Loading...

Table of Content

    10 January 2015, Volume 15 Issue 1 Previous Issue    Next Issue

    For Selected: Toggle Thumbnails
    Research and Improvement on Constructing Method of A Trusted Virtualization Platform
    LI Hai-wei, FAN Bo, LI Wen-feng
    2015, 15 (1):  1-5.  doi: 10.3969/j.issn.1671-1122.2015.01.001
    Abstract ( 468 )   HTML ( 4 )  

    In order to reduce the size of the virtual trusted platform module (vTPM) instances and trusted computing base(TCB) of system software in virtual environment, and further to protect the confidentiality, integrity and security of the vTPM components, and solve the problem that the credibility boundariesare difficult to define under the traditional virtual trusted computing platform , this paper presents a new method and model to build credible virtual platform. Firstly, in order to prevent the attacks from malicious software and memory sniffer in Domain 0, the domain management tool of weak security in the user space of Xen privilege domain Domain 0 and the related components of vTPM are placed in a trusted domain Domain T. As the security services implementation framework above the Xen virtualization layer, Domain T can provide a higher level of security protection for the related components of vTPM. Secondly, by refactoring the management and the control application software with the privileges in Domain 0, the user space of Domain 0 is separated from the trusted computing base, and then the size of the trusted computing base of trusted virtual platform is reduced. Finally, a new trusted chain construction model based on the trusted virtual platform is designed and implemented. By comparing with the traditional trusted virtual platform, the system can effectively implement the integration of virtualization technology and trusted computing technology, and implement to run simultaneously multiple operating systems of different credible level on a physical platform, while guaranteeing each operating system having functions such as credible certification.

    Figures and Tables | References | Related Articles | Metrics
    New Trend of Information Security in Industrial Control Systems
    WANG Xiao-shan, YANG An, SHI Zhi-qiang, SUN Li-min
    2015, 15 (1):  6-11.  doi: 10.3969/j.issn.1671-1122.2015.01.002
    Abstract ( 489 )   HTML ( 14 )  

    With the rapid development of science and technology and the continuous fusion of industrialization and informatization, industrial control systems (ICSs) are more and more adopting standard, universal communication protocols and software/hardware systems, and being connected to the Internet in various manners. It breaks the original closure and exclusiveness of these systems, and causes security threats (such as viruses and trojans) to spread promptly into the field of industrial control. ICSs are encountered with increasingly serious information security threats that show different features from those of traditional IT systems. To briefly introduce the new trends and achievements in the field of ICS security research today, this paper presents the definition and 3-level architecture of ICSs, brings in the problem of ICS security, and elaborates the distribution and tendency of the security problem by detailed data. After that, this paper focuses on introducing the international conference ICS-CSR that is dedicated to the field of ICS information security from the viewpoint of academic research. By comparing the papers collected in the first and second ICS-CSR conferences, this paper investigates in detail on the issues of attackers and attack vectors, detection and response of cyber attacks, security modeling and vulnerability analysis of systems, and the socio-technical nature of ICSs, summarizes the main problems, ideas, approaches and conclusions in the research of ICS security, and presents the current situation and future direction of this field. Finally, this paper proposes the security concept of defense-in-depth, according to which a comprehensive defending system composed of boundary system, protection system and safety system is established aiming to provide ICSs with omni-directional, multi-layered and whole life-circle protection.

    Figures and Tables | References | Related Articles | Metrics
    Study on Selection of the Antenna Array in Compass Navigation System
    LIU Bao-guo, XU Ling-wei, ZHANG Hao, GULLIVER T A
    2015, 15 (1):  12-15.  doi: 10.3969/j.issn.1671-1122.2015.01.003
    Abstract ( 496 )   HTML ( 2 )  

    Compass navigation system has increasingly played more and more important roles in the military and civil navigation. Although the signal of compass using a spread spectrum technique makes it own a certain degree of interference margin, it still can be affected sensitively by interference due to its weak signal power. The diversity of interference makes anti-jamming difficulty by just using either time domain filtering technology or space domain filtering technology. Among all interferences, broadband interference is most influential and most difficult to overcome. To solve these problems, we use Space-Time adaptive processing technique in this article and it is more useful comparing with time domain filtering technology or space domain filtering technology or frequency domain filtering technology as it increases the degrees of freedom without increasing the number of antenna. However different antenna array has different influence using Space-Time adaptive processing technique. So in this article we have discussed the space-time responses of different antenna array and improvement factor of each antenna array. The simulation shows that circular antenna array plays better in anti-jamming process. It could provide a theoretical foundation in the design of BeiDou receiver.

