Top Read Articles

Published in last 1 year |

In last 2 years |

In last 3 years |

All

Please wait a minute...


For Selected: Download Citations EndNote Ris BibTeX Toggle Thumbnails

Select

New Research Progress on Intrusion Detection Techniques for the Internet of Things FENG Guangsheng, JIANG Shunpeng, HU Xianlang, MA Mingyu Netinfo Security    2024, 24 (2): 167-178.   DOI: 10.3969/j.issn.1671-1122.2024.02.001 Abstract （426）   HTML （88）    PDF （15179KB）（555）       Knowledge map    Compared to traditional intrusion detection mechanisms, the intelligent intrusion detection technology can fully extract data features, demonstrating higher detection efficiency, however, it also imposes greater demands on data sample labels. Considering data sample labels, this article provided a comprehensive review of the latest developments in the intrusion detection technology for the Internet of things(IoT) from the perspectives of supervised and unsupervised learning. Firstly, it outlined signature-based intrusion detection methods and analyzed recent traditional machine learning based intrusion detection methods based on the classification of supervised and unsupervised learning. Then, it analyzed recent deep learning based intrusion detection methods based on supervised, unsupervised, generative adversarial network, and deep reinforcement learning, respectively. Finally, it summarized the research challenges and future trends in the IoT intrusion detection technology. Table and Figures | Reference | Related Articles | Metrics

Select

A Survey of Large Language Models in the Domain of Cybersecurity ZHANG Changlin, TONG Xin, TONG Hui, YANG Ying Netinfo Security    2024, 24 (5): 778-793.   DOI: 10.3969/j.issn.1671-1122.2024.05.011 Abstract （403）   HTML （50）    PDF （20073KB）（331）       Knowledge map    In recent years, with the rapid advancement of large language model technology, its application potential in various fields such as healthcare and law has become evident, simultaneously pointing to new directions for progress in the field of cybersecurity. This paper began by providing an overview of the foundational theories behind the design principles, training mechanisms, and core characteristics of large language models, offering the necessary background knowledge to readers. It then delved into the role of large language models in enhancing the capabilities to identify and respond to the growing threats online, detailing research progress in areas such as penetration testing, code security audit, social engineering attacks, and the assessment of professional cybersecurity knowledge. Finally, it analyzed the challenges related to security, cost, and interpretability of this technology, and looked forward to the future development direction. Table and Figures | Reference | Related Articles | Metrics

Select

Review of Federal Learning and Offensive-Defensive Confrontation YANG Li, ZHU Lingbo, YU Yueming, MIAO Yinbin Netinfo Security    2023, 23 (12): 69-90.   DOI: 10.3969/j.issn.1671-1122.2023.12.008 Abstract （370）   HTML （48）    PDF （26484KB）（245）       Knowledge map    With the continuous development of machine learning technology, personal privacy issues have attracted widespread attention. Centralized learning is subject to a considerable degree of constraints due to the fact that user data is sent to the central node. Therefore, federal learning as a data can be completed locally. The framework of model training came into being. However, the federated learning mechanism will still be affected by various attacks and reduce the security and privacy. This paper started with the basic definition of federal learning, and then analyzed and summarized the threats and defense means in federal learning from two aspects of confidentiality and integrity. Finally, through these problems, the future development direction of this field was discussed. Table and Figures | Reference | Related Articles | Metrics

