Loading...
Netinfo Security

Table of Content

    10 January 2018, Volume 18 Issue 1 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    The Design Framework of Reconfi gurable Virtual Root of Trust in Cloud Environment
    Jianbiao ZHANG, Zixiao ZHAO, Jun HU, Xiao WANG
    2018, 18 (1):  1-8.  doi: 10.3969/j.issn.1671-1122.2018.01.001
    Abstract ( 714 )   HTML ( 4 )   PDF (2059KB) ( 386 )  

    With the emergence of trusted computing technology trusted cloud has gradually become a major solution to the problem of cloud security. However, the trusted source of the trusted cloud -- virtual root of trust still has some problems: support TPM only, does not support TPCM, can not do active defense; internal structure is inconvenient to modify or extend; the use of cryptographic algorithm meet foreign standards only which is not autonomous and controllable. Therefore, we present a new design scheme of virtual root of trust, which reconstructs the root of trust in a modular structure. The modules cooperate with each other through the internal unified message format to provide security and reliable environment for the cloud. Based on this scheme, the reconfigurable virtual root or trust has the following characteristics: high scalability, its structure is easy to transform so as to achieve multiple heterogeneous, can simulate different TPM or TPCM architecture; autonomous and controllable, its cryptographic algorithm follows the national standard.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Application of AR-HELM Algorithm in Network Traffic Classifi cation
    Shuning WEI, Xingru CHEN, Yong TANG, Hui LIU
    2018, 18 (1):  9-14.  doi: 10.3969/j.issn.1671-1122.2018.01.002
    Abstract ( 590 )   HTML ( 5 )   PDF (1346KB) ( 309 )  

    Considering the huge time overheads, low accuracy rate and undesirable classification efficiency of the conventional classification algorithms, extreme learning machine network traffic classification methods based on attribute reduction in rough set become hot methods which study network traffic classification using machine learning. Due to structural constraints, feature learning using extreme learning machine (ELM) may be ineffective for some special natural signal data. Thus, an improved hierarchical extreme learning machine algorithm based on attribute reduction in rough set (AR-HELM) is proposed as classification algorithm to construct model. The experimental results show that, comparison with traditional neural network and machine learning algorithm, the AR-HELM can be well applied to network traffic classification and improve the learning performance of the extreme learning machine. The improved algorithm model gets faster and better convergence results.

    Figures and Tables | References | Related Articles | Metrics
    An Enhanced Security Framework of Software Defi ned Network Based on Attribute-based Encryption
    Yue SHI, Xianglong LI, Fangfang DAI
    2018, 18 (1):  15-22.  doi: 10.3969/j.issn.1671-1122.2018.01.003
    Abstract ( 738 )   HTML ( 6 )   PDF (2554KB) ( 525 )  

    As the development of the information network, cloud computing, big data, virtualization technology pushing several of new applications emerged. As a novel network architecture, Software defined network (SDN) provided the separation of control plane and data plane, thus controlling the hardware by the software platform which in the central controller, to realize the flexible deployment of network resource. In the process of SDN developing and application, its open architecture exposed more and more security problem, how to build a secure SDN becomes the focus of attention. Based on the hierarchical SDN architecture and characteristics, this paper analyzes the security threats that may face the SDN application layer, control layer, resource layer and interface layer. In order to solve these security threats, this paper presents the corresponding defense ability, and forms a whole SDN security architecture. Adopting an attribute-based encryption method, the paper also puts forward an enhanced access control strategy.

    Figures and Tables | References | Related Articles | Metrics
    A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks
    Baoyuan KANG, Jiaqiang WANG, Dongyang SHAO, Chunqing LI
    2018, 18 (1):  23-30.  doi: 10.3969/j.issn.1671-1122.2018.01.004
    Abstract ( 609 )   HTML ( 1 )   PDF (2388KB) ( 420 )  

    With the use of wireless sensor networks becomes more and more wildly, it is very important to ensure the safety of data transmission between communication parties. So how to reach a session key has become a critical issue before encrypting the transmission data. And AKA protocol is used to solve this problem. After analysing TAI et al’s AKA protocol, we find that their protocol suffers from such a security flaw. When a user and a sensor node reach the session key, they cannot confirm identity of each other. So their AKA protocol cannot withstand impersonation attack. This paper shows the found security flaws and propose an improvement by changing the method of sensor node identity provides. And the sensor node can also get the user’s identity. So the authenticity of the communication parties will be verified. The proposed protocol can resist the impersonation attack effectively and the security is improved.

