可信信道技术研究

随着互联网的高速发展，人们的许多行为由现实生活中转移到了互联网世界，比如电子商务、网上银行、电子政务等。当前互联网上的许多安全敏感的客户端-服务端应用都使用SSL/TLS或IPSec来建立安全信道，以保护客户端与服务端之间的通信。这些协议实现了客户端与服务端之间的双向认证和数据的安全传输。但是，使用SSL/TLS或IPSec建立的安全信道并没有确保终端本身的安全性。可信计算（TrustedComputing）中的远程证明机制可用于证明终端本身的完整性和可靠性，但不能直接提供安全信道。 可信信道是在安全信道的基础上，利用TPM的远程证明技术，将终端的完整性密码地绑定到安全信道，并且保护双方终端配置的隐私性。因此，研究可信信道技术对互联网安全有着重要的意义，有助于解决网络安全中的基本信任问题，以及互联网数字服务的安全问题等。目前，国内外已有一些可信信道的设计方案，大体分为两类：（1）将基于证书的SSL/TLS与TPM远程证明相结合以建立可信信道；（2）将Diffie-Hellman密钥交换协议和TPM远程证明相结合以建立可信信道。基于口令的认证密钥交换协议（PAKE）是实现安全信道的另一种有趣的技术，因为其具有易于记忆、使用方便、不需额外的密码设备来存储高熵的密钥。 然而，将PAKE与TPM远程证明结合以建立可信信道的研究工作很少。 本文主要从可信信道的安全需求出发，分析已有的两类可信信道设计方案的安全性，指出已有的方案容易遭受一种新的合谋攻击。针对上述合谋攻击和传统的中间人攻击，我们利用口令认证密钥交换协议，提出了一种新的协议来建立基于口令的可信信道。我们的方案不同于基于证书的可信信道实现方法，使用了一种新的绑定方法来抵抗上述攻击。同时，我们还将该方法应用到已有的基于证书SSL和TPM远程证明的可信信道方案中。 另外，考虑到电子商务、电子政务等安全应用中用户对匿名性的需求，而现有的可信信道方案未曾考虑到用户的匿名性，本文引入了匿名可信信道的概念，并提出了匿名可信信道的设计方法，给出了一个具体的协议用以建立匿名可信信道， 并证明了该协议满足匿名可信信道的安全需求。

验证方主导的远程证明方案

可信计算组织(TCG)提出了以可信平台模块(TPM)为核心的可信计算安全体系框架．远程证明是可信计算领域重要的研究问题之一．现有的远程证明方案都是由证明方发起，度量和证明缺乏一致性和可扩展性，不能保证平台的隐私性．针对这些缺陷，引入颁发度量和证明属性证书的权威机构，提出了一种由验证方根据安全需求发起证明的远程证明方案．而证明方则按照度量属性证书和证明属性证书进行平台的度量，TPM保证平台的度量真实可信．同时对平台配置进行了抽象，对度量过程进行了形式化分析和性能测试；而且采用签名和加密实现远程证明的真实性和平台的隐私性．该远程证明方案不仅能够用于向远程方证明平台运行环境是可信的，而且还用于平台运行环境的自身检测．

基于可信虚拟平台的数据封装方案

可信计算平台的封装存储功能将数据的加密存储与平台配置结合起来,可提供更为强有力的数据安全服务.然而,平台配置的频繁变动如硬件更替、软件更新及系统补丁等又极大地限制了封装存储功能的使用.针对这个问题,提出了一种基于可信虚拟平台的数据封装存储方案.方案引入了虚拟PCR(vPCR)和安全属性的概念,利用可信平台模块(TPM)将数据与系统安全属性封装起来保护.该方案除能适应平台配置频繁变更的问题外,还能同时保护多个虚拟机系统中数据的安全,不受虚拟机系统配置变化的影响.该方案执行操作简单,实验结果表明与原有方案相比,TPM的负担较小,性能无显著差别.

基于信息流的可信操作系统度量架构

将信息流和可信计算技术结合,可以更好地保护操作系统完整性.但现有的可信计算度量机制存在动态性和效率方面的不足,而描述信息流的Biba完整性模型在应用时又存在单调性缺陷.本文将两者结合起来,基于Biba模型,以可信计算平台模块TPM为硬件信任根,引入信息流完整性,并提出了可信操作系统度量架构:BIFI.实验表明,BIFI不仅能很好地保护信息流完整性,而且对现有系统的改动很少,保证了效率.

