Secure Communication using Identity Based
Encryption
Sebastian Roschke1,Luan Ibraimi2,Feng Cheng1,and Christoph Meinel1
1Hasso Plattner Institute(HPI),University of Potsdam,
P.O.Box900460,14440,Potsdam,Germany
{sebastian.roschke,feng.cheng,christoph.meinel}@hpi.uni-potsdam.de
2University of Twente,
P.O.Box217,7500AE Enschede,The Netherlands
{ibraimi}@utwente.nl
Abstract.Secured communication has been widely deployed to guaran-
tee con?dentiality and integrity of connections over untrusted networks,
e.g.,the Internet.Although secure connections are designed to prevent
attacks on the connection,they hide attacks inside the channel from be-
ing analyzed by Intrusion Detection Systems(IDS).Furthermore,secure
connections require a certain key exchange at the initialization phase,
which is prone to Man-In-The-Middle(MITM)attacks.In this paper,
we present a new method to secure connection which enables Intrusion
Detection and overcomes the problem of MITM attacks.We propose to
apply Identity Based Encryption(IBE)to secure a communication chan-
nel.The key escrow property of IBE is used to recover the decryption
key,decrypt network tra?c on the?y,and scan for malicious content.As
the public key can be generated based on the identity of the connected
server and its exchange is not necessary,MITM attacks are not easy to
be carried out any more.A prototype of a modi?ed TLS scheme is im-
plemented and proved with a simple client-server application.Based on
this prototype,a new IDS sensor is developed to be capable of identifying
IBE encrypted secure tra?c on the?y.A deployment architecture of the
IBE sensor in a company network is proposed.Finally,we show the ap-
plicability by a practical experiment and some preliminary performance
measurements.
1Introduction
Secured communication has been widely deployed to guarantee con?dentiality and integrity of connections.To achieve this,cryptographic techniques are usu-ally applied to secure the connections,e.g.,hash algorithms to secure integrity, asymmetric encryption to secure key exchange,and symmetric encryption to se-cure con?dentiality.Various implementations have emerged and are widely used in practise,such as SSL/TLS[1]and IPSec[2]which provide encryption at the transport layer and the internet layer.Additionally,a connection can also be se-cured on the application layer,e.g.,simple E-Mail encryption using PGP[3]or XML Encryption.Although secure connections are designed to prevent attacks
on the connection,they hide attacks inside the channel from being analyzed by Intrusion Detection Systems(IDS).Furthermore,secure connections require a certain key exchange to work properly.For instance,TLS requires the exchange of a public key between a client and a server,which is prone to Man-In-The-Middle(MITM)attacks[25,26].
E?ective prevention of attacks on the communication,e.g.IDS and anti-virus,needs to either check the channel or the aplication layer data on the wire, which leads to several problems.The?rst problem is performance,as both a network-based IDS sensor and anti-virus software have to analyze large amounts of data in a short time.The second problem is detection in the encrypted tra?c. Securing connections by encryption(e.g.SSL/TLS,IPSec,PGP)render the network based IDS and anti-virus software useless,as it is not able to decrypt and to recognize malicious data inside encrypted communication.On the other hand, most of existing cryptography based secure communication require unsecure key exchange at the initialization phase.It is not di?cult for attackers to exploit this phase and get the keys by carrying out a MITM attack.
In an Identity-Based Encryption[12](IBE)scheme,the public key of the user is derived from its unique identity,e.g.,email address or IP address.The Trusted Authority(TA)or the Key Generation Center(KGC)generates the corresponding private keys.Thus,IBE does not require a digital certi?cate to certify the public key.Key escrow is an inherent property in IBE systems,i.e., the TA can generate each users’private key,because the TA owns the master key MK used to generate users’secret keys.This property can be useful for IDS to decrypt network tra?c on the?y and perform content scanning on encrypted tra?c.
In this paper,we present a new method to secure connections which provide capabilities for Intrusion Detection and overcome the problem of MITM attacks. We propose to apply IBE to secure communication channels.By integrating the TA in the IDS sensor,it is possible to use the key escrow property for decrypting network tra?c on the?y and scan for malicious content.In this way, we can detect malicious content in encrypted network stream without knowing the original private key of the receiver,which can be created on runtime using the master key.The decryption and detection are performed using an IBE sensor. As the public key can be generated based on the identity of the connected server and its exchange is not necessary,the method is not prone to MITM attacks any more.To verify our concept,we implement a prototype of a modi?ed TLS scheme with a simple client-server application.Based on this prototype,we develop a Snort Preprocessor to recognize and decrypt IBE secured tra?c on the?y.A deployment architecture of the IBE sensor in a company network is proposed. Finally,we show the applicability by a practical experiment and preliminary performance measurements.The contributions of this paper can be summarized as follows:
1.A new mechanism to secure connections,which enables detection of malicious
tra?c and prevents MITM attacks,is proposed.
2.A modi?ed TLS scheme is implemented.
3.A Snort preprocessor is realized to support detection in IBE secured con-
nections.
4.Practical experiments and preliminary measurement results are presented.
The rest of the paper is organized as follows.Section2covers the related work, including an overview on secured connections and the IBE encryption scheme. In Section3,we describe a modi?ed TLS scheme based on IBE.In Section4,we propose an important application of the IBE scheme for IDS.Section5covers the implementation details of the modi?ed TLS as well as the IBE sensor.In Section 6,we shortly describe the experiments based on our prototype implementations and the results of the performance measurements.After some suggestions for future work in Section7,the work is concluded in Section8.
2Related Work
2.1Secure Network Connections
As the successor of Secure Sockets Layer(SSL),Transport Layer Security(TLS) is a cryptographic protocol that provides integrity,con?dentiality,and authen-ticity for network communications on the transport layer of the TCP/IP protocol stack[1].It consists of the TLS Record Protocol and the TLS Handshake Pro-tocol.The TLS Record Protocol uses symmetric encryption and a negotiated secret key to secure the connection,e.g.,RC4,Triple DES,AES,IDEA,DES, or Camellia.Furthermore,it uses hash functions to guarantee the integrity of a message,e.g.,HMAC-MD5or HMAC-SHA.The TLS Handshake Protocol allows server and client to authenticate each other and to negotiate protocol parameters,such as an encryption algorithm and the cryptographic keys.The identity can be authenticated using asymmetric crypto algorithms,e.g.,RSA, DSA,or ECDSA.For key exchange,di?erent algorithms can be used,such as RSA,Di?e-Hellman,ECDH,SRP,or PSK[5].
The TLS Handshake Protocol provides the negotiation of the parameters nec-essary to establish the secure connection.The used crypto protocols being used as well as the related keys are communicated.During the handshake,at least the server is being authenticated(client authentication is also possible).The TLS handshake starts when a client requests a secure connection from a TLS enabled server.As next step,the client presents a list of supported ciphers and hash functions.The server selects the strongest cipher and hash function available by matching own supported functions and?nally negotiates the parameters.Fur-thermore,the server sends its identi?cation in the form of a digital certi?cate, e.g.,an X.509certi?cate,which contains the server name,the trusted certi?-cate authority(CA),and the server’s public key K s pub.The client and server exchange the random numbers R c and R s to resist replay attacks.After veri?-cation of the certi?cate,the client encrypts a premaster secret P MS with the server’s public key K s pub:E(P MS,K s pub)and sends it to the server,which decrypts it with its private key K s priv:E(P MS,K s priv).Based on P MS,R c, and R s,the server and the client generate the master secret MS,which is used
for encryption of the connection MS=genkey(R c,R s,P MS).This procedure can be illustrated as follows:
1.Negotiation of encryption and hashing algorithms for client and server and
random numbers R c and R s
2.Transmission and veri?cation of certi?cate including K s pub
3.Exchange of R c and R s
4.Encryption and transmission of P MS:E(P MS,K s pub)
5.Generation of MS based on R c,R s,and P MS:MS=genkey(R c,R s,P MS)
Even if the handshake is sni?ed,the con?dentiality of the messages is pre-served,as the master key MS is impossible to be obtained by the attacker.Thus, attacks inside a secured channel can not be realized.However,the SSL/TLS pro-tocol is prone to MITM attacks[25,26].The attacker intercepts packets between the client and the server to establish two encrypted connections:1)a connection between the client and the attacker and2)a connection between the attacker and the server.The attacker generates its own public key and modi?es the original certi?cate to trick the user/client,which is even possible without a capability for the user to notice the attack[25].By doing this,the attacker can read the tra?c of the secured connection between the client and the server.To get position of a MITM,the attacker can use well known techniques,such as ARP Spoo?ng, DHCP Fake,DNS Spoo?ng,or ICMP Redirects[27].