    Figures and Tables | References | Related Articles | Metrics
    Analysis and Measurement of Components Trust Relationship in Internetware System
    Yong YU, Yonggang LIU, Jie GU
    2018, 18 (1):  31-37.  doi: 10.3969/j.issn.1671-1122.2018.01.005
    Abstract ( 502 )   HTML ( 3 )   PDF (1385KB) ( 201 )  

    In order to ensure the security of the Internetware system, this paper propose a method to analyze and measure the trust relationship among components. In Internetware system, the trust relationship among components can be divided into two types: direct trust relationship and indirect trust relationship. Indirect trust relationship includes single-level and multi-level recommended trust relationship. On the basis of original interaction among components, the direct trust relationship can be measured depending on the expected behavior in the interaction process. Direct trust relationship net can be built based on the relationship of direct trust. The trust recommendation component set can be found based on the precursor node list and successor node list in the net. At this time, the level of indirect trust relationship among components can be determined. The method to measure the single-level and secondary-level indirect recommended trust relationship is presented, meanwhile, the possible losses in the transfer process of trust relationship is analyzed.

    Figures and Tables | References | Related Articles | Metrics
    The Second-preimage Attack to Blockchain Based on the Structure of Merkle Hash Tree
    Maoning WANG, Meijiao DUAN
    2018, 18 (1):  38-44.  doi: 10.3969/j.issn.1671-1122.2018.01.006
    Abstract ( 1310 )   HTML ( 23 )   PDF (1070KB) ( 917 )  

    Blockchain technology is a kind of emerging information technology model. It is widely regarded as a promising concept because of its advantages such as decentralization, high efficiency, and transparency. The breadth of application scenarios and the underlying layer of application determine that the security of the blockchain must be guaranteed. Hash functions are one of the most important foundations for providing the blockchain’s usability and security. Starting from Hash functions in the blockchain and based on the principle of cryptanalysis, this paper presents a type of second preimage attack on the existing blocks by employing the structure and workflow of the blockchain. Specially, the attack constructed in this paper uses the fact that the Hash values in the leaf nodes of a Merkle tree have the same status. After theoretical analysis of proving that the complexity of such an attack is lower than that of trivial brute-force, the attack’s concrete steps based on Hellman’s time-memory tradeoff principle are also described. The conclusion of the attack shows that both the mathematical structure of the Hash function itself and data format of blockchain transaction records are important to the security of the blockchain. This should be considered in the future when we design blockchain systems.

    Figures and Tables | References | Related Articles | Metrics
    Research on Establish SSH-based Trusted Channels
    Bo FAN, Runkai YANG, Lin LI
    2018, 18 (1):  45-51.  doi: 10.3969/j.issn.1671-1122.2018.01.007
    Abstract ( 658 )   HTML ( 10 )   PDF (1088KB) ( 399 )  

    The security of existing secure channel technologies can be improved when being integrated with TCG remote attestation techniques. This paper proposes a practical approach to establish SSH-based trusted channels, denoted as trusted SSH. From the security point of view, trusted SSH not only achieves the authentic binding of the platform state information to the SSH secure channel, but also retains the privacy of the platform state information. From the functionality point of view, trusted SSH has the following features: attestation flexibility, backward compatibility and scalability. It is reflected in the aspect that any session key exchange algorithm used in SSH can be seamlessly used in Trusted SSH. These characteristics of security, functionalities and scalability are achieved in an efficient way. We also implement trusted SSH based on open SSH for evaluating its other features.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of A Multi-pattern String Matching Algorithm in Cloud Center Network Intrusion Detection System
    Guofeng ZHAO, Fei YE, Yongan YAO, Yan ZHAO
    2018, 18 (1):  52-57.  doi: 10.3969/j.issn.1671-1122.2018.01.008
    Abstract ( 640 )   HTML ( 1 )   PDF (1433KB) ( 191 )  

    Cloud center network traffic and string pattern set scale is very large, bring great challenge to intrusion detection system. In order to solve the Wu-Manber multi-pattern string matching algorithm matching efficiency and low matching success rate, and reduce the effects of the shortest pattern string length to match algorithm. This paper proposes an improvement algorithm based on WM - IS_WM (Improved Sunday Wu - Manber) algorithm. This method improve the WM algorithm by using the idea of character jump and leakage matching that can make the match window move a greater distance since the current matching fails. It can reduces the number of useless matching, and raises the efficiency of pattern string matching. By using text data test and setting up the sensitive word filtering system, the results of the experiments show that the IS_WM algorithm has lower time complexity and higher matching efficiency than the other algorithms. The proposed IS_WM algorithm is helpful to improve the ability of detecting and filtering sensitive words of cloud center network intrusion detection system.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation on Parallel Crawl Method for Source Code Based on MapReduce
    Junyan MA, Guosun ZENG
    2018, 18 (1):  58-66.  doi: 10.3969/j.issn.1671-1122.2018.01.009
    Abstract ( 596 )   HTML ( 4 )   PDF (1186KB) ( 250 )  

