Netinfo Security

A Verifiable Ciphertext Retrieval Scheme Based on Merkle Hash Tree

Lanxiang CHEN, Linbing QIU

2017, 17 (4): 1-8. doi: 10.3969/j.issn.1671-1122.2017.04.001

Abstract ( 610 )

HTML ( 14 )

PDF (2489KB) ( 357 )

In the model of the semi-honest and curious server, in order to achieve the purpose of fast retrieval of ciphertext and verification of server behaviors by constructing the secure inverted index and the authentication data structure, this paper proposes a verifiable ciphertext retrieval scheme based on Merkle Hash tree. The scheme uses the Lucene search engine toolkit to improve the traditional plaintext index structure to get the secure inverted index which is suitable for the ciphertext retrieval, which ensures the efficiency and security of retrieval. In addition, this paper implements the verification of the completeness and correctness of the retrieval results based on Merkle Hash tree structure. Experimental analysis shows that this scheme not only satisfies the user's efficient retrieval requirement on outsourced private data and data security requirement, but also can accurately and efficiently verify the illegal acts of tampering, deletion, forgery and others that exist on cloud server.

Figures and Tables | References | Related Articles | Metrics

Centralized and Unified Trusted Computing Platform Management Model and Its Application

Qiang HUANG, Gaojian WANG, Wenzhi MI, Lunwei WANG

2017, 17 (4): 9-14. doi: 10.3969/j.issn.1671-1122.2017.04.002

Abstract ( 526 )

HTML ( 2 )

PDF (1606KB) ( 425 )

Trusted computing technology extend the capacity of IT security management. The traditional security management models or trust management models are not fit for trusted computing platforms. A centralized and unified trusted computing platform management model called CUTM based on the integrity verifying ability of trusted computing technology is proposed to meet the security requirements of high security level information systems. It has the advantages of separated management roles and unified integrity policy. So it can support various kinds of trusted computing hardware devices and platforms. Its essential contents and relationships with other legacy security management systems are analyzed in this thesis. At last, this model is compared with TCG-defined management model.

Figures and Tables | References | Related Articles | Metrics

Research on Automatic Building Approach of Windows Shellcode

Shuai ZHU, Senlin LUO, Dongxiang KE

2017, 17 (4): 15-25. doi: 10.3969/j.issn.1671-1122.2017.04.003

Abstract ( 612 )

HTML ( 5 )

PDF (1484KB) ( 849 )

With the rapid development of computer technology, the scale and complexity of software is increasing, which also brought great security risk at the same time. shellcode is the key component in the process of the vulnerability exploitation. Its quality directly affects the effect of the exploit. But existing techniques have many downsides, such as less automation, usability and compatibility problems. In this paper, an automatic building approach of Windows shellcode has been proposed, which can provide programming interface & environment, and can let the programmers write shellcode with C language. In order to build the Windows shellcode of x86/x64 platform automatically, it also includes the compilation, building, extracting, testing, encoding and optimization steps. Based on the approach, this paper implements the prototype system of shellcode building automatically and makes some experiments. The result shows that the system performs well in compatibility, reliability and automatic performance. The system can be applied to shellcode building easily.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation of TLS Browser Supporting Commercial Cryptographic Algorithm

Chuan XIANG, Wuqiong PAN, Huorong LI, Jingqiang LIN

2017, 17 (4): 26-33. doi: 10.3969/j.issn.1671-1122.2017.04.004

Abstract ( 1240 )

HTML ( 23 )

PDF (1892KB) ( 678 )

We implement a TLS browser which support commercial cryptographic algorithms on Windows platform. A CCA (commercial cryptographic algorithms) library is developed using Windows system interface CryptoAPI: Next Generation. Due to the CCA library, Windows 10 can support the commercial cryptographic algorithms and certificate. Secondly. Using the CCA library and the TLS 1.2 protocol which is modified to add the support of the commercial cryptographic algorithms, the open source browser Chromium is modified to support the commercial cryptographic algorithms. The experiment results show that the implemented TLS browser not only support the HTTPS access based on the commercial cryptographic algorithms, support digital certificates based on commercial cryptographic algorithm, keep similar performance with international cryptographic algorithms, but also keep all the original browser owned features.

