Loading...
Netinfo Security

Table of Content

    10 October 2014, Volume 14 Issue 10 Previous Issue    Next Issue
    Orignal Article
    For Selected: Toggle Thumbnails
    Orignal Article
    A Model of Source Code Security Investigation Based on Trusted Computing Technology
    ZHANG Yi, WANG Wei, WANG Liu-cheng, HAO Mei-ci
    2014, 14 (10):  1-6.  doi: 10.3969/j.issn.1671-1122.2014.10.001
    Abstract ( 447 )   HTML ( 1 )   PDF (7665KB) ( 67 )  
    In the stage of large-scale software engineering development, the scale of source code has become increased. With the surge in the number of the source code, the code is more complex logic, calling more complicated relationship between each other and more security vulnerabilities. Conventional manual inspection and debugging have been unable to meet the huge demand for system software review. At this point, this paper introduces the principle of the investigation code’s security, and proposed a new investigation module based on trusted computing technology. This module uses the trusted measurement method in trusted computing and access control method used in secure operation system, to detect some unsafe access to resources, which doesn’t meet the trusted computing standards. In this way it can avoid calling some untrusted procedure, keep malicious codes away from the system, and make the source codes meet the trusted computing standard. The module makes classifications on different codes by their actual privileges. With this module, source code can meet the trusted computing standard, and unsafe access to the system by some malicious codes could be avoided.
    References | Related Articles | Metrics
    An Improved Method of MP3 Passive Forgery Detection
    YANG Jing, FAN Meng-di, GAO Xiong-zhi, REN Yan-zhen
    2014, 14 (10):  7-10.  doi: 10.3969/j.issn.1671-1122.2014.10.002
    Abstract ( 417 )   HTML ( 1 )   PDF (4622KB) ( 130 )  
    With the development of multimedia technology and recording equipments, recording material as objective evidence increasingly appears in court trail and investigation. If the recording material becomes a judgment, it must ensure that the evidence has not been spliced or forged. In audio forensics, tamper localization is an important part of signal interpolation detection. MP3 is the most widely used digital compressed audio format currently. In Amazon.com, recording devices of top 20 sales mostly support MP3 format and a portion only support MP3 format. The default recording format of most smart mobile phones is MP3. Thus, the authenticity and the integrity of MP3 receive more widespread concern. In this paper, to solve the problem of high false positive rate of the existing method using frame offset, an improved passive algorithm in locating MP3 forgeries is proposed. Observed that the misjudgment of the existing detection algorithms often appear in samples containing more silent segments. In order to eliminate the effect of silent segments on extracting offsets, this paper uses silence detection technology to set a threshold value. Meanwhile, in order to avoid instability in extracting one frame offset, this paper uses moving window to extract. The experiment result shows, the improved method can locate deletion, insertion, substitution and splicing forgeries accurately and reduce the false positive rate largely compared with the existing method.
    References | Related Articles | Metrics
    Research on Code Protection Method for Android Applications
    XU Jian, WU Shuang, SUN Qi, ZHOU Fu-cai
    2014, 14 (10):  11-17.  doi: 10.3969/j.issn.1671-1122.2014.10.003
    Abstract ( 457 )   HTML ( 0 )   PDF (6441KB) ( 204 )  
    Android is gaining its popularity in recent years and it has become one of the most common operating systems for mobile devices. However, security problems of Android system appear to be increasingly severe. Due to the fact that security mechanism of Android is not perfect and the protection methods of Android application codes are insufficient, a vast majority of Android applications are confronted with reverse engineering, software pirating and malware implantation threats. This paper analyzes the security problems of Android applications and also points out the reasons of these security problems. The code protection method for Android applications is also given in this paper. The method includes module on pc, module on Android and code development specification of Android applications. In order to make the method more maneuverability, this paper also gives the implementations of some key technologies in the method, which include the encryption protection based on AES algorithm, pseudo encryption, packer, code confusion and special coding rules etc. Integrating with some tradition code protection methods, the proposed method of Android application code protection makes uses of file encryption, code obfuscation, anti-debugging techniques, integrity checkout and packer techniques in order to enhance the abilities of counteracting the static attacks and dynamic debugging. Therefore, this method not only has a certain theoretical significance, but also has certain actual application value.
