Netinfo Security

Security Survey of Internet of Things Driven by Block Chain Technology

Kuo ZHAO, Yongheng XING

2017, 17 (5): 1-6. doi: 10.3969/j.issn.1671-1122.2017.05.001

Abstract ( 1203 )

HTML ( 35 )

PDF (1332KB) ( 3539 )

Nowadays, after the Internet, Internet of Things brings great changes to people’s production and life as a new direction of the third industrial revolution and the future internet technology. The development and application of Internet of Things has achieved remarkable results in recent years. A large number of sensors are connected to the machines and are combined with the Internet, which achieves intelligent management and operation. At the same time, the security and privacy problem in the Internet of Things environment is still the one of the threats to the Internet of Things technology. Because of the topology of the Internet of Things as well as the constraint of resources, the traditional security technologies are not entirely applicable to the Internet of Things. As the basic technology of bitcoin, block chain technology has the characteristics of decentralization, detrust, data encryption and so on. It is suitable for building a distributed system. This paper analyzes the characteristics of block chain technology to solve the security problems in the application of Internet of Things, and discusses the security problems of the combination of block chain and Internet of Things.

Figures and Tables | References | Related Articles | Metrics

The Application of a Kind of Reversible Matrix in Secure Communication

Xiaoming CHEN, Weiqing YOU, Wenxi LI, Hao JIANG

2017, 17 (5): 7-7. doi: 10.3969/j.issn.1671-1122.2017.05.002

Abstract ( 702 )

HTML ( 9 )

PDF (1323KB) ( 1428 )

The cyclic matrix is generated by its first row of elements, and then each row is shifted by the first row. Therefore, the cyclic matrix can not only maximize the utilization of the hardware circuit, but also save the storage space and have high computational efficiency. Constructing a reversible cyclic matrix conforming to the requirements of secure communication systems is a problem worthy of study. This paper corrects the erroneous application of the reversible matrix in secure communication in some documents, and gives the correct application examples and standards. Firstly, a necessary and sufficient condition for constructing the reversible cyclic matrix is obtained by studying the relation between the van Vandermonde Matrix and the cyclic matrix. Secondly, according to the finite field G(2⁸) characteristics, the necessary and sufficient conditions for constructing the reversible cyclic matrix on the real field are extended to the finite field, and a fast generation algorithm of the reversible cyclic matrix is proposed. Finally, a sufficient condition for constructing the cyclic matrix with optimal diffusion performance is proposed.

Figures and Tables | References | Related Articles | Metrics

Automatic Exploitation of Integer Overflow Vulnerabilities in Binary Programs

Jianshan PENG, Qi XI, Qingxian WANG

2017, 17 (5): 14-21. doi: 10.3969/j.issn.1671-1122.2017.05.003

Abstract ( 584 )

HTML ( 4 )

PDF (1283KB) ( 1306 )

Integer overflow vulnerabilities have become the second largest threat to software security. The existing tools for mining integer overflow vulnerability do not support automatic exploitation. Neither do the automatic exploitation tools support integer overflow vulnerability. To fill the gaps we proposes an automatic exploitation method of integer overflow vulnerabilities in binary programs. Aiming at the valuable IO2BO vulnerability of integer overflow, firstly trying to avoid crashing in the process of buffer overflow, which would make hijacking control-flow fail. Secondly building suspicious taint set to reduce the scope of taints. Thirdly collecting the loops condition of reading and writing memory by taint analysis and symbolic execution. Lastly overwriting the critical data in the stack and heap by controlling the number of loops and generating new samples for testing by solving constraint. The proposed method can transform the automatic exploitation of IO2BO vulnerability into that of traditional buffer overflow vulnerability. The test results show that this method work well for the typical IO2BO vulnerabilities and could generate new samples for hijacking the control-flow of testing programs.

Figures and Tables | References | Related Articles | Metrics

Ultra-lightweight Security Authentication Protocol for Mobile RFID Systems Based on Mobile Smart Terminal

Yulong YANG, Changgen PENG, Shaobo ZHENG, Yijie ZHU

2017, 17 (5): 22-27. doi: 10.3969/j.issn.1671-1122.2017.05.004

Abstract ( 589 )

HTML ( 1 )

PDF (1246KB) ( 341 )

This paper compares and analyzes the differences between the traditional RFID system and the mobile RFID system in structure, and points out that traditional RFID authentication protocols are usually difficult to adapt to mobile RFID systems. In order to solve the problem, this paper proposes an ultra-lightweight security authentication protocol based on the mobile smart terminal for mobile RFID systems. The protocol is designed by only using bit logic operation, pseudo random number, one-way Hash function and so on. The security analysis shows that the protocol can effectively resist the existed various attacks such as tag anonymity, tag location privacy, forward security, replay attack. Compared with the existing ultra-lightweight RFID authentication protocol and mobile RFID authentication protocol with similar structures, the protocol has better scalability, security and performance.

