Netinfo Security

Digital Footprint Trajectory Privacy Protection Method Based on Geometric Transformation

ZOU Jiancheng, XU Shuqing

2017, 17 (6): 1-5. doi: 10.3969/j.issn.1671-1122.2017.06.001

Abstract ( 408 )

HTML ( 1 )

PDF (1463KB) ( 276 )

With the rapid development of information technology, people leave digital footprints in different forms in cyberspace. Digital footprints can reveal personal and group behaviors and hobbies, which brings privacy issues while brings conveniences to people to communicate with each other, causing wide public concerns. Aiming at the moving trajectory of user in digital footprint, this paper proposes a trajectory privacy protection method based on geometric transformation in digital footprint. In this method, the central anonymous server generates false tracks that satisfy the user's requirements by rotating and translating the real trajectory, thereby reducing the probability that the real trajectory is recognized. The simulation experiments show that, when the user's demand for privacy protection is high, the false trajectory similarity that the method generates is higher than the random pattern generation method and the rotation pattern generation method, and the generation efficiency is also high.

References | Related Articles | Metrics

Outsourcing Encryption and Decryption CP-ABE Scheme with Revocation Storage in Cloud Computing

QING Yong, SUN Wei, XIONG Hu, ZHAO Yang

2017, 17 (6): 6-8. doi: 10.3969/j.issn.1671-1122.2017.06.002

Abstract ( 507 )

HTML ( 3 )

PDF (1555KB) ( 841 )

Taking into account the user’s need for data privacy and the untrustworthiness of cloud servers, the use of attribute-based cryptography(ABE) to build cloud-oriented security data sharing program is widely studied. When a user is revoked, the existing standard ABE mechanism can’t ensure that the revoked user can’t continue to access the massive ciphertext data in the cloud server. Aiming at the above problems, this paper proposes a ciphertext strategy attribute encryption scheme(SR-CP-ABE) which can support the reusable storage of encryption and decryption by combining the idea of ciphertext update and key update. The program ensures that the user can’t access the ciphertext by periodically updating the ciphertext stored in the cloud server. At the same time, this program through the combination of the idea of key split, encryption and decryption process in the complex computing outsourcing to the untrusted cloud server to reduce the user’s encryption and decryption calculation. The experimental results show that the proposed scheme is efficient and feasible.

References | Related Articles | Metrics

Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment

YAN Xixi, YE Qing, LIU Yu

2017, 17 (6): 14-21. doi: 10.3969/j.issn.1671-1122.2017.06.003

Abstract ( 570 )

HTML ( 2 )

PDF (1763KB) ( 493 )

In order to support fine-grained attribute revocation and privacy preserving in data outsourcing systems, an efficient privacy preserving attribute-based encryption scheme with user revocation is proposed. In the scheme, the attribute will be divided into two parts: attribute name and attribute value. Encryptor-specified access structures is partially hidden, so the value of user’s attributes will never be revealed to any third parties, and the user’s privacy will be effectively preserved. Meanwhile, a token system is used to create key encryption key which can address the challenging issue of efficient attribute revocation. The new scheme achieved fine-grained and immediate attribute revocation which is more suitable for the practical applications. In addition, the scheme is proved to be adaptively chosen plaintext attack secure in the standard model, and it can withstand conspiracy attack. Compared to the existing related schemes, computational cost and storage cost is reduced, and it is more suitable for the practical applications in which user attributes is much less than the total of system attributes.

References | Related Articles | Metrics

A Task-based Access Control Model of Peer-to-Peer Network Based on Admission Degree

LIU Hao, CHEN Zhigang, ZHANG Lianming

2017, 17 (6): 22-29. doi: 10.3969/j.issn.1671-1122.2017.06.004

Abstract ( 485 )

HTML ( 0 )

PDF (1659KB) ( 218 )

The features opening and self-organization of P2P network brings a series of security risks to it, however the traditional access control model is not suitable for P2P network the distributed management system. This paper proposes a novel task-based access control mode of Peer-to-Peer network. Firstly, the subject node evaluates the trust of object node by means of multidimensional trust cloud model, and calculates the risk value of this sharing transaction using the theory of risk evaluation. In the end, the basic principles of interpersonal interaction in social networks are provided references in this model, and the admission degree of object node is obtained by synthesizing the trust of object node and the risk value of this shar-ing transaction. According to the access degree of the target node, the task access control model is improved in this model, and the dynamic management of access rights is realized. After introducing the model, the in-fluence of non cooperative nodes is reduced in P2P system, and the success ratio of the system is improved, and the security of P2P network is enhanced.

