Loading...

Table of Content

    10 July 2014, Volume 14 Issue 7 Previous Issue    Next Issue

    For Selected: Toggle Thumbnails
    A Review on Data Integrity Auditing Protocols for Data Storage in Cloud Computing
    2014, 14 (7):  1. 
    Abstract ( 369 )   PDF (1140KB) ( 756 )  
    Cloud storage is an important service provided by cloud computing, which allows data owners to move data from their local computing systems to the cloud. At the same time, owners also can access the data from the cloud server conveniently and efficiently, without the data burden of local storage and maintenance. However, this new paradigm of data hosting service also introduces new security challenges. An important problem is that how to ensure the remote data integrity in the cloud storage. So, owners and cloud servers require an independent, stable and secure auditing service to check the data integrity in the cloud. In the same time, a good auditing scheme is also required to meet the following requirements: it should support the data dynamic operation including insert, delete and modify; it should support batch auditing of multi-user and multi-server in the cloud; it also should ensure the privacy of owner's data and pay attention on efficiency about reducing the computational cost and the communication cost between data owners and cloud server. In order to promoting the storage service widely used and popularized, the focus of this paper is to review the research on cloud data integrity audit protocols, describe the related concepts and features of data integrity verification, and propose the audit model and security requirements of data integrity verification and state the present research on data integrity audit protocolsin the cloud storage. By the schemes comparison, each protocol's advantages and disadvantages are pointed out. Then this paper introduces some classical schemes and also points out the future research orientation in the field.
    Related Articles | Metrics
    The Analysis of Hardware Trojan Detection based on Scanning Voltage
    2014, 14 (7):  7. 
    Abstract ( 317 )   PDF (1139KB) ( 208 )  
    Hardware Trojan is a malicious circuit which is so tiny and covert, masking in the chip to modify the inputs and outputs’ nodes status or function of the target chip. With the increasing globalization of the design and fabrication of integrated circuits(ICs), it makes the chips easier to be inserted Hardware Trojans due to the separation of the design and production processes, which leads to the huge threat of the ICs’ security and reliability. How to detect whether the test chip containing the Hardware Trojan to ensure safety of the integrated circuits is becoming more and more important. The authors designed a kind of theft-type Hardware Trojan in the netlist of the AES encryption algorithm based on 40-nm standard cell libraries, and the size of the Hardware Trojan was about 2.7% compared with the Golden pure AES circuit (Trojan-free), then the design was analyzed through different operating voltages of the parameter of the PVT (process & voltage & temperature), which caused the different laws of the side-channel power consumption, we have found that the verification of the side-channel power consumption caused by the implanting Hardware Trojan could be overwhelmed by the working voltage jitter, so that reduced the Hardware Trojan detection efficiency. Based on the article, we present a method to manifest the side-channel power consumption of the Hardware Trojan based on the random scanning voltage, which circumvent the effects of the verification of side-channel power consumption due to the voltage fluctuation in the normal Hardware Trojan detection, and achieve the goal of the Hardware Trojan’s detection.
    Related Articles | Metrics
    Detecting on the Copy and Paste Tampering of Digital Image based on Circular Descriptor Operator of CSIFT
    2014, 14 (7):  12. 
    Abstract ( 371 )   PDF (1115KB) ( 255 )  
    With the rapid development of image processing technology, the functionality of digital image processing software also has promtoted sharply,even ordinary people can easily distort the image content. Content of an image can no longer be convincing, the nature of reversing the truth of image tampering increases social inequity. and the harm of image tampering becomes increasingly serious. Among the image tampering means, copy and paste is the most common and also the most hidden. Copy and paste tampering of image is mainly divided into the tampering in the same image and in the different images.This paper focus on the copy and paste tampering in the same image.To solve the problem of small range of application and low efficiency of the existing SIFT algorithm that is applied in copy and paste tampering in digital image, a detecting algorithm that is based on circular descriptor operator of CSIFT for the copy and paste tampering of digital image is presented by analyzing the principle of SIFT algorithm . In this algorithm, color invariant gradient direction as the direction feature is used to extend scope of application of algorithm and low -dimensional circular descriptor operator is used as feature matching to low the feature dimensions .A large number of experiments show that the algorithm has better detection quality and detection efficiency compared with the SIFT algorithm.
    Related Articles | Metrics
    The Design and Implementation for the Detection System of the SQL Injection Attack based on the Windows Environment
    2014, 14 (7):  16. 
