检索结果-南通市图书馆

A security scheme for intelligent substation communications considering real-time performance

在线全文

学校读者我要写书评

暂无评论

Journal of Modern Power Systems and Clean Energy 2019年第4期7卷 948-961页

作者： Jie ZHANG Jun’e LI Xiong CHEN Ming NI Ting WANG Jianbo LUO Key Laboratory of Aerospace Information security and Trusted Computing Ministry of EducationSchool of Cyber Science and EngineeringWuhan UniversityWuhan 430072China NARI Group Corporation(State Grid Electric Power Research Institute) Nanjing 211106China NARI Technology Co.Ltd. Nanjing 211106China State Key Laboratory of Smart Grid Protection and Control Nanjing 211106China

Tampering,forgery and theft of the measurement and control messages in a smart grid could cause one breakdown in the power ***,no security measures are employed for communications in intelligent *** services in an intelligent substation have high demands for real-time performance,which must be considered when deploying security *** paper studies the security requirements of communication services in intelligent substations,analyzes the security capabilities and shortages of IEC 62351,and proposes a novel security scheme for intelligent substation *** security scheme covers internal and telecontrol communications,in which the real-time performance of each security measure is *** this scheme,certificateless public key cryptography(CLPKC)is used to avoid the latency of certificate exchange in certificate-based cryptosystem and the problem of key escrow in identity-based cryptosystem;the security measures of generic object-oriented substation event,sampled measure value and manufacturing message specification in IEC 62351 are improved to meet the real-time requirements of the messages as well as to provide new security features to resist repudiation and replay attacks;and the security at transport layer is modified to fit CLPKC,which implements mutual authentication by exchanging ***,a deployment of CLPKC in an intelligent substation is *** also evaluate the security properties of the scheme and analyze the end-to-end delays of secured services by combining theoretical calculation and simulation in this *** results indicate that the proposed scheme meets the requirements of security and real-time performance of communications in intelligent substations.

关键词： Intelligent substation security measures Certificateless public key cryptography(CLPKC) Real-time communication IEC 62351

Precision time protocol attack strategies and their resistance to existing security extensions

在线全文

学校读者我要写书评

暂无评论

Cybersecurity 2021年第1期4卷 160-176页

作者： Waleed Alghamdi Michael Schukat School of Computer Science National University of Ireland Galway Ireland

The IEEE 1588 precision time protocol(PTP)is very important for many industrial sectors and applications that require time synchronization accuracy between computers down to microsecond and even nanosecond ***,PTP and its underlying network infrastructure are vulnerable to cyber-attacks,which can stealthily reduce the time synchronization accuracy to unacceptable and even damage-causing levels for individual clocks or an entire network,leading to financial loss or even physical *** security protocol extensions only partially address this *** paper provides a comprehensive analysis of strategies for advanced persistent threats to PTP infrastructure,possible attacker locations,and the impact on clock and network synchronization in the presence of security protocol extensions,infrastructure redundancy,and protocol *** distinguishes between attack strategies and attacker types as described in RFC7384,but further distinguishes between the spoofing and time source attack,the simple internal attack,and the advanced internal *** experiments were conducted to demonstrate the impact of PTP *** analysis shows that a sophisticated attacker has a range of methodologies to compromise a PTP ***,all PTP infrastructure components can host an attacker,making the comprehensive protection of a PTP network against a malware infiltration,as for example exercised by Stuxnet,a very tedious task.

