Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch att...Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.展开更多
Security monitoring system of coal mines is indispensable to ensure the safe and efficient production of colliery. Due to the special and narrow underground field of the coal mine, the electromagnetic interference can...Security monitoring system of coal mines is indispensable to ensure the safe and efficient production of colliery. Due to the special and narrow underground field of the coal mine, the electromagnetic interference can cause a series of misstatements and false positives on the monitoring system, which will severely hamper the safe production of coal industry. In this paper, first, the frequency characteristics of the interference source on the power line are extracted when equipment runs normally. Then the finite difference time domain method is introduced to analyze the effects of the electromagnetic interference parameters on the security monitoring signal line. And the interference voltage of the two terminal sides on the single line is taken as evaluating indexes. Finally, the electromagnetic interference parameters are optimized by orthogonal experimental design based on the MATLAB simulation on the normal operation of equipment.展开更多
The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to sessio...The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.展开更多
After the stress function and the normal derivative on the boundary for the plane problem of exterior circular domain are expanded into Laurent series, comparing them with the Laurent series of the complex stress func...After the stress function and the normal derivative on the boundary for the plane problem of exterior circular domain are expanded into Laurent series, comparing them with the Laurent series of the complex stress function and making use of some formulas in Fourier series and the convolutions, the boundary integral formula of the stress function is derived further. Then the stress function can be obtained directly by the integration of the stress function and its normal derivative on the boundary. Some examples are given. It shows that the boundary integral formula of the stress function is convenient to be used for solving the elastic plane problem of exterior circular domain.展开更多
As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hi...As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hierarchical resource authentication architecture,which brings management convenience but places the DNS at risk from a single point of failure.When the root key suffers a leak or misconfiguration,top level domain(TLD)authority cannot independently protect the authenticity of TLD data in the root zone.In this paper,we propose self-certificating root,a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol.By adding the TLD public key and signature of the glue records to the root zone,this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure.This mechanism is implemented on an open-source software,namely,Berkeley Internet Name Domain(BIND),and evaluated in terms of performance,compatibility,and effectiveness.Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.展开更多
This paper presents an elasto-viscoplastic consistent tangent operator (CTO) based boundary element formulation, and application for calculation of path-domain independentJ integrals (extension of the classicalJ integ...This paper presents an elasto-viscoplastic consistent tangent operator (CTO) based boundary element formulation, and application for calculation of path-domain independentJ integrals (extension of the classicalJ integrals) in nonlinear crack analysis. When viscoplastic deformation happens, the effective stresses around the crack tip in the nonlinear region is allowed to exceed the loading surface, and the pure plastic theory is not suitable for this situation. The concept of consistency employed in the solution of increment viscoplastic problem, plays a crucial role in preserving the quadratic rate asymptotic convergence of iteractive schemes based on Newton's method. Therefore, this paper investigates the viscoplastic crack problem, and presents an implicit viscoplastic algorithm using the CTO concept in a boundary element framework for path-domain independentJ integrals. Applications are presented with two numerical examples for viscoplastic crack problems andJ integrals.展开更多
In this paper analytic boundary value problems for some classical domains in Cn are developed by using the harmonic analysis due to L.K. Hua. First it is discussed for the version of one variable in order to induce th...In this paper analytic boundary value problems for some classical domains in Cn are developed by using the harmonic analysis due to L.K. Hua. First it is discussed for the version of one variable in order to induce the relation between the analytic boundary value problem and the decomposition of function space L2 on the boundary manifold. Then an easy example of several variables, the version of torus in C2, is stated. For the noncommutative classical group L1, the characteristic boundary of a kind of bounded symmetric domain in C4, the boundary behaviors of the Cauchy integral are obtained by using both the harmonic expansion and polar coordinate transformation. At last we obtain the conditions of solvability of Schwarz problem on L1, if so, the solution is given explicitly.展开更多
In this study we use a boundary integral element-based numerical technique to solve the generalized Burger-Fisher equation. The essential feature of this method is the fundamental integral representation of the soluti...In this study we use a boundary integral element-based numerical technique to solve the generalized Burger-Fisher equation. The essential feature of this method is the fundamental integral representation of the solution inside the problem domain by means of both the boundary and domain values. The occurrences of domain integrals within the problem arising from nonlinearity as well as the temporal derivative are not avoided or transferred to the boundary. However, unlike the classical boundary element approach, they are resolved within a finite-element-type discrete domain. The utility and correctness of this formulation are proved by comparing the results obtained herein with closed form solutions.展开更多
