Netinfo Security

An Efficient Data Integrity Verification Scheme for Cloud Storage

Jianhong ZHANG, Pengyan LI

2017, 17 (3): 1-5. doi: 10.3969/j.issn.1671-1122.2017.03.001

Abstract ( 514 )

HTML ( 4 )

PDF (1434KB) ( 376 )

As a kind of storage service that ownership is separated from administration authority, cloud storage facilitates user data management and access. However, in the cloud storage services, when the data are uploaded to the cloud, the data owners may lose the physical control of the data. How to ensure the integrity of the cloud data proposes an important challenge to the cloud storage. Existing data integrity verification schemes are based on the third-party verification, which gives the third-party too many authorities. If the third-party fails to verify the integrity of the data, and claims that the data are stored in cloud integrally, data owners will be deceived. In view of the above problems, this paper proposes a data integrity verification scheme for cloud storage based on the basic idea of bilinear mapping. The most important feature of the scheme is the ability to strengthen the control on the third party auditors which improves the ability of independent verification of data owners. At the same time, it can reduce the computation time of data owners.

Figures and Tables | References | Related Articles | Metrics

Image Information Hiding Method and Implementation for Social Network

Jinbo XIONG, Rong MA, Yuanyuan ZHANG, Ruiyu DAI

2017, 17 (3): 6-8. doi: 10.3969/j.issn.1671-1122.2017.03.002

Abstract ( 696 )

HTML ( 5 )

PDF (2064KB) ( 783 )

In order to solve the problem that the hidden image through transform processing will lose secret information before uploaded to social network, this paper proposes a novel scheme that hides secret information securely into images. In the scheme, firstly, JPEG images are decoded incompletely. Then, JSteg algorithm is improved based on discrete cosine transform and JSteg steganography technique, which secret information is embedded into decoding information. Finally, the recoded JPEG images are uploaded to social network. This paper designs and implements a prototype system that hides information into images by using the scheme. After the processing of the system, the image uploaded to social network can be downloaded, and the encoded secret information can be decoded through a specified decryption technique, so as to achieve the purpose of hiding secret information to the image.

Figures and Tables | References | Related Articles | Metrics

Research on a Framework Based on Virtual Cloud Network for Monitoring Safe Production

Hong MEN, Shunli YAO

2017, 17 (3): 14-20. doi: 10.3969/j.issn.1671-1122.2017.03.003

Abstract ( 666 )

HTML ( 2 )

PDF (3217KB) ( 366 )

Based on cloud computing and network, SaS(Security as a Service)has provided with a cloud security ability for network control. Smart security monitoring private network has to expand the scale of services for solving the fuse of network, safe security bound and the share of data. As cloud network with distributed, on demand, plug and play, and massive support and other advantages, it provides a good reference for the construction of smart security monitoring network architecture.According to the current construction of emergency rescue information safety, we first analyzes the trusted network, SDN security, block link and situation awareness. Then a new framework based on virtual cloud network for monitoring safe production is proposed. The model of service security cloud is defined. Grey tunnel and block chain are exploited to construct virtual private cloud to improve security.The simulations in OPNET verify that the new architecture can guarantee the successful attack detection rate of intelligent security monitoring network can be maintained at more than 90%, without depending on the learning of former attack features. Those can ensure the performance enhancement of data access and data transmission.

Figures and Tables | References | Related Articles | Metrics

An Improved Design of Homomorphic Encryption for Cloud Computing

Yongjian WANG, Jian ZHANG, Shaoyu CHENG, Xiaohui TIE

2017, 17 (3): 21-26. doi: 10.3969/j.issn.1671-1122.2017.03.004

Abstract ( 719 )

HTML ( 1 )

PDF (2200KB) ( 606 )

Cloud computing is a new information technology, which has developed rapidly in recent years.But the security problem of cloud computing is facing serious challenges, especially data in the state of storage and processingin the form of plaintext. Homomorphic encryptionis an ideal method to achieve data’sstorage and processing in the form of ciphertext.The study status of homomorphic encryption was analyzed in the paper. The currentstatus of the study on homomorphic encryption is not ideal, and there are still some limitations. In view of the deficiency of the traditional homomorphic encryption algorithm, an improved encryption scheme was proposed, whichwas achieved by using Chinese remainder theorem and drawing lessons fromElGamal algorithm and RSA algorithm. The correctness and homomorphism of the proposed scheme were verified by experimental test.

