Netinfo Security

Research on An Effective Integrity Check Scheme for Big Data Center

Hongjun LI, Weimin LANG, Gang DENG

2016, 16 (5): 1-8. doi: 10.3969/j.issn.1671-1122.2016.05.001

Abstract ( 436 )

HTML ( 2 )

PDF (2294KB) ( 195 )

For the application of cloud storage in the big data center, a user no longer possesses his files in his local depository. Thus, he is concerned about the security of the stored files. For data robustness, there are two concerns: service failure, and service corruption. In this paper, we propose an integrity check scheme for their system to enhance data robustness against storage server corruption, with which their storage system in the big data center can deal with not only the problem of storage server failure, but also the problem of storage server corruption. Furthermore, we adopt homomorphic integrity tags such that new integrity tags can be computed from old integrity tags by storage servers without involvement of the user's secret key or backup servers. In conclusion, we prove the security of our integrity check scheme formally.

Figures and Tables | References | Related Articles | Metrics

Overview on Physical Layer Security Issues in Multiple Antennas System

Tao ZHANG, Qiao LIU, Hui LI

2016, 16 (5): 9-14. doi: 10.3969/j.issn.1671-1122.2016.05.002

Abstract ( 412 )

HTML ( 5 )

PDF (1356KB) ( 126 )

Physical layer security lies in the benefit of key sharing needlessness. The premise of physical layer security is based on the wiretap channel to prevent the transmitted signals cannot be recovered by the undesired eavesdroppers with signal processing or coding methods. Meantime, multiple antennas technique has been proved a efficient to improve channel capacity, besides that the redundancy brought by the multiple antennas technique can provide more possibilities to reduce the wiretapping level of the eavesdroppers. Thus, it is desired to overview the existing physical layer schemes. The existing researches on physical layer security issues in multiple antennas system can be classified as four categories: firstly MIMO wiretap channel has been investigated as the basic model; secondly, multiple users with multiple antennas is another important model including broadcast channel, multiple access channel, and interface channel; thirdly, focusing on MIMO cooperation communication, the existing researchers consider trusted relay and untrusted relay scenarios; lastly, cross layer security framework including physical layer is also desired to be considered with two key problems, physical layer key sharing and physical layer authentication. By summarizing the existing scheme design principle, the future research direction is demonstrated.

Figures and Tables | References | Related Articles | Metrics

The Construction of a Type of Ideal Access Structures

Zhihui LI, Tingting XU, Na ZHANG

2016, 16 (5): 15-22. doi: 10.3969/j.issn.1671-1122.2016.05.003

Abstract ( 424 )

HTML ( 2 )

PDF (2844KB) ( 135 )

The construction of ideal access structure has an important role for designing secret sharing scheme with high information rate. The access structures corresponding to Shamir(k,n)’s type scheme( different from Shamir’s threshold type scheme) are ideal, but how to get these access structures which are not mutually isomorphic is a problem needed to be solved. First of all, the definition that the tracks are mutually equivalent is proposed, and then the problem for judging whether two minimal access structures are isomorphic in Shamir(k,n)’s type scheme is converted into the problem for judging whether their corresponding tracks are equivalent. This paper designs an algorithm which can be used to calculate all minimal privileged arrays that exist in the Shamir(k,n)’s type scheme and can be used to calculate all the tracks existing in the Shamir(k,n)’s type scheme that are not mutually equivalent. So this paper perfectly solves the problem that how to construct all ideal access structures which are not mutually isomorphic in the Shamir(k,n)’s type scheme. Particularly, this paper gives all the minimal privileged arrays with 7 participants in finite field F₁₃ and obtains all the tracks that are not mutually equivalent, and thus gives all the ideal minimal access structures with 7 participants that are not mutually isomorphic by the above judgment.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of IDS Device Detection Tool

Guozhen SHI, Meng ZHANG, Peng FU, Mang SU

2016, 16 (5): 23-29. doi: 10.3969/j.issn.1671-1122.2016.05.004

Abstract ( 517 )

HTML ( 5 )

PDF (2324KB) ( 118 )

With the rapid development of Internet, network attacks, intrusions and other security problems become increasingly serious. In order to protect the security of networks and computer systems, various network protection tools are emerging, such as firewall, IDS, etc. And IDS has already become an important way to protect the system and network. In order to keep system and network more security, IDS need to be test and evaluate more promptly. Although there are some IDS device testing tools, but there are still some limitations in them. How can it be tested and evaluated convenient and efficient has become the focus of current research. This paper designs a set of IDS device detection tools to analysis types of IDS rules, restructure them, and generate unified alarm file. Through the analysis of alarm files, the rate of false positives and non-response of IDS device can be calculated. It implements structure of different characteristics rules packet. As to different types of alarm information it can analysis and generate alarms unified file. So it has some value of general use.