    Figures and Tables | References | Related Articles | Metrics
    Research on Security Event Real-time Monitoring Framework Based on Micro-blog
    LI Ling-yun, AO Ji, QIAO Zhi, LI Jian
    2015, 15 (1):  16-23.  doi: 10.3969/j.issn.1671-1122.2015.01.004
    Abstract ( 454 )   HTML ( 0 )  

    According to the discipline of event’s development and the social characteristic of event’s propagation, this paper proposes a framework of real-time monitoring events which propagating on micro-blog, based on the theory of social sensor network, and this framework includes several key algorithms, such as abnormal detection algorithm, geography location positioning algorithm, related events recommendation algorithm, and event correlation analysis algorithm. Based on this framework, this paper develops and implements a real-time monitoring system about micro-blog events. This system applies hybrid web crawler and the way of open API interface to capture micro-blog data, and also implements the event retrieval module, real-time monitoring module and hot topic module. This system also displays the result information of micro-blog event in multiple dimensions, and operates stably. In conclusion, this paper is to explore the field of spatial-temporal correlation between the virtual network and the physical world, monitor the specific "event", and position its location before outbreak, and provide early warning.

    Figures and Tables | References | Related Articles | Metrics
    Survey on LWE-based Fully Homomorphic Encryption Scheme
    LV Hai-feng, DING Yong, DAI Hong-yan, LI Xin-guo
    2015, 15 (1):  32-38.  doi: 10.3969/j.issn.1671-1122.2015.01.006
    Abstract ( 746 )   HTML ( 28 )  

    This paper introduced history and current situation in fully homomorphic encryption (FHE). We analyzed the idea and methods of constructing FHE scheme, and classified the main techniques that are used to construct FHE scheme. Then this paper summarized LWE-based fully homomorphic encryption scheme, firstly, a somewhat homomorphic encryption schemes is constructed by using a re-linearization technique, secondly, dimension-modulus reduction technique is utilized to reduce the size of ciphertexts and decryption circuit complexity, combined bootstrappable technology to achieve full homomorphic encryption. It mainly analyzed three aspects which from noise problem, parameters and performance as well as security. At last we compared with the fully homomorphic encryption over the integers, which from two aspects of performance and security, and point out the essence of the way to construct FHE and the main problems that need to be solved at present. We hope this paper can provide guidance for further in-depth study of fully homomorphic encryption.

    Figures and Tables | References | Related Articles | Metrics
    Research on Location Anonymity Method Based on Continuous Location Services Requests
    WU Yan-na, ZHAO Ze-mao
    2015, 15 (1):  39-44.  doi: 10.3969/j.issn.1671-1122.2015.01.007
    Abstract ( 416 )   HTML ( 1 )  

    With the vigorous development of the wireless technology and mobile localization technology, a new research field, location-based service (LBS), is opened up. When users are enjoying this kind of service, they will have to send their precise position information to service providers. In other words, they may face the risk of location privacies let out. Location k- anonymity is one of the most common location privacy protection technologies, which achieves the purpose of privacy protection by generalizing the user’s precise position information to be an area with k-anonymity nature. But when the moving user keeps delivering queries of location-based service, the attacker can infer the user’s privacy information according to the user’s history requests. Thus the traditional isolated k- anonymity model is failed. On the premise of meeting the user’s prescribed anonymous degree requirement, this paper puts forward an optimized k-anonymity model, which can use the user’s historical position information in the active region to look for k-1 users who appear most frequently and have the densest position distribution to constitute the common anonymities set. The experimental result shows that the method can effectively reduce the area of the common anonymous region on the premise of guaranteeing the user’s prescribed anonymous degree.