Figures and Tables | References | Related Articles | Metrics

Research on Insider Threat Detection Based on Role Behavior Pattern Mining

Dianwei LI, Mingliang HE, Fang YUAN

2017, 17 (3): 27-32. doi: 10.3969/j.issn.1671-1122.2017.03.005

Abstract ( 782 )

HTML ( 7 )

PDF (1527KB) ( 546 )

Aiming at the problem that the internal threat of information system is difficult be detected, this paper combined access control and data mining, design an internal threat detection model based on role behavior pattern mining. This paper proposes an internal threat warning method based on user roles code of conduct, behavior habit and actual operation behavior matching. Each operation personnel in information systems and operations management personnel have their own responsibility. Performance is the individual users in the system application have its own role, and each role has its own code of conduct and behavior. The method in this paper is to extract the user behavior habit and daily operation from the system log and the application software log by using the data mining technology according to the system specification, and achieves the internal threat warning by detecting the deviation degree from the actual behavior and user roles code of conduct and the behavior habit.

Figures and Tables | References | Related Articles | Metrics

Research on Comprehensive Forensic Analysis Based on Logs2intrusions and Web Log Explorer

Jing YANG, Xin ZHAO, Tianliang LU

2017, 17 (3): 33-38. doi: 10.3969/j.issn.1671-1122.2017.03.006

Abstract ( 584 )

HTML ( 5 )

PDF (5749KB) ( 328 )

With the rapid development of Internet applications, the security threat is becoming more and more serious, especially network intrusion attacks. At present, it is necessary for intrusion detection to analyze the log data. The website log file is a file that records various original information, such as web server receiving processing requests and run-time errors, but the effect of analyzing log data remains to be further improvement. This paper analyzed the characteristics of four log analysis tools,Logs2intrusions, Web Log Explorer, Light Year SEO Log Analysis System, Backfire Website Analyzer, and proposed the comprehensive forensic analysis technique based on the advantage of these tools. The technique, which have a certain value in combating cybercrime and maintaining network space security, achieve the rapid analysis of the log data from the large quantities of intrusion attacks, and improve the recognition accuracy of network intrusion attack.

Figures and Tables | References | Related Articles | Metrics

Design and Implementation of Secure Deduplication System for Ciphertext Data Based on Aliyun

Jianye SONG, Nuan HE, Yiming ZHU, Anmin FU

2017, 17 (3): 39-45. doi: 10.3969/j.issn.1671-1122.2017.03.007

Abstract ( 815 )

HTML ( 9 )

PDF (1440KB) ( 381 )

With the wide use of cloud computing service, more and more data is stored in the cloud server. To solve the problems faced by enciphered data in cloud storage system, such as detection and PoW (proofs of ownership) of duplicated ciphertext, etc, we complete a secure deduplication system for ciphertext data based on aliyun by using convergent encryption and Bloom Filter algorithm. First of all, we utilize convergent encryption method to generate a file encryption key, which implements the key shared between different users and is advantageous to cross-user ciphertext deduplication. Secondly, the proof of ownership for files is realized by Bloom filter so as to prevent the attackers with a single file hash value to obtain files efficiently. Finally, based on current cloud platform provided by aliyun, we realize the secure deduplication system and guarantee the safety of data deduplication. In addition, the results of experiments and performance analysis have proved that the scheme is efficient and feasible.

Figures and Tables | References | Related Articles | Metrics

Research on the Algorithm of Short Text Representation Based on Graph Structure

Hao REN, Senlin LUO, Limin PAN, Junfeng GAO

2017, 17 (3): 46-52. doi: 10.3969/j.issn.1671-1122.2017.03.008

Abstract ( 677 )

HTML ( 1 )

PDF (1459KB) ( 602 )

This paper proposes a text representation method based on graph structure, the fusion topic model LDA and denoising automatic coder in deep learning, which is based on the vector space model to solve the problem of text representation for each word in isolation. Based on the information of the bag model, this paper constructs a two-dimensional matrix of uniform dimension by using the information of words and words. By using the LDA’s topic and the probability relation of the words, the main information in the original matrix is trained. Training denoising autoencoder machine model to obtain the final text representation. Based on the 20 categories of newsgroups that publicize the data source 20Newsgroup, the results of the text representations are verified using a categorical approach. The results show that this method is superior to other methods of text representation in 1-NN and SVM classification methods. Therefore, the introduction of information between words and words can enrich the meaning of the sentence, enhance the understanding of the deep meaning of the text content, and effectively improve the application effect of the text classification.