Viscoelastic artificial boundaries are widely adopted in numerical simulations of wave propagation problems.When explicit time-domain integration algorithms are used,the stability condition of the boundary domain is s...Viscoelastic artificial boundaries are widely adopted in numerical simulations of wave propagation problems.When explicit time-domain integration algorithms are used,the stability condition of the boundary domain is stricter than that of the internal region due to the influence of the damping and stiffness of an viscoelastic artificial boundary.The lack of a clear and practical stability criterion for this problem,however,affects the reasonable selection of an integral time step when using viscoelastic artificial boundaries.In this study,we investigate the stability conditions of explicit integration algorithms when using three-dimensional(3D)viscoelastic artificial boundaries through an analysis method based on a local subsystem.Several boundary subsystems that can represent localized characteristics of a complete numerical model are established,and their analytical stability conditions are derived from and further compared to one another.The stability of the complete model is controlled by the corner regions,and thus,the global stability criterion for the numerical model with viscoelastic artificial boundaries is obtained.Next,by analyzing the impact of different factors on stability conditions,we recommend a stability coefficient for practically estimating the maximum stable integral time step in the dynamic analysis when using 3D viscoelastic artificial boundaries.展开更多
Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packe...Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packet protection offered by the protocol is not very compatible with OpenFlow and tlow-like behavior. OpenFlow architecture cannot aggregate IPsee-ESP flows in transport mode or tunnel mode because layer-3 information is encrypted and therefore unreadable. In this paper, we propose using the Security Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to conform to the packet-based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
This study is concerned with the numerical approximation of the extended Fisher-Kolmogorov equation with a modified boundary integral method. A key aspect of this formulation is that it relaxes the domain-driven appro...This study is concerned with the numerical approximation of the extended Fisher-Kolmogorov equation with a modified boundary integral method. A key aspect of this formulation is that it relaxes the domain-driven approach of a typical boundary element (BEM) technique. While its discretization keeps faith with the second order accurate BEM formulation, its implementation is element-based. This leads to a local solution of all integral equation and their final assembly into a slender and banded coefficient matrix which is far easier to manipulate numerically. This outcome is much better than working with BEM’s fully populated coefficient matrices resulting from a numerical encounter with the problem domain especially for nonlinear, transient, and heterogeneous problems. Faithful results of high accuracy are achieved when the results obtained herein are compared with those available in literature.展开更多
Network management scheme must consider security challenges for the Mobile Agent paradigm to be accepted in the Internet computing world. Techniques to provide security solutions have been proposed and some have achie...Network management scheme must consider security challenges for the Mobile Agent paradigm to be accepted in the Internet computing world. Techniques to provide security solutions have been proposed and some have achieved good results. For example, it is possible to launch a code with a guarantee that it cannot attack the hosting sites. The main problem remaining, however, is protecting the mobile code against malicious service providers, the host problem. This paper proposed a Mobile Agent management scheme in a hierarchical level that provides to user a reliable and flexible global access to internet/network information services. We further described a protection mechanism to Mobile Agents against malicious hosts. As an effort to address host problems we first identify the kinds of attack that may be performed by malicious hosts, and propose a mechanism to prevent these attacks. At each agent host we introduce a trusted third party entity on each server called Secure Service Station (SSS) to carry out security actions.展开更多
In order to transmit the speech information safely in the channel,a new speech encryp-tion algorithm in linear canonical transform(LCT)domain based on dynamic modulation of chaot-ic system is proposed.The algorithm fi...In order to transmit the speech information safely in the channel,a new speech encryp-tion algorithm in linear canonical transform(LCT)domain based on dynamic modulation of chaot-ic system is proposed.The algorithm first uses a chaotic system to obtain the number of sampling points of the grouped encrypted signal.Then three chaotic systems are used to modulate the corres-ponding parameters of the LCT,and each group of transform parameters corresponds to a group of encrypted signals.Thus,each group of signals is transformed by LCT with different parameters.Fi-nally,chaotic encryption is performed on the LCT domain spectrum of each group of signals,to realize the overall encryption of the speech signal.The experimental results show that the proposed algorithm is extremely sensitive to the keys and has a larger key space.Compared with the original signal,the waveform and LCT domain spectrum of obtained encrypted signal are distributed more uniformly and have less correlation,which can realize the safe transmission of speech signals.展开更多
There are a number of IT Security journals available in the literature but none of these research papers have practically specified approaches to secure the IT environment at large. In this paper, more emphases will b...There are a number of IT Security journals available in the literature but none of these research papers have practically specified approaches to secure the IT environment at large. In this paper, more emphases will be laid on the practical ways to secure our IT environments and with some useful real-life scenarios. In today, securing our IT environment has become the key factor in the industry due to an increasing number of attackers invading and stealing the intellectual properties;thereby, rendering most IT industries to go out of businesses. They may find that understanding and translating IT security recommendations to implementable practices can be overwhelming. While this is a worthwhile and important task, there are also more practical ways to ensure you are using IT security best practices in your business. Therefore, the need to properly secure our IT environments in order to mitigate those attacks by using the right tools in all IT domains will be fully discussed in this research. This paper will focus more on protection of LAN-WAN Domain as a use case.展开更多
基金Supported by the National High-TechnologyResearch and Development Programof China (2002AA1Z2101)
文摘Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.
