Loading...
Netinfo Security

Table of Content

    10 October 2017, Volume 17 Issue 10 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Two Types LWE-based Multi-bit Lattice-based Encryption Schemes
    Zengpeng LI, Chunguang MA, Lei ZHANG, Wenwen ZHANG
    2017, 17 (10):  1-7.  doi: 10.3969/j.issn.1671-1122.2017.10.001
    Abstract ( 739 )   HTML ( 4 )   PDF (1681KB) ( 470 )  

    As a classical hard problem of post quantum cryptography, LWE was used to design various public-key encryption algorithms and cryptographic protocols based on lattice. Based on LWE assumption, Gentry proposed a dual version of the Regev encryption scheme, which further promoted the development of public key cryptography. It causes that most existing cryptographic algorithm constructions use Regev scheme or GPV as the basic cryptography building block. However, most existing researches on lattice-based public key encryption scheme focus on the single bit encryption, but two simple methods usually were used to obtain the multi bit encryption, i.e., either encrypting the matrix directly, or, iterating single bit encryption schemes. These two kinds of calculation are costly and inefficient. In this paper, inspired by the multi-bit fully homomorphic encryption scheme by Li et al., two kinds of new public keys are constructed respectively, which contain multiple LWE instances, instead of only one. Then we construct two kinds of multi-bit lattice-based encryption using two new public keys, i.e., Regev and GPV as the building blocks respectively, and proved them CPA secure under LWE assumption.

    Figures and Tables | References | Related Articles | Metrics
    The Analysis on FPGA IP Core Circuit and Its Security Based on Complex Network
    Tingyuan NIE, Peipei WANG, Jiuxu GAO, Aiguo JI
    2017, 17 (10):  8-12.  doi: 10.3969/j.issn.1671-1122.2017.10.002
    Abstract ( 497 )   HTML ( 1 )   PDF (1379KB) ( 458 )  

    The theoretical research of the real complex network provides a new method for the analysis and optimization of the integrated circuit. This paper extracts the circuit network information from FPGA IP core and analyzes complex network characteristics of the FPGA IP core circuit network, including clustering coefficient, average distance, degree-degree correlation, cumulative degree distribution, and so on. Experimental results show that the FPGA IP core circuit network obeys small world feature of complex network with Broad-scale distribution, which provides theoretical support for the study of the FPGA IP security. The experiment also gives the value range of network cumulative degree distribution and Pearson correlation coefficient, which provides theoretical basis for optimizing the FPGA IP core circuit network to improve the robustness of the circuit network.

    Figures and Tables | References | Related Articles | Metrics
    An End-to-End Security Scheme of the Internet of Things
    Guojun MA, Lei BAI, Qingqi PEI, Xiangjun LI
    2017, 17 (10):  13-21.  doi: 10.3969/j.issn.1671-1122.2017.10.003
    Abstract ( 485 )   HTML ( 3 )   PDF (1471KB) ( 613 )  

    Security problem is one of the main challenges of IoT. Many constrained devices of IoT are operating under low power, and with limited computational and network resources, and cannot use standard security protocols to protect end-to-end security, they become the weakness of IoT. An IoT security architecture based on edge computing and a proxy-based Datagram Transport Layer Security end-to-end security scheme based on the architecture were proposed. Analysis and experiment show that the scheme can enable the constrained devices to communicate with any remote devices using the Internet standard security protocol in a security way. At the same time, the scheme is scalable, feasible and practical.

    Figures and Tables | References | Related Articles | Metrics
    Research on Multiple-replica Integrity Auditing Method on Supporting Data Dynamic Updating in Cloud Environment
    Genqing BIAN, Bilin SHAO, Wandong CAI, Dong WANG
    2017, 17 (10):  22-28.  doi: 10.3969/j.issn.1671-1122.2017.10.004
    Abstract ( 517 )   HTML ( 1 )   PDF (1820KB) ( 488 )  

    In the cloud storage environment, how to efficiently and dynamically complete the integrity of multi-replica data auditing is a challenging issue. This paper studies and proposes a Multiple-replica Integrity Auditing Method on Supporting Data Dynamic Updating. Firstly, BLS signature and bilinear mapping technology are used to realize the batch audit of multi-replica, which avoids the interaction between CSP and TPA, thus reducing the communication overhead in the audit process. Secondly, after connecting each replica number and the file, corresponding replicas are generated by using ElGamal system. Finally, the security of the verification method is analyzed theoretically, and the performance of the verification method is compared experimentally. The results show that the performance of the method is better than the existing methods in communication and computing overhead, which can effectively improve the efficiency of file storage and verification and reduce the computational cost.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Algorithm of Named Entity Recognition Based on Deep Neural Network
    Khan Safi Qamas GUL, Jize YIN, Limin PAN, Senlin LUO
    2017, 17 (10):  29-35.  doi: 10.3969/j.issn.1671-1122.2017.10.005
    Abstract ( 702 )   HTML ( 3 )   PDF (1420KB) ( 572 )  

    For the problem of insufficient feature extraction of named entity recognition for Chinese social media, a method of named entity recognition based on deep neural networks that combines a long short-term memory with a soft attention model is proposed in this article. A message from social media text is equivalent to a character sequence, so each character in the sequence should be converted into a corresponding character vector firstly. Secondly, a long short-term memory is used to extract the global text features from the converted character vector sequence. Thirdly, a soft attention model is used to extract the local text features from the global text feature vector sequence outputted by the previous step. Finally, a linear chain conditional random field is used to tag the named entities according to the global and local text feature vector sequence, and the results of named entity recognition are gotten and outputted. The results show that the proposed method in this article has a higher F-measure value compared with the baseline algorithm and the state-of-the-art algorithm.

