In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artifici...Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.展开更多
In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical proce...In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical processing which use the Data-cube as a data source directly,calculated all or part of the Data-cube in advance,and it can reduce the query response time significantly.This paper considers a class of queries,called the Partial-MAX/MIN query.We introduce Rank Decision Tree(RD-Tree) and it’s searching algorithm for efficient processing of the partial-max/min queries.Through experiments,we show our approach has an efficient processing capability for partial-max/min queries.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, t...Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.展开更多
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金supported in part by the National High Technology Research and Development Program of China ("863" Program) (No.2007AA010502)
文摘Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.
文摘In the process of analyzing the large-scale network security situation,the data we faced are always flooded and messy,and the information is difficult to obtain with respond to the query timely.Online analytical processing which use the Data-cube as a data source directly,calculated all or part of the Data-cube in advance,and it can reduce the query response time significantly.This paper considers a class of queries,called the Partial-MAX/MIN query.We introduce Rank Decision Tree(RD-Tree) and it’s searching algorithm for efficient processing of the partial-max/min queries.Through experiments,we show our approach has an efficient processing capability for partial-max/min queries.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
基金This work was supported by the National Natural Science Foundation of China for Grant 60673127, the National High Technology Research and Development Program of China (863 Program) for Grant 2007AA01Z404, the Science & Technology Pillar Program of Jiangsu Province for Grant BE2008135, the Electronic Development Foundation of the Ministry of Information Industry, Funding of Jiangsu Innovation Program for Graduate Education for Grant CX10B112Z, Funding for Outstanding Doctoral Dissertation in NUAA for Grant BCXJ10-07, Research Funding of Nanjing University of Aeronautics and Astronautics for Grant NS2010101 and Jiangsu Province Postdoctoral Science Foundation. We wish to thank the above support, under which the present work is possible.
文摘Due to forward-secure-digital-signature's capability of effectively reducing loss caused by exposure of secret keys and significant in-application benefits of blind signature aiming at protecting senders' privacy, they have been hot spots for decades in the field of cryptography. Illuminated by the integration of forward secure digital signature and blind signature, based on the variants of E1Gamal and assumption of difficulty in solving the discrete logarithm problem in galois field, a forward-secure weak blind signature scheme and a forward-secure strong blind signature scheme are proposed and their security is analyzed thoroughly in this paper. It turns out that forward security, blindness and aptitude of resisting forging attack demonstrated by these two schemes benefit a lot theoretically and practically.
