Netinfo Security

A Remote Attestation Scheme for Intelligent Mobile Terminal Based on SDKey in Smart Grid Environment

Jin WANG, Xiao YU, Chang LIU, Bo ZHAO

2018, 18 (7): 1-6. doi: 10.3969/j.issn.1671-1122.2018.07.001

Abstract ( 578 )

HTML ( 6 )

PDF (1324KB) ( 201 )

In smart grid, intelligent mobile terminals have been widely used, which also faces more and more serious security threats. In order to prevent intelligent mobile terminals from becoming springboards for attackers to intrude into the internal network and cause more serious harm, it is urgent to study the security problems of intelligent mobile terminals. This article introduces the security SD card without changing the hardware architecture of the intelligent mobile terminal, designs a security authentication protocol for the intelligent mobile terminal, and implements a remote attestation scheme based on SDKey for the intelligent mobile terminal. The analysis shows that the scheme can provide better security for mobile terminals in the field of certification.

Figures and Tables | References | Related Articles | Metrics

Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain

Wei HU, Qiuhan WU, Shengli LIU, Wei FU

2018, 18 (7): 7-9. doi: 10.3969/j.issn.1671-1122.2018.07.002

Abstract ( 883 )

HTML ( 12 )

PDF (1683KB) ( 372 )

Currently, there are many accesses to gain the card readers of the second generation of resident identity cards, which are inexpensive and easy to be misused by the criminals to obtain citizens’ identity privacy information so that they can use it to commit fraud, illegally open up credit cards and other crimes. Besides, when people are checking in the hotels or opening an account in the banks, these institutions which need to verify citizens’ identity under real name mechanism mostly use the centralized authentication method and largely save their real name information in cleartext. Compared with the RSA algorithm and International criterion ECC algorithm that used in the traditional authentication, the SM2 algorithm has better security performance, less demand for storage space and higher speed of signing. So, it is appropriate to be applied in the smart phones and other popular mobile terminals. The blockchain technology has the feature of decentralition and it’s difficult to be tampered. It can effectively solve the problems lay in centralized authentication, including the single point failure and difficulty in the trust issue in multiple CA structure. Therefore, to solve the privacy leakage problems in above scenarios, the paper modified the conventional certification system, proposed an identity authentication system which is based on SM2 algorithm and blockchain technology and combined two-dimensional code and facial recognition technologies, and finally designed an identity authentication agreement elaborately.

Figures and Tables | References | Related Articles | Metrics

Research on Ubiquitous Botnet

Di WU, Xiang CUI, Qixu LIU, Fangjiao ZHAGN

2018, 18 (7): 16-28. doi: 10.3969/j.issn.1671-1122.2018.07.003

Abstract ( 595 )

HTML ( 5 )

PDF (8298KB) ( 208 )

The current devices in ubiquitous network are in the early stage of intelligence, resulting in many security issues. In addition, the universally low security consciousness among users and the connectivity of ubiquitous network provide a huge space for malicious codes’ survival, propagation and development. Botnet is one of the most effective attack platforms. However, as the forms and command and control mechanisms change in the ubiquitous network environment, there are new challenges to defenders. This paper, on the basis of making clear the features of ubiquitous network environment, gives the formal definition of ubiquitous botnet, and makes a comprehensive introduction of the mechanism, build process and core technology. Moreover, the paper divides the development of ubiquitous botnet into three stages in chronological order, namely, attacks to PC, attacks to phone and extensive attacks, and analyzes the technical details from spreading infection, survival ability and control management. After a summary of the present defensive countermeasures, possible future attempts are presented.