To increase the system performance,the SSL scheme can be supported by SSL acceleration[17].SSL acceleration is implemented by a hardware crypto device which processes the SSL handshake and in some cases the symmetric decryption. Such devices are optimized for cryptographic operations and o?er a very high performance.The crypto device can be installed on the secured server to decrease excessive load on the server.There are also dedicated SSL acceleration appliances which can be placed in the network to perform SSL decryption and encryption. In this case,the SSL accelerator works as a proxy and provides encrypted SSL tra?c to the external network,and decrypted tra?c to the internal network. There are di?erent accelerator devices available for deployment in a company’s network,e.g.,Array SPX1800[18],AppXcel[19],and IBM Crypto Cards[20].
2.2ID-based Encryption Scheme
The idea of generating users’public key from the identity was proposed by Shamir[11],and the?rst practical scheme was given by Boneh and Fraklin [12].The Boneh-Franklin scheme consists of four algorithms:
1.Setup(k):Run by the TA,given a security parameter k,the algorithm
generates two cyclic groups G and G1of prime order p,a generator g of G,
a bi-linear map?e:G×G→G1,a master secret key MK=α∈Z?p,and
the hash functions H1:{0,1}?→G and H2:G1→{0,1}n.The publicly available system parameters are params=(G,G1,p,g,H1,?e,PK T A),where PK T A=gαis the public key of the TA.
2.Extract(ID):Run by the TA,the algorithm takes as input an identi?er ID,
and outputs the private key SK ID=PKαID,where PK ID=H1(ID).
3.Encrypt(m,ID):Run by the message sender,the algorithm takes as input
the message m and an identi?er ID∈{0,1}?,and outputs the ciphertext c=(c1,c2)where c1=g r,c2=m⊕H2(?e(PK ID,PK T A)r),where r∈Z?p.
4.Decrypt(c,sk ID):Run by the message receiver,the algorithm takes a input
the ciphertext c=(c1,c2),and the user’s secret key SK ID,and outputs the message m=c2⊕H2(?e(SK ID,c1)).
3A Modi?ed TLS Protocol for IBE Secured
Communication
In IBE scheme,if the TA intercepts the communication between Alice and Bob, the TA can decrypt the encrypted data sent from Alice to Bob,and vice versa. For example,when Alice sends an encrypted email to Bob,Alice,?rstly,generates Bob’s public key:PK Bob=H1(bob@https://www.doczj.com/doc/39167229.html,),and then sends the encrypted data:c1=g r,c2=m⊕H2(?e(PK Bob,PK T A)r)to Bob.A Trusted Author-ity(TA)intercepting the communication between Alice and Bob,can compute c2⊕H2(?e(PKαBob,c1))to reveal the message m.In practice,the message m can be a virus,a trojan horse,a worm,etc,which can not be detected in encrpyted form.It is expected to use IBE for securing the emeail communication so that the TA can be used to decrypt encrypted ciphertext and make it possible to scan them for malicious code.
By providing a modi?ed TLS scheme,it would be possible to also use IBE to secure connections on the network.Modi?cation of the TLS speci?cations and implementation is necessary,as both do not support the IBE scheme.A possible modi?cation can be done by introducing IBE as supported encryption method and modifying the TLS handshake to use IBE during parameter negotiation. Introducing IBE as encryption method is needed as there are no easy ways to deploy encryption methods at runtime or add encryption methods unknown to TLS.Modifying the TLS handshake in case of IBE as encryption method is reasonable as a certi?cate providing the public key is not needed any more.The public key could be derived from the identity of the server,which needs to be provided.The identity of the server could be the URL or the IP of the system. So the client could directly encrypt the P MS messages with the identity derived key of the server.The scheme looks as follows:
1.Negotiation of algorithms to use and exchange R c and R s
2.Generation of IBE public key K s pub based on the identity of the server ID s:
K s pub=genkey(ID s)
3.Encryption of the pre-master-secret P MS:E(P MS,K s pub)with the public
key K s pub and transmission to server
4.Generation of MS based on R c,R s,and P MS:MS=genkey(R c,R s,P MS)
The key escrow property is used to achieve IDS capabilities,i.e.,decrypt-ing network tra?c on the?y and scan for malicious content.In this way,we
can detect malicious content in encrypted network stream without knowing the original private key of the receiver,which can be created on runtime using the master key.The decryption and detection are performed using an IBE sensor. As the exchange of the certi?cate is not needed,the attacker has no chance to forge the certi?cate and the corresponding public key as a MITM.The client will generate the public from the identity of the server and will directly encrypt the session key with this public key.The attacker can intercept this message, but he is not capable of reading the encrypted session key.Thus,a MITM attack to establish two secured channels that appear as one to client and another one to the server can not be performed.He still can disturb the connection,but the con?dentiality and integrity of the communcation are secured.The only require-ment is that the parameters of the cryptosystem are known before.This can be achieved by a similar method as the distribution of trusted certi?cates for TLS. 4Detecting Intrusions in the modi?ed TLS
Communication
The modi?ed TLS protocol makes it possible to detect intrusions in encrypted communication channels.To realize this,the IBE supported IDS sensor(which is called IBE Sensor)is required.We apply the proposed modi?ed TLS in some normal services deployed in a typical enterprise network with a demilitarized zone(DMZ)and the internal subnet.In the internal network,there are several connected clients and the PKI infrastructure for IBE.Within the DMZ there are several servers running,providing services for internal and external clients. To support IBE,there are private keys SKP i deployed on all servers and CKP i deployed on clients in the network.These private keys are derived from the master key MK.The deployed IBE sensor should be able to read all incoming and outgoing network tra?c in the DMZ as well as tra?c in the internal network.
Using the master key MK it would be possible to decrypt the tra?c which is encrypted based on the IBE scheme.If the modi?ed TLS scheme is used, the runtime decryption works by extracting the master secret from the TLS handshake while sni?ng all network tra?c.This is achieved using the following steps:
1.Recognize negotiation of algorithms and exchange of R c and R s(store R c
and R s)
2.Recognize encrypted pre-master secret E(P MS,K s pub)on the network and
decrypt it with master key MK:D(E(P MS,K s pub),MK)=P MS(store P MS)
3.Generate MS based on R c,R s,and P MS:MS=genkey(R c,R s,P MS)
https://www.doczj.com/doc/39167229.html,e MS to decrypt the encrypted tra?c
As this method is passive,no server or client would be disturbed during its communication.The IBE sensor does not need to intercept and forward tra?c, but it needs to store information about the TLS session to assign network tra?c to a speci?c connection/TLS session and a related master secret MS.
The distribution of the master key MK yields additional risks for the net-work.As the master key MK is able to decrypt any tra?c within the network, it might be a main target for attackers.While the risk for a PKI is known and con?ned by security mechanisms,the possible risks for an IBE sensor are higher as it is exposed to any tra?c on the network.Furthermore,the IBE sensor relies on tra?c parsers which might be vulnerable to di?erent kinds of attacks,e.g., Bu?er Over?ows or Format String Exploits[6].To secure the IBE sensor and the master key MK,additional security measures need to be realized.By suc-cessfully attacking the IBE sensor,the attacker will be able to passively sni?all encrypted tra?c on the network.With knowledge on the identities,the attacker will be able to generate the private keys and to send falsi?ed messages with a spoofed identity.
Fig.1.IBE Sensor Secured Client-Server Communication
5Implementation
The proof-of-concept implementation consists of two parts:the implementation of a modi?ed TLS speci?cation and the implementation of an IBE-supported Snort IDS sensor(IBE sensor).The modi?ed TLS is implemented between a
client and a server.The communication between the client and the server is en-crypted based on a session key,which is securely exchanged during the session negotiation by using the IBE encryption scheme.The Snort IDS sensor is mod-i?ed to recognize this session negotiation and restore the session key based on the key escrow property.
Figure1shows the communication between the client and the server secured by the modi?ed TLS scheme.The scheme consists of two separated phases: the session negotiation and the encrypted session.The initial state is a server listening for connections.After the client connects to the server,it receives the banner and creates a random session key key iv.Then it encrypts the key iv with the identity of the server based on IBE and sends it to the server.The server can decrypt the session key with its private key based on IBE and acknowledge that the session is established.In the following,the client sends multiple encrypted messages to the server.The session is encrypted based on the symmetric Blow?sh cipher[23].