    Abstract ( 418 )   PDF (922KB) ( 430 )  
    With the wide use of Web applications and services based on the Internet, the fraction of attacks using some bugs of Web applications is increasing, compared to all types of attacks. The SQL injection attack has become the most important hidden danger of threatening the Web security. In order to prevent the harm of SQL injection attack to network information, a detection system of the SQL injection attack has been designed and implemented based on the Windows environment. According to the SQL grammar structure, under the help of tree structure, this system extracts a set of keyword library of SQL injection attacks detection by split and classification of the injected SQL grammar, finding the features of each type, and use keyword matching technology. It finally designed a test system based on C/C++language. The system includes both online and offline modes, and it is on the basis of keyword library and dangerous IP library. The online mode can test the data packages that are obtained randomly. The offline mode can analyze and test the data packages of different types of packet sniffing tools. The experiment results show that the system has high accuracy rate (up to 92%) of detection for dangerous packets and can support the data package file format generated by Wireshark and TCPDUMP. So this system has the good actual significance for preventing SQL injection attacks. The false alarm rate is only 0.6 per cent.
    Related Articles | Metrics
    Analysis and Exploit of CSRSS Vulnerabilities based on Windows
    2014, 14 (7):  20. 
    Abstract ( 363 )   PDF (1126KB) ( 749 )  
    With advances in technology, Windows operating system has improved steadily. The combination of many memory protection mechanisms makes the traditional buffer-overflow-based attacks to be more useless. In this case, the kernel vulnerabilities can be used to break through the security line of defense as a starting point. If these vulnerabilities are used by viruses and Trojans, the defense of security software will be collapsed. That means a heavy blow to the system security. Since the Microsoft Windows NT's development, the operating system has been designed to support a number of different subsystems, such as POSIX or OS/2. This paper opens a series of CSRSS-oriented study, aiming at describing the uncovered CSRSS mechanism internals. Although some great research has already been carried out by some articles, no thorough case study is available until now. This paper covers both the very basic ideas and their implementations, as well as the recent CSRSS changes applied in modern operating systems. In addition, standing on the point of safety, in this paper, the Windows kernel vulnerabilities are classified, a set of vulnerability research process is presented. According to the process, this article studies local privilege escalation vulnerability and denial of service vulnerability about CSRSS. Through the analysis of the CVE011281 vulnerability, use-after-free exploit not only appears in the browser vulnerabilities, but also in the software of the system.
    Related Articles | Metrics
    ADetection System of Android Application based on Permission Analysis
    2014, 14 (7):  30. 
    Abstract ( 274 )   PDF (1024KB) ( 294 )  
    As the openness of the Android platform lead to the privacy leaks and property damage of users, a novel detection system based on permission analysis for Android applications is proposed in this paper, which can be incorporated with computer terminals and mobile terminals. The proposed detection system can not only detect the whole permission information of applications but also help users check all the applications possess sensitive permission. In addition, the detection system provides secondary judgement so that the information and property security of the users are guaranteed.
    Through the security mechanism of Android, based on the potential safety hazard analysis of the phenomenon, this paper designs and developes a system which could dectect the uninstalled APK files and the installed APP application. This system can detect the application software for the accurate access number and detailed list of permissions, and through the method of establishing the database for each authority and supplemented by security problems can be caused in detail, to understand instructions, so that ordinary users without professional knowledge can also understand the right to apply for a role, improve safety awareness application the user of the program. In addition, the system also provides user application screening for sensitive permissions, which lists all the applications that uses the sensitive permissions, so as to assist the user to check the malicious software.
    Related Articles | Metrics
    Design and Implementation of the Web Firewall System based on ISAPI Filter
    2014, 14 (7):  35. 
    Abstract ( 297 )   PDF (1050KB) ( 225 )  
    With the development of Internet, malicious users attack Web sites by using leaks which exit in Web applications to achieve accessing to information, implanting trojans and virus, camouflaging fishing sites, inserting malicious advertising and other illegal operations. These malicious behaviours damage the profit of the legal users and reduce the credibility of the site.With the increasment of Web attacks , the security risks of websites have reached unprecedented levels. According to the security problems of Web sites, basing on the HTTP protocol model, combining with the URL parsed technique and core extension technique of Web server, the paper designs and implements the WAF system based on ISAPI filter. The system can resist a variety of network attacks, and can protect IIS Web sites basing on the HTTP protocol. The system contains three modules, they are configuration module, filtration module and log module. This paper introduces the design and implementation of the filtration module in detail. The system mainly implements the following functions: filtering the type of HTTP request, restricting the length of HTTP head, forbidding SQL injection, forbidding Cookie injection, forbidding XSS attack, prohibiting the scan of sensitive directory, filtering the type of files and IP blacklist. The System can detect Web attacks effectively and can response correctly. At last, the system testing environment is set up to achieve function test, The result of the test shows that the system can filter Web attacks and react as expected. The system can meet the requirement, and it has high practical value.