Select

Anomaly Traffic Detection Based on Deep Metric Learning ZHANG Qiang, HE Junjiang, LI Wenshan, LI Tao Netinfo Security    2024, 24 (3): 462-472.   DOI: 10.3969/j.issn.1671-1122.2024.03.011 Abstract （363）   HTML （49）    PDF （13232KB）（269）       Knowledge map    The identification of network anomalous traffic is one of the important tasks of cyber security nowadays. However, traditional traffic classification models are trained based on traffic data, and most of the traffic data are unevenly distributed, leading to fuzzy classification boundaries, which will greatly limits the classification performance of the model. In order to solve the above problems, this paper proposed a deep metric learning based abnormal traffic detection method. Firstly, a new double-proxy mechanism was designed to improve the efficiency of model training by guiding the optimization direction of updateable proxy through the target proxy compared with the traditional deep metric learning algorithm of single proxy for each category, and to enhance the ability of aggregating traffic data of the same category and separating traffic data of different categories to minimize the intra-class distance and maximized the inter-class distance, which in turn maked the classification of data boundaries more clearly, breaking the performance bottleneck of traditional traffic classification models. Secondly, this paper built neural networks based on 1D-CNN and Bi-LSTM, which can efficiently extract traffic features from spatial and temporal perspectives. The experimental results show that the intra-class distance of NSL-KDD traffic data is significantly reduced and the inter-class distance is significantly increased after the model processing. The intra-class distance decreased by 73.5% compared to the original intra-class distance and the inter-class distance increased by 52.7% compared to the original inter-class distance. And the neural network built in this paper is compared to the widely used deep residual network for deep metric learning with shorter training time and better results. Applying the model proposed in this paper to the traffic classification task on the NSL-KDD and CICIDS2017 datasets, the classification effect is also significantly improved compared to the traditional traffic classification algorithms. Table and Figures | Reference | Related Articles | Metrics

Select

A Review of Network Anomaly Detection Based on Semi-Supervised Learning ZHANG Hao, XIE Dazhi, HU Yunsheng, YE Junwei Netinfo Security    2024, 24 (4): 491-508.   DOI: 10.3969/j.issn.1671-1122.2024.04.001 Abstract （363）   HTML （52）    PDF （22842KB）（236）       Knowledge map    The acquisition of network traffic data is relatively easy, while marking the traffic data is comparatively challenging. Semi-supervised learning utilizes a small amount of labeled data and a large amount of unlabeled data for training, reducing the demand for labeled data and effectively adapting to anomaly detection in massive network traffic data. This paper conducted an in-depth investigation into the field of semi-supervised network anomaly detection in recent years. Firstly, it introduced some basic concepts and thoroughly analyzes the necessity of using semi-supervised learning strategies in network anomaly detection. Then, from the perspectives of semi-supervised machine learning, semi-supervised deep learning, and the combination of semi-supervised learning with other paradigms, it analyzed and compared the recent literature on semi-supervised network anomaly detection and summarized the findings. Finally, the current status and future prospects of the field of semi-supervised network anomaly detection were analyzed. Table and Figures | Reference | Related Articles | Metrics

Select

Survey on Byzantine Fault Tolerance Accountability Mechanisms SUN Huiping, ZHOU Jinjue, LIU Shuxuan, CHEN Zhong Netinfo Security    2024, 24 (1): 14-23.   DOI: 10.3969/j.issn.1671-1122.2024.01.002 Abstract （342）   HTML （25）    PDF （12038KB）（149）       Knowledge map    The Byzantine Fault Tolerance (BFT) protocol plays a crucial role in ensuring the consistency and reliability of blockchain or distributed systems in the face of node failures and malicious behavior. The BFT accountability mechanism aims to identify Byzantine nodes by recording and sharing the behavior of consensus nodes during the consensus process. It is designed to effectively address the security and liveness issues that traditional BFT protocols cannot guarantee when the number of Byzantine nodes exceeds 1/3. This paper systematically summarized existing BFT accountability protocols, including server-side accountability mechanisms, client-side accountability mechanisms, and embedded BFT accountability mechanisms. Through a comprehensive comparison and analysis of these involved mechanisms, this paper delved into the challenges and anticipated possible future directions. Table and Figures | Reference | Related Articles | Metrics

