Loading...
Netinfo Security

Table of Content

    10 November 2016, Volume 16 Issue 11 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    The TPCM Active Measurement and Power Control Design for ATX Motherboard
    Jianhui HUANG, Wenchang SHI
    2016, 16 (11):  1-5.  doi: 10.3969/j.issn.1671-1122.2016.11.001
    Abstract ( 728 )   HTML ( 14 )   PDF (1505KB) ( 171 )  

    This paper proposes an active measurement and control method of the trusted platform control module (TPCM) based on advanced technology extended (ATX) motherboard. Keeping the original design of the motherboard unchanged, the existing interfaces of the computer motherboard are extended to protect the boot code from been tampered and attacked from the first CPU instruction. Combined with the realization of the power control, the method can fundamentally solve the problem that the source of the boot is not to be trusted. This design makes sure the TPCM has been powered on firstly and lets the TPCM lead the power control system of the computer, measuring the credibility and the integrity of the boot code. If the BIOS and any other firmware have been maliciously tampered, the TPCM enter untrusted operation environment or prevent the computer from been powered on according to the pre written security policy in TPCM. The TPCM designed by this method has active and absolute control right on the computer. Once the malicious code invades and the system is out of control, the TPCM can take the absolute protection measures such as taking off the computer and cutting off the power. The method is not only reliable and effective, but also has the advantages of low cost and simple installation.

    Figures and Tables | References | Related Articles | Metrics
    A Mixed Attributes-based Multi-authority Cloud Access Scheme
    Xing RONG, Rong JIANG
    2016, 16 (11):  6-6.  doi: 10.3969/j.issn.1671-1122.2016.11.002
    Abstract ( 550 )   HTML ( 2 )   PDF (1546KB) ( 84 )  

    The mode of outsourcing brings about new challenges for data security and access control in cloud computing, a multi-authority cloud access scheme with mixed access structure is put forward. After adding owner-defined permission attribute to traditional access structure, owner can decide which user has the right to access data and prevent attribute authority from peeking. User’s attribute and direct revocation methods can provide real-time privilege updating in multi-authority system, the former adopts proxy re-encryption to reduce the computing cost of data owner. Analysis shows that our proposed scheme is secure for protecting stored data under existing security models and highly efficient in attribute revocation, which is suitable for multi-authority cloud.

    Figures and Tables | References | Related Articles | Metrics
    Research on Document Comparison Algorithm Based on Modified Fuzzy Hash
    Hongyu DI, Jing ZHANG, Yi YU, Lianyin WANG
    2016, 16 (11):  12-18.  doi: 10.3969/j.issn.1671-1122.2016.11.003
    Abstract ( 719 )   HTML ( 23 )   PDF (1686KB) ( 105 )  

    Fuzzy hash was widely used in homologous files’ investigation, malicious code detection and digital forensics. Based on the file length and content detection, fuzzy hash segmented a file firstly. Then the Hash value of each file segment was calculated by a rolling hash algorithm. The finger print of the whole file was eventually formed by concatenating all segments’ hash values. Hence the approximate nearest neighbor search problem could be solved by fuzzy hash with the locality sensitive feature. A modified fuzzy hash algorithm was proposed in this paper to overcome the drawbacks of classical fuzzy hash algorithm, such as the segment length depends on file length, triggered condition has no close contact with segment content, and the length of rolling window determines operational performance. The two main modifications were variant length segments triggered by keywords and a rolling hash method based on simhash. The experiments on different corpus show that almost identical documents could be efficiently detected; meanwhile the multi-level comparison with different granularity could be supported by this algorithm.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of Secure Access Device Based on Guomi Algorithm
    Zhaobin LI, Dandan LIU, Xin HUANG, Hao CAO
    2016, 16 (11):  19-27.  doi: 10.3969/j.issn.1671-1122.2016.11.004
    Abstract ( 1067 )   HTML ( 66 )   PDF (1772KB) ( 742 )  

    In order to solve the security access problem of mobile terminal in E-government system, this paper designs a security access device for mobile terminal. The device is based on IPSec VPN technology, mainly to achieve the establishment of communication tunnel, the two sides’ identity authentication, protect the confidentiality and integrity of data and so on. The implementation of the system is based on the redevelopment of Strongswan software framework to complete the function of each module. At the same time, as the core of the security design, the cryptographic algorithm has been unable to meet the information security requirements. And Guomi algorithm becomes a necessary requirement of the equipment. Strongswan only provides the international common algorithm, so it is necessary to use the hardware encryption card to realize the equipment to the secret algorithm support. The algorithm of Strongswan and the strategy library are modified to register the state secret algorithm into Strongswan. At the same time, the design of the module is improved to realize a secure access device based on the national secret algorithm. At last, this paper establishment of environment to verify the system function and availability.