An IDS sensor consists of a detection engine,a reporting engine,and a com-prehensive rule set for detection.The Snort IDS sensor provides several extension possibilities realized by so called Dynamic Modules[4].Dynamic modules can be additional detection rules for the existing detection engine,a new detection engine,or so called Preprocessors.A Preprocessor is a con?gurable software component in the Snort architecture,which is called before the detection en-gine.After the packet has been processed by all preprocessors,it is given to the detection engine to be scanned in detail according to the con?gured rule sets.To decrypt the TCP stream on the?y before detection,we implemented a Preprocessor,which is capable to recognize the modi?ed TLS scheme in a TCP stream.
As shown in Figure1,the modi?ed Snort can be used to detect attacks in a TCP stream which is encrypted by the modi?ed TLS scheme.To identify a new session,the IDS recognizes the session negotiation,which is sent by the server. The next information sent by the client is the encrypted pre-master secret PMS, which can be decrypted by IDS using the master key.By using the extracted PMS,the IDS can calculate the session key as well as decrypt and analyze all the network tra?c in this session.For this purpose,the Preprocessor gets all packets in this session,decrypts it,and modi?es the packet on runtime to make it being analyzed by the detection engine.The implementation is done in plain C with support of the OpenSSL library for symmetric encryption and decryption. The session negotiation is implemented on the client and server based on the Stanford IBE implementation[24].
6Experiment Results
In the experiment scenario,there are several clients and an attacker host con-nected to the external network,e.g.,the Internet.The internal network is at-tached to the external network using a?rewall.The IBE sensor is con?gured to monitor the internal network and to hold the master key,which is used to gener-
ate the server keys SKP1to SKP m.In the internal network there is a server to hold SKP m and has the identity“server@hpi“.The clients can connect to this server using the modi?ed TLS scheme,which secures the communication session based on IBE and Blow?sh.The sensor is running with an Intel(R)Core(TM)2 Duo at1.4GHz,i.e.,it includes two dedicated cores with3.072KB of cache each.The system has2GB of RAM.
During the experiment,we have several clients sending encrypted messages to the server based on the modi?ed TLS scheme.Since he/she can pretend to be a normal user,the attacker is also using the modi?ed TLS scheme to establish a session with the server.Additionally,the attacker tries to send malicious content (e.g.,x86shellcode)to the server within this encrypted session.As the tra?c is encrypted based on a session key,the unmodi?ed Snort sensor can not read it and therefore can not detect the shellcode.By using the IBE sensor,which recognizes the session negotiation,we can detect the shellcode within the encrypted session.
The attacker sends shellcode to the server within the encrypted session.This shellcode could be used to exploit the server without being detected by an IDS sensor.The IBE sensor decrypts the session and?nds the malicious shellcode in the network tra?c.The output is the Snort alert?le,which contains the de-tected attacks on the wire.We also tested other content-based detection rules with the prototype,such as the Backdoor Rules used to detect backdoor com-munication on the network or the Attack Response Rules used to detect special responses given by successful attacks[4].All the tested rule sets worked?ne for our prototype.
6.1Performance Analysis
To test the performance of our implementation,we measured the processing time in the Snort implementation while sending10messages with di?erent size from the client to the server.To compare the results,we distinguished three di?erent scenarios.The scenarios are chosen to give a?rst impression on the performance of the approach.The message sizes in the real world depend on the actual application scenarios:
1.Small size message content-10messages each with20Bytes
2.Medium size message content-10messages each with80Bytes
https://www.doczj.com/doc/39167229.html,rge message content-10messages each with480Bytes
We analyzed the results for the key negotiation and the encrypted session separately,to avoid confusion.Finally,Table1shows the average values of the processing time comparing the di?erent scenarios,the key negotiation and en-crypted session,as well as the processing of Snort with and without runtime decryption.The average of packets during the key negotiation is similar across di?erent scenarios.While the processing time of the packets without runtime decryption is around35micro second,the processing time with runtime decryp-tion is around3600micro seconds.This is reasonable as the IBE decryption process during the key negotiation needs a lot of additional e?ort.Furthermore,
the e?ort is the same for the three di?erent scenarios,as the messages which are exchanged during the key negotiation are basically the https://www.doczj.com/doc/39167229.html,paring the processing times of the packets in an encrypted session,one can realize that the average without runtime decryption is around28micro seconds,while the processing time with runtime decryption depends on the message size.The ex-periment shows the signi?cantly higher processing time of the scenario with large size message content,i.e.,480Bytes per message.Each encrypted packet needs between110and1250micro seconds to be processed.The processing time of the scenarios with small size and medium size messages is similar,i.e.,between 180and210micro seconds.This can be explained by the functionality of the Blow?sh cipher,which is a block cipher.A clear text message is padded to a speci?c block size(or a multiple of it)to be encrypted with this cipher.The default block size of the Blow?sh cipher is64bits while our encryption uses128 bits cleartext blocks to be encrypted.The message size of the two scenarios is padded to the same block size,which needs the same amount of processing time. Therefore,the processing time for both scenarios appears to be the same.
Table1.Performance Table:Average Snort processing time in milli seconds(ms)
7Future Work
As the concept shows promising results,the integration of IBE into the real TLS standard should be considered in the future.Besides the evaluation of the ap-plicability,it includes the modi?cation of supported and well-known implemen-tations,such as OpenSSL.In addition to our preliminary measurement results, the performance needs to be analyzed in detail and the scheme can be optimized accordingly to ensure scalability.A possible approach to improve performance can be the utilization of hardware devices to support cryptographic operations for the IDS,e.g.,the expensive pairing operations and the symmetric decryp-tion.This could improve the performance and make our approach applicable for huge network environments.The described attack countermeasures does not work with Snort in In-line mode[4],a speci?c operation mode where Snort is not separately deployed in the network.In this way,the sensor can drop malicious packets directly while the sensor itself is exposed to the network and to potential attackers.In this case,further security mechanisms are necessary to secure the master key as well as the sensor itself from being compromised.
Moreover,it could be interesting to analyze the utilization of Attribute Based Encryption(ABE)[13]for secured connections.ABE is a generalization of IBE, and di?ers from IBE such that the user in ABE get a secret key associated with a set of attributes,while in IBE the user gets a secret key associated with an identity.Same as IBE,the ABE key escrow is an inherent property since the master key is used to generate each user secret key.A suitable ABE scheme for being applied in IDS is Key-Policy Attribute-Based Encryption(KP-ABE)[15], since it is related to the concept of searching on encrypted data,in which a server on behalf of the user can make a query on the encrypted data without knowing the query and without knowing the plaintext.
8Conclusion
In this paper,we proposed a new mechanism to create secured connection based on IBE.By using the key escrow property,the secured connection can be recov-ered and the network tra?c is possible to be analyzed by IDS.In this way,we can detect malicious content in encrypted network streams without knowing the original private key of the receiver.Additionally,the secure connections based on IBE have no need to exchange public keys in certi?cates,which prevents MITM attacks on the secured channel.We provide a deployment architecture of the IBE sensor in a company network.Furthermore,we implemented a prototype of a modi?ed TLS scheme with a simple client-server application to support IBE. Based on this prototype,we developed an IBE sensor(i.e.,Snort Preprocessor) to recognize and decrypt IBE secured tra?c on the?y.Finally,we showed the applicability by a practical experiment and analyzed the performance of our implementation.
References
1.“The TLS Protocol”Website:https://www.doczj.com/doc/39167229.html,/rfc/rfc2246.txt(accessed Jan
2010).
2.“Security Architecture for the Internet Protocol”Website:http://www.rfc-
https://www.doczj.com/doc/39167229.html,/rfc/rfc4301.txt(accessed Jan2010).
3.“OpenPGP Message Format”Website:https://www.doczj.com/doc/39167229.html,/html/rfc4880(ac-
cessed Jan2010).
4.“Snort IDS”Website:https://www.doczj.com/doc/39167229.html,/(accessed Jan2010).
5. A.J.Menezes,P.C.van Oorschot,S.A.Vanstone:“Handbook of Applied Cryp-
tography“,CRC Press,1edition(1996).
6.J.Koziol,D.Litch?eld,D.Aitel,C.Anley,S.Eren,N.Mehta,R.Hassell:“Shell-
coders Handbook“,Wiley Publishing,Inc.(2004).
7.O.Hallaraker and G.Vigna:“Detecting malicious javascript code in mozilla”,In:
Proceedings of International Conference on Engineering of Complex Computer Sys-tems(ICECCS’05),Shanghai,China,IEEE Computer Society,pp.85-94(2005).
8.M.V.Mahoney and P.K.Chan:“An analysis of the1999darpa/lincoln laboratory
evaluation data for network anomaly detection”,In:Proceedings of The Sixth International Symposium on Recent Advances in Intrusion Detection(RAID’03), Pittsburgh,PA,USA,Springer LNCS,Vol.2820,pp.220-237(2003).