    References | Related Articles | Metrics
    Research on Signature Extraction Algorithms for Mobile Applications
    CHEN Yi-fu, LIU Ji-qiang
    2014, 14 (10):  18-23.  doi: 10.3969/j.issn.1671-1122.2014.10.004
    Abstract ( 483 )   HTML ( 2 )   PDF (6204KB) ( 136 )  
    With the popularization and development of mobile Internet, new applications continue to emerge with wide range of application. Network security and traffic management of the mobile Internet is becoming increasingly important, and its application regulation and flow control is based on mobile application identification. Deep Packet Inspection technology is one of the highest accuracy application layer identification method, which requires accurate application protocol significances, and efficiency and accuracy of generating signatures determine the merits of identification system. Therefore, efficient and accurate automated application signatures extraction has a very important significance. In this paper, the algorithm complexity and sensitivity of the current main signatures extraction algorithms are compared and analyzed; And through experimental studies, the performance simulation results of different algorithms are given respectively, provides a reference for the selection of mobile applications signatures extraction algorithms based on the payload, and has certain guidance value of research and application.
    References | Related Articles | Metrics
    Research and Analysis on 3G-WLAN Security Access Scheme
    MIAO Jun-feng, MA Chun-guang, HUANG Yu-luo, LI Xiao-guang
    2014, 14 (10):  24-30.  doi: 10.3969/j.issn.1671-1122.2014.10.005
    Abstract ( 393 )   HTML ( 0 )   PDF (6719KB) ( 143 )  
    At present, 3G and WLAN, two kinds of wireless communication technology is the most representative. But because of between the shortcomings and advantages, resulting in 3G and WLAN fusion network is being the focus of the industry and academia, but also one of the most attractive. 3G-WLAN network can make full use of their advantages, which are mutually complementary. Users can enjoy 3G network perfect roaming, authentication and accounting mechanism, also can enjoy high-speed data transmission rate in WLAN. So users not only to enjoy the service network quality, but also makes more use of cyber source. But 3G and WLAN fusion network also need to address security threats from two parties. Because of the difference of 3G and WLAN network security threats, their own safety solutions are also very different and how to solve the security threat fusion network is an urgent problem to be solved. This paper analyzed and studied the 802.11i and WAPI in the access security of authentication and key negotiation flexibility and draws their respective strengths. The 3G-WLAN fusion network EAP-AKA protocol analyze its loopholes and defects, then synthesize 802.11i and WAPI protocol security advantages, this paper proposes a new 3G-WLAN security access scheme of EAP-WPI. The new protocol uses EAP authentication framework package certification of 802.11i and ECDH key agreement algorithm of WAPI, to achieve the user terminal and the backend authentication server authentication interaction, highly secure key agreement, and the use of public key cryptography without certificates in the certification process from the deployment of the PKI burden and makes security analysis and simulation test, which show that the paper which has proposed the protocol has higher of the safety and efficiency.
    References | Related Articles | Metrics
    Introduction and Analysis of Adobe Flash Player Vulnerabilities
    MENG Zheng, ZENG Tian-ning, MA Yang-yang, WEN Wei-ping
    2014, 14 (10):  31-37.  doi: 10.3969/j.issn.1671-1122.2014.10.006
    Abstract ( 747 )   HTML ( 6 )   PDF (7117KB) ( 101 )  
    As the application of Flash file in the network is becoming more and more wide, the security problems of Adobe Flash Player have also attracted more and more attentions. Every vulnerability has a possibility to arise serious security problem. This dissertation first describes the operation mechanism of Adobe Flash Player from the two aspects of Flash client technology and Flash 3D visualization analysis, gives a research on the characters of ActionScript language, Flash rendering model, event mechanism, Flash three dimensional graphic display, Stage3D hardware speeding and Stage3D modeling. Then the format of SWF file is described, and the file heading and the label structure are introduced. Combining with the statistic information of CVE website, the article takes a classification on the vulnerabilities of Adobe Flash Player. These four types of vulnerabilities are Flash file format vulnerability, Flash service denial vulnerability, Flash cross site scripting vulnerability and Flash spoofing attack vulnerability. Then the vulnerabilities classification method and the vulnerabilities analysis technology of Adobe Flash Player are described in detail and the technical model for vulnerability analysis targeting on Adobe Flash Player is built up. At last, ten typical vulnerabilities in Adobe Flash Player are taken as the practical examples. After the processes of information collection, data flow tracking and vulnerability principle analysis, the vulnerability production mechanism is drawn out finally.
