Using Combinational Logic Function to Watermark IP Based on FPGA

In the field of digital circuit design, the extensive applications of reusable intellectual property （IP） simplify the design procedure based on very large scale field programmable gate array （FPGA）, and shorten the time to market （TTM）. However, the flexibility of reusable IP makes itself easy to be stolen and illegally distributed by intruders. The protection method proposed in this paper maps IP owner＇s signature to combinational logic functions, and then implements these functions into unused lookup tables （LUTs） in the design based on FPGA, which can be used as a strong proof of IPs ownership. The related experiment results show that this protection method has favorable characteristics such as low overhead, few effects on performance, and high security.     

结合ECC的随机序列指纹编码方案及应用

由于办公自动化和网络化的不断发展,在政府和企业内网中对涉密电子文档保护的重要性日益凸显。传统基于密码学的保护手段的缺陷也逐步显露,不能在解密后对文档进行保护,以及对内部犯罪问题的物理防范。将数字指纹作为文档保护的补充技术,增强信息可控性,在出现非法拷贝时能追踪违规者,使文档保护更加有效。本文将纠错码ECC运用到指纹编码中,编码下层使用传统编码方式,再对生成的指纹序列进行卷积编码,得到最终的用户指纹序列。用户指纹具有更好的鲁棒性,能减小误判率。     

An Effective Digital Watermarking Algorithm for Binary Text Image

Aiming at the binary text image＇s characteristics of simple pixel, complex texture and bad immunity of information concealment, a digital watermarking embedment location choosing method has been put forward based upon compatible roughness set. The method divides binary text image into different equivalent classes. Equivalent classes are further divided into different subclasses according to each pixel＇s degree and texture changes between blocks. Through properties＇ combination, the embedment block and location which are fit for watermarking are found out. At last, different binary text images are chosen for emulation experiment. After being embedded, the image is compressed in JPIG-2. Gaussian noise, salt ＆ pepper noise are added and cutting is employed to imitate the actual environment in which images may suffer from various attacks and interferences. The result shows that the detector has a sound testing effect under various conditions.     

A Robust IP Packets Filtering Mechanism for Protecting Web Server from DDoS Attacks

Distributed denial of service （DDoS） attacks exploit the availability of Web servers, resulting in the severe loss of their connectivity. We present a robust IP packets filtering mechanism which combines the detection and filtering engine together to protect Web Servers from DDoS Attacks. The mechanism can detect DDoS attacks by inspecting inbound packets with an IP address database, and filter out lower priority IP addresses to preserve the connection for valid users by monitoring the queues status. We use the Netfilter＇s technique, a framework inside the Linux 2.4. X, to implement it on a Web server. Also, we evaluate this mechanism and analyze the influence of some important parameters on system performance. The experimental results show that this mechanism is effective against DDoS attacks.     

一种基于DWT的鲁棒买卖交易水印算法

在数字水印的买卖交易应用中,卖方在交易前把买方的数字指纹和卖方的版权水印同时嵌入作品中.一旦作品受到侵犯,数字指纹和版权水印可以用来鉴别谁拥有合法版权,谁是非法转售者.提出了一种基于离散小波变换(DWT)的鲁棒买卖交易水印算法,该算法能够把数字指纹和版权水印同时嵌入一幅图像中.该算法有三个优点:在提取水印时不需要原始作品;水印嵌入后图像仍保持良好的不可感知性;具有抵抗多种攻击的鲁棒性.     

Design and Implementation of a Bootstrap Trust Chain

The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group （TCG） definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today＇s commodity hardware, merely depends on availability of an embedded security module （ESM）. ESM and security enhanced BIOS is the root of trust, PMBR （Pre-MBR） checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booring process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.     

