Netinfo Security

Research on the Technology of Malware Behavior Monitoring Based on LKM System Call Hijacking

Yong DING, Wei CAO, Senlin LUO

2016, 16 (4): 1-8. doi: 10.3969/j.issn.1671-1122.2016.04.001

Abstract ( 594 )

HTML ( 8 )

PDF (1995KB) ( 191 )

Android operating system occupies most of the smart devices and has the largest number of users. But smartphone’s huge market value has also attracted the attention of hackers while bringing convenience to users. The black chain which uses malware as the main attack method can put users’ privacy and their property safety in dangerous situation. Therefore, study of the technology on Android malware detection has a very important theoretical value and practical significance. This paper gives a brief introduction on knowledge of Android malware, and proposes an Android application software dynamic behavior monitoring method based on LKM. This method hijacks and replaces the system call in the Linux kernel layer, and later runs in the form of services. It can monitor sending text messages, making phone calls, getting the phone number, network connections, privilege escalation and et al. Experimental results show that the monitoring accuracy rate of malicious behavior reaches to 93% and its performance overhead is less than 5%. Finally, this paper design and implement the dynamic behavior monitoring system based on the method. So, it has a high practical value.

Figures and Tables | References | Related Articles | Metrics

Reversible Data Hiding in Encrypted Image Based on Additive Homomorphism and Multi-level Difference Histogram Shifting

Di XIAO, Ying WANG, Yanting CHANG, Jiaqi ZHOU

2016, 16 (4): 9-16. doi: 10.3969/j.issn.1671-1122.2016.04.002

Abstract ( 557 )

HTML ( 4 )

PDF (8346KB) ( 182 )

There are two problems in the existing reversible data hiding schemes for encrypted domain. The frist one is that the reversibility which implies exact data extraction and perfect image recovery cannot be ensured. The other is that some schemes are not processed in the really encrypted domain. This paper proposes a real reversible data hiding algorithm in encrypted image. In this algorithm, two neighbor pixels are divided into a group and encrypted by the additive homomorphism algorithm with the same encryption key. And then the difference between two pixels in each group is calculated to generate the difference histogram. Through difference histogram shifting, the data hider can embed data. To further improve the embedding capacity, multi-level difference histogram shifting can be used. In general, this algorithm solves both of the two existing problems to realize data hiding in the really encrypted domain and exact reversibility. Experiment results demonstrate that the proposed algorithm can ensure the privacy security of image, and its embedding capacity is higher. After extracting data completely, it can recover the original image reversibly.

Figures and Tables | References | Related Articles | Metrics

Research of Virtual Trusted Cryptography Module’s Secret Key Management Based on the Trusted Root Server

Guan WANG, Huahao YUAN

2016, 16 (4): 17-22. doi: 10.3969/j.issn.1671-1122.2016.04.003

Abstract ( 902 )

HTML ( 2 )

PDF (1649KB) ( 211 )

Trusted computing is one of the important method to protect the cloud environment. The trusted root server is a good solution to protect the virtual machine with the trusted computing technology. The trusted root server is based on the physical trusted chip and provide services for all of the virtual machine by virtualizing the trusted chip in the cloud environment. The virtual trusted chips on the server are under the management of a called management part. This paper used the homemade trusted cryptography module as the root of trust and based on the cryptographic support platform for trusted computing .This paper analyzed the secret keys in the physical TCM, and researched the secret key management in the trusted root server. Finally, this paper gave a solution on the generation, storage and load for the secret keys. In the solution, all the vTCM’s secret keys are generate in the physical TCM to keep the keys comply with the specifications.

Figures and Tables | References | Related Articles | Metrics

Research on Network Security Situation Prediction Technique Based on Online Learning RBFNN

Limin XUE, Zhong LI, Wanwan LAN

2016, 16 (4): 23-30. doi: 10.3969/j.issn.1671-1122.2016.04.004

Abstract ( 602 )

HTML ( 1 )

PDF (1954KB) ( 568 )

With the network attacks increasing rapaidly, the traditional network security technologies unable to meet the demand of network security. As a new and active network security defense technology, network security situation prediction comes forth. In the majority of cases the network security situation prediction technique based on artificial neural network adopt outline learning. It demanded design network structure and parameter ahead of schedule. If input stylebook dimension begins to change, the network structure and parameter must be designed again. This will undoubtedly increase the complexity of the operation and waste a lot of time. This paper researches the method of adaptive dynamic adjustment network structure of the online learning RBFNN. A group training method is put forward to train the network. This paper proposes a new method of network security situation prediction model based on online learning RBFNN.