    Figures and Tables | References | Related Articles | Metrics
    Research of Signature Extraction Algorithms for Mobile Applications
    CHEN Yi-fu, LIU Ji-qiang
    2015, 15 (1):  45-50.  doi: 10.3969/j.issn.1671-1122.2015.01.008
    Abstract ( 454 )   HTML ( 5 )  

    With the popularization and development of mobile Internet, new applications continue to emerge with wide range of application. Network security and traffic management of the mobile Internet is becoming increasingly important, and its application regulation and flow control is based on mobile application identification. Deep Packet Inspection technology is one of the highest accuracy application layer identification method, which requires accurate application protocol significances, and efficiency and accuracy of generating signatures determine the merits of identification system. Therefore, efficient and accurate automated application signatures extraction has a very important significance. In this paper, the algorithm complexity and sensitivity of the current main signatures extraction algorithms are compared and analyzed; and through experimental studies, the performance simulation results of different algorithms are given respectively, provides a reference for the selection of mobile applications signatures extraction algorithms based on the payload, and has certain guidance value of research and application.

    Figures and Tables | References | Related Articles | Metrics
    Transition Design of Relational Database into HBase
    LI Qing-yun, YU Wen
    2015, 15 (1):  51-55.  doi: 10.3969/j.issn.1671-1122.2015.01.009
    Abstract ( 479 )   HTML ( 0 )  

    With the rapid development of information technology, in recent years a lot of new technology emerged. These technology attracted the attention of numerous scholars such as cloud computing and Internet of things. Before the cloud was not in vogue, the Internet and the rapid popularization of mobile terminals have brought explosive growth in data volume. There is no doubt that the emergence of cloud computing and mobile Internet popularity contributed to the Big data hotspots. The huge, valuable data and Big data technology have will bring enterprise double the revenue. More and more enterprises and try to Big data, and began to put into use. Big data has a very large scale, unstructured, variety and other characteristics, and it’s storage technology and traditional relational database management system (RDBMS) is completely different technologies. As for most of the enterprises, systems used employed traditional relational database, which is greatly different from the newly and important NoSQL. Now, it’s the designers’ task to figure out how to complete the transformation from traditional data to this kind of data, and design a new data model to conform to the new storage system. In this paper, we introduced a distributed storage system that very important for Big Data - HBase, which is a kind of storage system based on open source implementation of BigTable designed by Google engineers. And then discussed how to better transform the data on the RDBMS to date conformed to the HBase data model, so as to meet the requirements of the characteristic of HBase and requirement of the Big Data.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight LAN Information Security Protection Mechanism Based on Cloud Security
    CHENG Jun-lu, YANG Yang, QIN Peng-yu, CHENG Jiu-jun
    2015, 15 (1):  56-60.  doi: 10.3969/j.issn.1671-1122.2015.01.010
    Abstract ( 424 )   HTML ( 2 )  

    This paper designed and implemented a cloud-based lightweight local area network (LAN) information security protection mechanism. This mechanism mainly protects the safety of routers inside a LAN by capturing the illegal packets which trying to modify configurations of routers and warning the users. Some computer acts as the detector in the cloud, maintains a database containing configurations, such as black and white lists of DNS servers, scans every terminals in the network periodically, lookups their configurations, compares them with data in the database and resets them if necessary according to the rules or warns the administrator. It borrowed the idea of cloud security in the Internet and applied to intranets and makes up the malpractice of normal intrusion detection system lacking of analysis on application layer. It is very friendly to normal users, as they don’t need a lot of information security knowledge, which results in a wide application foreground in home LANs.

    Figures and Tables | References | Related Articles | Metrics
    A Risk Assessment Model of Intrusion Detection for Web Applications Based on Web Server Logs and Website Parameters
    HE Peng-cheng, FANG Yong
    2015, 15 (1):  61-65.  doi: 10.3969/j.issn.1671-1122.2015.01.011
    Abstract ( 379 )   HTML ( 5 )  

    With the development of network technology, surfing the internet is not as safe as it was before. A growing number of web application vulnerabilities result that a lot of websites face the risk of intrusion. To maintain the safety of the site, many intrusion detection related approaches have been proposed. Most of these approaches are based on real-time system, which can intercept and prevent the occurrence of attacks timely, but once a website has been invaded, these methods will not work. Alternatively, there are also some intrusion detection methods based on non-real-time system, which are applied after the sites have been invaded. These systems can target the source of attacks but it is difficult for them to detect the grade of the risk that Web system suffered because the risks faced by each site are not the same. On the basis of Web logs and Web parameters, this paper proposes an improved risk assessment model for non-real-time intrusion detection. This model can define various assessment strategies according to different website parameter. The strategy will assign a weight for every kind of attack. Through the attack information that these weights and web logs match, the system can calculate the fuzzy value, which could be used to reflect the level of the threat that the system suffers under this kind of attack. The result of the experiment suggests that our study can efficiently detect the level of the threat that website suffers from the intrusion, which is of great help to maintain the security of website and prevent Hackers' attack.

