Netinfo Security

A Revocable Authorization Provable Data Possession Scheme in Clouds

Yang ZHAO, Yang CHEN, Hu XIONG, Hua-qiang REN

2015, 15 (8): 1-7. doi: 10.3969/j.issn.1671-1122.2015.08.001

Abstract ( 505 )

HTML ( 13 )

PDF (2071KB) ( 32908 )

There are two main provable data possession schemes: public verification and verification, but it is very difficult when users want to specify a third party to verify the data. In this regard, we propose a revocable authorization provable data possession scheme in clouds. The scheme allows users to authorize a third party audit to help them perform remote data integrity verification. This can protect users’ privacy. In addition, users can revoke the third party audit’s authorization when they need and authorize a new third party. In our scheme only the third party it has the authorization can complete the verification process and give back the result to users. Furthermore, users can choose to keep the authorized evidence secret, authorize to a third party or public to achieve private verification, authorized verification or public verification. The scheme is designed base on bilinear pairing and identity-based encryption (IDE) technology. And it achieves authorization verification or revocation by embedding authorized evidence to integrity verification. Then we analyze the security and performance of the scheme to prove the scheme is safety and efficiency at last of the paper.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation on Anonymous Broadcast Encryption Scheme under the Mixing Mechanism

Jian-hong ZHANG, Qiao-cui DONG

2015, 15 (8): 8-13. doi: 10.3969/j.issn.1671-1122.2015.08.002

Abstract ( 451 )

HTML ( 0 )

PDF (1781KB) ( 261 )

With the development of science and technology, communication modes of one point to points and points to points are widely used in our daily life. But only authorized users in these communication modes are allowed to get the communication contents, thus the broadcast encryption occurs. According to the difference of cryptosystems, broadcast encryption can be divided into Identity-based cryptography and public key infrastructure encryption. According to the state of the receiver (whether need to update key according to the user,s changes), broadcast encryption can be divided into state (static) broadcast encryption and stateless (dynamic) broadcast encryption. Firstly, this paper proposes an anonymous broadcast encryption scheme under the mixing mechanism which combines the identity-based cryptography with the public key infrastructure encryption, ensuring the safety of the scheme. The scheme also has the characteristic of anonymity. That is, anyone can not obtain the receiver's information at will. Then, the paper analyzes the superiorities of the scheme. Finally, the paper introduces the jpbc (Java pairing based cryptography) wrappers by using the language of Java, and realizes this scheme in the platform of eclipse.

Figures and Tables | References | Related Articles | Metrics

Power Analysis Attack against SM4 in Frequency Domain

Min WANG, Jin-tao RAO, Zhen WU, Zhi-bo DU

2015, 15 (8): 14-19. doi: 10.3969/j.issn.1671-1122.2015.08.003

Abstract ( 1057 )

HTML ( 33 )

PDF (1755KB) ( 124307 )

SM4 algorithm is the first open promulgated Chinese commercial block cipher algorithm. Since the algorithm is promulgated, some study on cryptanalysis of SM4 algorithm including side channel attack(SCA) by domestic and foreign scholars have been done. Recent literature study on SCA aremanily focus on power attack in time domain to compromise the secret password. But pure signal analysis in time domain has limitation. For instance, the alignment quality of power signal in time domain is the key factor to in fluence power analysis attack. In order to eliminate the effect of the signal alignment on the power analysis attack, the method of the power analysis attack against in frequency domain is proposed. The power analysis attack in frequency domain is not only feasible, but also can elimi nate the effect of the signal alignment. Finally, the method in this paper is successfully im plemented on the SM4 cryptographic in FPGA, in the case of no alignment operation in the frequency domain. The experimental results show that the proposed attack method is effec tive.

Figures and Tables | References | Related Articles | Metrics

Research on Internet of Things Security Based on Support Vector Machines with Balanced Binary Decision Tree

Xiao-hui ZHANG, Bo-gang LIN

2015, 15 (8): 20-25. doi: 10.3969/j.issn.1671-1122.2015.08.004

Abstract ( 512 )

HTML ( 4 )

PDF (1803KB) ( 472 )

The Internet of Things (IoT) is another information industry revolution after the computer, the Internet and the mobile communications. At present, IoT has been officially listed as one of the national strategic emerging industries, and its application range covers almost all areas. Secure problems such as network intrusion in the IoT art prominent increasingly. In the big data context, this paper proposes an intrusion detection model that is suitable for IoT which divides the intrusion detection procedure into three parts, which are data preprocessing, features extraction and data classification. Data normalization and data redundancy reduction are solved in the data preprocessing. The main goal of features extraction is to reduce the dimension and thus to reduce the time of data classification. Support vector machine with balanced binary decision tree algorithm that is named BDT-SVM is introduced in the data classification for training and testing the network intrusion data. Experimental results show that it can improve the accuracy of intrusion detection system by using the BDT-SVM algorithm and reduce the detection time with features extraction in the premise of ensuring accuracy.

