基于协议分析的状态检测防火墙

提出基于协议分析的状态检测防火墙技术,它能够根据各种应用程序的RFC和标准实现检测已知的和未知的网络攻击,大大提高了网络安全,同时它保持了状态检测防火墙的高处理速度的特性,因此它是速度和安全的高度统一体。     

营造安全高效的校园网络环境

针对病毒对网络的强烈)中击、黑客事件的不断增多，结合复旦大学网络安全建设的实施过程，通过分析网络、服务器、制度规范这三方面完整安全体系的建立方法，详细阐述了校园网络信息安全建设的总体思路。做到绝对安全的网络是不存在的，能做到的是：尽可能增大黑客或病毒的攻击难度，使其不能在预期时间内攻破系统而选择放弃；再配合一套高效的灾难恢复制度，使网络处于相对的安全环境中。     

针对权限滥用的安全增强研究

要限制权限滥用,操作系统必须清楚哪些是应用程序正常所需权限.本文分析了应用程序所需权限的决定因素,提出以应用程序相关的用户知识信息为基础,结合系统结构、程序实现和系统安全等方面的专业知识推导程序所需权限的权限控制方案.该方案特点在于兼顾到控制准确性和易用性,测试和试用表明其实用性较好.     

基于BCM5646芯片的24口交换机技术的研究与实现

介绍了计算机网络的现状,在用户接入方面如何实现宽带、综合和智能化,是通信网建设面临的重要课题。交换机在IT行业中占据着越来越重要的位置,本文给出了24口交换机的硬件设计方案和结构框图,针对不同的管理方式设计出了软件流程,分析了24口交换机的性能特性。     

Honeypot及其安全增强技术研究

蜜罐(Honeypot)是一种主动防御的网络安全技术,可以吸引入侵者的攻击,保护工作网络免于攻击,而且能监视和跟踪入侵者的行为并以日志形式记录下来进行分析,从而学习入侵者的工具、策略和方法.文中介绍了蜜罐技术的基本理论,分析了蜜罐系统的工作原理,设计了一种基于主机的蜜罐系统,讨论了其基本结构和工作流程,然后着重分析了系统可能面临的安全威胁与防御对策,并在总体上给出了系统的安全增强方案.     

Conditionally-perfect secrecy and a provably-secure randomized cipher

Shannon's pessimistic theorem, which states that a cipher can be perfect only when the entropy of the secret key is at least as great as that of the plaintext, is relativized by the demonstration of a randomized cipher in which the secret key is short but the plaintext can be very long. This cipher is shown to be perfect with high probability. More precisely, the eavesdropper is unable to obtain any information about the plaintext when a certain security event occurs, and the probability of this event is shown to be arbitrarily close to one unless the eavesdropper performs an infeasible computation. This cipher exploits the assumed existence of a publicly-accessible string of random bits whose length is much greater than that of all the plaintext to be encrypted; this is a feature that our cipher has in common with the previously considered book ciphers. Two modifications of this cipher are discussed that may lead to practical provably-secure ciphers based on either of two assumptions that appear to be novel in cryptography, viz., the (sole) assumption that the enemy's memory capacity (but not his computing power) is restricted and the assumption that an explicit function is, in a specified sense, controllably-difficult to compute, but not necessarily one-way.A preliminary version of this paper was presented at Eurocrypt '90, May 21–24, Århus, Denmark, and has appeared in the proceedings, pp.361–373.     

Reversible Response of Luminescent Terbium(III)–Nanocellulose Hydrogels to Anions for Latent Fingerprint Detection and Encryption

Fingerprint fluorescence imaging has become one of the most prominent technologies in the field of forensic medicine, but it seldom considers the security protection of detection information, which is of great importance in modern society. Herein we demonstrate that luminescent Tb^III–carboxymethyl cellulose (CMC) complex binding aptamer hydrogels that are reversibly responsive to ClO^?/SCN^? can be used for the selective detection, protection, and storage of fingerprint information. The imaging information of the fingerprint can be quenched and recovered by ClO^?/SCN^? regulation, respectively, resulting in reversible on/off conversion of the luminescence signals for the encryption and decryption of multiple levels of information. The present study opens new avenues for multilevel imaging, data recording, and security protection of fingerprint information with tunable fluorescent hydrogels.     

An identity attribute–based encryption using elliptic curve digital signature for patient health record maintenance

Providing security to the data that stored in personal health record (PHR) is an emerging and critical task in recent years. For this purpose, some of the encryption and key generation techniques are developed in the traditional works. But it has the drawbacks such as lacks in access control policies, reduced security, and ineffective. So this work implemented the efficient techniques, namely, elliptic curve Diffie‐Hellman for the secret key generation and identity attribute–based encryption for improving the security of the cloud data. Initially, the cloud user can request the patient's data to the PHR admin, and then they can generate the secret by using the elliptic curve Diffie‐Hellman algorithm. The key that used for encryption and decryption is generated by using the identity attribute–based encryption technique. Then, the access control is provided to the users based on their roles. The requested data are encrypted by applying the advanced encryption standard technique. After that, the elliptic curve digital signature algorithm is used to generate the digital signature for the encrypted data. Furthermore, it is verified with the user's digital signature; if it matches, the data can be accessed by the user with the help of advanced encryption standard decryption mechanism. Finally, the authenticated user can able to access the patient's data from PHR. In experiments, the performance of the proposed encryption and key generation technique is evaluated and compared with the existing techniques for proving the effectiveness of the implemented system.     

Artificial noise–aided secure communication in a bidirectional relaying network

An artificial noise strategy is proposed for amplify‐and‐forward bi‐directional relay network where the eavesdropper can wiretap the relay channels in both hops. Artificial noise is used to confuse the eavesdropper and improve its secrecy. Specifically, the source and the relay are allowed to split their available transmit power into 2 parts: a useful information portion and a jamming portion to transmit a jamming signal. The mathematical model is established for 2‐way relay network with an eavesdropper. The secrecy rate achieved by using artificial jamming is derived from the above model. The optimal power allocation with individual power constraint is obtained via sequential quadratic programming to maximize the secrecy sum rate, and 2 special cases are investigated. Furthermore, the benchmark is provided for the purpose of performance comparison. Simulation results show that the proposed strategy can significantly improve the secrecy sum rate by using artificial noise to jam the eavesdropper.     

Modeling and performance analysis of a new secure address resolution protocol

Address Resolution Protocol (ARP) is an essential protocol for the operation of local area networks. It is used for mapping the logical address to the physical address. However, ARP was designed without any security features. Therefore, ARP is vulnerable to many ARP spoofing attacks, such as the host impersonation, man‐in‐the‐middle (MITM), and denial of service (DoS) attacks. Many techniques were introduced in the literature for mitigating ARP spoofing attack. However, they could not provide protection against the host impersonation and DoS attacks. This work introduces a new technique to secure address resolution protocol called ARP Authentication (ARP‐A). The proposed technique provides authentication for ARP messages and entities. In addition, it converts ARP from a stateless to a stateful protocol. To evaluate the performance of ARP‐A, it was implemented on Linux. To investigate the scalability of ARP‐A, a new analytical model was designed for it using stochastic reward nets. The results show that, compared with other related schemes introduced in the literature, ARP‐A is more efficient in terms of security and performance.