A Fingerprinting Method Based on Module Extraction Used to Protect Intellectual Property

Intellectual Property （IP） reuse methodology has been widely used in Integrate Circuit （IC） design. Meanwhile, the corresponding security problems caused by illegal IP distribution have aroused lots of attentions. Unlike using IP watermark to identify IP＇s ownership, IP fingerprinting can be used to trace illegal distributor. In this paper, IP buyer＇s fingerprint is mapped into different derived instances of extracted modules, and then is embedded into IP to identify distributor in case of illegal distribution. Comparing with other fingerprinting method, the proposed method has some good characteristics such as low design effort, small storage demand, high security and few physical overheads.     

A Robust IP Packets Filtering Mechanism for Protecting Web Server from DDoS Attacks

Distributed denial of service （DDoS） attacks exploit the availability of Web servers, resulting in the severe loss of their connectivity. We present a robust IP packets filtering mechanism which combines the detection and filtering engine together to protect Web Servers from DDoS Attacks. The mechanism can detect DDoS attacks by inspecting inbound packets with an IP address database, and filter out lower priority IP addresses to preserve the connection for valid users by monitoring the queues status. We use the Netfilter＇s technique, a framework inside the Linux 2.4. X, to implement it on a Web server. Also, we evaluate this mechanism and analyze the influence of some important parameters on system performance. The experimental results show that this mechanism is effective against DDoS attacks.     

基于FPGA的8E1时隙交换的数字交叉IP核的实现

提出了一种基于现场可编程门阵列（FPGA）的数字交叉IP核的设计方法。整个设计使用自顶而下的方 式,VerilogHDL进行描述,并给出了硬件的实现。仿真结果表明：该交叉IP核可以实现256×256无阻塞交 叉矩阵。此法简单,高效,非常适合中小规模的交叉矩阵实现。     

基于FPGA的IP仿真验证平台

IP（集成电路知识产权芯核）的仿真和硬件验证是IP开发中不可缺少的环节．文中基于FPGA（现场可编程门阵列）开发了一个IP仿真验证平台,并使用PCI（外部设备互连）总线来测试IP．用户只要将自已设计的IP插入所开发的仿真验证平台,就可以方便地对IP进行测试．文中还对所设计的平台进行了软件仿真,以验证其功能,并在载有Xilinx Spartan-3 600E FPGA的PCI插卡上进行上板调试．结果表明,所建立的基于FPGA的IP仿真验证平台可以对IP进行有效的仿真和验证,并具有良好的稳定性和实用价值．     

Verifiable （ t, n） Threshold Signature Scheme Based on Elliptic Curve

Based on the difficulty of solving the ECDLP (elliptic curve discrete logarithm problem) on the finite field, we present a (t, n) threshold signature scheme and a verifiable key agreement scheme without trusted party. Applying a modified elliptic curve signature equation, we get a more efficient signature scheme than the existing ECDSA (ellipticcurve digital signature algorithm) from the computability and security view. Our scheme has a shorter key, faster computation, and better security.     

高性能8位微控制器IP软核设计

在对传统MCS-51微控制器的局限性进行分析的基础上,提出了一种与其指令集兼容、性能大幅提高的可重用微控制器IP软核的设计。该控制器采用减少指令周期时钟数、独立总线访问、指令预读取等系统架构的优化及核心控制器架构的优化,使用新的加法和除法的算法,使性能得到大幅度的提高;在Altera FPGA上验证,该微控制器可稳定地工作在33.8 MHz时钟频率上。     

An FPGA Implementation of GF （p） Elliptic Curve Cryptographic Coprocessor

A GF (p) elliptic curve cryptographic coprocessor is proposed and implemented on Field Programmable Gate Array (FPGA). The focus of the coprocessor is on the most critical, complicated and time-consuming point multiplications. The technique of coordinates conversion and fast multiplication algorithm of two large integers are utilized to avoid frequent inversions and to accelerate the field multiplications used in point multiplications. The characteristic of hardware parallelism is considered in the implementation of point multiplications. The coprocessor implemented on XILINX XC2V3000 computes a point multiplication for an arbitrarypoint on a curve defined over GF(2^192-2^64-1) with the frequency of 10 MHz in 4.40 ms in the average case and 5.74ms in the worst case. At the same circumstance, the coprocessor implemented on XILINX XC2V4000 takes 2.2 ms in the average case and 2.88 ms in the worst case.     

XEN Virtual Machine Technology and Its Security Analysis

This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people＇s attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view： security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.     

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.     

基于FPGA的高速PCI采集卡设计

提出一种基于FPGA的高速PCI采集卡的设计方案,详细介绍了系统的硬件和软件结构,分析了FP-GA内部各个模块的功能和原理,并着重描述了PCI接口模块IP核的设计.通过将数据采集的控制模块和PCI接口模块集成在FPGA内部,加上采用双口RAM技术,实现了数据高速采集、传输和存储.该系统集成度高、设计灵活、电路简洁、可扩展性好、抗干扰能力强,适用于航空综合检测设备和智能仪器等高速数据采集场合.     

Towards the Idealization Procedure of BAN-Like Logics

We demonstrate the flaws of Mao‘s method, which is an augmentation of protocol idealization in BAN-like logics, and then offer some new idealization rules based on Mao‘s method. Furthermore, we give some theoretical analysis of our rules using the strand space formalism, and show the soundness of our idealization rules under strand spaces. Some examples on using the new rules to analyze security protocols are also concerned. Our idealization method is more effective than Mao‘s method towards many protocol instances, and is supported by a formal model.     

