Netinfo Security

Design and Implementation on Cloud Document Secure Storage Management System Based on IBE Mechanism

Dianwei LI, Yundong FAN

2016, 16 (12): 1-7. doi: 10.3969/j.issn.1671-1122.2016.12.001

Abstract ( 476 )

HTML ( 1 )

PDF (6428KB) ( 127 )

With the development of cloud computing technology, there are many services of network disks at home and abroad. They provide file storage, access, backup, sharing and other functions of file management to users. But at the moment, there are many problems in the network disk, such as poor security, inflexible sharing strategy, the lack of documentation and collaborative communication mechanism. In view of the above problems, this paper designed and implemented a cloud document secure storage management system based on IBE mechanism, which can enhance the security of users and provide online collaborative processing and other functions. The system adopts IBE mechanism to solve the tedious certificate management and private key secure distribution problems existing in PKI mechanism. It achieves the user documentation for the trusted share and secure storage. At the same time, the system enhance the user experience and realize the documents in each user cooperative work by rendering the PDF document browsing and the WebSocket communication mechanism, and greatly improving the work efficiency. Through the test, the system can meet the needs of the existing market in terms of functionality, security and efficiency.

Figures and Tables | References | Related Articles | Metrics

Research on a Trust Model Based on AIFS Weighting

Wei WANG, Chuanqi XIAO, Yingyan FENG, Mingzhi CHEN

2016, 16 (12): 8-12. doi: 10.3969/j.issn.1671-1122.2016.12.002

Abstract ( 617 )

HTML ( 2 )

PDF (4677KB) ( 124 )

With the wide use of private and public clouds, their securities are primary issues that must be solved. Existing research shows that the safety problem is closely connected with trust problem. Selecting a credible cloud service provider is an effective way, and trust model is a hot research topic. Based on trust measurement model and the fuzzy set theory, this paper depicts the related security problems. Considering the AIFS can better deal with the problems of fuzziness and uncertainty, this paper proposes a trust model based on the AIFS optimal weighting. By selecting the optimal weight scheme of service index vectors, the model optimizes the user's evaluation weights to the cloud service provider, which makes the user,s evaluation to the cloud service provider is more objective. The paper provides a simulation experiment to the selection of trusted cloud service providers. The experimental results show that this method has good application value.

Figures and Tables | References | Related Articles | Metrics

A Secure Fault Recovery Approach Using OwnShip-Proof Model for Controller Cluster of Software Defined Networks

Zehui WU, Qiang WEI

2016, 16 (12): 13-18. doi: 10.3969/j.issn.1671-1122.2016.12.003

Abstract ( 557 )

HTML ( 1 )

PDF (5820KB) ( 122 )

Control plane is the core of software defined network, which is responsible for network management and control. Current research focus on the performance, the stability, and the security of controllers, while take no attention on the security of fault recovery progress, by which the attackers could pretend to be a controller and obtain the resources of the network from the backups of control plane. We propose a secure recovery approach based on OwnShip-Proof model to address this threat. Our method employs hash tree to map one backup file with different controllers before backup and recovery procedure, and during the recovery, the controller should provide the solution of the challenge generated through OwnShip-Proof model by the server that stored the backup file. Then the server verify the solution and decide to recovery or not. The testing results show that our approach is able to decrease the memory space used to store the backup file and defense the attackers from the forged recovery attack. Compared with the ordinary method, the performance difference of the two methods would narrow down with the increasing of the size of the backup file.

Figures and Tables | References | Related Articles | Metrics

The Retrospect and Prospect of Access Control Technology

Xiaofeng LUO, Wenxian WANG, Wanbo LUO

2016, 16 (12): 19-27. doi: 10.3969/j.issn.1671-1122.2016.12.004

Abstract ( 1082 )

HTML ( 77 )

PDF (9120KB) ( 342 )

Access control is one of the key technologies of information security. It relies on other security services and coexists with these services in the information system, so as to ensure the security of information. In order to help research, development and adoption of access control technologies, based on study of access control technology and its development course, some meaningful access control technologies in practical applications are introduced, like discretionary access control, mandatory access control and role-based access control. Then some directions of access control technology development are discussed, including attribute and policy-based access control, risk-adaptable access control and next generation access control. For the development and practical application of access control, we should strengthen the basic research on the same time, in line with the situation in China to carry out access control standardization, deployment, application research and construction.