9.M.Ramadas,S.Ostermann,and B.C.Tjaden:“Detecting anomalous network
tra?c with self-organizing maps”,In:Proceedings of The Sixth International Sym-posium on Recent Advances in Intrusion Detection(RAID’03),Pittsburgh,PA, USA,Springer LNCS,Vol.2820,pp.36-54(2003).
10.S.Northcutt:Network Intrusion Detection-An Analyst’s Handbook,New Riders,
(1999).
11. A.Shamir“Identity-based cryptography and signature schemes”,In:Proceed-
ings of Advances in Cryptology(CRYPTO’84),Santa Barbara,California,USA, Springer LNCS,Vol.196,pp.47-53(1985).
12.M.K.F.Dan Boneh:“Identity-based encryption from the weil pairing”,In:
Proceedings of The21st Annual International Cryptology Conference on Advances in Cryptology CRYPTO’01,Santa Barbara,California,USA,Springer LNCS,Vol.
2139,pp.213-229(2001).
13.Sahai,A.and Waters,B.:“Fuzzy identity-based encryption”,In:Proceedings of
Advances in Cryptology(Eurocrypt’05),Aarhus,Denmark,Springer LNCS,Vol.
3494,pp.457-473(2005).
14.Bethencourt,J.and Sahai,A.and Waters,B.:“Ciphertext-policy attribute-based
encryption”,In:Proceedings of the2007IEEE Symposium on Security and Privacy (S&P’07)Washington,DC,USA,IEEE Press,pp.321-334(2007).
15.Goyal,V.and Pandey,O.and Sahai,A.and Waters,B.:“Attribute-based en-
cryption for?ne-grained access control of encrypted data”,In:Proceedings of the 13th ACM Conference on Computer and Communications Security(CCS’06),New York,NY,USA,ACM Press,pp.89-98(2006).
16.“Voltage security”,Website:https://www.doczj.com/doc/39167229.html,/(accessed Jan2010).
17.“SSL Acceleration”,Website:https://www.doczj.com/doc/39167229.html,/(accessed Jan2010).
18.“Array Networks:Universal Access Controllers”,Website:
https://www.doczj.com/doc/39167229.html,/entry.asp?PageID=110(accessed Sept2009).
19.“Radware:AppXcel”,Website:https://www.doczj.com/doc/39167229.html,/(accessed Jan2010).
20.“IBM:Crypto Card”,Website:https://www.doczj.com/doc/39167229.html,/security/cryptocards/
(accessed Jan2010).
21. B.Irwin:“Unlocking the armour:enabling intrusion detection and analysis of
encrypted tra?c streams”,In:Proceedings of New Knowledge Today Conference (ISSA KTC’05),Sandton,South Africa,ISSA Press,pp.1-10(2005).
22. A.Yamada,Y.Miyake,K.Takemori,A.Studer,and A.Perrig:“Intrusion detection
for encrypted web accesses”,In:Workshop Proceedings of Advanced Information Networking and Applications(AINA’07),Niagara Falls,Ontario,Canada,IEEE Press,pp.569-576(2007).
23. B.Schneier:“Description of a new variable-length key,64-bit block cipher(blow-
?sh)”,In:Proceedings of Fast Software Encryption(FSE’93),Cambridge Security Workshop Cambridge,UK,Springer LNCS,vol.809,pp.191-204,1993.
24. B.Lynn:“Stanford IBE Library v0.7.2.”,Website:
https://www.doczj.com/doc/39167229.html,/ibe/(accessed Jan2010).
25.Stevens,M.,Sotirov,A.,Appelbaum,J.,et.al.:“Short Chosen-Pre?x Collisions for
MD5and the Creation of a Rogue CA Certi?cate“,In:Proceedings of29th Annual international Cryptology Conference on Advances in Cryptology(CRYPTO’09), Santa Barbara,CA,Springer LNCS,Vol.5677,pp.55-69(2009).
26.Boneh,D.,Inguva,S.,Baker,I.:”SSL Man in the Middle Proxy“,Website:
https://www.doczj.com/doc/39167229.html,/ssl-mitm/(accessed Jan2010).
27.Ettercap:Website:https://www.doczj.com/doc/39167229.html,/(accessed Jan2010).
铁路视点 Railway Topics 铁路信号系统 安全相关通信标准与安全协议研究 杨霓霏:中国铁道科学研究院通信信号研究所,硕士研究生,北京,100081段 武:中国铁道科学研究院通信信号研究所,研究员,北京,100081卢佩玲:中国铁道科学研究院通信信号研究所,研究员,北京,100081 代化的铁路信号及控制系统一般由多个安全相关 子系统构成,负责子系统之间安全数据交换的通 信系统是安全相关系统的一个重要组成部分。欧洲电工标准化委员会(CENELEC)核准的EN 50159标准是专门针对铁路信号系统中安全相关通信而设立的,此标准为构建安全相关通信系统提出了功能和技术方面的基本要求和设计指导。目前,我国列车控制系统应用的部分欧洲设备或系统方案涉及到EN 50159标准建立的安全通信系统及接口协议。 摘 要:欧洲电工标准化委员会(CENELEC)核准的EN 50159标准是专门针对铁路信号系统中安全相关通信而设立的,该标准从功能和技术层面提出传输系统可能遇到的威胁及安全要求和措施。为防御各种风险,要求安全通信系统应具有保护报文真实性、保护报文完整性、保护报文时间性和保护报文顺序性等4项防御功能。 关键词:铁路信号系统;安全相关通信;安全协议;标准 1 EN 50159标准概述 EN 50159标准提出在安全相关设备中的数据通信必须建立安全相关通信功能,安全功能包括安全过程(safety procedure)及安全码(safety code)两方面内容。从结构上讲就是在应用层与通信系统之间,建立安全相关通信层,简称安全层。需要传输的用户数据首先经过安全层的处理,生成安全层数据报文之后再发往传输系统;从传输系统收到的信息也先经过安全层过滤才被采用。无论传输系统采用何种结构以及协议栈,从逻辑角度安全相关数据在安全层由安全过程和安全码的保护进行通信。物理上安全层的数据经过传输系统传送,所以传输系统特性直接影响安全通信功能。为此, EN 50159标准分为两个部分:EN 50159—1标准[1]针对封闭传输系统提出构建安全通信的基本要求,强调应用标准的先决条件、基本功能需求和安全完整性需求。EN 50159—2标准[2]针对开放传输系统提出基本安全需求, 分析开放传输系统的各项风险及对应的安全措施。封闭传输系统指特征及属性清晰、固定的传输系统,建立安全相关通信功能可以考虑封闭传输系统的属性;而开放传输系统充满不确定性,安全通信功能的建立必须考虑所有可能发生的问题。 现