    With the increment of the number of the open source code, it has been a trend to reuse existing codes in software programming. In order to quickly and accurately search open source code, this paper carries out a method of parallel crawling of source code based on MapReduce. Firstly, analyze the current open source code libraries to select the appropriate site and object, and clear the whole parallel crawl the process and target. Secondly, design the Map method and Reduce method according to source code characters, and propose a source code parallel crawl algorithm. Finally, implement the parallel crawling of open source code with cluster computing environment. The experiment shows that using the multi-machine parallel to search source code compared with the traditional method, the speed is obviously improved, and the results of the search results are more reliable.

    Figures and Tables | References | Related Articles | Metrics
    Design and Analysis of Hash Function Based on Error Correcting Code
    Guangfu WU, Xianwen ZENG, Juan LIU, Yijie LV
    2018, 18 (1):  67-72.  doi: 10.3969/j.issn.1671-1122.2018.01.010
    Abstract ( 726 )   HTML ( 3 )   PDF (1366KB) ( 572 )  

    Hash function plays an increasingly important role in the field of cryptography. It is a very important cryptographic primitive in many cryptographic applications. Block chain technology and many other cryptographic primitives depend on the security of Hash function. Through further research on Hash function, this paper proposes the design of an improved Hash function based on error correcting code, and proves that the constructed Hash function has higher security by using the entropy of the Hash function value. This paper also discusses the application of the Hash function in the spot of block chain, and confirms that it can improve block chain technology.

    Figures and Tables | References | Related Articles | Metrics
    Cryptanalysis and Security Enhancement of an Efficient Secure Authentication Scheme with User Anonymity for Roaming User in Ubiquitous Networks
    Juan QU, Yanping LI, Li LI
    2018, 18 (1):  73-79.  doi: 10.3969/j.issn.1671-1122.2018.01.011
    Abstract ( 423 )   HTML ( 2 )   PDF (1283KB) ( 274 )  

    In this paper, we review an efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks by Shin et al.. We show that this scheme is vulnerable to forgery attack, insider attack, session key disclosure attack. Moreover, this paper points out that Shin scheme cannot preserve forward secrecy and the password change phase is not correct. Then, we give an enhanced authentication scheme with user anonymity. The authentication scheme improves the original one in two aspects : firstly, the scheme can overcome the weaknesses in Shin' s scheme. Secondly, the scheme has lower computational costs and is more suitable for applications in ubiquitous networks.

    Figures and Tables | References | Related Articles | Metrics
    Enhanced Secure RFID Authentication Protocol in IoT
    Zhicong LI, Zhiping ZHOU
    2018, 18 (1):  80-87.  doi: 10.3969/j.issn.1671-1122.2018.01.012
    Abstract ( 563 )   HTML ( 4 )   PDF (1452KB) ( 541 )  

    With the development of Internet of things technology, large-scale popularization of RFID applications will appear. In order to realize the protection mechanism of strong privacy, researchers consider using public key encryption mechanism to design protocols. By analyzing some RFID protocols using ECC encryption, it is found that the authentication function is linear in such protocols, which cause the weak security of protocols. Utilizing its linear weakness, it can be found that AlAMR’s protocol is vulnerable to man-the-middle attack and tracking attack. In view of this, a new protocol is designed, this paper uses DH theory to generate the shared secret between the communication entities and set the shared secret as randomized fresh factors, which ensure the freshness and unpredictability of the data stream and avoid tracking attacks. This paper constructs the function corresponding to the communication data through combining these fresh factors and attribute values of the tag by XOR operation, which solve the problem of linearity of the authentication function and avoid the man-the-middle attack. Aiming at the problem of non-scalability of system scale, the idea of ID-verifier transfer is fused into the design of authentication functions to realize the search complexity of a constant level. The designed protocol considers the insecure channel among all communication entities. Through the statistical analysis of the performance of the protocol, the protocol can better meet the development needs of IoT compared with the same type of protocol.

    Figures and Tables | References | Related Articles | Metrics