    Related Articles | Metrics
    Summarizing and Comparison of the Algorithms for the Order of Jacobian Group of Elliptic Curves over Finite Fields
    2014, 14 (7):  41. 
    Abstract ( 460 )   PDF (1972KB) ( 827 )  
    For the research of elliptic curve cryptography (ECC). both the theory of ECC and the standardization and industrialization of ECC are mature. In the design of ECC, the selection of a secure elliptic curve is the foundation of ECC implementation, and is also important to ensure its safety. At present, the method of random selection is considered as one of the best methods for finding a security elliptic curve. The core idea of finding security elliptic curve is to compute the order of Jacobian group of the random elliptic curve over finite fields. This paper mainly introduces several kinds of classic algorithms to compute the order of Jacobian group of the elliptic curves: Schoof algorithm, SEA algorithm, Satoh algorithm, and AGM algorithm. For the Schoof algorithm, the improved algorithms based on discrete logarithm problem are put forward: the improved algorithms of Kangaroo algorithm and Big step gain step (BSGS) algorithm, and the experimental results illustrate the accelerated algorithms improve the running time. For SEA algorithm, this paper also presents its BSGS improved algorithm, analyzing and comparing the efficiency of original SEA algorithm and BSGS improved algorithm through an example. For Satoh algorithm and AGM algorithm, the paper introduce the theoretical basis and the concrete implementation of the algorithms, comparing their advantages and applicable conditions.
    Related Articles | Metrics
    The Design and Implementation of An Analysis System of Network Protocol
    2014, 14 (7):  48. 
    Abstract ( 451 )   PDF (1048KB) ( 705 )  
    With the rapid development of the internet technology, the internet technology plays a more and more important role in people's daily life. The mobile Internet security problem is more and more prominent because of the integration of the mobile Internet and Internet. The network protocol, which is the core of the framework of the internet communication is widely attention nowadays. Network protocol analysis system can eliminate the network faults and optimize network in order to improve the security of the internet. In view of the research significance and the practical value of the network protocols, the network protocol are analyzed in detail in this paper. This paper first briefly introduces the common analysis platforms of the network protocol and then introduces the WinPcap technique. This paper has designed the analysis system of the network protocol by using of the powerful programming functions of the WinPcap technique, and the two modules of the analysis system of the network protocol has carried on the detailed design and implementation. In Android mobile phone access to the internet, for example, it can cycle to capture packets and analyze the typical network protocols. Experimental results show that the system can provide a basic tool to solve the problems of network security of mobile intelligent terminals.
    Related Articles | Metrics
    Security Analysis and Improvement based on EAP-AKA Protocol
    2014, 14 (7):  53. 
    Abstract ( 431 )   PDF (983KB) ( 273 )  
    In recent years, basing on 3G network and WLAN as the main representative of the wireless network technology which achieved a major breakthrough, 3G network can provide better roaming service in wide area, but the transmission data rate and network bandwidth is small, while the WLAN can provide higher data transmission speed and lower prices, but the network range is small, therefore, both 3G network and WLAN fusion can complement each other very well, which is to achieve a more efficient mode of high speed access. So the 3GPP puts forward a set of scheme for 3G based on WLAN neural network, and designs the Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA). But after a lot of practice and research findings, the EAP-AKA protocol has some security flaws and this paper analyzes the EAP-AKA protocol and security, and points out security flaws in protocol, which especially the user identity will be exposed leading to track attack caused by identity leakage and the lack of authentication of wireless local area network (WLAN) access network and plaintext transmission session key causes WLAN to lose communication process of confidentiality and integrity, which proposes a WLAN access network by adding a public key and an anonymous technology, completes on the WLAN access network authentication, and avoids exposure for the user identity information, and encrypts the session key to ensure to provide security for the user's network service.
    Related Articles | Metrics
    Data Access Control Protocol for the Cloud Computing based on Ciphertext-policy Attribute based Encryption (CP-ABE)
    2014, 14 (7):  57. 
