Netinfo Security

A Privacy Preservation Scheme for Data Exchange of Smart Grid Based on Homomorphic Encryption

Zengpeng LI, Yan ZOU, Lei ZHANG, Chunguang MA

2016, 16 (3): 1-7. doi: 10.3969/j.issn.1671-1122.2016.03.001

Abstract ( 583 )

HTML ( 2 )

PDF (9593KB) ( 206 )

This paper combines with characteristics and development trend of smart grid, analyzes user privacy smart metering including meter real time data phase and billing stages in two parts, and protects users' privacy information in the smart grid by means of encryption and authentication technology. However, most of existing smart grid privacy protection technology is not perfect; by a public key encryption system to protect the security of the smart grid is more important. Homomorphic encryption security and efficient smart grid data exchange is one of the hot issues of current information security research. Therefore, for data exchange, this paper proposes an encryption system based on homomorphic encryption technology. The smart grid privacy protection scheme has strong security and efficient privacy protection features, ensuring user privacy, confidentiality and integrity of data.

Figures and Tables | References | Related Articles | Metrics

Research on Network Protocol Test Data Generation Method Based on Cross Location of Encoding Function

Liang GUO, Senlin LUO, Limin PAN

2016, 16 (3): 8-14. doi: 10.3969/j.issn.1671-1122.2016.03.002

Abstract ( 474 )

HTML ( 1 )

PDF (7181KB) ( 120 )

In order to solve the existing problem that the code coverage of network protocol test data generation method is too small, when facing the encoding mechanism such as encryption, compression, this paper presents a network protocol test data generation method based on cross location of encoding function. Through the static characteristic analysis method, finding the address of network output interface function, library encoding function and suspicious encoding function in main module. Through flow comparison method, analyzing the characteristics of network protocol data and use the encoding function address associated with the data flow of network protocol as mutation point in the test of fuzzy memory. Use software breakpoints callback method, debug network protocol binary executable program: running to the snapshot point, save process operation needs; running to the restore point, restore process context data, make the process re-execution from the snapshot point; running to the mutation point, mutate the memory data; running to network output interface function, generating test data sent to the network.

Figures and Tables | References | Related Articles | Metrics

Research on the Web Front-end Hijacking and Defense against HTTPS

Guofeng ZHAO, Yong CHEN, Xinheng WANG

2016, 16 (3): 15-20. doi: 10.3969/j.issn.1671-1122.2016.03.003

Abstract ( 781 )

HTML ( 6 )

PDF (5366KB) ( 342 )

This paper discusses the HTTPS protocol communication process, analyzes the basic principles and methods in detail based on forged certificates and man in the middle session hijacking. Then it points out that conventional hijacking method through the backend to manipulate the original data flow and defects, and puts forward a front-end scripting XSS based on injection of more efficient and more perfect HTTPS session hijacking method, which can realize the hijacking of the form submission, dynamic elements, the script window, and the page frame. Finally it expounds the priciple and process the Web front-end hijacking, builds a prototype system to validate, and makes a further analysis of the HTTPS communication security risks. According to the present situation, it also puts forward feasible preventive measures.

Figures and Tables | References | Related Articles | Metrics

Research on Trusted Execution Environment Building Technology Based on TrustZone

Guannan FAN, Pan DONG

2016, 16 (3): 21-27. doi: 10.3969/j.issn.1671-1122.2016.03.004

Abstract ( 792 )

HTML ( 12 )

PDF (6277KB) ( 488 )

As a technique for protecting data and programs, compared with the traditional security technology, the trusted execution environment (TEE) can actively prevent threats from outside and ensure the safety of host more effectively by means of hardware aided isolation. With the extensive application of the ARM processor with the built-in TrustZone, trusted execution environment development has been paid increasing attentions. At present, there have been many open source TEE projects based on TrustZone, but their applications still face with problems because of the lack of corresponding standards. Taking Open-TEE as an example, this paper deeply studies the overall structure of TEE, analyzes the architecture of software layer and operational process, and proposes the development method of trusted application. The performances of deployment, development and memory footprint of some TEEs are compared through experiments. The development method of TEE proposed in this paper has good software architecture and is easy to be developed.