文摘Security monitoring system of coal mines is indispensable to ensure the safe and efficient production of colliery. Due to the special and narrow underground field of the coal mine, the electromagnetic interference can cause a series of misstatements and false positives on the monitoring system, which will severely hamper the safe production of coal industry. In this paper, first, the frequency characteristics of the interference source on the power line are extracted when equipment runs normally. Then the finite difference time domain method is introduced to analyze the effects of the electromagnetic interference parameters on the security monitoring signal line. And the interference voltage of the two terminal sides on the single line is taken as evaluating indexes. Finally, the electromagnetic interference parameters are optimized by orthogonal experimental design based on the MATLAB simulation on the normal operation of equipment.
文摘The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.
文摘After the stress function and the normal derivative on the boundary for the plane problem of exterior circular domain are expanded into Laurent series, comparing them with the Laurent series of the complex stress function and making use of some formulas in Fourier series and the convolutions, the boundary integral formula of the stress function is derived further. Then the stress function can be obtained directly by the integration of the stress function and its normal derivative on the boundary. Some examples are given. It shows that the boundary integral formula of the stress function is convenient to be used for solving the elastic plane problem of exterior circular domain.
基金This work is partially supported by the National Key Research and Development Program(2018YFB1800702).
文摘As a critical Internet infrastructure,domain name system(DNS)protects the authenticity and integrity of domain resource records with the introduction of security extensions(DNSSEC).DNSSEC builds a single-center and hierarchical resource authentication architecture,which brings management convenience but places the DNS at risk from a single point of failure.When the root key suffers a leak or misconfiguration,top level domain(TLD)authority cannot independently protect the authenticity of TLD data in the root zone.In this paper,we propose self-certificating root,a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol.By adding the TLD public key and signature of the glue records to the root zone,this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure.This mechanism is implemented on an open-source software,namely,Berkeley Internet Name Domain(BIND),and evaluated in terms of performance,compatibility,and effectiveness.Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.
基金The project supported by National Natural Science Foundation of China(9713008)Zhejiang Natural Science Foundation Special Funds No. RC.9601
文摘This paper presents an elasto-viscoplastic consistent tangent operator (CTO) based boundary element formulation, and application for calculation of path-domain independentJ integrals (extension of the classicalJ integrals) in nonlinear crack analysis. When viscoplastic deformation happens, the effective stresses around the crack tip in the nonlinear region is allowed to exceed the loading surface, and the pure plastic theory is not suitable for this situation. The concept of consistency employed in the solution of increment viscoplastic problem, plays a crucial role in preserving the quadratic rate asymptotic convergence of iteractive schemes based on Newton's method. Therefore, this paper investigates the viscoplastic crack problem, and presents an implicit viscoplastic algorithm using the CTO concept in a boundary element framework for path-domain independentJ integrals. Applications are presented with two numerical examples for viscoplastic crack problems andJ integrals.
文摘In this paper analytic boundary value problems for some classical domains in Cn are developed by using the harmonic analysis due to L.K. Hua. First it is discussed for the version of one variable in order to induce the relation between the analytic boundary value problem and the decomposition of function space L2 on the boundary manifold. Then an easy example of several variables, the version of torus in C2, is stated. For the noncommutative classical group L1, the characteristic boundary of a kind of bounded symmetric domain in C4, the boundary behaviors of the Cauchy integral are obtained by using both the harmonic expansion and polar coordinate transformation. At last we obtain the conditions of solvability of Schwarz problem on L1, if so, the solution is given explicitly.
文摘In this study we use a boundary integral element-based numerical technique to solve the generalized Burger-Fisher equation. The essential feature of this method is the fundamental integral representation of the solution inside the problem domain by means of both the boundary and domain values. The occurrences of domain integrals within the problem arising from nonlinearity as well as the temporal derivative are not avoided or transferred to the boundary. However, unlike the classical boundary element approach, they are resolved within a finite-element-type discrete domain. The utility and correctness of this formulation are proved by comparing the results obtained herein with closed form solutions.
