Loading...
Netinfo Security

Table of Content

    10 December 2015, Volume 15 Issue 12 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    A Dynamic Cloud Data Audit Scheme Based on Update Tree
    ZHAO Yang, REN Huaqiang, XIONG Hu, CHEN Yang
    2015, 15 (12):  1-7.  doi: 10.3969/j.issn.1671-1122.2015.12.001
    Abstract ( 442 )   HTML ( 0 )   PDF (1787KB) ( 100 )  
    The cloud server is partially trusted. In order to ensure the completeness and correctness of the cloud data, users need to periodically audit the cloud data. At the same time the cloud server should also support user to update the cloud data dynamic. The provable dynamic cloud data possession scheme via update tree came up with a new update tree structure which is used to realize dynamic data integrity audit plan. The update trees exist a version number of data blocks, the range of serial number, the offset, the setting of range makes the trees don’t have to use a node to store the attribute of a single block of data. The continuous serial number with same version and offset can be stored in a node to the update tree, and it greatly reduces the storage space and access time. In the dynamic audit process, the system can be according to the serial number and offset to determine the data block number in signature for validation. At the same time when the user updates the data blocks for a range, it only needs to update the tree node which the range in it. When the update tree is not balance, it can be adjusted according to the principle of balanced binary tree. The update tree node stores attributes for a range of data blocks, and this characteristic makes the size of the tree affected by the times of dynamic operations not by the file size, and thus the performance of the audit will not step down when the file size become large. By the security and performance analysis which in the end of this article, we can be seen that this scheme is an efficient security provable dynamic cloud data possession scheme.
    References | Related Articles | Metrics
    A Security Research on Smart Phone Access Control System Based on QR Code Hybrid Encryption Technology
    WANG Jingzhong, WANG Jingfeng, WANG Baocheng, Qi Jiamin
    2015, 15 (12):  8-13.  doi: 10.3969/j.issn.1671-1122.2015.12.002
    Abstract ( 412 )   HTML ( 1 )   PDF (2048KB) ( 146 )  
    The access control system that is used frequently at present is difficult to manage and is easy to be copied. To solve these problems, this paper proposes a smart phone access control system scheme based on QR code hybrid encryption technology, which has better security, and is more convenient to use and manage. The scheme has the following characteristics: 1) The scheme uses QR code of the registered user as the identification, and uses unique sequence number of mobile phone and regularly converted key as the source of QR code. 2) The user registration process is implemented in form of encryption. One-time code based on user event driven and hybrid encryption technologies ensure the timeliness and security of the QR code. 3) QR code generated on mobile phone is scanned by camera, and the door is opened after verifying the user identity. 4) The scheme conects the visitor with the owner. Owners autonomously manage visitors in and out, which reduces the difficulty of management at the same time to ensure the security.
    References | Related Articles | Metrics
    Research on User Behavior Trust Model Based on IFAHP in Cloud Computing Environment
    XIAO Chuanqi, CHEN Mingzhi
    2015, 15 (12):  14-20.  doi: 10.3969/j.issn.1671-1122.2015.12.003
    Abstract ( 514 )   HTML ( 2 )   PDF (2546KB) ( 117 )  
    In cloud computing environment, user behavior will cause security problems. Considering the randomness and fuzziness of these security problems, the paper proposes a model for evaluating the reliability of the user in the use of cloud services by using the intuitionistic fuzzy analytic hierarchy process (IFAHP). In this model, the user behavior is decomposed into several factors according to the hierarchical decomposition. By comparing the degree of priority, the degree of non priority and the degree of uncertainty among factors, the initial judgment matrix given by the expert or decision maker is amended. Thus, a more reasonable judgment matrix is obtained, which reduces the subjective influence of the cloud service provider and decision maker on analysis. The weight of each factor is gradually determined, and the objectivity and quantitative characteristic of the factor are improved. The user behavior trust value is obtained by the model calculation and different authority is given to user according to different trust level, which reduces the impact of the user on cloud environment security. Experimental results show that the model can effectively detect the malicious users in the cloud environment, and improve the security of the cloud environment.
