YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Xiaoyi Tian,Duanqing Xu,Chun Chen

2001-01-01

Abstract:In this paper, we survey the theory and technology of CSCW environment and cooperative CAD system built on it. We first introduce the concept of CSCW and discuss its critical techniques. Then we present agent technology, which is important in cooperative system. At last, we explore some special concerns about developing cooperative CAD system in the CSCW environment.

唐旻,陈岭,王少卿,陈根才

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.05.027

2001-01-01

Abstract:Now the CSCW system becomes more and more important.This paper introduces a multi-session CSCW (Computer Suporrted Cooperative Work) system,which can be used in different operating systems.We use Java to realize this system, and use three layer levels to describe it.

潘巨龙,李善平,吴震东,张道远

DOI: https://doi.org/10.3969/j.issn.1004-1699.2009.06.016

2009-01-01

Abstract:A design of secure community healthcare monitoring system based on wireless sensor networks is presented.To address the issues of system security and be resilient to diverse attacks,the system protects sensitive data from being attacked by using Elliptic Curve Cryptography and digital signature scheme in those resource-constrained sensor nodes.A secure architecture of community healthcare monitoring system is proposed.Experiment result shows that the system can resist some outer attacks(such as eavesdropping) and inner attacks.

Xuesong QUE,Yuming Yao,Shanping LI,Ming GUO,Xiaoqiang Dong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.01.010

2001-01-01

Abstract:This paper presents the design and implementation of a Web-based 3-tiered computer aided quality (CAQ) System OL-CAQ, as a sub-system of a CIMS system OL-CIMS. The cons and pros of those tranditional Client/Server architectures vs. 3-tiered Client/Server architectures are also presented, and the implementation of the Web-based 3-tiered OL-CAQ system is outlighted.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

邓秀锋,赵明生

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.10.040

2004-01-01

Abstract:The paper analyses the security threats and requirements of video conference. It also designs and implements a security mechanism of video conference by extending the session initiation protocol. Participants use their certificates to authenticate themselves to MCU, and negotiate keys with MCU. The keys are used for the encryption/decryption and authentication of media streams transferred by multicast in the conference. Some signaling messages are also encrypted and signed by this mechanism. This security mechanism supplies authentication for participants, integrity and confidentiality of communication data.

Guo Yi

Abstract:The communication security of MAS is an important issue in practice.In order to ensure information integrity,authentication,and confidentiality,this paper presents a fine-grained security model for MAS communication with XML security specifications.In this model,entity identity is authenticated by digital certificate management based on XKMS.Meanwhile,through adopting XML encryption and XML signature mechanism,the model only encrypts or signs portions of information to improve the system efficiency and decreases bandwidth in communication.

Computer Science

蒋文保,戴一奇,杨大鉴

DOI: https://doi.org/10.3321/j.issn:1000-0054.2004.04.033

2004-01-01

Abstract:Grid environments have a broad range of security requirements that differ from conventional network environment needs. This paper proposes a new grid security system, CertGSI, which uses multiple certifications including identity certification, attribute certification, and proxy certification to address various grid security requirements. Moreover, CertGSI incorporates a flexible authentication and access control mechanism that provides scalability to a large number of resources and users. Its security policy, framework, multiple certifications, authentication, and access control mechanism are discussed in detail.

马晨华,陆国栋,钟云伟

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.19.022

2003-01-01

Abstract:This paper presents a three-tier secure document management system, using PKI, session key and RBAC. This system provides a key exchange protocol prolvodes in order to secure the encrypted documents in clients and only the users who own the proper key can read them. The middleware-tier constructs a RBAC authority database and utilizes SQL language to descript the constraint policies, providing an efficient way to implement role-based access control.

CUI Wu-cheng,XU Ke,WU Jian-ping

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.07.013

2006-01-01

Abstract:Multicast implements the communication between many nodes efficiently and more and more multicast applications are deployed in networks.Security is one of the problems that block the progress of multicast application.In previous multicast security solutions,the multicast security management is implemented by the multicast initiator.This paper proposes SMSA(Secure Multicast Service Architecture),which performs the group security management instead of the multicast initiator.SMSA supports many secure multicast groups simultaneously.We describe the details of SMSA and present the experiment results compared with the existing solutions.It is shown that SMSA improves the efficiency of multicast group security management and has a good scalability.

Chen Tianzhou,Huang Yu,Chen Feng,Hu Wei

2006-01-01

Abstract:There are many security defects in existing mobile communication systems, such as unidirectional authentication and cipher key transmission in plaintext. With the expansion of the mobile communication services, the mobile security becomes more and more important, but the existing communication systems can not prevent hostile attacks to supply high-quality service because of their defects in security. To solve these problems, we propose a new Security Architecture for Mobile Communication (SAMC), which employs new authentication protocols, chooses different encryption algorithms for different requirements and implements integrity control mechanism. Good security is developed in an open environment with the collaboration of experts. It has the robust security and the outstanding performance, just a slight and acceptable loss.