Design on PKI-Based Anonymous Mobile Agent Security in E-Commerce

The security of mobile agent directly decides its usage width in e-commerce. Especially, to protect users＇ private information is becoming more important now and future. So an anonymous mobile agent security mechanism with the secure authentication infrastructure based on PKI （public key infrastructure） is proposed in the paper. The multi-agent system is programmed by java language and every agent must register itself in CA （certificate authority） before working in the net and express his legit identity which is temptly produced and used only once. The CA ensures the legal of all agents＇ identity which take part in communicaiton or trade. And every user agent identity only is used once which makes other agents cannot decipher users＇ private information. The security mechanism of the multi-agent system implements anonymity, integrity, data confidentiality of mobile agent based on the MH（multiple hop） integrity protection regard to PKI limit.     

OWDP and its secure implementation

Here we present one design based on OWDP for secure high-speed IP network performance monitor system. Based on the analysis of OWDP protocol and the high-speed IP network performance's real-time monitor infrastructure, the paper illustrates the potential security problems in OWDP and its possible weakness when applied in the monitor infrastructure. One secure improvement design based on Otway-Rees authentication protocol is put forward, which can improve the security of the implementation of OWDP and the monitor architecture. Having kept OWDP's simplicity and efficiency, the design satisfies the real-time demand of high-speed network performance monitor and will effectively safeguard the monitor procedure against intensive attacks. Foundation item: Supported by the 863 National High-Tech Project (863-300-02-09-99) and Key Research Project of Hubei Province (991P110) Biography: Xu Ning (1975-), male, Master candidate, research interest: distributed system, computer security.     

应用8051单片机IP设计相位测量仪

本设计应用SOPC和8051单片机IP技术,设计一个高精度的相位差测量仪。通过在FPGA中嵌入8051单片机IP来取代单片机+FPGA方案中的实际的单片机,既节省了成本又充分利用FPGA内部资源。     

Instantiate random oracles in OAEP with pseudorandom functions

This paper focuses on the instantiation of random oracles in public key encryption schemes. A misunderstanding in the former instantiations is pointed out and analyzed. A method of using this primitive as a substitution of random oracles is also proposed. The partial and full instantiations of random oracles in optimal asymmetric encryption padding （OAEP） implemented by pseudorandom functions are described and the resulted schemes are proven to be indistinguishable secure against adaptive chosen ciphertext attack （IND-CCA2） secure. Using this method, one can transform a practical public key encryption scheme secure in the random oracle model into a standard-model secure scheme. The security of the scheme is based on computational assumptions, which is weaker than decisional assumptions used in Cramer- Shoup like schemes.     

基于8051单片机IP设计等精度频率测量系统

本设计应用SOPC和8051单片机IP技术,设计一个等精度频率测量系统。通过在FPGA中嵌入8051单片机IP来取代单片机+FPGA方案中的实际的单片机,既节省了成本又充分利用FPGA内部资源。     

Study on security enhancement technology for disaster tolerant system

This paper proposes a security enhancement scheme for disaster tolerant system based on trusted computing technology which combines with the idea of distributed threshold storage. This scheme takes advantage of trusted computing platform with trusted computing module, which is provided with such excellent features as security storage, remote attestation, and so on. Those features effectively ensure trustworthiness of disaster tolerant point. Furthermore, distributed storage based on Erasure code not only disposes the storage problem about a great deal of data, but also preferably avoids one node invalidation, alleviates network load and deals with joint cheat and many other security problems. Consequently, those security enhancement technologies provide mass data with global security protection during the course of disaster tolerance. Foundation Items: Supported by the National High Technology Research and Development Program of China (863 Program) (2008AA01Z404), the Science and Technical Key Project of Ministry of Education (108087) and the Scientific and Technological Project of Wuhan City (200810321130)     

基于平台的系统级芯片设计方法

介绍了系统设计方法和基于平台的SoC设计，描述了基于模块和系统统的IP复用设计方法，讨论了硬件和软件的协同设计以及系统芯片设计发展中所需要改进的关键问题并展望了未来的研究方向。     

Evolutionary graph drawing algorithms

In this paper, graph drawing algorithms based on genetic algorithms are designed for general undirected graphs and directed graphs. As being shown, graph drawing algorithms designed by genetic algorithms have the following advantages: the frames of the algorithms are unified, the method is simple, different algorithms may be attained by designing different objective functions, therefore enhance the reuse of the algorithms. Also, aesthetics or constrains may be added to satisfy different requirements. Foundation item: Supported by the National Natural Science Foundation of China(60133010,60073043,70071042) Biography: Huang Jing-wei ( 1956-), male, Professor, research direction: the design and analysis of algorithms and evolutionary computation.     

一种基于模拟退火的LUT结构FPGA工艺映射算法

SoPC中提供给FPGA IP核的有限面积使面积优化成为工艺映射的关键目标之一．减少实现电路功能的可编程逻辑单元数可以有效地减小所需芯片面积,还能降低对布线资源的需求．利用模拟退火算法从全局范围对LUT结构FPGA的工艺映射过程进行考虑,针对减少所用LUT数目的目标得出映射结果,实验结果表明用该算法可以快速地得出非常优化的结果．