    Figures and Tables | References | Related Articles | Metrics
    Efficient Blind Signature Scheme of Anti-Quantum Attacks
    Li CHEN, Chunxiang GU, Mingjun SHANG
    2017, 17 (10):  36-41.  doi: 10.3969/j.issn.1671-1122.2017.10.006
    Abstract ( 431 )   HTML ( 2 )   PDF (1347KB) ( 382 )  

    Blind signature schemes have been widely used in areas such as e-cash, e-voting, oblivious transfer, etc. Blind signature schemes based on the number theory assumptions, such as big integer factorization problem (IFP) and discrete logarithm problem (DLP), could not resist the cryptanalysis by quantum attacksand sub-exponent algorithms, and lattice-based blind signature schemes based on traditional certificate had the problems of huge storage overhead and communication cost. Aiming at above problems, based on the advantages of lattice-based cryptosystem and identity-based cryptosystem, this paper proposes a blind signature scheme with high efficiency and quantum-resistant attacks. The scheme is proven secure with the hardness of the Small Integer Solution (SIS) problem in the random oracle model. The scheme extracts users’ secret-key by using lattice basis delegation with fixed-dimension technique, and hence achieves short secret-keys and short signatures.

    Figures and Tables | References | Related Articles | Metrics
    Research on Imbalanced Abnormal Data Classification Algorithm Based on Active Learning
    Bo WANG, Huaibin WANG
    2017, 17 (10):  42-49.  doi: 10.3969/j.issn.1671-1122.2017.10.007
    Abstract ( 508 )   HTML ( 1 )   PDF (1373KB) ( 131 )  

    Network security is facing increasingly complex challenges. With the diversification of attack methods and types, the extent of damage is also increasing; network protection requirements have been from a single passive approach to data fusion of active network technology under the situation awareness. Therefore, for the study of abnormal data classification is still very important. However, the traditional classification algorithm in the face of unbalanced data, only consider the algorithm accuracy, ignoring the classification effect of the minority class, thus easily lead to attacks and vulnerabilities of false positives, and for the new type of abnormal recognition efficiency is not ideal. Aiming at the above problems, firstly, this paper uses the sampling method of active learning algorithm to improve the learning efficiency in a large number of samples; then, the classification algorithm is improved based on the idea of the combination classifier, and the classification accuracy of the algorithm is increased by using the misclassification cost function; finally, the feasibility and effectiveness of the proposed method are verified by comparing the proposed method with the traditional method.

    Figures and Tables | References | Related Articles | Metrics
    Research on Quantum Private Comparison Based on χ-type State
    Pei YANG, Xiaoqing TAN
    2017, 17 (10):  50-54.  doi: 10.3969/j.issn.1671-1122.2017.10.008
    Abstract ( 522 )   HTML ( 1 )   PDF (1902KB) ( 205 )  

    This paper proposes a quantum private comparison protocol based on χ-type state. Two participant parties Alice and Bob, with the help of a semi-honest third party, can compare the equality of their secret information without revealing the content of secret information by simple quantum measurements and mathematical operations. The protocol doesn’t need unitary operations which may consume expensive quantum devices. Single particle and two particles measurements, which are easy implemented with current technologies, are employed by two participant parties and a semi-honest third party respectively. The security analysis of the protocol shows that the protocol is theoretically safe, which can effectively prevent external eavesdropping, participant’s intercept-measure-resend attack, and third party’s attack.

    Figures and Tables | References | Related Articles | Metrics
    A Cross Site Script Vulnerability Detection Technology Based on Sequential Minimum Optimization Algorithm
    Nana HUANG, Liang WAN, Xuankun DENG, Huifan YI
    2017, 17 (10):  55-62.  doi: 10.3969/j.issn.1671-1122.2017.10.009
    Abstract ( 532 )   HTML ( 4 )   PDF (1835KB) ( 413 )  

    When the attacker uses the Web APP to inject malicious code into different end users, XSS attacks will occur. In the light of the phenomenon that Web application uses the user's input, but don’t verify or encode it, this paper put forward a kind of recursive feature elimination algorithm matching algorithm and sequential minimal optimization based on regular expression (SMO-RFE). The first is the data preprocessing, using regular expression matching algorithm, choose the characteristics of representative data set for the training set; then use the SMO-RFE feature selection algorithm to select the optimal features; once again feature sort and assemble the aggressive keywords; finally summarize the occurrence frequency of feature keyword and the weight ratio of feature value. The higher the occurrence frequency of attack keywords, the greater the likelihood of vulnerabilities. Through the experiment we can find out that after the data set is selected by SMO-RFE algorithm, the accuracy of SVM feature vector to be detected is higher, and shows that the algorithm can effectively detect XSS vulnerabilities.