    Figures and Tables | References | Related Articles | Metrics
    Research Progress for DNA Cryptography
    LIANG Chao, YANG Jing, ZHANG Cheng
    2015, 15 (1):  66-71.  doi: 10.3969/j.issn.1671-1122.2015.01.012
    Abstract ( 425 )   HTML ( 24 )  

    In recent years, cryptography has been a hot topic in the field of information secure. Due to immense information storage density, ultra-low power consumption and hugely parallel processing speed of DNA molecule, DNA molecular computational capability has attracted widespread attentions. DNA molecular computing is related to biology, computer science, and math. There are many research areas about DNA molecular computing. Especially in the aspect of cryptography study, breaking traditional cryptosystems with DNA molecular computing, combining the new technologies with the traditional ones to build more reliable cryptosystems bring challenges and chances to the existing cryptosystems. This paper depicts how to construct the DNA computing models which are used to break the traditional cryptosystems of DES, RSA and NTRU, proposes the new model of encryption and decryption with the cryptography principle such as the one-time pad encryption. In addition, the drawbacks and perspective of DNA cryptography are also proposed in this paper.

    Figures and Tables | References | Related Articles | Metrics
    A Cancelable Fingerprint Template Protection Scheme
    TANG Yu, LIU Jia-yong, TANG Dian-hua
    2015, 15 (1):  72-75.  doi: 10.3969/j.issn.1671-1122.2015.01.013
    Abstract ( 422 )   HTML ( 0 )  

    In a fingerprint authentication system, the user's privacy and security would be threatened when attacker obtain user's fingerprint template, therefore, the fingerprint template protection has become a key link.Although many fingerprint template protection methods have been proposed, it is still a challenging task to devise a scheme which satisfies both diversity, revocable, irreversible and high-performance. This paper proposes a cancelable fingerprint template protection scheme which generates a revocable bit-string template from a set of minutiae points. The main idea is to choose a minutiae point as reference point,comparing with all other minutiae points to get relative distance and direction Angle, then, mapping the minutiae into a 2 dimensional polar grid which consist of small cells and finding out which cells include minutiae. Changing the user's password to generate new bit-string template when the bit-string template has been revealed. Because of the transformation process is irreversible, so the attacker can't restore the original fingerprint information by bit-string template.This method could protect the privacy of users. In the experiments,testing this method and S.Wang's method which has been presented by the FVC2004 DB1 and FVC2004 DB1 database, the experimental results showed that the proposed method is superior and higher security than S. Wang's method.

    Figures and Tables | References | Related Articles | Metrics
    Summary of Mobile Office Security Solution Based on Android Platform
    ZHU Xiao-yun, HU Ai-qun, XING Yue-xiu, ZHAO Ran
    2015, 15 (1):  76-83.  doi: 10.3969/j.issn.1671-1122.2015.01.014
    Abstract ( 352 )   HTML ( 2 )  

    With the wide use of mobile device, mobile office becomes the trend of office mode. However, there are many drawbacks, which may lead to loss of user information and disclosure of corporate data, in existing mobile office solutions. The author deeply analyzed the solutions to the improvement of security of mobile office and gave corresponding suggestions, which is based on Android platform. According to android system architecture, security mechanisms and its flaws, the author introduced several typical mobile office security systems developed by APPERIAN, Vmware and Samsung Corporation. On the basis of this, the article summarized the safety architecture of several popular mobile office security systems and compares the advantages and disadvantages of these solutions. Meanwhile, this article elaborated security measures related to the mobile office from the aspects of security isolation, secure access and secures storage. We also summarized virtualization technology solutions, hierarchical isolation technology solutions, dual system and complete dual system solutions. Then, the author analyzed the role in enhancing system security of VPN technology, database encryption and access control technology. Finally, some conclusions have been drew that in order to carry out mobile office effectively and safely, related institutions could create a safe operating environment and ensure secure access to corporate networks, secure storage of enterprise data and secure isolation between business and personal affairs.

    Figures and Tables | References | Related Articles | Metrics