Figures and Tables | References | Related Articles | Metrics

Research on Certificateless Group Signature Scheme Based on Bilinear Pairings

Yameng CHEN, Xiangguo CHENG, Shuo WANG, Ming GAO

2017, 17 (3): 53-58. doi: 10.3969/j.issn.1671-1122.2017.03.009

Abstract ( 627 )

HTML ( 3 )

PDF (1469KB) ( 354 )

Certificateless cryptography not only solves the certificate management problem in the traditional public key cryptography, but also overcomes the key escrow problem in identity-based cryptography. On the basis of the certificateless cryptography, domestic and foreign researchers propose many signature schemes with special properties, such as group signature, multi-signatures, ring signature, blind signature and so on. A group signature scheme allows a group member to sign messages anonymously on behalf of the group, which meets the security requirements of anonymity, nonforgery, traceability, etc. On the basis of the certificateless public key cryptography and group signature, by introducing the concept of bilinear pairings and the DH,CDH and DDH difficult problems based on bilinear pairings, combining the advantages of the threshold signature and multi-signatures, this paper proposes a certificateless group signature scheme based on bilinear pairings. This scheme has the advantages of certificateless public key cryptography, meets the security requirements of group signature, and can easily achieve the accession and revocation of group members, which tracking group members is also more simple. Compared with the existing certificateless group signature schemes, this scheme need less bilinear pairings calculation number and the computational efficiency is higher.

Figures and Tables | References | Related Articles | Metrics

Research on the Method of Network Protocol Security Evaluation Based on Fuzzing Test

Jian QI, Xiaoming CHEN, Weiqing YOU

2017, 17 (3): 59-65. doi: 10.3969/j.issn.1671-1122.2017.03.010

Abstract ( 610 )

HTML ( 9 )

PDF (2029KB) ( 503 )

Security vulnerability is the lifeline of the study of security issues, and it is the core issue of network and information security. Security vulnerabilities caused by information leakage, loss of money and other issues become more serious. How to find loopholes, repair vulnerabilities, strengthen defense and other issues becomes a hot area of security research. This paper uses network vulnerability scanning device to scanning the network protocol, and then reverse analysis of the abnormal situation to find the vulnerability. This paper proposes a security evaluation mechanism to assess the safety of network protocol. Finally, this paper gets the score of security protocol. Through the study of this paper, the safety factor of safety hidden danger can be reflected by the total safety factor, and the accurate evaluation of the real security performance of the network equipment can be realized. According to the total safety factor of the network equipment, the equipment safety is divided into high, medium and low. Through the security level of the equipment used in different network environment, it can greatly reduce the occurrence of network security incidents. It has great significance to protect the network security.

Figures and Tables | References | Related Articles | Metrics

URL Classification Method Based on AdaBoost and Bayes Algorithm

Tengfei ZHANG, Qian ZHANG, Jiayong LIU

2017, 17 (3): 66-71. doi: 10.3969/j.issn.1671-1122.2017.03.011

Abstract ( 704 )

HTML ( 6 )

PDF (2135KB) ( 281 )

In order to realize the analysis of the behavior of the data stream from the HTTP protocol, the user needs to identify the URL. In this paper, a new method based on rule filtering and machine learning algorithm is proposed to quickly identify users to access URL. Firstly, the analytical data packets according to the URL suffix filtered load resources packet. Secondly, according to the unique browser user agent field and in the browser access identifying characteristic of the web browser user agent. Finally, the AdaBoost and Bayes algorithm to train a good sub category recognition user access URL based on. Experimental results show that the method can efficiently and accurately identify the user access URL in the local area network data stream.

Figures and Tables | References | Related Articles | Metrics

Research on an Authentication Strategy for Data Security in Cloud Computing

Jiebin GUO, Yunfa LI, Dajun ZHANG

2017, 17 (3): 72-77. doi: 10.3969/j.issn.1671-1122.2017.03.012

Abstract ( 730 )

HTML ( 7 )

PDF (1233KB) ( 931 )

With the rapid development of virtualization technology, cloud computing begin to be widely used in data processing, data analysis. Data are usually stored to cloud server by more and more users. Thus, it becomes a challenge problem that how to protect the security of data in cloud computing. In order to solve this problem, we propose an authentication strategy for data security in cloud computing based on the attributes of user. We first put forward a kind of identity authentication methods for registered users. Then, we propose an authentication method for local agent server in view of the unregistered users. We build an encryption agent server and improve HE-RSA encryption algorithm. All these constitute the identity authentication strategy for data security. In order to show the effectiveness of the identity authentication strategy, the security, the scalability and the efficiency of this strategy are analyzed. The results show the strategy can ensure the security of data resources and has good scalability and efficiency in cloud computing.

Figures and Tables | References | Related Articles | Metrics

Table of Content