    Figures and Tables | References | Related Articles | Metrics
    Research on Application of ID-based Designated Verifier Signature in Cross-domain Authentication
    Liu WANG, Zhenfu CAO, Xiaolei DONG
    2017, 17 (10):  63-68.  doi: 10.3969/j.issn.1671-1122.2017.10.010
    Abstract ( 493 )   HTML ( 1 )   PDF (1125KB) ( 245 )  

    Cloud computing allows users to more easily access to a variety of resources,while it is also a key issue in the cloud computing security field that the identity authentication technology of user access to cloud services. In view of cross domain authentication,the use of OpenID is vulnerable to phishing attacks, replay attacks and other vulnerabilities, the paper mainly proposed a scheme of cross-domain authentication, which based on the ID-based three-party authenticated key agreement protocol and based on the ID-based strong designated verifier signature system to solve the known vulnerabilities in the OpenID, meanwhile protect users’ privacy and strengthen data security in the entire alternating process.

    Figures and Tables | References | Related Articles | Metrics
    Research on an Integrity Auditing Scheme Based on Algebraic Signature in Cloud Storage
    Huiying HOU, Jia YU, Rong HAO
    2017, 17 (10):  69-74.  doi: 10.3969/j.issn.1671-1122.2017.10.011
    Abstract ( 476 )   HTML ( 1 )   PDF (1719KB) ( 302 )  

    In cloud storage system, security and efficiency are two important issues. In order to solve these problems simultaneously, many cloud storage integrity auditing schemes that support data deduplication are proposed. In most of the previous schemes, the user has to generate a homomorphism authenticator based on BLS signature or RSA signature for each file block, which incurs high overhead for the user especially when the outsourcing data is very big. This paper uses the algebraic signature technique to generate authenticator for each file block. Because most operations of algebraic signature are XOR operations, only minimal computational overhead is required. In addition, the scheme supports dynamic changes in data ownership. When the user performs deletion or modification operation, he is no longer the legal owner of the data, and does not have right to access the data. The experimental results show that the scheme is secure and efficient.

    Figures and Tables | References | Related Articles | Metrics
    A Method of RF Fingerprint Recognition Based on Contour Feature
    Zhengyang CUI, Aiqun HU, Linning PENG
    2017, 17 (10):  75-80.  doi: 10.3969/j.issn.1671-1122.2017.10.012
    Abstract ( 491 )   HTML ( 5 )   PDF (3383KB) ( 268 )  

    The RF fingerprint extraction and identification of wireless devices is one of the hotspots. This paper presents a method of extracting and recognizing CTF based on image processing.This method is applied to the constellation trajectory using median filter for noise reduction and other preconditioning, and then using image enhancement and morphological processing, getting contour and high density distribution of concentrated areas and other specific features. The pixel matching and correlation matrix and other methods are also used to distinguish and identify features to achieve the distinction between wireless devices.The experimental results show that the wireless device recognition rate can reach 90%.

    Figures and Tables | References | Related Articles | Metrics
    Research on HDFS Small File Problem Based on Real-time Data of Cybersecurity
    Shaojie WANG, Chun LONG, Wei WAN, Jing ZHAO
    2017, 17 (10):  81-85.  doi: 10.3969/j.issn.1671-1122.2017.10.013
    Abstract ( 540 )   HTML ( 2 )   PDF (1166KB) ( 160 )  

    Cybersecurity awareness needs the real-time risk information to work. That is to write the real-time data and search it out as soon as possible. However, read and write the same storage unit at the same time will cause conflict and finally result into error. Some data source has the ability to transfer files on a regular basis, which can solve this problem. But it will produce a lot of small files and waste a lot of storage with small interval. To solve the small file problem, this paper came up with a file transfer append strategy based on file size. That is to add append function to the write and transfer file function to merge small files. This strategy can guarantee the file size over the pre-set value. The simulation result shows that this strategy can reduce the file amount and cut down the waste of storage effectively.

    Figures and Tables | References | Related Articles | Metrics
    Research on Information Security Supervision Strategy Based on Private Cloud Model
    Lei ZHANG, Dongsheng YU, Jun YANG, Jiming HU
    2017, 17 (10):  86-89.  doi: 10.3969/j.issn.1671-1122.2017.10.014
    Abstract ( 467 )   HTML ( 1 )   PDF (1094KB) ( 351 )  

    With the gradual maturity of cloud computing technology, more and more organizations had constructed information system in private cloud or public cloud, which was in order to achieve intensive construction. But it also brought a lot of new security risks. This paper presents the solutions of security supervision and control management based on the cloud computing, it can ensure the security of applications in the cloud.

    Figures and Tables | References | Related Articles | Metrics