References | Related Articles | Metrics

Research on Network Link Prediction Based on Data Mining

XU Yan

2017, 17 (6): 30-34. doi: 10.3969/j.issn.1671-1122.2017.06.005

Abstract ( 586 )

HTML ( 0 )

PDF (1498KB) ( 234 )

In recent years, social networks have become increasingly hot, and data mining based on social networks has also arisen. Link prediction (LP) is an important topic of network data mining, which uses the known network structure and other information to predict and estimate the possibility of linking between two nodes that are not yet linked. Link prediction in social network can be used to recommend friends, filter redundant information, improve user’s satisfaction and loyalty, and build a healthy social networking environment. In previous researches, attentions are focused on structure information or node attributes, in order to analyze the global or local properties. Considering the natures of microblog social network, this paper proposes a link prediction method combining multiple features which includes node features, topological features, social features and voting features. Based on these features, 4 machine learning algorithms, SVM, naive Bayes, random forest and logical regression, are applied on microblog social network data to train predictive models to predict potential social links. The results show that combining multiple features performs better than the traditional features, and the combination of multiple features can achieve highest accuracy.

References | Related Articles | Metrics

The Scheme of Open Authorization Based on FIDO UAF

LI Lianglei, SHAO Lisong, WANG Chuanyong, LIU Yong

2017, 17 (6): 35-42. doi: 10.3969/j.issn.1671-1122.2017.06.006

Abstract ( 586 )

HTML ( 11 )

PDF (1708KB) ( 649 )

OAuth2.0 as open authorization standard,is one of the most popular API access control. While using the traditional authentication has some limitations: authorization server is responsible for issuing the access token as well as managing user’s information; traditional authentication such as username/password is vulnerable to many attacks. This scheme will be based on FIDO UAF architectural identity authentication combined with OAuth2.0 agreement, when a user logs in using biometric identification technology to identity himself, meeting the demand of security, user experience, etc. This paper studies OAuth2.0 and FIDO UAF, then designs authentication scheme and authorization scheme and mix them. We describe the framework and detail process of authentication and authorization.Finally, we give an example of system design to fulfill the new scheme.

References | Related Articles | Metrics

A Molecule Encryption System Based on DNAzyme

LI Yifan, WU Ranfeng, YANG Jing, ZHANG Cheng

2017, 17 (6): 43-48. doi: 10.3969/j.issn.1671-1122.2017.06.007

Abstract ( 580 )

HTML ( 1 )

PDF (1922KB) ( 224 )

Based on the form of a one-time-pad, we proposed the information encryption and decryption with DNAzyme cutting in this study. To encrypt the information ,we xor the key with the plaintext and we can get the cipher text. Then the plaintext , the key and the ciphertext are compiled into DNA codes. In accordance with the rule , the recognition sites of some DNAzyme combine with the cipher text and the key into the entire DNA sequence. Thus, the DNAzyme here has high specificity, even the data pool is intercepted , it is too hard to decode the ciphertext without the right DNAzyme. Compared with the traditional encryption technology, DNA encryption has many potential advantages, such as huge storage capacity, difficulty of passwords deciphering and high specificity. Thus, this study may demonstrate that DNA encryption has great potential applications in the field of information security.

References | Related Articles | Metrics

Design and Implementation of Anti APT Attack Trusted Software Base

ZHANG Jiawei, ZHANG Dongmei, HUANG Siqi

2017, 17 (6): 49-55. doi: 10.3969/j.issn.1671-1122.2017.06.008

Abstract ( 609 )

HTML ( 1 )

PDF (2196KB) ( 693 )

Traditional TCG trusted computing technology aims to improve the computing platform's own safety and immunity. The main module of TCG is mounted on the external bus of general-purpose computing platform, using passive defense on application software, static files and others, programs that only comply with the TCG trusted service interface specification can be monitored, which makes it lack of supervision, especially weak on defensing APT and 0day attack, weakened the overall security of the platform. In this paper, we put forward an Anti APT Attack Trusted Software Base using white list of strong access control technology. With the trust chain expansion capability, TSB can extend trust chain from TCM chip to make sure the operation of operating system and business software safe and reliable. Experimental results shows that the Anti APT Attack Trusted Software Base can dynamically and actively measure the business processing system, and it is suitable for constructing autonomous controllable Linux trusted computing platform.

