The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single ...The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.展开更多
The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model ...The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates ...Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates DTN communications between the Earth and the far side of the Moon, by means of a lunar orbiter acting as relay. After an introductory part, the paper presents a comprehensive analysis of the DTN performance that can be achieved on the identified communication scenario. The focus is on the evaluation of the stateof-the-art ability of Interplanetary Overlay Network(ION), the NASA DTN implementation of Bundle Protocol(BP) and Contact Graph Routing(CGR), to meet the many challenges of the space communication scenario investigated(and more generally of a future interplaynetary Internet): intermittent links, network partitioning, scarce bandwidth, long delays, dynamic routing, handling of high priority and emergency traffic, interoperability issues. A study of security threats and Bundle Security Protocol(BSP) countermeasures complete the work.The many results provided, confirm the essential role of DTN in future space communications.展开更多
Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the ...Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.展开更多
The TNC IF-T Protocol Binding to TLS(TIPBT) is specified by Trusted Computing Group(TCG) for TNC assessment exchanges.However,the TIPBT cannot be analysed by current Strand Space Model(SSM) because of the different re...The TNC IF-T Protocol Binding to TLS(TIPBT) is specified by Trusted Computing Group(TCG) for TNC assessment exchanges.However,the TIPBT cannot be analysed by current Strand Space Model(SSM) because of the different requirements from the traditional security protocols.In order to solve this problem,first,we give an extension of the SSM and point out the TIPBT cannot prevent Man-in-the-Middle(MITM) attacks in some cases based on the extended SSM.Then,we improve the TIPBT and show that the improved TIPBT can resist MITM attacks in the extended SSM.展开更多
A new efficient protocol-proving algorithm was proposed for verifying security protocols. This algorithm is based on the improved authentication tests model, which enhances the original model by formalizing the messag...A new efficient protocol-proving algorithm was proposed for verifying security protocols. This algorithm is based on the improved authentication tests model, which enhances the original model by formalizing the message reply attack. With exact causal dependency relations between messages in this model, the protocol-proving algorithm can avoid the state explosion caused by asynchronous. In order to get the straight proof of security protocols, three authentication theorems are exploited for evaluating the agreement and distinction properties. When the algorithm terminates, it outputs either the proof results or the potential flaws of the security protocol. The experiment shows that the protocol-proving algorithm can detect the type flaw attack on Neuman-Stubblebine protocol, and prove the correctness of NSL protocol by exploring only 10 states.展开更多
The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the cod...The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the coding-based scheme (COS) and the encryption-based scheme (EnS) have vulnerabilities on integrity. The corresponding attacks on these vulnerabilities are given. Then, the improved protocols such as the secure sharing-based protocol (SShP), the secure coding-based protocol (SCoP) and the secure encryption- based protocol (SEnP), are proposed to overcome these vulnerabilities. The core elements are protected through public key encryptions and digital signatures. Security analyses show that the confidentiality and the integrity of the improved protocols are guaranteed. Meanwhile, the improved protocols can keep the frame of the former schemes and have higher security. The simulation results illustrate that compared with the existing protocols, the communication overhead of the improved protocols is not significantly increased.展开更多
We propose a bidirectional quantum secure direct communication(QSDC) network protocol with the hyperentanglment in both the spatial-mode ad the polarization degrees of freedom of photon pairs which can in principle be...We propose a bidirectional quantum secure direct communication(QSDC) network protocol with the hyperentanglment in both the spatial-mode ad the polarization degrees of freedom of photon pairs which can in principle be produced with a beta barium borate crystal.The secret message can be encoded on the photon pairs with unitary operations in these two degrees of freedom independently.Compared with other QSDC network protocols,our QSDC network protocol has a higher capacity as each photon pair can carry 4 bits of information.Also,we discuss the security of our QSDC network protocol and its feasibility with current techniques.展开更多
Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws ...Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws due to lack of theoretical support in designing these protocols.In this work,first we present the security and privacy requirements in RFID authentication protocols.Then we examine related works and point out problems in designing RFID authentication protocols.To solve these problems,we propose and briefly prove three theorems.We also give necessary examples for better understanding these theorems with concrete protocols.At last,we give our suggestions on designing secure and private authentication protocols.The security and privacy requirements,theorems,and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.展开更多
