The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the...The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.展开更多
Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed ...Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.展开更多
Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnesse...Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.展开更多
文章描述了中核运行公司内部的文件服务器构建方法,通过微软Windows Server 2008的故障转移群集技术,来部署文件服务器。在设计高可用性时,需要在存储、网络、操作系统及应用多个角度进行考虑。使用FSRM(文件服务器自愿管理)对保存的文...文章描述了中核运行公司内部的文件服务器构建方法,通过微软Windows Server 2008的故障转移群集技术,来部署文件服务器。在设计高可用性时,需要在存储、网络、操作系统及应用多个角度进行考虑。使用FSRM(文件服务器自愿管理)对保存的文件类型和配额进行限制,配合详细的NTFS权限设计能做到精细的权限控制和利用FSA(文件系统审计)对文件服务器的操作进行审计,能够满足一般中大型企业的日常使用。对于跨区域大型企业,DFS技术将Windows文件服务器可以作为集团化企业的ECM的一种补充。展开更多
Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobilit...Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure (PKI) security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol (CBSRP) to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority (CA) with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.展开更多
文摘The grid technology is recognized as the next generation of Internet and becomcs the center of recent researches in the computer society. Security is one of the most crucial issues to address in Internet and is of the same importance in the application of grid technology. As a critical component of grid security, the secure authen- tication needs to be well studied. In this paper, a two-step mobile agent based(TSMAB) authentication architecture is proposed based on Globus security infrastructure (GSI). By using mobile agent (MA) technology, the TSMAB authentication architecture is composed of the junior-authentication and the senior-authentication. Based on the design and the analysis of TSMAB model, the result shows that the efficiency of grid authentication is improved compared with the GSI authentication.
基金National Natural Science Foundation of China(No.61271152)Natural Science Foundation of Hebei Province,China(No.F2012506008)the Original Innovation Foundation of Ordnance Engineering College,China(No.YSCX0903)
文摘Considering the secure authentication problem for equipment support information network,a clustering method based on the business information flow is proposed. Based on the proposed method,a cluster-based distributed authentication mechanism and an optimal design method for distributed certificate authority( CA)are designed. Compared with some conventional clustering methods for network,the proposed clustering method considers the business information flow of the network and the task of the network nodes,which can decrease the communication spending between the clusters and improve the network efficiency effectively. The identity authentication protocols between the nodes in the same cluster and in different clusters are designed. From the perspective of the security of network and the availability of distributed authentication service,the definition of the secure service success rate of distributed CA is given and it is taken as the aim of the optimal design for distributed CA. The efficiency of providing the distributed certificate service successfully by the distributed CA is taken as the constraint condition of the optimal design for distributed CA. The determination method for the optimal value of the threshold is investigated. The proposed method can provide references for the optimal design for distributed CA.
基金supported in part by the National Natural Science Foundation Project of China under Grant No.62062009the Guangxi Innovation-Driven Development Project under Grant Nos.AA17204058-17 and AA18118047-7.
文摘Smart parks serve as integral components of smart cities,where they play a pivotal role in the process of urban modernization.The demand for cross-domain cooperation among smart devices from various parks has witnessed a significant increase.To ensure secure communication,device identities must undergo authentication.The existing cross-domain authentication schemes face issues such as complex authentication paths and high certificate management costs for devices,making it impractical for resource-constrained devices.This paper proposes a blockchain-based lightweight and efficient cross-domain authentication protocol for smart parks,which simplifies the authentication interaction and requires every device to maintain only one certificate.To enhance cross-domain cooperation flexibility,a comprehensive certificate revocation mechanism is presented,significantly reducing certificate management costs while ensuring efficient and secure identity authentication.When a park needs to revoke access permissions of several cooperative partners,the revocation of numerous cross-domain certificates can be accomplished with a single blockchain write operation.The security analysis and experimental results demonstrate the security and effectiveness of our scheme.
文摘文章描述了中核运行公司内部的文件服务器构建方法,通过微软Windows Server 2008的故障转移群集技术,来部署文件服务器。在设计高可用性时,需要在存储、网络、操作系统及应用多个角度进行考虑。使用FSRM(文件服务器自愿管理)对保存的文件类型和配额进行限制,配合详细的NTFS权限设计能做到精细的权限控制和利用FSA(文件系统审计)对文件服务器的操作进行审计,能够满足一般中大型企业的日常使用。对于跨区域大型企业,DFS技术将Windows文件服务器可以作为集团化企业的ECM的一种补充。
文摘Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure (PKI) security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol (CBSRP) to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority (CA) with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.