National Engineering Laboratory for Critical Technologies of Information Security Classified Protection

Beijing, China

National Engineering Laboratory for Critical Technologies of Information Security Classified Protection

Beijing, China
SEARCH FILTERS
Time filter
Source Type

Yan L.,Beijing University of Technology | Yan L.,Beijing Key Laboratory of Trusted Computing | Yan L.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | Zhang J.,Beijing University of Technology | And 3 more authors.
Beijing Gongye Daxue Xuebao/Journal of Beijing University of Technology | Year: 2017

The risk of the key authentication information being bypassed and the potential safety hazard of booting data being tampered with both exist in the booting mechanism of the traditional operating system. Based on the theory of trusted computing, combined with the technology of smart card with CD-ROM file system, a scheme of trusted boot based on general smart card was proposed. Without changing the structure of hardware and firmware of the smart card and terminal device, through the transformation of storage data in the smart card and disk booting data, the security objective of binding the user's identity information, the smart card and the terminal device were achieved. The trusted computing mechanism was extended from power on to the application layer to ensure that the initial state of operating system was trustworthy. Through the analysis of security and performance, the security of terminal device bootstrap was proven, which has been verified in practical applications. © 2017, Editorial Department of Journal of Beijing University of Technology. All right reserved.


Zhan J.,Beijing University of Technology | Zhan J.,Beijing Key Laboratory of Trusted Computing | Zhan J.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | Yang J.,Beijing University of Technology
Gongcheng Kexue Yu Jishu/Advanced Engineering Science | Year: 2017

Due to the lack of security design, vulnerabilities of traditional Industrial Control Networks (ICS) protocols can be easily exploited remotely from TCP/IP network. In this paper, a novel security enhanced Modbus/TCP protocol called trusted Modbus/TCP was proposed for ICS network based on remote attestation and trusted hardwares. For bidirectional authentication, the proposed protocol modified the original Modbus/TCP communication stack of both field devices and control devices in ICS. Based on a white list, the identities of communication devices and the information of security status were attested. Updates of these information were maintained by an on-line attestation sever, and lately pushed to the field devices in order to reduce its burden. The protocol data were protected in two ways. Firstly, all data couldn't be tampered without knowing by legal devices who had the authenticating key protected by trusted hardwares; secondly, sensitive Modbus/TCP operation data was encrypted under the protection of trusted hardwares. To the authors' best knowledge, there is as yet no paper in the open literature that introduced trusted components into Modbus/TCP network to secure the communication between ICS devices. The trusted Modbus/TCP protocol was described with the HLPSL language. The four security properties, including integrity, authenticity, confidentiality and the freshness of protocol data, were verified with the SPAN tools without finding intruding path. The most time-consuming cryptographic operations for authentication were used only when establishing the communication session or after previous authentication failed. Moreover, the time cost could be reduced rapidly after adopting the latest dedicated trusted hardware for the ICS, compared to the experiments using current Trusted Platform Module (TPM). The overheads of increased protocol packet size compared to the original protocol were μs-level. In conclusion, the trusted Modbus/TCP proposed is practical for the ICS, since it could not only protect protocol data transferred on Modbus/TCP network from illegal entities, but also protect the data from legal entities whose system was tampered. © 2017, Editorial Department of Advanced Engineering Sciences. All right reserved.


Duan L.,Beijing University of Technology | Zhao C.,Beijing University of Technology | Miao J.,Beijing Key Laboratory on Integration and Analysis of Large Scale Stream Data | Miao J.,Beijing Information Science and Technology University | And 3 more authors.
Applied Computational Intelligence and Soft Computing | Year: 2017

Hashing has been widely deployed to perform the Approximate Nearest Neighbor (ANN) search for the large-scale image retrieval to solve the problem of storage and retrieval efficiency. Recently, deep hashing methods have been proposed to perform the simultaneous feature learning and the hash code learning with deep neural networks. Even though deep hashing has shown the better performance than traditional hashing methods with handcrafted features, the learned compact hash code from one deep hashing network may not provide the full representation of an image. In this paper, we propose a novel hashing indexing method, called the Deep Hashing based Fusing Index (DHFI), to generate a more compact hash code which has stronger expression ability and distinction capability. In our method, we train two different architecture's deep hashing subnetworks and fuse the hash codes generated by the two subnetworks together to unify images. Experiments on two real datasets show that our method can outperform state-of-the-art image retrieval applications. © 2017 Lijuan Duan et al.


