Netinfo Security

A Scheme of Public Encryption Keyword Search with Indistinguishable Trapdoor

Yang ZHAO, Wenyi BAO, Hu XIONG, Zhiguang QIN

2016, 16 (1): 1-5. doi: 10.3969/j.issn.1671-1122.2016.01.001

Abstract ( 412 )

HTML ( 2 )

PDF (1657KB) ( 152 )

The traditional PEKS enables users to search data by using keyword in the condition of encryption. But this scheme needs the security channel and its trapdoor was proved to be unsafe. It greatly reduces the effectiveness of the system. In this paper, we propose a scheme to achieve three targets. First, we use the server’s public key to encrypt the keywords and data, outside attackers have no server’s private key, he will not obtain any information of the keyword cipher texts, and we can use public channel to transport PEKS. Secondly, we put forward an indistinguishable trapdoor scheme; outside attackers can’t use the keyword guessing attack against the trapdoor. Third, our scheme not only supports accurate keyword search encryption, it also supports the search when the keywords which are input have any spelling mistake or format inconsistent situations and has greatly improved the availability of the system. We will prove that our scheme is safe and meet the character of the private protection.

Figures and Tables | References | Related Articles | Metrics

A Network Intrusion Detection Method Based on Partial Least Squares

Shanxiong CHEN, Maoling PENG, Xihua PENG

2016, 16 (1): 6-10. doi: 10.3969/j.issn.1671-1122.2016.01.002

Abstract ( 403 )

HTML ( 6 )

PDF (1768KB) ( 144 )

Due to widely network applications, the role of network security is becoming more and more important in computer networks. The analysis and discrimination of network data stream and intrusion behaviors is an important direction of network security research. When anomelous behavior coming from outside is detected in network, intrusion data can be treat as nonlinear disturbance which is overlay normal network data flow. Strength of disturbance is influenced by the stream of intrusion data. Therefore, we can use non-linear theory and model to construct non-linear pattern for the network data stream. Then abnormal behavior could be discovered based on parameter fitting method. In response to network intrusion detection, this paper introduces a nonlinear regression method - partial least squares to predict the network behaviors. At the same time, in the calculation of partial least squares residuals, the paper adopts the Kullback Leibler-divergence as an iterative calculation standard so as to improve the detection speed and accuracy.

Figures and Tables | References | Related Articles | Metrics

Threat Analysis and Detection Techniques of Hardware Trojans

Yu ZHOU, Zongguang YU

2016, 16 (1): 11-17. doi: 10.3969/j.issn.1671-1122.2016.01.003

Abstract ( 496 )

HTML ( 2 )

PDF (7224KB) ( 129 )

Software virus has been considered as the only security threat of a computer system, while the IC (integrated circuit) used in a computer system is considered trusted and secure until the emergency of hardware Trojan. The hardware Trojan is formed by malicious modification during designing and manufacturing, which changes the function and performance of ICs. Different hardware Trojans cause different impact on ICs, like changing the function, leaking internal information or assisting software virus attack. As the design complexity and cost of IC designing and manufacturing continue growing, IC industry relies on the global cooperation which enhances the vulnerability to hardware Trojan attacks. In the paper, we analyze the threat of hardware Trojan attack including the attacking model and Trojan taxonomy, introduce the latest research efforts on detection techniques, and finally describe the area of potential future research.

Figures and Tables | References | Related Articles | Metrics

Research on the Dynamic Multi-copy Provable Data Possession Scheme Based on Map Version Table

Weimin LANG, Kai CHEN

2016, 16 (1): 18-23. doi: 10.3969/j.issn.1671-1122.2016.01.004

Abstract ( 525 )

HTML ( 2 )

PDF (5414KB) ( 129 )

Once the user outsources the data to the big data center, he will lose the direct control on sensitive data. This lack of control poses serious challenges to the data confidentiality and integrity in the cloud storage environment. Based on the analysis of problem related to user’s data control capability weakening after outsourcing data to remote servers in the big data center, we study the problem of creating multiple copies of dynamic data file and verifying those copies stored on untrusted cloud servers and propose a map version table-based dynamic multi-copy provable data possession (MVT-DMPDP), which supports outsourcing of multi-copy dynamic data, By this way the data owner is capable of not only archiving and accessing the data copies stored by the big data center, but also updating and scaling these copies on the remote servers.

