Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are in...Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.展开更多
Ant Colony Optimization (AGO) has the character of positive feedback, distributed searching, and greedy searching. It is applicable to optimization grouping problems. Traditional cryptographic research is mainly bas...Ant Colony Optimization (AGO) has the character of positive feedback, distributed searching, and greedy searching. It is applicable to optimization grouping problems. Traditional cryptographic research is mainly based on pure mathematical methods which have complicated theories and algorithm. It seems that there is no relationship between cryptography and ACO. Actually, some problems in cryptography are due to optimization grouping problems that could be improved using an evolutionary algorithm. Therefore, this paper presents a new method of solving secure curve selection problems using ACO. We improved Complex Multiplication (CM) by combining Evolutionary Cryptography Theory with Weber polynomial solutions. We found that ACO makes full use of valid information generated from factorization and allocates computing resource reasonably. It greatly increases the performance of Weber polynomial solutions. Compared with traditional CM, which can only search one root once time, our new method searches all roots of the polynomial once, and the average time needed to search for one root reduces rapidly. The more roots are searched, the more ECs are obtained.展开更多
How to quickly compute the number of points on an Elliptic Curve (EC) has been a longstanding challenge. The computational complexity of the algorithm usually employed makes it highly inefficient. Unlike the general...How to quickly compute the number of points on an Elliptic Curve (EC) has been a longstanding challenge. The computational complexity of the algorithm usually employed makes it highly inefficient. Unlike the general EC, a simple method called the Weil theorem can be used to compute the order of an EC characterized by a small prime number, such as the Kobltiz EC characterized by two. The fifteen secure ECs recommended by the National Institute of Standards and Technology (NIST) Digital Signature Standard contain five Koblitz ECs whose maximum base domain reaches 571 bits. Experimental results show that the computation speed decreases for base domains exceeding 600 bits. In this paper, we propose a simple method that combines the Weil theorem with Pascals triangle, which greatly reduces the computational complexity. We have validated the performance of this method for base fields ranging from 2l^100 to 2^1000. Furthermore, this new method can be generalized to any ECs characterized by any small prime number.展开更多
基金supported by Natural Science Foundation of China under award No.61303024Natural Science Foundation of Jiangsu Province under award No.BK20130372+3 种基金National 973 Program of China under award No.2014CB340600National High Tech 863 Program of China under award No.2015AA016002supported by Natural Science Foundation of China under award No.61272452supported in part by ARO Grant # W911NF-12-1-0286 and NSF Grant #1111925
文摘Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.
基金supported by the National Natural Science Foundation of China (Nos.61332019, 61572304, 61272056, and 60970006)the Innovation Grant of Shanghai Municipal Education Commission (No.14ZZ089)Shanghai Key Laboratory of Specialty Fiber Optics and Optical Access Networks (No.SKLSFO2014-06)
文摘Ant Colony Optimization (AGO) has the character of positive feedback, distributed searching, and greedy searching. It is applicable to optimization grouping problems. Traditional cryptographic research is mainly based on pure mathematical methods which have complicated theories and algorithm. It seems that there is no relationship between cryptography and ACO. Actually, some problems in cryptography are due to optimization grouping problems that could be improved using an evolutionary algorithm. Therefore, this paper presents a new method of solving secure curve selection problems using ACO. We improved Complex Multiplication (CM) by combining Evolutionary Cryptography Theory with Weber polynomial solutions. We found that ACO makes full use of valid information generated from factorization and allocates computing resource reasonably. It greatly increases the performance of Weber polynomial solutions. Compared with traditional CM, which can only search one root once time, our new method searches all roots of the polynomial once, and the average time needed to search for one root reduces rapidly. The more roots are searched, the more ECs are obtained.
基金supported by the National Natura Science Foundation of China (Nos.61332019 61572304, 61272056, and 60970006)the Innovation Grant of Shanghai Municipal Education Commission (No.14ZZ089)Shanghai Key Laboratory of Specialty Fiber Optics and Optical Access Networks (No.SKLSFO2014-06)
文摘How to quickly compute the number of points on an Elliptic Curve (EC) has been a longstanding challenge. The computational complexity of the algorithm usually employed makes it highly inefficient. Unlike the general EC, a simple method called the Weil theorem can be used to compute the order of an EC characterized by a small prime number, such as the Kobltiz EC characterized by two. The fifteen secure ECs recommended by the National Institute of Standards and Technology (NIST) Digital Signature Standard contain five Koblitz ECs whose maximum base domain reaches 571 bits. Experimental results show that the computation speed decreases for base domains exceeding 600 bits. In this paper, we propose a simple method that combines the Weil theorem with Pascals triangle, which greatly reduces the computational complexity. We have validated the performance of this method for base fields ranging from 2l^100 to 2^1000. Furthermore, this new method can be generalized to any ECs characterized by any small prime number.