云计算环境中的身份认证模型

云计算继承和融合了众多技术,并结合具体应用进行了突破性创新,已成为当前研究的重点和热点.身份认证与资源授权是确保云计算安全的前提,其主要内容涉及云用户与云服务之间以及云平台中不同系统之间的访问与控制.在对云计算信息基础架构进行简要介绍的基础上,针对云计算环境中统一身份认证的特点和要求,综合分析了SAML2.0、OAuth2.0和OpenID2.0等技术规范的功能特点,提出了一种开放标准的云计算身份认证模型,为云计算中逻辑安全域的形成与管理提供了参考.     

基于卫星观测数据的预测模型及其应用

在战争中为了避开敌方军事卫星的侦查,需要对其过顶时间进行预警.对于参数公开的卫星,可以通过根数来进行准确的预报.而对于参数未知的卫星,提出了一种根据过往观测数据来对卫星过顶时间进行预测的思路:将卫星与地球之间复杂的三维耦合运动进行降维,并且以地面为参考系,发现卫星星下点运动轨迹具有高度的周期性·根据这种思路,可以通过获取的过往观测数据来对卫星未来的过顶时间进行准确预测.而对于战时地面运动单位躲避卫星的问题,可以根据所面对的不同侦查卫星通过设置一个固定的路线,让地面单位在该路线中有计划的行驶,能够躲避多种卫星的侦查.     

ATM交易状态特征分析与异常检测

考虑ATM交易过程当中产生的一系列参数,如交易量、交易成功率和响应时间等,对交易状态特征进行分析并建立了异常检测模型。针对成功率与响应时间2个参数,利用聚类算法将数据点划分为正常点、疑似异常点、异常点3大类。对于疑似的异常点,再根据其时间序列周围点的分布情况确定是否确实为异常点;对于交易量参数,首先通过LOF局部离群因子对离群点进行识别,再结合交易量随时间的移动均线及标准差加以辅助筛选,得到初步的疑似异常点,进一步通过与不同天同一时刻数据进行比较,最终确定是否为异常点。根据上述模型,本文将异常情况划分为3个预警等级,并对重大故障情况进行预测。     

Performance enhancement in the cell-free massive MIMO SWIPT system with active eavesdropping

This paper investigates the secure transmission for simultaneous wireless information and power transfer (SWIPT) in the cell-free massive multiple-input multiple-output (MIMO) system. To develop green communication, legitimate users harvest energy by the hybrid time switching (TS) and power splitting (PS) strategy in the downlink phase, and the harvested energy can provide power to send uplink pilot sequences for the next time slot. By in-built batteries, the active eavesdropper can send the same pilots with the wiretapped user, which results in undesirable correlations between the channel estimates. Under these scenarios, we derive the closed-form expressions of average harvested energy and achievable rates, and propose an iterative power control (PC) scheme based on max–min fairness algorithm with energy and secrecy constraints (MMF-ESC). This scheme can ensure the uniform good services for all users preserving the distributed architecture advantage of cell-free networks, while meeting the requirements of energy harvested by legitimate users and network security against active eavesdroppers. Besides, continuous approximation, bisection and path tracking are jointly applied to cope with the high-complexity and non-convex optimization. Numerical results demonstrate that MMF-ESC PC scheme can effectively increase the achievable rate and the average harvested energy of each user, and decrease the eavesdropping rate below the threshold. Moreover, the results also reveal that PS strategy is superior in harvesting energy in terms of more stringent network requirements for average achievable rates or security.     

Enhancing the physical layer security of artificial noise-aided half-duplex cooperative NOMA systems

The objective of this paper is to propose techniques for enhancing the physical layer security (PLS) performance of half-duplex cooperative non-orthogonal multiple access (HD-CNOMA) network in the presence of an external passive eavesdropper. We propose an artificial noise (AN)-aided framework and derive approximate analytical expressions for the secrecy outage probabilities (SOPs) of the downlink users. It is demonstrated that the proposed AN-aided framework significantly reduces the SOPs of the users and completely resolves the zero-diversity order problem, which is prevalent in HD-CNOMA network without AN. To further enhance the PLS performance, we determine optimal power allocation coefficients (OPACs) for the downlink users at the base station (BS) that minimizes the system SOP (SSOP) of the AN-aided HD-CNOMA network. With the help of extensive numerical and simulation investigations, it is shown that the proposed OPAC leads to significant reduction of the SSOP, while lowering the SOPs of the users, compared to random/equal setting of the PACs.     

基于LSSVM混淆矩阵和改进DS合成的多源传感器网络安全态势预测

针对现有的网络安全态势预测方法正确性和合理性难以得到保证,同时不能有效应对不确定情况的问题,设计了一种基于最小二乘支持向量机(Least square support vector machine, LSSVM)和改进证据理论的网络安全态势预测方法。首先,将由多源传感器采集的历史标记数据作为样本数据,实现对LSSVM的训练,然后,将当前采集的数据输入LSSVM进行分类,并通过混淆矩阵获得数据对应每个类的概率,为了有效地对采集的数据进行进一步融合,将各类转换为证据,同时将数据相对每个类的概率作为证据的基本信度分配,采用改进的DS证据合成规则对各证据进行融合,实现对网络安全态势的预测,最后,设计了基于LSSVM和改进DS证据合成规则的网络安全状态预测算法。在MATLAB环境下进行实验,实验表明了文中方法能对网络的安全态势进行实时精确的预测,与其它方法相比,具有更高的预测精度,是一种可行的网络安全态势预测方法。     

基于轻量级数字签名的药品防伪追溯系统的设计

分析了现有防伪系统存在的问题与不足,提出通过将数字身份应用到药品领域的方法,实现药品的防伪、追溯和流向跟踪,并提出在消费者打开包装时销毁验证码,在验证时将药品信息、编码及查询次数等信息返回给消费者的方法.利用JUNA轻量级的数字签名技术设计了一个药品防伪追溯系统.JUNA生成的数字身份以32进制表示长度只有16个字符,有效地解决了现在数码防伪系统存在的密钥安全性、签名码长度过长等问题,提出了构建云计算平台验证中心的思想.     

QUASI－CONVEX MULTIOBJECTIVE GAME－SOLUTION CONCEPTS，EXISTENCE AND SCALARIZATION

ＱＵＡＳＩ－ＣＯＮＶＥＸＭＵＬＴＩＯＢＪＥＣＴＩＶＥＧＡＭＥ－ＳＯＬＵＴＩＯＮＣＯＮＣＥＰＴＳ，ＥＸＩＳＴＥＮＣＥＡＮＤＳＣＡＬＡＲＩＺＡＴＩＯＮ￥ＬＩＹＵＡＮＸＩＡｂｓｔｒａｃｔ：Ｔｈｉｓｐａｐｅｒｄｅａｌｓｗｉｔｈｔｈｅｓｏｌｕｔｉｏｎｃｏｎｃｅ...     

Information security system based on virtual-optics imaging methodology and public key infrastructure

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.