Published in Proc. of the IEEE Symposium on Research in Security and Privacy, Oakland (Ca.), May 20-22, 1991 Intrusion Tolerance in Distributed Computing Systems
Yves Deswarte Laurent Blain Jean-Charles Fabre
LAAS-CNRS and INRIA
7, avenue du Colonel Roche
31077 Toulouse (France)
Abstract
An intrusion-tolerant distributed system is a system which is designed so that any intrusion into a part of the system will not endanger confidentiality, integrity and availability. This approach is suitable for distributed systems, because distribution enables isolation of elements so that an intrusion gives physical access to only a part of the system. By intrusion, we mean not only computer break-ins by non-registered people, but also attempts by registered users to exceed or to abuse their privileges. In particular, possible malice of security administrators is taken into account. This paper describes how some functions of distributed systems can be designed to tolerate intrusions, in particular security functions such as user authentication and authorization, and application functions such as file management. Introduction
Most of the currently developed secure systems are based on paradigms such as access control matrix, reference monitor, security kernel or trusted computing base concepts. These concepts are essentially centralized, in order to keep their implementation simple and verifiable. Such a centralized approach is inconsistent with distribution, local autonomy and concurrency that distributed systems are supposed to provide. Moreover, a centralized implementation of these concepts would constitute a "single point of failure", with respect both to accidental faults (a single site failure can produce a denial of service for the whole distributed system), and to intrusions (a successful intrusion into a single site is sufficient to annihilate the security of the whole distributed system). For such distributed systems, the "Red Book" (Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria [15]) proposes the building of a Network Trusted Computing Base, composed of a set of cooperating Trusted Computing Bases. Within each site of the distributed system, a local TCB is responsible for the authentication of local users, and for the access control to local objects. For accesses from local subjects to remote objects, the local TCB must cooperate with the remote TCBs responsible for the objects. The enforcement of the authorization policy is based on cooperation between the TCBs, which must therefore trust each other, i.e. all the computers of the distributed system must enforce the same security concepts, with a consistent knowledge of subjects and objects, and with homogeneous security protocols. Consequently, this approach is unsuitable for current heterogeneous open distributed systems. Moreover, a successful intrusion into a local TCB can endanger the security of the whole distributed system. Such a case has to be seriously considered since, with current workstations, it is easy for a local user to obtain complete local control (e.g. as superuser). In addition, TCB administrators may be targets for bribery.
In our approach, the required trust comes from the cooperation and the consensus of a majority of security entities. Each entity can be individually untrusted, as long as a majority of them can be trusted. Therefore, an intrusion into a part of the system will have no consequence on the system security if only a minority of the security entities is affected by the intrusion : this approach is thus "intrusion-tolerant".
More precisely, let us consider a distributed system composed of standard workstations, the clients, and of intrusion-tolerant distributed servers. Each server is constituted by a set of untrusted sites, the server being trusted as a whole. That means that an intrusion into the distributed server sites should not endanger the confidentiality and integrity of the sensitive data stored or processed by the server, and should not produce any denial of service: to be successful, an attacker would have to intrude into a majority of the server sites, or bribe a majority of the site administrators. This
approach can be envisaged for application servers, such as file servers or data processing servers, as well as for specific security servers, responsible for user authentication and for authorization (i.e. control of access to application servers). The following parts of this paper will be devoted to the design of such servers. The clients can be off-the-shelf workstations, but running only one user session at a time, and only for local users. Except during local user sessions, no sensitive data is stored on the workstation (temporary files and other session information are wiped out at the end of each session). No trust is placed on the workstation since all security relevant operations are run by intrusion tolerant servers. However, this paper does not address the threat of intrusions into the workstation during a user session, nor the problem of malicious logic (e.g. Trojan horses) inserted into a client or a server. Moreover, this paper does not consider input-output operations which are not located on the workstation: the intrusion tolerance approach does not seem suitable for printer servers or scanner servers, for instance. On the other hand, intrusion tolerance techniques can be applied to gateways and communication links [11, 20] or to data processing servers [8, 23], but such applications are beyond the scope of this paper.
The first section of this paper describes the intrusion tolerance approach more precisely, while the following sections are devoted to various particular intrusion tolerant servers: authentication servers, authorization and directory servers and persistent file servers.
1Intrusion tolerance
By intrusion we mean a large class of attacks, covering not only computer break-ins by external attackers, but also illegitimate use by registered users [3]. Such intrusions can be classified according to the intruder privileges, or according to the intrusion targets. Intruders can be:
?external intruders, i.e. who are not registered as users of the computing system; thus, they have to deceive or by-pass the authentication and authorization mechanisms, or
?internal intruders, i.e. who are registered as legitimate users, but who:
-try to exceed their privileges, for instance by trying to read confidential data or modify sensitive information for which they have no authorized access: to do this, they have to by-pass the authorization mechanisms, or
-abuse their privileges for some illegitimate (but authorized) actions; for instance a security officer can (but should not) take malicious actions, or an operator can (but should not) halt a computer at some inappropriate instant, causing a denial of service1.
Intrusion targets can be:
?information confidentiality: the intrusion attempts to disclose confidential information,
?information integrity: the intrusion attempts to create false information or to alter or destroy sensitive information,
?service availability: the intrusion attempts to prevent legitimate users from using the system (denial of service).
In dependability terminology [13], intrusions are inten-tional operational external faults, i.e. one particular class of faults. Classically, dependability is obtained by a mixture of fault prevention and fault tolerance. This dual approach can also be applied to intrusions, i.e. we can consider intrusion prevention and intrusion tolerance. Intrusion prevention is the aim of most of physical and logical access control mechanisms. When one considers the possibility that such mechanisms can be defeated, intrusion tolerance techniques can be contemplated.
As a matter of fact, intrusion tolerance is not a new concept. Cryptography, for instance, can be viewed as a very efficient technique for tolerating intrusions against data confidentiality as well as for detecting unauthorized data modifications (by means of cryptographic signatures). Moreover, classical fault tolerance techniques can be useful for tolerating intrusions: error detection-and-recovery or error masking techniques can be applied to maintain data integrity or service availability in spite of intrusions. However, such fault-tolerance techniques are usually considered as harmful for data confidentiality, due to the redundancy that they imply.
Our approach to intrusion-tolerance takes advantage of the geographic distribution of a distributed system in order to achieve confidentiality and integrity of sensitive information, and availability for the service. One of the techniques we propose for this purpose is the fragmentation-redundancy-scattering technique [6], which consists in first cutting all sensitive information into fragments, in such a way that any isolated 1Such intrusions are possible only because the least privilege principle is not perfectly implemented: otherwise, no illegitimate
action would be authorized.
fragment does not contain significant information, and second scattering the fragments among the different sites of the distributed system, so that an intrusion into a part of the distributed system give access only to unrelated fragments. Redundancy is added to the fragments (e.g. by replication) in order to tolerate accidental or deliberate destruction or alteration of fragments. The following chapters show how this technique can be applied to different functions.
2User registration and authentication
In our distributed system model, clients are untrusted, off-the-shelf workstations. Therefore, user authentication cannot rely on the workstation authentication mechanisms: user authentication has to be implemented by a trusted authentication server, which must also be responsible for user registration. This approach is very similar to Kerberos [14] or Strongbox [24], except that these two authentication facilities are not intrusion-tolerant. For instance, the Kerberos server stores plain text passwords for all the users, which means that if an intrusion succeeds on the server, the intruder can use this information to impersonate any user. Strongbox uses zero-knowledge protocols, and then disclosure of information stored on the authentication server is not sufficient for an intruder to masquerade other users. However, such masquerade is possible with the complicity of one of the authentication server administrators: an administrator can modify any user registration information.
2.1Intrusion tolerance for user registration
and authentication
An intrusion-tolerant registration and authentication server must tolerate all the kinds of intrusions which have been presented in section 1. This can be done by the use of distribution among a set of authentication sites. Thus, availability of the authentication function can be achieved in spite of failures of one or a minority of sites. Another characteristic is that each site can be managed by a different security administrator: this enables intrusions by a minority of malicious security administrators to be tolerated. Thus, the authentication server can be viewed as composed of a trusted set of untrusted authentication sites managed by a trusted set of untrusted security administrators.
2.1.1User registration
Registration of a new user in the system must be per-formed under the control of the security administrator at each authentication site. The user is registered at the first site by the first security administrator, at the second site by the second administrator and so on. At each site, the identity of the user is stored with some authenticator which will be used by the authentication process to verify the claimed identity. The authenticator can be a password, a secret permanent key or a public key. However, except if public keys are used, different authenticators have to be stored on the different authentication sites for the same user. This can be considered as an implementation of the concept of separation of duty: one or a minority of security administrators cannot register an illegitimate user and cannot prevent the registration of a legitimate user at a majority of authentication sites. Moreover, if such mali-cious administrators try to use local information stored on their sites in order to impersonate a registered user, they will fail because they cannot be authenticated by the other sites.
2.1.2Authentication protocol
When a registered user wants to access remote servers from a workstation, he/she has to be authenticated by the authentication server: an authentication protocol has to be run between the user site and the authentication sites. This protocol is composed of three phases. In the first phase, the user site attempts an independent authentication with each of the authentication sites. This authentication can be based on classical authentication algorithms [16, 12, ...], but with different authenticators (or different challenges with public key systems) for the different authentication sites. In this first phase, each authentication site independently decides, for itself, whether or not the authentication attempt succeeds. During the second phase, each authentication site broadcasts its individual decision to all the other authentication sites, and receives the decisions of these other sites. In the third phase, according to the majority of all the received decisions and its own decision, the authentication site authorizes (or not) the session for the user, and confirms this session authorization by sending to the user site a session key (or a ticket containing the session key, depending on the authentication algorithm which has been selected) . A different session key is randomly generated by each authentication site. This session key or ticket will be used by the user site to authenticate its requests in the authorization process (see section 3).
