922 resultados para secure protocal
Resumo:
We demonstrate quantum key distribution (QKD) with bidirectional 10 Gb/s classical data channels in a single fiber using dense wavelength division multiplexing. Record secure key rates of 2.38 Mbps and fiber distances up to 70km are achieved. Data channels are simultaneously monitored for error-free operation. The robustness of QKD is further demonstrated with a secure key rate of 445 kbps over 25km, obtained in the presence of data lasers launching conventional 0 dBm power. We discuss the fundamental limit for the QKD performance in the multiplexing environment. © 2014 AIP Publishing LLC.
Resumo:
The materials information requirements of the aerospace sector are considered, specifically 'consolidation' (management of raw test data), 'analysis' (investigation of material trade-offs) and 'dissemination (secure distribution of data throughout an organization). An information architecture that satisfies the complex requirements of the aerospace materials industry is discussed and a case-study is presented. © 2003 by Granta Design Limited. Published by the American Institute of Aeronautics and Astronautics, Inc.
Resumo:
Although cementation is a widely recognized solidification/ stabilization process for immobilisation of Intermediate Level Radioactive Waste (ILRW), the low resistance to hyperalkaline pore waters compromises the effectiveness of the process when Portland Cement (PC) is employed. Moreover the manufacture of PC is responsible for significant CO2 emissions. In this context, low pH cements are environmentally more suitable and have emerged as a potential alternative for obtaining secure waste forms. This paper summarises the achievements on development of low-pH cements and the challenges of using these new materials for the ILRW immobilisation. The performance of waste forms is also discussed in terms of radionuclides release. Reactive magnesium oxide and magnesium phosphate cements are emphasised as they feature important advantages such as consumption of available constituents for controlling acid-base reactions, reduced permeability and higher density. Additionally, in order to identify new opportunities for study, the long-term modelling approach is also briefly discussed. Copyright © 2013 by ASME.
Resumo:
The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.
Resumo:
任何的安全系统,审计日志都是非常重要的一部分.因此必须保护好审计日志,保证审计日志的保密性和完整性.安全审计日志机制就是为了保护日志系统自身的安全性的,Schneier和Kelsey提出了一种机制来实现日志的防篡改,可以很好地保护系统生成的日志,但是该机制需要依赖于可信服务器.初步探索了可信平台上的安全审计日志机制,并且提出了一种新的日志机制来保护可信平台上生成的日志.该日志机制建立在微软提出的NGSCB平台上,不需要依赖于可信服务器.
Resumo:
SSL Web代理能有效保护Internet上数据传输和存有敏感信息的Web服务器的安全。但是SSL协议中大量的数据处理带来的性能瓶须和协议实现中受到的安全威胁将严亚影响SSL Web代理的效用。该文在分析SSL/TLS协议性能和安全的基础上,设计并实现了一种高效的、安全的SSL-TLS Web代理。
Resumo:
数字作品的所有权证明允许在不泄漏任何秘密信息和防止所有者欺骗的前提下,对版权声明进行验证,提出一种基于Proactive可验证秘密共享和安全多方计算的数字作品所有权证明方案.在该方案中,可验证秘密共享,保证了所有权秘密的正确性,并防止对协议参与者的欺骗逼过Proactive安全提供自动恢复功能来保证协议生存周期内秘密的完整性和安全性.使用安全多方计算和同态承诺的零知识证明,实现了所有权验证,在不假设可信方存在的前提下,所提出方案能够在没有太多成员合谋的情况下,完成有效计算并发现不忠实成员.
Resumo:
针对基于Web的通信存在的弱点,提出了安全Web服务器的概念,并以此为目标,提出并实现了一种基于BLP形式化模型的安全Web服务器系统。
Resumo:
将前向安全的概念引入到基于双线性映射的门限签名方案中,提出了一个基于双线性映射的前向安全的门限签名方案.该方案将签名密钥分散到签名成员集合中,采用各成员部分密钥前向更新的方式实现了签名密钥的前向更新,增强了签名密钥的安全性,使得签名方案具有前向安全性.另外,由于部分密钥具有前向更新的特性,从而方案有效防止了移动攻击.对该方案的安全性进行了分析,分析表明,该方案是安全、有效的.
Resumo:
提出了一种基于多级安全数据库管理系统的通用审计策略模型.该模型具有丰富的表达能力,既可以表达基于时间的审计策略,也可以实现基于规则的审计策略推衍.通过引入对象的属性谓词,还可以表达细粒度的审计策略.证明了该模型的可判定性,并给出了判定任意一个事件是否需要审计的算法.
Resumo:
提出了在DBMS中支持多种安全策略的需求,指出了在DBMS中支持多安全策略所面临的主要问题,针对这些问题提出了支持多安全策略的DBMS体系结构(MSDA).在抽象层次上该体系结构与GFAC一致,主要区别表现在性能优化和面向DBMS的适应性改造.为了提高系统性能,MSDA在客体管理器中引入了访问判定缓存.而为了适用于DBMS,MSDA在体系结构层次引入了重写来支持高效的细粒度访问控制.此外还引入了访问上下文栈来支持视图和存储过程这类的受控访问机制.给出了MSDA在LOIS SDBMS v3.0中的实现,并通过实验给出了MSDA对目标系统的性能影响分析.结果表明,MSDA将访问控制判定与实施分离,既能充分解决数据库系统中支持多安全策略的相关问题,同时能够与当前主流关系数据库系统相匹配,不会造成目标系统性能的显著下降.
Resumo:
安全多方计算是近几年国际密码学界研究的一个热点问题。基于Φ-隐藏假设及同态公钥加密体制的语义安全性假设,给出了一个特殊的安全双方计算协议--保密比较协议,该协议同时确保公平性、安全性、有效性和顽健性,并使用安全多方计算对安全性的严格定义,对协议的正确性与安全性进行了证明。与先前工作相比,本文的方案更富有公平性、有效性和安全性。该文在网上投标、拍卖、电子选举等领域中有着广阔的应用前景。
Resumo:
提出了一种利用陷门单向函数的性质对TMN协议进行改进的一般形式,利用串空间理论证明了它的安全性,并给出了几个具体的实现形式。