一、《网络安全技术和使用》杂志社有限公司办刊宗旨 本刊成立于2003年,先由中华人民共和国公安部主管、中国人民公安大学出版社主办。从2009年起,本刊改由中华人民教育部主管,北京大学出版社主办,是国内网络安全技术和使用领域行业指导性科技月刊,国内外公开发行。 本刊针对网络安全领域的“新人新潮新技术”,旨在传达和反映政府行业机构的政策、策略、方法,探索和追踪技术使用的最新课题、成果、趋势,透视和扫描企业、人物及产业项目的形象、风采、焦点,推动并引领行业整体进步和发展。 本刊系“三高两强”刊物,即信息量高、学术水平高、技术含量高;专业性强、使用性强。读者定位侧重于政府有关各部门领导、干部、专业工作者,企事业、军队、公安部门和国家安全机关,国家保密系统、金融证券部门、民航铁路系统、信息技术科研单位从事网络工作的人员和大专院校师生,信息安全产品厂商、系统集成商、网络公司职员及其他直接从事或热心于信息安全技术使用的人士。 创刊以来,本刊和国内外近百家企业建立了良好的合作关系,具体合作方式包括:长期综合合作、协办、支持、栏目协办和中短期合作。今后,本刊愿和国内外业界权威机构、团体、政府官员及专家学者进一步建立、开展广泛的联系和交流,热忱欢迎业界同仁以多种形式加盟我们的事业。 本刊通过邮订、邮购、赠阅、派送、自办发行及定点销售等多渠道发行,目前发行范围集中于公安、军队、电信、银行、证券、司法、政府机构、大专院校及政务、商务其它各行业使用领域的广大读者。 二、《网络安全技术和使用》主要栏目 焦点●论坛 特别报道:中国信息安全技术和使用中热点、焦点和难点问题的深度报道;业内重大事件透视。 权威论坛:业内专家、学者和官方以及政府有关领导及权威人士的署名文章、讲话,从宏观上对网络安全技术和使用方面的趋势、走向和策略,进行深层次的论述。 技术●使用
云翔安全应用网关产品指导性文档 ----------用户手册 山东确信信息产业股份有限公司 二零一一年七月
前言 感谢您购买并使用云翔安全应用网关。 云翔安全应用网关,广泛应用于大中型企业/政府机关/金融行业/教育行业/电信运营商等领域,为用户远程访问网络服务提供安全保护,主要功能包括:?身份认证:确保远程用户身份,确定其合法性; ?访问控制:确保远程用户只能访问被授权许可的服务和应用; ?数据加密:确保所有数据在网络传输过程中都是被加密的,防止被窃听; 云翔安全应用网关架构在SSL/TLS协议基础上,采用安全、可靠的硬件平台,无需改变网络结构和应用模式,全面支持Web应用及Exchange、SMB、FTP、Telnet、CRM、ERP、Mail、Oracle和SQL Server等C/S模式的应用。与传统SSLVPN 方式相比,云翔安全应用网关突破了SSL的局限性,创新性的对SSLVPN网关技术进行了拓展: ?网关到网关模式:和IPSEC VPN 相比,传统SSLVPN适用于终端到网关模式的部署方式,云翔安全应用网关突破了这种局限,创新性的实现了网 关到网关模式的SSLVPN技术; ?客户端自动获取域名解析(DNS)配置:和IPSEC VPN 相比,SSLVPN 无需安装客户端软件。传统的SSLVPN客户端无法通过DHCP协议自动从接入网 关获取DNS配置,因此SSLVPN无法使用企业内部DNS服务器。云翔安全应 用网关创新性的实现了客户端自动从接入网关获取域名解析服务,从而 拓展了内网域名应用。 ?支持网络邻居:网络邻居是Microsoft Windows 操作系统基于NetBIOS 协议实现的网络文件共享功能,网络邻居难以跨越路由器在互联网范围 内实现。网关能够确保用户远程接入内网的同时正常使用网络邻居功能。 ?安全远程桌面功能:Microsoft Windows 提供的远程桌面功能被网络管理人员广泛采用,但是远程桌面功能无法对远程接入用户进行细颗粒的 安全限制,因此存在巨大安全隐患。网关的【远程终端】服务,实现了 对Microsoft Windows 远程桌面的安全拓展,用户可通过接入网关开放 远程桌面,并可限制远程用户所能访问的资源和应用程序。
铁路信号安全协议-Ⅰ Railway Signal Safety Protocol - I (报批稿) 中华人民共和国铁道部发布
TB/T 2465—×××× 前言 本规范为首次发布,应用于铁路信号安全通信的I类协议规范。 本规范由北京全路通信信号研究设计院提出并归口。 本规范由北京全路通信信号研究设计院负责起草。 本规范主要起草人:岳朝鹏、叶峰、郭军强
铁路信号安全协议-I 1范围 本规范规定了铁路信号安全设备之间进行安全相关信息交互的安全层功能结构和协议。本安全层规范应与以本规范扩展定义的其它接口规范,共同构成完整的应用规范。 本规范适用于封闭式传输系统,以实现铁路信号安全设备间的安全数据通信。 2规范性引用文件 下列文件中的条款通过本标准的引用而成为本标准的条款。凡是注日期的引用文件,其随后所有的修改单(不包括勘误的内容)或修订版均不适用于本标准,然而,鼓励根据本标准达成协议的各方,研究是否可使用这些文件的最新版本。凡是不注日期的引用文件,其最新版本适用于本标准。 EN-50159-1:2001 Railway applications –Communication, signalling and Processing systems –Part 1: Safety-related communication in closed transmission systems 铁道应用:封 闭式传输系统中安全通信要求 EN-50159-2:2001 Railway applications –Communication, signalling and Processing systems –Part 2: Safety-related communication in open transmission systems 铁道应用:开放 式传输系统中安全通信要求 EN-50128:2001 Railway applications –Communications, signalling and processing systems –Software for railway control and protection systems 铁道应用: 铁路控制和防护系 统软件 EN-50129:2003 Railway applications –Communication, signalling and processing systems –Safety related electronic systems for signalling铁道应用:安全相关电子系统 3术语和定义 下列术语和定义适用于本标准。 3.1 危险源 Hazard 可导致事故的条件。 3.2 风险 Risk 特定危险事件发生的频率、概率以及产生的后果。 3.3 失败 Failure 系统故障或错误的后果。 3.4 错误 Error 与预期设计的偏差,系统非预期输出或失败。 3.5 故障 Fault 可导致系统错误的异常条件。故障可由随机和系统产生。 4缩写 下列术语和定义适用于本标准。 4.1 RSSP Railway Signal Safety Protocol
加密安全网关使用说明 企业内的加密文件有时候需要上传到OA、PLM、SVN等系统中,希望OA等系统中保存的文件是明文的,从OA等系统中下载到本地为加密文件,并希望其它没有允许访问的计算机不可以访问OA等服务器,ViaControl安全网关功能就是为了解决这一问题而诞生的。 ViaControl安全网关,可以实现启用安全通讯的加密客户端上传解密下载加密。未启用加密功能的客户端或者未启动安全通讯的加密客户端,不能访问受保护的OA等系统。 1网络架构 ViaControl安全网关功能的工作模式为:网桥模式。 企业内的网络常见的网络简易拓扑结构: ViaControl的安全网关控制模式: 使用网桥模式,可以对网络结构和配置不做任何修改,直接将安全网关控制设备串接进网络中需要进行控制的重要的服务器处,对通过其的网络通讯进行控制。
2 控制流程 当计算机或其他网络终端设备,访问受安全网关保护的服务器时,安全网关会判断访问请求是否属于安全通讯。当安装了客户端的计算机,使用已经启动安全通讯功能的授权软件访问时,就可以正常访问服务器。而其他的计算机会被阻止访问服务器。 对于一些外来的或者特殊权限的计算机,也可以通过设置白名单允许未启用安全通讯的计算机访问服务器。 非法客户端 安全网关控制 器
3部署 3.1设备介绍 ViaControl网络控制设备(以下称控制器),分为三个型号: 2000: 3个千兆网卡,其中管理端口为ETH2; 3000: 4个千兆网卡,一组BYPASS(ETH0和ETH1),其中管理端口为ETH3; 4000: 4个千兆网卡,一组BYPASS(ETH0和ETH1),其中管理端口为ETH3; 说明管理端口的固定IP为190.190.190.190,初始配置时使用; BYPASS功能,可以在控制器断电或死机的情况下,将控制器所连接的两端 直接物理上导通,不影响网络的使用。 3.2部署方式 ViaControl网络控制器以桥接的方式串接入网络。控制器一般位于限制访问的计算机之前。 连接方法:使用设备的两个端口将其连入网络; 2000使用ETH0和ETH1;3000、4000使用ETH0、ETH1、ETH2中任两个;