Figures and Tables | References | Related Articles | Metrics

Research on a Dual-stealth Mechanism of User Identity and Location in Accessing Wireless Network

A-yong YE, Qing LI, Junlin JIN, Lingyu MENG

2018, 18 (7): 29-35. doi: 10.3969/j.issn.1671-1122.2018.07.004

Abstract ( 649 )

HTML ( 1 )

PDF (1334KB) ( 162 )

Because of the inherent "user-terminal-BS-location" spatio-temporal mapping relationship between user location and wireless network, the end-to-end anonymous authentication can't solve the leakage problem of location privacy. This paper uses the idea of fuzzification to construct the identity authentication model with k-anonymous set identity, which replaces the unique identity in existing protocols and achieves double anonymity protection of user identity and device identity for BS. On this basis, the trusted third party is introduced to cut off the direct correlation between the server and BS, shield the mapping relationship between the user and the accessed BS, and solve the location privacy problem of the server, so as to achieve double-stealth protection of the user identity and location. In the stealth access mechanism, random factors and hash operations are introduced to resist a variety of network attacks. This paper analyzes the feasibility and safety of the scheme from a theoretical point of view.

Figures and Tables | References | Related Articles | Metrics

Secure Mobility Management Framework with Privacy Preservation for Vehicle Platoon

Chengzhe LAI, Wenjuan WANG

2018, 18 (7): 36-46. doi: 10.3969/j.issn.1671-1122.2018.07.005

Abstract ( 672 )

HTML ( 1 )

PDF (1835KB) ( 215 )

To address the problem of supporting secure and efficient mobility management in heterogeneous vehicular networking, as well as performance challenges in supporting emerging for vehicle platoon environments. In this paper, a new SDN-enabled VANET-Cellular integrated network architecture is proposed by following the SDN concept, which is based on the OpenFlow (OF) protocol. And we introduce a unified secure and seamless IP communications framework. We try to address two major challenges: 1) how to securely and flexibly set up the platoon in a privacy preserving way when considering the vehicles’ social attributes, and 2) how to control the handover signalling overhead (mainly introduced by group based handover authentication and IPsec establishment), and reduce handover latency when a large number of platoon members need to securely access the Internet. The performance evaluations demonstrate that the proposed proposal outperforms other schemes in terms of average signaling cost and handover latency.

Figures and Tables | References | Related Articles | Metrics

A Short Identity-based Signature Scheme with Bilateral Security

Liming ZUO, Kaiyu HU, Mengli ZHANG, Pingping XIA

2018, 18 (7): 47-54. doi: 10.3969/j.issn.1671-1122.2018.07.006

Abstract ( 626 )

HTML ( 3 )

PDF (2811KB) ( 268 )

Short identity-based signature with forward-secure is an important research direction of digital signature, which has important applications in industrial control protocol of IOT (Internet of things). Based on the BONEH’s scheme, starting from the basic idea of forward security definition, a scheme with bilateral security and short identity-based signature was structured, and scheme not only has the security property of identity-based signature, but also satisfies forward security and backward security, which effectively solves the problem of private key leakage in identity-based signature schemes. Subsequently, the scheme was proved to be existentially unforgeable under the adaptive chosen message and identity-based attacks in random oracle model with k-traitors (k-CAA) problem. Finally, the scheme was compared with several classical schemes about the efficiency analysis and was successfully implemented with C in the same environment. The results show that the computational complexity of the signature and verification is lower and the length of the signature is shorter.

Figures and Tables | References | Related Articles | Metrics

Multi-proxy Blind Signature Scheme Based on Quantum Properties

Jianwu LIANG, Xiaoshu LIU

2018, 18 (7): 55-59. doi: 10.3969/j.issn.1671-1122.2018.07.007

Abstract ( 586 )

HTML ( 2 )

PDF (1008KB) ( 175 )

Based on quantum properties, a multi-proxy blind signature scheme was proposed. In the scheme, the owner of the message transform message into single quantum state according to corresponding relation between the single quantum state and the message. Then he completes blind message by unitary operation according to the secret key. Proxy signers use unitary transformation of single quantum to complete signature and verification. The scheme does not need to use multi particle entangled quantum states and Verifier Only need to measure single quantum state when verifying the signature. The process is simple and efficient process, at the same time, the information of the signature does not become large with the increase of the signer. The deleting and adding of the proxy signer is easy to operate. The security analysis of the scheme shows that it is a secure and achievable quantum multi-proxy blind signature scheme.