Select

Federated Learning Incentive Scheme Based on Zero-Knowledge Proofs and Blockchain WU Haotian, LI Yifan, CUI Hongyan, DONG Lin Netinfo Security    2024, 24 (1): 1-13.   DOI: 10.3969/j.issn.1671-1122.2024.01.001 Abstract （330）   HTML （37）    PDF （15951KB）（202）       Knowledge map    In cross-silo federated learning, participants contribute differently to the final trained model. Evaluating their contributions and providing appropriate incentives has become a key issue in federated learning research. Current incentive methods primarily focus on rewarding participants who provide valid model updates while penalizing dishonest ones, emphasizing incentivizing computational behavior. However, the quality of data provided by participants also affects learning outcomes, yet existing methods inadequately consider data quality and lack means to verify data authenticity. To enhance incentive accuracy, it is necessary to evaluate the quality of participants' data. This paper introduced, for the first time, a protocol for assessing the quality of participants' data by integrating zero-knowledge proofs and blockchain technology, leading to a novel federated learning incentive scheme. This scheme can assess the quality of participants' datasets without disclosing plaintext data, utilizing blockchain systems to provide incentives to eligible participants while excluding those who don't meet the criteria. Experimental results confirm that even in scenarios where some users provide falsified data, this scheme remains capable of delivering accurate incentive results, while simultaneously improving the accuracy of the federated learning model. Table and Figures | Reference | Related Articles | Metrics

Select

Security Analysis of Cryptographic Application Code Generated by Large Language Model GUO Xiangxin, LIN Jingqiang, JIA Shijie, LI Guangzheng Netinfo Security    2024, 24 (6): 917-925.   DOI: 10.3969/j.issn.1671-1122.2024.06.009 Abstract （320）   HTML （42）    PDF （19521KB）（165）       Knowledge map    With the extensive application of large language model(LLM) in software development, the role in enhancing development efficiency has also introduced new security risks, particularly in the field of cryptography applications that demand high security. This paper proposed an open-source prompt dataset named LLMCryptoSE, containing 460 natural language description prompts of cryptographic scenarios. It aimed to assess the security of code generated by LLM for cryptographic applications. At the same time, through an in-depth analysis of code snippets generated by LLM, this paper primarily evaluated the misuse of cryptographic API, employing the methodology that combined the static analysis tool CryptoGuard with manual review to conduct a detailed evlatuation of 1380 code snippets. The assessment of three mainstream LLM, including ChatGPT 3.5, ERNIE 3.5, and Spark 3.5, revealed that 52.90% of the code snippets contained at least one instance of cryptographic misuse, with Spark 3.5 showing a relatively better performance with a misuse rate of 48.48%. Based on these findings, the study not only reveals the current challenges in cryptographic application security faced by LLM, but also offers a series of recommendations for LLM users and developers to enhance security. These are aims at providing practical guidance for improving the application of LLM in cryptographic fields. Table and Figures | Reference | Related Articles | Metrics

Select

Research of Privacy-Preserving Proximity Test LI Zengpeng, WANG Siyang, WANG Mei Netinfo Security    2024, 24 (6): 817-830.   DOI: 10.3969/j.issn.1671-1122.2024.06.001 Abstract （309）   HTML （49）    PDF （27378KB）（141）       Knowledge map    With the rapid development of emerging technologies such as mobile computing and the Internet of Things, location-based services (LBS) are playing an increasingly important role in people's daily lives. Many applications (e.g., mobile dating) use LBS to capture and collect the user's precise location, and perform proximity user discovery by performing distance calculations. However, while LBS brings convenience to users, it also exposes it to the risk of leaking private location information. At present, most LBS applications record the user's precise location in plaintext, which is easy to leak information such as the user's location and mobility patterns. In addition, most existing research efforts that can protect the user's private location data have some shortcomings, such as high communication overhead, long communication time, or a lack of computational security. Therefore, this paper proposed an efficient privacy-preserving proximity test solution to protect user's location privacy, and constructd a optimized privacy-preserving proximity test protocol for circles based on Brakerski/Fan-Vercauteren (B/FV) homomorphic encryption. Compared with the existing work, the proposed scheme used lattice-based encryption and had better communication performance. In addition, this paper implementd a prototype system based on B/FV homomorphic encryption, and gove the potential application in scenarios with high privacy protection requirements and low arithmetic speed limitations. The experimental results of the prototype system show that the proposed scheme has a broad practical application prospect in practical deployment applications. Table and Figures | Reference | Related Articles | Metrics