Figures and Tables | References | Related Articles | Metrics

The Optimization of DPA Defense System Based on Quantum Annealing Algorithm

Ming ZHONG, Huihui JIA, Liying JIANG, Chao WANG

2016, 16 (3): 28-33. doi: 10.3969/j.issn.1671-1122.2016.03.005

Abstract ( 564 )

HTML ( 3 )

PDF (6198KB) ( 165 )

At present, in ECC side channel attacks and various anti attack measures, the most research is power consumption attack. For attackers, due to the simple power analysis (SPA) referring to the implementation algorithm of cryptographic devices, it makes more difficult to attack the key. However, differential power analysis (DPA) can recover the correct key via the statistical analysis of multiple power consumption trajectories, and it is less difficult. Currently, the more use of the counter measures is the power balance. In this paper, we use the quantum annealing algorithm to optimize the anti power consumption attacks based on WDDL and reduce unnecessary additional units. Compared with ExCCel optimization algorithm based on the traditional simulated annealing algorithm, quantum annealing algorithm can obtain the optimal solution with a higher probability. The analysis shows that the method can save the circuit area and power consumption to a large extent, and improves the system's ability to resist differential power consumption.

Figures and Tables | References | Related Articles | Metrics

Research on Browsers Recognition

Zhouhui LI, Yanqun HUANG, Yi TANG

2016, 16 (3): 34-39. doi: 10.3969/j.issn.1671-1122.2016.03.006

Abstract ( 479 )

HTML ( 1 )

PDF (6507KB) ( 162 )

In recent years, with the high-speed development of Internet, network software has been the main target of the hacker. As the network software that users use most frequently, the safety and the service of the browser has always been the focus of attention, which is also a measure that users choose to use. On the one hand, recognizing the browsers can achieve system attacks according to corresponding loopholes of browsers and then open the gate for attackers. On the other hand, using the browsers recognition technology can further recognize the users, and then bring a better user experiences. Previous studies get browsers fingerprint information by implanting server-side scripts, and there are some people that use traffic analysis technology to recognize the browsers, but the recognition rate is relatively low. This paper derives trace information of thirteen browsers from the encryption transmission traffic, and processes trace information by three typical machine learning methods, in order to recognize the browsers. The experimental results show that the browsers can be recognized, and the recognition accuracy is as high as 100%. This means that the users must improve safety awareness, update the browser version, and install the latest patch to prevent system damages caused by the hackers using the original browsers vulnerabilities.

Figures and Tables | References | Related Articles | Metrics

ASEP Performance Analysis of Vehicle-to-Vehicle Communication System over N-Rayleigh Fading Channels in IoV

Chao YUAN, Hao ZHANG, Thomas Aaron Gulliver

2016, 16 (3): 40-46. doi: 10.3969/j.issn.1671-1122.2016.03.007

Abstract ( 567 )

HTML ( 1 )

PDF (6090KB) ( 157 )

The average symbol error probability (ASEP) performance of vehicle-to-vehicle communication system with fixed-gain amplify-and-forward (FAF) relaying over N-Rayleigh fading channels is investigated in this paper. Based on the moment generating function (MGF) approach, the exact ASEP expressions are derived for several modulation schemes, including phase shift keying (PSK), quadrature amplitude modulation (QAM), and pulse amplitude modulation (PAM). Then the ASEP performance under different conditions is evaluated through numerical simulations, and the accuracy of the analytical results is verified. The simulation results show that the ASEP performance can be improved with the increase of the number of relayed vehicular.

Figures and Tables | References | Related Articles | Metrics

Research on Information Security for Shipboard System Based on DDS

CHEN Kaifang, LI Huiyun, LIU Song, ZHOU Chunjie

2016, 16 (3): 47-52. doi: 10.3969/j.issn.1671-1122.2016.03.008

Abstract ( 735 )

HTML ( 4 )

PDF (5896KB) ( 264 )

This paper analyzes the fundamental architecture of DDS Communicaiton Middleware and the technological traits of DDS's application in shipboard system. For the current research on information security of DDS, this paper proposes the information security of DDS communication for the first time. According to the feature of information system and the similarity between security domain and DDS domain, it develops the division strategy of DDS security domain.On the base of similar control of communication between information security strategy and QoS strategy, it puts forward the QoS stragety configuration of information attribute-information strategy-QoS strategy. Finally, this paper illustrates the feasibility of the method using an living example.

References | Related Articles | Metrics

Key Technology Research and Implement on Insider Threat for Controlled Cloud Computing

XIANG Linbo, LIU Chuanyi

2016, 16 (3): 53-58. doi: 10.3969/j.issn.1671-1122.2016.03.009

Abstract ( 447 )

HTML ( 0 )

PDF (5459KB) ( 182 )

Cloud computing has generated significant interest in both academia and industry, but the data security and privacy problem is hindering the development of cloud computing. Originated from the OpenStack open source cloud computing framework, this paper analyzes its operation and maintenance mode, and proposes using API proxy and access control to achieve internal controls of cloud platform and protect user data from insider threat in cloud platform. Experiment results show that the method in this article, which can achieve the basic need of cloud platform operation maintenance, implements the division of authority to the cloud administrator and can block malicious and illegal access requests.