In this protocol, majority voting on the different authentication decisions enables the system to tolerate accidental faults affecting the registration data stored
on the different authentication sites or communication faults during the protocol, as well as to tolerate intrusions into a minority of authentication sites which could lead to false local decisions. Moreover, different session keys are generated independently by each authentication site, and sent only to the user site; thus, no intruder, even with the complicity of an administrator, can impersonate the user site (except if he/she breaks the classical authentication algorithms). To conclude this part, we can say that the authentication server described above has two essential characteristics. A read intrusion into one or into a minority of authentication sites does not give enough information to impersonate a user and the destruction of data of one or of a minority of sites does not make the authentication function unavailable.
2.2Implementation of the registration and
authentication protocols
It would be difficult for a user to memorize several strong independent passwords. A better solution is to store secret keys on a personal smartcard, the owner of which has only to memorize his/her PIN. Our current implementation uses Bull CP8 smartcards with shared keys, one smartcard for each user and one for each authentication site administrator; all the administrators of a given authentication site have identical master smartcards, except for the identification and the PIN of the administrator. On the user smartcard, there is a set of areas, one area for each authentication site, i.e. for each master smartcard. This means that when a user is registered by an authentication site, the local master smartcard generates a secret key that it writes within its own reserved area on the user smartcard. When the user has been registered by the N sites, his/her smart-card possesses N secret keys within N areas. In the authentication phase, each authentication site sends a challenge to the user. The user smartcard applies a one-way function to this challenge and the shared secret key and sends the result to the authentication site. The master smartcard performs the same operations on the same data and compares the results. This protocol is performed by every authentication site.
The major drawback of this system is that, when a new authentication site is added, all users must be registered by the new site. Another solution for implementation of these functions is the use of public-key cryptosystems such as RSA [18] or El-Gamal [4] or zero-knowledge protocols [5]. The interesting point of these systems is that they do not need shared secrets. Only the user (or the user smartcard) knows the secret and there is no risk of masquerade by security administrators. Another advantage is that when a new authentication site is added, it can immediately per-form user authentication because it has only to copy lo-cally the public keys which are stored on the other authentication sites. Unfortunately, currently there is no efficient public-key smartcard available.
3Authorization and directory servers
The aim of this section is to describe a distributed, intrusion-tolerant authorization server. This server has to store and manage access-rights and to grant or deny user accesses to remote application servers. The server is made intrusion-tolerant using distribution among a set of authorization sites and the application of the following techniques: replication, secret sharing and agreement.
3.1Distributed system authorization
An authorization server has to check the rights of users who wish to access remote servers or objects. It also manages all user rights for all objects which could be accessed and which need to be protected. When a new object is created by a user or when a new server is installed, the authorization server stores the access rights, the reference (information which enables direct access to the object) and other information, which together form the object or server descriptor. The access right management must obey an authorization policy, which has to be implemented by the authorization server.
The two roles of an authorization server are given above: access right checking and access right management according to an authorization policy. In most secure distributed systems, these two roles are performed by the secured application servers. For instance, in the Kerberos system [14, 22] an authentication server and a ticket granting server verify the identity of a user who wishes to access a remote application server and establish the session between the user site and the application server, but the authorization is carried out by the application server itself: once a session has been established between the user site and the application server, the authentication server and the ticket granting server play no further role, and the application server is alone responsible for access right checking as well as for access right management.
The Kerberos approach possesses the advantage of incremental modularity: it is easy to add a new server
in the system, just by adding server identification information to the ticket-granting server database. This approach also permits flexibility of authorization management: each server administrator manages access rights the way he/she wishes to, with some local authorization policy he/she selects. The price paid for this flexibility is the necessity to develop specific authorization mechanisms for each server, and to administrate individually each server. Moreover, the consistency of the distributed system authorization policy and the consistency of the administration of the whole distributed system are based upon the coopera-tion and the benevolence of server administrators. Another approach is to implement a central reference monitor on a specialized site, such as for the Secure File System of the Distributed Secure System architecture proposed in [19]. In that case, the authorization policy consistency is easily enforced, and the security administration of the distributed system is very simple. But, since the reference monitor is the mediator for every communication between the user site and the server, this reference monitor site is a bottle-neck for the communications and a single point of failure.
Our approach can be considered as a compromise between these two approaches: an authorization server is responsible for access right checking and access right management, but when an access from a user site to an object is granted, tickets are distributed by the authorization server to the user site and to the server managing the object, so that the user site can directly access the server for all its requests to that object: when the application server receives a request, it has only to check that this request is allowed by the cor-responding ticket. An application of this protocol is pre-sented in section 4. This kind of authorization server gives the same authorization policy consistency and administration simplicity as the central reference monitor, but with no communication bottle-neck. Section 3.3 shows how to make this authorization server intrusion-tolerant and fault-tolerant in order to avoid it constituting a single point of failure.
3.2Integration of directory and authorization
functions
The descriptors (access-rights, references,...) for all the objects are stored on the authorization server; thus it is necessary to have a representation and a request model for these descriptors. The two problems of concern here are how to store and how to access these descriptors. A very convenient model is the Directory Service standard [2]. The data representation given in this standard is a tree where all the leaves are descriptors and the nodes are directories [9]. The tree model permits the building of a hierarchy of objects. For each node or leaf of the tree, there is a set of attributes which describes the object, the server or the directory. According to the object type, the attributes are different; this facilitates the representation of the vari-ous types of servers which exist in the system.
The authorization server has to manage two kinds of access controls. The first concerns access to application servers, such as a data processing servers, which manage no specific persistent objects. In the tree structure, the descriptors of such servers are leaves directly connected to the root: there is no obvious reason to structure these servers as a hierarchy. The second kind concerns accesses to persistent objects maintained by application servers, such as the Persistent File Server presented in section 4. In this case, access control concerns not only the servers but also the objects which are stored inside (files in this example). The representation of these servers and their objects will be a subtree, the root of which will be under the global root. This tree has both nodes and leaves. The nodes are object directories and do not correspond to real objects; they are only means for managing a hierarchy of objects. The leaves are descriptors of real objects and keep all the information needed for access.
If the distributed system is large enough, all the servers and objects may not be represented in a single authorization server. In such a case, the distributed system can be partitioned into multiple management domains, with an authorization server in each domain. In this case, the tree of objects and servers managed by an authorization server is represented in other authorization servers by a link from a node to the root of this tree (figure 1).
Processing
ROOT
Persistent File Server Figure 1: Example of directory structure.
Within the tree, the leaves are descriptors of real objects or application servers which can be accessed.For each leaf, there is a set of attributes which compose together all the information about the corresponding objects (or application servers). These attributes are:
?access control list, which defines which access-rights to the object are granted and to whom;
?reference, which is information which enables direct addressing of the object or server;
?other information according to the object type.For directories, except for links to other authorization servers, there is no reference attribute because they do not match a real object in the system. The only attribute for directories is an access-control list.Once created this data must be accessed by users, as for any classical Directory Service, by means of requests to the authorization server (X500 requests such as descriptor read, modification, adding and deleting).An important point is that when the authorization server receives the request, it acts according to the authorization policy which has been implemented. The authorization policy does not depend on the representation model, so that any type of policy can be implemented (multi-level, discretionary...).Nevertheless, if a mandatory policy is selected, then this policy must be enforced within the user site, which is not realistic with current off-the-shelf workstations.However, a discretionary authorization policy,compatible with these requirements, has been proposed in [1].
3.3Intrusion-tolerant implementation
The problem raised in the above section is "how to make a centralized authorization server intrusion-
tolerant ?". This raises the question of "how to store the objects descriptors on the server" and "how to run the server" so that intrusions have no consequence on the information confidentiality and integrity and on the service availability. The answer is distribution, data replication, secret sharing and majority voting.3.3.1
Distribution
First of all, just as with the authentication server, the authorization server is distributed among several sites called authorization sites. Each authorization site is administrated by a different security administrator. No individual site or administrator is trusted, although a majority of them are trusted.
The authorization server is strongly related to the authentication server since only users that have been previously authenticated can access remote servers. At least for small distributed systems, the simplest solution is to locate the two servers on the same set of sites. But it is also possible to isolate authentication sites (which have to store only user registration information) from authorization sites (which have to store only server and object information): in such a case, the authentication server manages a directory tree consisting of just a link to an authorization server,i.e. the relation between the authentication server and the authorization server is the same as the link from one authorization server to another one.3.3.2
Data replication and secret sharing
Among all the information stored by the directory-and-authorization servers, some data items are less sensitive than others. For instance, one can consider that the tree structure and the access control lists are not confidential enough to prevent security administrators from reading them, the integrity and availability of these data items being much more important than their confidentiality: such data can be replicated on all the authorization sites 1.
Other data items are more sensitive, since they could be used to by-pass or deceive the access controls: that is the case of permanent keys, such as the fragmentation key used by the persistent file facility (see section 4). These very confidential data items are object attributes which must be managed in such a way that only an agreement between a majority of the authorization sites can give access to them: such
1If a subtree structure belongs to a confidentiality level higher than the rest of the tree, this subtree can be isolated in another authorization server, operated by other, more trusted security administrators, with a link from the main tree to the subtree (see figure 1).
secrets are thus to be "shared" [21] by the authorization sites. A very satisfactory solution to this problem is given by the "threshold scheme" concept: a threshold scheme is used on the user site to build different "shadows" of the confidential information. Then, these shadows are sent to all the authorization sites. The local attribute stored at a single authorization site is only a part of the overall attribute of the object; this attribute can be only rebuilt on the user site which gets a sufficient number of shadows (greater or equal to the threshold, which can be for instance the majority of authorization sites). This means that a minority of authorization sites cannot use this attribute to perform illegal operations. Only the authorized user site can rebuild the confidential data when it receives a majority of correct shadows.