Figures and Tables | References | Related Articles | Metrics

A Leakage Resilient Authenticated Key Exchange Protocol Based on the CAFL Model

Siqi LU, Shuhui FAN, Xu HAN, Qingfeng CHENG

2016, 16 (4): 31-37. doi: 10.3969/j.issn.1671-1122.2016.04.005

Abstract ( 518 )

HTML ( 2 )

PDF (1877KB) ( 122 )

The initial goal of the leakage resilient protocols is to decrease the damages resulted from leakage of stored secrets. Alawatugoda proposed a genetic protocol π based on the secure CAFL model, which was proved to be long-term key reveal secure under passive attack but not ephemeral key reveal secure under active attack. In 2015, for instance, Toorani proposed an ephemeral key compromise impersonation attack on this protocol. Considering the insecurity of the protocol, we propose an improvement based on DDH assumption and CDH assumption, which enables explicit key authentication for the parties. As for the security, the improved protocol is proved capable of stronger securities and of less computation costs under the standard model . In addition, analysis and discussion of protocol π-1 and π-2 is provided in this paper in terms of their computing costs and securities.

Figures and Tables | References | Related Articles | Metrics

Survey on PUF-based RFID Anti-counterfeiting Techniques

Zhengjun JIANG, Haibo TIAN, Fangguo ZHANG

2016, 16 (4): 38-43. doi: 10.3969/j.issn.1671-1122.2016.04.006

Abstract ( 582 )

HTML ( 9 )

PDF (1819KB) ( 341 )

With the fast development of information science and technology, radio frequency identification (RFID) technique has been used in more and more scenarios, which brings people a lot of conveniences. However, RFID technique has some potential security problems. For example, an attacker can steal important information from the communication process of the RFID system, and then complete the clone attack. Physical unclonable function (PUF) is an effective method to solve the problem of cloning. Based on PUF, RFID system can serve the anti-counterfeiting purpose well. This paper summarizes and analyzes the situation of counterfeiting existing in the RFID system, and then points out the necessity of anti-counterfeiting. This paper gives a comprehensive summary for PUF-based RFID anti-counterfeiting techniques from two aspects: public key cryptography and secret key cryptography, and summarizes the advantages and disadvantages of these different schemes.

Figures and Tables | References | Related Articles | Metrics

(k,n) Threshold Quantum Secret Sharing Scheme Based on the Generation of Reed Solomon Code

Zi CHENG, lirong JIN, Jinjing SHI

2016, 16 (4): 44-49. doi: 10.3969/j.issn.1671-1122.2016.04.007

Abstract ( 623 )

HTML ( 2 )

PDF (1718KB) ( 132 )

A (k,n) quantum threshold secret sharing scheme based on generator matrix segmentation is proposed in this paper. Compared with the previous classical schemes, our scheme has better security and reliability, and it also has the diversity of encoding with the quantum system, which can improve the difficulty of deciphering. A solution for the issue of matrix cycle period and the problem that some numbers without the primitive element can’t construct generation matrix is derived. The core idea of our scheme is to achieve the secret division by applying the primitive element in the finite domain for generation matrix based on the correspondence between the quantum and classical information, where the generation matrix satisfies that any k column vectors are linearly independent. The transmission process involves quantum secure direct communication (QSDC) based on super-dense coding.

Figures and Tables | References | Related Articles | Metrics

Research on Data Placement Strategy for Ceph Based on File Level

Sha LIU, Chuanren CHU

2016, 16 (4): 50-54. doi: 10.3969/j.issn.1671-1122.2016.04.008

Abstract ( 598 )

HTML ( 1 )

PDF (1657KB) ( 274 )

This paper focuses on the reliability and security of the Ceph distributed file system. The reliability and security of the system are realized through the data fault tolerance mechanism. The widely used data fault tolerance techniques include full copy scheme and erasure code scheme. Full copy scheme copies the data into multiple copies for distributed storage, which reduces the storage efficiency and wastes the storage space. Erasure codes scheme can use the storage space efficiently, but it need store the data encoded, and decode the data when accesses them, which makes the data access efficiency low. Combining the two data fault tolerance mechanisms, on the basis of the Ceph distributed file system, this paper designs a data placement strategy based on the file level. The strategy both provides the full copy scheme and the erasure code scheme, which users can select the appropriate storage scheme based on the file level. The strategy ensures that the important data have high security and can effectively use the storage space.