Duan L.,Beijing University of Technology | Duan L.,Beijing Key Laboratory on Integration and Analysis of Large scale Stream Data | Bao M.,Beijing University of Technology | Bao M.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | And 4 more authors.
Cognitive Computation | Year: 2017

As connections from the brain to an external device, Brain-Computer Interface (BCI) systems are a crucial aspect of assisted communication and control. When equipped with well-designed feature extraction and classification approaches, information can be accurately acquired from the brain using such systems. The Hierarchical Extreme Learning Machine (HELM) has been developed as an effective and accurate classification approach due to its deep structure and extreme learning mechanism. A classification system for motor imagery EEG signals is proposed based on the HELM combined with a kernel, herein called the Kernel Hierarchical Extreme Learning Machine (KHELM). Principle Component Analysis (PCA) is used to reduce the dimensionality of the data, and Linear Discriminant Analysis (LDA) is introduced to push the features away from different classes. To demonstrate the performance, the proposed system is applied to the BCI competition 2003 Dataset Ia, and the results are compared with those from state-of-the-art methods; we find that the accuracy is up to 94.54%. © 2017 Springer Science+Business Media, LLC


Liu J.,Beijing University of Technology | Liu J.,Beijing Key Laboratory of Trusted Computing | Liu J.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | He Y.,Beijing University of Technology | And 3 more authors.
Beijing Gongye Daxue Xuebao/Journal of Beijing University of Technology | Year: 2017

To address security challenges in software defined networking (SDN) architecture, centered on the security audit aspect of the SDN architecture, the traditional network security audit solutions and the SDN architecture's centralized control features were combined. A security audit system was designed and implemented based on the Floodlight controller and was operated in the SDN environment, in which the collection, analysis, storage of audit events and other functions were included. A backtracking algorithm against DDoS scenario was designed to detect the attackers and dummy hosts via reviewing and analyzing security audit events retrospectively. Besides, a sliding window segmentation algorithm was proposed which extracted user's behavior patterns after implementing sequence analysis against security audit events. Based on the Levenshtein algorithm to the similarity of sequence patterns were calculated, then according to the similarity of the current user's behaviors and historical behaviors, suspected attack behaviors were detected. © 2017, Editorial Department of Journal of Beijing University of Technology. All right reserved.


Yang Y.-G.,Beijing University of Technology | Yang Y.-G.,Chinese Academy of Sciences | Yang Y.-G.,Beijing Key Laboratory of Trusted Computing | Yang Y.-G.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | And 4 more authors.
Information Sciences | Year: 2016

We investigate the application of quantum cellular automata in image encryption and propose a novel quantum gray-scale image encryption algorithm based on one-dimensional quantum cellular automata. The quantum image encryption algorithm can be realized by subtly constructing the evolution rules of one-dimensional quantum cellular automata. Because all quantum operations are invertible, the quantum image decryption algorithm is the inverse of the encryption algorithm. The proposed quantum image encryption algorithm has an algorithm complexity of Θ(n), lower than the algorithm complexity, Θ(n2) of existing quantum image encryption schemes based on quantum Fourier transform. Supported by detailed numerical simulation and theoretical analysis, our proposal has outperformed its classical counterpart and other image encryption schemes in terms of the security, computational complexity, and robustness. And it also provides a clue of introducing quantum cellular automata into image encryption. © 2016 Elsevier Inc. All rights reserved.