    Abstract ( 599 )   PDF (1360KB) ( 371 )  
    Cloud computing provides an emerging data interactive paradigm, and realizes users’ data remote storage, sharing and computing. Due to the system complexity, network openness, resource concentration, and data sensitivity, the process of the user accessing the cloud server is suffering from severe security threats, which make that the cloud data protection becomes an important issue. This work first introduces the system components, trust model, and attack model, and proposes a ciphertext-policy attribute based encryption (CP-ABE) based data access control protocol to achieve data protection. The proposed protocol applies the semi-group property of Chebyshev chaotic map for authentication, and adopts lightweight CP-ABE scheme for authorization. Meanwhile, the security mechanisms including authentication, access control, and forward security are applied to achieve user identification and data access control. According to the storage requirement analysis, the protocol owns fixed storage requirements in the attribute set and key, avoiding the linear growth of massive data interaction. It turns out that the protocol is secure, reliable and flexible for the large-scale data interactions in the cloud environments.
    Related Articles | Metrics
    A Performance Analysis of Vehicle-to-Vehicle Communication System in the Internet of Vehicle
    2014, 14 (7):  61. 
    Abstract ( 331 )   PDF (1074KB) ( 475 )  
    The vehicle-to-vehicle communication system in the internet of vehicle would play an extremely important role in future intelligent transportation system and become an indispensable part in future society. The average symbol error probability (ASEP) of vehicle-to-vehicle communication system employing transmit antenna selection (TAS) and orthogonal space-time block code (OSTBC) under double-Rayleigh fading channels is investigated in this paper. Based on the scalar additive white Gaussian noise (AWGN) channel approach, the exact form expressions of the signal-to-noise ratio (SNR) at the receiving end are derived for multiple quadrature amplitude modulation (MQAM), and multiple phase shift keying modulation (MPSK). Then the ASEP performance under different conditions was evaluated through numerical simulations. Simulation results show that: the ASEP performance can be improved with the increase of the number of transmit antennas or receive antennas, when SNR=6dB, the ASEP of (3,3;6) with QPSK is 2×10, (4,4;8) is 2×10, (5,5;10) is 2×10.
    Related Articles | Metrics
    Research on Energy Consumption of Wireless Sensor Network based on an Improved ROS Algorithm
    2014, 14 (7):  65. 
    Abstract ( 319 )   PDF (1142KB) ( 619 )  
    Paired broadcast synchronization (PBS) is an important synchronization protocol for wireless sensor (WSNs). Because of the limited size, limited communication ability, the lower storage space, and limited energy, it is very necessary for traditional clock synchronization protocol to improve. Therefore, the clock synchronization algorithm in wireless sensor network will be of great significance. By studying single cluster network synchronization, the multi-cluster network synchronization is proposed, and cites (Network-wide Pair selection Algorithm) NPA and (Group-wise Pair selection Algorithm) GPA algorithms in this paper, and make a simulation comparison between them. The results show: in the case of less sensor nodes, NPA algorithm and GPA algorithm nearly play the same performance in processing the message in the network; in the case of many more sensor nodes, GPA algorithm is obviously better than NPA algorithm based on information processing process, greatly reducing the message the number of packets. Finally, new promising study field is proposed based on the PBS.
    Related Articles | Metrics
    Chinese Keyword Fuzzy Search over Encrypted Cloud Data
    2014, 14 (7):  69. 
    Abstract ( 554 )   PDF (1262KB) ( 559 )  
    With more and more people put the data and information on the cloud servers, people are increasingly putting more and more attention on the safety and reliability while they enjoy the convenient services. Due to the special nature of ciphertext, research on searchable encryption is produced. For the lack of Chinese keyword search in searchable encryption, Chinese keyword fuzzy search scheme is proposed in this paper. Currently searchable encryption schemes solve the English keyword secure and fast fuzzy search in ciphertext environment. Due to the special nature of Chinese keyword, If an edit distance is used to represent the difference between any two Chinese keywords in the sane way on the English keyword, it will increase the degree of fuzzy in matching process. so the existing program does not apply to Chinese keywords search in ciphertext environment. Basing on the use of Pinyin-based edit distance to measure the similarity of chinese character string, a Chinese-Gram-based is proposed in this paper, improving the existing search index structure, proposing trapdoor search index based on the structure of n-ary tree and improving the search efficiency. Safety analysis shows that the scheme meets the user data confidentiality and privacy of queries, The experiment shows the efficiency of the search feasibility and efficiency of the program in Chinese keyword fuzzy search technology.
    Related Articles | Metrics
    An Improved Scheme of CHAP
    2014, 14 (7):  75. 