    References | Related Articles | Metrics
    Research and Implementation of Web Vulnerability Detection Technology Based on Rule Base and Web Crawler
    DU Lei, XIN Yang
    2014, 14 (10):  38-43.  doi: 10.3969/j.issn.1671-1122.2014.10.007
    Abstract ( 684 )   HTML ( 7 )   PDF (6265KB) ( 263 )  
    Web technology is the application using HTTP or HTTPS protocols to provide services. Web applications are becoming one of the main software development trends, but a variety of security vulnerabilities in Web applications are gradually exposed, such as SQL injection, XSS vulnerabilities. It brings a lot of economic loss. To solve the problem of Web site security, based on Web research for common vulnerabilities such as SQL injection and XSS, this paper presents a novel method for vulnerability detection which can detect Web vulnerabilities using Web Crawler constructing using URLs combined with vulnerability rule base. Web Crawler uses the HTTP protocol and URL links to traverse the acquisition Web page information through web links, and gradually read the rules in the rule library that configured to detect vulnerabilities link form, then initiate a GET request and a post request automatically. This process doesn’t repeats until all the rule library is read completed. And then using the Web Crawler and regular expressions to obtain Web page information, this will achieve the detection of SQL injection and XSS vulnerabilities purpose through repeating the process. This method is a means to enrich Web vulnerability detection, increasing the number of tested Web pages. At the same time, the HTTP GET and HTTP POST have done safety detection. Finally, the experiment can prove that the use of this technology on the Web site can be safety testing and detect whether the site has a SQL injection and XSS vulnerabilities.
    References | Related Articles | Metrics
    Research on Flow Identification System Based on DPI
    WU Guang-da, JIANG Chao-hui
    2014, 14 (10):  44-48.  doi: 10.3969/j.issn.1671-1122.2014.10.008
    Abstract ( 422 )   HTML ( 0 )   PDF (5281KB) ( 149 )  
    With the diversification of network applications, various kinds of network traffics are increasingly complex and diversified, and a number of serious accidents occur frequently. The non-uniform distribution of network traffics and the complexity of the internet security situation make the management and maintenance of the internet urgent, which make the monitoring of the network traffic to be an important issue. The traffic identification, a technology which can provide automatic and real-time protection for the network monitoring , becomes a necessary supplement to static security devices such as firewall and gains more and more attentions. As the main measure to traffic identification, DPI technology is more popular because of its accurateness. However, the method that only uses software to perform the system inspection is of low speed, which can not meet the requirement of throughput that the high-speed packet process needs. The method that only uses hardware identification knowledge base would occupy big memory, which the hardware memory can’t meet in general .In this paper , a method based on regular expression and the combination of hardware and software is proposed. The concept of this approach includes two aspects: one is that the hardware recognizes the common internet protocols , the other is that the software recognizes the complicated internet protocols. In addition, both of them can support the regular expression. This approach bears the advantages of the software and the hardware. Comparing with the traditional realization with software, it achieves remarkable improvement in the efficiency of recognition.
    References | Related Articles | Metrics
    Research on the Technology of Webpage Extraction Based on VIPS and Vague Dictionary
    WU Qian, LIU Jia-yong, Qing Lin-bo
    2014, 14 (10):  49-53.  doi: 10.3969/j.issn.1671-1122.2014.10.009
    Abstract ( 297 )   HTML ( 0 )   PDF (5002KB) ( 144 )  
    In the age of data explosion, the consensustowardsare very important to the society. It is necessaryto monitor and guide the towards of the consensus, in the environment of the big data, it’s a different problem that how to monitor the consensus effectively. In order to extra the title、content、author、time information of the BBS webpage.The paper introduces the method based on VIPS algorithm and intelligent fuzzy dictionary.VIPS uses the vision information such as background, font color, font size, border, margin and DOM tree to get semantic block. The intelligent fuzzy dictionary matches the semantic block to the tag name in database using AC-BM algorithm, and get the matched fields. Then the tow combinativemethod can extract the key messages .That method first uses VIPS algorithm to divide webpage in blocks, reconstructs semantic block, saves to a xml file, then matches the semantic block in xml file with the dictionary, extracts the matching content. This paper proves the validity of this method through the experiment.