A Geometrical Transformations Resistant Digital Watermarking Based on Quantization

A geometrical transformations resistant digital image watermarking based on quantization is described. Taking advantage of the rotation, scale and translation invariants of discrete Fourier transform(DFT), each watermark bit is embedded into each homocentric circles around the zero frequency term in DFT domain by quantizing the magnitude vector of Fourier spectrum. The embedded sequence can he extracted by ““““““““majority principles““““““““ without restoring to the original unmarked image. The experimental results show that the watermark is invisible and robust to any combination of geometrical transformations or common image processing techniques.     

Security Considerations Based on PKI/CA in Manufacturing Grid

In the manufacturing grid environment, the span of the consideration of security issues is more extensive, and the solutions for them are more complex, therefore these problems in manufacturing grid can＇t longer be addressed by existing security technologies. In order to solve this problem, the paper first puts forward the security architecture of manufacturing grid on the basis of the proposal of the security strategies for manufacturing grid; then the paper introduces key technologies based on public key infrastructure-certificate authority （PKI/CA） to ensure the security of manufacturing grid, such as single sign-on, security proxy, independent authentication and so on. Schemes discussed in the paper have some values to settle security problems in the manufacturing grid environment.     

A Novel Digital Audio Watermarking Scheme in the Wavelet Domain

We present a novel quantization-based digital audio watermarking scheme in wavelet domain. By quantizing a host audio‘s wavelet coefficients (Integer Lifting Wavelet Transform ) and utilizing the characteristics of human auditory system ( HAS), the gray image is embedded using our watermarking method. Experimental results show that the proposed watermarking scheme is inaudible and robust against various signal processing such as noising adding, lossy compression, low pass filtering, re-sampling, and re-quantifying.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

面向对象的嵌入式TCP/IP协议栈设计

分析了标准TCP/IP协议的基本原理,从OSI网络体系参考模型出发,给出一个具有较好可扩展性和可维护性的嵌入式TCP/IP协议栈设计模型.通过嵌入式仿真软件SkyEye验证了采用面向对象方法设计嵌入式TCP/IP协议栈的可行性,并对协议栈的设计质量进行了评估.结果表明设计的嵌入式TCP/IP协议栈能够在嵌入式系统中正常工作,具有较好的可扩展性和可维护性.     

可扩展的社交多媒体安全分享方法研究

社交多媒体在社交网络中的分享面临安全与隐私威胁,多媒体加密可以解决保密性问题,数字指纹技术可以实现叛逆者追踪,但现有数字指纹技术还不能应用于大规模社交网络。现有指纹码不能容纳社交网络中数以亿计的海量用户,为每位用户单独生成指纹拷贝,对数亿计的用户而言,会造成巨额的空间和时间开销,此类问题的产生源于现有的安全分享算法缺乏可扩展性。面向社交多媒体安全分享在确保保密性、可追踪性的同时,更需要保证可扩展性,以适应社交网络的动态变化。基于混沌加密和社交网络指纹技术,提出一种面向社交多媒体安全分享的树结构 Haar（tree structure Haar,TSH）变换域的联合多媒体指纹与加密技术,实验结果与理论分析证明了该方法不仅可以保证社交多媒体的安全分享,而且可以实现可扩展性。     

Structural Research on Embedment of a Bare Deflated Spiral Case

Complete bearing spiral case has not been applied to large power stations in China so far. The proposal of applying complete bearing spiral case necessitates an analysis of the reliability of the spiral case structure and the security of units under various working conditions. In combination with practice of a project, this paper presents a three-dimensional nonlinear finite element static analysis of the concrete using a concrete smeared crack model by means of the well-known finite element method （FEM） software ABAQUS. The stress distribution of the spiral case and reinforcing bars, the range of damages in surrounding concrete, and the displacement of structure are quantified. The computational results indicate that the embedment method ensures the structure＇s safety in strength. At the same time, the result shows that this embedment is a kind of preponderant method for embedment in aspects of economy and technique of construction, and the application of this embedment method to the hydropower station is feasible provided that some proper engineering measures are taken to constrain the width of the concrete in accord with the code＇s requirements. The paper proves the security and reliability of the structural design of spiral case in hydropower station accordingly.     