Yang Y.-G.,Beijing University of Technology | Yang Y.-G.,Chinese Academy of Sciences | Yang Y.-G.,Beijing Key Laboratory of Trusted Computing | Yang Y.-G.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | And 4 more authors.
Quantum Information Processing | Year: 2016

Cluster states can be exploited for some tasks such as topological one-way computation, quantum error correction, teleportation and dense coding. In this paper, we investigate and propose an arbitrated quantum signature scheme with cluster states. The cluster states are used for quantum key distribution and quantum signature. The proposed scheme can achieve an efficiency of 100 %. Finally, we also discuss its security against various attacks. © 2016, Springer Science+Business Media New York.


Jiang N.,Beijing University of Technology | Jiang N.,Purdue University | Jiang N.,Beijing Key Laboratory of Trusted Computing | Jiang N.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | And 3 more authors.
Quantum Information Processing | Year: 2016

Quantum image processing (QIP) means the quantum-based methods to speed up image processing algorithms. Many quantum image processing schemes claim that their efficiency is theoretically higher than their corresponding classical schemes. However, most of them do not consider the problem of measurement. As we all know, measurement will lead to collapse. That is to say, executing the algorithm once, users can only measure the final state one time. Therefore, if users want to regain the results (the processed images), they must execute the algorithms many times and then measure the final state many times to get all the pixels’ values. If the measurement process is taken into account, whether or not the algorithms are really efficient needs to be reconsidered. In this paper, we try to solve the problem of measurement and give a quantum image matching algorithm. Unlike most of the QIP algorithms, our scheme interests only one pixel (the target pixel) instead of the whole image. It modifies the probability of pixels based on Grover’s algorithm to make the target pixel to be measured with higher probability, and the measurement step is executed only once. An example is given to explain the algorithm more vividly. Complexity analysis indicates that the quantum scheme’s complexity is (Formula presented.) in contradistinction to the classical scheme’s complexity (Formula presented.), where m and n are integers related to the size of images. © 2016 Springer Science+Business Media New York


Jiang N.,Beijing University of Technology | Jiang N.,Purdue University | Jiang N.,Beijing Key Laboratory of Trusted Computing | Jiang N.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | And 2 more authors.
International Journal of Theoretical Physics | Year: 2016

Quantum image processing has been a hot topic as a consequence of the development of quantum computation. Many quantum image processing algorithms have been proposed, whose efficiency are theoretically higher than their corresponding classical algorithms. However, most of the quantum schemes do not consider the problem of measurement. If users want to get the results, they must measure the final state many times to get all the pixels’ values. Moreover, executing the algorithm one time, users can only measure the final state one time. In order to measure it many times, users must execute the algorithms many times. If the measurement process is taken into account, whether or not the algorithms are really efficient needs to be reconsidered. In this paper, we try to solve the problem of measurement and give a quantum image location algorithm. This scheme modifies the probability of pixels to make the target pixel to be measured with higher probability. Furthermore, it only has linear complexity. © 2016 Springer Science+Business Media New York


Yan L.,Beijing University of Technology | Yan L.,Beijing Key Laboratory of Trusted Computing | Yan L.,National Engineering Laboratory for Critical Technologies of Information Security Classified Protection | Zhang J.,Beijing University of Technology | And 2 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2016

The trusted boot is a hot spot in trusted computing field. User’s identity authentication and trusted measurement are used to deal with security threats. But it is difficult to implement the general trusted boot based on hardware, which can be bypassed easily by software. In order to solve the above problem, a scheme of trusted boot is presented based on the universal smart card. It does not change the hardware and the firmware of the smart card and the terminal device. The core method combines user’s identity authentication with trusted measurement. It binds user’s identity, smart card and terminal device to ensure the trusted boot of terminal device. The trusted computing mechanism can be extended from power on to the application layer. Ultimately, experiments prove the security of boot and simplification of the implementation. © Springer International Publishing Switzerland 2016.

Loading National Engineering Laboratory for Critical Technologies of Information Security Classified Protection collaborators
Loading National Engineering Laboratory for Critical Technologies of Information Security Classified Protection collaborators