Finally, a third kind of confidential data is managed by authorization sites: user session keys, server keys, etc. But these data items are different on each authorization site: security is maintained as long as only a minority of these data items are disclosed.
3.3.3Majority voting and authorization protocol The authorization protocol is quite similar to the authentication protocol: whatever the user request, first a local decision is taken by each authorization site according to the user access rights which are locally stored; then this local decision is broadcast to the other authorization sites; the authorization decisions received from the other sites are voted on locally (together with the local decision), and, according to the result of the vote, the user request is locally executed or not. This majority voting technique ensures that a legitimate request cannot be denied and an illegitimate request cannot be granted, unless a majority of authorization data copies have been destroyed or altered.
In fact, two kinds of user requests have to be considered. The first one concerns only the authorization and directory sites, such as directory read or modification, or access control list modifications, etc. In such cases, the authorization process is limited to the local execution of the user request at each authorization site. In other cases, the user request is to access an object or an application server which is not located on the authorization sites. For that purpose, after majority voting, if access is authorized, each authorization site will send one ticket to the user site and another to the application server.
The user site ticket is quite similar to the ECMA PAC (Privilege Attribute Certificate) defined in [10]. The ticket contains tamperproof information concerning the operations which are allowed on the object or on the server. It also contains the object or server reference, but this reference is only transmitted by means of different "shadows" (see section 3.3.2) from each authorization site: only the user site which receives the different tickets from a majority of authorization sites can rebuild the effective reference. This means that no other site can impersonate the user, even with the complicity of the administrators of a minority of authorization sites.
When the user site has rebuilt the reference, it can reconstitute the access ticket containing the tamperproof access information, the complete reference and a user identity certificate. This ticket is valid for several accesses as long as they concern the same object or server with the same authorized operations (e.g. all read accesses for one persistent file, see section 4.2.2.). This ticket is sent by the user site to the application server with each request. The application server has only to check the validity of this ticket according to the majority of tickets it has received from the authorization sites, and to verify if the user request and the reference are valid, before executing the request.
4Persistent file server
4.1Overall framework
The aim of this section is to give an example of an intrusion-tolerant application server that takes advantage of authorization servers to simplify security management and administration. The application server presented here is a persistent file server, i.e. a server which stores the user files between user sessions [6, 7]. In our distributed system model, a typical user session consists of the following:
?the user starts his/her workstation (from which all user data have been wiped out at the end of the previous session) and runs the authentication protocol with the authentication server,
?the user reads a particular file from the persistent file server (if read access is granted by the authorization server),
?the user modifies the local file copy on his/her workstation,
?at the end of the session, all file updates are sent to the persistent file server (if write access is granted by the authorization server), and all local user data items are deleted.
Two types of intrusions have to be considered. First,confidentiality can be attacked by tapping the communication medium or by intruding into the file server. Second, an intruder can attempt to modify or to destroy a file on the file server (integrity and availability attacks). In addition, accidental faults can also endanger file integrity and availability. To deal with these threats, we propose to use the fragmentation-redundancy-scattering technique which has been defined in section 1.
The fragmentation and scattering technique when applied to file storage involves cutting every sensitive file into several fragments in such a way that one or several fragments (but not all) are insufficient to reconstitute the file. The level of information granularity is such that the contents of one or several fragments together do not disclose any significant information. The fragments are stored in several copies on different geographically distributed sites, which can be viewed as fragment server machines (see figure 2).
Figure 2: Fragmentation-and-scattering applied to persistent
file storage
4.2The file server structure
A persistent file is processed using a set of operations as described below. Some of the file management operations are carried out in the user site, others are remotely executed by the storage sites. To ensure a high level of security, whole files are never available except on the user site during the user session. Thus,data items transmitted by the network are always in a fragmented form, with no possibility of identifying the different fragments belonging to a given file (otherwise,
eavesdropping of the communication channel could annihilate the added advantages of this technique).That means that the fragmentation and naming of fragments are executed in the user site.4.2.1
User site operations
Every user site is able to access the persistent file operations by means of specific library functions for storing and retrieving the files within the distributed file system. These user site operations use the fragment server functions of the different storage sites and the directory functions of the authorization server. The library provides all the usual file operations such as creation, deletion, opening, closing, reading, writing,etc.
As stated earlier, two basic operations related to file security are provided in the user site: fragmentation and fragment naming. The fragmentation operation uses a fragmentation key which is stored and distributed by the security server by means of a threshold scheme.The fragmentation operation is based on fast and ensuring a high level of security due to the of information. The names given to the fragments are generated by cryptographic using the fragmentation key, such that no carried out in such a way that fragments have a the fragmentation key,a similar algorithm and the same key as for Fragment server site operations
the physical storage devices and data transfers between the storage device and the network. These fragment operations are only available to the file management operations embedded in the user sites, and only if an authorization server has sent the corresponding ticket (see 4.2.3). When writing a file, the user site sends the fragments over the communication channel to the set of fragment server sites. For any fragment, each site decides whether or not it should be stored locally,depending on a distributed algorithm ensuring security and availability, based on principles discussed in section 4.4. For the read operation, the user site broad-casts the names of the fragments, and for each
fragment, every storage site which had stored a
fragment copy sends it to the user site.
Each storage site acts as a file server which can only store fixed length files, with a "flat directory" structure. The operations managed by these storage sites are fragment reading, fragment writing, and fragment deletion. Only fragment names are visible at any storage site; thus, an intruder who has obtained the control of a storage site cannot determine where a fragment comes from or to which file a fragment belongs.
4.2.3Access control (authorization)
As has been described above, authorization is not per-formed by the storage sites but by an authorization server. The authorization server manages and verifies rights for files and not for the fragments because it knows neither their names nor their location. For each file, the directory function of the authorization server stores a reference of the file, which is in fact the fragmentation key which permits generation of the fragment names. The fragmentation key is "globally shared" and each authorization site has only one shadow of the key. When a user site rebuilds the key, it is able to access the fragments directly.
As described in section 3.3.3, the user site and the storage sites receive different tickets. The storage site ticket cannot contain the file name because the storage sites cannot know which file a request for a fragment corresponds to; this ticket cannot either contain the reference (fragmentation key) which concerns only the user site. Therefore, how does a storage site know that a fragment corresponds to a file that a user has been authorized to access? The solution is to store a tag within the fragment which is the result of a hash function applied to the fragment name and the file name. This tag is generated by the user site during the fragment write operation. The storage site ticket contains the hashed file name generated by the authorization server. The storage site, when receiving a request for a fragment, applies the hash function to the fragment name and the hashed file name, and compares the result with the fragment tag: if they are identical, this means that the fragment belongs to the file the user is authorized to access. The last field of the storage site ticket corresponds to the authorized operations and to the user identity certificate; these data items are compared to the ticket the user site transmits with its request.4.3Fragmentation principles
A general approach is proposed for the fragmentation operation. While, the file may be of any length and of any type, the fragmentation operation must ensure that no useful information can be obtained from isolated fragments, which implies that all the fragments (from all the files) must have the same fixed length and that their names do not allow any information to be deduced. Finally, an important requirement concerns data integrity: modification of a fragment must be easily detected when the file is read.
4.3.1Partitioning
A method has to be defined that is suitable for producing fragments of identical length from files with very different lengths. The solution proposed is first to cut each file into pages of fixed size (partitioning). The files are padded out to reach a size equal to a multiple
of a page size (figure 3).
: Padding
Figure 3: A file partitioned into pages
Every page may then be fragmented into an identical number of fragments. All the fragments so obtained have the same length, which may be chosen equal to that of a packet sent on the communication channel, or a quantum in the mass storage, for example, in order to improve the speed of access to information. Another advantage is that one does not need to get the whole file: pages can be retrieved independently. So, a user does not need to reassemble a whole file if he/she only needs a single page. A cryptographic checksum is added to each page; this checksum is checked by the read operation to verify the integrity of the page.
The mean space overhead due to padding information is half a page (if the mean file length is much larger
than the page length), and is of course a large overhead for very small files. The shorter a page is, the smaller this overhead is, but the longer is the management time, mainly due to fragment storage time.4.3.2
Fragmentation
Fragmentation is performed at the user site and is realized in conjunction with classical cryptographic methods. One may wonder why fragmentation is used since cryptographic techniques must still be employed.There are two good reasons:
?first, the geographical scattering of fragments makes the theft of individual storage media of no avail to the intruder - even if he/she possesses the cypher key,
?secondly, the added security of scattering means that the ciphers employed can be much simpler and thus faster than conventional ones.
DISTRIBUTION
FRAGMENTS
. . .
CIPHER
Figure 4: Ciphering and fragmentation
We have thus chosen to fragment ciphered pages (figure 4): each page is first ciphered and the fragments are obtained from this ciphered page. The distribution uses a fixed scheme wherein each successive quantum of data is put into one of the fragments; this distribution does not depend on the key. This operation leads to a fine-grain scattering of the data among all the fragments.
In order to make it as difficult as possible for an intruder to decipher an individual fragment or sub-set of fragments, it is preferable to choose a cipher scheme that makes the ciphertext of each data-quantum, and thus each fragment, dependent on the others. This may be realized by using a stream cipher, for instance by means of cipher block chaining (CBC). In order to make the cryptanalysis more difficult (even if the intruder is eavesdropping the network and is observing several versions of the same fragments), a random nonce (generated each time a page is written) is added at the beginning of the plain text page. Once the ciphered block is obtained, regular fragmentation is carried out: fragment number j contains the fixed
quantum (bits, bytes, words...) number i such that j=i (mod N), N being the number of fragments.Fragment naming consists in assigning a unique identifier to every fragment; this unique identifier is derived from the fragmentation key, the name of the file, the index of the page and the index of the fragment. The naming algorithm is based on one-way cryptographic functions such that no information concerning a fragment can be derived from its name.The fragment writing, reading and deletion requests which are transmitted by the user site to the storage sites are sent in a random order for each page. That means that if an intruder is eavesdropping the network or controls a storage site, he/she can receive all the fragments of a given page, but he/she is not able to know in which order he/she has to put the fragments in order to attempt a cryptanalysis of the page. For instance, if a page is cut in 16 fragments, an intruder should attempt 16! /2 ≈ 1013 trials to find the correct arrangement. Thus, the confidentiality depends more on this random order than on the efficiency of the cipher.
