基于单变量多项式表示的具有最大代数免疫度奇变元函数构造

To protect against algebraic attacks, a high algebraic immunity is now an important criterion for Boolean functions used in stream ciphers. In this paper, a new method based on a univariate polynomial representation of Boolean functions is proposed. The proposed method is used to construct Boolean functions with an odd number of variables and with maximum algebraic immunity. We also discuss the nonlinearity of the constructed functions. Moreover, a lower bound is determined for the number of Boolean functions with maximum algebraic immunity.     

Cooperative detection and protection for Interest flooding attacks in named data networking

Named data networking (NDN) is a new emerging architecture for future network, which may be a substitute of the current TCP/IP‐based network, for the content‐oriented data request mode becoming the future trend of development. The security of NDN has attracted much attention, as an implementation of next‐generation Internet architecture. Although NDN is immune to most current attack, it cannot resist the distributed denial of service like attack – Interest flooding attack (IFA) – effectively. IFA takes advantages of the forwarding mechanism of NDN, flooding a large number of malicious Interest packets at quite a high rate, and exploits the network resources, which may cause the paralysis of the network. Taking into account the severity of the destruction, we propose an algorithm to counter such new type of attack. We analyze three properties of IFA, and use them to judge and filter Interest packets. Vector space model and Markov model are used in our method to realize a cooperative detection. Meanwhile, we present the retransmission forwarding mechanism to ensure legitimate user request. The ndnSIM module of ns3 is used for the corresponding simulation, and results of the simulation will be given to show the effectiveness of our algorithm. Copyright © 2014 John Wiley & Sons, Ltd.     

APT多维度分析和防御研究

“APT多维度分析及防御研究”需要遵循两大原则,即“广谱检测”和“精准定位”的策略。所谓“广谱检测”就是设计的检测方法不局限适用于某一特定的类型的僵尸网络、木马或者蠕虫。“精准定位”就是要求检测结果具有较高的准确性,不仅能确定有无,还要定位感染主机。为了满足上面两个原则,需要将多种检测方法整合到一起,多种检测方法在功能上互相补充,在结果上互相印证,才能获得较理想的结果。     

现阶段战场网络对抗总体发展建议

提议以网络中心战为背景构建网络对抗作战体系和效能评估体系。建议以"比特战"为切入点,引导现有通信对抗技术融合进入网络对抗技术体系,并以软件无线电和认知无线电为基础,发展网络对抗通用平台和系统,并兼顾专用平台和系统。由于"网络空间"的出现,战场网络对抗必然需要深入到网络内部,建议针对网络的开放性、复杂性和标准性,开展渗透攻击研究。     

基于转换的攻击图分析方法研究

攻击图是一种分析计算机网络脆弱性的有效工具,它以图的方式描述了攻击者利用系统漏洞和单元间脆弱性信息综合入侵目标网络的行为过程。针对攻击图的最优弥补集问题,文章论证了最优弥补集问题与加权碰集问题之间的等价性,并提供了相应的形式化转换方法。在不增大问题规模的前提下,本文将最优弥补集问题形式化地转换为单一的加权碰集问题以进行求解。理论和实验均表明,在收敛于全局最优解方面,基于转换的分析方法较传统方法有更好的性能。     

Game Theory Based False Negative Probability of Embedded Watermark Under Unintentional and Steganalysis Attacks

Steganalysis attack is to statistically estimate the embedded watermark in the watermarked multimedia,and the estimated watermark may be destroyed by the attacker.The existing methods of false negative probability,however,do not consider the influence of steganalysis attack.This paper proposed the game theory based false negative probability to estimate the impacts of steganalysis attack,as well as unintentional attack.Specifically,game theory was used to model the collision between the embedment and steganalysis attack,and derive the optimal building embedding/attacking strategy.Such optimal playing strategies devote to calculating the attacker destructed watermark,used for calculation of the game theory based false negative probability.The experimental results show that watermark detection reliability measured using our proposed method,in comparison,can better reflect the real scenario in which the embedded watermark undergoes unintentional attack and the attacker using steganalysis attack.This paper provides a foundation for investigating countermeasures of digital watermarking community against steganalysis attack.     

10轮3D分组密码算法的中间相遇攻击

3D密码算法是一个代换-置换网络(SPN)型结构的新分组密码。与美国高级加密标准(AES)不同的是3D密码算法采用3维状态形式。该文利用3D算法结构,构造出一个5轮中间相遇区分器,并由此给出10轮3D的新攻击。结果表明:新攻击的数据复杂度约为2128选择明文,时间复杂度约为2331.1次10轮3D加密。与已有的攻击结构相比较,新攻击有效地降低了攻击所需的数据复杂度以及时间复杂度。     

IKE协议防止中间人攻击性能分析及改进

在基于数字签名认证主模式IKE协议最新研究进展的基础上,针对其安全漏洞,提出了一种改进方案。该方案在遵循ISAKMP框架及IKE交互对称结构的基础上,采用分步认证的方法,能够及早发现并阻止中间人攻击,从而保护通信双方的身份。性能分析表明,该方案是安全、高效、可行的。     

一种代理多重数字签名方案的安全性分析

对Qi和Harn的代理多重数字签名方案，提出了一种伪造攻击，利用该伪造攻击,n个原始签名者中任何一个签名者都能伪造出一个有效代理多重数字签名，并对Qi和Harn的代理多重数字签名方案进行了改进，提出了一种新的安全的代理多重数字签名方案。     

针对随机伪操作的简单功耗分析攻击

讨论针对随机伪操作椭圆曲线密码标量乘算法的SPA攻击,理论推导和实测结果均表明,在单样本SPA攻击下,即可在功耗曲线中获取大量的密钥信息;而在针对算法中随机操作漏洞的一种新型多样本SPA攻击—多样本递推逼近攻击下,用极小样本量就可完整破译密钥.当密钥长度为n时,该攻击方法完整破译密钥所需的样本数仅为0(1b n).