The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key man...The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key management and secure routing protocol. Although the signature mechanism based on symmetric encryption is high in energy efficiency,it is vulnerable to be attacked and there is a time delay during authentication. Traditional public key encryption mechanism with improvement in security brings in complex algorithm and costs much time,which is not suitable for WSN. In this paper,a signature authentication mechanism,an optimized variant Bellare Namprempre Neven( OvBNN) is presented to quickly complete the authentication by mutual cooperation between nodes so as to make the nodes use the intermediate calculation results of their neighbor nodes directly.Simulation results show that the proposed mechanism is superior to traditional authentication mechanisms both in energy consumption and authentication time.展开更多
We propose a quantum secure communication protocol by using three-particle GHZ states. In this protocol, we utilize the ideas of the rearranging orders and the sequence transmission. The sender of messages, Alice, fir...We propose a quantum secure communication protocol by using three-particle GHZ states. In this protocol, we utilize the ideas of the rearranging orders and the sequence transmission. The sender of messages, Alice, first disturbs the particle orders in an initial sequence, and then sends the sequence of the disturbed orders to the receiver of messages, Bob. Under Alice's introduction, Bob rearranges the sequence back to the initial sequence. By making a GHZ state measurement on each of the three particles in turn, Bob can attain Alice's secret messages. In addition, we still calculate the efficiency of our three-particle GHZ protocol and generalize it to the case using multi-particle GHZ state.展开更多
In order to transmit secure messages, a quantum secure direct communication protocol based on extended three-particle GHZ state was presented, in which the extended three-particle GHZ state was used to detect eavesdro...In order to transmit secure messages, a quantum secure direct communication protocol based on extended three-particle GHZ state was presented, in which the extended three-particle GHZ state was used to detect eavesdroppers. In the security analysis, the method of the entropy theory is introduced, and three detection strategies are compared quantitatively by using the constraint between the information eavesdroppers can obtain and the interference introduced. If the eavesdroppers intend to obtain all inforrmtion, the detection rate of the original "Ping-pong" protocol is 50% ; the second protocol used two particles of EPR pair as detection particles is also 50%; while the presented protocol is 58%. At last, the security of the proposed protocol is discussed. The analysis results indicate that the protocol in this paper is more secure than the other two.展开更多
In this paper,we propose a new approach for rational secret sharing in game theoretic settings.The trusted center is eliminated in the secret reconstruction phase.Every player doesn’t know current round is real round...In this paper,we propose a new approach for rational secret sharing in game theoretic settings.The trusted center is eliminated in the secret reconstruction phase.Every player doesn’t know current round is real round or fake round.The gain of following the protocol is more than the gain of deviating,so rational player has an incentive to abide the protocol.Finally,every player can obtain the secret fairly.Our scheme is verifiable and any player’s cheating can not work.Furthermore the proposed scheme is immune to backward induction and satisfies resilient equilibrium.No player of the coalition C can do better,even if the whole coalition C cheats.Our scheme can withstand the conspiracy attack with at most m-1 players.展开更多
With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic techniqu...With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
AIM:To study the safety and effectiveness of propofol sedation for outpatient colonoscopy.METHODS:Propofol was given by bolus injection with an age-adjusted standard protocol consisting of 60 mg for patients < 70 y...AIM:To study the safety and effectiveness of propofol sedation for outpatient colonoscopy.METHODS:Propofol was given by bolus injection with an age-adjusted standard protocol consisting of 60 mg for patients < 70 years old,40 mg for patients age 70-89 years,and 20 mg for those ≥ 90 years,and additional injections of 20 mg propofol were given up to a maximum of 200 mg.The principal parameters were the occurrence of adverse events within 24 h after colonoscopy and overall satisfaction for this procedure.Secondary parameters included successful procedure,respiratory depression,and other complications.RESULTS:Consecutive patients were entered prospectively and all 2101 entered successfully completed outpatient colonoscopy.The mean dose of propofol used was 96.4 mg(range 40-200 mg).Younger patients required higher doses of propofol than older patients(20-40 years vs ≥ 61 years:115.3 ± 32 mg vs 89.7 ± 21 mg,P < 0.001).Transient supplemental oxygen supply was needed by five patients(0.2%);no other complications occurred.The questionnaires were completed by 1820(87%) of 2101 patients and most rated their overall satisfaction as excellent(80%) or good(17%).The majority(65%) of patients drove home or to their office after their colonoscopy.Most(99%) were willing to repeat the same procedure.No incidents occurred within 24 h after colonoscopy.CONCLUSION:Propofol sedation using a dose < 200 mg proved both safe and practical for outpatient colonoscopy.展开更多
基金Supported by the National High Technology Research and Development Program of China("863"Program)(2006AA706103)~~
文摘The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.