基金National Natural Science Foundation of China under Grant Nos.52108458 and U1839201China National Postdoctoral Program of Innovative Talents under Grant No.BX20200192+1 种基金Shuimu Tsinghua Scholar Program under Grant No.2020SM005National Key Research and Development Program of China under Grant No.2018YFC1504305。
文摘Viscoelastic artificial boundaries are widely adopted in numerical simulations of wave propagation problems.When explicit time-domain integration algorithms are used,the stability condition of the boundary domain is stricter than that of the internal region due to the influence of the damping and stiffness of an viscoelastic artificial boundary.The lack of a clear and practical stability criterion for this problem,however,affects the reasonable selection of an integral time step when using viscoelastic artificial boundaries.In this study,we investigate the stability conditions of explicit integration algorithms when using three-dimensional(3D)viscoelastic artificial boundaries through an analysis method based on a local subsystem.Several boundary subsystems that can represent localized characteristics of a complete numerical model are established,and their analytical stability conditions are derived from and further compared to one another.The stability of the complete model is controlled by the corner regions,and thus,the global stability criterion for the numerical model with viscoelastic artificial boundaries is obtained.Next,by analyzing the impact of different factors on stability conditions,we recommend a stability coefficient for practically estimating the maximum stable integral time step in the dynamic analysis when using 3D viscoelastic artificial boundaries.
文摘Network security protocols such as IPsec have been used for many years to ensure robust end-to-end communication and are important in the context of SDN. Despite the widespread installation of IPsec to date, per-packet protection offered by the protocol is not very compatible with OpenFlow and tlow-like behavior. OpenFlow architecture cannot aggregate IPsee-ESP flows in transport mode or tunnel mode because layer-3 information is encrypted and therefore unreadable. In this paper, we propose using the Security Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to conform to the packet-based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
文摘This study is concerned with the numerical approximation of the extended Fisher-Kolmogorov equation with a modified boundary integral method. A key aspect of this formulation is that it relaxes the domain-driven approach of a typical boundary element (BEM) technique. While its discretization keeps faith with the second order accurate BEM formulation, its implementation is element-based. This leads to a local solution of all integral equation and their final assembly into a slender and banded coefficient matrix which is far easier to manipulate numerically. This outcome is much better than working with BEM’s fully populated coefficient matrices resulting from a numerical encounter with the problem domain especially for nonlinear, transient, and heterogeneous problems. Faithful results of high accuracy are achieved when the results obtained herein are compared with those available in literature.
文摘Network management scheme must consider security challenges for the Mobile Agent paradigm to be accepted in the Internet computing world. Techniques to provide security solutions have been proposed and some have achieved good results. For example, it is possible to launch a code with a guarantee that it cannot attack the hosting sites. The main problem remaining, however, is protecting the mobile code against malicious service providers, the host problem. This paper proposed a Mobile Agent management scheme in a hierarchical level that provides to user a reliable and flexible global access to internet/network information services. We further described a protection mechanism to Mobile Agents against malicious hosts. As an effort to address host problems we first identify the kinds of attack that may be performed by malicious hosts, and propose a mechanism to prevent these attacks. At each agent host we introduce a trusted third party entity on each server called Secure Service Station (SSS) to carry out security actions.
基金supported by the National Natural Science Found-ation of China(No.61901248)the Scientific and Tech-nological Innovation Programs of Higher Education Institu-tions in Shanxi(No.2019L0029).
文摘In order to transmit the speech information safely in the channel,a new speech encryp-tion algorithm in linear canonical transform(LCT)domain based on dynamic modulation of chaot-ic system is proposed.The algorithm first uses a chaotic system to obtain the number of sampling points of the grouped encrypted signal.Then three chaotic systems are used to modulate the corres-ponding parameters of the LCT,and each group of transform parameters corresponds to a group of encrypted signals.Thus,each group of signals is transformed by LCT with different parameters.Fi-nally,chaotic encryption is performed on the LCT domain spectrum of each group of signals,to realize the overall encryption of the speech signal.The experimental results show that the proposed algorithm is extremely sensitive to the keys and has a larger key space.Compared with the original signal,the waveform and LCT domain spectrum of obtained encrypted signal are distributed more uniformly and have less correlation,which can realize the safe transmission of speech signals.
文摘There are a number of IT Security journals available in the literature but none of these research papers have practically specified approaches to secure the IT environment at large. In this paper, more emphases will be laid on the practical ways to secure our IT environments and with some useful real-life scenarios. In today, securing our IT environment has become the key factor in the industry due to an increasing number of attackers invading and stealing the intellectual properties;thereby, rendering most IT industries to go out of businesses. They may find that understanding and translating IT security recommendations to implementable practices can be overwhelming. While this is a worthwhile and important task, there are also more practical ways to ensure you are using IT security best practices in your business. Therefore, the need to properly secure our IT environments in order to mitigate those attacks by using the right tools in all IT domains will be fully discussed in this research. This paper will focus more on protection of LAN-WAN Domain as a use case.