Figures and Tables | References | Related Articles | Metrics

Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection

Qinghe DONG, Qian HE, Bingcheng JIANG, Peng LIU

2018, 18 (7): 60-68. doi: 10.3969/j.issn.1671-1122.2018.07.008

Abstract ( 634 )

HTML ( 4 )

PDF (1453KB) ( 170 )

As a new cloud computing application, cloud database has been widely concerned, but data security has become the difficulty of further development of cloud database. Targeting the problem of data protection and QoS of muitl-tanant cloud database in large data center, a multi-tenant cloud database security isolation and data protection based on attribute based encryption scheme is proposed. Firstly, the multi-tenant cloud database management system is designed and implemented to guarantee the data isolation between tenants. Secondly, a middleware based on attribute based encryption is proposed to encrypt the tenant data to ensure the security of the data and realize the fine grainen rank control. Finally, a QoS system based on SDN is designed and implemented to ensure the service bandwidth of the cloud database service. The experimental results show that the proposed system can meet the security requirements of multi-tenant. When the network is congested, the QoS system can protect the business bandwidth of the encrypted database system and ensure the service experience of the tenant.

Figures and Tables | References | Related Articles | Metrics

A Data Symmetric Encryption Algorithm Based on Double Plaintext

Yongqian XIANG, Zhiqi SONG, Tianyu WANG

2018, 18 (7): 69-78. doi: 10.3969/j.issn.1671-1122.2018.07.009

Abstract ( 635 )

HTML ( 7 )

PDF (1702KB) ( 204 )

The security of traditional symmetric cryptosystem lies entirely in the secrecy of encryption keys. DES, 3DES, IDEA and AES, which are symmetric algorithms commonly adopted, all make their ways from one single set of plaintexts to one single set of ciphertexts. Owing to the simplex mode of information utilization, the amount of information transmitted is far from perfection. Also, they are unable to provide separate information when faced with the situation where the demand of branch conditions is not well met. In the view of the foregoing perspectives, this paper introduces double plaintext and gives a brief introduction of its encryption method and operational principle. And the encryption algorithm is divided into several sub-algorithms with each of them described carefully in terms of function and safety considerations. The paper also summarizes similarities and differences between familiar symmetric encryption algorithms and the one this paper presents. Meanwhile a few application scenarios are demonstrated to help form an understanding of the prospect of the algorithm. In the last part, this paper analyzes the strength and weakness this algorithm can bring and gives a future study direction. This encryption algorithm helps to multiply the amount of information being transmitted, and to bring in a method of writing back plaintext alternatively with high efficiency. And it innovates in preventing intruders from brute-force attack. Additionally, hash arithmetic is also introduced to ensure data integrity, resist tamper and complete inspection. So this method is well advanced technically.

Figures and Tables | References | Related Articles | Metrics

A Reputation Management Model for Mobile Adhoc Networks Based on Multicast

Shiwen WANG, Xiangguo CHENG, Hui XIA

2018, 18 (7): 79-88. doi: 10.3969/j.issn.1671-1122.2018.07.010

Abstract ( 494 )

HTML ( 4 )

PDF (1463KB) ( 121 )

Resisting attacks and evaluating the reputation values of nodes are important parts of trusted MANET(Mobile Adhoc Network), so it is necessary to establish an effective trust system. In order to solve the problems of overload and credibility of monitoring information in the network, etc., this paper proposes a node-hierarchical reputation management system that collects monitoring information and calculates the reputation values of nodes by selecting special nodes as management nodes. The management nodes communicate with each other by multicast. The model can effectively identify malicious information, improve the credibility of monitoring information, and solve the problem of information collection in the network. At the same time, management nodes can coordinate with each other to effectively detect and resist various attacks. Simulation results demonstrate the effectiveness of the model.

Figures and Tables | References | Related Articles | Metrics

Table of Content