YuanJie J. Yang,Dao Huang

DOI: https://doi.org/10.1109/WCICA.2002.1021440

2002-01-01

Abstract:With the development of the Internet, security becomes more and more important. SSL (Secure Sockets Layer), developed by Netscape, sets up a secure channel over the Internet, and is widely used in e-commerce. However, it is not perfect. In this paper, we analyze the principle and deficiencies of SSL protocol, present two ways for optimization, and use them in SSL protocol with a help of the RBF algorithm aiming to reduce the time delay at the client end and workload of the server. The experiments presented show the optimized SSL protocol has a better performance than the original one.

Shi-hai Huang,Chuang Lin,An'an Luo,Zhen Chen,Xin Jiang,Kai Wang,Hui Zhang,Xuehai Peng

DOI: https://doi.org/10.1109/icccn.2009.5235336

2009-01-01

Abstract:Remote desktop access is commonly used to remotely access a host in enterprise networks; however it also brings in security problems in supervision and auditing. In this paper, a novel proxy-based security audit system is designed and implemented in order to ensure security supervising and auditing remote desktop access. Our system effectively monitors all the accessing sessions of RDP, VNC, and X-window, and provides replay function by recording all the graphics operations from users. Our performance test result shows that for most of small business, just one proxy server is enough to handle all the routine auditing workload of RDP sessions.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Hui Ran Wang,Rui Fang Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.392.601

2013-01-01

Applied Mechanics and Materials

Abstract:We dissected disadvantages of the existing transmission protocols and improved its performance of dada communication security. We have proposed a security communication protocol, called as RTUSec, for remote terminal units. RTUSec adds a security layer to the existing three layer model, so that the data security is improved. After analyzing advantage and disadvantage of the present algorithms of cryptography and authentication for data communication, we have designed a security mechanism with DES and HMAC to deal with security problems like spoofing during the communication between Remote Terminal Units and controlling centers.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

YANG Jian-jun,JIA Chen-jun,RAN Li-xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2005.02.014

2005-01-01

Abstract:By analyzing the principle of remote authentication dial in user service (RADIUS) protocol and the applied security algorithm, an improved RADIUS protocol was proposed to enhance the security performance of networks.Based on the improved protocol,AAA (authentication,authority and account) architecture was set up for the Internet service providers.The AAA architecture for wireless gateway does not increase the complexity of the communication systems, and is simple and easy to implement.

Wu Liu,Ping Ren,Yong Zhang,Hai-xin Duan

DOI: https://doi.org/10.1109/CTC.2010.15

2010-01-01

Abstract:With more and more security threat events happened aiming at financial web services, there is an increasing amount of transactions performed over the Internet. As a de-facto standard the security protocol SSL (Secure Sockets Layer) or TLS (Transport Layer Security) is used to create a secure connection to web services. This paper analyze the weakness of the SSL and TLS protocols, based on which, we designed and implemented a root-kit for network based SSL and TLS traffic decrypt ion , which is called SSL-DP. With the experiment of SSL-DP we can see that SSL/TLS protocol is not secure enough to protect the important network information such as E-commerce etc.

SHI Li-bao,ZHOU Hua-feng,Peter T. C. Tam,CHANG Nai-chao,LAN Zhou,NI Yi-xin,XU Zheng

DOI: https://doi.org/10.3969/j.issn.1004-731x.2007.23.012

2007-01-01

Abstract:Mainly focusing on the study of power system dynamics, a real time dynamic security assessment and early warning (RDSAEW) system for the purpose of keeping interconnected power systems operating in security region, monitoring dynamic security margin constantly and ensuring system operation reliability was proposed. The framework of RDSAEW system was designed in accordance with Client/Server and Browser/Server operating modes based on the TCP/IP protocol. And some advanced technologies involving Visual Studio.Net, SQL Server 2000, Shell Programming and parallel computing, etc, were widely used in the design and development of RDSAEW system. On one hand, the RDSAEW system could easily and conveniently integrate with existing Energy Management System (EMS) to implement the real time dynamic security assessment. On the other hand, the RDSAEW system could make intensive dynamic analysis related to the specified case study as an off-line simulation platform.

