PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer ...PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.展开更多
Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for provi...Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.展开更多
Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. ...Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. This research work examines the current PKI framework’s validation process as operated by vendors and subscribers to identify the drawbacks and propose enhanced approaches to its validation mechanism. Using an approach of reviewing secondary data, critical weaknesses of integrity, proof of trust and single point-of-failure were identified with the current PKI framework. This study therefore advances proposed solutions to address the identified weaknesses by specifically introducing multiple Certificate Authorities, storage, visibility and searchability of subscriber information in public repository. A comprehensive detail of its implementation is proposed to address the identified weaknesses of uncertain integrity, trust for certificate authorities and prevent a single point of failure. Furthermore, the proposed enhancements are validated with the protection motivation theory and a framework for empirically testing the enhancements is suggested. Further research would be required to factor in multi-factor authentication without compromising performance.展开更多
In recent years, the Sponge City program (SCP) of China, as a sustainable stormwater management approach, has been strengthened as a national strategic level program. The Green Infrastructure (GI), due to its multi-ob...In recent years, the Sponge City program (SCP) of China, as a sustainable stormwater management approach, has been strengthened as a national strategic level program. The Green Infrastructure (GI), due to its multi-objective and multi-benefits, has been adopted as an important measure of this new nationwide initiative. However, there is a lack of a comprehensive quantitative evaluation system for neighbourhood scale SCP. Hence, in the process of GI plan optimization, selection of implementation methods to balance its multi-benefits has become one of the key obstacles in the practice of SCP. To support robust decision making on multi-objective GI planning and comprehensive assessment, the analytic hierarchy process (AHP) has been used as a structural and systematic technique. In addition, a set of sustainability key performance indicators (KPIs) including requisite dimensions is the foundation for neighbourhood scale sustainability. Hence, AHP-based evaluation system including selection, weighting and ranking of the KPIs, is defined as a key performance indicator framework (KPIF), which is still in need for further development. Taking the GI planning for the Liangnong, Siming Lake sponge node restoration as an example, this paper develops KPIF with a comprehensive evaluation system for high-quality “Sponge Node” transitional construction. This KPIF consists of three basic criteria: “Environmental Performance”, “Economic and Adaptability Performance”, and “Social-cultural Performance and Wellbeing Performance”. In addition, 15 weighted KPIs are concluded and amongst them, the followings were relatively high: weight of the ATRCR, the promotion of biodiversity, the construction cost saving, the maintenance cost saving, and the level of recreational and wellbeing improvements for all people. In addition, the developed KPIF provides a reference for similar program’s decision-making, not only for the Jiangnan area of China, but also for quantitatively comprehensive evaluations of SCP in other regions.展开更多
Built environments are undergoing a state of crisis, due to fragmentation and obsolescence: consolidated urban areas, suburbs and fringe areas require to be restored so as to recover a sense of vivid places and to av...Built environments are undergoing a state of crisis, due to fragmentation and obsolescence: consolidated urban areas, suburbs and fringe areas require to be restored so as to recover a sense of vivid places and to avoid segregation. Fabric of routes and voids can be considered as a medium in order to structure a landscape, to manage and govern a region, to nurture its unique subculture. A structure of bonds is to be designed to promote a rapid and safe movement of resources, of people, of ideas, even from and to most remote sites. Infrastructure can foster a vast economic development, and also, a profound social and cultural development.展开更多
Advanced metering infrastructure( AMI) is a critical part of the smart grid,and ZigBee is playing an increasingly important role in AMI.The cyber security is the prerequisite to ensure the reliable operation of AMI.To...Advanced metering infrastructure( AMI) is a critical part of the smart grid,and ZigBee is playing an increasingly important role in AMI.The cyber security is the prerequisite to ensure the reliable operation of AMI.To guarantee the ZigBee communication security in AMI,a key management scheme based on the elliptic curve cryptosystem( ECC) is proposed.According to the ways of information transformation in AMI,the scheme is categorized as unicast communication key management process and multicast communication key management process.And in the scheme,the selection of elliptic curve,the calculation of ZigBee node's ECC public key and private key,the establishment and distribution of the link key in unicast communication,and the establishment and distribution of the network key in multicast communication are elaborated.The analysis results show that the proposed key management scheme is secure,and consumes less memory and energy,thus,can meet the demands of communication security of AMI.展开更多