Figures and Tables | References | Related Articles | Metrics

A Contract Signing Protocol Based on the Convertible Undeniable Signature

Shanjun YANG, Changjin JIANG

2017, 17 (4): 34-39. doi: 10.3969/j.issn.1671-1122.2017.04.005

Abstract ( 489 )

HTML ( 2 )

PDF (1011KB) ( 116 )

A fair contract signing protocol allows two potentially mistrusted parties to exchange their digital signatures over the Internet in a fair way, so that after the execution of the protocol, either each of them can get the effective signature of the other’s signature or neither party does. Most of the traditional fair electronic contract signing protocols introduce the trusted third party, and these protocols rely on the reliability of third parties to ensure the fairness, however one of the shortcomings of this type of protocol is that if the third party is dishonest and collusion with one of the parties concerned with the protocol, it will be unfair to the other party. In order to reduce the reliance on trusted third parties, this paper designs a new fair electronic contract signing protocol by using the convertible non-repudiation signature algorithm and the public verifiable secret sharing principle. The protocol not only satisfies the property of abuse-freeness, but also reduces the requirement of trustworthiness to the offline third party by introducing the distributed semi-trusted third party, which makes the contract signing protocol have better fairness.

References | Related Articles | Metrics

Research on Key-insulated Group Signature Scheme

Shuo WANG, Xiangguo CHENG, Yameng CHEN, Yue WANG

2017, 17 (4): 40-45. doi: 10.3969/j.issn.1671-1122.2017.04.006

Abstract ( 443 )

HTML ( 2 )

PDF (1193KB) ( 156 )

In the cryptographic system, the security of the key determines the security of the whole system. In order to reduce the loss of key disclosure in group signature, this paper proposes a key-isolated group signature scheme by combining the technology of key isolation with group signature. The scheme not only satisfies the security properties of group signature, such as anonymity and traceability, but also greatly reduces the harm caused by key disclosure. Key isolation technology makes the key disclosure on the current time period does not affect the signature before and after the current time period, and supports parallel message updating. The key disclosure of a single helper does not harm the initial key of the helper, thus ensuring the security of the signature. The Scheme is based on the CDH difficult problem, and the security can be proved under the random oracle model.

Figures and Tables | References | Related Articles | Metrics

Research on Quantization Method of Reducing Bit Disagreement Rate in Secret Key Extraction

Shunan SONG, Zhen YANG

2017, 17 (4): 46-52. doi: 10.3969/j.issn.1671-1122.2017.04.007

Abstract ( 598 )

HTML ( 4 )

PDF (1305KB) ( 211 )

In the existing PHY key extraction method based on wireless radio channel characteristics, the measurements which near to a threshold are likely to be quantized to the sides of the threshold in high probability at two legitimate nodes, resulting in bit disagreement in generated secret key. In order to solve this problem, this paper proposes an adaptive channel quantization with guard-band (ACQG) method, which can reduce the bit disagreement rate in generated secret key by adaptively modifying the measurements which located in the guard-band. In order to further improve the bit agreement in generated key, this paper proposes a modified adaptive channel quantization (MACQ) method based on ACQG. Simulation results show that, compared with the traditional key extraction algorithm, the proposed methods can improve the rate of key extraction and bit agreement in generated key effectively.

Figures and Tables | References | Related Articles | Metrics

Research on a Kind of Anti-quantum Computing Public Key Cryptosystem

Weiqing YOU, Xiaoming CHEN, Jian QI

2017, 17 (4): 53-60. doi: 10.3969/j.issn.1671-1122.2017.04.008

Abstract ( 785 )

HTML ( 1 )

PDF (1388KB) ( 547 )

Cryptography is the core technology of information security. Password system security depends on the key, and manage key is a big problem. The key agreement technology can be used to achieve the task of key distribution, and to ensure the safety of users to establish a shared key. At present, the security design of the key agreement technology is mostly based on the discrete logarithm problem in a finite field. The problem has a mature attack method on the quantum computer. Before the quantum computer is successfully developed, it needs to explore the key that can resist the quantum attack exchange technology. The weakness of the classical public key cryptosystem is becoming more and more prominent in the face of the rapid development of quantum technology. This paper analyzes the security of RSA algorithm, and introduces the method and principle of typical quantum algorithm to attack the classical public key cryptography algorithm. At the same time, this paper summarizes the characteristics of mature quantum computing attack, and points out the necessity of finding the resistance to quantum attack and the requirement of the public key cryptography to resist the quantum attack. This paper proposes a more random and an improved key exchange protocol algorithm. At last, this paper analyses the advantages of the algorithm from design security and implementation efficiency.

