Dynamic S-Box Generation Using Novel Chaotic Map with Nonlinearity Tweaking

A substitution box (S-Box) is a crucial component of contemporary cryptosystems that provide data protection in block ciphers. At the moment, chaotic maps are being created and extensively used to generate these S-Boxes as a chaotic map assists in providing disorder and resistance to combat cryptanalytical attempts. In this paper, the construction of a dynamic S-Box using a cipher key is proposed using a novel chaotic map and an innovative tweaking approach. The projected chaotic map and the proposed tweak approach are presented for the first time and the use of parameters in their working makes both of these dynamic in nature. The tweak approach employs cubic polynomials while permuting the values of an initial S-Box to enhance its cryptographic fort. Values of the parameters are provided using the cipher key and a small variation in values of these parameters results in a completely different unique S-Box. Comparative analysis and exploration confirmed that the projected chaotic map exhibits a significant amount of chaotic complexity. The security assessment in terms of bijectivity, nonlinearity, bits independence, strict avalanche, linear approximation probability, and differential probability criteria are utilized to critically investigate the effectiveness of the proposed S-Box against several assaults. The proposed S-Box’s cryptographic performance is comparable to those of recently projected S-Boxes for its adaption in real-world security applications. The comparative scrutiny pacifies the genuine potential of the proposed S-Box in terms of its applicability for data security.     

Integrated Circuit 卡应用系统安全设计研究

针对许多ＩｎｔｅｇｒａｔｅｄＣｉｒｃｕｉｔ（ＩＣ）卡应用系统采用的被动存储型ＩＣ卡一般不能防止非法复制或篡改,对ＩＣ卡应用系统的安全结构进行了分析,基于安全核存在假设和算法安全性假设提出了ＩＣ卡应用系统理论安全模型．并以ＩＣ卡预付费电表系统为例,对攻击者的破译策略进行了分析,讨论了其安全设计策略．     

A new approach to secure economic power dispatch

This article presents a new nonlinear convex network flow programming model and algorithm for solving the on-line economic power dispatch with N and N−1 security. Based on the load flow equations, a new nonlinear convex network flow model for secure economic power dispatch is set up and then transformed into a quadratic programming model, in which the search direction in the space of the flow variables is to be solved. The concept of maximum basis in a network flow graph was introduced so that the constrained quadratic programming model was changed into an unconstrained quadratic programming model which was then solved by the reduced gradient method. The proposed model and its algorithm were examined numerically with an IEEE 30-bus test system on an ALPHA 400 Model 610 machine. Satisfactory results were obtained.     

GOST 34.10—A brief overview of Russia's DSA

GOST 34.10 is Russia's DSA. Like its US counterpart, GOST is an ElGamal-like signature scheme used in Schnorr mode. It is similar to NIST DSA in many aspects. In this paper we will overview GOST 34.10 and discuss the three main differences between the two algorithms, (i) GOST's principal design criterion does not seem to be computational efficiency: the algorithm is 1.6 times slower than the DSA and produces 512-bit signatures. This is mainly due to the usage of the modulus q which is at least 254 bits long. During verification, modular inverses are computed by exponentiation (while the Extended Euclidian algorithm is roughly 100 times faster for this parameter size) and the generation of the public parameters is much more complicated than in the DSA. This choice of the parameters makes GOST 34.10 very secure. (ii) GOST signers do not have to generate modular inverses as the basic signature equation is s = xr + mk (mod q) instead of (mod q). (iii) GOST's hash function (the Russian equivalent of the SHA) is the standard GOST 34.11 which uses the block cipher GOST 28147 (partially classified) as a building block. The hash function will be briefly described. Copyright     

基于云计算下的高校图书馆数据安全策略的探讨

云计算是继网格计算后又一项正在兴起中的技术,它的出现使"互联网上众多的计算机成为一台虚拟超级计算机"的梦想慢慢变成了现实.云计算下高校图书馆的信息安全问题,一方面来自云服务提供商提供的安全保障,另一方面来自高校图书馆的信息安全需求.针对高校图书馆可能面临的安全存储、访问控制、权限管理、数据保密及知识权等信息安全问题,云...     

高职院校网络安全防护技术课程的内容开发探索

通过对网络管理类岗位人才需要规格的分析,从而正确定位网络安全防护技术课程的在课程体系中的位置.按照"安全防护策略化、教学模式任务化"的设计理念开发课程,依据网络安全工程师的工作过程和学生的认知规律序化教学内容.开发过程体现了将安全防护技术策略化,科学设计<网络安全防护技术>课程内容的特色.     

从FDCC看终端安全保护新思路

主要对FDCC进行分析后,针对国内内网终端保护提出了思路,并在实际过程中得到了应用,取得了一定效果.     

服务器虚拟化安全机制研究

服务器虚拟化技术立足于操作系统和CPU提供的权限控制,由工作在底层的虚拟机监控器为客户机提供资源的实时监控、授权访问、追踪审计等安全功能;同时虚拟机监控器自身采用可信计算技术,实现动态的可信认证;配合其他安全策略规划,服务器虚拟化为客户机提供更好的私密性和完整性保护.     

一种改进的内网安全防护策略

针对目前内网安全防护策略疏于监控的问题,提出了一种改进的内网安全防护策略.改进后的安全防护策略采用指纹对用户身份的合法性进行认证,对内网用户终端的安全防护策略进行验证,对终端非法外联进行管控,划分了内网可信主机边界、内网可信用户边界、服务器可信使用者边界,有效地增强了内网安全,抵御了网络攻击.