Figures and Tables | References | Related Articles | Metrics

Research on Hierarchical Identity-based Encryption Management System in Cloud Computing

Haiping JI, Lei XU, Xiaoling YU, Chungen XU

2016, 16 (5): 30-36. doi: 10.3969/j.issn.1671-1122.2016.05.005

Abstract ( 615 )

HTML ( 3 )

PDF (2030KB) ( 207 )

This paper described a hierarchical encryption management system in cloud computing which was structured by the hierarchical identity-based encryption algorithm. This system mainly included four functional modules: the user login module, the database management module, the key distribution module, the file encryption and decryption module. The key distribution module divided users into different layers. Each user of different layers had a corresponding private key generator, and only provided its next user with private key. The problem that private key generator overload is solved by hierarchical key server. The system was designed by using java programming language in the form of specific graphical user interface and combing with the concrete hierarchical identity-based encryption algorithm. This paper realizes hierarchical encryption management system which documents are transmited secretly between internal staff of group for the first time in the cloud commputing.

Figures and Tables | References | Related Articles | Metrics

Research on Authentication Scheme of Cryptographic Service System Based on Service Architecture

Weiwei YE, Qingyu OU, Xiaowu BAI

2016, 16 (5): 37-43. doi: 10.3969/j.issn.1671-1122.2016.05.006

Abstract ( 434 )

HTML ( 3 )

PDF (2032KB) ( 196 )

Traditional cryptographic service system is a “chimney” type structure, resulting in the encrypted communication difficulties between different departments, and information resources are difficult to share. This paper proposed oriented service architecture of cryptographic service system, and it realizes the interconnection and interoperability. This paper proposes an authentication scheme, which can enhance the security of the system. The efficiency of existing PKI public key certificate validation is low, the establishment of inter domain trust path is complex and too long trust path lead to cross domain authentication efficiency lower. Based on XKMS domain trust building methods, this paper establish direct trust relationship between any two of the IDP, and it can reduce the complexity and length of trust path construction, retain the advantage of PKI system, simplify the system interaction process, and improve cross domain authentication efficiency. Compared with the existing schemes, it can improve the efficiency of the authentication.

Figures and Tables | References | Related Articles | Metrics

A New Ultra-lightweight RFID Mutual Authentication Protocol

Qing MA, Yajun GUO, Qingjiang ZENG, Duo XU

2016, 16 (5): 44-50. doi: 10.3969/j.issn.1671-1122.2016.05.007

Abstract ( 501 )

HTML ( 2 )

PDF (1673KB) ( 191 )

Targeting to current typical ultra-lightweight RFID security authentication protocol, we proposed a desynchronization attack scheme. Then we analyzed the security vulnerabilities of RAPP protocol and proposed a novel ultra-lightweight RFID mutual authentication protocol named PAPP, which avoided the security hole in the previous RFID authentication protocols. The new protocol improved the design of the message of RAPP protocol, and added a random number that belongs only to the label, Random number would be updated in advance to ensure the freshness of the messge generated by the tag. Security analysis and performance evaluation showed that the protocol had not only possessed robust security and privacy protection properties, but also could resist various attacks and fit for the requirement of low-cost RFID system.

Figures and Tables | References | Related Articles | Metrics

Research on Different Versions of YAFFS2 File Recovery Algorithm Based on Hash

Yameng LI, Jingsha HE

2016, 16 (5): 51-57. doi: 10.3969/j.issn.1671-1122.2016.05.008

Abstract ( 593 )

HTML ( 2 )

PDF (3091KB) ( 316 )

In digital forensic, the technology of Android forensic becomes hot spot of research currently. And there are some research interests such as data extraction, data recovery for Android forensic. Among these research interests, data recovery is one of the most important step. YAFFS2 is a new flash file system. It is designed for mobile devices which use NAND flash and is widely used in Android devices. Thus, this paper proposes a method that recover different versions of YAFFS2 file based on Hash. Through extracting and storing the same object header information into Hash linked list, it can recover different versions of file. The experiment is executed under Linux system with YAFFS2 file system environment. And the experiment results show that the method can recover different types of file especially SQLite3 file and recover different versions of different types of file effectively. And this method lays the foundation for the follow-up research of Android forensic.