    Figures and Tables | References | Related Articles | Metrics
    Research on a Proxy Blind Signature Scheme Based on Quantum Superdense Coding
    Hui WANG, Runhua SHI, Hong ZHONG, Kaiting WANG
    2016, 16 (11):  28-32.  doi: 10.3969/j.issn.1671-1122.2016.11.005
    Abstract ( 528 )   HTML ( 4 )   PDF (1567KB) ( 68 )  

    Proxy blind signature is widely applied to electronic voting, electronic commerce, and other network settings, etc. Combined with the situation of electronic bank payment, considering the correlative factors of the communication cost, the quantum operation complexity, and the verification efficiency, etc, the paper proposes a proxy blind signature scheme based on the single particle superdense coding to blind the classical double bits information. The principle of the scheme is that the classical bit information is transmitted to the quantum system using the measurement of single particle in different measurement bases, in which the owner of the message blinds the secret message first and then the proxy signer signs the blinded message after authorized. Under the situation of without considering the particles detection, compared with other current well-known schemes, the biggest advantage of the scheme is to save half of the particles at least. In addition, signature party only needs to measure single particle and the length of the signature is appropriate.The verification party only needs to verify by contrast, and not needs to carry out the particle operation. The efficiencies of the signature ,verification and communication are all improved.

    Figures and Tables | References | Related Articles | Metrics
    Cluster Anomaly Detection Algorithm Based on Multi-windows Mechanism
    Mingliang HE, Zemao CHEN, Jin ZUO
    2016, 16 (11):  33-39.  doi: 10.3969/j.issn.1671-1122.2016.11.006
    Abstract ( 619 )   HTML ( 6 )   PDF (1791KB) ( 146 )  

    This paper analyses the weaknesses of cluster anomaly detection algorithm based on single-window, takes advantage of weigh value, similarity, local density and other concepts to conduct affiliation search and abnormal merging on potential abnormal point obtained by single-window algorithm. Moreover, a dataflow anomaly detection algorithm based on multi-window mechanism is designed. This algorithm firstly conducts primary cluster detection to preprocessed dataflow with improved K-means cluster algorithm in single window and then conduct second judge to the results. For the potential abnormal point detected by single-window algorithm, similarity principle is adopted to conduct normal cluster affiliation search to exclude misjudges, other conceptions like local density is adopted to conduct abnormal merging to the rest potential abnormal points to exclude normal points again. Lastly, the time weigh value is used to obtain final abnormal data comprehensively from the detection results of several dataflow windows. The simulation shows that this algorithm has advantage over single-window cluster anomaly detection algorithm on detection rate and misjudge rate.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of Network Security Data Visualization and Analysis System
    Rujun LIU, Yang XIN
    2016, 16 (11):  40-44.  doi: 10.3969/j.issn.1671-1122.2016.11.007
    Abstract ( 850 )   HTML ( 38 )   PDF (1647KB) ( 105 )  

    Focus on the issues that network abnormal data is displayed in an single way and it can’t be shown in real time, a network security data visualization and analysis system is designed and implemented. The functions of the system are network abnormal data monitoring, situation awareness and risk monitoring. Firstly, data collection model gathers original data of devices. Secondly, data preprocessing model transforms original data into standard format. Thirdly, data analysis model distinguishes abnormal data and forms network situation by analysing and detecting standard data. Finally, analysis results are real-time displayed by network map, topological graph, sequence chart,etc. The system combines data collection, data preprocessing, data analysis and data display, meanwhile implements real-time situation forecast and improves the effeciency of network device monitoring.

    Figures and Tables | References | Related Articles | Metrics
    Anomalous Traffic Detection Based on Traffic Behavior Characteristics
    Yangrui HU, Xingshu CHEN, Junfeng WANG, Xiaoming YE
    2016, 16 (11):  45-51.  doi: 10.3969/j.issn.1671-1122.2016.11.008
    Abstract ( 1153 )   HTML ( 92 )   PDF (1776KB) ( 601 )  

    Real network environment lack of labeled data set, so traditional anomaly traffic detection method based on labeled data set is unsuitable for actual large-scale network. To resolve this, the paper proposes an improved k-means anomaly traffic detection method for unlabeled data sets. Firstly, collect the Sichuan University network outlet flow and store in the distributed file system; secondly, construct user behavior feature set on the basis of network flow analysis, and extract relevant characteristics by Spark big data processing platform. Referenced principles of group to define the normal behavior of clusters in the actual flow, construct normal flow behavior model on improved K-means++ cosine clustering method; Finally, the cosine distance between the normal behavior model and user actual flow behavior is calculated to detected anomaly flow behavior. The feasibility and validity of the method are verified by attacking experiment. The experimental results show that the normal flow behavior model for anomaly flow detection has higher accuracy.