Chen Tianzhou,Mao Haixia,Dai Hongjun

2006-01-01

Abstract:This paper briefly analyzes the security mechanisms of GSM/UMTS and finds their security defects, such as unidirectional authentication and cipher key transmission without encryption. For these defects, existing mobile communication systems can not prevent hostile attacks to satisfy high-level security demands. To solve these problems, we propose the robust Middleware Architecture for Mobile Communication Security (MAMCS), which employs new Authentication and Key Agreement (AKA) protocols, chooses different encryption algorithms for different applications and implements integrity control mechanism. In the end, we analyze the performance of MAMCS and show that MAMCS gets a 200%~2% improvement in security only at the cost of 1.51% descent in bandwidth and 18.14 ms extra latency.

ZHANG Jing-yu,LI Zhi-shu,CHEN Liang-yin,XING Jian-chuan,LI Bao-lin,LI Qing

DOI: https://doi.org/10.3969/j.issn.1009-3087.2007.05.027

2007-01-01

Abstract:Single Sign On(SSO) provides uniform authentication entrance for multi-application integration system,but has a security issue on which it normally does not focus— authentication management in Single Sign Out.A Message System-based and Customizable Single Sign Out Service —MSC-SSOS integrating Yale ITS CAS into a multi-application online service system,was designed and implemented.Many services such as security management,business customization,message persistency and balance loading are provided through a message bus.MSC-SSOS demonstrates characteristics of security,stability and efficiency in the online system which is visited by more than 400000 pages a day.

SHAN Linwei,SHAN Xiuming,REN Yong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.14.047

2006-01-01

Abstract:Multimedia network conference is an important network application.The security support of implementing the network conference is necessary.Tiffs article firstly introduces the session initiation protocol and the inter-domain network conference model;then,it analyzes the security framework principles and presents the full design;finally,it combines the security framework with the network conference management functions and presents an example of signaling flow.

曾凤萍,潘爱民

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.04.046

2004-01-01

Abstract:The Internet is an open system where the identity of the communicating partners is not easy to define. One solution is to use X. 509 certificate to assure that the communication is happening between the desired endpoints. This paper designs an X. 509 certificate library to afford support to applications which have the needs.

Si Duanfeng,Long Qin,Han Xinhui,Zou Wei

DOI: https://doi.org/10.1109/ICCCAS.2004.1346199

2004-01-01

Abstract:We have proposed a generic SIP-based application topology model called secure multimedia communication infrastructure (SMCI) and constructed a real multimedia communication application based on it. We now emphasize the security issues in the SMCI and give the entire secure framework in detail. We also analyze the processing load of our security mechanism in order to explain the practicability of our secure framework. Hop by hop and end to end security are introduced to defend the attacks of registration hijacking, impersonating a server, tampering with message bodies, tearing down sessions, denial of service and amplification. We also considered the privacy problem that will be the most important consideration in the future. Finally, a security analysis is presented to demonstrate that the proposed security mechanisms are robust and efficient to secure the SMCI.

Daojing He,Chun Chen,Maode Ma,Jiajun Bu

DOI: https://doi.org/10.1002/sec.284

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:To allow many users to hold a secure teleconference in mobile networks, a secure conference scheme with dynamic participation is necessary. However, designing a secure and efficient conference scheme is a difficult task because wireless networks are susceptible to attacks and wireless devices have limited resources. Recently, a lightweight and secure conference scheme has been suggested. Later, it has been found that this solution has security weaknesses and a modified version to overcome them has been presented. Compared with other conference schemes, these two schemes have many advantages. In this short paper, security study of these conference schemes in mobile networks has been performed with the following findings: (1) both the original scheme and the modified version are still vulnerable to our proposed impersonation attack; (2) they lack a mechanism to confirm the delivery of relevant messages, leading to protocol disruption. Therefore, these two schemes cannot be deployed for the real world applications without further development. Then, some efficient countermeasures are given for enhancing the security of both schemes. Further, the security properties of the improved protocol are formally validated by a model checking tool called AVISPA. Finally, several basic principles are suggested for the design of a secure conference scheme. Copyright (C) 2011 John Wiley & Sons, Ltd.

王雪平,徐寿怀,张根度,荆金华

DOI: https://doi.org/10.3321/j.issn:1000-436x.2001.08.012

2001-01-01

Abstract:Our secure electronic commerce system, which has been successfully embedded into the popular Netscape Browser and Server on the Internet, is presented in the paper. We focus our attentions in this paper on the secure requirements related to infrastructure, the system architecture,the system function, and the key tech- niques. And we discuss secure mechanism related to electronic commercs system in detail.

Yixin Jiang,Chuang Lin,Hao Yin,Zhen Chen

DOI: https://doi.org/10.1002/wcm.448

2006-01-01

Wireless Communications and Mobile Computing

Abstract:IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.