4.4Scattering principles
Once the file is fragmented at the user site, the fragments are broadcast to the storage sites in order to be stored with a fixed number of copies (i.e. on a fixed number of different storage sites) in order to ensure availability via replication; the number of copies is a file parameter which depends on the availability requirements of the user for that file. Using a broadcast communication channel, each fragment is sent only once and is, in general, received by all the storage sites.
Once a fragment has been received by the storage sites, a decision has to be taken by these sites in order to ensure that (exactly) R copies will be stored. A distributed pseudo-random algorithm is then executed that takes into account the relative available space at each site in order to decide the final placements of the fragments. The need to take into account the available space at each site is necessary in order to maintain a good balance among the different fragment server sites.On the other hand, (pseudo—)random behaviour is advantageous for preventing an intruder from knowing the actual locations of the replicates.
Scattering increases confidentiality because a number of concerted intrusions is necessary in order to get all the fragments derived from a single page. It also increases data availability, due to the replication of fragments. An intruder would have to destroy as many
sites as the number of replicates to make a fragment unavailable. Integrity properties are provided because an intruder would have to modify all the replicates and so must realize several intrusions. Moreover, it is very unlikely that an intruder could modify even one byte of a fragment without modifying the cryptographic checksum of the page.
4.5Comparison to other related techniques Other techniques could be used to implement a secure persistent file server. The first one consists in ciphering the file on the user site, and storing the ciphered file in several copies on different file servers. In that case, confidentiality relies on the efficiency of the cipher algorithm: an intruder who is eavesdropping the network or who gets a copy of the ciphered file (e.g. a file server back-up tape) can take all the time and all the computer power he/she wants to cryptanalyze the file; with one intrusion, he/she gets all the information he/she needs. With our technique, the intruder who gets all the fragments of a page, would have to try, say, 1013 arrangements before cryptanalyzing the ciphered page (cf. section 4.3.2). That means that our cipher can be ≈1013 times less strong, and can be much faster. For integrity, the two techniques are comparable. For availability, the two techniques are equivalent for acci-dental server failures, but the fragmentation-replication-scattering technique is less robust against simultaneous destruction of storage sites: if an intruder is able to destroy R (out of N) storage sites at the same time, he/she will make many more files unavailable than if he/she destroys R ciphered file servers. The overhead of the two techniques are equivalent for the communications and the storage space, but fragmentation-replication-scattering can be made much less CPU-consuming than the ciphered file approach. Another technique has been proposed by Rabin for fault-tolerant file servers: the "Information Dispersal" approach [17]. This technique consists in coding the file with a special error-correcting code and in splitting the coded file in n pieces, such that m out of n of these pieces are sufficient to rebuild the complete file. The n file pieces are stored by different storage servers. The coded file is longer than the original file, but the redundancy is much smaller than replication in (n - m + 1) copies, for nearly the same availability and integrity. But this code is much more CPU consuming than the fragmentation and does not ensure file confidentiality: to prevent information disclosure to eavesdroppers and storage site intruders, the file has to be ciphered before coding. To summarize, the storage and communication overhead is much less in the Rabin's technique, but it consumes much more CPU time.
Conclusion
The intrusion tolerance approach looks very promising for open distributed systems whose elements cannot be all trusted. In particular, the intrusion-tolerant authentication and authorization servers enables a consistent security policy to be implemented on a set of heterogeneous, untrusted sites, administrated by untrusted (but non-conspiring) people.
A prototype of the persistent file server presented in this paper has been successfully developed and implemented as part of the Delta-4 project of the European ESPRIT programme. An intrusion-tolerant security server, gathering the authentication function and the directory and authorization function, is currently being developed for the Delta-4 project; completion of a prototype is planned for the end of 1991. In parallel, application of the fragmentation-redundancy-scattering technique to data processing is explored [8, 23]: in that case, process parallelism and distribution are used to prevent information disclosure, while process replication is used to ensure availability and integrity.
Acknowledgements
The authors are grateful to Jean-Claude Laprie, David Powell and Joni Fraga for the original principles of the fragmentation-redundancy-scattering technique as well as to Jean-Michel Fray, Pierre-Guy Ranéa and Gilles Trouessin for their contribution to the development of this technique. Brian Randell has helped to make the final version of this paper more readable. This research is partly supported by the PDCS (Predictably Dependable Computing Systems) project n°3092 of the European ESPRIT programme, while some aspects have been implemented as part of the Delta-4 (Definition and Design of an open Dependable Distributed architecture) project n°2252 of ESPRIT. References
[1]Blain L. and Deswarte Y., "An intrusion-tolerant
security server for an open distributed system", Proceedings of the European Symposium in Computer Security (ESORICS 90), Toulouse (France), October 1990, Pub. AFCET, ISBN 2-9036778-9, pp. 97-104
[2]CCITT, The Directory, Recommendation X500,
December 88.
[3]Denning D.E., "An intrusion-detection model",
Proceedings of the 1986 IEEE Symposium on Security and Privacy, Oakland (Ca.), April 1986, pp. 118-131
[4]El Gamal T., "A Public Key Cryptosystem and a
Signature Scheme Based on Discrete Logarithms", IEEE Transactions on Information Theory, Vol.31, n°4, July 1985, pp. 469-472. [5]Fiat A. and Shamir A., "How to prove yourself:
Practical solutions of Identification and signature Problems", Advances in Cryptology - CRYPTO 86, Santa Barbara (Ca.), August 1986, Springer-Verlag, Vol. 263, ISBN 0-387-18047-8, pp. 186-194.
[6]Da Silva Fraga J. and Powell D., "A Fault- and
Intrusion-Tolerant File System", Proceedings of the 3rd International Conference on Computer Security, IFIP/SEC'85, Dublin (Ireland), August 1985, pp. 203-218.
[7]Fray J.M., Deswarte Y. and Powell D., "Intrusion-
tolerance using fine-grain fragmentation-scattering", Proceedings of the 1986 IEEE Symposium on Security and Privacy, Oakland (Ca.), April 1986, pp. 194-201.
[8]Fray J.M. and Fabre J.C., "Fragmented Data
Processing: an Approach to Secure and Reliable Processing in Distributed Computing Systems", Proceedings of the 1st IFIP International Conference on Dependable Computing for Critical Applications (DCCA), Santa Barbara (Ca.), August 1989, pp. 131-137.
[9]Gasser M., Goldstein A., Kaufman C. and
Lampson B., "The Digital Distributed System Security Architecture", Proceedings of NCSC, 1989.
[10]Hoffmann G., Lechner S., Leclerc M. and Steiner
F., "Authentication and Access Control in a
Distributed System", Proceedings of the European Symposium in Computer Security (ESORICS 90), Toulouse (France), October 1990, Pub. AFCET, ISBN 2-9036778-9, pp. 71-84
[11]Koga Y., Fukushima E. and Yoshirara K., "Error
recoverable and securable data communication for computer network", Proceedings of the 12th International Symposium on Fault-Tolerant
Computing (FTCS-12), IEEE, Santa-Monica (Ca.), June 1982, pp. 183-186
[12]Lamport L., "Password authentication with
insecure communication", Communications of the ACM, Vol. 24, n°11, November 1981, pp. 770-772 [13]Laprie J.C., "Dependability: a unifying concept for
reliable computing and fault-tolerance", in Dependability of Resilient Computers, BSP Professional Books, Oxford (UK), Ed. T.
Anderson, 1989, pp.1-28
[14]Miller S.P., Neuman B.C., Schiller J.I. and Saltzer
J.H., "Kerberos Authentication and Authorization System", MIT Project Athena Technical Plan, Sect. E.2.1, December 1987.
[15]NCSC, Trusted Network Interpretation of the
Trusted Computer System Evaluation Criteria, Tech. Rept. NCSC-TG-005, National Computer Security Center, 31 July 1987.
[16]Needham R.M. and Schroeder M.D., "Using
encryption for authentication in large networks of computers", Communications of the ACM, Vol.21, n°12, December 1978, pp. 993-999
[17]Rabin M.O., "Efficient dispersion of information
for security, load balancing and fault tolerance", Journal of the ACM, Vol. 36, n°2, April 1989, pp.
335-348
[18]Rivest R. L., Shamir A. and Adleman L., "A
Method for Obtaining Digital Signatures and Public Key Cryptosystems", Communications of the ACM, Vol.21, n°2, February 1978, pp. 120-126 [19]Rushby J.M. and Randell B., "A distributed secure
system", IEEE Computer, Vol.16, n°7, July 1983, pp. 55-67
[20]Rutledge L.S., A spatial encoding mechanism for
network security, Ph.D. dissertation, Institute for Information Science and Technology, Washington, March 1987
[21]Shamir A., "How to Share a Secret",
Communications of the ACM, Vol.22, n°11, November 1979, pp. 612-613.
[22]Steiner J. G., Neuman C. and Schiller J.I.,
"Kerberos: An Authentication Service for Open Network Systems", Proceedings of the USENIX Winter Conference, Dallas (Texas), February 1988.
[23]Trouessin G., Fabre J.C. and Deswarte Y.,
"Reliable processing of confidential information", Proceedings of the 7th International Conference on Computer Security, IFIP/SEC'91, Brighton (UK), 15-17 May 1991.
[24]Yee B. S., Tygar J. D. and Spector A. Z.,
"Strongbox: A Self-Securing Protection System for Distributed Programs", Technical Report CMU-CS-87-184, January 1988, 18 p.