Facing challenges of population decline and fiscal austerity,Japan has implemented a series of initiatives to promote public-private partnerships(PPP)to ensure the sustainability of urban parks and revitalize urban sp...Facing challenges of population decline and fiscal austerity,Japan has implemented a series of initiatives to promote public-private partnerships(PPP)to ensure the sustainability of urban parks and revitalize urban spaces.These initiatives,while alleviating the government’s financial burdens on parks,have also raised concerns about the potential erosion of publicness and public interests resulted from the commercialization of public assets.This paper reviews the evolution of Japan’s urban park management system after World War II—including three phases of being purely public goods,initiating marketization,and diversifying management entities.The functions of parks have continuously enriched,and the construction,management,and operational modes have shifted from government-led towards multi-stakeholder participation,along with expanded funding sources.By examining the PPP types,driving forces,implementation mechanisms and challenges in urban park management,this paper points out that,in different eras and social contexts,the Japanese government has kept adjusting its role to maximize public interests.This has proactively updated the implications of publicness in infrastructure like urban parks,from a post-war opposite of publicness versus privateness on ownership,to the participation of private capital for a higher efficiency,and finally to a community for a stronger regional competitiveness.The reforms of urban park management system in Japan offer significant lessons and insights for urban infrastructure management in other countries and regions.展开更多
In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meani...In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meaningful to users, are embedded into the surface of the photo by using a visible watermark algorithm, so that the reader can capture this information without the requirement for special software. The remaining fields in the certificate are embedded into a marked photo. Later, the whole photo certificate is eryptographically signed by certification authority (CA) private key to guarantee the integrity of our photo certificate. By such arrangement, the eertificate's verification is divided into two layers. The first layer is human visual system oriented and the second layer is the software-oriented. User can determine whether the user's photo and its subject's name are consistent and cheek whether the expired period is valid first. The second layer's verification is lunched only when the first layer's verification is passed. To sum up, the proposed photo certificate not only inherits the functions of a traditional certificate, but also provides a friendlier operational environment of X.509 certificate.展开更多
Accelerating methods are used to enhance TCP performance over satellite links by employing Performance Enhancement Proxies (PEPs). However, providing a secure connection through the PEPs seems to be impossible. In thi...Accelerating methods are used to enhance TCP performance over satellite links by employing Performance Enhancement Proxies (PEPs). However, providing a secure connection through the PEPs seems to be impossible. In this paper an appropriate method is proposed in order to provide an accelerated secure E2E connection. We show an efficient secure three-party protocol, based on public key infrastructure (PKI), which provides security against spiteful adversaries. Our construction is based on applying asymmetric cryptography techniques to the original IKE protocol. Security protocols use cryptography to set up private communication channels on an insecure network. Many protocols contain flaws, and because security goals are seldom specified in detail, we cannot be certain what constitute a flaw. Proofing security properties is essential for the development of secure protocol. We give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange. Based on the results of this preliminary analysis, we have implemented a prototype of our security protocol and evaluated its performance and checked safety properties of security protocol, and the results show that the protocol is robust and safe against major security threats.展开更多
Wireless body area networks(WBANs)are an emerging technology for the real-time monitoring of physiological signals.WBANs provide a mechanism for collecting,storing,and transmitting physiological data to healthcare pro...Wireless body area networks(WBANs)are an emerging technology for the real-time monitoring of physiological signals.WBANs provide a mechanism for collecting,storing,and transmitting physiological data to healthcare providers.However,the open wireless channel and limited resources of sensors bring security challenges.To ensure physiological data security,this paper provides an efficient Certificateless Public Key Infrastructure Heterogeneous Ring Signcryption(CP-HRSC)scheme,in which sensors are in a certificateless cryptosystem(CLC)environment,and the server is in a public key infrastructure(PKI)environment.CLC could solve the limitations of key escrow in identity-based cryptography(IBC)and certificate management for public keys in PKI.While PKI is suited for the server because it is widely used on the Internet.Furthermore,this paper designs a ring signcryption method that allows the controller to anonymously encrypt physiological data on behalf of a set of sensors,but the server does not exactly know who the sensor is.The construction of this paper can achieve anonymity,confidentiality,authentication,non-repudiation,and integrity in a logically single step.Under the computational Diffie-Hellman(CDH)problem,the formal security proof is provided in the random oracle model(ROM).This paper demonstrates that this scheme has indistinguishability against adaptive chosen ciphertext attacks(IND-CCA2)and existential unforgeability against adaptive chosen message attacks(EUF-CMA).In terms of computational cost and energy usage,a comprehensive performance analysis demonstrates that the proposed scheme is the most effective.Compared to the three existing schemes,the computational cost of this paper’s scheme is reduced by about 49.5%,4.1%,and 8.4%,and the energy usage of our scheme is reduced by about 49.4%,3.7%,and 14.2%,respectively.展开更多
基金Supported by the National Tenth Five-rear Planfor Scientific and Technological Development of China (413160501)the National Natural Science Foundation of China (50477038)
文摘PMI (privilege management infrastructure) is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS (quality-of-service) features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC (Role-based Access control) and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.
