The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i...The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.展开更多
Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accor...Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accordingly, leading to a similar rise in methods of resistance. Limitations in computational and battery power in sensor nodes are constraints on the diversity of security mechanisms. We must apply only suitable mechanisms to WSN where our approach was motivated by the application of an improved Feistel scheme. The modified accelerated-cipher design uses data-dependent permutations, and can be used for fast hardware, firmware, software and WSN encryption systems. The approach presented showed that ciphers using this approach are less likely to suffer intrusion of differential cryptanalysis than currently used popular WSN ciphers like DES, Camellia and so on.展开更多
In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities o...In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd展开更多
Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classific...Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.展开更多
Several software network models are constructed based on the relationships between classes in the object-oriented software systems.Then,a variety of well-known open source software applications are statistically analy...Several software network models are constructed based on the relationships between classes in the object-oriented software systems.Then,a variety of well-known open source software applications are statistically analyzed by using these models.The results show that: (1) Dependency network does play a key role in software architecture;(2) The exponents of in-degree and total-degree distribution functions of different networks differ slightly,while the exponent of out-degree varies obviously;(3) Weak-coupling relationships have greater impact on software architecture than strong-coupling relationships.Finally,a theoretically analysis on these statistical phenomena is proposed from the perspectives of software develop technology,develop process and developer’s habits,respectively.展开更多
Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworth...Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.展开更多
This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development conditi...This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development condition of a mining area, were brought forward, and the system evaluation was given.展开更多
A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trus...A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages: free of central control, stronger immunity to misleading recommendations, and limited traffic overload.展开更多
Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithm...Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithms into an intrusion detection system, and a detection algorithm based on network traffic is proposed. This algorithm is a real-time and self-study algorithm and can detect undefined intrusion behaviors effectively.展开更多
As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless app...As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.展开更多
With the rapid development of the computer network technologies, in the application of the computer networks, the importance of the network security is becoming increasingly prominent, and computer network security is...With the rapid development of the computer network technologies, in the application of the computer networks, the importance of the network security is becoming increasingly prominent, and computer network security issues have received more and more attention of the communities. In the face of the problems of the security hidden trouble in the computer network, it is essential to take the relevant measures to ensure the safety of the computer network. With the computer network security as the breakthrough point, this paper discusses the precautionary measures of the computer network security based on the analysis of the computer network security, in order to illustrate the importance of the computer network security, to provide references for ensuring the security of the computer network.展开更多
This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, ...This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, desktop system security, virus protection, identity authentication, access control, information encryption, message integrity check, non-repudiation, security audit, intrusion detection, vulnerability scanning, electromagnetic leakage emission protection, security management and other security technology and management measures, the purpose is to establish a complete, multi-level three-dimensional, network security defense system.展开更多
In this paper,an Adaptive-Weighted Time-Dimensional and Space-Dimensional(AWTDSD) data aggregation algorithm for a clustered sensor network is proposed for prolonging the lifetime of the network as well as improving t...In this paper,an Adaptive-Weighted Time-Dimensional and Space-Dimensional(AWTDSD) data aggregation algorithm for a clustered sensor network is proposed for prolonging the lifetime of the network as well as improving the accuracy of the data gathered in the network.AWTDSD contains three phases:(1) the time-dimensional aggregation phase for eliminating the data redundancy;(2) the adaptive-weighted aggregation phase for further aggregating the data as well as improving the accuracy of the aggregated data; and(3) the space-dimensional aggregation phase for reducing the size and the amount of the data transmission to the base station.AWTDSD utilizes the correlations between the sensed data for reducing the data transmission and increasing the data accuracy as well.Experimental result shows that AWTDSD can not only save almost a half of the total energy consumption but also greatly increase the accuracy of the data monitored by the sensors in the clustered network.展开更多