Select

Data Augmentation Method via Large Language Model for Relation Extraction in Cybersecurity LI Jiao, ZHANG Yuqing, WU Yabiao Netinfo Security    2024, 24 (10): 1477-1483.   DOI: 10.3969/j.issn.1671-1122.2024.10.001 Abstract （305）   HTML （295）    PDF （8545KB）（135）       Knowledge map    Relationship extraction technology can be used for threat intelligence mining and analysis, providing crucial information support for network security defense. However, relationship extraction tasks in cybersecurity face the problem of dataset deficiency. In recent years, large language model has shown its superior text generation ability, providing powerful technical support for data augmentation tasks. In order to compensate for the shortcomings of traditional data augmentation methods in terms of accuracy and diversity, this paper proposed a data augmentation method via large language model for relation extraction in cybersecurity named MGDA. MGDA used large language model to enhance the original data from four granularities of words, phrases, grammar, and semantics in order to ensure accuracy while improving diversity. The experimental results show that the proposed data augmentation method in this paper effectively improves the effectiveness of relationship extraction tasks in cybersecurity and diversity of generated data. Table and Figures | Reference | Related Articles | Metrics

Select

Brand-Specific Phishing Expansion and Detection Solutions WEN Weiping, ZHU Yifan, LYU Zihan, LIU Chengjie Netinfo Security    2023, 23 (12): 1-9.   DOI: 10.3969/j.issn.1671-1122.2023.12.001 Abstract （297）   HTML （53）    PDF （11070KB）（248）       Knowledge map    In recent years, both the number of phishing attacks and the losses caused by them have been increasing, and phishing attacks have become one of the main network security threats that people face. Currently, many phishing detection methods have been proposed to defend against phishing attacks, but most of the known phishing detection methods are passive detection and are prone to cause a large number of false positives. In response to the above issues, this paper proposed a phishing expansion method. Firstly, according to the phishing website information, it was analyzed in a multi-dimensional manner, and other related websites were obtained, so as to find more phishing websites that have not been discovered yet. Then, aiming at the visual counterfeiting characteristics of phishing websites, this paper proposed a phishing detection method based on deep learning, cutting the screenshots to obtain the area judged as a logo, and using EfficientNetV2 to mine visual counterfeiting characteristic. Finally, conducted a comprehensive evaluation of suspected phishing websites to reduce the false positive rate. The effectiveness of the method proposed in this paper was proved by the experimental verification of the existing phishing websites. Table and Figures | Reference | Related Articles | Metrics

Select

An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment ZHAI Peng, HE Jingsha, ZHANG Yu Netinfo Security    2024, 24 (2): 179-187.   DOI: 10.3969/j.issn.1671-1122.2024.02.002 Abstract （283）   HTML （30）    PDF （10303KB）（902）       Knowledge map    Terminal devices in the Internet of Things (IoT) environment need to identify and authenticate each other to ensure network security and data security, and authentication is the first line of defense for IoT security, and the existing traditional public key cryptosystem (PKI) is cumbersome and computationally intensive, which can not satisfy the resource-constrained, open, and distributed IoT environment well. In this paper, a blockchain-based two-way authentication scheme for IoT terminals was designed based on the SM9 identity cryptography algorithm, which could greatly satisfy the confidentiality and unforgeability based on the assumptions of the computational Diffie-Hellman hard problem, the q-Diffie-Hellman inverse problem, and the bilinear Diffie-Hellman hard problem, and was more in line with the practical application environment of the IoT. The scheme adopted the device identity as the public key, which simplified the key distribution management process. In addition, the blockchain, as a decentralized underlying storage database used to record information such as keys, certificates, signatures, etc., could be used to carry out credible endorsement for the authentication process. Through performance and Proverif formalized security analysis, and comparing several current mainstream authentication methods, the scheme can meet the time, performance and security requirements in the IoT environment. Table and Figures | Reference | Related Articles | Metrics