文摘Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.
文摘Public Key Infrastructure (PKI) is a comprehensive information security framework for providing secure information and communication over the internet. Its need and use has grown over the years and continually grows. This research work examines the current PKI framework’s validation process as operated by vendors and subscribers to identify the drawbacks and propose enhanced approaches to its validation mechanism. Using an approach of reviewing secondary data, critical weaknesses of integrity, proof of trust and single point-of-failure were identified with the current PKI framework. This study therefore advances proposed solutions to address the identified weaknesses by specifically introducing multiple Certificate Authorities, storage, visibility and searchability of subscriber information in public repository. A comprehensive detail of its implementation is proposed to address the identified weaknesses of uncertain integrity, trust for certificate authorities and prevent a single point of failure. Furthermore, the proposed enhancements are validated with the protection motivation theory and a framework for empirically testing the enhancements is suggested. Further research would be required to factor in multi-factor authentication without compromising performance.
文摘In recent years, the Sponge City program (SCP) of China, as a sustainable stormwater management approach, has been strengthened as a national strategic level program. The Green Infrastructure (GI), due to its multi-objective and multi-benefits, has been adopted as an important measure of this new nationwide initiative. However, there is a lack of a comprehensive quantitative evaluation system for neighbourhood scale SCP. Hence, in the process of GI plan optimization, selection of implementation methods to balance its multi-benefits has become one of the key obstacles in the practice of SCP. To support robust decision making on multi-objective GI planning and comprehensive assessment, the analytic hierarchy process (AHP) has been used as a structural and systematic technique. In addition, a set of sustainability key performance indicators (KPIs) including requisite dimensions is the foundation for neighbourhood scale sustainability. Hence, AHP-based evaluation system including selection, weighting and ranking of the KPIs, is defined as a key performance indicator framework (KPIF), which is still in need for further development. Taking the GI planning for the Liangnong, Siming Lake sponge node restoration as an example, this paper develops KPIF with a comprehensive evaluation system for high-quality “Sponge Node” transitional construction. This KPIF consists of three basic criteria: “Environmental Performance”, “Economic and Adaptability Performance”, and “Social-cultural Performance and Wellbeing Performance”. In addition, 15 weighted KPIs are concluded and amongst them, the followings were relatively high: weight of the ATRCR, the promotion of biodiversity, the construction cost saving, the maintenance cost saving, and the level of recreational and wellbeing improvements for all people. In addition, the developed KPIF provides a reference for similar program’s decision-making, not only for the Jiangnan area of China, but also for quantitatively comprehensive evaluations of SCP in other regions.
文摘Built environments are undergoing a state of crisis, due to fragmentation and obsolescence: consolidated urban areas, suburbs and fringe areas require to be restored so as to recover a sense of vivid places and to avoid segregation. Fabric of routes and voids can be considered as a medium in order to structure a landscape, to manage and govern a region, to nurture its unique subculture. A structure of bonds is to be designed to promote a rapid and safe movement of resources, of people, of ideas, even from and to most remote sites. Infrastructure can foster a vast economic development, and also, a profound social and cultural development.
基金Sponsored by the National Natural Science Foundation of China(Grant No.51077015)the Fundamental Research Funds for the Central Universities(Grant No.HIT.NSRIF.2015017)
文摘Advanced metering infrastructure( AMI) is a critical part of the smart grid,and ZigBee is playing an increasingly important role in AMI.The cyber security is the prerequisite to ensure the reliable operation of AMI.To guarantee the ZigBee communication security in AMI,a key management scheme based on the elliptic curve cryptosystem( ECC) is proposed.According to the ways of information transformation in AMI,the scheme is categorized as unicast communication key management process and multicast communication key management process.And in the scheme,the selection of elliptic curve,the calculation of ZigBee node's ECC public key and private key,the establishment and distribution of the link key in unicast communication,and the establishment and distribution of the network key in multicast communication are elaborated.The analysis results show that the proposed key management scheme is secure,and consumes less memory and energy,thus,can meet the demands of communication security of AMI.