Figures and Tables | References | Related Articles | Metrics

An Anti-tampering Tag Authentication Method Based on RFID and Digital Watermarking

Xiao WU, Cheng CHANG, Wen-jie TAN, Jiu-jun CHENG

2015, 15 (8): 26-34. doi: 10.3969/j.issn.1671-1122.2015.08.005

Abstract ( 394 )

HTML ( 1 )

PDF (2022KB) ( 258 )

A new anti-tampering tag authentication method was proposed in this paper. By combining the distributed watermarking embedded RFID tag technology and the tamper-proof technology, storing data with watermark in multiple tags in order, a multi-layered watermarking authentication structure was constructed to ensure the integrity of electronic tags. Besides, the one-time pad encryption scheme based on a random numbers table was adopted to encrypt the keys, protecting the data in channels. The method realizes its goals namely preventing the data from being tampered and avoiding data being leaked. To test the method, a prototype system implementing the method was built, and ideal results were obtained. The method can be applied to many realistic scenes such as commodity warehousing and commodity certificate security, not only ensuring data security but also reducing costs for avoiding the usage of advanced intelligent electronic tags, and can be applied to many other fields.

Figures and Tables | References | Related Articles | Metrics

Massive Data Encryption Storage Strategy Based on Multi-core Cluster

Yan-na WU, Ze-mao ZHAO, Jing-fang HU, Bin LIANG

2015, 15 (8): 35-40. doi: 10.3969/j.issn.1671-1122.2015.08.006

Abstract ( 398 )

HTML ( 1 )

PDF (1735KB) ( 171 )

With the rapid development of the Internet and the cloud computing technology, the security problem of massive user privacies and data has caused more and more attentions, and encryption is the first choice to protect the data. In order to achieve the secure storage of massive data rapidly and effectively, on the basis of the research on the application of multi-core processor cluster in the massive data encryption storage, this paper proposes a scheme of dealing with massive data by using OpenMP&MPI hybrid technology on the multi-core Linux cluster, providing the parallel strategy for the multi-core cluster inside the node or between the nodes of the cluster, which realizes the hierarchical structured parallel processing of the massive data. This paper uses the parallel virtual file system PVFS2 as multi-core cluster file system and makes use of the characteristic of the parallel I/O to actually solve the problem of parallel storage of the massive data in the cluster system. This paper proposes a model of massive data encryption storage system based on multi-core cluster. The experimental results show that the model not only can achieve the storage of massive data effectively, but also can protect massive data to some extent.

Figures and Tables | References | Related Articles | Metrics

Improved LEACH Algorithm Based on Dynamic Key Management

Wei LIU, Qing YE, Cheng WANG

2015, 15 (8): 41-46. doi: 10.3969/j.issn.1671-1122.2015.08.007

Abstract ( 486 )

HTML ( 0 )

PDF (2157KB) ( 302 )

Wireless sensor networks (WSN) emerged in recent years targeting on information acquisition and processing. For the reason that it is simple and low cost, the technology is widely used in all aspects. Routing algorithm is an important method of information transmission path. An efficient, safe routing algorithm plays a vital role in energy constrained wireless sensor network. In this paper, the writer paid attention to a typical routing algorithm LEACH (low energy adaptive clustering hierarchy), and on the basis of the agreement, an efficient improved LEACH was proposed to solve the problem of energy and security. Firstly, the method improved the election algorithm to optimize the mode data transmission with a base station; secondly, the paper introduced a dynamic key management mechanism in the data transmission process using the chain key calculated by Hash function to improve the safety and reduce the excessive number of interactions because key negotiation communication between nodes; finally, we simulated the algorithm proposed in this paper and got the advantages in terms of efficiency and safety through comparing with LEACH algorithm.

Figures and Tables | References | Related Articles | Metrics

An Improved Method for Enhancing the Security of WAPI

Xue HU, Hua-min FENG, Ying-ya CHEN, Yang-yang WU

2015, 15 (8): 47-52. doi: 10.3969/j.issn.1671-1122.2015.08.008

Abstract ( 536 )

HTML ( 3 )

PDF (1605KB) ( 386 )

WAPI is an authentication and encryption security protocol of GB 15629.11, the Chinese WLAN standard. This paper introduces the background and working principle of WAPI standard, analyzes the WAPI security defects in the process of identity authentication and key agreement, and improves the defects above. In the process of identity authentication, the new protocol not only authenticate the legitimacy of user certificate, but also authenticate the user has the corresponding private key; in the process of key agreement, the new protocol apply key exchange protocol——MTI to the key exchange process, and improve the safety of key exchange. This paper lists the key process of the improved WAI identity authentication interaction, and gives the security analysis. On the basis of the improved WAPI, we put forward a mobile terminal solution taking advantage of the independent security medium (mobile phone using SD-Key as security medium, PAD using the USB-Key as security medium). Compared with the national standard, modified WAPI has been greatly improved in terms of safety. In the standardization of WAPI products, the enhanced mobile terminal solutions proposed in this paper has great reference significance to improving the WAPI standard security.