    Figures and Tables | References | Related Articles | Metrics
    The Flexible Configuration Technology of Cross Domain Security Data Sharing Based on WSDL
    Xinming YIN, Haiping JIANG, Haiye HUANG
    2016, 16 (11):  52-56.  doi: 10.3969/j.issn.1671-1122.2016.11.009
    Abstract ( 527 )   HTML ( 3 )   PDF (1438KB) ( 122 )  

    With the rapid development of information technology, the information security has gained more and more attention. Especially, the requirement for the data security sharing of heterogeneous systems between different network domains is more and more. Therefore, it is very important to study a reasonable and effective data security sharing measures between different network domains. On this foundation, we propose a flexible configuration technology based on WSDL to realize the cross domain security data sharing. This technology realizes the security sharing of data through the physical unilateral transmission, and proposes the method of dynamic allocation of proxy service. Through analysis and verification, this method can realize the mapping and transformation of the data field of heterogeneous systems, and can realize the flexible configuration of application system service. In a word, it can achieve the purpose of data security and efficient transmission.

    Figures and Tables | References | Related Articles | Metrics
    Study and Implementation of Communication Mechanism for Non-kernel Device Drivers
    Zhuo TAN, Gaoshou ZHAI
    2016, 16 (11):  57-65.  doi: 10.3969/j.issn.1671-1122.2016.11.010
    Abstract ( 438 )   HTML ( 2 )   PDF (1406KB) ( 113 )  

    The kernel security of operating systems is the foundation of the security of computer and information systems. Device drivers are considered to be the main source of kernel bugs because they account for more than 50% of kernel codes. Moreover, device drivers always run in kernel-space with system level permission, and the system completely trusts the codes running in kernel-space. So, if some bugs or malicious codes exist in device drivers, it could affect the safety of operating systems, and even render the whole system collapse. In order to prevent such failure caused by device drivers, moving part or whole codes of device drivers to user space becomes one of the effective ways to limit and isolate the vulnerability of device drivers. However, it will be a time consuming task because device drivers are various and complicated and closely related to other modules of kernels. Based on the final goal of automated split and migration, this paper attempts to construct unified and standardized communication architecture, to explore scientific policies about migrated functions within device drivers, to design framework for both user space part and kernel space part of the migrated functions, and to extract basic non-kernel migration operations. Corresponding prototypes are implemented and test results show that communication mechanisms and non-kernel solutions for device drivers in this paper are effective and less overloaded.

    Figures and Tables | References | Related Articles | Metrics
    Research of Signcyption Based on QC-LDC
    Mingye LIU, Yiliang HAN, Xiaoyuan YANG
    2016, 16 (11):  66-72.  doi: 10.3969/j.issn.1671-1122.2016.11.011
    Abstract ( 407 )   HTML ( 1 )   PDF (1509KB) ( 102 )  

    Signcryption is a cryptographic primitive that performs both the function of digital signature and public-key encryption, at a cost significantly lower than that required in the traditional signature-then encryption. Code based cryptography is an important scheme in post-quantum cryptography. Its computational efficiency is high but it has the drawback of large key. Aiming at solving this problem, a signcryption based on QC-LDPC was proposed the random oracle model. Because of the quasi cyclic property of the parity check matrix of QC-LDPC codes, the size of key can be efficiently reduced, and compared with the traditional approach of signature-then encryption, the ciphertext is 25% less. And the computational efficiency is high than the signcryption based on number theory such as “Two birds one stone”. Security analyse show that it satisfies IND-CCA2 and EUF-CMA security under random oracle model.

    Figures and Tables | References | Related Articles | Metrics
    Research on Fuzzy Cipher Algorithm Based on User Experience
    Zhen LI, Jingsha HE
    2016, 16 (11):  73-78.  doi: 10.3969/j.issn.1671-1122.2016.11.012
    Abstract ( 488 )   HTML ( 0 )   PDF (1466KB) ( 123 )  

    With the increasing of the number of sites, due to the time problem for users registered write password blurred, and often once input error preventing all operations, without considering the long-term users logged for password memory decrease, only to change the password authentication method to experience to visit the user better. Edit distance (Levenshtein Distance, LD) algorithm is usually used in the string of fast matching, writing, this classic algorithm provides string distance is defined on the basis of the theory, through the analysis of the influence of time factor to be deformed and get new strings generated method. The article chooses the login password as the research object, and then analyzes the definition of the character of the string by analyzing the user defined custom and generates a new fuzzy cipher algorithm. First, the user input string combined analysis, and then according to the different distance to produce a different fuzzy character set, and finally the generated fuzzy character set after Hash encryption into the database. The under Windows system using language C# written test of the algorithm, prove that the algorithm can produce the corresponding fuzzy character set, and achieve the expected goals, and the logged in user experience is better, for landing improved way to provide new ideas.

    Figures and Tables | References | Related Articles | Metrics