Loading...
Netinfo Security

Table of Content

    10 June 2015, Volume 15 Issue 6 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Double Layer Defense Model for SQL Injection Attack Based on Classification
    Yu-jie TIAN, Ze-mao ZHAO, Li-jun WANG, Ke LIAN
    2015, 15 (6):  1-6.  doi: 10.3969/j.issn.1671-1122.2015.06.001
    Abstract ( 372 )   HTML ( 0 )   PDF (6493KB) ( 175 )  

    In recent years, some progresses have been made on the research on SQL injection attack defense. However, the present measures of SQL injection attack defense still have limitations. This paper studies the problems existing in the SQL injection attack defense. At first, for the misinformation problem of normal data existing in the user inputs, a measure to filter user inputs is proposed which is based on Http request classification, and the measure of grammatical structure comparison is proposed to solve the underreporting problem of malicious data. Secondly, for the low detection efficiency problem existing in the measure of grammatical structure comparison, a dynamic query matching measure based on the parameterized classification is proposed. Finally, based on the above two measures, a double layer defense model based on classification for SQL injection attack is proposed. The experimental results show that the defense model has good defense capability against SQL injection attacks, which can effectively reduce the misinformation rate and the underreporting rate existing in user input filtering, and improve the detection efficiency of the measure of the grammatical structure comparison.

    Figures and Tables | References | Related Articles | Metrics
    A Fuzzy Keyword Search Scheme with Encryption in Cloud Storage
    Zhi-guang QIN, Wen-yi BAO, Yang ZHAO, Hu XIONG
    2015, 15 (6):  7-12.  doi: 10.3969/j.issn.1671-1122.2015.06.002
    Abstract ( 464 )   HTML ( 4 )   PDF (6377KB) ( 239 )  

    In the process of using cloud service, the interests of the users may be damaged. Because when the cloud platform data were maintained and managed, it may maliciously damage the confidentiality and integrity of users’ data. A general method of solving this problem is to encrypt users’ data files, and CSP (cloud server provider) search for specific keywords to return the documents to meet the needs of users. The server can’t get any information from the encrypted documents. Although there have been many public encryption search schemes, most of the public key encryption search programs only support the accurate keyword search. When the input keywords have a little deviation, these schemes will not work. This significant drawback makes existing techniques unsuitable in cloud computing. In this paper, we propose a scheme which solved this problem effectively. This largely enhances the availability of the search system. Our proposed solution also gives the corresponding security proof and it can be successfully against keyword chosen-attack.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of Monitoring System for Internet QR Code Pictures
    Jie XU, Guo-qing JIN, Qing-sheng YUAN
    2015, 15 (6):  13-18.  doi: 10.3969/j.issn.1671-1122.2015.06.003
    Abstract ( 409 )   HTML ( 1 )   PDF (5729KB) ( 114 )  

    Two-dimensional code has become increasingly widespread and penetrated into every aspect of social life. It is one of the most important links between online and offline now, but the security issues cannot be ignored. Two-dimensional code has been used to spread harmful information, which has brought a new challenge to network and information security. Aiming at the most widely used tow-dimensional code — Quick Response (QR) code, this paper studies key technologies such as QR code positioning, QR code graphic distortion correction, QR code decoding etc, and introduces the design and implement of a practical real-time monitoring system. The experimental results show that the recognition accuracy is 96%, the recall is 90%, and the recognition speed is 30 pictures per second on the test data set of 5000 pictures which contain QR code, basically meeting the need of real-time application.

    Figures and Tables | References | Related Articles | Metrics
    Research on Authentication of WiFi-WiMAX Heterogeneous Wireless Network
    Hai HUANG, Dong-qing XIE, Yi-zan SONG
    2015, 15 (6):  19-25.  doi: 10.3969/j.issn.1671-1122.2015.06.004
    Abstract ( 407 )   HTML ( 0 )   PDF (13554KB) ( 41 )  

    To achieve fast interconnection between WiFi and WiMAX heterogeneous wireless network, it needs to make sure the user facility has small delay when switching in the wireless network, and it also needs to guarantee the communication quality when switching. In the WiFi-WiMAX heterogeneous wireless network, the authentication method requires the user to repeat full EAP authentication, which leads to excessive delay and influences the transmission quality. This paper puts forward a fast authentication mechanism that after completing the EAP authentication when users’ equipments access network for the first time, the MSK that is needed when switching network is kept and sent to the target network in advance. This paper adopts the method of reusing the key to achieve the goal of rapid authentication when switching network. Experiment is set with NS2 to prove that fast switching method obtains the shortest average switching delay, improving the efficiency of network authentication, and providing better QoS for the users.