收稿日期:2011-06-20;修回日期:2011-09-25基金项目:国家自然科学基金项目(61070170) 作者简介:王婷婷(1990-),女,研究方向为网络安全;朱艳琴,教授,研究方向为计算机网络、信息安全技术、应用密码学等。 基于身份的抗密钥泄露加密系统的设计与实现 王婷婷,朱艳琴 (苏州大学计算机科学与技术学院,江苏苏州215006) 摘 要:1984年Shamir 提出的基于身份的加密方案简化了公钥生成和分发的工作,解放了公钥证书,但该方案存在密钥托 管、公钥撤销、执行效率等问题。针对这些问题,在VC++6.0的环境下,有效利用PBC 工程中定义的大数结构,在不依赖随机神谕模型的基础上,设计并实现了抗密钥泄露IBE 加密系统。与其他加密系统相比,该系统计算效率更为高效,且支持接收者匿名。由于该加密系统拥有较好的防御入侵能力,在网络安全通信、web 应用服务、电子商务、电子政务等方面存在着良好的应用前景。 关键词:基于身份的加密;PBC 工程;抗密钥泄露IBE 中图分类号:TP309 文献标识码:A 文章编号:1673-629X (2012)02-0185-04 Design and Realization of Leakage -Resilient Identity -Based Public Key Encryption System WANG Ting-ting ,ZHU Yan-qin (School of Computer Science and Technology ,Soochow University ,Suzhou 215006,China ) Abstract :1984,Shamir proposed an identity-based encryption scheme ,which simplifies the work of generating and distributing public key.So don ’t need public key certificate any more.However ,there are some problems like key escrow program ,the public key revoca-tion ,the efficiency and other issues.To solve these problems ,in the environment of VC++6.0,without relying on the random oracle model ,design and realize the leakage-resilient system based on the structure of large numbers defined in PBC project.Compared to the other encryption systems ,it calculates more efficiently and allows anonymous receiver.Since the encryption system has a superior ability to resist invasion ,there is a good prospect of application in the field of safe network communications ,web application service ,electronic commerce ,electronic government affair and so on. Key words :identity-based encryption ;pairing-based cryptography ;leakage-resilient identity-based encryption 引 言 1984年Shamir 提出了基于身份的密码系统的思想 [1] 。在这种密码系统中,用户的公钥是用户的身份信息, 如e-mail 地址、IP 地址和电话号码等。用户的私钥是由私钥生成中心(private key generators ,PKG )产生的。因为基于身份的密码系统不需要数字证书,所以它避免了传统公钥密码系统建立和管理公钥基础设施(public key infrastructure , PKI )的困难。文中基于IBE 基本思想设计了一个“基于身份的抗密钥泄露加密系统”,该系统并不需要随机神谕模型,其核心算法是基于素数阶群和高效双线性映射函数实现的,操作的基本单位是大数点对,同时双线性映射函数在进行大数映射操作时提供较低的时间复杂度 和较大的数据吞吐量。因此,该加密系统具有较高的计算效率。另外,整个加解密过程仅需要常数次的群运算,较已有的同类算法 [2] ,用户方私钥以及用于加解 密的密钥生成器(PKG )端所需的公共参数的个数更少,长度更短。同B.Waters 在2005年欧密会上所设计方案 [3] 相比,本系统只需要5个群元素和1个hash 函数构成PKG 的公共参数,而B.Waters 方案需N +4个群元素,其中N 表示用户ID 所需比特数。同时,系统是接收方匿名的,即窃听者很难分辨哪个标识是用来生成一段特定的密文。这一设计也大大提高了系统的安全性。 1 预备知识 1.1 双线性映射 假设G 和是两个阶为p 的循环乘法群, g 是G 的一个生成元,假设G 和的离散对数问题是困难的。如果映射e :G ?G 具有如下性质,则该映射是双线性映射。 第22卷第2期2012年2月 计算机技术与发展 COMPUTER TECHNOLOGY AND DEVELOPMENT Vol.22No.2Feb.2012
加密安全网关使用说明 1设备介绍 IP-guard安全网关控制设备(以下简称控制器),分为三个型号: IPG-2000: 3个千兆网卡,其中管理端口为EMP; IPG-3000: 4个千兆网卡,一组BYPASS(ETH0和ETH1),其中管理端口为EMP; IPG-4000: 4个千兆网卡,一组BYPASS(ETH0和ETH1),其中管理端口为EMP; 说明管理端口的固定IP为190.190.190.190,初始配置时使用; BYPASS功能,可以在控制器断电或死机的情况下,将控制器所连接的两端 直接物理上导通,不影响网络的使用。 2部署前提 先部署好需要保护的服务器环境。
3具体部署过程 3.1安装安全网关管理器 运行网络准入管理器安装程序SGManSetup.exe,根据默认提示安装。 3.2部署安全网关 3.2.1安全网关IP设置 首先要确定安全网关串联接入网络中的具体位置,据此确定安全网关的IP地址,接着便要开始设置安全网关的IP。 安全网关管理端口的固定IP为190.190.190.190,通过管理端口进行安全网关IP配置。设置的具体操作如下: 1)计算机A安装了安全网关管理器,使计算机A脱离内网环境,而直接用网线将安全 网关的管理端口与计算机A连接,修改计算机A的IP,让它能与安全网关通讯。如修改计算机A的IP如下: IP地址:190.190.190.1 子网掩码:255.255.255.0 默认网关:可不填 2)在计算机A上开始菜单中运行安全网关管理器,操作:【工具→控制器连接参数】, 如图1: 图1 控制器:输入控制器的固定IP,即190.190.190.190; 密码:初始为空
安全网关和IDS互动解决方案 该方案特点: 通过安全网关(被动防御体系)与入侵检测系统(主动防御体系)的互动,实现“主动防御和被动防御”的结合。对在企业内网发起的攻击和攻破了安全网关第一道关卡的黑客攻击,可以依靠入侵检测系统阻断和发现攻击的行为,同时通过与安全网关的互动,自动修改策略设置上的漏洞不足,阻挡攻击的继续进入。两者的联动示意如下图: 方案概述: 1、项目简介 某市电力局为安徽省级电力公司下属的二级单位,信息化程度较高,目前已经建成生产技术和运行子系统、用电管理子系统、办公自动化子系统、财务子系统、物资子系统和人劳党政子系统等。 该电力局内部网络与三个外网相连,分别通过路由器与省电力公司网络、下属六个县局
网络和银行网络进行数据交换。 2、安全方案 通过对该电力局的网络整体进行系统分析,考虑到目前网上运行的业务需求,本方案对原有网络系统进行全面的安全加强,主要实现以下目的: 1)保障现有关键应用的长期可靠运行,避免病毒和黑客攻击; 2)防止内外部人员的非法访问,特别是对内部员工的访问控制; 3)确保网络平台上数据交换的安全性,杜绝内外部黑客的攻击; 4)方便内部授权员工(如:公司领导,出差员工等)从互联网上远程方便地、安全地 访问内部网络,实现信息的最大可用性; 5)能对网络的异常行为进行监控,并作出回应,建立动态防护体系。 为了实现上述目的,我们采用了主动防御体系和被动防御体系相结合的全面网络安全解决方案,如下图所示。
主动防御体系 主动防御体系由漏洞扫描和入侵检测及与安全网关的联动系统组成。 主要在网络中心增加“入侵检测系统”、“漏洞扫描系统”和统一的“安全策略管理”平台。用户主动防范攻击行为,尤其是防范从单位内部发起的攻击。 对在企业内网发起的攻击和攻破了安全网关第一道关卡的黑客攻击,可以依靠入侵检测系统阻断和发现攻击的行为,同时通过与安全网关的互动,自动修改策略设置上的漏洞不足,阻挡攻击的继续进入。 本方案在交换机上连入第三方的入侵检测系统,并将其与交换机相连的端口设置为镜像端口,由IDS传感器对防火墙的内口、关键服务器进行监听,并进行分析、报警和响应;在入侵检测的控制台上观察检测结果,并形成报表,打印。 在实现安全网关和入侵检测系统的联动后,可以通过下面方法看到效果:使用大包ping 位于安全网关另一边的主机(这属于网络异常行为)。IDS会报警,ping通一个icmp包后无法再ping通。这时检查安全网关“访问控制策略”会发现动态地添加了阻断该icmp的策略。 “漏洞扫描系统”是一种网络维护人员使用的安全分析工具,主动发现网络系统中的漏洞,修改安全网关和入侵检测系统中不适当的设置,防患于未然。 “安全策略管理”统一管理全网的安全策略(包括:安全网关、入侵检测系统和防病毒等),作到系统安全的最优化。 被动防御体系 被动防御体系主要采用上海本公司的SGW系列安全网关(Firewall+VPN)产品。 在Cisco路由器4006与3640之间,插入安全网关SGW25是必须的。主要起到对外防止黑客入侵,对内进行访问控制和授权员工从外网安全接入的问题,SGW25在这里主要发挥防火墙和VPN的双重作用。 1)保障局域网不受来自外网的黑客攻击,主要担当防火墙功能; 2)能够根据需要,让外网向internet的访问提供服务,如:Web,Mail,DNS等服务; 3)对外网用户访问(internet)提供灵活的访问控制功能。如:可以控制任何一个内 部员工能否上网,能访问哪些网站,能不能收发email、ftp等,能够在什么时间 上网等等。简而言之,能够基于“六元组”【源地址、目的地址、源端口号(即: 服务)、目的端口号(即:服务)、协议、时间】进行灵活的访问控制。 4)下属单位能够通过安全网关与安全客户端软件之间的安全互联,建立通过