Figures and Tables | References | Related Articles | Metrics

A Survey of Open Source Software for Big Data Governance and Security

Wenjie WANG, Baiqing HU, Chi LIU

2017, 17 (5): 28-36. doi: 10.3969/j.issn.1671-1122.2017.05.005

Abstract ( 894 )

HTML ( 23 )

PDF (1180KB) ( 598 )

With the development of Internet technology, the amount of data increase exponentially. This data is no longer easily to be controlled by the owner which is different from the traditional technology. Therefore, big data security and privacy has become a hot issue. Big data security and governance is one of the most popular research fields to solve the data security and data privacy. This paper introduces the basic concepts of data security and governance first, and then talks about open source framework, including Apache Falcon, Apache Atlas, Apache Ranger, Apache Sentry and Kerberos. Apache Falcon and Apache Atlas can perform data lifecycle management, including data collection, data processing, data backup and data cleansing, for big data platforms, as well as for fine scheduling of components of big data platforms. Apache Ranger and Apache Sentry can fine grained authorization to do a specific action or operation and provide a central audit server. Kerberos is mainly used for big data platform for the authority of the framework of certification, and maintain security of the big data platform.

Figures and Tables | References | Related Articles | Metrics

Review of Network High Flow Distributed Denial of Service Attack and Defense Mechanisms

Heng LI, Huawei SHEN, Xueqi CHENG, Yong ZHAI

2017, 17 (5): 37-43. doi: 10.3969/j.issn.1671-1122.2017.05.006

Abstract ( 764 )

HTML ( 16 )

PDF (1122KB) ( 1474 )

Distributed Denial of Service (DDoS) attack is one of the extremely familiar network attack methods. In the condition of high flow capacity, DDoS causes network congestion by means of manufacturing useless data, finally leading to resource exhausting and normal service interrupt. No effective defense for now is against the high flow capacity DDoS. Based on preliminary study and literature researches, this thesis summarizes and analyses the domestic and international research progress of network high flow DDoS defense mechanisms, emphasis on attacks detection and defense principle and attack test, makes a summary of features and disadvantages of different detection and defense mechanisms, in order to establish the comprehensive and effective network high flow DDoS defense mechanisms.

Figures and Tables | References | Related Articles | Metrics

Research on a User Data Security Protection Strategy Based on STDM Technology

Xiangrong CHEN, Ding CHENG, Pengyu QIN, Cheng CHENG

2017, 17 (5): 44-50. doi: 10.3969/j.issn.1671-1122.2017.05.007

Abstract ( 598 )

HTML ( 2 )

PDF (1334KB) ( 462 )

Based on the research of spread transform dither modulation algorithm, this paper proposes a security solution based on image encryption. In the process of data encryption, the client first user name embedded in them, and the software of fingerprint and user MD5 password encryption password to get the ciphertext. Then, the client controls the ciphertext to be embedded into the image by the local random seed generation control flow. When the server receives the picture sent by the client, the server name is extracted first. Similarly, the server extracts the password ciphertext through the random number control flow, with the corresponding user password ciphertext verification. If the authentication is successful, a new random seed is generated and sent to the client. To test the method, a prototype verification system was developed and the ideal results were obtained. The results show that the image encryption scheme can be used to protect the data security of the site or the client. At the same time, it can also meet the requirements of user’s convenience.

Figures and Tables | References | Related Articles | Metrics

Research on Privacy Attack Based on Location Cheating in Social Network

Qing LI, A-yong YE, Li XU

2017, 17 (5): 51-56. doi: 10.3969/j.issn.1671-1122.2017.05.008

Abstract ( 603 )

HTML ( 5 )

PDF (1137KB) ( 386 )

Location-based social network service (LBSNS) is widely considered to be the important trend of social networking services in the future. LBSNS combines the information sharing with location, which greatly enriches the people’s mobile social contents. However, because the location information is associated with the objective world, location sharing in LBSNS may disclose the identity information of the user. For the hidden danger, this paper proposes a privacy attack based on location cheating. The attack firstly adopts the Aircrack-ng and MDK3 tools to forge the AP, which deceives the target user’s location to a specified location. Then, the identity information of the target user is obtained by using the particularity of the specified location and the characteristic of information sharing in social network. The paper analyzes the principle and implementation steps of the privacy attack, and validates the attack in some mainstream social network applications. Validation shows that the attack can get the digital identity information of the user, which leads to disclosure of user privacy.