    Figures and Tables | References | Related Articles | Metrics
    An Encryption Communication Scheme Based on Hardware in Circuit-Switched Domain
    Yuan LI, Wei-hua ZHOU, Xu SHAN
    2015, 15 (6):  26-32.  doi: 10.3969/j.issn.1671-1122.2015.06.005
    Abstract ( 468 )   HTML ( 0 )   PDF (7232KB) ( 97 )  

    From the birth of modern mobile communication technology, rapid development and wide application of mobile technology brought great convenience to people's lives, and the widely applicable mobile network technology had influenced all aspects of the society. However, it also brought a lot of security problems. Because of reasons such as open-air transmission which made it vulnerable to eavesdropping, the mobile communication security had become a hot issue. In order to guarantee the confidentiality of mobile system, this paper proposed an encryption scheme based on TF Card in CS domain, including a lightweight certificate based on SM2, system module design and state machine design. This scheme took both availability and security into account. It helped complete identity authentication at the cost as low as possible. Experiment on Android shows that this method can protect users’ information security on mobile phone with little performance cost.

    Figures and Tables | References | Related Articles | Metrics
    Research on Homomorphic HASH System for Anti-Pollution-Attack Based on Network Coding
    Fu-zhen CHEN, Jiu-jun CHENG, Jing-xue LIAO, Jian-yu SHAO
    2015, 15 (6):  33-40.  doi: 10.3969/j.issn.1671-1122.2015.06.006
    Abstract ( 485 )   HTML ( 0 )   PDF (7769KB) ( 129 )  

    We bring forward an anti-pollution-attack system with homomorphism hash function based on the homomorphic signature, which is a valid way to solve the problem that the transmission of network coding is likely to be pollution-attacked. In that way, every node in the network will verify passing groups by a sync parameter of hash function and hash of original message groups which is received in advance. Only the verified packet will be forwarded to the next node. We also use an ACK authentication solution between source node and destination node to resist pollution-attack in network coding. Also, we propose the hardware accelerated to reduce the computing time of each node. We use FPGA board to verification of data packet and encoding operation, which can improve the efficiency of the system. Another advantage of our system is to improve the transmission of network and it will discard polluted data groups automatically. It plays an important role in security transportation of network coding.

    Figures and Tables | References | Related Articles | Metrics
    Research on DCP-ABE Scheme Supporting Attribute Reuse
    Ke LIAN, Ze-mao ZHAO, Li-jun WANG, Yu-ju HE
    2015, 15 (6):  41-46.  doi: 10.3969/j.issn.1671-1122.2015.06.007
    Abstract ( 269 )   HTML ( 1 )   PDF (13616KB) ( 46 )  

    Attribute-based encryption (ABE) scheme takes attributes as the public key and associates the ciphertext and user’s secret key with attributes, so it can express flexibly access control policies. This scheme dramatically reduces the network bandwidth and the cost of sending nodes’ operations in fine-grained access control of data sharing. As a generalization of a single authority ABE scheme, multi-authority ABE scheme reduces the burden of single authority and the security risk, while meeting the needs of distributed applications more easy. To address the issue that the attributes cannot be reused in multi-authority ABE scheme, this paper proposes an improved multi-authority ABE scheme called DCP-ABE scheme, which introduces the global identifier of authority. In the encryption stage, by binding the ciphertext components related to the attribute with the global identifier of authority that manages this attribute, the attributes managed by different authorities can be reused, which expands the practicality of the scheme. In addition, in this scheme, any authority can dynamically join or leave the encryption system, which no longer needs the management of the central authority.