文摘The differences among the extended Canetti & Krawezyk 2007 model (ECK2007) and other four models, i.e., the Bellare & Rogaway (1993, 1995)models (BR93,BR95), the Bellare, Pointcheval & Rogaway (2000) model (BPR2000) and the Canetti & Krawczyk (2001) model (CK2001) are given. The relative strength of security among these models is analyzed. To support the implication or non-implication relation among these models, the formal proof or the counter-example is provided.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
文摘Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates DTN communications between the Earth and the far side of the Moon, by means of a lunar orbiter acting as relay. After an introductory part, the paper presents a comprehensive analysis of the DTN performance that can be achieved on the identified communication scenario. The focus is on the evaluation of the stateof-the-art ability of Interplanetary Overlay Network(ION), the NASA DTN implementation of Bundle Protocol(BP) and Contact Graph Routing(CGR), to meet the many challenges of the space communication scenario investigated(and more generally of a future interplaynetary Internet): intermittent links, network partitioning, scarce bandwidth, long delays, dynamic routing, handling of high priority and emergency traffic, interoperability issues. A study of security threats and Bundle Security Protocol(BSP) countermeasures complete the work.The many results provided, confirm the essential role of DTN in future space communications.
基金supported by the National Key Research and Development Program of China (No. 2017YFC0820603)
文摘Many improved authentication solutions were put forward, on purpose of authenticating more quickly and securely.However, neither the overuse of hash function,or additional symmetric encryption, can truly increase the overall security. Instead,extra computation cost degraded the performance.They were still vulnerable to a variety of threats, such as smart card loss attack and impersonation attack, due to hidden loopholes and flaws. Even worse, user's identity can be parsed in insecure environment, even became traceable. Aiming to protect identity, a lightweight mutual authentication scheme is proposed. Redundant operations are removed,which make the verification process more explicit. It gains better performance with average cost compared to other similar schemes.Cryptanalysis shows the proposed scheme can resist common attacks and achieve user anonymity.Formal security is further verified by using the widely accepted Automated Validation of Internet Security Protocols and Applications(AVISPA) tool.
基金supported in part by the National Natural Science Foundation of China under Grants No.60473072,No.60803151the Joint Fund of Natural Science Foundation of China with the Guangdong Provincial Government under Grant No.U0632004
文摘The TNC IF-T Protocol Binding to TLS(TIPBT) is specified by Trusted Computing Group(TCG) for TNC assessment exchanges.However,the TIPBT cannot be analysed by current Strand Space Model(SSM) because of the different requirements from the traditional security protocols.In order to solve this problem,first,we give an extension of the SSM and point out the TIPBT cannot prevent Man-in-the-Middle(MITM) attacks in some cases based on the extended SSM.Then,we improve the TIPBT and show that the improved TIPBT can resist MITM attacks in the extended SSM.
基金The National High Technology Research and Development Program of China(863Pro-gram)(No.2005AA145110)
文摘A new efficient protocol-proving algorithm was proposed for verifying security protocols. This algorithm is based on the improved authentication tests model, which enhances the original model by formalizing the message reply attack. With exact causal dependency relations between messages in this model, the protocol-proving algorithm can avoid the state explosion caused by asynchronous. In order to get the straight proof of security protocols, three authentication theorems are exploited for evaluating the agreement and distinction properties. When the algorithm terminates, it outputs either the proof results or the potential flaws of the security protocol. The experiment shows that the protocol-proving algorithm can detect the type flaw attack on Neuman-Stubblebine protocol, and prove the correctness of NSL protocol by exploring only 10 states.
