Netinfo Security

Certificateless Parallel Key-insulated Signature for Industrial Internet of Things

Yanan CHEN, Qian MEI, Hu XIONG, Weixiang XU

2018, 18 (10): 1-9. doi: 10.3969/j.issn.1671-1122.2018.10.001

Abstract ( 720 )

HTML ( 9 )

PDF (10526KB) ( 146 )

With the rapid development of the industrial Internet of things, an urgent problem is to keep the user’s private key during the signing process from being leaked in an insecure cloud environment. To reduce the danger of the private key leakage, the key-insulated mechanism has been introduced. In addition, certificateless signature scheme is proposed to solve the complex certificate management process and key escrow problem. This paper incorporates the key-insulated mechanism and certificateless signature to obtain a certificateless parallel key-insulated signature, which we give the definition and security model of the new system. Two introduced helpers in our scheme can alternately help user update the temporary private keys, which can enhance the security of the system. Besides, the security of the scheme is proved in the random oracle model, which satisfies all the properties of the key-insulated security.

Figures and Tables | References | Related Articles | Metrics

Regression Algorithm with Privacy Based on Secure Two-party Computation

Chunming TANG, Weiming WEI

2018, 18 (10): 10-16. doi: 10.3969/j.issn.1671-1122.2018.10.002

Abstract ( 669 )

HTML ( 4 )

PDF (7487KB) ( 177 )

In order to ensure the accuracy of model, traditional machine learning algorithms need to collect a large amount of raw data for model training, which easily causes privacy leakage. This paper uses the additive secret sharing scheme to perform secure two-party computing on two non-collusion semi-honest servers, and gives a linear regression algorithm with privacy. Considering that the sigmoid function is hard to support secure two-party calculation, its Taylor approximation form is used, and a Logistic regression algorithm with privacy is given in combination with linear regression algorithm. Both linear regression algorithms can simultaneously achieve the privacy protection of raw data and model parameters.

Figures and Tables | References | Related Articles | Metrics

Gesture Authentication Method Based on HMM and D-S Evidence Theory

Ziwen SUN, Fu LI

2018, 18 (10): 17-23. doi: 10.3969/j.issn.1671-1122.2018.10.003

Abstract ( 546 )

HTML ( 1 )

PDF (7556KB) ( 106 )

Aiming at the security problems of smart phone users’ privacy and information, a gesture recognition identity authentication method based on HMM and D-S evidence theory is adopted. Firstly, the original data of the gesture trajectory is collected by the touch screen sensor of the smart phone, the gesture feature sequence is preprocessed and extracted as the observation sequence of the HMM, and a legal user gesture model is established. Secondly, the preliminary judgment result is obtained by matching the test gesture feature sequence and the gesture model, and then use D-S evidence theory combination rules to get the fusion probability distribution function for the final certification decision. Simulation results show that compared with other methods, this method can effectively improve the accuracy of gesture recognition authentication.

Figures and Tables | References | Related Articles | Metrics

Research on Information Forensics Scheme Based on node2vec Neural Network

Xiangjiu CHE, Tianyue HU

2018, 18 (10): 24-30. doi: 10.3969/j.issn.1671-1122.2018.10.004

Abstract ( 558 )

HTML ( 2 )

PDF (7485KB) ( 107 )

Through the analysis of social information network (SIN), it is an important research direction of social cluster network to obtain the interpersonal relationship and community structure of specific goals in the real world. The research is of great significance in the field of criminal investigation and justice, which enables the investigators to describe the internal structure of criminal organization without physical capture/surveillance, and then to find the core members of criminal organization. Based on the relevant research in the field of forensics and some algorithms of machine learning neural network, this paper proposes a network forensics tool Vec2Rank-CrimeNet, and gives its effect in solving practical problems by taking the real crime data as experimental data.

