利用综合特征提取的数字图像版权保护算法

为了有效地保护和验证数字媒体作品的版权信息,提出一种区别于传统嵌入式鲁棒水印的数字水印算法.算法中所提取的特征是由区域亮度和纹理特性所组成的综合特征,其中亮度特征的提取利用了扩展盒中脑神经网络(gBSB)的聚类功能,对于区域的纹理特征,则是通过分析其直方图统计矩来提取的.仿真结果表明,该水印方案对于常规的信号处理及几何变换攻击具有良好的鲁棒性,是一种实用的、有效的数字图像版权保护水印算法.     

基于代理随机数的低成本RFID安全协议

针对低成本电子标签安全隐私保护能力和防跟踪能力较弱的问题,采用读写器代理生成随机数的方法,提出一种面向大容量被动型标签的新型无线射频识别(RFID)安全认证协议。理论分析证明,该协议具有前向安全性,能够防止位置隐私攻击、窃听攻击,保障数据的保密性、可靠性和一致性,且硬件复杂度较低,适用于低成本电子标签。     

Using and managing multiple passwords: A week to a view

Security policies are required that protect information from unauthorised access, and also respect challenges users face in creating, and particularly managing, increasing numbers of passwords. This paper investigates real password use in the context of daily life. It presents the results of an empirical study where participants completed a password diary over 7 days, followed by debrief interviews to gain further knowledge and understanding of user behaviour. The results reported relate to how many passwords are in use, the types of passwords participants created, the relationships between different passwords and to sensitive services, how participants retrieved their passwords and finally, the different strategies adopted by users in their management of passwords. The paper concludes by providing a high level set of password guidelines, along with suggestions for mechanisms to support creating, encoding, retrieving and executing multiple passwords.     

A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks

Recently, Yang et al. proposed an efficient user identification scheme with key distribution, in which it is possible for the user to anonymously log into a system and establish a secret key shared with the system. Mangipudi and Katti later demonstrated a Deniable-of-Service (DoS) attack on the Yang et al. scheme and then proposed an improvement to withstand such an attack. However, this paper demonstrates an identity disclosure attack to show that neither schemes’ claimed user anonymity requirement can be achieved. We further propose a novel user identification scheme with key distribution preserving user anonymity for distributed computer networks. The proposed scheme not only withstands the attacks mentioned above, but also achieves the following: (i) user anonymity, (ii) key distribution, (iii) mutual authentication, and (iv) key confirmation. The performance of our scheme is of greater efficiency than that of previously proposed schemes in terms of communication costs and computational complexities.     

Probabilistic model checking for the quantification of DoS security threats

Secure authentication features of communication and electronic commerce protocols involve computationally expensive and memory intensive cryptographic operations that have the potential to be turned into denial-of-service (DoS) exploits. Recent proposals attempt to improve DoS resistance by implementing a trade-off between the resources required for the potential victim(s) with the resources used by a prospective attacker. Such improvements have been proposed for the Internet Key Exchange (IKE), the Just Fast Keying (JFK) key agreement protocol and the Secure Sockets Layer (SSL/TLS) protocol. In present article, we introduce probabilistic model checking as an efficient tool-assisted approach for systematically quantifying DoS security threats. We model a security protocol with a fixed network topology using probabilistic specifications for the protocol participants. We attach into the protocol model, a probabilistic attacker model which performs DoS related actions with assigned cost values. The costs for the protocol participants and the attacker reflect the level of some resource expenditure (memory, processing capacity or communication bandwidth) for the associated actions. From the developed model we obtain a Discrete Time Markov Chain (DTMC) via property preserving discrete-time semantics. The DTMC model is verified using the PRISM model checker that produces probabilistic estimates for the analyzed DoS threat. In this way, it is possible to evaluate the level of resource expenditure for the attacker, beyond which the likelihood of widespread attack is reduced and subsequently to compare alternative design considerations for optimal resistance to the analyzed DoS threat. Our approach is validated through the analysis of the Host Identity Protocol (HIP). The HIP base-exchange is seen as a cryptographic key-exchange protocol with special features related to DoS protection. We analyze a serious DoS threat, for which we provide probabilistic estimates, as well as results for the associated attacker and participants' costs.     

基于图像块等级模型的多重认证水印算法

提出了一种新的用于灵活图像认证的多重水印嵌入算法.不同于传统的块独立水印算法中每个图像块只嵌入一个水印信息,算法对每个图像块嵌入多重水印信息.提出了两个通用的图像块等级模型,形成图像块内部的等级结构,对每个图像块以及图像块内部的各等级子块进行独立的水印生成和嵌入.将图像特征值映射为混沌系统的初值,并将图像块的编号映射为混沌系统的迭代次数,经过混沌迭代生成图像块水印,再将水印信号替代图像块中选定像素点的最低有效位,完成水印的嵌入.实验结果表明,该算法可对图像进行多重认证,对篡改区域进行精确的检测与定位,并能选择不同的定位精度.     

利用分块相似系数构造感知图像Hash

提出一种基于图像分块相似系数的感知稳健图像Hash.先对图像预处理,再进行重叠分块,在密钥控制下,利用高斯低通滤波器生成伪随机参考图像块,分别计算每个分块与参考图像块的相关系数得到图像特征序列.依此将相邻两个分块特征值合并以缩短Hash长度,同时对压缩后的特征序列进行重排,进一步提高图像Hash的安全性.最后对归一化特征值进行量化,并运用Huffman方法对其编码,进一步压缩Hash长度.理论分析和实验结果表明,该图像Hash方法对JPEG压缩、适度的噪声干扰、水印嵌入、图像缩放以及高斯低通滤波等常见图像处理有较好的鲁棒性,能有效区分不同图像,冲突概率低,可用于图像篡改检测.     

基于自证明公钥和零知识证明的身份认证协议

在分析几种典型零知识身份认证协议的基础上,利用Girault自证明公钥原理、结合椭圆曲线公钥密码的优点提出一种基于自证明公钥和零知识证明的身份认证协议,并为协议增加了密钥协商功能。分析表明该方案具有较高的安全性,与同类方案相比,该方案对存储空间、网络通信量和计算开销的要求较低,有较高的效率。     

基于混沌序列的RFID安全加密机制

针对现有RFID系统读写器和标签之间通信安全性低、易受到各种攻击的安全问题,介绍基于Logistic混沌序列的动态实时密钥方法,提出一种基于混沌序列RFID的安全加密机制,采用动态实时密钥对RFID系统中的读写器与电子标签通信消息进行加密。仿真实验结果表明,该方法能够解决RFID系统中非法存取、伪造哄骗、数据泄露、位置跟踪等安全问题。     

基于差值扩展和纠错编码的可逆图像认证

针对一些敏感数字图像在认证水印嵌入过程中不能引入失真的问题,提出一种能够定位图像篡改块的可逆图像认证方案,利用纠错编码使认证数据能抵抗可能受到的篡改攻击,并用差值扩展的方式将编码后的认证数据嵌入到图像中。仿真实验结果表明,若认证通过,则图像可完全恢复到原始状态,否则,图像中篡改的块可被定位,并完全恢复其他未篡改的区域。