基金The National Natural Science Foundation of China( No. 60902008)the Key Laboratory Hi-Tech Program of Changzhou City( No. CM20103003)+1 种基金the Key Laboratory Program of Information Network Security of Ministry of Public Security (No. C12602)the Science and Technology Supporting Project of Changzhou City ( No. CE20120030)
文摘The resilient storage outsourcing schemes in mobile cloud computing are analyzed. It is pointed out that the sharing-based scheme (ShS) has vulnerabilities regarding confidentiality and integrity; meanwhile, the coding-based scheme (COS) and the encryption-based scheme (EnS) have vulnerabilities on integrity. The corresponding attacks on these vulnerabilities are given. Then, the improved protocols such as the secure sharing-based protocol (SShP), the secure coding-based protocol (SCoP) and the secure encryption- based protocol (SEnP), are proposed to overcome these vulnerabilities. The core elements are protected through public key encryptions and digital signatures. Security analyses show that the confidentiality and the integrity of the improved protocols are guaranteed. Meanwhile, the improved protocols can keep the frame of the former schemes and have higher security. The simulation results illustrate that compared with the existing protocols, the communication overhead of the improved protocols is not significantly increased.
基金Supported by the Natural Science Foundation of Jiangsu Provincial Universities under Grant No.10KJB180004the National Natural Science Foundation of China under Grant No.11105075
文摘We propose a bidirectional quantum secure direct communication(QSDC) network protocol with the hyperentanglment in both the spatial-mode ad the polarization degrees of freedom of photon pairs which can in principle be produced with a beta barium borate crystal.The secret message can be encoded on the photon pairs with unitary operations in these two degrees of freedom independently.Compared with other QSDC network protocols,our QSDC network protocol has a higher capacity as each photon pair can carry 4 bits of information.Also,we discuss the security of our QSDC network protocol and its feasibility with current techniques.
基金supported in part by the Natioual Natural Science Foundation of China(Grant No.60933003)the High Technical Research and Development Program of China(Grant No.2006AA01Z101)+1 种基金Shaanxi ISTC(Grant No.2008KW-02)IBM Joint Project
文摘Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology.To date,researchers have proposed many RFID authentication protocols.However,these protocols have many flaws due to lack of theoretical support in designing these protocols.In this work,first we present the security and privacy requirements in RFID authentication protocols.Then we examine related works and point out problems in designing RFID authentication protocols.To solve these problems,we propose and briefly prove three theorems.We also give necessary examples for better understanding these theorems with concrete protocols.At last,we give our suggestions on designing secure and private authentication protocols.The security and privacy requirements,theorems,and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.
基金Support by the National High Technology Research and Development Program of China(2012AA120802)the National Natural Science Foundation of China(61771186)+1 种基金the Postdoctoral Research Project of Heilongjiang Province(LBH-Q15121) the Undergraduate University Project of Young Scientist Creative Talent of Heilongjiang Province(UNPYSCT-2017125)
文摘The universality of the application of wireless sensor networks( WSN) makes more attention be paid on the security problem. Node authentication is not only the basis of network security,but also the premise of key management and secure routing protocol. Although the signature mechanism based on symmetric encryption is high in energy efficiency,it is vulnerable to be attacked and there is a time delay during authentication. Traditional public key encryption mechanism with improvement in security brings in complex algorithm and costs much time,which is not suitable for WSN. In this paper,a signature authentication mechanism,an optimized variant Bellare Namprempre Neven( OvBNN) is presented to quickly complete the authentication by mutual cooperation between nodes so as to make the nodes use the intermediate calculation results of their neighbor nodes directly.Simulation results show that the proposed mechanism is superior to traditional authentication mechanisms both in energy consumption and authentication time.