Figures and Tables | References | Related Articles | Metrics

Design and Application of General Framework for Side Channel Attack

Qing WANG, Chenyang TU, shenjiahui@iie.ac.cn

2017, 17 (5): 57-62. doi: 10.3969/j.issn.1671-1122.2017.05.009

Abstract ( 851 )

HTML ( 19 )

PDF (1030KB) ( 2606 )

At present, many cryptographic algorithms and cryptographic devices add the process of evaluating the risk of side channel when being designed. Side channel attack object is divided into two categories: unprotected cipher algorithm / module and protected cipher algorithm / module. If the attacks are designed separately for each attack object, it is time-consuming and laborious. Therefore, this paper proposes a new generalized analysis framework which can be applied to the vast majority of side channel attacks. Actual side channel attacks would be divided into three steps, the progressive side channel logic vulnerability assessment, side channel information collection, and side channel analysis optimization, in this paper, we detail the realization method of each step. Then, this framework covers all attacking processes and can be applied on the software which is protected by improved low entropy mask and out-of-order instructions. The experiment results verify the rationality and validity of the framework which adapts to most side channel attacks.

Figures and Tables | References | Related Articles | Metrics

Application Verification Research of Cloud Computing Technology in the Field of Real Time Aerospace Experiment

Junwei WAN, Hongyan CHEN, Jing ZHAO

2017, 17 (5): 63-68. doi: 10.3969/j.issn.1671-1122.2017.05.010

Abstract ( 593 )

HTML ( 3 )

PDF (1779KB) ( 206 )

Cloud computing is a new service model, which has the advantages of low cost, high resource utilization, high flexibility, easy expansion, high reliability and so on, It provides an opportunity for the information system in the field of aerospace test, which is based on the extension of the system architecture, the sharing of system resources, the generation of task ability, and the optimization of operation mode. But at present, cloud computing technology has not been applied and verified in the field of aerospace test. According to the requirements of real-time, reliability and security, the single center cloud computing technology application verification platform is built in this paper, At the IaaS level, the feasibility of the application of cloud computing technology in the field of aerospace test tasks is tested and verified. Based on the analysis of the test results, a preliminary conclusion is obtained: Cloud computing platform can be applied to the space test mission computing intensive business, for I/O intensive business, it is recommended to use the traditional physical machine.

Figures and Tables | References | Related Articles | Metrics

Research on Information Systems Security Risk Assessment Based on Fuzzy Theory of Evidence

Xiaoning DONG, Huarong ZHAO, Dianwei LI, Jiasheng WANG

2017, 17 (5): 69-73. doi: 10.3969/j.issn.1671-1122.2017.05.011

Abstract ( 687 )

HTML ( 4 )

PDF (1221KB) ( 561 )

Considering that there are many uncertainty factors in the process of information systems security risk assessment, such as lack of evaluation data, incomplete knowledge and system modeling, inadequate risk identification, method based on fuzzy theory of evidence was presented. Concepts of related risk assessment were introduced firstly, and calculation model for the information systems risk assessment was established after that. And then fuzzy sets were introduced into theory of evidence. The basic probability assignments which are core to theory of evidence were constructed using the membership function of fuzzy sets. When the fuzzy relations between risk indexes set and evaluation standard, the problem that the basic probability assignments were difficult to determine was solved. Moreover, the result is more reasonable. An illustration example dedicates that the method was feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.

Figures and Tables | References | Related Articles | Metrics

Security Optimized RBAC Access Control Model

Chunhua GU, Yuan GAO, Xiuxia TIAN

2017, 17 (5): 74-79. doi: 10.3969/j.issn.1671-1122.2017.05.012

Abstract ( 589 )

HTML ( 1 )

PDF (1077KB) ( 205 )

Role-Based Access Control(RBAC) have been adopted bythe electric power information system rely on its reliable security and flexibility of authorization. But due to the popularization and expansion of Intelligent acquisition equipment and the electrical powersystem, combined with the stricter security requirement of electrical informationsystem, the security issues exposed when the traditional RBAC model be applied to the electric power information system. This paper put forward a kind of safety optimized RBAC model. In this model, we import the concept of SG(Supervise Group) and the machine-made of the supervision of sensitive permission to expand the traditional RBAC in safety field. In this paper,the generating algorithm of SG and the pseudo code, flow chart of the optimized model is also be given.An example is given to show that the proposed algorithm can effectively supervise the sensitive permission and enhance the security of the electric power information system while satis-fying the function of it.

Figures and Tables | References | Related Articles | Metrics

Table of Content