文摘Facing challenges of population decline and fiscal austerity,Japan has implemented a series of initiatives to promote public-private partnerships(PPP)to ensure the sustainability of urban parks and revitalize urban spaces.These initiatives,while alleviating the government’s financial burdens on parks,have also raised concerns about the potential erosion of publicness and public interests resulted from the commercialization of public assets.This paper reviews the evolution of Japan’s urban park management system after World War II—including three phases of being purely public goods,initiating marketization,and diversifying management entities.The functions of parks have continuously enriched,and the construction,management,and operational modes have shifted from government-led towards multi-stakeholder participation,along with expanded funding sources.By examining the PPP types,driving forces,implementation mechanisms and challenges in urban park management,this paper points out that,in different eras and social contexts,the Japanese government has kept adjusting its role to maximize public interests.This has proactively updated the implications of publicness in infrastructure like urban parks,from a post-war opposite of publicness versus privateness on ownership,to the participation of private capital for a higher efficiency,and finally to a community for a stronger regional competitiveness.The reforms of urban park management system in Japan offer significant lessons and insights for urban infrastructure management in other countries and regions.
文摘In the proposed photo certificate, the principal component is the image, for example, the user's photo. User-related fields, such as the subject's name, the issuer's name, and the expiration period, which are meaningful to users, are embedded into the surface of the photo by using a visible watermark algorithm, so that the reader can capture this information without the requirement for special software. The remaining fields in the certificate are embedded into a marked photo. Later, the whole photo certificate is eryptographically signed by certification authority (CA) private key to guarantee the integrity of our photo certificate. By such arrangement, the eertificate's verification is divided into two layers. The first layer is human visual system oriented and the second layer is the software-oriented. User can determine whether the user's photo and its subject's name are consistent and cheek whether the expired period is valid first. The second layer's verification is lunched only when the first layer's verification is passed. To sum up, the proposed photo certificate not only inherits the functions of a traditional certificate, but also provides a friendlier operational environment of X.509 certificate.
文摘Accelerating methods are used to enhance TCP performance over satellite links by employing Performance Enhancement Proxies (PEPs). However, providing a secure connection through the PEPs seems to be impossible. In this paper an appropriate method is proposed in order to provide an accelerated secure E2E connection. We show an efficient secure three-party protocol, based on public key infrastructure (PKI), which provides security against spiteful adversaries. Our construction is based on applying asymmetric cryptography techniques to the original IKE protocol. Security protocols use cryptography to set up private communication channels on an insecure network. Many protocols contain flaws, and because security goals are seldom specified in detail, we cannot be certain what constitute a flaw. Proofing security properties is essential for the development of secure protocol. We give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange. Based on the results of this preliminary analysis, we have implemented a prototype of our security protocol and evaluated its performance and checked safety properties of security protocol, and the results show that the protocol is robust and safe against major security threats.
基金supported by the Postgraduate Research&Practice Innovation Program of Jiangsu Province (Grant No.SJCX22_1677).
文摘Wireless body area networks(WBANs)are an emerging technology for the real-time monitoring of physiological signals.WBANs provide a mechanism for collecting,storing,and transmitting physiological data to healthcare providers.However,the open wireless channel and limited resources of sensors bring security challenges.To ensure physiological data security,this paper provides an efficient Certificateless Public Key Infrastructure Heterogeneous Ring Signcryption(CP-HRSC)scheme,in which sensors are in a certificateless cryptosystem(CLC)environment,and the server is in a public key infrastructure(PKI)environment.CLC could solve the limitations of key escrow in identity-based cryptography(IBC)and certificate management for public keys in PKI.While PKI is suited for the server because it is widely used on the Internet.Furthermore,this paper designs a ring signcryption method that allows the controller to anonymously encrypt physiological data on behalf of a set of sensors,but the server does not exactly know who the sensor is.The construction of this paper can achieve anonymity,confidentiality,authentication,non-repudiation,and integrity in a logically single step.Under the computational Diffie-Hellman(CDH)problem,the formal security proof is provided in the random oracle model(ROM).This paper demonstrates that this scheme has indistinguishability against adaptive chosen ciphertext attacks(IND-CCA2)and existential unforgeability against adaptive chosen message attacks(EUF-CMA).In terms of computational cost and energy usage,a comprehensive performance analysis demonstrates that the proposed scheme is the most effective.Compared to the three existing schemes,the computational cost of this paper’s scheme is reduced by about 49.5%,4.1%,and 8.4%,and the energy usage of our scheme is reduced by about 49.4%,3.7%,and 14.2%,respectively.