关键词： APT Cyber-attacks IEEE 1588 PTP security Time synchronization protocols

An improved multilevel fuzzy comprehensive evaluation algorithm for security performance

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

The Journal of China Universities of Posts and Telecommunications 2006年第4期13卷 48-53页

作者： LI Ling-juan SHEN Ling-tong College of Computer Nanjing University of Posts and Telecommunications Nanjing 210003. China

It is of great importance to take various factors into account when evaluating the network security performance. Multilevel fuzzy comprehensive evaluation is a relatively valid method. However, the traditional multilevel fuzzy comprehensive evaluation algorithm relies on the expert＇s knowledge and experiences excessively, and the result of the evaluation is usually less accurate. In this article, an improved multilevel fuzzy comprehensive evaluation algorithm, based on fuzzy sets core and entropy weight is presented. Furthermore, a multilevel fuzzy comprehensive evaluation model of P2P network security performance has also been designed, and the improved algorithm is used to make an instant computation based on the model. The advantages of the improved algorithm can be embodied in comparison with the traditional evaluation algorithm.

关键词： security multilevel fuzzy comprehensive evaluation entropy weight P2P network

Survey on Quantum Information security

在线全文

学校读者我要写书评

暂无评论

China Communications 2019年第10期16卷 1-36页

作者： Huanguo Zhang Zhaoxu Ji Houzhen Wang Wanqing Wu Key Laboratory of Aerospace Information security and Trusted Computing Ministry of EducationSchool of Cyber Science and EngineeringWuhan UniversityWuhan 430072China School of Cyber security and Computer Hebei UniversityBaoding 071002China

The security of classical cryptography based on computational complexity assumptions has been severely challenged with the rapid development of quantum computers and quantum algorithms. Quantum cryptography, which offers unconditional security based on some principles of quantum mechanics, has become a significant branch and hotspot in the field of modern cryptography research. In this paper, we review the research and development of several important and well-studied branches of quantum cryptography in terms of theory and experiment, including quantum key distribution, quantum secret sharing, quantum secure direct communication, quantum signature, and quantum private query. We also briefly review the research and development of some other branches which are currently in the stage of theoretical research but receive widespread concern from academia, including quantum private comparison, quantum anonymous voting, quantum secure multi-party summation, quantum sealed-bid auction, quantum public key cryptosystem, quantum key agreement, quantum dialogue, and quantum identity authentication. In addition, we discuss some open issues and future research directions for the branches referred to above.

关键词： quantum information information security quantum cryptography quantum key distribution

A Framework for Systematic Classification of Assets for security Testing

在线全文

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2021年第1期66卷 631-645页

作者： Sadeeq Jan Omer Bin Tauqeer Fazal Qudus Khan George Tsaramirsis Awais Ahmad Iftikhar Ahmad Imran Maqsood Niamat Ullah National Center for Cyber security Department of CS&ITUniversity of Engineering&TechnologyPeshawarPakistan Department of Information Technology FCITKing Abdulaziz UniversityJeddahSaudi Arabia Dipartimento di Informatica(DI) UniversitàDegli Studi di Milano StataleVia Celoria 18MilanoItaly Department of Computer Science&IT University of Engineering&TechnologyPeshawarPakistan Department of Software Engineering University of Engineering&TechnologyMardanPakistan University of Buner BunerPakistan

Over the last decade,a significant increase has been observed in the use of web-based Information systems that process sensitive information,e.g.,personal,financial,*** this increased use,the security of such systems became a crucial aspect to ensure safety,integrity and authenticity of the *** achieve the objectives of data safety,security testing is ***,with growth and diversity of information systems,it is challenging to apply security testing for each and every ***,it is important to classify the assets based on their required level of security using an appropriate *** this paper,we propose an asset security classification technique to classify the System Under Test(SUT)based on various factors such as system exposure,data criticality and security *** perform an extensive evaluation of our technique on a sample of 451 information ***,we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of *** technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.