Select

A Privacy Preserving and Verifiable Federated Learning Scheme Based on Homomorphic Encryption LAI Chengzhe, ZHAO Yining, ZHENG Dong Netinfo Security    2024, 24 (1): 93-105.   DOI: 10.3969/j.issn.1671-1122.2024.01.009 Abstract （277）   HTML （16）    PDF （14284KB）（123）       Knowledge map    Cross-silo federated learning enables clients to collaboratively train a machine learning model by aggregating local model updates without sharing raw data. However, studies have shown that intermediate parameters transmitted during training can also leak the privacy of raw data. A curious central server may falsify or tamper with aggregation results for its own benefit. To address these issues, an anti-collusion privacy preserving and verifiable cross-silo federated learning scheme was proposed. Specifically, the intermediate parameters of each client were encrypted to protect data privacy, and key management and collaborative decryption were achieved by combining secret sharing schemes to enhance system security. Furthermore, data integrity and authentication were achieved through aggregate signatures, and the verifiability of central server aggregation gradients was ensured using polynomial commitments. Security analysis shows that the proposed scheme not only protects the privacy of intermediate parameters and verifies data integrity, but also ensures the correctness of aggregation gradients. Performance analysis shows that compared to the existing schemes, the proposed scheme can significantly reduce the communication overhead. Table and Figures | Reference | Related Articles | Metrics

Select

Network Intrusion Detection Method Based on Attention-BiTCN SUN Hongzhe, WANG Jian, WANG Peng, AN Yulong Netinfo Security    2024, 24 (2): 309-318.   DOI: 10.3969/j.issn.1671-1122.2024.02.014 Abstract （271）   HTML （21）    PDF （10903KB）（270）       Knowledge map    In order to solve the problem of low accuracy of multi-classification in network intrusion detection field, the proposed algorithm analyzed the time series characteristics of network traffic data, an intrusion detection model based on attention mechanism and bi-directional temporal convolutional network (BiTCN) was convolutional neural network. In this model, the data set was pre-processed by heat-only coding and normalization to solve the problem of strong discreteness and different scale of network traffic data, and the pre-processed data were generated into bidirectional sequence by bidirectional sliding window method, attention-bitcn model was used to extract the bidirectional temporal features and integrate them in an additive manner to obtain the fusion features enhanced by temporal information. The proposed model is experimentally verified by the datasets of NSL-KDD and UNSW-NB15, and the accuracy of multiple classification reached 99.70% and 84.07% respectively, which is superior to traditional network intrusion detection algorithms and has more significant detection performance than other deep learning models. Table and Figures | Reference | Related Articles | Metrics

Select

AFLNeTrans: Fuzzing of Protocols with State Relationship Awareness HONG Xuanquan, JIA Peng, LIU Jiayong Netinfo Security    2024, 24 (1): 121-132.   DOI: 10.3969/j.issn.1671-1122.2024.01.012 Abstract （256）   HTML （28）    PDF （14259KB）（248）       Knowledge map    Network protocols are essential components of modern communication systems, and the security testing of their implementation programs is of great importance. Fuzzing has become the mainstream method for modern vulnerability discovery, and has achieved great success in the field of software security. Traditional fuzzing still has some problems in testing network protocol implementation programs. First, since different states in network protocol implementation programs correspond to different codes, the code coverage used in traditional gray-box fuzzing cannot accurately represent the internal state of network protocol implementation programs. Second, the state guidance mechanism in existing gray-box network protocol fuzzers depends on code coverage, which cannot effectively mine the state relationships in those programs. To address the above problems, this paper proposed AFLNeTrans, a fuzzer that guides the fuzzing process by both protocol state relationships and program code coverage to improve the fuzzing effect. AFLNeTrans used state relationships as the main guidance mechanism to guide fuzzing to quickly explore more state space of network protocol implementation programs. AFLNeTrans was evaluated on a benchmark of well-known protocol fuzzers. Experimental results show that AFLNeTrans has a significant increase in the number of state transitions found, and also has an improvement in code coverage and unique_crash number compared to existing tools. Table and Figures | Reference | Related Articles | Metrics