一种面向网格计算的分布式匿名协作算法

基于TCG提出的可信计算技术为网格协作安全性提出一种匿名分组身份验证算法,该算法可以非常可靠地解决网格计算平台之间的身份匿名验证问题.算法使用一个硬件模块TPM解决远程的身份验证,并通过TPM机制可以提供可靠的匿名验证和平台认证功能.算法中所有涉及的验证过程都是基于匿名机制实现的,除了实现匿名验证机制以外,算法还提供一套完整标记恶意网络实体的方法.提出了网格计算中虚拟分组的匿名认证平台架构,并在此架构基础上分成5步实现匿名验证算法,然后说明了算法在一种对等计算平台的应用实例,与GT2,GT3,GT4以及信任管理进行安全性的比较,并设计一个实验评价其性能.

连续流动式聚合酶链式反应生物芯片／微装置中脱氧核糖核酸样品的驱动控制技术进展

介绍国内外连续流动式聚合酶链式反应生物芯片/微装置中脱氧核糖核酸样品的驱动控制技术进展,主要包括恒流泵(注射泵驱动和蠕动泵驱动)、旋转泵驱动、磁流体动力驱动以及自然对流驱动等。并对这几种驱动方式的优缺点作简要的讨论(引用文献43篇)。

Effect of channel surface wettability and temperature gradients on the boiling flow pattern in a single microchannel

The objective of this paper is to investigate the effects of channel surface wettability and temperature gradients on the boiling flow pattern in a single microchannel. The test section consists of a bottom silicon substrate bonded with a top glass cover. Three consecutive parts of an inlet fluid plenum, a central microchannel and an outlet fluid plenum were etched in the silicon substrate. The central microchannel had a width of 800 mu m and a depth of 30 mu m. Acetone liquid was used as the working fluid. High outlet vapor qualities were dealt with here. The flow pattern consists of a fluid triangle (shrinkage of the liquid films) and a connected long liquid rivulet, which is generated in the central microchannel in the timescale of milliseconds. The peculiar flow pattern is formed due to the following reasons: (1) the liquid rivulet tends to have a large contact area with the top hydrophilic channel surface of the glass cover, but a smaller contact area with the bottom silicon hydrophobic surface. (2) The temperature gradient in the chip width direction at the top channel surface of the glass cover not only causes the shrinkage of the liquid films in the central microchannel upstream, but also attracts the liquid rivulet populated near the microchannel centerline. (3) The zigzag pattern is formed due to the competition between the evaporation momentum forces at the vapor-liquid interfaces and the force due to the Marangoni effect. The former causes the rivulet to deviate from the channel centerline and the latter draws the rivulet toward the channel centerline. (4) The temperature gradient along the flow direction in the central microchannel downstream causes the breakup of the rivulet to form isolated droplets there. (5) Liquid stripes inside the upstream fluid triangle were caused by the small capillary number of the liquid film, at which the large surface tension force relative to the viscous force tends to populate the liquid film locally on the top glass cover surface.

The design and operation of a new clapboard-type internal circulating fluidized-bed gasifier

The design and operation of a new clapboard-type internal circulating fluidized-bed gasifier is proposed in this article. By arranging the clapboard in the bed, the gasifier is thus divided into two regions, which are characterized by different fluidization velocities. The bed structure is designed so that it can guide the circulating flow passing through the two regions, and therefore the feedstock particles entrained in the flow experience longer residence time. The experimental results based on the present new design, operating in the temperature range of 790 degrees C-850 degrees C, indicate that the gas yield is from 1.6-1.9 Nm(3)/kg feedstock, the gas enthalpies are 5,345 kJ/Nm(3) for wood chip and 4,875 kJ/m(3) for rice husk, and a gasification efficiency up to 75% can be obtained.

Numerical simulations of interrupted and conventional microchannel heat sinks

We provide three-dimensional numerical simulations of conjugate heat transfer in conventional and the newly proposed interrupted microchannel heat sinks. The new microchannel heat sink consists of a set of separated zones adjoining shortened parallel microchannels and transverse microchambers. Multi-channel effect, physical property variations, and axial thermal conduction are considered. It is found that flow rate variations in different channels can be neglected, while heat received by different channels accounts for 2% deviations from the averaged value when the heat flux at the back surface of the silicon chip reaches 100 W/cm(2). The computed hydraulic and thermal boundary layers are redeveloping in each separated zone due to shortened flow length for the interrupted microchannel heat sink. The periodic thermal developing flow is responsible for the significant heat transfer enhancement. Two effects influence pressure drops across the newly proposed microchannel heat sink. The first one is the pressure recovery effect in the microchamber, while the second one is the head loss when liquid leaves the microchamber and enters the next zone. The first effect compensates or suppresses the second one, leading to similar or decreased pressure drop than that for the conventional microchannel heat sink, with the fluid Prandtl number larger than unity.

