The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end ...The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.展开更多
The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single ...The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.展开更多
Internet real-time multimedia communication brings a further challenge to Quality of Service(QoS).A higher QoS in communication is required increasingly.As a new framework for providing QoS services,Differentiated Ser...Internet real-time multimedia communication brings a further challenge to Quality of Service(QoS).A higher QoS in communication is required increasingly.As a new framework for providing QoS services,Differentiated Services (DiffServ)is undergoing a speedily standardization process at the IETF.DiffServ not only can offer classified level of services,but also can provide guaranteed QoS in a certain extent.In order to provide QoS,DiffServ must be properly configured.The traditional DiffServ mechanism provides classifier for edge router to mark the different traffic streams,and then the core router uses different Drop Packet Mechanisms to drop packets or transmit data packets according to these classified markers.When multiple edge routers or other core routers transmit data packets high speedily to a single core router,the core router will emerge bottleneck bandwidth.The most valid solution to this problem is that the edge router adopts drop packet mechanism.This paper proposes an Modified Edge Router Mechanism that let the edge router achieve marking,dropping and transmitting packets of hybrid traffic streams based on DiffServ in a given bandwidth,the core router will only transmits packets but won’t drop packets.By the simulation of ns2,the modified mechanism ensure the QoS of high priority traffics and simplify the core router,it is a valid method to solve the congestion of the core router.展开更多
In cyberspace security,the privacy in location-based services(LBSs) becomes more critical. In previous solutions,a trusted third party(TTP) was usually employed to provide disturbance or obfuscation,but it may become ...In cyberspace security,the privacy in location-based services(LBSs) becomes more critical. In previous solutions,a trusted third party(TTP) was usually employed to provide disturbance or obfuscation,but it may become the single point of failure or service bottleneck. In order to cope with this drawback,we focus on another important class,establishing anonymous group through short-range communication to achieve k-anonymity with collaborative users. Along with the analysis of existing algorithms,we found users in the group must share the same maximum anonymity degree,and they could not ease the process of preservation in a lower one. To cope with this problem,we proposed a random-QBE algorithm to put up with personalized anonymity in user collaboration algorithms,and this algorithm could preserve both query privacy and location privacy. Then we studied the attacks from passive and active adversaries and used entropy to measure user's privacy level. Finally,experimental evaluations further verify its effectiveness and efficiency.展开更多
Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artifici...Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.展开更多
In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates ...Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates DTN communications between the Earth and the far side of the Moon, by means of a lunar orbiter acting as relay. After an introductory part, the paper presents a comprehensive analysis of the DTN performance that can be achieved on the identified communication scenario. The focus is on the evaluation of the stateof-the-art ability of Interplanetary Overlay Network(ION), the NASA DTN implementation of Bundle Protocol(BP) and Contact Graph Routing(CGR), to meet the many challenges of the space communication scenario investigated(and more generally of a future interplaynetary Internet): intermittent links, network partitioning, scarce bandwidth, long delays, dynamic routing, handling of high priority and emergency traffic, interoperability issues. A study of security threats and Bundle Security Protocol(BSP) countermeasures complete the work.The many results provided, confirm the essential role of DTN in future space communications.展开更多
文摘The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.
基金Supported by the National High Technology Research and Development Program of China("863"Program)(2006AA706103)~~
文摘The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK' model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.
基金supported by the National Natural Science Foundation of China:(No60572093)the Specialized Research Fund for the Doctoral Program of Higher Education(No20050004016)NSFC-KOSEF Joint Research Project of China and Korea,and the CDSN,GIST
文摘Internet real-time multimedia communication brings a further challenge to Quality of Service(QoS).A higher QoS in communication is required increasingly.As a new framework for providing QoS services,Differentiated Services (DiffServ)is undergoing a speedily standardization process at the IETF.DiffServ not only can offer classified level of services,but also can provide guaranteed QoS in a certain extent.In order to provide QoS,DiffServ must be properly configured.The traditional DiffServ mechanism provides classifier for edge router to mark the different traffic streams,and then the core router uses different Drop Packet Mechanisms to drop packets or transmit data packets according to these classified markers.When multiple edge routers or other core routers transmit data packets high speedily to a single core router,the core router will emerge bottleneck bandwidth.The most valid solution to this problem is that the edge router adopts drop packet mechanism.This paper proposes an Modified Edge Router Mechanism that let the edge router achieve marking,dropping and transmitting packets of hybrid traffic streams based on DiffServ in a given bandwidth,the core router will only transmits packets but won’t drop packets.By the simulation of ns2,the modified mechanism ensure the QoS of high priority traffics and simplify the core router,it is a valid method to solve the congestion of the core router.
基金supported by the National Natural Science Foundation of China (Grant No.61472097)the Specialized Research Fund for the Doctoral Program of Higher Education(Grant No.20132304110017)+1 种基金the Natural Science Foundation of Heilongjiang Province of China (Grant No.F2015022)the Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund (Fujian Normal University) (No.15003)
文摘In cyberspace security,the privacy in location-based services(LBSs) becomes more critical. In previous solutions,a trusted third party(TTP) was usually employed to provide disturbance or obfuscation,but it may become the single point of failure or service bottleneck. In order to cope with this drawback,we focus on another important class,establishing anonymous group through short-range communication to achieve k-anonymity with collaborative users. Along with the analysis of existing algorithms,we found users in the group must share the same maximum anonymity degree,and they could not ease the process of preservation in a lower one. To cope with this problem,we proposed a random-QBE algorithm to put up with personalized anonymity in user collaboration algorithms,and this algorithm could preserve both query privacy and location privacy. Then we studied the attacks from passive and active adversaries and used entropy to measure user's privacy level. Finally,experimental evaluations further verify its effectiveness and efficiency.
基金supported in part by the National High Technology Research and Development Program of China ("863" Program) (No.2007AA010502)
文摘Since the frequency of network security incidents is nonlinear,traditional prediction methods such as ARMA,Gray systems are difficult to deal with the problem.When the size of sample is small,methods based on artificial neural network may not reach a high degree of preciseness.Least Squares Support Vector Machines (LSSVM) is a kind of machine learning methods based on the statistics learning theory,it can be applied to solve small sample and non-linear problems very well.This paper applied LSSVM to predict the occur frequency of network security incidents.To improve the accuracy,it used an improved genetic algorithm to optimize the parameters of LSSVM.Verified by real data sets,the improved genetic algorithm (IGA) converges faster than the simple genetic algorithm (SGA),and has a higher efficiency in the optimization procedure.Specially,the optimized LSSVM model worked very well on the prediction of frequency of network security incidents.
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
文摘Delay/Disruption-Tolerant Networking(DTN) originated from research on Interplanetary Internet and still today space applications are the most important application field and research stimulus. This paper investigates DTN communications between the Earth and the far side of the Moon, by means of a lunar orbiter acting as relay. After an introductory part, the paper presents a comprehensive analysis of the DTN performance that can be achieved on the identified communication scenario. The focus is on the evaluation of the stateof-the-art ability of Interplanetary Overlay Network(ION), the NASA DTN implementation of Bundle Protocol(BP) and Contact Graph Routing(CGR), to meet the many challenges of the space communication scenario investigated(and more generally of a future interplaynetary Internet): intermittent links, network partitioning, scarce bandwidth, long delays, dynamic routing, handling of high priority and emergency traffic, interoperability issues. A study of security threats and Bundle Security Protocol(BSP) countermeasures complete the work.The many results provided, confirm the essential role of DTN in future space communications.