常用整流二极管 型号VRM/Io IFSM/ VF /Ir 封装用途说明1A5 600V/1.0A 25A/1.1V/5uA[T25] D2.6X3.2d0.65 1A6 800V/1.0A 25A/1.1V/5uA[T25] D2.6X3.2d0.65 6A8 800V/6.0A 400A/1.1V/10uA[T60] D9.1X9.1d1.3 1N4002 100V/1.0A 30A/1.1V/5uA[T75] D2.7X5.2d0.9 1N4004 400V/1.0A 30A/1.1V/5uA[T75] D2.7X5.2d0.9 1N4006 800V/1.0A 30A/1.1V/5uA[T75] D2.7X5.2d0.9 1N4007 1000V/1.0A 30A/1.1V/5uA[T75] D2.7X5.2d0.9 1N5398 800V/1.5A 50A/1.4V/5uA[T70] D3.6X7.6d0.9 1N5399 1000V/1.5A 50A/1.4V/5uA[T70] D3.6X7.6d0.9 1N5402 200V/3.0A 200A/1.1V/5uA[T105] D5.6X9.5d1.3 1N5406 600V/3.0A 200A/1.1V/5uA[T105] D5.6X9.5d1.3 1N5407 800V/3.0A 200A/1.1V/5uA[T105] D5.6X9.5d1.3 1N5408 1000V/3.0A 200A/1.1V/5uA[T105] D5.6X9.5d1.3 RL153 200V/1.5A 60A/1.1V/5uA[T75] D3.6X7.6d0.9 RL155 600V/1.5A 60A/1.1V/5uA[T75] D3.6X7.6d0.9 RL156 800V/1.5A 60A/1.1V/5uA[T75] D3.6X7.6d0.9 RL203 200V/2.0A 70A/1.1V/5uA[T75] D3.6X7.6d0.9 RL205 600V/2.0A 70A/1.1V/5uA[T75] D3.6X7.6d0.9 RL206 800V/2.0A 70A/1.1V/5uA[T75] D3.6X7.6d0.9 RL207 1000V/2.0A 70A/1.1V/5uA[T75] D3.6X7.6d0.9 RM11C 1000V/1.2A 100A/0.92V/10uA D4.0X7.2d0.78 MR750 50V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 MR751 100V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 MR752 200V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 MR754 400V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 MR756 600V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 MR760 1000V/6.0A 400A/1.25V/25uA D8.7x6.3d1.35 常用整流二极管(全桥) 型号VRM/Io IFSM/ VF /Ir 封装用途说明RBV-406 600V/*4A 80A/1.10V/10uA 25X15X3.6 RBV-606 600V/*6A 150A/1.05V/10uA 30X20X3.6 RBV-1306 600V/*13A 80A/1.20V/10uA 30X20X3.6 RBV-1506 600V/*15A 200A/1.05V/50uA 30X20X3.6 RBV-2506 600V/*25A 350A/1.05V/50uA 30X20X3.6 常用肖特基整流二极管SBD 型号VRM/Io IFSM/ VF Trr1/Trr2 封装用途说明EK06 60V/0.7A 10A/0.62V 100nS D2.7X5.0d0.6 SK/高速 EK14 40V/1.5A 40A/0.55V 200nS D4.0X7.2d0.78 SK/低速 D3S6M 60V/3.0A 80A/0.58V 130p SB340 40V/3.0A 80A/0.74V 180p SB360 60V/3.0A 80A/0.74V 180p SR260 60V/2.0A 50A/0.70V 170p MBR1645 45V/16A 150A/0.65V <10nS TO220 超高速
HRA HRC HRA HRC HRA HRC HRA HRC 86.6 70.0103778.555.059937070.540.037726928.027486.3 69.5101778.254.558936570.339.537226627.527186.1 69.099777.954.057936070.039.036726327.026885.8 68.597877.753.557035538.536226026.526485.5 68.095977.453.056135038.035125726.026185.2 67.594177.152.555134537.535225425.525885.0 67.092376.952.054334137.034725125.025584.7 66.590676.651.553433636.534224824.525284.4 66.088950176.351.052533236.033824524.024984.1 65.587249476.150.551732735.533324223.524683.9 65.085648875.850.050932335.032924023.024383.6 64.584048175.549.550131834.532423722.524083.3 64.082547475.349.049331434.032023422.023783.1 63.581046875.048.548531033.531623221.523482.8 63.079546174.748.047830633.031222921.023182.5 62.578045574.547.547030232.530822720.522982.2 62.076644974.247.046329832.030422520.022682.0 61.575244273.946.545629431.530022219.522381.7 61.073943673.746.044929131.029622019.022181.4 60.572643073.445.544328730.529221818.521881.2 60.071342473.245.043628330.028921618.021680.9 59.570041872.944.542928029.528521417.521480.6 59.068841372.644.042327629.028121117.021180.3 58.567640772.443.541727328.527880.1 58.066440172.143.041179.8 57.565339671.842.540579.5 57.064239171.642.039979.3 56.563138571.341.539379.0 56.062038071.141.038878.755.560937570.840.5382黑色金属材料 硬度值换算表 布氏硬度 HB 洛氏硬度 维氏硬度HV 布氏硬度HB 洛氏硬度维氏硬度HV 布氏硬度HB 维氏硬度HV 注:1.布氏硬度:主要用来测定铸件、锻件、有色金属制件、热轧坯料及退火件的硬度,测定范围≯HB450。 2.洛氏硬度:HRA 主要用于高硬度试件,测定硬度高于HRC67以上的材料和表面硬度,如硬质合金、氮化钢等,测定范围HRA>70。HRC 主要用于钢制件(如碳钢、工具钢、合金钢等)淬火或回火后的硬度测定,测定范围HRC20~67。 3.维氏硬度:用来测定薄件和钢板制件的硬度,也可用来测定渗碳、氰化、氮化等表面硬化制件的硬度。 洛氏硬度维氏硬度HV 布氏硬度HB 洛氏硬度
常用二极管参数 2008-10-22 11:48 05Z6.2Y 硅稳压二极管 Vz=6~6.35V, Pzm=500mW, 05Z7.5Y 硅稳压二极管 Vz=7.34~7.70V, Pzm=500mW, 05Z13X 硅稳压二极管 Vz=12.4~13.1V, Pzm=500mW, 05Z15Y 硅稳压二极管 Vz=14.4~15.15V, Pzm=500mW, 05Z18Y 硅稳压二极管 Vz=17.55~18.45V, Pzm=500mW, 1N4001 硅整流二极管 50V, 1A,(Ir=5uA, Vf=1V, Ifs=50A) 1N4002 硅整流二极管 100V, 1A, 1N4003 硅整流二极管 200V, 1A, 1N4004 硅整流二极管 400V, 1A, 1N4005 硅整流二极管 600V, 1A, 1N4006 硅整流二极管 800V, 1A, 1N4007 硅整流二极管 1000V, 1A, 1N4148 二极管 75V, 4PF, Ir=25nA, Vf=1V, 1N5391 硅整流二极管 50V, 1.5A,(Ir=10uA, Vf=1.4V, Ifs=50A) 1N5392 硅整流二极管 100V, 1.5A, 1N5393 硅整流二极管 200V, 1.5A, 1N5394 硅整流二极管 300V, 1.5A, 1N5395 硅整流二极管 400V, 1.5A, 1N5396 硅整流二极管 500V, 1.5A, 1N5397 硅整流二极管 600V, 1.5A, 1N5398 硅整流二极管 800V, 1.5A, 1N5399 硅整流二极管 1000V, 1.5A, 1N5400 硅整流二极管 50V, 3A,(Ir=5uA, Vf=1V, Ifs=150A) 1N5401 硅整流二极管 100V, 3A, 1N5402 硅整流二极管 200V, 3A, 1N5403 硅整流二极管 300V, 3A, 1N5404 硅整流二极管 400V, 3A, 1N5405 硅整流二极管 500V, 3A, 1N5406 硅整流二极管 600V, 3A, 1N5407 硅整流二极管 800V, 3A, 1N5408 硅整流二极管 1000V, 3A, 1S1553 硅开关二极管 70V, 100mA, 300mW, 3.5PF, 300ma, 1S1554 硅开关二极管 55V, 100mA, 300mW, 3.5PF, 300ma, 1S1555 硅开关二极管 35V, 100mA, 300mW, 3.5PF, 300ma, 1S2076 硅开关二极管 35V, 150mA, 250mW, 8nS, 3PF, 450ma, Ir≤1uA, Vf≤0.8V,≤1.8PF, 1S2076A 硅开关二极管 70V, 150mA, 250mW, 8nS, 3PF, 450ma, 60V, Ir≤1uA, Vf≤0.8V,≤1.8PF, 1S2471 硅开关二极管80V, Ir≤0.5uA, Vf≤1.2V,≤2PF, 1S2471B 硅开关二极管 90V, 150mA, 250mW, 3nS, 3PF, 450ma, 1S2471V 硅开关二极管 90V, 130mA, 300mW, 4nS, 2PF, 400ma, 1S2472 硅开关二极管50V, Ir≤0.5uA, Vf≤1.2V,≤2PF, 1S2473 硅开关二极管35V, Ir≤0.5uA, Vf≤1.2V,≤3PF,