    References | Related Articles | Metrics
    Multi-level Security Model Based on Noninterference Theory in Cloud
    ZHOU Na, LIN Guoyuan, LI Zhengkui
    2015, 15 (12):  21-27.  doi: 10.3969/j.issn.1671-1122.2015.12.004
    Abstract ( 411 )   HTML ( 0 )   PDF (2176KB) ( 186 )  
    For the problem of the integrity of information in cloud computing, this paper proposed a multi-level security model for a cloud-based platform. The system is divided into three layers by this model and takes the process of virtual machine as a basic layer. The virtual machines run on the same virtual machine monitor are middle layer. Finally, the virtual machine monitor is the top layer. Through comparing the safety in the bottom-up order, the access control method DIFC-B (Decentralized Information Control Flow Based on Biba and BLP)based on the information flow control method of a distributed computing environment DIFC (Decentralized Information Flow Control) is proposed, which is raised for the security model. The method divides virtual machines and the processes in virtual machines into different security levels. Then according to the properties of Biba model and BLP model to verify the process between the access and to ensure the integrity and confidentiality of information when the system is running. Finally, the multi-level security model based on cloud platform is analyzed with noninterference theory, which can show the usefulness of the model.
    References | Related Articles | Metrics
    Research on Security of Hybrid Cloud Based on Trusted Computing Technology
    WU Jikang, YU Xuhong, WANG Hong
    2015, 15 (12):  28-33.  doi: 10.3969/j.issn.1671-1122.2015.12.005
    Abstract ( 459 )   HTML ( 0 )   PDF (2690KB) ( 95 )  
    In this paper, author analyzes the security problems of the hybrid cloud. Because of the openness of the hybrid cloud, cloud server management and external attackers can directly or indirectly get the user data, especially the user sensitive data, which causes the user's privacy data leakage and abuse. This paper gives a concrete operation steps: the identification of various applications and issues of the hybrid cloud, and then uses the full encryption algorithm to verify the server data and ensure the correct data hold; the authentication platform management user identity, users across the cloud without multiple authentication. Then the performance of the scheme is analyzed, which shows that the scheme is suitable for the general enterprises with little change. Finally, author analyzes the feasibility, data security, data availability, user privacy and security, efficiency and other indicators of the existing research programs are compared, which shows that the hybrid cloud security storage system has better advantages.
    References | Related Articles | Metrics
    Research and Implementation on Process Access Control Based on SELinux Mandatory Access Control
    ZHANG Tao, ZHANG Yong, NING Ge, CHEN Zhong
    2015, 15 (12):  34-41.  doi: 10.3969/j.issn.1671-1122.2015.12.006
    Abstract ( 336 )   HTML ( 0 )   PDF (2311KB) ( 251 )  
    In face of the problem that the vulnerabilities of the common service or process in the Linux system are used to cause the system control to be easily lost, the paper proposes a process access control based on SELinux mandatory access control (PBACS), which can do fine-grained access control for files, processes and services, and can effectively mitigate security threats that caused by the vulnerabilities of system services, thus makes the server system more secure. The paper gives functional test and performance test on PBACS. Test result shows that PBACS meets design requirements, and can provide lower access control granularity in system process level. PBACS can be widely applied to reinforce Linux server system.
    References | Related Articles | Metrics
    Quantitative Analysis and Create Policy of Password Based on Real Dataset
    WANG Xiuli
    2015, 15 (12):  42-47.  doi: 10.3969/j.issn.1671-1122.2015.12.007
    Abstract ( 455 )   HTML ( 0 )   PDF (2270KB) ( 110 )  
    For the serials of massive password leaks, an attacker can obtain user password more and more easily. Using the real password which reflecting user behavior tendency, an attacker can greatly improve their attack efficiency. Password creation policy which was used for restrict user behavior is an important means to improve user password security. It enable password set by the user tending to be uniform in the overall spatial distribution in order to improve resistance to guess and attack the user's password. Based on a large-scale data set, this paper makes a quantitative analysis on domestic user password security and memorability, thus puts forward to create the rules that according to the behavior of the user setting password and password history which dynamically constraints the user's behavior. The password should comprise at least seven numbers if using a digital password. The number of password characters is not six or eight if using uppercase and lowercase combination. The length of uppercase and special character combination should be nine. The password is good in both high safety and high memorability if respectively using lowercase, uppercase and lowercase combination, and uppercase and special character combination. The threshold of password memorability and safety is 14.21 and 19.17 respectively. The password should conduct dictionary check. The experimental results show that, under the constraint of the password creation rules, user password has the advantages of high safety and high memorability.
    References | Related Articles | Metrics
    Research on Multi-factor Authentication Mode for Online Security Payment
    GE Quanyue, CHE Lijun
    2015, 15 (12):  48-53.  doi: 10.3969/j.issn.1671-1122.2015.12.008
    Abstract ( 452 )   HTML ( 3 )   PDF (1714KB) ( 120 )  
    The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, and there is a need of multi-factor authentication. With online payment system development acknowledged, this paper proposes the countermeasures of highlighting online payment security at current situation and points out a new protocol based on multi-factor authentication system that is both secure and highly usable. It uses a novel approach based on transaction identification code and fingerprint to enforce another security level with the traditional login password system. This protocol for online payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2C communication. The realization method of authentication mode is given followed by an analysis which verifies that this mode can enhance the security of the online payment.
