Security Architecture of Trusted Virtual Machine Monitor for Trusted Computing

With analysis of limitations Trusted Computing Group （TCG） has encountered, we argued that virtual machine monitor （VMM） is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented ＂thin＂ virtual machine （VM）, Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base （TCB）. It provides isolation and integrity guarantees based on which general security requirements can be satisfied.     

Provable Efficient Certificateless Group Key Exchange Protocol

Certificateless public key cryptography （CL-PKC） avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.     

Escrow-Free Certificate-Based Authenticated Key Agreement Protocol from Pairings

Key agreement protocols are essential for secure communications. In this paper, to solve the inherent key escrow problem of identity-based cryptography, an escrow-free certificate-based authenticated key agreement （CB-AK） protocol with perfect forward secrecy is proposed. Our protocol makes use of pairings on elliptic curves. The protocol is described and its properties are discussed though comparison with Smart＇s protocol.     

Improved Non-Sieving Quadratic Sieve

In this paper, we give about prime numbers and Blum two theorems and one guess integers.We prove the two theorems about Blum integers.Combining the guess with the primitive non-sieving quadratic sieve,we proposed a improved non-sieving quadratic sieve（INQS）.In INQS,we not only reduce the times of squares and modulo n, but also imply another important conclusion,that is,we don＇t need to find the greatest common divisor of two integers as we do in PNQS.By some examples,we compare it with the primitive non-sieving quadratic sieve（PNQS）. It＇s faster to factor a integer by using improved non-sieving quadratic sieve than the primitive one.     

A Weighted Algorithm for Watermarking Relational Databases

0 Introduction Watermarking relational database become a hotspot in recent years, it aims to protect copyrights by intro- ducing small errors into the original content without af- fecting the usability for intended purpose. Although some pioneer efforts h…     

A Method to Implement Full Anonymous Attestation for Trusted Computing Platform

Trusted computing （TC） technology is brought out by trusted computing group （TCG） to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform＇s real identity, which are Privacy CA-based protocol and direct anonymous attestation （DAA） protocol. However, in the first protocol the privacy CA is the bottleneck and the platform＇s identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM＇s real identity.     

An Authentication Method of Distinguishing Proxy＇s Secure Accident Responsibility

The publish/subscribe （pub/sub） paradigm has asynchronous, loosely-coupled and many-to-many communication properties and is widely used in the application of large-scale distributed computing environment. There is the problem that is mutual trustable between network proxies in terms of pub/sub systems and the problem which is hardly to distinguish accident responsibility while the accident happens in Kerberos based on symmetrical encryption algorithm. A proxy identity authentication algorithm based on RSA encryption is proposed to solve the problem of mutual trust between proxies, and the security of the messages is guaranteed through certificate delegation. The algorithm can distinguish accident responsibility. The feasibility analysis, security analysis and efficiency analysis of the algorithm are carried out.     

Intrusion Detection Method for Program Vulnerability via Library Calls

Library function call sequence is the direct reflection of a program＇s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.     

Learning Vector Quantization Neural Network Method for Network Intrusion Detection

A new intrusion detection method based on learning vector quantization （LVQ） with low overhead and high efficiency is presented. The computer vision system employs LVQ neural networks as classifier to recognize intrusion. The recognition process includes three stages： （1） feature selection and data normalization processing;（2） learning the training data selected from the feature data set; （3） identifying the intrusion and generating the result report of machine condition classification. Experimental results show that the proposed method is promising in terms of detection accuracy, computational expense and implementation for intrusion detection.     

Fair E-Payment Protocol Based on Simple Partially Blind Signature Scheme

0 Introduction The advent of E-commerce demands for a secure communication of digital information. It has been proven for years that this can be achieved by cryptography. Digital signature schemes are essential for E-commerce as they allow one to authoriz…