Figures and Tables | References | Related Articles | Metrics

Research on Quantum Information Sharing of a Three-particle Entangled State via a GHZ State

Wei GUO, Shucui XIE, Jianzhong ZHANG, Hongzhen DU

2016, 16 (1): 24-28. doi: 10.3969/j.issn.1671-1122.2016.01.005

Abstract ( 508 )

HTML ( 4 )

PDF (4200KB) ( 210 )

Quantum information sharing is a technology that can transmit quantum state, which may carry information, from a sender Alice to a receiver Bob by using the property of quantum entanglement. This paper proposes a quantum information sharing scheme of a three-particle entangled state by using a four-particle Greenberge-Horne-Zeilinger (GHZ) state. Firstly Alice applies three times controlled-NOT (CNOT) gates and a Hadamard gate to her corresponding qubits. Then she performs a four-particle computation basis measurement on her qubits. Finally Bob can reconstruct the shared three-particle entangled state successfully by doing an appropriate unitary transformation on his corresponding qubits according to the measurement results from Alice. The scheme can be easily generalized to share a n-particle entangled state by using (n+1)-particle GHZ state as a quantum channel.

Figures and Tables | References | Related Articles | Metrics

An Online Detection System for Advanced Malware Based on Virtual Execution Technology

Shengjun ZHENG, Longhua GUO, Jian CHEN, Shujun NAN

2016, 16 (1): 29-33. doi: 10.3969/j.issn.1671-1122.2016.01.006

Abstract ( 585 )

HTML ( 1 )

PDF (5654KB) ( 155 )

The current mainstream of malware detection technologies includes sandbox technologies which are mainly based on malware behavior analysis. However, with the continuous development of network attack techniques, advanced malware technology will hide their malicious behavior through multi-state and deformation. In order to protect the information security of the smart grid, this paper presents an advanced online malware detection system based on virtual execution technology. The detection system increases a dynamic detection engine as well as in support of the traditional static test. Dynamic detection engine can detect advanced malware attacks through observation and analysis the changes of instruction and memory properties in depth using a virtual execution technology which is different from the traditional sandbox detection. Smart grid can effectively avoid suffering from advanced malware attacks if the online testing system is used in smart grid.

Figures and Tables | References | Related Articles | Metrics

Design of Network Covert Transmission Scheme Based on TCP

Jiapeng LOU, Meng ZHANG, Peng FU, Kai ZHANG

2016, 16 (1): 34-39. doi: 10.3969/j.issn.1671-1122.2016.01.007

Abstract ( 681 )

HTML ( 7 )

PDF (7153KB) ( 108 )

With the rapid development of the Internet, the network security issue based on Trojan invasion has been more attention. Covert transmission is important technology used by Trojans and other malicious. Network covert channel brings us harm, but also brings forward for our use. We can transmit information covertly and safely by network covert channel, also can test the performance of protection facilities of the existing system. So research covert channel has great significance for network protection. This paper researches network protocol, network protection technology, the principle and working mechanism of hidden transmission network, some technical flaws of network protocol and elements of the communication system, proposes a network covert transmission method based on the TCP protocol, in order to build a network covert channel. The channel can bypass firewalls and intrusion detection systems to transmit hidden information. This paper designs and implements the method and the method is tested and verified. The experiments prove that the channel has a high concealment and transmission speed. The method provides a theoretical basis and technical support for protection Trojans and other malicious attacks. It has certain significance for network security.

Figures and Tables | References | Related Articles | Metrics

Analysis of Model of QQ Forensic in Android System

Qiang LI, Baoxu LIU, Zhengwei JIANG, Jian YAN

2016, 16 (1): 40-44. doi: 10.3969/j.issn.1671-1122.2016.01.008

Abstract ( 604 )

HTML ( 12 )

PDF (4961KB) ( 277 )

As one of popular instant messaging applications on smart phone, mobile QQ contains many kinds of user data which even includes the information of evidence, so forensic analysis for mobile QQ is significant. Firstly, this paper introduces the basic information of Android and mobile QQ, and the research status of forensic model and social network instant messaging application on smart phone. Then, referring to traditional digital forensic models and features of Android mobile intelligent device and mobile QQ, this paper comes up with an analysis model of QQ forensic in Android system, and introduces the detail and output at nine phases. Finally, according to three evaluation parameters as follows: ability of data acquisition, ability of data trustworthiness evaluation and ability of machine readable analysis result, the paper compares the prototype based on analysis model with two typical commercial digital forensic software, and the comparative result shows that the analysis model has a couple of advantages in QQ forensic analysis in Android system.