To solve the problems of high memory occupation, low connectivity and poor resiliency against node capture, which existing in the random key pre-distribution techniques while applying to the large scale Wireless Senso...To solve the problems of high memory occupation, low connectivity and poor resiliency against node capture, which existing in the random key pre-distribution techniques while applying to the large scale Wireless Sensor Networks (WSNs), an Identity-Based Key Agreement Scheme (IBKAS) is proposed based on identity-based encryption and Elliptic Curve Diffie-Hellman (ECDH). IBKAS can resist man-in-the-middle attacks and node-capture attacks through encrypting the key agreement parameters using identity-based encryption. Theoretical analysis indicates that comparing to the random key pre-distribution techniques, IBKAS achieves significant improvement in key connectivity, communication overhead, memory occupation, and security strength, and also enables efficient secure rekcying and network expansion. Furthermore, we implement IBKAS for TinyOS-2.1.2 based on the MICA2 motes, and the experiment results demonstrate that IBKAS is feasible for infrequent key distribution and rekeying for large scale sensor networks.展开更多
文摘The security problem of the Web system in the Internet based Intranet and the shortcomings of the methods used in solving this problem are analyzed and our system model of Web communication security are discussed, i.e, adding local proxy to browser and reverse proxy to Web server based on present Web browser and server. The transformation between HTTP message and secure HTTP message is implemented in these two proxy modules. The architecture and implementing method is given and the features of this module is also discussed.
文摘Wireless sensor networks (WSNs) are exposed to a variety of attacks. The quality and complexity of attacks are rising day by day. The proposed work aims at showing how the complexity of modern attacks is growing accordingly, leading to a similar rise in methods of resistance. Limitations in computational and battery power in sensor nodes are constraints on the diversity of security mechanisms. We must apply only suitable mechanisms to WSN where our approach was motivated by the application of an improved Feistel scheme. The modified accelerated-cipher design uses data-dependent permutations, and can be used for fast hardware, firmware, software and WSN encryption systems. The approach presented showed that ciphers using this approach are less likely to suffer intrusion of differential cryptanalysis than currently used popular WSN ciphers like DES, Camellia and so on.
文摘In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd
基金Supported by the Ministry of Educationin China (No.104086)
文摘Ubiquitous computing systems typically have lots of security problems in the area of identity authentication by means of classical PKI methods. The limited computing resources, the disconnection network, the classification requirements of identity authentication, the requirement of trust transfer and cross identity authentication, the bi-directional identity authentication, the security delegation and the simple privacy protection etc are all these unsolved problems. In this paper, a new novel ubiquitous computing identity authentication mechanism, named UCIAMdess, is presented. It is based on D-S Evidence Theory and extended SPKI/SDSI. D-S Evidence Theory is used in UCIAMdess to compute the trust value from the ubiquitous computing environment to the principal or between the different ubiquitous computing environments. SPKI-based authorization is expanded by adding the trust certificate in UCIAMdess to solve above problems in the ubiquitous computing environments. The identity authentication mechanism and the algorithm of certificate reduction are given in the paper to solve the multi-levels trust-correlative identity authentication problems. The performance analyses show that UCIAMdess is a suitable security mechanism in solving the complex ubiquitous computing problems.
基金The paper is supported by the National High Technology Research and Development Program of China (863 Program) (No.2009AA01Z439) and the National Natural Science Foundation of China (U0835001)
文摘Several software network models are constructed based on the relationships between classes in the object-oriented software systems.Then,a variety of well-known open source software applications are statistically analyzed by using these models.The results show that: (1) Dependency network does play a key role in software architecture;(2) The exponents of in-degree and total-degree distribution functions of different networks differ slightly,while the exponent of out-degree varies obviously;(3) Weak-coupling relationships have greater impact on software architecture than strong-coupling relationships.Finally,a theoretically analysis on these statistical phenomena is proposed from the perspectives of software develop technology,develop process and developer’s habits,respectively.
基金The National High-Tech Research and Development (863) Program of China (No. 2005AA145110, No. 2006AA01Z436) The Natural Science Foundation of Shanghai (No. 05ZR14083) The Pudong New Area Technology Innovation Public Service Platform of China (No. PDPT2005-04)
文摘Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.