    References | Related Articles | Metrics
    Research on Parameter Selection of a Code-based Public-Key Cryptosystem
    XU Quan-zuo, CAI Qing-jun
    2014, 14 (10):  54-58.  doi: 10.3969/j.issn.1671-1122.2014.10.010
    Abstract ( 378 )   HTML ( 0 )   PDF (4710KB) ( 122 )  
    TCHo is short for “Trapdoor Cipher, Hardware Oriented” . It is a code-based public-key cryptosystem which is inspired by fast correlation attack. TCHo cryptosystem can resist the attacks from quantum computers which is a post-quantum cryptosystem. An early version was proposed in 2006 by Finiasz and Vaudenay with non-polynomial (though practical) decryption time. The later version came in 2007 with more co-authors. It reached competitive (heuristic) polynomial complexity and IND-CPA security. In 2013, Alexandre and Serge introduces the TCHo cryptosystem in Advances in Network Analysis and its Applications. The security of the cryptosystem relies on the hardness of finding a multiple polynomial with low weight and on the hardness of distinguishing between the out of the LFSR with noise and some random sources, hence, the parameter selection of this cryptosystem determines the security and reliability. This paper introduces the TCHo cryptosystem in detail and analyzes the parameter selection. This paper also points out the condition of achieving the only decoding and discusses the calculation formula for measuring the reliability level of the cryptosystem. At the same time, a method of parameter selection is presented so that the cryptosystem is more reliable.
    References | Related Articles | Metrics
    Anonymous Attribute-based Encryption Supporting Attribute Matching-Test
    LIAN Ke, ZHAO Ze-mao, HE Yu-ju
    2014, 14 (10):  59-63.  doi: 10.3969/j.issn.1671-1122.2014.10.011
    Abstract ( 490 )   HTML ( 0 )   PDF (4728KB) ( 140 )  
    Attribute-based encryption (ABE) scheme takes attributes as the public key and associates the ciphertext and user’s secret key with attributes, so that it can support expressive access control policies. This dramatically reduces the cost of network bandwidth and sending node operation in fine-grained access control of data sharing. Anonymous ABE, which is a relevant notion to ABE, further hides the receivers’ attribute information in ciphertexts because many attributes are sensitive and related to the identity of eligible users. In the anonymous ABE scheme, a user repeats decryption attempts as he doesn’t know whether the attributes match the policy, the computation overhead of each decryption is high and unnecessary.This paper proposes a new anonymous attribute-based encryption scheme which supports attribute matching-test, users can run the attribute matching-test algorithm to judge whether the set of attributes meet the ciphertext access policy without decrypting ciphertext.In this construction, the computation cost of such a test is much less than one decryption attempt.The proposed construction is proven to be secure on decisional bilinear Diffie-Hellman assumption.In addition,the result indicates that the proposed construction can significantly improve the efficiency of decryption.
    References | Related Articles | Metrics
    The Design and Implementation of Firewall Policy Audit Plan Based on Improved Strategy Tree
    LU Yun-long, LUO Shou-shan, GUO Yu-peng
    2014, 14 (10):  64-69.  doi: 10.3969/j.issn.1671-1122.2014.10.012
    Abstract ( 438 )   HTML ( 3 )   PDF (6305KB) ( 190 )  
    The firewall plays an indispensable role in today's network; the configuration of the firewall rules is directly related to the security of the network environment. As the network scale increases, the firewall configuration becomes more complex, in order to improve the protective performance of firewall, the firewall policy audit needs to be applied. At first, this paper researches on the relationship between the firewall rules in detail, summarizes and analyzes some common exception types of rules, and the strategies of the existing audit plan are reviewed. Secondly, this paper discusses the whole working process of the firewall policy audit system, hierarchically analyzes the overall design of the system architecture. Then the configuration rules audit module of the firewall policy audit system is discussed emphatically. Again, this paper discusses the traditional strategy decision tree audit plan, expounds the realization process of the scheme, analyzes and points out the merit and the deficiency of the scheme. Then we put forward an improved audit plan based on the tree structure strategy, discuss the audit process of the scheme in detail and implement the audit plan. Finally we give the graphical reports and detailed audit results of the system, after which we analyze the two by comparing the improved audit plan to the traditional strategy tree.
    References | Related Articles | Metrics
    Research and Design of Security Audit Log System Based on Web Application
    DUAN Juan, XIN Yang, MA Yu-wei
    2014, 14 (10):  70-76.  doi: 10.3969/j.issn.1671-1122.2014.10.013
    Abstract ( 732 )   HTML ( 17 )   PDF (7350KB) ( 244 )  
    In recent years, with the Web applications technology continuing to progress and develop, there are more and more demands development about Web application services, and then the attendant Web application security attacks are also on the rise. The technical means for cyber attacks are endless at present, but they are generally pre-detection and deal with things in the progress, the corresponding post-detection for less maintenance. In the network center, there are a large number of the server’s equipments, Web log files as part of the server detail a variety of events happening every day of equipment system, such as client access to the server request records, hacker intrusion on the site records, and so on. Therefore, in order to effectively manage the maintenance of equipment and timely reduction in the risk of attacks, analyze audit log for later inspection and maintenance of safety equipment is necessary. Based on this, mainly research and design of security audit log system based on Web application, log audit system consists of three subsystems: the subsystem of log acquisition, the subsystem of analysis engine and the subsystem log alarm. The subsystem of log acquisition uses multi-protocol analysis to collect log, and to process the corresponding log normalization and de-emphasis. The subsystem of analysis engine uses the rule base and mathematical statistics method to extract the log feature and set the appropriate statistic parameters, and then to do the comparative analysis. The subsystem log alarm is the main configuration tasks appropriate policy and issued for the audit results show interface, or generate reports and send messages to users.