Figures and Tables | References | Related Articles | Metrics

Mobile Malware Detection Based on Optimized Fuzzy C-Means

Shifeng HUANG, Yajun GUO, Jianqun CUI, Qingjiang ZENG

2016, 16 (1): 45-50. doi: 10.3969/j.issn.1671-1122.2016.01.009

Abstract ( 443 )

HTML ( 2 )

PDF (5775KB) ( 125 )

In order to improve the effectiveness of mobile malware detection, the optimized euzzy C-means (FCM) clustering algorithm is used to classify and detect massive amounts of malware automatically. Firstly, this paper presents a new algorithm named of intelligent bat algorithm (IBA) by introducing a gravitation operator to enhance the linkage of the Bat algorithm , and uses it to optimize the FCM. After the optimization, the FCM can significantly improve the detection efficiency of mobile malware. The simulation experiments show that the IBA has a better global search capability and optimization precision, and the FCM optimized by IBA has higher stability and better clustering accuracy , and the effect is good for mobile malware detection.

Figures and Tables | References | Related Articles | Metrics

Analysis and Implementation of QQ Software Protocol Based on DPI Technology

Lifen ZHENG, Yang XIN

2016, 16 (1): 51-58. doi: 10.3969/j.issn.1671-1122.2016.01.010

Abstract ( 565 )

HTML ( 1 )

PDF (7526KB) ( 86 )

With the rapid development of network technology, a sharp rise in the number of various instant message software, makes it difficulties to controll network traffic effectively. This paper analyzes the traffic of QQ’s three major services based on DPI(Deep Packet Inspection) and proposes a specific subdivision scheme. Then each module of QQ’s traffic identification system is introduced in detail. Finally, through running an experiment to verify its validity, result shows that the purpose of QQ traffic segmentation is achieved and each service communication can be blocked by configuring appropriate policy, which. And it can a reference for other IM software in protocol analysis.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of a Malware Detection System for Mobile Payment on the Cloud

Yaqian SHU, Anmin FU, Zhentao HUANG

2016, 16 (1): 59-63. doi: 10.3969/j.issn.1671-1122.2016.01.011

Abstract ( 493 )

HTML ( 5 )

PDF (5491KB) ( 175 )

More and more users choose to use mobile terminals for payment. But at the same time, mobile payment security risks are becoming increasingly prominent. In this paper, based on the analysis of a variety of payment threats users faced, we propose a malware detection system for mobile payment on cloud platform. We use the method of combining cloud terminal with the mobile, and simulate the mobile payment through simulator in the cloud to test the sensitive behaviors before APP running, output and parse operation logs, and judge whether it has malicious behavior through the custom rules , which can detect the malicious software before malicious behaviors happen. We also accompany the function of silently installing testing to prevent sub-package silently installing in mobile phone background to escape system testing, which can protect users’ mobile payment security more comprehensively and effectively. Finally, the experiments prove effectiveness and practicability of this system.

Figures and Tables | References | Related Articles | Metrics

Research on RFID Authentication Technology Based on Two-way Authentication Protocol

Yuting ZHANG, Chenghua YAN

2016, 16 (1): 64-69. doi: 10.3969/j.issn.1671-1122.2016.01.012

Abstract ( 498 )

HTML ( 3 )

PDF (6656KB) ( 175 )

Nowadays, the Internet of things technology has been widely used in industry, agriculture, military, medical environmental protection and other fields, and all aspects of people’s life gradually into the era of “everything was connected”. With the continuous development of the Internet of things technology, information transmission and information security requirement are higher and higher in the process of “everything was connected”. Identity authentication problem is the first barrier to guarantee the safety of IoT system. Therefore, the study for it has a long way to go. This paper introduces the basic concept of Internet of things as well as the classification and characteristics of the perception layer tags, and do key research and analysis on the Internet security threats in the open system of existing security protocols. This paper researches the RFID electronic tags based on the important technologies of the Internet of things. On the basis of universal model and the improved model of RFID authentication protocol, and on account of Hash function and public key encryption algorithm, we design a bidirectional authentication protocol, which can be able to quickly identify information and to ensure the safety of Internet system.