RSSP-I、RSSP-II及SAHARA三种安全通信协议实现技术简介 岳朝鹏 摘要:本文针对RSSP-I、RSSP-II、SAHARA三种安全通信协议的主要安全通信技术实现机制进行介绍,并对这三种安全协议进行多方面比对,从而便于研发人员可根据具体应用场景选取所需的安全协议或防护技术。 关键词:铁路信号安全通信协议、SAHARA、实现机制、综合比对 Abstract:Based on RSSP-I, RSSP-II, SAHARA three kinds of safety communication protocols,the main safety communication technology realization mechanism were introduced, and compare these safety protocols in many aspects, which will be convenient for R& D personnel to select required safety protocol or the protection technology according to the concrete application scene. Keywords: RSSP、SAHARA、Implementation mechanisms、Comprehensive comparison 目前,RSSP-I协议广泛运用在我国客运专线列控中心的外围系统接口间,RSSP-II协议广泛运用在无线闭塞中心及临时限速服务器的外围系统接口间,而SAHARA协议主要应用在西门子地铁CBTC系统中。本文将对RSSP-I、RSSP-II、SAHARA三种安全通信协议的主要安全通信技术实现机制进行介绍,并对这三种安全协议进行多方面比对,从而便于研发人员可根据具体应用场景选取所需的安全协议或防护技术。 1、RSSP-I安全通信协议 ,以源标识为初始值T(0)=SID, 按通信周期向左移位32位,且若最高位为1时须异或一个时间戳生成多项式作为附加干扰输入。如下图所示:
安全网关产品说明书集团文件发布号:(9816-UATWW-MWUB-WUNN-INNUL-DQQTY-
安全网关产品说明书 介绍 欢迎并感谢您选购联通网络信息安全产品,用以构筑您的实时网络防护系统。ZXSECUS统一威胁管理系统(安全网关)增强了网络的安全性,避免了网络资源的误用和滥用,帮助您更有效的使用通讯资源的同时不会降低网络性能。ZXSECUS统一安全网关是致力于网络安全,易于管理的安全设备。其功能齐备,包括:应用层服务,例如病毒防护、入侵防护、垃圾邮件过滤、网页内容过滤以及IM/P2P过滤服务。 网络层服务,例如防火墙、入侵防护、IPSec与SSLVPN,以及流量控制。 管理服务,例如用户认证、发送日志与报告到USLA、设备管理设置、安全的web与CLI管理访问,以及SNMP。 ZXSECUS统一安全网关采用ZXSECUS动态威胁防护系统(DTPSTM)具有芯片设计、网络通信、安全防御及内容分析等方面诸多技术优势。独特的基于ASIC上的网络安全构架能实时进行网络内容和状态分析,并及时启动部署在网络边界的防护关键应用程序,随时对您的网络进行最有效的安全保护。 ZXSECUS设备介绍 所有的ZXSECUS统一安全网关可以对从soho到企业级别的用户提供基于网络的反病毒,网页内容过滤,防火墙,VPN以及入侵防护等防护功能。 ZXSECUS550 ZXSECUS550设备的性能,可用性以及可靠性迎合了企业级别的需求。ZXSECUS550同样也支持高可用性群集以及包括在HA设备主从设备切换时不会丢弃会话,该设备是关键任务系统的理想选择。 ZXSECUS350
s e a r c h 学术研究 张庆胜,程登峰,丁瑶,王磊(航天信息股份有限公司,北京100097) 【摘 要】随着互联网的快速发展,信息安全问题显得日益重要。公钥密码技术能够保证互联网上信息传输的安全,目前PKI技术已获得一些应用,由于其复杂的使用步骤以及繁琐的后台证书管理问题,在某些领域和某些方面其使用受到很大的局限性。IBE技术不采用数字证书的概念,用户使用和后台管理都很方便,特别适合企业和外部用户进行安全信息传输的情况。 【关键词】密码技术;公钥基础设施;基于身份标识的加密 【中图分类号】TP393 【文献标识码】A 【文章编号】1009-8054(2008) 06-0086-03 Identity Based Encryption Technology ZHANG Qing-sheng, CHEN Deng-feng, DING Yao, WANG Lei (Aisino Corporation, No. Jia 18, Xing-Shi-Kou Road, Hai Dian Disttrict, Beijing 100097, China) 【Abstract 】With the fast development of Internet, the problem of information security becomes increasingly important.Public Key Cryptography can ensure the security of information transmission on Internet. Now PKI(Public Key Infrastructure) technology acquires some application, however this application is severely restricted in some fields and aspects because of its complicated steps and tedious background some certificate management issues. IBE(Identity Based Encryption) technology adopts no concept of digital certificate, and it is particularly suited to the case of secure informa-tion transmission between enterprises and their external users, and quite convenient for use and management.【Keywords 】cryptography; PKI; IBE 基于身份标识的加密技术 0 引言 随着Internet的迅猛发展,信息安全也越来越受到人们的重视,要真正实现互联网上交易与信息传输的安全,就必须满足机密性、真实性、完整性、不可抵赖性4大要求[1]。公钥密码技术是能够满足以上四大要求的统一技术框架。PKI(Public Key Infrastructure)的中文名称为公钥基础设施,它是一种公钥密码技术,经过了数十年的研究和发展,已在诸多领域获得广泛应用。 目前的网上银行、网上证券以及电子商务等都依赖于 PKI技术。在PKI技术中,由于每个用户需要事先申请数 字证书,用户使用复杂,后台管理也异常繁琐,这样PKI技术在某些领域的应用受到了很大的局限性。 IBE(Identity-Based Encryption)的中文名称为基于身份的加密,也是一种公钥密码技术,它直接利用用户的唯一身份标识作为公钥,不采用数字证书的概念,用户使用和后台管理都很简单,有广泛的应用前景。 1 IBE技术简介 早在1984年,RSA公钥密码技术的发明者之一—Adi Shamir教授就提出了基于身份加密(IBE)的思想[2],但在那时还没有具体方法在实际中实现这一思想,IBE技术成 为密码学界未解决的主要问题之一。直到2001年,基于椭圆曲线密码技术和Weil配对数学理论,斯坦福大学计算机科学技术系的教授Dan Boneh和加州大学戴维斯分院的教授Matt Franklin分别发明了具体可实施的IBE方案[3]。
设 计 文 件 版权专有 违者必究 中车株洲电力机车研究所有限公司 名称 RSSP-I 安全通信协议软件使用说明 书 编号 版本
编制校核
目次 1 目的和范围 (3) 1.1 目的 (3) 1.2 范围 (3) 2 规范性引用文件 (3) 3 参考资料 (3) 4 术语和缩略语 (3) 5 概述 (3) 6 时序接口 (4) 7 使用条件 (6) 8 数据类型定义 (7) 9 应用接口函数 (8) 9.1 Rsp1_Init (8) 9.2 Rsp1_UpdateClock (8) 9.3 Rsp1_PackageData (8) 9.4 Rsp1_CheckPackage (9) 9.5 Rsp1_Close (10) 9.6 Rsp1_Open (10) 9.7 Rsp1_GetChanelStatus (11) 9.8 Rsp1_GetSynData (11) 9.9 Rsp1_SetSynData (12) 附录 A (18) A.1 附录及说明文件符合性检查表 (18) A.2 附件及说明 (18)