文摘We propose a quantum secure communication protocol by using three-particle GHZ states. In this protocol, we utilize the ideas of the rearranging orders and the sequence transmission. The sender of messages, Alice, first disturbs the particle orders in an initial sequence, and then sends the sequence of the disturbed orders to the receiver of messages, Bob. Under Alice's introduction, Bob rearranges the sequence back to the initial sequence. By making a GHZ state measurement on each of the three particles in turn, Bob can attain Alice's secret messages. In addition, we still calculate the efficiency of our three-particle GHZ protocol and generalize it to the case using multi-particle GHZ state.
基金Acknowledgements The project was supported by the Specialized Research Found for the Doctoral Program of Higher Education of China under Grant No. 20060013007 the National Natural Science Foundation of Beijing under Caant No. 4092029 and the National Natural Science Foundation of China under Grant No. 61100205, No. 60873001.
文摘In order to transmit secure messages, a quantum secure direct communication protocol based on extended three-particle GHZ state was presented, in which the extended three-particle GHZ state was used to detect eavesdroppers. In the security analysis, the method of the entropy theory is introduced, and three detection strategies are compared quantitatively by using the constraint between the information eavesdroppers can obtain and the interference introduced. If the eavesdroppers intend to obtain all inforrmtion, the detection rate of the original "Ping-pong" protocol is 50% ; the second protocol used two particles of EPR pair as detection particles is also 50%; while the presented protocol is 58%. At last, the security of the proposed protocol is discussed. The analysis results indicate that the protocol in this paper is more secure than the other two.
基金This work was supported by the National Key Basic Research Program of China (NO. 2007CB311106), Beijing Municipal Natural Science Foundation.(No. 1102003) and Youth Science Foundation of Henan Normal University (No. 525198).
文摘In this paper,we propose a new approach for rational secret sharing in game theoretic settings.The trusted center is eliminated in the secret reconstruction phase.Every player doesn’t know current round is real round or fake round.The gain of following the protocol is more than the gain of deviating,so rational player has an incentive to abide the protocol.Finally,every player can obtain the secret fairly.Our scheme is verifiable and any player’s cheating can not work.Furthermore the proposed scheme is immune to backward induction and satisfies resilient equilibrium.No player of the coalition C can do better,even if the whole coalition C cheats.Our scheme can withstand the conspiracy attack with at most m-1 players.
基金Sponsored by the National High Technology Development Program of China (Grant No. 2002AA142020).
文摘With the increasing enlargement of network scale and the rapid development of network techniques, large numbers of the network applications begin to appear. Packet capture plays an important role as one basic technique used in each field of the network applications. In a high-speed network, the heavy traffic of network transmission challenges the packet capture techniques. This paper does an in-depth analysis on the traditional packet capture mechanisms in Linux, and then measures the performance bottleneck in the process of packet capture. The methods for improving the packet capture performance are presented and an optimized packet capture scheme is also designed and implemented. The test demonstrates that the new packet capture mechanism (Libpacket) can greatly improve the packet capture performance of the network application systems in a high-speed network.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
文摘AIM:To study the safety and effectiveness of propofol sedation for outpatient colonoscopy.METHODS:Propofol was given by bolus injection with an age-adjusted standard protocol consisting of 60 mg for patients < 70 years old,40 mg for patients age 70-89 years,and 20 mg for those ≥ 90 years,and additional injections of 20 mg propofol were given up to a maximum of 200 mg.The principal parameters were the occurrence of adverse events within 24 h after colonoscopy and overall satisfaction for this procedure.Secondary parameters included successful procedure,respiratory depression,and other complications.RESULTS:Consecutive patients were entered prospectively and all 2101 entered successfully completed outpatient colonoscopy.The mean dose of propofol used was 96.4 mg(range 40-200 mg).Younger patients required higher doses of propofol than older patients(20-40 years vs ≥ 61 years:115.3 ± 32 mg vs 89.7 ± 21 mg,P < 0.001).Transient supplemental oxygen supply was needed by five patients(0.2%);no other complications occurred.The questionnaires were completed by 1820(87%) of 2101 patients and most rated their overall satisfaction as excellent(80%) or good(17%).The majority(65%) of patients drove home or to their office after their colonoscopy.Most(99%) were willing to repeat the same procedure.No incidents occurred within 24 h after colonoscopy.CONCLUSION:Propofol sedation using a dose < 200 mg proved both safe and practical for outpatient colonoscopy.