References | Related Articles | Metrics

Research on the Method for Network Vulnerabilities Situational Awareness Based on the Features

Chuan GAO, Hanbing YAN, Zixiao JIA

2016, 16 (12): 28-33. doi: 10.3969/j.issn.1671-1122.2016.12.005

Abstract ( 433 )

HTML ( 2 )

PDF (5780KB) ( 148 )

With the continuous development of the Internet, the security problems of the Internet are more and more serious. The security situations of the Internet devices and applications have gotten Internet users’ more attentions. This paper puts forward a measurement method of the Internet devices and applications based on the features. Firstly, the features of the Internet devices and applications are extracted. By combining the methods of active detection and passive monitoring, the information of the Internet devices and applications is obtained. Then by analyzing the information of the Internet devices and applications, the paper depicts the vulnerabilities distribution situations of the Internet devices and applications. The paper verifies the method by measuring three different Internet devices and applications, and detects their vulnerabilities distribution situations, which can help the administrators understand the situations of the Internet devices and applications effectively, and find vulnerabilities and repair them in time.

Figures and Tables | References | Related Articles | Metrics

A SSH Protocol Based on the Trusted Attestation of a Third Party Platform

Yaqi ZHANG, Yongzhong HE, Aimin YU

2016, 16 (12): 34-45. doi: 10.3969/j.issn.1671-1122.2016.12.006

Abstract ( 556 )

HTML ( 2 )

PDF (11518KB) ( 81 )

TSSH (Shell Secure), as one of the most widely used network security protocols, faces many kinds of security problems. Under the existing conditions, the attacker can use the security vulnerability of SSH to implement the attack. Trusted computing remote attestation technology provides a way for us to prevent such attacks. SSH protocol can be combined with remote attestation to enhance security. There are many deficiencies in the existing research about the trusted security protocol.This paper firstly analyzes the security problems faced by SSH, then proposes aSSH protocolbased on trustedattestationof third party platform, namely TDSSH protocol and gives the main implementation on code level. Finally we conduct the safety analysis and evaluation of the protocol. TDSSH protocol proposed in this paper has positive significance for research about trusted enhancement ofother network security protocols.

Figures and Tables | References | Related Articles | Metrics

Hybird Attribute-based Encryption Signature Scheme for PHR System

Fei CHEN, Yifan Si, Yiliang HAN

2016, 16 (12): 46-50. doi: 10.3969/j.issn.1671-1122.2016.12.007

Abstract ( 405 )

HTML ( 1 )

PDF (4889KB) ( 137 )

Personal Health Records could be used in health information exchange, but the storge of information is rely on third servicer, this may lead to the exposure of user’s privacy. And the technology of PHR only considers the service of storge, but, servicer also could provide the outsourced computation. In order to address the security and protect personal privacy, improve the efficiency of users, a ciphertext policy attribute-based hybrid encryption/signature scheme is proposed. Scheme combines the privacy protecting of attribute-based signature and access control of attribute-based encryption, provides the confidentiality, unforgeability and anonymity for message. The cost of key generation is more little than the simply combine of attribute-based signature and attribute-based encryption. The bilinear maps in recipient is outsourced to servicer, user only needs to finish exponent algorithm, so, user’s local resource is saved.

Figures and Tables | References | Related Articles | Metrics

Research on a Cloud Resource Allocation Mechanism Based on Double Auction and Cell Membrane Optimization Algorithm

Lijing WANG, Xingwei WANG, Min HUANG

2016, 16 (12): 51-59. doi: 10.3969/j.issn.1671-1122.2016.12.008

Abstract ( 415 )

HTML ( 3 )

PDF (8475KB) ( 58 )

Cloud computing is a new computing paradigm which virtualizes the underlying infrastructure resources into a resource pool and the resources are provided to cloud users in the form of services. Reasonable distribution and use of cloud resources is a prerequisite for ensuring the security of the cloud. Based on the characteristics of cloud resources and cloud market, combining with the knowledge of economics, this paper proposes a cloud resource allocation mechanism based on double auction and cell membrane optimization algorithm. In this mechanism, cloud resources are priced by double auction and three criterions are introduced to evaluate the effectiveness and efficiency of the proposed resource allocation scheme. The objective value is introduced as the optimization objective and optimal resource allocation scheme is obtained by using the cell membrane optimization algorithm. The simulation results show that the proposed mechanism is both feasible and effective.