    References | Related Articles | Metrics
    Research on Remote Trust Authentication in the Virtual Computing Platform
    ZHENG Zhi-rong, LIU Yi
    2014, 14 (10):  77-80.  doi: 10.3969/j.issn.1671-1122.2014.10.014
    Abstract ( 376 )   HTML ( 0 )   PDF (3990KB) ( 130 )  
    In the traditional computing platform, the trust chain is constructed in the way of trusted platform module, trusted BIOS, OS Loader, OS kernel. In the virtual computing platform, the trust chain is constructed in the way of trusted platform module, trusted BIOS, virtual machine monitor, manage virtual machine, user virtual machine OS Loader, user virtual machine OS kernel. The security requirement of the remote trust authentication in the virtual computing platform is analyzed. The authentication way of the virtual computing platform and the virtual machine management is put forward in order to prevent malicious virtual machine management to modify the virtual machine’s integrity proven. In the process of virtual machine authentication, remote challenger authenticate virtual machine or virtual platform. The combination of the physical PCRs and virtual PCRs way is put forward to prevent middleman attack.
    References | Related Articles | Metrics
    A Study of Invulnerability of Small World Network and the Correlation of Betweenness-Degree
    GUO Zheng, GUO Xin-ling, SONG Chuan-wang, NIE Ting-yuan
    2014, 14 (10):  81-85.  doi: 10.3969/j.issn.1671-1122.2014.10.015
    Abstract ( 442 )   HTML ( 2 )   PDF (4948KB) ( 130 )  
    In daily life, complex networks mainly undergo two types of damages: random failure and selective attack. The structural features of various network models make the capability of complex networks that resist attacks very different. Considering the invulnerability parameters and structural properties of complex networks, we have a comprehensive evaluation on of a small-world network by measuring node average degree, max degree, average betweenness centrality and max betweenness centrality under various attacks. With the removing of nodes, we estimate the invulnerability of the network by analyzing the relationship of node degree and betweenness centrality. The experimental results show that small-world network is more vulnerable under RD, while has strong robustness under other attack strategies. The experimental results show that the relationship between node degree and betweenness centrality of a small-world network is linear in some range, while it is irregular in most regions. The strong robustness of WS small-world networks has an important influence on building real networks. According to the structural features of small-world networks, we should not put the function of networks on a few Hub nodes. To improve more efficient strategies, we will make a further research.
    References | Related Articles | Metrics
    Design of the Classified Document Reader Based on Face Authentication
    ZHANG Li-chao, ZHU Kun-song, YANG Yu-hang, XU Ji-jun
    2014, 14 (10):  86-91.  doi: 10.3969/j.issn.1671-1122.2014.10.016
    Abstract ( 408 )   HTML ( 1 )   PDF (6374KB) ( 92 )  
    With the continuous development of information society, electronic documents become a trend. Electronic documents bring a lot of security risks at the time of providing convenience to us. Security threats faced by classified electronic documents have unauthorized access, difficult to control the scope of people who know the secret, difficult to tracking the one who leaking secrets, etc., while the current solution on classified electronic documents only meet the security requirements of identity authentication, access control, etc., failed to achieve the real-time authentication of the user and effective control of classified document. Aiming at the security risk of classified electronic document and users’ need, after the research on the face authentication, unidirectional transmission and eye tracking technology, a classified document reader based on face authentication is designed. Through face authentication technology using OpenCV used to real-time authenticate the identity and permission of the user, can effectively prevent unauthorized access, peeping behavior, to achieve a reliable access control. The special interface provides a safe treatment on USB removable storage data and the classified document can be only unidirectional transmitted to readers via the special interface, thus solving potential safety hazard caused by the loss of reader or copy effectively. Classified document reader provides a safe and portable reading platform for users at the same time improved data security and reliability. This system use technical means to make up for the loopholes in regulation to achieve the balance between security and practicability of classified electronic document management.
    References | Related Articles | Metrics