1.塑封整流二极管 序号型号IF VRRM VF Trr 外形 A V V μs 1 1A1-1A7 1A 50-1000V 1.1 R-1 2 1N4001-1N4007 1A 50-1000V 1.1 DO-41 3 1N5391-1N5399 1.5A 50-1000V 1.1 DO-15 4 2A01-2A07 2A 50-1000V 1.0 DO-15 5 1N5400-1N5408 3A 50-1000V 0.95 DO-201AD 6 6A05-6A10 6A 50-1000V 0.95 R-6 7 TS750-TS758 6A 50-800V 1.25 R-6 8 RL10-RL60 1A-6A 50-1000V 1.0 9 2CZ81-2CZ87 0.05A-3A 50-1000V 1.0 DO-41 10 2CP21-2CP29 0.3A 100-1000V 1.0 DO-41 11 2DZ14-2DZ15 0.5A-1A 200-1000V 1.0 DO-41 12 2DP3-2DP5 0.3A-1A 200-1000V 1.0 DO-41 13 BYW27 1A 200-1300V 1.0 DO-41 14 DR202-DR210 2A 200-1000V 1.0 DO-15 15 BY251-BY254 3A 200-800V 1.1 DO-201AD 16 BY550-200~1000 5A 200-1000V 1.1 R-5 17 PX10A02-PX10A13 10A 200-1300V 1.1 PX 18 PX12A02-PX12A13 12A 200-1300V 1.1 PX 19 PX15A02-PX15A13 15A 200-1300V 1.1 PX 20 ERA15-02~13 1A 200-1300V 1.0 R-1 21 ERB12-02~13 1A 200-1300V 1.0 DO-15 22 ERC05-02~13 1.2A 200-1300V 1.0 DO-15 23 ERC04-02~13 1.5A 200-1300V 1.0 DO-15 24 ERD03-02~13 3A 200-1300V 1.0 DO-201AD 25 EM1-EM2 1A-1.2A 200-1000V 0.97 DO-15 26 RM1Z-RM1C 1A 200-1000V 0.95 DO-15 27 RM2Z-RM2C 1.2A 200-1000V 0.95 DO-15 28 RM11Z-RM11C 1.5A 200-1000V 0.95 DO-15 29 RM3Z-RM3C 2.5A 200-1000V 0.97 DO-201AD 30 RM4Z-RM4C 3A 200-1000V 0.97 DO-201AD 2.快恢复塑封整流二极管 序号型号IF VRRM VF Trr 外形 A V V μs (1)快恢复塑封整流二极管 1 1F1-1F7 1A 50-1000V 1.3 0.15-0.5 R-1 2 FR10-FR60 1A-6A 50-1000V 1. 3 0.15-0.5 3 1N4933-1N4937 1A 50-600V 1.2 0.2 DO-41 4 1N4942-1N4948 1A 200-1000V 1.3 0.15-0. 5 DO-41 5 BA157-BA159 1A 400-1000V 1.3 0.15-0.25 DO-41 6 MR850-MR858 3A 100-800V 1.3 0.2 DO-201AD
表面粗糙度与标准公差表 无论用何种加工方法加工,在零件表面总会留下微细的凸凹不平的刀痕,出现交错起伏的峰谷现象,粗加工后的表面用肉眼就能看到,精加工后的表面用放大镜或显微镜仍能观察到。这就是零件加工后的表 面粗糙度。过去称为表面光洁度。 国家规定表面粗糙度的参数由高度参数、间距参数和综合参数组成。 高度参数共有三个: 轮廓的平均算术偏差(Ra)如图1所示,通过零件的表面轮廓作一中线m ,将一定长度的轮廓分成两部分,使中线两侧轮廓线与中线之间所包含的面积相等,即 F1+F3+……+Fn-1=F2+F4+……+Fn 图1 轮廓的平均算术偏差 轮廓的平均算术偏差值Ra,就是在一定测量长度l 范围内,轮廓上各点至中线距离绝对值的平均算术偏 差。用算式表示为 Ra=dx 或近似写成 Ra≈ ?不平度平均高度(Rz)就是在基本测量长度范围内,从平行于中线的任意线起,自被测轮廓上五个最高点至 五个最低点的平均距离(图2),即 RZ= 图2 不平度平均高度 ?轮廓最大高度Ry,就是在取样长度内,轮廓峰顶线和轮廓谷底线之间的距离。 间距参数共有两个: 轮廓单峰平均间距S,就是在取样长度内,轮廓单峰间距的平均值。而轮廓单峰间距,就是两相邻轮廓 单峰的最高点在中线上的投影长度Si。 轮廓微观不平度的平均间距Sm。含有一个轮廓峰和相邻轮廓谷的一段中线长度Smi,称轮廓微观不平间距。 综合参数只有一个,就是轮廓支承长度率tp。它是轮廓支承长度np与取样长度l之比。 在原有的国家标准中,表面光洁度分为14级,其代号为V1、V2……V14。V后的数字越大,表面光洁度 就越高,即表面粗糙度数值越小。 在车间生产中,常根据表面粗糙度样板和加工出来的零件表面进行比较,用肉眼或手指的感觉,来判断零件表面粗糙度的等级。此外,还有很多测量光洁度的仪器。
常用稳压管型号对照——(朋友发的) 美标稳压二极管型号 1N4727 3V0 1N4728 3V3 1N4729 3V6 1N4730 3V9 1N4731 4V3 1N4732 4V7 1N4733 5V1 1N4734 5V6 1N4735 6V2 1N4736 6V8 1N4737 7V5 1N4738 8V2 1N4739 9V1 1N4740 10V 1N4741 11V 1N4742 12V 1N4743 13V 1N4744 15V 1N4745 16V 1N4746 18V 1N4747 20V 1N4748 22V 1N4749 24V 1N4750 27V 1N4751 30V 1N4752 33V 1N4753 36V 1N4754 39V 1N4755 43V 1N4756 47V 1N4757 51V 需要规格书请到以下地址下载, 经常看到很多板子上有M记的铁壳封装的稳压管,都是以美标的1N系列型号标识的,没有具体的电压值,刚才翻手册查了以下3V至51V的型号与电压的对 照值,希望对大家有用 1N4727 3V0 1N4728 3V3 1N4729 3V6 1N4730 3V9
1N4733 5V1 1N4734 5V6 1N4735 6V2 1N4736 6V8 1N4737 7V5 1N4738 8V2 1N4739 9V1 1N4740 10V 1N4741 11V 1N4742 12V 1N4743 13V 1N4744 15V 1N4745 16V 1N4746 18V 1N4747 20V 1N4748 22V 1N4749 24V 1N4750 27V 1N4751 30V 1N4752 33V 1N4753 36V 1N4754 39V 1N4755 43V 1N4756 47V 1N4757 51V DZ是稳压管的电器编号,是和1N4148和相近的,其实1N4148就是一个0.6V的稳压管,下面是稳压管上的编号对应的稳压值,有些小的稳压管也会在管体 上直接标稳压电压,如5V6就是5.6V的稳压管。 1N4728A 3.3 1N4729A 3.6 1N4730A 3.9 1N4731A 4.3 1N4732A 4.7 1N4733A 5.1 1N4734A 5.6 1N4735A 6.2 1N4736A 6.8 1N4737A 7.5 1N4738A 8.2 1N4739A 9.1 1N4740A 10 1N4741A 11 1N4742A 12 1N4743A 13
选择distributed memory generator和block memory generator标准: Dram和bram区别: 1、bram 的输出需要时钟,dram在给出地址后既可输出数据。 2、bram有较大的存储空间,是fpga定制的ram资源;而dram是逻辑单元拼出来的,浪费LUT资源 3、dram使用更灵活方便些 补充: 在Xilinx Asynchronous FIFO CORE的使用时,有两种RAM可供选择,Block memory和Distributed memory。 差别在于,前者是使用FPGA中的整块双口RAM资源,而后者则是拼凑起FPGA 中的查找表形成。 1、较大的存储应用,建议用bram;零星的小ram,一般就用dram。但这只是个一般原则,具体的使用得看整个设计中资源的冗余度和性能要求 2、dram可以是纯组合逻辑,即给出地址马上出数据,也可以加上register 变成有时钟的ram。而bram一定是有时钟的。 3、如果要产生大的FIFO或timing要求较高,就用BlockRAM。否则,就可以用Distributed RAM。 块RAM是比较大块的RAM,即使用了它的一小部分,那么整个Block RAM 就不能再用了。所以,当您要用的RAM是小的,时序要求不高的要用Distributed RAM,节省资源。 FPGA中的资源位置是固定的,例如BRAM就是一列一列分布的,这就可能造成用户逻辑和BRAM之间的route延时比较长。举个最简单的例子,在大规模FPGA 中,如果用光所有的BRAM,性能一般会下降,甚至出现route不通的情况,就是这个原因。
二极管封装大全 篇一:贴片二极管型号、参数 贴片二极管型号.参数查询 1、肖特基二极管SMA(DO214AC) 2010-2-2 16:39:35 标准封装: SMA 2010 SMB 2114 SMC 3220 SOD123 1206 SOD323 0805 SOD523 0603 IN4001的封装是1812 IN4148的封装是1206 篇二:常见贴片二极管三极管的封装 常见贴片二极管/三极管的封装 常见贴片二极管/三极管的封装 二极管: 名称尺寸及焊盘间距其他尺寸相近的封装名称 SMC SMB SMA SOD-106 SC-77A SC-76/SC-90A SC-79 三极管: LDPAK
DPAK SC-63 SOT-223 SC-73 TO-243/SC-62/UPAK/MPT3 SC-59A/SOT-346/MPAK/SMT3 SOT-323 SC-70/CMPAK/UMT3 SOT-523 SC-75A/EMT3 SOT-623 SC-89/MFPAK SOT-723 SOT-923 VMT3 篇三:常用二极管的识别及ic封装技术 常用晶体二极管的识别 晶体二极管在电路中常用“D”加数字表示,如: D5表示编号为5的二极管。 1、作用:二极管的主要特性是单向导电性,也就是在正向电压的作用下,导通电阻很小;而在反向电压作用下导通电阻极大或无穷大。正因为二极管具有上述特性,无绳电话机中常把它用在整流、隔离、稳压、极性保护、编码控制、调频调制和静噪等电路中。 电话机里使用的晶体二极管按作用可分为:整流二极管(如1N4004)、隔离二极管(如1N4148)、肖特基二极管(如BAT85)、发光二极管、稳压二极管等。 2、识别方法:二极管的识别很简单,小功率二极管的N极(负极),在二极管外表大多采用一种色圈标出来,有些二极管也用二极管专用符号来表示P极(正极)或N极(负极),也有采用符号标志为“P”、“N”来确定二极管极性的。发光二极管的正负极可从引脚长短来识别,长