Chen Weidong,Wang Chao,Zhang Li,Xu Zheng,Xing Xishuang

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.03.080

2013-01-01

Abstract:Information security of server is encountering increasingly serious security menace.Viruses,worms,Trojans and other malicious programs impose the threat on the security of server system.The operating system has the needs to identify and control from kernel layer the subjects and objects imperilling the security.Mandatory access control has to be executed on files,registry,process,etc.in kernel layer.We study and address the implementation of operating system security kernel in terms of system resources and networks covert communication in this paper.The system has been applied to the corporate websites,various types of servers and other network security applications that have higher security requirement.The mandatory access control and each process,file,registry and network communications,etc.are all endued the appropriate security attributes systematically.Security attributes are set by the administrator strictly in accordance with the rules.Combined with the principle of least privilege and security auditing,security control is conducted at the application layer on the server or server cluster.

LIU Yumeng,TANG Zhengliang,LU Songfeng,ZHU Jianxin,LIU Yunqu

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024022

2024-01-01

Abstract:The remote direct memory access(RDMA)technology,which has been effectively utilized to enhance data transfer rates and reduce CPU utilization,has played a significant role in various domains such as cross-regional data center transfers,high-performance computing,and rapid data read/write operations.However,despite its emerging status,RDMA has been lacking in widely recognized security solutions.With the expansion of RDMA applications from dedicated network environments to general Ethernet networks,the need to address the security risks faced by these applications has become imperative.A set of protective measures were established to ensure security without compromising transmission efficiency.Furthermore,the unique underlying implementation and protocol design of RDMA technology have resulted in incompatibility with existing mature security solutions and have led to the confrontation with specific security risks.The development of RDMA attack and defense technologies and the provision of security guarantees for the forthcoming widespread application of RDMA technology were elucidated The principles of RDMA technology and its implementation were proposed,with examples drawn from the InfiniBand(IB)and the RDMA over converged Ethernet(RoCE)second edition protocols.The security risks faced by RDMA applications in relevant scenarios were investigated,and a summary of the research progress in the RDMA security field over recent years was provided.Effective security solutions addressing these risks were compiled and,after their defensive capabilities were proven,a comparison of their advantages and disadvantages was conducted through theoretical analysis and experimental data.Finally,improvement plans and prospects for technological optimization in the RDMA attack and defense field were proposed.

Yong Yu,Yafang Zhang,Jianbing Ni,Man Ho Au,Lanxiang Chen,Hongyu Liu

DOI: https://doi.org/10.1016/j.future.2014.10.006

IF: 7.307

2015-01-01

Future Generation Computer Systems

Abstract:Cloud storage allows users to enjoy the on-demand and high quality data storage services without the load of local data maintenance. However, the cloud server providers are not fully trusted. Whether the data over cloud servers are intact becomes a major concern of data owners. To offer cloud users with the capacity of data integrity verification, recently, Chen proposed a remote data possession checking (RDPC) protocol from algebraic signatures which achieves many desirable features such as high efficiency, short length of challenges and responses, non-block verification. Unfortunately, in this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can deceive the users to believe that their data are well hold by replaying a previous evidence or re-constructing the deleted data blocks from the corresponding tags in the integrity checking process, while their data have been partially discarded in fact. Then, we present an improved scheme to fix the security flaws of the original protocol. Both the theoretical analysis and the implementation results show that the improvement is secure and practical.

OU Yang-Kai,Zhou Jing-li,XIA Tao,YU Sheng-Sheng

DOI: https://doi.org/10.3969/j.issn.1002-137x.2005.05.015

2005-01-01

Computer Science

Abstract:Aiming at the defects of the ordinary SSL VPN that the frequent setting-ups of tunnels will consume a large number of system resources,this paper presented a mechanism called STDM(Secure Tunnel Division Multiplexing).The kernel of this mechanism was Tunnel Caching,which implemented the shared use of secure tunnels by the independence of tunnel of a remote service.This mechanism would improve the efficiency of the system.

Yong Yu,Jianbing Ni,Jian Ren,Wei Wu,Lanxiang Chen,Qi Xia

DOI: https://doi.org/10.1007/978-3-319-06320-1_27

2014-01-01

Abstract:Cloud storage allows cloud users to enjoy the on-demand and high quality data storage services without the burden of local data storage and maintenance. However, the cloud servers are not necessarily fully trusted. As a consequence, whether the data stored on the cloud are intact becomes a major concern. To solve this challenging problem, recently, Chen proposed a remote data possession checking (RDPC) protocol using algebraic signatures. It achieves many desirable features such as high efficiency, small challenges and responses, non-block verification. In this paper, we find that the protocol is vulnerable to replay attack and deletion attack launched by a dishonest server. Specifically, the server can either fool the user to believe that the data is well maintained but actually only a proof of the challenge is stored, or can generate a valid response in the integrity checking process after deleting the entire file of the user. We then propose an improved scheme to fix the security flaws of the original protocol without losing the desirable features of the original protocol.