References | Related Articles | Metrics

Research and Design on the Storage Model for RDF Data Based on HBase

Yuanyuan WANG, Xiaodan LV, Qi HU, Hongchuan WU

2016, 16 (3): 59-63. doi: 10.3969/j.issn.1671-1122.2016.03.010

Abstract ( 560 )

HTML ( 3 )

PDF (4750KB) ( 142 )

Aim ing at the storage of RDF data, this paper proposes an effective storage scheme based on the Rowkey and the distributed database HBase , which mainly use of the characteristics of HBase and RDF data. The method uses the classic BKDRHash algorithm to hash the predicate, and looks the hash value and the predicate as the primary key to enforce the data storage. Effective setting the Rowkey of HBase not only avoid the phenomenon of node accumulation, the use of BKDRHash algorithm also ensures the integrity of the data. In order to prove the validity of this storage mode, the experiment is to use MapReduce to load the data into HBase in parallel ways with the internal storage format HFile file. Experiments show that, for such a storage model, when the data quantity is large, the data loading can achieve better performance. The paper mainly uses the LUBM test set to carry on the simulation experiment, and it proves that the scheme is effective.

Figures and Tables | References | Related Articles | Metrics

Research on Information Dissemination Topological Structure of Microblog Based on Topics

Jie ZHONG, Haizhou WANG, Wenxian WANG

2016, 16 (3): 64-70. doi: 10.3969/j.issn.1671-1122.2016.03.011

Abstract ( 507 )

HTML ( 3 )

PDF (7639KB) ( 92 )

With the prevalence of Internet, network forum, Microblog, WeChat, etc. are an important channel for people to obtain and publish information. However, Microblog has become the main platform of public opinion spread. In order to study diffusion and supervision of the public opinion, we used a special crawler to collect the topics information and related user data from the microblog network, analyzed the result of the data acquisition, and chose the appropriate social topics information to carry empirical research. Information propagation characteristics of Microblog topics were summarized by studying the users, participation in the topics diffusion. By the forward relationship of users in the topics, the topology structure of the propagation networks of topics was sorted out. Further analysis was carried out on the topology structure, and the results show that the propagation network of microblog topic has small-world properties, which can speed up the diffusion speed and expanding the scope of the spread in the network. Study of topology structure for the spread of topics information can provide basis for studying rumors' diffusion and control on the network and studying users, behavior and the influential users.

Figures and Tables | References | Related Articles | Metrics

Troubleshooting Based on Packet Traceback in Software-defined Networks

Kuan JIANG, Peng YANG

2016, 16 (3): 71-76. doi: 10.3969/j.issn.1671-1122.2016.03.012

Abstract ( 517 )

HTML ( 2 )

PDF (5748KB) ( 120 )

With the increasingly numbers of serious problems of network security, network operators solve specific problems mainly use the tools such as ping, traceroute, SNMP, tcpdump and so on. Their experience and ability is crucial to find the position of the fault. This paper describes the troubleshooting way based on provenance traceback and improves it with packets traceback. Provenance traceback is used in detection of rule conflicts, which using graph theory to locate the root cause, but not used widely in the detection of rule loss. This paper presents a troubleshooting solution that based on packet traceback, which can effectively detect the rule conflicts and rules loss and expand the scope, which is an important complement to the provenance traceback. Constructing packets by specific source IP addresses, using back policy to get the fault location. The whole process does not require the user to back human intervention, with real-time and automated features.

Figures and Tables | References | Related Articles | Metrics

Review on Dynamic Taint Analysis of Binary Programs

Zheng SONG, Yongjian WANG, Bo JIN, Jiuchuan LIN

2016, 16 (3): 77-83. doi: 10.3969/j.issn.1671-1122.2016.03.013

Abstract ( 1321 )

HTML ( 61 )

PDF (7850KB) ( 521 )

With the network security situation becoming increasingly worsening, detection technology that can timely and effectivly discover exploits and related advanced persistent threat(APT) attacks is of vital importance for network security. Dynamic taint analysis, which is one of the reliable exploit detection solutions, is a method that marks the non-trusted input source as tainted data, and tracks its spread with the execution of program to get the key position and data associated with the input. This paper firstly introduces the principle of dynamic taint analysis of binary programs and its development status in several typical systems, then analyzes existing problems with dynamic taint analysis of binary programs, and finally introduces the application of dynamic taint analysis. In this paper, the dynamic taint analysis technology of binary program is introduced in details, which is helpful to improve the network security protection level for important information system.

Figures and Tables | References | Related Articles | Metrics

Table of Content