Select

A Hierarchical Federated Learning Framework Based on Shared Dataset and Gradient Compensation LIU Jiqiang, WANG Xuewei, LIANG Mengqing, WANG Jian Netinfo Security    2023, 23 (12): 10-20.   DOI: 10.3969/j.issn.1671-1122.2023.12.002 Abstract （256）   HTML （25）    PDF （11344KB）（170）       Knowledge map    Federated learning(FL) enables vehicles to locally retain data for model training, enhancing privacy. However, due to variations in conditions such as onboard sensors and driving routes, vehicles participating in FL may exhibit different data distributions, thereby reducing model generalization and increasing convergence challenges. To ensure real-time performance, asynchronous stochastic gradient descent(SGD) techniques widely employes in Internet of vehicle. Nevertheless, the issue of gradient delay can lead to inaccuracies in model training. To address these challenges, this paper proposes a layered FL framework based on shared datasets and gradient compensation. The framework utilized shared datasets and an aggregation method weighted by ReLU values to reduce model bias. Additionally, it employed a Taylor expansion approximation of the original loss function using the gradient function to compensate for asynchronous SGD. Experimental results on the MNIST and CIFAR-10 datasets indicate that compared to FedAVG, MOON, and HierFAVG, the proposed method achieves an average accuracy improvement of 13.8%, 2.2%, and 3.5%, respectively. The time cost is only half that of both synchronous SGD and asynchronous SGD. Table and Figures | Reference | Related Articles | Metrics

Select

A Malicious Code Recognition Model Fusing Image Spatial Feature Attention Mechanism LIU Jun, WU Zhichao, WU Jian, TAN Zhenhua Netinfo Security    2023, 23 (12): 29-37.   DOI: 10.3969/j.issn.1671-1122.2023.12.004 Abstract （253）   HTML （29）    PDF （11742KB）（184）       Knowledge map    When converted into images, malicious software exhibits two prominent characteristics. Firstly, during the visualization process, black pixels are typically added to pad the end of the file, creating a distinct separation in the image between significant features (code part) and non-significant features (filled part). Secondly, there is a semantic feature correlation among code segments that is preserved in sequential pixel conversion. While existing models for malicious code detection have achieved reasonably good recognition results to some extent, they have not been specifically designed to leverage the unique traits of malicious code. Consequently, their capability to extract deep-level features from malicious images has been relatively weak and often requires complex model architectures. Therefore, this paper proposed a novel model for detecting malicious code that addressed two key characteristics of malicious images. Firstly by transforming original malicious code into images and applying preprocessing techniques. Secondly by utilizing an FA-SA module for extracting key features along with two FA-SeA modules for capturing pixel-wise correlations. This model not only simplifies the architecture but also enhances its capability for deep-level feature extraction thereby improving detection accuracy. On the Malimg dataset, our model achieves an accuracy of 96.38%, representing a 3.56% improvement compared to previous CNN-based models. Experimental results highlight the effectiveness of designing network models based on the characteristics of malicious images with significant contributions from our proposed fusion attention module towards enhancing recognition performance. Table and Figures | Reference | Related Articles | Metrics