Figures and Tables | References | Related Articles | Metrics

Research on Query Privacy Anonymity Algorithm Based on Grid Clustering

Fu-xia ZHANG, Chao-hui JIANG

2015, 15 (8): 53-58. doi: 10.3969/j.issn.1671-1122.2015.08.009

Abstract ( 389 )

HTML ( 0 )

PDF (1591KB) ( 263 )

Currently, the each iteration of most location anonymous clustering algorithms is required to traverse all users’ locations to find the nearest user from the centroid of the anonymous box, which consumes a lot of time and does not provide better protection to query privacies that contain more sensitive information. To solve these problems, this paper proposes a query privacy anonymity algorithm based on grid clustering (QPAGC). The algorithm regards grid as the processing unit and all users’ positions can be located to a grid, which does not traverse the specific location of each user. The algorithm calculates the centroid of anonymous box and centroids of all the neighborhood grids, the neighborhood grid which its centroid is nearest from the centroid of anonymous box is added to anonymous box until the quality of anonymous box satisfies the requirement of k-anonymity constraint. Anonymous box satisfies p-sensitive constraint by adding fake users and fake requests to protect user’s query privacy. Contrast experiment shows that query privacy anonymity algorithm based on grid clustering has a higher success rate of anonymity and a smaller anonymous area, increases relative anonymity and the quality of the user’s query service by meeting the requirements of individual user, so the method balances the contradiction between the safety factor of k and QoS.

Figures and Tables | References | Related Articles | Metrics

Discussion on Constructing Secure and Reliable IPv6 Customer Premise Network

Zhi-hu JIN, Yu-xi GAN, Yi JIN, Long-bin HU

2015, 15 (8): 59-66. doi: 10.3969/j.issn.1671-1122.2015.08.010

Abstract ( 426 )

HTML ( 1 )

PDF (2713KB) ( 273 )

There is the danger of IPv4 addresses exhaustion in China, but IPv6 customer premise network (CPN) is not constructed widely, and the applications based on IPv6 network are very few moreover. Although there are international influences, but the main factors are the lack of IPv6 demonstration applications with commercial value and the encouragement policies which push on the IPv6 CPN deployment. The further close cooperation and integration between the equipment manufacturers and carrier operators that provide IPv6 professional services and the industry that needs IPv6 applications are also absent. This paper briefly introduces the construction of safe, reliable and cost-effective IPv6 network, and gives some suggestions on accelerating IPv6 network deployment and developing IPv6 demonstration applications by comparing Japanese IPv6 network construction and IPv6 network applications on information network security. This paper can give some references on accelerating the construction of IPv6 network and enhancing network security, especially the IPv6 customer premise network.

Figures and Tables | References | Related Articles | Metrics

Research on Information System Controllability Evaluation

Jun-feng GAO, Yu-hua CUI, Sen-lin LUO, Long-long JIAO

2015, 15 (8): 67-75. doi: 10.3969/j.issn.1671-1122.2015.08.011

Abstract ( 466 )

HTML ( 7 )

PDF (2496KB) ( 249 )

Information system controllability is an important indicator of the information system stakeholders evaluates the degree of control. As the accelerating pace of national information technology, research on information system controllability not only helps to achieve localization and autonomous of information systems, information systems for national security are also of great significance. In this paper, build a life cycle model of information system controllability. The model were from both static and dynamic, combined the ability of system’s defense, discovery, emergency and confrontation of these four controllable system evaluation. Then separately from the hardware, software, management and other types of analysis of the basic elements affecting the system controllability and made 51 evaluation indexes system controllability. Studies have shown that the system controllability throughout the system life cycle is to promote a continuous process of dynamic feedback, according to the results of the evaluation of each phase to optimize the system to adjust, help to achieve complete self-control information systems. At the same time, the establishment of the system controllability evaluation system not only provides technical indicators and reference information system controllability evaluation, but also to promote the national information security system construction and sustainable development.

Figures and Tables | References | Related Articles | Metrics

Research of Insider Threats and Countermeasures under Cloud Service

Ying-rui HE, Jing-ya WANG

2015, 15 (8): 76-81. doi: 10.3969/j.issn.1671-1122.2015.08.012

Abstract ( 348 )

HTML ( 2 )

PDF (1759KB) ( 244 )

With the development of cloud service, cloud security is increasingly drawing people’s attention. At this stage, the value of data is more important, and under cloud service, on the one hand mass data storage in the cloud, on the other hand the user for data integrity, confidentiality, availability have higher requirements. This puts forward higher security requirements for cloud service providers.In order to guarantee the data security of customers, cloud service providers not only need to face to the external threats, but also confront with the internal threat which has a destructive and influential effects as well as the external. The external threat has caused wide concern today, the internal threat to the neglect, so that the internal threat to become one of the main attack mode, and have the huge damage. CERT Insider Threat Center has conducted a survey of cloud service providers, to understanding of the management and technical controls of internal threats, found in the cloud services model, many of cloud service providers did not this problem be fully recognized. And in the cloud service mode, the previous security policy will not be resolved under the new situation, the new framework of internal threats.This paper describes the internal threat under cloud services, and proposes control model and control process against insider threats. Insider threat assessment, administrative controls, technical controls, monitoring, and response areintroduced in detail, in order to help resolve internal threats under cloud service.

Figures and Tables | References | Related Articles | Metrics

Table of Content