    Abstract ( 315 )   PDF (930KB) ( 293 )  
    As the popularity of computer technology and the rapid development of Internet, computer network have penetrated into all aspects of social life. However, the network environment is filled with complexity and uncertainty because of its globalization and opening, which makes it suffer variety of attacks and fake. Therefore, it has been a problem that how to ensure computer network security, which has become the focus that all the country concern. Identity authentication is the indispensable part to construct network information system security, as well as the basis of information security. Currently, digital signature authentication and password authentication are common identity authentication methods. Certificate-based digital signature provides high security, which requires a complete certificate-based system correspondingly. As one of the earliest authentication technology, identity authentication based on password has been widely developed and applied for its simplicity and practicality, which has been one of the most important branches in the network security. Instead of tradi-tional static password authentication with obvious security weakness, dynamic password technology came into existence. It is raised as a way of certification where the password changes randomly every time. In order to im-prove the safety of the login process, uncertain factors are added in the password so that the information which is transferred during certification process is different. In light of the security vulnerability of static password authentication and based on thorough analysis of advantages and disadvantages on traditional CHAP dynamic password authentication scheme and a series of derivative schemes, this paper illustrates an improved CHAP dynamic password mutual authentication protocol, which combines secure hash function and exclusive operation, at the same time introduces interference factor protection. This scheme is divided into three stages: user registration, login authentication and password change. Mutual authentication between server and client is achieved by a three-way handshake exclusively. Compared with other typical improved CHAP scheme, this scheme not only achieve mutual authentication between server and client under the network environment, but also has the advantages of high safety, strong practicability, low cost etc.,. Performance and security testing proves that the scheme can effectively resist most traditional network attacks, which can be used as identity authentication protocol in most insecure network channels, particularly small and medium-sized ecommerce websites because of its small communication, high flexibility.
    Related Articles | Metrics
    Approach of Information Security Assessment for Railway Internet Ticketing System based on BP Model of Artificial Neural Network
    2014, 14 (7):  81. 
    Abstract ( 320 )   PDF (1280KB) ( 280 )  
    Railway internet ticketing system had replaced the conventional ticket transaction method which was playing an important part in railway transportation production. As a result of the Internet-based character, railway internet ticketing system was facing several levels of security risks and threats such as overt aggressions and virus infections. Once the system was break down, a great negative impact would be brought to the society. Based on the threats referred, scientific methods and tools need to be used to analyze the threats vulnerability of the system; consequences caused by the security incidents should also be evaluated once the accidents occurred. Protection countermeasures and corrective measures against threats should be proposed to control and mitigate information security risks which should bring the threats to an acceptable level. Artificial neural networks (ANN) has intelligent character such as autonomously access knowledge which can better deal with uncertainty and nonlinear problems, and it had been wildly applied in information security risk assessment in many industries. Compared with other ANN, the BP neural network had a good nonlinear mapping ability including self-learning and adaptive capacities. First, using the 3-layer neural network can approximate any nonlinear arbitrary precision continuous functions, making it suitable for solving complex problems. Second, the output can be automatically extracted "Reasonable Rules" between output data during the training process, and the learning content can adaptively memory the rules on the weights in the network. As a result, an evaluation mode was proposed by using artificial neural network based on BP model in view of safety menace of railway internet ticketing system, the major safety menaces of internet ticketing system were used as the training samples; an experiment was conducted by using the trained BP artificial neural network to evaluate the security of the internet ticketing system. The experiment results show that the proposed evaluation model can indicate the practical status of internet ticketing system precisely. It is highly adaptive and fault-tolerant.
    Related Articles | Metrics
    Fast Parallel Sollin's Algorithm for Minimum Spanning Tree on the GPU
    2014, 14 (7):  87. 
    Abstract ( 418 )   PDF (970KB) ( 324 )  
    Prim's algorithm and Kruskal's algorithm are two common ones for minimum spanning tree which has a wild application in computer networks, information security, and so on. However, due to the data structures and the interactive processes of these two algorithms, it is difficult to make them parallelized with the help of general parallel algorithm on GPU. Sollin’s algorithm, old though it is, on the other hand, can expand several spanning trees independently at the same time during iteration, which finally turns the forest into a MST after times of iteration. It is much easy for acceleration using the general parallel algorithm on GPU for it has such characteristics. It is for this reason that we present a novel parallel Sollin’s algorithm on the GPU. We design the data structure for Sollin’s algorithm in consideration of parallelism of GPU and then do some parallelization which is based on a fast algorithm for tree mergence. We adopt several groups of data of different scales to test our algorithms. The experimental results show that this method achieves an acceleration of 10 to 18 compared with the traditional CPU-based one when the data are of a large scale.
    Related Articles | Metrics