Figures and Tables | References | Related Articles | Metrics

Speaker Recognition Algorithm Based on Convolutional Neural Networks

Qing HU, Benyong LIU

2016, 16 (4): 55-60. doi: 10.3969/j.issn.1671-1122.2016.04.009

Abstract ( 524 )

HTML ( 1 )

PDF (1772KB) ( 175 )

Feature extraction and pattern classification are two separated part in classical algorithms for speaker recognition, wherein the choice of features has much influence on classification, and thus algorithm complexity is generally increased. In this manuscript we propose to use the structure advantage of convolutional neural network(CNN) to form a new speaker recognition algorithm. The algorithm firstly computes the spectrograms of a speech signal, then using CNN for classification. Experimental results based on self-built database and the TIMIT database show that the presented algorithm is effective in speaker recognition.

Figures and Tables | References | Related Articles | Metrics

Research on the Method of Message Forwarding Path Extraction in the Analysis of Microblog Public Opinion

Hongfu ZHOU, Lu JIA, Tingting ZHANG, Jian LI

2016, 16 (4): 61-68. doi: 10.3969/j.issn.1671-1122.2016.04.010

Abstract ( 741 )

HTML ( 6 )

PDF (2248KB) ( 149 )

In this paper, taking the sina microblog as the study, the method of extracting forwarding path of microblog information is analyzed, and microblogging users who play a key role in the process of micro-blogging message forwarding can be obtained. By utilizing multiple accounts and distributed multi-thread technology, the new network crawler frame used in this system can bypass the sina microblog anti crawler mechanism function and has high stability and high efficiency. There are several steps when researching the extracting method of forwading path, including crawling forwarding webpage information of microblog, extracting the message forwarding information, preprocessing the forward information, constructing the forwarding path tree, etc. The system can show the spread graph of a microblog message forwarding by extracting and organizing the path forwarding information to tree state structure information. Finally, the system implements the algorithm of calculating the user,s spreading influence, and can quickly estimate the user's influence in the whole process of the forwarding and propagation of the microblog by improving the PageRank algorithm.

Figures and Tables | References | Related Articles | Metrics

Research on Security Issues of Wireless Access in Public Environment

Qing LI, A-yong YE, Li XU

2016, 16 (4): 69-75. doi: 10.3969/j.issn.1671-1122.2016.04.011

Abstract ( 608 )

HTML ( 4 )

PDF (2654KB) ( 167 )

With the rapid development of mobile internet and the rising popularity of WiFi network, people are used to access the Internet through a variety of WiFi hotspots. However, the public WiFi hotpots not only provide conveniences, but also increase the network security risks. The wireless access is faced with serious problems, considering the radiation of the wireless signals, the openness of the space channels and the incredible public wireless hotpots. The paper briefly introduces the WiFi access model and for the incredible issues of the public WiFi hotpots, analyzes the possible security problems from the aspects of content of data, the message header, the domain system and the personal privacy with the experiments that used Wireshark and other software. These problems include the leakage of accounts and passwords when Web contents are pushed in Plaintext, the leakage of behavior trajectories when users use the browsers, the tampering with the Web contents, domain name deception and the leakage of users’ personal privacies. The paper studies these problems in order to enhance the public security awareness of wireless access.

Figures and Tables | References | Related Articles | Metrics

Research on Security Technology of Mobile Network

Yingxian CHANG, Guangyong CHEN, Xinlei SHI, Hengrui HU

2016, 16 (4): 76-81. doi: 10.3969/j.issn.1671-1122.2016.04.012

Abstract ( 470 )

HTML ( 1 )

PDF (2452KB) ( 270 )

With the mobile Internet coming, smart phones and tablet PCs as the representative of smart mobile devices growing popularity. The mobile communication network has been widely used in today's society, has gradually become an indispensable part of our daily life. However, with the rapid development of mobile intelligent terminal, the security threats of mobile intelligent terminal also followed. Traditional security solutions have been unable to adapt to the new information security requirements. In this paper, the author analyzes the 3G and 4G mobile networks potential safety. Then the author introduces feasible solutions and related technologies for mobile network security, and propose in the new generation communication network through establishing perfect and professional information security system guarantee the network information security. By technical means and security authentication mechanism, the security level of mobile communication network will be gradually improved.

Figures and Tables | References | Related Articles | Metrics

Table of Content