关键词： security security testing privacy asset classification

Smart Contract:security and Privacy

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computer Systems Science & Engineering 2021年第7期38卷 93-101页

作者： Leena S.Alotaibi Sultan S.Alshamrani Department of Information Technology College of Computer and Information TechnologyTaif UniversityP.O.Box 11099TaifSaudi Arabia

Smart contracts are simply self-activated contracts between two *** idea behind their implementation relies on the concept of blockchain,wherein the details and execution of the contract are turned into code and distributed among users of a *** process controls counterfeiting and money laundering by its ability to trace who owes *** also boosts the general *** research paper shows how smart contracts in modern-day systems have changed the approach to money *** present case studies about the uses of smart contracts with high levels of security and *** a building block of smart contracts,a brief description of blockchain is provided in an *** other cryptography methods and techniques,the usage of hashing and hash functions in blockchain security are also *** also explore the real-time applications of blockchain and smart contract techniques in real *** main advantage of this research paper is that it discusses a state-of-the-art subject,as most of the articles referenced in this paper are from 2018 and onward.

关键词： Blockchain cryptography smart contract security

Human Aspects of Smart Technologies'security:The Role of Human Failure

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Journal of Electronic Science and Technology 2016年第4期14卷 311-318页

作者： Mohammad Aldabbas Bemd Teufel International Institute of Management in Technology University of FribourgFribourg 1700Switzerland

security of smart technologies like smart grids and crowd energy systems cannot rely only on technical solutions, humans play a significant role in failure, security culture, information security, cyber security, trust and sharing, and perceptions and concern. This paper investigates security issues in smart technologies and the related role of human failure, whether it is intentional or *** that help reducing this failure are discussed. A human oriented framework for failure reduction is presented in order to enhance security.

关键词： Crowd energy human role intentional failure security smart grids unintentional failure.

Research on applying physical chaos generator to spacecraft information security

在线全文

学校读者我要写书评

暂无评论

Science China(Technological Sciences) 2009年第5期52卷 1463-1470页

作者： ZHAO HePing State Key Laboratory of Information security,Graduate University of Chinese Academy of Sciences,Beijing 100049,China China Academy of Space Technology,Beijing 100094,China State Key Laboratory of Information security Graduate University of Chinese Academy of Sciences Beijing China China Academy of Space Technology Beijing China

The effectiveness of a short-length message extension method based on physical chaos generator was analyzed and the entropy of the extended message was calculated in this *** analysis demon-strated that with the mentioned method the entropy of short-length messages,which are repeatedly used in spacecraft data systems,is obviously increased,and the security of transmission is enhanced as *** paper also presented an improvement of the protocol for secret key agreement presented by *** and *** of depending on characteristics of communication channel,this method takes advantage of the random data produced by physical chaos generator to preset the initial parameters of the procedure on both sides of communication,so that the procedure and quantity of cipher key can be precisely *** method can be used to cipher key management of se-cure communication between long life-span spacecraft and ground system.

关键词： physical chaos generator spacecraft information security message extension cipher key management

HASN:A Hierarchical Attack Surface Network for System security Analysis

在线全文

学校读者我要写书评

暂无评论

China Communications 2019年第5期16卷 137-157页

作者： Kangyu Huang Lin Yang Renfang Fu Shengli Zhou Zheng Hong College of Command and Control Engineering Army Engineering UniversityNanjing 210007China China Electronic Equipment & System Engineering Corporation Beijing 100141China State Grid Jiangsu Electric Power Company Research Institute Nanjing 210019China Information Department of Zhejiang Police College Hangzhou 310053China

Attack surfaces, as one of the security models, can help people to analyse the security of systems in cyberspace, such as risk assessment by utilizing various security metrics or providing a cost-effective network hardening solution. Numerous attack surface models have been proposed in the past decade,but they are not appropriate for describing complex systems with heterogeneous components. To address this limitation, we propose to use a two-layer Hierarchical Attack Surface Network(HASN) that models the data interactions and resource distribution of the system in a component-oriented view. First, we formally define the HASN by extending the entry point and exit point framework. Second, in order to assess data input risk and output risk on the HASN, we propose two behaviour models and two simulation-based risk metrics. Last, we conduct experiments for three network systems. Our experimental results show that the proposed approach is applicable and effective.

关键词： attack surface security analysis security model risk assessment