With the rapid development of cryptography, the strength of security protocols and encryption algorithms consumedly relies on the quality of random number. In many cryptography applications, higher speed is one of the references required. A new security random number generator architecture is presented. Its philosophy architecture is implemented with FPGA, based on the thermal noise and linear feedback shift register(LFSR). The thermal noise initializes LFSRs and is used as the disturbed source of the system to ensure the unpredictability of the produced random number and improve the security strength of the system. Parallel LFSRs can produce the pseudo-random numbers with long period and higher speed. The proposed architecture can meet the requirements of high quality and high speed in cryptography.
By some basic transforms and invariant theory, we give two results: 1) an algorithm, which can be used to judge if two Boolean functions are affinely equivalent and to obtain the equivalence relationship if they are equivalent. This is useful in studying Boolean functions and in engineering. For example, we classify all 8-variable homogeneous bent functions of degree 3 into two classes; 2) Reed-Muller codes R(4,6)/R(1,6), R(3,7)/R(1,7) are classified efficiently.
The security problem of mobile agents is widely being discussed. The problem which protects mobile agents from malicious hosts is difficult to solve, because a host has access to the complete internal state of an agent. Forward integrity in mobile agents guarantees that offers contained in a mobile agent from previously visited host can not be modified by a malicious host. Itinerary secrecy can prevent mobile agent from being passively attack. This paper proposes a new forward integrity and itinerary secrecy protocol for mobile agent. The protocol can also resist collusion truncation attack.
This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view: security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.
Internet voting protocols is the base of the Internet voting systems. In this paper a new practical Internet voting protocol is introduced. The proposed Internet voting protocol does not apply the strong physical assumptions and has the properties of privacy, completeness, soundness, fairness, invariableness, and universal verifiability, receipt-free and coercion-resistant. At the same time it solves some problems in other internet voting protocols and the verification progress of universal verifiability is simple and efficient.
The sufficient conditions for keeping desired differential path of MD5 was discussed. By analyzing the expanding of subtraction difference, differential characters of Boolean functions, and the differential characters of shift rotation, the sufficient conditions for keeping desired differential path could be obtained. From the differential characters of shift rotation, the lacked sufficient conditions were found. Then an algorithm that reduces the number of trials for finding collisions were presented. By restricting search space, search operation can be reduced to 2 34 for the first block and 2 30 for the second block. The whole attack on the MD5 can be accomplished within 20 hours using a PC with 1.6 G CPU.
Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits: (1) it can resist all the attacks listed in introduction; (2) less storage memory requirement due to no verification table stored in server; (3) low computational cost due to hash functions based operations; (4) even if the smart card is lost, the new system is still secure; (5) As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.
WANG Bangju1,2, WANG Yuhua3, ZHANG Huanguo1 1. School of Computer, Wuhan University/Key Laboratory of Aerospace Information Security and Trust Computing of Ministry of Education, Wuhan 430072, Hubei, China
The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group (TCG) definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today's commodity hardware, merely depends on availability of an embedded security module (ESM). ESM and security enhanced BIOS is the root of trust, PMBR (Pre-MBR) checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booring process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.
