【摘 要】Android手机、平板电脑等智能移动终端的快速普及，使得对Android系统安全性能的需求也在不断提高．当前比较普遍的做法是在终端上安装监控软件来检测病毒和恶意软件等，但这种方式并不能保证监控软件不被旁路、欺骗和篡改．针对这个问题，本文设计并实现了基于上下文的Android移动终端可信运行控制系统，通过对Android OS安全启动信任链的构建，保证了系统的安全，同时支持基于地理位置的Android应用程序的完整性远程验证．
Xi-Jun Lin, Lin Sun and Haipeng Qu. Insecurity of An Anonymous Authentication For Privacy-preserving IoT Target-driven Applications. Computers & Security. (Accpeted, DOI: 10.1016/j.cose.2014.08.002)
【Abstract】The Internet of Things (IoT) will be formed by smart objects and services interacting autonomously and in real-time. Recently, Alcaide et al. proposed a fully decentralized anonymous authentication protocol for privacy-preserving IoT target-driven applications. Their system is set up by an ad-hoc community of decentralized founding nodes. Nodes can interact, being participants of cyberphysical systems, preserving full anonymity. In this study, we point out that their protocol is insecure. The adversary can cheat the data collectors by impersonating a legitimate user.
Xi-Jun Lin,Ran Ren,Zhengang Wei and Lin Sun. Comment on "Identity-based non-interactive key distribution with forward security". Designs, Codes and Cryptography, 2013.(Accepted, Published online：DOI 10.1007/s10623-013-9886-4, SCI)
【Abstract】Steinwandt and Corona proposed a forward-secure identity-based non-interactive key distribution (ID-NIKD) scheme and proved its security, and then a forward-secure identity-based encryption (IBE) constructed from their forward-secure ID-NIKD scheme. In this study, attacks are presented to point out that their ID-NIKD scheme and IBE scheme are not forward-secure. We conclude that how to construct a forward-secure ID-NIKD scheme is still an open problem.
Haipeng Qu, Lili Wen,Yanfe iXu, Ning Wang. LCCWS: Light weight Copyfree Cross-layer web Server. Journal of Networks,Vol.8,No.1,January 2013,165-173.
【Abstract】For the purpose of improving the performance of web server, this paper implements a high-performance web server prototype system, which is named LCCWS. Adopting PF_RING technology, which is similar to zero-copy technology, this system achieved to copy data between network interface device and kernel ring buffer in DMA mode and access data between application program and kernel ring buffer in MMAP way, so that the CPU participation and memory copies are reduced, saving much CPU overhead. When data packets splitting and encapsulating, using the lightweight TCP/IP protocol suite, the improved web server passed up the packets directly from the data-link layer to application layer, so that the time of copies is reduced and the packet processing is accelerated. LCCWS reduces the CPU overhead effectively, decreases the transferred data copying between memories, and improves transferred efficiency, laying foundation for further research to improve strong practical, feature-rich and high-performance web server.
Zhaoyong Sheng, Haipeng Qu, ChaoWang, Xiaomei Zhou. Research On Security Issues and Solutions of IEC 61850 Communication Protocol Architecture. Journal of Theoretical and Applied Information Technology,Vol.50,No.2,20th April 2013,366-372.
【Abstract】IEC 61850 Communication Protocol Architecture is widely used in China's electricity system for communication between the substation automatic systems. Due to the lacking of corresponding security specification, the standards cannot guarantee the confidentiality, integrity as well as authentication in communication. This paper proposes a solution for this problem. The improved Handshake Protocol and Record Protocol are introduced between the application layer and the transport layer with less transmission of data and quick connect feature. Using this solution, the standards can meet both the electricity system for real-time and reliability requirements and the security requirements at the same time. © 2005 - 2013 JATIT & LLS. All rights reserved.
Haipeng Qu, Guojia Hou, Ying Guo, Ning Wang, Zhongwen Guo. Localization with Single Stationary Anchor for Mobile Node in Wireless Sensor Networks. International Journal of Distributed Sensor Networks, Special Issue, 2013.
【Abstract】We proposed a localization algorithm named LSARSSI for mobile node based on RSSI (received signal strength indicator) between locating sensor node with inertia module built-in and the single anchor. Instead of directly mapping RSSI values into physical distance, contrasting RSSI values received from anchor in different visited locations, LSARSSI utilizes the geometric relationship of perpendicular intersection to compute node positions. Given that the values of RSSI among two visited locations are equal, we regard that their distances to anchor node are equal. After obtaining several sets of such visited locations, the relative location of mobile node and anchor node can be calculated. Because of the limitations of LSARSSI, we put forward an improved algorithm named ILSARSSI. Our scheme uses only one location-known anchor which is useful in low density environment without using additional hardware. The simulations show that LSARSSI achieves high accuracy and ILSARSSI performs high stability and feasibility.
Zue Xu, Haipeng Qu. Design and Implementation of Testing and Management System on Special Information Security Products. Advanced Engineering and Materials, 2013, 711-716.
【Abstract】In order to solve the problem that the security function testing on special information security products, a system, that is, Testing and Management system on special Information security Products, is designed and implemented. By ways of Hibernate framework and WebService, the conformance testing on the security function of the special information security products is accomplished. And the testing requirements on the special information security products are normalized and the testing methods of the special information security products are integrated. The testing reports which provide reference for Mandatory Certification on special information security products about the conformance of function can be produced. © (2013) Trans Tech Publications, Switzerland.
Zhandong Rong, BoYang, Haipeng Qu. The Design and Implementation of the Simulation Information System of Marine oil spill.Applied Mechanics and Materials,2013, 652-657.
【Abstract】Migration and diffusion of oil spill in sea is an extremely complex issue by the impact of the oil features and a variety of environmental factors, undergoing expansion, drift, evaporation, dispersion, emulsification, dissolution, photo-oxidation, biodegradation and their interactionsand many other processes, at the same time has a direct relationship with the local meteorological conditions and law motionofseawater. Marine oil spill behavior analysis and research of the system, using VB technology and C#technical design and development of a marine oil spill simulation system based on Geographic Information System (GIS). The system using cloud-based GIS for a platform, using the Monte-Carlo method to simulate the behavior of chemicals in seawater on the system of cloud computing, the organic integration of GIS system application model. © (2013) Trans Tech Publications, Switzerland.
Junqing Liang, Xi-Jun Lin and Feng Liu, CLPKE Against A Variation of Key Replacement Attack without Bilinear Pairing, Journal of Convergence Information Technology, 7(3), pp:137-142, 2012.(EI)
Haipeng Qu, Lina Chang, Lei Ma, Yanfei Xu, Guangwei Yang. DPEES: DDoS Protection Effectiveness Evaluation System.Recent Progress in DEIT,Vol. 2,2012,155～161.
【Abstract】Implemented Distributed Denial of Service(DDoS) protection effectiveness evaluation system (DPEES) in Linux system is proposed in this paper to meet the needs of DDoS attack test and related defense experiments. DPEES can provide a variety of DDoS attack test with different type, intensity and characteristics, and evaluate the results of the attack. This system generates DDoS flows by multiple gigabit network cards, a few hosts with multiple network cards can send a large DDoS attacking flow, simulating a network environment which contains large scale puppet machine in different regions, this will make full use of local resources. Experimental results show that the proposed system can provide convenient environment for the DDoS attack test, defense and the evaluation of the defense effect. © 2012 Springer-Verlag.