Select

An Advanced Persistent Threat Detection Method Based on Attack Graph GAO Qingguan, ZHANG Bo, FU Anmin Netinfo Security    2023, 23 (12): 59-68.   DOI: 10.3969/j.issn.1671-1122.2023.12.007 Abstract （251）   HTML （36）    PDF （12823KB）（171）       Knowledge map    Aiming at the problem that traditional intrusion detection tools can’t detect advanced persistent threat (APT) attacks and threat alert fatigue, this paper proposed an advanced persistent threat detection method based on attack graph, which generated attack graph according to network topology, vulnerability report and other information to analyze the attacker’s behavior in advance, which effectively combated the threat alert fatigue problem. Combining adversarial tactics, techniques and common knowledge (ATT&CK) model and APT attack three-phase detection model, a scoring algorithm for missing path matching was designed to analyze and detect APT attacks from the global perspective. At the same time, a multi-attack entity association method based on grey list was designed to ensure the accuracy of the generated APT attack evidence chain. In this paper, experiments were carried out on public data sets, and the results show that ADBAG can effectively detect APT attacks and APT attacks that exploit zero-day vulnerabilities, and further locate the scope of attacks. Table and Figures | Reference | Related Articles | Metrics

Select

An Optimal Algorithm for Traffic Scheduling in SRv6 Network Based on Deep Learning ZHAO Pengcheng, YU Junqing, LI Dong Netinfo Security    2024, 24 (2): 272-281.   DOI: 10.3969/j.issn.1671-1122.2024.02.010 Abstract （235）   HTML （10）    PDF （11116KB）（65）       Knowledge map    Current traffic scheduling methods in SRv6 network are mainly based on fixed or heuristic rules, which lack of the ability to schedule overall network traffic flexibly and are difficult to adapt to dynamic network environment changes. To address the deficiency in key flow identification within SRv6 network, the article introduced a key flow identification algorithm based on deep reinforcement learning. This approach established a key flow learning model adapted to the dynamic changes of the network, identifying sets of key flows that significantly impact network performance across various traffic matrices. In response to the challenges of traffic scheduling in SRv6 network, the article developed an optimization algorithm for traffic scheduling, rooted in key flow analysis. This algorithm employed linear programming to determine the optimal explicit path for each key flow and utilized different routing methods for ordinary flows and key flows, effectively enhancing network performance. The experimental results demonstrate that the proposed traffic scheduling algorithm leads to a significant improvement in network load balancing and a substantial reduction in network end-to-end transmission delay. Table and Figures | Reference | Related Articles | Metrics

Select

Subversion Attacks and Countermeasures of SM9 Encryption OUYANG Mengdi, SUN Qinshuo, LI Fagen Netinfo Security    2024, 24 (6): 831-842.   DOI: 10.3969/j.issn.1671-1122.2024.06.002 Abstract （230）   HTML （31）    PDF （13790KB）（171）       Knowledge map    China’s independently developed identity-based encryption algorithm SM9 has been successfully selected as an ISO/IEC international standard. However, adversary can tamper components of cryptographic algorithms to undermine their security. During the initial design of SM9 encryption algorithm, such subversion attacks were not considered. Whether SM9 encryption algorithm is vulnerable to subversion attacks and how to resist subversion attacks is still an unknown issue. To answer the above question, this paper introduced a subversion attack model for identity-based encryption(IBE) and defined two properties: plaintext recoverability and undetectability. In addition, this paper implemented a subversion attack on SM9 encryption algorithm and found that an adversary could recover a plaintext with only two successive ciphertexts. Moreover, this paper proposed a subversion-resilient SM9 encryption(SR-SM9), and proved SR-SM9 was not only secure under the adaptive chosen identity and ciphertext attack(ID-IND-CCA2) but also was subversion-resilient. Finally, this paper implemented SR-SM9 based on gmalg library and Python language. Compared with SM9, SR-SM9 only adds 0.6% computation cost with no additional communication cost. Table and Figures | Reference | Related Articles | Metrics