Figures and Tables | References | Related Articles | Metrics

A New Ad Hoc Group Key Agreement Scheme Based on HECC

Guangrong HE, Xueming WANG

2016, 16 (5): 58-63. doi: 10.3969/j.issn.1671-1122.2016.05.009

Abstract ( 442 )

HTML ( 1 )

PDF (1652KB) ( 171 )

In order to solve the problem of Ad Hoc networks in efficiency and security of group key management, we propose a new group key management protocol based on HECC public key cryptosystem. Based on the digital signature technology and encryption technology of HECC,the security of the protocol and the operation efficiency is improved. This effective group key management scheme is proposed according to the characteristics of node update in Ad Hoc network. Correctness and security of the protocol are proved. Results of performance analysis show that in special Ad Hoc network security conditions, the scheme is simple in design and requires limited calculation and limited storage space.

Figures and Tables | References | Related Articles | Metrics

Research on Short Text Representation Based on Sentential Semantic Components

Hai SHANG, Senlin LUO, Lei HAN, Ji ZHANG

2016, 16 (5): 64-70. doi: 10.3969/j.issn.1671-1122.2016.05.010

Abstract ( 477 )

HTML ( 1 )

PDF (2158KB) ( 92 )

With the development of mobile Internet and information technology, short text data such as commentary, microblog, has explosive growth. The sparseness of short text requires an effective algorithm of short text representation to improve the results of text clustering and classification, hot event detection and public opinion analysis, etc. This paper proposes an algorithm of short text representation based on sentential semantic components. Without changing the dimension of feature space, the method utilizes the sentential semantic components and topic model to obtain the semantic correlated words, and expands the short text with those words according to the topic selection rules. It reduces the zero-value dimension of in the text representation feature vectors. This paper implements short text classification experiments based on the Sogou corpus. The results show that the accuracy of short text classification reaches 0.7958, which is better than other methods. In summary, the proposed short text representation method, expanding short text with the semantic correlated words, can mitigate the sparseness problem effectively and improve the performance of short text classification.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of the Scheme of Obfuscation Based on the Recombination of the Android Executable File

Weiping WEN, Han ZHANG, Xianglei CAO

2016, 16 (5): 71-77. doi: 10.3969/j.issn.1671-1122.2016.05.011

Abstract ( 557 )

HTML ( 1 )

PDF (2104KB) ( 135 )

With the rapid development of mobile intelligent terminals, Android operating system has become one of the most widely used mobile intelligent operating systems in the world. Java is famous for its features of good cross-platform, high efficiency and a large amount of developers, therefore the designers of Android choose Java as the system development language. The characteristics of the Java language make Java program easy be decompiled by decompilation tools and be analyzed, which makes Android applications face great risks. This paper focuses on the study of code obfuscation technology for the purpose of protecting Android applications, improving the difficulty of the attacker's reverse analysis and adding no extra time cost for the execution of the program. Based on Android executable file reorganization, this paper designs and implements a kind of Android obfuscation tool and carries out test and performances analysis. This Android obfuscation tool enhances the security of Android applications, protects Android applications developers' intellectual property rights, and avoids reverse analysis, piracy and malicious tampering to Android applications to a certain extent.

Figures and Tables | References | Related Articles | Metrics

Survey on Smart Grid Security

Jianan LIU, Jian WENG

2016, 16 (5): 78-84. doi: 10.3969/j.issn.1671-1122.2016.05.012

Abstract ( 515 )

HTML ( 9 )

PDF (1353KB) ( 216 )

As the next generation of power grid, smart grid has many advantages, such as high controllability, high energy utilization rate and self-healing. Smart grid brings great conveniences to people’s lives. Many countries and areas start to build their smart grid facilities. At the same time, the security and privacy problems of smart grid also are exposed and become the important obstacles for further development of smart grid. Smart grid is the intelligent version of traditional grid. In order to realize intelligent, plenty of new technologies are introduced into smart grid. But due to the lack of mature research, there are many potential secure hazards in these new technologies which become the breaches for attackers attacking the smart grid. This paper introduces three technologies in smart grid including smart metering, vehicle-to-grid and smart grid cloud, analyzes the security problems in them, and also proposes some problems needed to be resolved in the future.

Figures and Tables | References | Related Articles | Metrics

Table of Content