Figures and Tables | References | Related Articles | Metrics

A Mission-oriented Fault Location Model in Cyberspace

Youjun WANG, Hongqi ZHANG, Jin WANG, Ning WANG

2017, 17 (4): 61-70. doi: 10.3969/j.issn.1671-1122.2017.04.009

Abstract ( 454 )

HTML ( 1 )

PDF (1642KB) ( 226 )

Due to the fact that existing resource-oriented fault location methods were not suitable in cyberspace, where resources and missions were coupled tightly, a mission-oriented fault location model was presented. Firstly, with the application of hypergraph theory, a mission-resource model was built to portray complex relationships between resources and missions. This model establishedthe foundation for the further study of fault location problem in cyberspace. Furthermore, according to the logic of the propagation of fault in cyberspace, a function describing the effect of resource fault on mission performance was derived. Then we proposeda segment location algorithm to locate task faults based on mission faults; and then proposed an iteration method and a collaboration method to locate resource faults based on task faults. Based on these, we constructed the mission-oriented fault location model in cyberspace. Finally, we verify the effectiveness of the presented model through analyzing atypical fault location case in the military field.

Figures and Tables | References | Related Articles | Metrics

An Anti-interference Browser Fingerprinting Generation Algorithm Based on Implicitly Acquiring Features

Nianhua KANG, Mingzhi CHEN, Yingyan FENG, Chuanbao LIU

2017, 17 (4): 71-77. doi: 10.3969/j.issn.1671-1122.2017.04.010

Abstract ( 586 )

HTML ( 1 )

PDF (1658KB) ( 249 )

The browser fingerprinting technique builds a unique browser fingerprinting through the combination of user User-Agent, browser version, plug-ins list, OS and other features. This technique is commonly employed to user tracking, authentication and other aspects. However, with the deepening of the research, the method of interfering with the browser fingerprinting generation has been proposed. The fingerprinting interference tool can affect the generation of the fingerprinting by forging the information and limiting the functions. To solve these problems, this paper proposes an anti-interference browser fingerprinting generation algorithm based on implicitly acquiring features. Firstly, the features are collected to construct the database of fingerprinting features. Then, the obtained features are encrypted by SHA 1 algorithm. Finally, the encrypted features are encoded by base 64 method to generate the fingerprinting. Even in the case of using interference tools, the generated fingerprinting result will not be affected. Experimental result shows that the algorithm is effective and accurate.

Figures and Tables | References | Related Articles | Metrics

Research on Aggregation Technology for Information Security Knowledge Based on Security Ontology

Zhong LIANG, Jiakun ZHOU, Han ZHU, Bo CHEN

2017, 17 (4): 78-85. doi: 10.3969/j.issn.1671-1122.2017.04.011

Abstract ( 571 )

HTML ( 1 )

PDF (2633KB) ( 210 )

In order to make the focused crawler comprehensive and accurately access to information security knowledge required by education in the construction of information security educating resources, this paper proposes a knowledge aggregation framework for information security. It established information security ontology to provide highly specialized precise delimiting description to the field of focused crawler. The depth-first traversal method guided by the maximum correlation and the correlation analysis in the semantic layer of crawled web page can improve the accuracy of the crawling information by the focused crawler. Using the mixed crawling strategy combining the breadth-first search strategy with the calculation to the connecting degree can improve the effectiveness of the crawling information by the focused crawler. The experiment comparing with focused crawler based on the description of keywords verifies the effectiveness of the proposed method.

Figures and Tables | References | Related Articles | Metrics

Information Security Risk Assessment Mechanism Research Based on Power System

Zhiqiang LIANG, Dansheng LIN

2017, 17 (4): 86-90. doi: 10.3969/j.issn.1671-1122.2017.04.012

Abstract ( 685 )

HTML ( 3 )

PDF (1376KB) ( 273 )

This paper is dedicated to design a brand new information security risk assessment model, aka AF-RA model, based on AHP analysis algorithm utilized in risk assessment system and methods from fussy mathematics under the specific application condition of electricity power system, to address the problems of relatively low accuracy, low efficiency and inadequate optimization of information risk assessment mechanism in classical electricity power system. This model will be explained and analyzed in depth in this paper. In this model, the probability of the system vulnerabilities being exploited is estimated through a hierarchical structure of vulnerabilities assessment subsystem, and then a threatening level mark is given from the expertise. The security value of primal points is calculated according to risk level of the asset, threatening and vulnerability and the overall risk of the subject under assessment can be concluded based on this calculation result and synthesized risk parameters. At the output side of this model, security measures to eliminate the vulnerability of correlated systems can be arranged according to the security risk level concluded and the measures is prioritized by the significance of the total data information and core asset security, in accordance of the specific characteristics of electricity power system security.

Figures and Tables | References | Related Articles | Metrics

Table of Content