    Figures and Tables | References | Related Articles | Metrics
    Null Pointer Dereference Detect Based on Judgment Logical in Software Security
    Rui-qiang WANG, Da-hai JIN
    2015, 15 (6):  47-54.  doi: 10.3969/j.issn.1671-1122.2015.06.008
    Abstract ( 391 )   HTML ( 0 )   PDF (7975KB) ( 91 )  

    Software security problems caused by null pointer dereference continue to emerge and bring great distress and loss to all aspects. In this paper, we apply static testing method to analyze and detect a kind of null pointer dereference. This paper present a method to detect null pointer dereference using judgment logical information. First, give some definitions and fault classifications about based on logic judgment to detect null pointer dereference fault (BLJDNPDF). Then, using method summary technology to extract indirect null judgment point and indirect pointer dereference point, define method summary’s contents, which contain method feature and post condition, do research on how to generate and transform method summary. Finally, using finite state machine to build model of BLJDNPDF, describe fault model description, and use state machine’s state change and method summary to complete BLJDNPDF detection.

    Figures and Tables | References | Related Articles | Metrics
    Research on Image Watermarking Algorithm Based on Quantum Haar Wavelet Transform
    Qun-gang MOU, Tian-fa JIANG, Jing LIU
    2015, 15 (6):  55-60.  doi: 10.3969/j.issn.1671-1122.2015.06.009
    Abstract ( 577 )   HTML ( 6 )   PDF (5805KB) ( 178 )  

    The traditional digital watermarking technology is relatively mature, but there are some areas has not been fully involved in, such as quantum image watermarking technique and the certification is currently in the initial stage of developing. All of this really solve the bottleneck problem of digital product safety protection on the theoretically by combining quantum computing theory and traditional digital watermarking technology and pointed out a new direction for the information security industry research. Based on wavelet transform theory and its applications in image watermarking algorithm and quantum computing theory have a wide range of applications in cloud security computing and big data, a watermarking algorithm based on quantum Haar wavelet transform is proposed. Algorithm firstly show classic image by using the quantum image representation, then do the quantum Haar wavelet transform of matrix quantization, and lastly text watermarking information is embedded into the quantum wavelet coefficients. Finish process of embed information etc by using matrix transform in classic computer simulate quantum wavelet transform in quantum computer. Experiment result shows that this algorithm has a large embedding capacity, there just subtle change of calculation basis and adjacent pixels correlations of image before and after embedded watermark information, indicates this algorithm have a higher watermark embedding quality.

    Figures and Tables | References | Related Articles | Metrics
    Research and Design on Security System of Wireless Mesh Network
    Xun LUO, Cheng-hua YAN
    2015, 15 (6):  61-66.  doi: 10.3969/j.issn.1671-1122.2015.06.010
    Abstract ( 427 )   HTML ( 0 )   PDF (6361KB) ( 157 )  

    Focused on the vulnerability to attack from external and internal nodes and hard management due to openness and jump more communication in wireless mesh network, a security network system has been brought forward based on research of the characteristic, the architecture and potential safety of mesh network, which contain four functions: access control, centralized management, avoid conflict and isolation fault. The system can ensure the safety of network by using some technologies such as firewall, identity authentication, cryptogram and intrusion detection. Which can authenticate the power of users and monitor the running status of mesh network by introduced the access controller in mesh backbone nodes. Also can identify the permissions of users, define access strategy and the level of security management by introduced the center manager in mesh gateway nodes. Analysis shows that the system enhances and improves the security of wireless mesh network, and has certain reference value for mesh network to practical application.