A New Watermarking Protocol against Conspiracy

A trusted third party introduced in watermarking protocols would decrease the security and affect the implementation of the protocols. In this paper, a new watermarking protocol with an un-trusted third party （UTTP） was proposed. Based on the idea of all-or-nothing disclosure of secret （ANDOS）, all of the buyer, the seller and the third party didn＇t know the exact watermark, which was embedded in a digital content for tracing piracy. The proposed protocol provided mechanisms to trace piracy and protect customer＇s right. In addition, the problem that a seller colluded with UTTP to frame the buyer, namely, the conspiracy problem, could be avoided.     

Verifiable （ t, n） Threshold Signature Scheme Based on Elliptic Curve

Based on the difficulty of solving the ECDLP (elliptic curve discrete logarithm problem) on the finite field, we present a (t, n) threshold signature scheme and a verifiable key agreement scheme without trusted party. Applying a modified elliptic curve signature equation, we get a more efficient signature scheme than the existing ECDSA (ellipticcurve digital signature algorithm) from the computability and security view. Our scheme has a shorter key, faster computation, and better security.     

Formal analysis on an extended security model for database systems

In order to develop highly secure database systems to meet the requirements for class B2, the BLP （Bell-LaPudula） model is extended according to the features of database systems. A method for verifying security model for database systems is pro- posed. According to this method, an analysis by using Coq proof assistant to ensure the correctness and security of the extended model is introduced. Our formal security model has been verified secure. This work demonstrates that our verification method is effective and sufficient.     

《中国药典》中四个品种来源的陈皮挥发油GC-MS分析比较

目的采用主成分分析(PCA)和聚类分析对《中国药典》中四个品种来源的陈皮挥发油GC-MS数据分析比较,鉴别其不同种源。方法对80批次不同品种和不同产地的陈皮样品挥发油进行GC-MS分析,利用其共有成分峰面积数据,采用主成分分析和聚类分析将共有特征峰进行鉴别区分。结果通过主成分分析和聚类分析可将广东新会茶枝柑样品与其它地区样品大致分为两类。结论本方法可用于新会陈皮和其它不同品种来源陈皮的鉴别。     

基于无线电台的嵌入式TCP/IP协议栈设计

嵌入式系统越来越广泛的应用于现代社会的各个领域,随着计算机网络技术的日益发展,嵌入式系统网络化已成为嵌入式系统发展的必然趋势。介绍了嵌入式系统的基本特点,指出了嵌入式TCP/IP协议栈的基本设计原则和方法,根据无线电台组网对TCP/IP协议栈的具体需求,从系统性能、代码空间等方面对嵌入式TCP/IP协议栈进行了详细设计,该方案具有处理速度快,占用系统空间少的特点。     

一种H型分形液体分布器的设计研究

以分形几何为理论基础,研究和设计出一种具有优良的分布质量、较大的操作弹性、适用于任何直径填料塔等优点的新型高效液体分布器———分形液体分布器.并通过实验验证了:与传统的液体分布器相比较,fractal液体分布器具有Klemas分布质量高、操作弹性大、空间高度小等一系列突出的优点;在处理小流率液体分布时,fractal液体分布器仍具有非常高的Klemas分布质量,因此解决了液体分布器设计上长期没能解决的难题.     

网络安全协议IP Sec及其应用浅析

随着IP网络在商用和消费网络中的重要性与日俱增,非法攻击所导致的潜在危害将具有空前的破坏性.IPsec提供的是IP的安全性体系结构,并且定义了在IP层使用的安全性服务,对于IPv4和IPv6同样适用.阐述了引入IPsec的重要性,对其系统结构进行分析,说明了IPsec工作的原理;并且给出了基于IPsec的虚拟专业网(VPN)的应用,系统分析虚拟专业网(VPN)的整体结构以及它的一些特点.