域之一,家庭网络提供重要服务之一是远程控制家庭网络里的信息家电,由于家庭网络由异构网络协议和各种服务模型组成,远程控制服务导致家庭网络受到各种安全威胁.分析了国内外家庭网络研究现状和存在的安全威胁,对家庭网络安全研究的各种方法的优缺点进行了分类分析和总结,提出了家庭网络安全研究的科学问题与研究和发展方向,从而为家庭网络安全研究相关技术的进一步研究提供一定的理论基础.为用户提供简单易用、安全可靠的家庭网络环境,并提供隐私保护是家庭网络安全研究的最终目标.     

一个安全高效的学生综合管理系统

为了解决学生管理系统的安全性和效率问题,分析了已有系统的不足,提出了一个安全高效的学生综合管理系统的解决方案。该方案利用C/S结构安全中间件,进行SQL Server 2000安全设置弥补TDS(TabularData Stream)协议漏洞、与已有数据库系统数据共享等方法,保证了管理系统的可用性和有效性,克服了已有系统存在的安全性不高、效率低下的不足。基于PowerBuilder的前端和SQL SERVER 2000的后台的系统运行结果表明,该方案可行有效。     

数字图书馆统一身份认证及综合应用研究

主要探讨利用数字证书技术实现数字图书馆的用户或读者全国统一身份认证,并在此基础上探讨数字图书资料在科研项目立项和研究成果水平鉴定,教师的教学水平和研究水平评估,启发与激励科研和教学人员及学生的创造力、创新能力等方面的综合性应用。     

基于XML的网页安全防护系统设计

根据对Web应用层网页攻击的分析,针对网页数据必须加以验证的特点,进行Web用层网页安全防护系统的具体设计,包括总体框架、模块设计、系统工作流程等。设计中,以XMLSchema作为网页安全策略描述语言,利用MD5算法计算信息验证码来保护数据的完整性。