1.一孔尺寸的要求为φ30+0052,我们在加工时最理想的目标值是( D ) A.30 B.30.052 C.30.040 D.30.026 2.下列标准公差中,精度最低的是( D ) A.ITO B.IT01 C.IT10 D.IT18 3.某轴段标注尺寸为,现对四个完工零件进行测量,得到的数据分别为φ55.000mm,φ5 4.998mmφ5 5.042mm,φ55.023mm,则合格的零件有( A ) A1个 B.2个 C.3个 D.4个 4.已知某轴的公称尺寸为φ50加工后测得的实际尺寸为φ50.022mm,则实际偏差为( D ) A.0.051mm B.0.050mm C.0.025mm D.0.022mm 5.关于φ20R6、φ20R7、φ20R8三个公差带,下列说法正确的是( C ) A,上、下极限偏差均不相同 B.上、下极限偏差均相同 C.上极限偏差相同,但下极限偏差不同
D.上极限偏差不同,但下极限偏差相同 6.表面结构中,加工纹理呈两斜向交叉且与视图所在的投影面相交的是( C ) 7.表面结构中,加工纹理垂直于视图所在的投影面的是( B ) 8.以下不属于表面粗糙度对零件的使用性能影响的主要表现是( C ) A.对配合性质的影响 B对耐磨性的影响奥面 C.对材料塑性变形的影响 D.对抗腐蚀性的影响 9.Ra值测量最常用的方法是( C ) A.样板比较法 B.显微镜比较法,度 C电动轮廓仪比较法D.光切显微镜测量法工眼 10.表面粗糙度是( )误差。( B ) A.宏观几何形状 B.微观几何形状 C.宏观相互位置 D.微观相互位置 11选择表面粗糙度评定参数值时,下列论述不正确的有( A ) A.同一零件上工作表面应比非工作表面参数值大 B摩擦表面应比非摩擦表面的参数值小 C配合质量要求高,表面粗糙度参数值应小 D.受交变载荷的表面,表面粗糙度参数值应小
1N 系列常用整流二极管的主要参数
反向工作 峰值电压 URM/V 额定正向 整流电流 整流电流 IF/A 正向不重 复浪涌峰 值电流 IFSM/A 正向 压降 UF/V 反向 电流 IR/uA 工作 频率 f/KHZ 外形 封装
型 号
1N4000 1N4001 1N4002 1N4003 1N4004 1N4005 1N4006 1N4007 1N5100 1N5101 1N5102 1N5103 1N5104 1N5105 1N5106 1N5107 1N5108 1N5200 1N5201 1N5202 1N5203 1N5204 1N5205 1N5206 1N5207 1N5208 1N5400 1N5401 1N5402 1N5403 1N5404 1N5405 1N5406 1N5407 1N5408
25 50 100 200 400 600 800 1000 50 100 200 300 400 500 600 800 1000 50 100 200 300 400 500 600 800 1000 50 100 200 300 400 500 600 800 1000
1
30
≤1
<5
3
DO-41
1.5
75
≤1
<5
3
DO-15
2
100
≤1
<10
3
3
150
≤0.8
<10
3
DO-27
常用二极管参数: 05Z6.2Y 硅稳压二极管 Vz=6~6.35V,Pzm=500mW,
Carnegie Mellon University Research Showcase Computer Science Department School of Computer Science 1-1-1984 Distributed representations Geoffrey E. Hinton Carnegie Mellon University Follow this and additional works at:https://www.doczj.com/doc/f810465057.html,/compsci This Technical Report is brought to you for free and open access by the School of Computer Science at Research Showcase. It has been accepted for inclusion in Computer Science Department by an authorized administrator of Research Showcase. For more information, please contact research- showcase@https://www.doczj.com/doc/f810465057.html, . Recommended Citation Hinton, Geoffrey E., "Distributed representations" (1984).Computer Science Department.Paper 1842. https://www.doczj.com/doc/f810465057.html,/compsci/1842
1N系列稳压管
快恢复整流二极管
常用整流二极管型号和参数 05Z6.2Y 硅稳压二极管 Vz=6~6.35V,Pzm=500mW, 05Z7.5Y 硅稳压二极管 Vz=7.34~7.70V,Pzm=500mW, 05Z13X硅稳压二极管 Vz=12.4~13.1V,Pzm=500mW, 05Z15Y硅稳压二极管 Vz=14.4~15.15V,Pzm=500mW, 05Z18Y硅稳压二极管 Vz=17.55~18.45V,Pzm=500mW, 1N4001硅整流二极管 50V, 1A,(Ir=5uA,Vf=1V,Ifs=50A) 1N4002硅整流二极管 100V, 1A, 1N4003硅整流二极管 200V, 1A, 1N4004硅整流二极管 400V, 1A, 1N4005硅整流二极管 600V, 1A, 1N4006硅整流二极管 800V, 1A, 1N4007硅整流二极管 1000V, 1A, 1N4148二极管 75V, 4PF,Ir=25nA,Vf=1V, 1N5391硅整流二极管 50V, 1.5A,(Ir=10uA,Vf=1.4V,Ifs=50A) 1N5392硅整流二极管 100V,1.5A, 1N5393硅整流二极管 200V,1.5A, 1N5394硅整流二极管 300V,1.5A, 1N5395硅整流二极管 400V,1.5A, 1N5396硅整流二极管 500V,1.5A, 1N5397硅整流二极管 600V,1.5A, 1N5398硅整流二极管 800V,1.5A, 1N5399硅整流二极管 1000V,1.5A, 1N5400硅整流二极管 50V, 3A,(Ir=5uA,Vf=1V,Ifs=150A) 1N5401硅整流二极管 100V,3A, 1N5402硅整流二极管 200V,3A, 1N5403硅整流二极管 300V,3A, 1N5404硅整流二极管 400V,3A,
4. 公差配合与表面粗糙度 4.1 金属冲压零件的自由公差 包容尺寸——当测量时包容量具的表面尺寸称为包容尺寸。 被包容尺寸——当测量时被量具包容的表面尺寸称为被包容尺寸。 暴露尺寸——不属于包容尺寸和被包容尺寸的表面尺寸称为暴露尺寸 4.1.5 属于与同一零件联接的孔中心距、孔与边缘距离以及也组之间的自由公差和位置 表4.5 mm 4.2 4.2.1 1 2)标注极限偏差(图95) 基本尺寸注在同一线上;的字体小一号;小数点必须对齐,数字“0点前的个位数对齐(图a )。 当上、下偏差值相同时,号,同(图b )。
3)公差带代号与极限偏差一起标注(图96) 号。 4.2.2 1)标注极限偏差(图97) 2)模具总图常用配合关系用直接注明配合关系的文字注法 (1)两导向面间的尺寸后面加注“滑配”两字表达装配关系。 (2)镶块和窝座的装配关系在配合面尺寸的后面加注“配入”两字。 (3)反侧块配合面注出“无间隙滑配。” 模具结构常用配合标准表4.8 表4.8 图95
4.5 几种冲模零件的制造公差 4.5.3固定板方孔、槽及底板窝座的公差表4.11 表4.11 mm 注:图纸上只标注尺寸偏差;形位公差在图中不标,它属于通用技术条件,在加工中必须保证 其要求。 4.5.4底板上导柱孔和衬套孔直径公差表4.12 表4.12 mm 注:锥度和椭圆度公差,是属于通用技术条件,在图纸上不标注。 4.5.5凸凹模、凹模和固定板的圆孔中心距公差表4.13 表4.13 mm 4.5.6制件在冲模中定位装置的公差注法 1)孔定位 (10.1 例如:上工序冲孔D=φ10.1,则定位销 (2)中心距公差按凸、凹模位置精度注出。 2)外形定位 (1)规则形状: 两定位面之间名义尺寸为制件尺寸+0.1,其公差值为+0.1 例如:制件尺寸为120,则两定位面之间名义尺寸为120.1 故写为120.1+0.1
常用稳压二极管技术参数及老型号代换 型号最大功耗 (mW) 稳定电压(V) 电流(mA) 代换型号国产稳压管日立稳压管 HZ4B2 500 3.8 4.0 5 2CW102 2CW21 4B2 HZ4C1 500 4.0 4.2 5 2CW102 2CW21 4C1 HZ6 500 5.5 5.8 5 2CW103 2CW21A 6B1 HZ6A 500 5.2 5.7 5 2CW103 2CW21A HZ6C3 500 6 6.4 5 2CW104 2CW21B 6C3 HZ7 500 6.9 7.2 5 2CW105 2CW21C HZ7A 500 6.3 6.9 5 2CW105 2CW21C HZ7B 500 6.7 7.3 5 2CW105 2CW21C HZ9A 500 7.7 8.5 5 2CW106 2CW21D HZ9CTA 500 8.9 9.7 5 2CW107 2CW21E HZ11 500 9.5 11.9 5 2CW109 2CW21G HZ12 500 11.6 14.3 5 2CW111 2CW21H HZ12B 500 12.4 13.4 5 2CW111 2CW21H HZ12B2 500 12.6 13.1 5 2CW111 2CW21H 12B2 HZ18Y 500 16.5 18.5 5 2CW113 2CW21J HZ20-1 500 18.86 19.44 2 2CW114 2CW21K HZ27 500 27.2 28.6 2 2CW117 2CW21L 27-3 HZT33-02 400 31 33.5 5 2CW119 2CW21M RD2.0E(B) 500 1.88 2.12 20 2CW100 2CW21P 2B1 RD2.7E 400 2.5 2.93 20 2CW101 2CW21S RD3.9EL1 500 3.7 4 20 2CW102 2CW21 4B2 RD5.6EN1 500 5.2 5.5 20 2CW103 2CW21A 6A1 RD5.6EN3 500 5.6 5.9 20 2CW104 2CW21B 6B2 RD5.6EL2 500 5.5 5.7 20 2CW103 2CW21A 6B1 RD6.2E(B) 500 5.88 6.6 20 2CW104 2CW21B RD7.5E(B) 500 7.0 7.9 20 2CW105 2CW21C RD10EN3 500 9.7 10.0 20 2CW108 2CW21F 11A2 RD11E(B) 500 10.1 11.8 15 2CW109 2CW21G RD12E 500 11.74 12.35 10 2CW110 2CW21H 12A1 RD12F 1000 11.19 11.77 20 2CW109 2CW21G RD13EN1 500 12 12.7 10 2CW110 2CW21H 12A3 RD15EL2 500 13.8 14.6 15 2CW112 2CW21J 12C3 RD24E 400 22 25 10 2CW116 2CW21H 24-1