References | Related Articles | Metrics

Quantum Key Agreement Protocol Based on Bell Measurement and Three-particle Entanglement

SHI Jinjing, CHENG Jiajing, CHEN Hui, ZHOU Fang

2017, 17 (6): 56-61. doi: 10.3969/j.issn.1671-1122.2017.06.009

Abstract ( 481 )

HTML ( 6 )

PDF (1377KB) ( 312 )

The controlled non-gate attack can use the correlation between the quantum entangled bits to eavesdrop the shared secret key. Inspired by this kind of attacks, this paper proposed a quantum key agreement protocol based on Bell measurement and three particle-entangled states for the security and efficiency problems that may be faced in quantum key agreement (QKA). This protocol applies a Controlled-NOT gate to convert the Bellen tangled bits and a single bit into a three-particle entangled state, and negotiate the quantum key agreement between Alice and Bob with unitary operations and Bell measurements.The theoretical analysis shows, the protocol whose quantum efficiency is 40% is safe and efficient, and its security is manifested as that it can resist both the external eavesdropper attacks and the internal attacks. Compared with the protocol of Hsueh^[1]and Shen^[2], either side of the two sides in the protocol cannot separately determine the shared secret key in advance, and the two participants have the same contribution to the shared secret key.

References | Related Articles | Metrics

Design and Implementation of Anti Web DDoS Attack Model Based on Improved Logistic Regression Algorithm

ZHANG Xuebo, LIU Jinghao, FU Xiaomei

2017, 17 (6): 62-67. doi: 10.3969/j.issn.1671-1122.2017.06.010

Abstract ( 619 )

HTML ( 0 )

PDF (1762KB) ( 285 )

Web DDoS attack has become one of the common ways for hackers to attack. In order to improve the detection speed and accuracy of Web DDoS attack effectively, this paper proposes a light weight and novel detection algorithm combined quantum particle swarm optimization method with Logistic regression model. This algorithm replaces Newton method with adaptive swarm optimization method to solve Logistic regression coefficient, improving the efficiency and accuracy of solving the regression coefficient. In order to verify the availability of the proposed algorithm, the WorldCup98 open dataset was used in our study to compare the performance of our algorithm with the existing improved Logistic regression algorithms.The experimental results show that compared with the existing improved Logistic regression algorithm, the proposed algorithm has higher detection rate and smaller detection error rate in terms of detecting Web DDoS attacks. Meanwhile,there is a linear relationship between the time complexity of the proposed algorithm and the number of detection sample.

References | Related Articles | Metrics

A Method of Identity Authentication Based on Zero Knowledge Proof in HCE Mode

LIU Chuanbao, CHEN Mingzhi, LIN Weining, FENG Yingyan

2017, 17 (6): 68-74. doi: 10.3969/j.issn.1671-1122.2017.06.011

Abstract ( 542 )

HTML ( 0 )

PDF (1246KB) ( 300 )

Mobile phones with NFC (near field communication) function are being popularized in recent years, and the HCE (host-based card emulation) mode greatly facilitates the development and the use of NFC applications. There are also more and more related applications using NFC function. In the HCE mode, because of the lack of local SE modules, the security of data and the reliability of identity authentication are deeply questioned. This paper proposes an identity authentication method in the HCE mode based on the zero-knowledge proof theory, which reduces the possibility of eavesdropping, duplication and cracking in the process of information transmission. By hiding the identity documents retained locally, the security of the local data is handled better. In untrusted network environments and on local devices with less security, more reliable identity authentication is achieved.

References | Related Articles | Metrics

Research on A Forensics Scheme for Multi-rotor Unmanned Aerial Vehicle

YAN Zijun, FAN Mingyu, Wang Guangwei

2017, 17 (6): 75-82. doi: 10.3969/j.issn.1671-1122.2017.06.012

Abstract ( 500 )

HTML ( 2 )

PDF (2513KB) ( 222 )

In recent years, multi-rotor unmanned aerial vehicle have developed quickly and have been widely used in fields and industries all over the world. However, due to the lack of effective safety strategies and the incomprehension of related flight regulations and the deliberate sabotage of laws and regulations of some users, incidents of illegal and random flights, illegal usage and hostile attacks increase day by day. This presents a significant challenge to the healthy development of the unmanned aerial vehicle industry and the safety and stability of the society. Therefore, taking measures such as the identity authentication and information forensics of unmanned aerial vehicle and their users can be beneficial to solve the above prominent problems. The forensics system of unmanned aerial vehicle is put forward for the first time in this paper. The system can acquire in advance and store the images, videos and other digital information on the illegal actions of users, so it can better solve the above problems. Meanwhile, this paper puts forward the authentication mechanism to confirm the three identities of users. Based on users’ actions, this paper develops an analysis model of users’ threat level and evaluates the model. The result shows that the model can accurately distinguish threats from users and provides accurate forensics standards for the forensics system of unmanned aerial vehicle.

References | Related Articles | Metrics

Table of Content