Li Zang,Yong Yu,Liang Xue,Yannan Li,Yujie Ding,Xiaoling Tao

DOI: https://doi.org/10.1007/s00779-017-1052-y

2017-01-01

Personal and Ubiquitous Computing

Abstract:Smart city has been greatly promoted by the adoption of information and communication technology. At the same time, data integrity becomes an urgent necessity in cloud storage scenario. When smart city meets cloud, if the data are damaged or corrupted, it will be a serious security loophole of smart city. Recently, numerous remote data auditing (RDA) protocols have been presented, among which Sookhak et al. put forward a dynamic remote data auditing protocol to deal with this major concern. In this paper, we found that this protocol has inherent security flaws, thus fails to achieve its original goal. Specifically, this protocol is vulnerable to two types of attacks, namely replace attack and replay attack. We show the details that how a malicious server can deceive data owners to believe that the data are maintained well by launching such attacks. Then, we describe an improved RDA protocol with provable security by utilizing algebraic signature to fix those security flaws. We employ the rank-based Merkle Hash Tree to achieve verifiable dynamic data operations for our RDA protocol. We also provide detailed security proof of the proposed RDA protocol.

肖洋,李之棠

DOI: https://doi.org/10.3969/j.issn.1007-130x.2004.07.010

2004-01-01

Abstract:Windows CE is a popular 32bit embedded operating system which is adopted in many fields. Because of the inherent security flaws in the TCP/IP protocol family, the network security about Windows CE must be taken into consideration. A VPN kernel module and relevant analysis are introduced in this paper.

YANG Wei-wei,LIU Sheng-li,CAI Rui-jie,CHEN Jia-yong

DOI: https://doi.org/10.3969/j.issn.1671-0673.2012.04.023

2012-01-01

Abstract:To enhance the security of the Tor anonymous communication system,by analyzing possible attacks on the directory server,an improved defense scheme is proposed.A P2P network between the users and the directory server is added,with dynamic security parameters configured,and the costs of launching an attack are increased.Theoretical analysis shows this security enhancement depends on the scale of the P2P network and those dynamic parameters.

DONG Yan-hua,LI Xiao-jia,ZHANG Ye

DOI: https://doi.org/10.3969/j.issn.1671-5896.2011.05.015

2011-01-01

Abstract:In order to improve the security of remote access based on SSH(Secure Shell),and to give consideration to the efficiency of access.Based on the principle of RSA/DSA(Rivest Shamir Adlemen /Digital Signature Algorithm) password-free certification,three kinds of executive plan about telecommunication security of the parallel computing system based on MPICH(Message-Passing Interface Chameleon) are put forward,which aim at the telecommunication security of the parallel computing system based on MPICH.This research can offer the plans of security and efficiency for the construction of the parallel computing system and the remote access based on SSH.

ZHU Sun-bin,CHEN Hui-fang,ZHAO Wen-dao,CHEN Biao

DOI: https://doi.org/10.3969/j.issn.1002-8692.2004.11.009

2004-01-01

Abstract:Secure Real-time Transport Protocol (SRTP) is a profile of Real-time Transport Protocol (RTP). It enhances confidentiality and defines message authentication and integrity. This paper introduces SRTP/SRTCP format, Cryptographic Contexts and method of Key generation, respectively. Finally, a method to implement SRTP/SRTCP with C/C++ is proposed.

WANG Pingli,ZHANG Gongxuan,WANG Nanlin

DOI: https://doi.org/10.3778/j.issn.1673-9418.2008.05.009

2008-01-01

Abstract:This paper proposes a secure solution which is based on a Dual-Core framework. The research and implementation of the communication mechanism is mainly discussed between primary-subordinate core and the Windows network driver of subordinate core. Dual-Core-Based Secure Windows terminal runs network security protection module on an embedded system, which can prevent hackers from attacking Windows system using system bugs. For development of Windows driver program, some developing tools are used which are Visual C++6.0, Windows Driver Development Kit and DriverStudio3.2. The experimentation indicates that this network secure solution can analyze network packages and achieve the aim of network security protection.