1 目的和范围 1.1 目的 本文描述了RSSP-I安全通信协议软件的接口方式与具体方法。预期读者为上层应用开发用户及验证、确认人员等。 1.2 范围 本文适用于RSSP-I安全通信协议软件使用说明。 2 规范性引用文件 本文档所引用的轨道交通信号系统通用安全计算机平台文档,凡是标注版本的,只有标注版本适应本文档;没有标注版本的,则引用文档的最新版本适用于本文档。 表1 3 参考资料 表2 4 术语和缩略语 术语和缩略语见表3。 表3 5 概述
一、《网络安全技术与应用》杂志社有限公司办刊宗旨 本刊成立于年,先由中华人民共和国公安部主管、中国人民公安大学出版社主办。从年起,本刊改由中华人民教育部主管,北京大学出版社主办,是国内网络安全技术与应用领域行业指导性科技月刊,国内外公开发行。 本刊针对网络安全领域的“新人新潮新技术”,旨在传达与反映政府行业机构的政策、策略、方法,探索与追踪技术应用的最新课题、成果、趋势,透视与扫描企业、人物及产业项目的形象、风采、焦点,推动并引领行业整体进步和发展。 本刊系“三高两强”刊物,即信息量高、学术水平高、技术含量高;专业性强、应用性强。读者定位侧重于政府有关各部门领导、干部、专业工作者,企事业、军队、公安部门和国家安全机关,国家保密系统、金融证券部门、民航铁路系统、信息技术科研单位从事网络工作的人员和大专院校师生,信息安全产品厂商、系统集成商、网络公司职员及其他直接从事或热心于信息安全技术应用的人士。 创刊以来,本刊与国内外近百家企业建立了良好的合作关系,具体合作方式包括:长期综合合作、协办、支持、栏目协办和中短期合作。今后,本刊愿与国内外业界权威机构、团体、政府官员及专家学者进一步建立、开展广泛的联系和交流,热忱欢迎业界同仁以多种形式加盟我们的事业。 本刊通过邮订、邮购、赠阅、派送、自办发行及定点销售等多渠道发行,目前发行范围集中于公安、军队、电信、银行、证券、司法、政府机构、大专院校及政务、商务其它各行业应用领域的广大读者。 二、《网络安全技术与应用》主要栏目 焦点●论坛 特别报道:中国信息安全技术与应用中热点、焦点和难点问题的深度报道;业内重大事件透视。 权威论坛:业内专家、学者和官方以及政府有关领导及权威人士的署名文章、讲话,从宏观上对网络安全技术与应用方面的趋势、走向与策略,进行深层次的论述。 技术●应用
安全网关部署方案 随着企业网络的普及和网络开放性,共享性,互连程度的扩大,网络的信息安全问题也越来越引起人们的重视。一个安全的计算机局域网络应该具有可靠性、可用性、完整性、保密性和真实性等特点。计算机局域网络不仅要保护计算机网络设备安全和计算机网络系统安全,还要保护数据安全。这样,局域网络信息安全问题就成为危害网络发展的核心问题,与外界的因特网连接使信息受侵害的问题尤其严重。目前局域网信息的不安全因素来自病毒、黑客、木马、垃圾邮件等几个方面。另外域网内部的信息安全更是不容忽视的。网络内部各节点之间通过网络共享网络资源,就可能因无意中把重要的涉密信息或个人隐私信息存放在共享目录下,因此造成信息泄漏;甚至存在内部人员编写程序通过网络进行传播,或者利用黑客程序入侵他人主机的现象。因此,网络安全不仅要防范外部网,同时更防范内部网安全。因此,企业采取统一的安全网关策略来保证网络的安全是十分需要的。一个完整的安全技术和产品包括:身份认证、访问控制、流量监测、网络加密技术、防火墙、入侵检测、防病毒、漏洞扫描等;而造成安全事件的原因则包括技术因素、管理因素以及安全架构设计上的疏漏等问题。安全网关是各种技术有机融合,具有重要且独特的保护作用,其范围从协议级过滤到十分复杂的应用级过滤,对保护计算机局域网起着关键性的作用。
安全网关部署拓扑图: (图1)
上图为安全网关部署示意图,包含了组建局域网网的基本要素。下面对其各个部分进行讲解。 一、安全网关接入网络。 安全网关一般具有2个W AN口以及4个LAN口。如上图所示,外网IP为221.2.197.149,连接网线到W AN口上。LAN的口IP地址是可以自由设置的,图中设定的2个LAN口的IP为192.168.0.1(局域网用户)以及10.0.0.1(服务器用网段)。另外安全网关具有了无线网络功能,分配IP地址为192.168.10.1。下面对上述接入方式进行详细说明。 1.路由NET部署 图一所示接入方式即为路由NET部署拓扑图。安全网关设备部署在网络的出口位置,实现路由、NAT转发功能。同时可以开启Qos (流量)控制、URL过滤、IM限制等功能,这种部署模式是最为常见的部署模式,应用客户最多。 2. 透明模式部署拓扑图
RSSP-II铁路信号安全通信协议 V0.5 2008年12月
1. 修订历史
2. 目录 1. 修订历史 (2) 2. 目录 (3) 3. 简介 (6) 3.1 目的及范围 (6) 3.2 参考文献 (6) 3.3 术语和定义 (6) 3.4 缩略语 (7) 4. 参考结构 (8) 4.1 综述 (8) 4.2 铁路信号安全设备间安全通信接口 (8) 4.3 各层功能 (9) 4.3.1 安全功能模块(SFM) (9) 4.3.2 通信功能模块(CFM) (10) 4.4 传输系统的分类 (10) 4.5 假设 (10) 5. 安全功能模块 (11) 5.1 简介 (11) 5.2 安全功能模块的功能 (11) 5.3 消息鉴定安全层(MASL) (12) 5.4 安全应用中间子层(SAI) (13) 5.4.1 概述 (13) 5.4.2 到SAI层服务接口 (14) 5.4.3 到MASL层服务接口 (14) 5.4.4 消息结构 (14) 5.4.5 SAI协议 (16) 5.4.6 消息类型域 (19) 5.4.7 序列号防御技术 (19) 5.4.8 TTS (21) 5.4.9 EC防御技术 (30) 5.4.10 错误处理 (35) 5.5 数据配置及规则 (36) 5.5.1 简介 (36) 5.5.2 连接初始化规则 (36) 5.5.3 TTS参数定义 (36) 5.5.4 EC参数定义 (37) 5.5.5 错误处理指导 (38) 5.6 TTS示例 (38) 6. 通信功能模块 (41) 6.1 一般规则 (41) 6.2 概述 (41) 6.2.1 一般描述 (41)
本技术公开了一种改进的格上基于身份的全同态加密方法。该方法按照以下步骤实施:首先利用一种新型陷门函数与对偶LWE算法相结合,构造一个改进的标准模型下格上基于身份的加密方案,然后利用特征向量的思想将该方案转化为一个改进的标准模型下格上基于身份的全同态加密方案。本技术所公开的方法消除了基于身份全同态加密运算密钥的问题,且所生成的格的维数更低,具有更高的实际应用可行性。 权利要求书 1.一种改进的格上基于身份的全同态加密方法,其特征在于采用两层结构设计:首先将新型陷门函数与对偶LWE算法相结合,构造一个改进的标准模型下格上基于身份的加密方案iIBE,然后利用特征向量方法将iIBE转化为标准模型下格上基于身份的全同态加密方案IBFHE;IBFHE方案包括私钥生成中心,云服务方,消息发送方和消息接收方,它们之间采用双向通信; 所述改进的格上基于身份的全同态加密方法具体实施步骤是: 首先构造标准模型下的格上基于身份的加密方案iIBE: iIBE方案需要以下基本参数:均匀随机矩阵和其陷门其中n是安全参数,m=O(n log q),w =nk,模数q=q(n);构造一个公开矩阵其中In是n×n单位矩阵,FRD编码函数H1: 系统建立算法iIBE-Setup(1n):选取均匀随机矩阵选取n维均匀随机向量运行陷门生成算法TrapGen(1n,1m,q,H),其中为随机的可逆矩阵;输出矩阵和格Λ⊥(A)的陷门矩阵输出MPK=(A,u),MSK=R; 用户密钥提取算法iIBE-Extract(MPK,MSK,id):利用FRD编码函数H1:将用户身份id映射为一个可逆矩阵运行原像采样算法SampleL(A,Hid·G,R,u,σ),输出用户密钥e,满足Aide=u,其中
施工现场安全协议书 第一条为了加强施工现场安全管理,保障通信设施、设备安全畅通和施工人员及其他有关人员的人身安全,根据国家有关法律法规、运营商及甲方相关安全管理规定,甲乙双方签订《施工现场安全协议书》。 第二条本协议书适用于土建建设工程、通信管道、通信线路、通信设备安装工程施工现场的安全生产、文明施工活动。 第三条乙方承诺,在按照通信运营商要求开展具体项目的施工建设工作时,将严格按照本协议规定承担施工现场的安全责任。 第四条甲方对乙方施工现场安全进行监督,甲方项目及安全管理人员有权对施工现场的安全管理进行指导和监督,乙方必须服从甲方项目及安全管理人员的管理和监督检査,积极配合,并确保施工现场安全。 第五条乙方的安全管理必须坚持安全第一、预防为主的方针,做到安全施工、文明施工,确保设备、设施安全和人员安全。 第六条乙方应当执行国家、行业有关标准、规范、规程。在具体项目施工现场并应遵守下述规定: (一)土建施工现场应当设置醒目的警示标牌,包括:工程概况牌、安全生产责任牌、安全纪律牌、安全警示牌、安全技术措施牌、防火责任牌、文明施工措施牌、现场总平面图。 (二)通信管道、线路施工现场,应特别重视并遵守下列要求: 1、必须设立警示信号标志,白天用红旗,晚上用红灯,以便引起行 人和各种车辆的注意。必要时应设围栏,并请交通民警协助,以保证安全。 2、施工区域,有平行与交越电力线缆,必须采取相应措施,避免发生人员伤亡事故。 3、施工人员进入人(手)孔作业,应先探明人(手)孔内有无有毒、易燃气体,避免发生中毒事件。 4、进行登高作业的施工人员应取得相应资格证,上杆前应先检查登高工具和保险装备,避免发生摔伤事故。 5、现场施工用电源线架设高度,必须满足安全要求,并须安装警示