Figures and Tables | References | Related Articles | Metrics

A Privacy Protection System for the Community IoT Innovative Technology and Service Platform

Jingxue LIAO, Fuzhen CHEN, Jiujun CHENG, Xiangrong CHEN

2016, 16 (12): 60-67. doi: 10.3969/j.issn.1671-1122.2016.12.009

Abstract ( 434 )

HTML ( 2 )

PDF (7659KB) ( 86 )

The community IoT innovative technology and service platform will offer serials of real-time information and interactive service to the community users of mobile Internet, but the privacy protection strength is insufficient under the mobile Internet environment. Based on the privacy protection problem of the community IoT innovative technology and service platform under the mobile Internet environment, this paper designed a privacy protection system for the platform. This paper introduced an access control and generalization method to the platform. It will get the user’s current access permission by the access control based on the user’s access operation. It will also offer the private data in different generalization degree according to the access permission. This technology let the legal user get the high quality service while the illegal user can only obtain the distortion data. The platform makes sure that the community IoT innovative technology and service platform can protect the private data of users better.

Figures and Tables | References | Related Articles | Metrics

Research on IP Video Network Access Detection Based on Decision Tree Classification of Device Fingerprint

Xinming YIN, Zhengliang HU, Guoliang CHEN, Haiye HUANG

2016, 16 (12): 68-73. doi: 10.3969/j.issn.1671-1122.2016.12.010

Abstract ( 575 )

HTML ( 4 )

PDF (6483KB) ( 129 )

As a lot of the video dedicated network acquisition equipments deployed in public areas, face more security issues. How to connect the video equipments safely and efficiently to the video dedicated network is very important. In this paper, we propose a decision tree classification algorithm of device fingerprint to solve the problem. According to the characteristics of the video equipments, we design the device fingerprint on the basis of the operating system fingerprint. Meanwhile, we also propose the collection and storage methods of the device fingerprint. The decision tree classification algorithm of fingerprint equipment can detect the non trusted devices in the video dedicated network, and accompanied by the alarm. In a word, this project can effectively prevent the illegal intrusion and avoid the video dedicated network data leakage.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation on Elevator Maintenance System Based on the Technology of NFC and Cloud Computing

Jun FANG, Jianquan WANG, Lianyin WANG, Huifang WANG

2016, 16 (12): 74-80. doi: 10.3969/j.issn.1671-1122.2016.12.011

Abstract ( 563 )

HTML ( 1 )

PDF (6984KB) ( 94 )

This paper designs and implements an elevator maintenance system based on the technology of NFC and cloud computing. NFC tags are installed at the top of elevator shaft, pit and computer room respectively. Through mobile intelligent terminal, card swiping attendance, transmission maintenance record, back-stage management, data analysis and so on are realized. Meanwhile, by using mobile intelligent terminal, the remote centralized monitoring to maintenance cycle and work condition of the elevator maintenance operators are realized, and make sure that the maintenance statistics data is global shard in real time. This system realizes the real-time acquisition and uploads of maintenance record, and ensures the accuracy of data. This system also adopts the architecture of cloud computing and the customers, such as elevator maintenance enterprises, property department, safety supervision department and so on. They can directly to carry out the maintenance management work use the platform service. This mode can greatly reduce the investment in information construction and shorten the construction period and enhance the use efficiency.

Figures and Tables | References | Related Articles | Metrics

Application of the Unified Identity Authentication and User Management Platform in Electric Group Enterprise

Jing WANG

2016, 16 (12): 81-85. doi: 10.3969/j.issn.1671-1122.2016.12.012

Abstract ( 448 )

HTML ( 1 )

PDF (5225KB) ( 146 )

The network and information security in the electric power industry is the top priority of national network security. In order to further improve the level of comprehensive protection of information security in electric group enterprises and ensure the safe operation of enterprise information systems, in accordance with the model of unified design and two-level deployment, the group finished deployment and application of the unified identity authentication and user management platform. Through three years of construction and two years of application, platform can achieve the identification of the Group Information System user, the reliable authentication of application access and unified management of user information. As the foundation technology platform, the platform and many systems have realized the interface integration, solved the difficult problems such as emergency login and ERP security reinforcement, and formed a number of enterprise standards. Platform has become a key component of the integrated information security construction of the group, and the user experience continues to improve. In this way, Information system construction can meet the requirements of the identity authentication and data protection compliance that relevant laws and regulations stated and thus enhance the Group's information security management and control capabilities.

Figures and Tables | References | Related Articles | Metrics

Table of Content