机械零件表面粗糙度的选择 表面粗糙度是反映零件表面微观几何形状误差的一个重要技术指标,是检验零件表面质量的主要依据;它选择的合理与否,直接关系到产品的质量、使用寿命和生产成本。 机械零件表面粗糙度的选择方法有3种,即计算法、试验法和类比法。在机械零件设计工作中,应用最普通的是类比法,此法简便、迅速、有效。应用类比法需要有充足的参考资料,现有的各种机械设计手册中都提供了较全面的资料和文献。最常用的是与公差等级相适应的表面粗糙度。在通常情况下,机械零件尺寸公差要求越小,机械零件的表面粗糙度值也越小,但是它们之间又不存在固定的函数关系。例如一些机器、仪器上的手柄、手轮以及卫生设备、食品机械上的某些机械零件的修饰表面,它们的表面要求加工得很光滑即表面粗糙度要求很高,但其尺寸公差要求却很低。在一般情况下,有尺寸公差要求的零件,其公差等级与表面粗糙度数值之间还是有一定的对应关系的。 在一些机械零件设计手册和机械制造专著中,对机械零件的表面粗糙度和机械零件的尺寸公差关系的经验及计算公式都有很多介绍,并列表供读者选用,但只要细心阅来,就会发现,虽然采取完全相同的经验计算公式,但所列表中的数值也不尽相同,有的还有很大的差异。这就给不熟悉这方面情况的人带来了迷惑。同时也增加了他们在机械零件工作中选择表面粗糙度的困难。 在实际工作中,对于不同类型的机器,其零件在相同尺寸公差的条件下,对表面粗糙度的要求是有差别的。这就是配合的稳定性问题。在机械零件的设计和制造过程中,对于不同类型的机器,其零件的配合稳定性和互换性的要求是不同的。在现有的机械零件设计手册中,反映的主要有以下3种类型: 第1类主要用于精密机械,对配合的稳定性要求很高,要求零件在使用过程中或经多次装配后,其零件的磨损极限不超过零件尺寸公差值的10%,这主要应用在精密仪器、仪表、精密量具的表面、极重要零件
常用稳压管型号参数对照 3V到51V 1W稳压管型号对照表1N4727 3V0 1N4728 3V3 1N4729 3V6 1N4730 3V9 1N4731 4V3 1N4732 4V7 1N4733 5V1 1N4734 5V6 1N4735 6V2 1N4736 6V8 1N4737 7V5
1N4739 9V1 1N4740 10V 1N4741 11V 1N4742 12V 1N4743 13V 1N4744 15V 1N4745 16V 1N4746 18V 1N4747 20V 1N4748 22V 1N4749 24V 1N4750 27V 1N4751 30V
1N4753 36V 1N4754 39V 1N4755 43V 1N4756 47V 1N4757 51V 摩托罗拉IN47系列1W稳压管IN4728 3.3v IN4729 3.6v IN4730 3.9v IN4731 4.3 IN4732 4.7 IN4733 5.1
IN4735 6.2 IN4736 6.8 IN4737 7.5 IN4738 8.2 IN4739 9.1 IN4740 10 IN4741 11 IN4742 12 IN4743 13 IN4744 15 IN4745 16 IN4746 18 IN4747 20
IN4749 24 IN4750 27 IN4751 30 IN4752 33 IN4753 34 IN4754 35 IN4755 36 IN4756 47 IN4757 51 摩托罗拉IN52系列 0.5w精密稳压管IN5226 3.3v IN5227 3.6v
G ENERAL PURPOSE RECTIFIERS – P LASTIC P ASSIVATED J UNCTION 1.0 M1 M2 M3 M4 M5 M6 M7 SMA/DO-214AC G ENERAL PURPOSE RECTIFIERS – G LASS P ASSIVATED J UNCTION S M 1.0 GS1A GS1B GS1D GS1G GS1J GS1K GS1M SMA/DO-214AC 1.0 S1A S1B S1D S1G S1J S1K S1M SMB/DO-214AA 2.0 S2A S2B S2D S2G S2J S2K S2M SMB/DO-214AA 3.0 S3A S3B S3D S3G S3J S3K S3M SMC/DO-214AB F AST RECOVERY RECTIFIERS – P LASTIC P ASSIVATED J UNCTION MERITEK ELECTRONICS CORPORATION
U LTRA FAST RECOVERY RECTIFIERS – G LASS P ASSIVATED J UNCTION
S CHOTTKY B ARRIER R ECTIFIERS
S WITCHING D IODES Power Dissipation Max Avg Rectified Current Peak Reverse Voltage Continuous Reverse Current Forward Voltage Reverse Recovery Time Package Part Number P a (mW) I o (mA) V RRM (V) I R @ V R (V) V F @ I F (mA) t rr (ns) Bulk Reel Outline 200mW 1N4148WS 200 150 100 2500 @ 75 1.0 @ 50 4 5000 SOD-323 1N4448WS 200 150 100 2500 @ 7 5 0.72/1.0 @ 5.0/100 4 5000 SOD-323 BAV16WS 200 250 100 1000 @ 7 5 0.8 6 @ 10 6 5000 SOD-323 BAV19WS 200 250 120 100 @ 100 1.0 @ 100 50 5000 SOD-323 BAV20WS 200 250 200 100 @ 150 1.0 @ 100 50 5000 SOD-323 BAV21WS 200 250 250 100 @ 200 1.0 @ 100 50 5000 SOD-323 MMBD4148W 200 150 100 2500 @ 75 1.0 @ 50 4 3000 SOT-323-1 MMBD4448W 200 150 100 2500 @ 7 5 0.72/1.0 @ 5.0/100 4 3000 SOT-323-1 BAS16W 200 250 100 1000 @ 7 5 0.8 6 @ 10 6 3000 SOT-323-1 BAS19W 200 250 120 100 @ 100 1.0 @ 100 50 3000 SOT-323-1 BAS20W 200 250 200 100 @ 150 1.0 @ 100 50 3000 SOT-323-1 BAS21W 200 250 250 100 @ 200 1.0 @ 100 50 3000 SOT-323-1 BAW56W 200 150 100 2500 @ 75 1.0 @ 50 4 3000 SOT-323-2 BAV70W 200 150 100 2500 @ 75 1.0 @ 50 4 3000 SOT-323-3 BAV99W 200 150 100 2500 @ 75 1.0 @ 50 4 3000 SOT-323-4 BAL99W 200 150 100 2500 @ 75 1.0 @ 50 4 3000 SOT-323- 5 350mW MMBD4148 350 200 100 5000 @ 75 1.0 @ 10 4 3000 SOT-23-1 MMBD4448 350 200 100 5000 @ 75 1.0 @ 10 4 3000 SOT-23-1 BAS16 350 200 100 1000 @ 75 1.0 @ 50 6 3000 SOT-23-1 BAS19 350 200 120 100 @ 120 1.0 @ 100 50 3000 SOT-23-1 BAS20 350 200 200 100 @ 150 1.0 @ 100 50 3000 SOT-23-1 BAS21 350 200 250 100 @ 200 1.0 @ 100 50 3000 SOT-23-1 BAW56 350 200 100 2500 @ 70 1.0 @ 50 4 3000 SOT-23-2 BAV70 350 200 100 5000 @ 70 1.0 @ 50 4 3000 SOT-23-3 BAV99 350 200 100 2500 @ 70 1.0 @ 50 4 3000 SOT-23-4 BAL99 350 200 100 2500 @ 70 1.0 @ 50 4 3000 SOT-23-5 BAV16W 350 200 100 1000 @ 75 0.86 @ 10 6 3000 SOD-123 410-500mW BAV19W 410 200 120 100 @ 100 1.0 @ 100 50 3000 SOD-123 BAV20W 410 200 200 100 @ 150 1.0 @ 100 50 3000 SOD-123 BAV21W 410 200 250 100 @ 200 1.0 @ 100 50 3000 SOD-123 1N4148W 410 150 100 2500 @ 75 1.0 @ 50 4 3000 SOD-123 1N4150W 410 200 50 100 @ 50 0.72/1.0 @ 5.0/100 4 3000 SOD-123 1N4448W 500 150 100 2500 @ 7 5 1.0 @ 200 4 3000 SOD-123 1N4151W 500 150 75 50 @ 50 1.0 @ 10 2 3000 SOD-123 1N914 500 200 100 25 @ 20 1.0 @ 10 4 1000 10000 DO-35 1N4148 500 200 100 25 @ 20 1.0 @ 10 4 1000 10000 DO-35 LL4148 500 150 100 25 @ 20 1.0 @ 10 4 2500 Mini-Melf SOT23-1 SOT23-2 SOT23-3 SOT23-4 SOT23-5 SOT323-1 SOT323-2 SOT323-3 SOT323-4 SOT323-5