Figures and Tables | References | Related Articles | Metrics

Overviews of Network Intrusion Evasion and Defense Techniques

Tingting SHI, Youjian ZHAO

2016, 16 (1): 70-74. doi: 10.3969/j.issn.1671-1122.2016.01.013

Abstract ( 637 )

HTML ( 12 )

PDF (4868KB) ( 264 )

Popularity and wide application of the Internet makes network security much more attention, but the methods of network attack are constantly updated. The intrusion evasion technique is used to disguise the data traffic. By confusing the signature, the intrusion detection system can not recognize the attack. It has brought great threats and challenges to the network security. This paper introduces the development and principle of intrusion evasion techniques. It describes five basic evasion techniques and summarizes the main features of advanced evasion techniques. In addition, it lists some methods of evasion defense and detection. Finally, we come to the conclusions.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of a Multi-layer Filtering Detection Model for Malicious URL

Jian LIU, Gang ZHAO, Yunpeng ZHENG

2016, 16 (1): 75-80. doi: 10.3969/j.issn.1671-1122.2016.01.014

Abstract ( 517 )

HTML ( 1 )

PDF (5709KB) ( 165 )

In recent years, as malicious websites harm to every aspect of the user, the detection of malicious web site URL is becoming increasingly important. At present, the detection of malicious URL mainly includes black and white list technology and machine learning classification algorithm.However, the black and white list technology can do nothing while the URL is not in list. And each machine learning classification algorithm has some data which it is not good at. In this paper, we propose a malicious URL multi-level filtering detection model. By training the threshold of each layer filter, the filter can directly determine the URL when it reaches the threshold. Otherwise, the filter leave the URL to next layer. Therefore, every classifier can deal with the data it is good at, this paper uses an example to verify that the model can improve the accuracy of URL detection.

Figures and Tables | References | Related Articles | Metrics

An Automatic Classification System for Microblogging

Shihao ZHANG, Yijun GU, Junhao ZHANG

2016, 16 (1): 81-87. doi: 10.3969/j.issn.1671-1122.2016.01.015

Abstract ( 491 )

HTML ( 1 )

PDF (7255KB) ( 99 )

This paper proposed a new idea for popular microblogging classification, by analyzing the users who forwarded the popular microblogging to obtain the clustering result, and distinguishing the different kinds of popular microblogging depending on the aggregation state of user. The user clustering algorithm is called X-means algorithm which improved on the basis of K-means clustering algorithm, and improved further according to the characteristics of the microblogging user. Taking into account the difference of the user themselves and their attributes, this paper used a weighted approach based on the logarithmic function in the process of improving X-means algorithm ,which can ensure that the clustering results more scientific and accurate. Simultaneously , this paper achieved a weighted approach for the special nodes by the way of establishing a Key-Personnel- Database, then this paper achieved the dynamic updates of the database with the HITS algorithm. After completing the user clustering, the experiment put the important user information into the Key-Personnel- Database in different fields, by which can achieve the feedback mechanism between the clustering processes and the database. In addition, clustered the microblogging user with the X-means algorithm and the k-means algorithm as well as their improved algorithm, and ultimately proved the improved X-means algorithm has more advantages in the microblogging user clustering.

Figures and Tables | References | Related Articles | Metrics

Research and Design on Information Security Architecture in Smart City

Jiangbo ZHENG, Jianhua ZHANG

2016, 16 (1): 88-93. doi: 10.3969/j.issn.1671-1122.2016.01.016

Abstract ( 649 )

HTML ( 4 )

PDF (6320KB) ( 301 )

This paper takes information security architecture of smart city as a core subject research in top planning and designs phase during smart city construction, and harmonious and difference design disciplines are proposed. A hierarchical architecture of information security framework for smart city based on PKI/CA infrastructure is designed separately which supports a smart security engine and plug in smart application adapters via a security information bus. Proper information security strategy, security risk assessment, security audit mechanism and security monitoring system are further described. Key implementation techniques related to the four platform architecture are discussed respectively including security technique, information fusion technique, big data mining technique, and security evaluation technique. Smart city construction is a high investment with long term and far reaching significance. It is meaningful for current smart city construction and new urbanization construction.

Figures and Tables | References | Related Articles | Metrics

Table of Content