    References | Related Articles | Metrics
    Research on WSN Identity Authentication Protocol Based on HECC
    QIU Gege, WANG Xueming, ZHANG Yansheng
    2015, 15 (12):  54-58.  doi: 10.3969/j.issn.1671-1122.2015.12.009
    Abstract ( 486 )   HTML ( 0 )   PDF (1452KB) ( 179 )  
    For the safety and efficiency of identity authentication protocol in Wireless Sensor Network (WSN) , this paper proposes a WSN identity authentication protocol based on HECC. The new WSN identity authentication protocol includes the initialization phase and authentication phase, and in the authentication phase a sign of hyperelliptic curve method is used to implement two-way identity authentication and information exchange between the nodes. Through the proof of the correctness and security of the protocol, the protocol is confidentiality, shall not forge, non-repudiation, forward security and public verifiability. Finally the implementation efficiency of the protocol is analyzed and compared, and the results show that the protocol is suitable for the identity authentication in WSN which the resources are limited.
    References | Related Articles | Metrics
    Research on Smart Grid Privacy Protocol Based on Distributed Data Aggregation
    SHI Shasha, SUN Wenhong, JIANG Mingjian, QU Haipeng
    2015, 15 (12):  59-65.  doi: 10.3969/j.issn.1671-1122.2015.12.010
    Abstract ( 406 )   HTML ( 1 )   PDF (2578KB) ( 126 )  
    Smart grid can make use of users’ real-time electricity consumption information monitor and forecast the operation conditions effectively, and has been one of the hotspots of grid technologies. However, the analysis and processing of their real-time electricity consumption information can result in users’ privacy leaking. In order to solve the problem of user data privacy protection, this paper proposes a new distributed data aggregation model based on previous studies. The distributed data aggregation model can achieve the purpose of data discretization and increase the difficulty of analyzing users’ behavior information without increasing other aggregators. Based on the idea of distributed data aggregation, this paper puts forwards a new privacy data aggregation protocol and employs the encryption technique, combining the homomorphic encryption and digital signature, to guarantee the confidentiality and integrality of users’ data. The authors have analyzed the security and effectiveness of the protocol in this paper. The result demonstrates that the scheme can achieve the goal of data privacy protection effectively and improve the integrity and confidentiality of data transmission in the smart grid.
    References | Related Articles | Metrics
    Research and Design of Crime Hotspots Analytic Toolkit Based on GIS Component
    WANG Xinmeng, Li Jun
    2015, 15 (12):  66-71.  doi: 10.3969/j.issn.1671-1122.2015.12.011
    Abstract ( 316 )   HTML ( 1 )   PDF (1984KB) ( 85 )  
    Though China’s policing intelligence started relatively late, it acquired dramatically developing under the national’s support and Unified deployment of Public Security Department. Both the department of police information setting and professional officer training prompted to advanced evolution as well as intelligence mechanism and technique support. In the context of Intelligence-led Policing, China’s policing intelligence should develop more professional software for practical officer .The paper set forth an concept of crime hotspots analytic toolkit based analysis of practical demand and application environment. The GIS component of crime hotspots analytic toolkit also applied armature theory of sociology, geography and criminology into the design of the software, and considers Microsoft Visual Studio 2010 as main develop tool as well as Super Map SDX+ being data search engine. With advanced development in future, it could be applied to improve the precise of crime prevention for practical police station and to enhance basic-level police station’s police intelligence.
    References | Related Articles | Metrics
    Research of Information Aviso Mechanism for Network and Information Security of Transportation Industry
    ZHOU Yanfang, LI Weiwei, YANG Shuxian
    2015, 15 (12):  72-77.  doi: 10.3969/j.issn.1671-1122.2015.12.012
    Abstract ( 391 )   HTML ( 0 )   PDF (1731KB) ( 275 )  
    The information aviso mechanism has important significanceto improve the network security and emergency management, which strongly depends on the relevant departments coordination, multi resource integrate,plays an important role in cross sect oral, multi-level information exchange and sharing,, to achieve comprehensive prevention and control of the important carrier. This paper put forward key issues to formatting information aviso mechanism for network and information security of transportation industry.analysis has been conductedon requirement and the important position of construct information aviso mechanism for transportation industry information security in this paper, by using the system engendering method, the information avisoorganizationestablishment has been bring out,and studies on thespecifications such as the application scope of information, information avisocontent and form for network and information security has beenproposed.
    References | Related Articles | Metrics