Continuous-flow polymerase chain reaction microfluidics by using spiral capillary channel embedded on copper

This paper presents a novel method for performing polymerase chain reaction (PCR) amplification by using spiral channel fabricated on copper where a transparent polytetrafluoroethylene ( PTFE) capillary tube was embedded. The channel with 25 PCR cycles was gradually developed in a spiral manner from inner to outer. The durations of PCR mixture at the denaturation, annealing and extension zones were gradually lengthened at a given flow rate, which may benefit continuous-flow PCR amplification as the synthesis ability of the Taq polymerase enzyme usually weakens with PCR time. Successful continuous-flow amplification of DNA fragments has been demonstrated. The PCR products of 249, 500 and 982 bp fragments could be obviously observed when the flow rates of PCR mixture were 7.5, 7.5 and 3.0 mm s(-1), respectively, and the required amplification times were about 25, 25, and 62 min, respectively. Besides, the successful segmented-flow PCR of three samples ( 249, 500 and 982 bp) has also been reported, which demonstrates the present continuous-flow PCR microfluidics can be developed for high-throughput genetic analysis.

Transient flow patterns and bubble slug lengths in parallel microchannels with oxygen gas bubbles produced by catalytic chemical reactions

Transient flow patterns and bubble slug lengths were investigated with oxygen gas (O-2) bubbles produced by catalytic chemical reactions using a high speed camera bonded with a microscope. The microreactor consists of an inlet liquid plenum, nine parallel rectangular microchannels followed by a micronozzle, using the MEMS fabrication technique. The etched surface was deposited by the thin platinum film, which is acted as the catalyst. Experiments were performed with the inlet mass concentration of the hydrogen peroxide from 50% to 90% and the pressure drop across the silicon chip from 2.5 to 20.0 kPa. The silicon chip is directly exposed in the environment thus the heat released via the catalytic chemical reactions is dissipated into the environment and the experiment was performed at the room temperature level. It is found that the two-phase flow with the catalytic chemical reactions display the cyclic behavior. A full cycle consists of a short fresh liquid refilling stage, a liquid decomposition stage followed by the bubble slug flow stage. At the beginning of the bubble slug flow stage, the liquid slug number reaches maximum, while at the end of the bubble slug flow stage the liquid slugs are quickly flushed out of the microchannels. Two or three large bubbles are observed in the inlet liquid plenum, affecting the two-phase distributions in microchannels. The bubble slug lengths, cycle periods as well as the mass flow rates are analyzed with different mass concentrations of hydrogen peroxide and pressure drops. The bubble slug length is helpful for the selection of the future microreactor length ensuring the complete hydrogen peroxide decomposition. Future studies on the temperature effect on the transient two-phase flow with chemical reactions are recommended.

Real-time data processing of interferential imaging spectrometer based on FPGA

Based on the data processing technologies of interferential spectrometer, a sort of real-time data processing system on chip of interferential imaging spectrometer was studied based on large capacitance and high speed field programmable gate array( FPGA) device. The system integrates both interferograrn sampling and spectrum rebuilding on a single chip of FPGA and makes them being accomplished in real-time with advantages such as small cubage, fast speed and high reliability. It establishes a good technical foundation in the applications of imaging spectrometer on target detection and recognition in real-time.

1-Gb/s zero-pole cancellation CMOS transimpedance amplifier for Gigabit Ethernet applications

A zero-pole cancellation transimpedance amplifier (TIA) has been realized in 0.35 μm RF CMOS tech nology for Gigabit Ethernet applications. The TIA exploits a zero-pole cancellation configuration to isolate the input parasitic capacitance including photodiode capacitance from bandwidth deterioration. Simulation results show that the proposed TIA has a bandwidth of 1.9 GHz and a transimpedance gain of 65 dB·Ω for 1.5 pF photodiode capaci tance, with a gain-bandwidth product of 3.4 THz·Ω. Even with 2 pF photodiode capacitance, the bandwidth exhibits a decline of only 300 MHz, confirming the mechanism of the zero-pole cancellation configuration. The input resis tance is 50 Ω, and the average input noise current spectral density is 9.7 pA/(Hz)~(1/2). Testing results shows that the eye diagram at 1 Gb/s is wide open. The chip dissipates 17 mW under a single 3.3 V supply.