    Figures and Tables | References | Related Articles | Metrics
    Research on Cloud Forensics Model under the Simulation DDoS Attack Scenarios
    Jie LI, Xin XU, Yu CHEN, Ding-wen ZHANG
    2015, 15 (6):  67-72.  doi: 10.3969/j.issn.1671-1122.2015.06.011
    Abstract ( 570 )   HTML ( 2 )   PDF (6106KB) ( 166 )  

    Cloud computing is a new type of computing concept. It is based on open standards and services, and it is centered on the Internet. It makes all kinds of resources on the Internet to work together, which constitutes some huge data centers and computing centers, offering the safe, fast and convenient data storage and network computing services for all kinds of users. Under the cloud computing environment, the Internet is facing more and more computer crimes, bringing great challenges to forensic work. On the one hand, the evidences of the attacks that have taken place should be collected and analyzed. On the other hand, experimental data should be collected for the technical means of preventing attacks. Cloud computing environment is the attacker's new target, and once the attack is successful, the losses will directly affect the users' data security and data integrity. Among the attacks, DDoS attack is still one of the attacks that occur most easily and most difficult to prevent on the cloud computing platform. This paper discusses the DDoS attack problems in the cloud computing environment, proposes a model of cloud forensics framework under the simulation DDoS attack scenarios on the basis of related work.

    Figures and Tables | References | Related Articles | Metrics
    The Microblogging User Influence Assessment Based on PageRank and User Behavior
    Jun-hao ZHANG, Yi-jun GU, Shi-hao ZHANG
    2015, 15 (6):  73-78.  doi: 10.3969/j.issn.1671-1122.2015.06.012
    Abstract ( 496 )   HTML ( 2 )   PDF (5967KB) ( 184 )  

    Microblogging users play a vital role in the process of news propagation, and Microblogging users with strong influence are the key factor in public opinion formation, spread and guide. In order to more accurately assess the influence of microblogging users, the UIA (User Influence Assess) algorithm, this paper presented based on user behavior and PageRank, which assess the user's own activity level and the connection degree among the users integratively, present and quantify the related factors that affect the user's own activity level and the connection degree among the users based on that we can analyze user’s behavior, and then come to the proportion of weighting. This algorithm avoided the topic drift phenomenon of the PageRank algorithm, and also systematically measured the user’s influence with highly accuracy.

    Figures and Tables | References | Related Articles | Metrics
    A Kind of Online Trust System Based on the Situation of China
    Qing GU, Chao XIE, Si-feng FENG
    2015, 15 (6):  79-84.  doi: 10.3969/j.issn.1671-1122.2015.06.013
    Abstract ( 504 )   HTML ( 0 )   PDF (6399KB) ( 106 )  

    First, this paper analyzes the outstanding problems existing in the development of E-commerce in China. E-commerce development is good in China. However, the identification mechanism of the market management subject and business license has not been formed. The government lack of supervision and credibility in the network market. Network market management behavior is not standardized. The legitimate rights and interests of consumers can not be guaranteed. The development of E-commerce is restricted. Second, this paper briefly introduces the characteristics of the development of the online trust system in China. The network trust system of China is based on the digital certificate issued by the third party authentication mechanism. Through the digital certificate and the electronic authentication service provided by the third party authentication mechanism, the electronic commerce environment and business application of the network which is safety and honesty is constructed. At last, it proposes network trust system suitable to national conditions. Provide the public trust service based on electronic license. Provide the notary service based on digital certificate. A network trust system of public trust and notarization is constructed. The electronic business license and the electronic business license system are designed and explained. The combination of electronic business license and digital certificate is put forward.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Software Security Testing for Potential Defects
    Ji-zhou FENG, Ming-hui TIAN
    2015, 15 (6):  85-90.  doi: 10.3969/j.issn.1671-1122.2015.05.014
    Abstract ( 468 )   HTML ( 1 )   PDF (7151KB) ( 129 )  

    Software testing is a very important activity in the verification and validation process of Capability Maturity Model Integration (CMMI), is the important means to guarantee the reliability of the software. In recent years, with the continuous improvement of software scale and complexity, software testing technology is also growing, but programming language itself inherent characteristics and developers in programming without thoughtful prevented many loopholes in compile, run and test phase, found that the defects by input validation, access validation errors, design errors, special conditions and competition conditions of errors in the circumstance that does not result in system crash, can tamper with the system user permissions in the form of a threat to system security. Through analyzing the potential security flaw which are neglected on software test, methods and preventive measure for solving them are summed up. Through giving the specific code features of this kind of defect, software developers’ awareness on the problem is enhanced. They have a positive significance to the reliability of the software.

    References | Related Articles | Metrics