文摘This paper discussed the necessity of establishing a computer network in a mining railway transport management system. The network structure and the system security design, associated with the real development condition of a mining area, were brought forward, and the system evaluation was given.
基金Supported by the National High-Tech Research and Development Plan of China (863) (No.2003AA142160)
文摘A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages: free of central control, stronger immunity to misleading recommendations, and limited traffic overload.
文摘Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithms into an intrusion detection system, and a detection algorithm based on network traffic is proposed. This algorithm is a real-time and self-study algorithm and can detect undefined intrusion behaviors effectively.
基金The Specialized Research Fund for the Doctoral Program of Higher Education of China (No. 20050248043)
文摘As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.
文摘With the rapid development of the computer network technologies, in the application of the computer networks, the importance of the network security is becoming increasingly prominent, and computer network security issues have received more and more attention of the communities. In the face of the problems of the security hidden trouble in the computer network, it is essential to take the relevant measures to ensure the safety of the computer network. With the computer network security as the breakthrough point, this paper discusses the precautionary measures of the computer network security based on the analysis of the computer network security, in order to illustrate the importance of the computer network security, to provide references for ensuring the security of the computer network.
文摘This article analyzes the problem of computer network security, and design scheme of the network security system. The scheme uses advanced network security technologies, includes a complete set of physical isolation, desktop system security, virus protection, identity authentication, access control, information encryption, message integrity check, non-repudiation, security audit, intrusion detection, vulnerability scanning, electromagnetic leakage emission protection, security management and other security technology and management measures, the purpose is to establish a complete, multi-level three-dimensional, network security defense system.
基金Supported by the Promotive Research Fund for Excellent Young and Middle-aged Scientists of Shandong Province(No.BS2010DX010)the Project of Higher Educational Science and Technology Program of Shandong Province(No.J12LN36)
文摘In this paper,an Adaptive-Weighted Time-Dimensional and Space-Dimensional(AWTDSD) data aggregation algorithm for a clustered sensor network is proposed for prolonging the lifetime of the network as well as improving the accuracy of the data gathered in the network.AWTDSD contains three phases:(1) the time-dimensional aggregation phase for eliminating the data redundancy;(2) the adaptive-weighted aggregation phase for further aggregating the data as well as improving the accuracy of the aggregated data; and(3) the space-dimensional aggregation phase for reducing the size and the amount of the data transmission to the base station.AWTDSD utilizes the correlations between the sensed data for reducing the data transmission and increasing the data accuracy as well.Experimental result shows that AWTDSD can not only save almost a half of the total energy consumption but also greatly increase the accuracy of the data monitored by the sensors in the clustered network.
基金Supported by the National Basic Research Program of China(973 Program)(No.2011CB302903)the National Natural Science Foundation of China(No.61100213)+3 种基金the Key Program of Natural Science for Universities of Jiangsu Province(No.10KJA510035)the Specialized Research Fund for the Doctoral Program of Higher Education(20113223120007)the Science and Technology Program of Nanjing(201103003)the Postgraduate Innovation Project Foundation of Jiangsu Province(No.CXLX11_0411)
文摘To solve the problems of high memory occupation, low connectivity and poor resiliency against node capture, which existing in the random key pre-distribution techniques while applying to the large scale Wireless Sensor Networks (WSNs), an Identity-Based Key Agreement Scheme (IBKAS) is proposed based on identity-based encryption and Elliptic Curve Diffie-Hellman (ECDH). IBKAS can resist man-in-the-middle attacks and node-capture attacks through encrypting the key agreement parameters using identity-based encryption. Theoretical analysis indicates that comparing to the random key pre-distribution techniques, IBKAS achieves significant improvement in key connectivity, communication overhead, memory occupation, and security strength, and also enables efficient secure rekcying and network expansion. Furthermore, we implement IBKAS for TinyOS-2.1.2 based on the MICA2 motes, and the experiment results demonstrate that IBKAS is feasible for infrequent key distribution and rekeying for large scale sensor networks.