Figures and Tables | References | Related Articles | Metrics

Research on a Download Link Recognition Scheme Based on Feature Extraction

Guihua DUAN, Zhuoxiang SHEN, Dongjie SHEN, Zhi LI

2018, 18 (10): 31-36. doi: 10.3969/j.issn.1671-1122.2018.10.005

Abstract ( 595 )

HTML ( 3 )

PDF (7200KB) ( 96 )

Considering the characteristics that there are many fake download links in download websites, this paper proposes a download link recognition scheme DLRS based on the technology of feature extraction and machine learning in order to help users identify whether a download link is real and available or not. Thus it can prevent users from security threats caused by clicking on fake download links. Meanwhile, the scheme can also enable users to find real download links from many links embedded in advertising information, improving the efficiency of information download.In this paper, we use the method of scatter matrix to extract the features, and apply linear regression to establish the model. Finally, the gradient descent is adopted to find the optimal solution. The experience shows that DLRS performs well in terms of efficiency and accuracy, and has good promotional values.

Figures and Tables | References | Related Articles | Metrics

Research on a Trusted Collaborative Second Users Selection Strategy in Distributed Cognitive Radio Networks

Xuli RAO, Hui LIN, Youliang TIAN, Li XU

2018, 18 (10): 37-44. doi: 10.3969/j.issn.1671-1122.2018.10.006

Abstract ( 478 )

HTML ( 1 )

PDF (8969KB) ( 83 )

Collaborative spectrum sensing can effectively optimize the spectrum sensing results in the distributed cognitive radio networks (DCRN). However, the collaborative spectrum sensing also brings some security threats, especially the threats from the malicious collaborative second users’ attacks. To resolve the above problems, this paper proposes a trustworthy spectrum sensing collaborative second user selection strategy (RMCSS) based on integrated reputation mechanism and metagragh. The strategy combines the reputation evaluation results of second users with the metagraph theory, takes the reputation values as the main parameters to calculate the relationship between second users in the metagraph, establishes the trust relationship between different second users, and selects the trusted second users.Simulation experiments and results analysis show that the proposed strategy can effectively improve the credibility of the selected second users, thereby improving the ability to resist spectrum sensing data tampering attacks and channel detection rate.

Figures and Tables | References | Related Articles | Metrics

Improvement of Selection Operator in Multithreading Model for Multimedia Packets in NIDS

Xu ZHAO, Guangqiu HUANG, Yanpeng CUI, Mingming WANG

2018, 18 (10): 45-50. doi: 10.3969/j.issn.1671-1122.2018.10.007

Abstract ( 586 )

HTML ( 1 )

PDF (7878KB) ( 93 )

Omission is inevitable, when the network traffic exceeds the load capacity of network intrusion detection system (NIDS). In this case, dangerous packets should be given priority to processing. Since the large proportion of multimedia packets in traffic, the multithreading model for multimedia packets has been proposed in NIDS. In this paper, the selection operator is improved, and new processing steps in the model is proposed. When omission occurs, this improved model can choose more dangerous multimedia packets for processing within the maximum processing capacity of different threads. Experimental results indicate that this model can help NIDS to improve its detection rate for dangerous multimedia packets effectively.

Figures and Tables | References | Related Articles | Metrics

Research on RFID System Security Authentication Protocol Based on Elliptic Curve Cryptography

Xiaohong ZHANG, Yanhui GUO

2018, 18 (10): 51-61. doi: 10.3969/j.issn.1671-1122.2018.10.008

Abstract ( 469 )

HTML ( 3 )

PDF (10674KB) ( 91 )

With the widespread application of RFID technology in military, financial, public security and other fields, people put forward higher requirements for the security performance of RFID system. This paper designs a RFID system mutual authentication protocol based on the elliptic curve cryptography (ECC) by using ECC characteristics of short key, high security and small storage space, and analyzes and proves formally that the protocol can achieve the desired security targets by using BAN logic. Compared with other similar application protocols, the protocol has good reliability in resisting tracking attack, denial of service attack, retransmission attack and impersonation attack, and can satisfy mutual authentication, confidentiality, anonymity and forward security. The protocol requires for 3 times elliptic curve scalar multiplication operations, which reduces the tag computational cost by 60% compared with other protocols, while improves the implementation efficiency of the RFID system by 70%. The protocol applies to the key areas such as military logistics management and confidential documents protection.

Figures and Tables | References | Related Articles | Metrics

A Certificate Denial Authentication Encryption Schemes with Privacy Protection Features

Yulei ZHANG, Yanli MA, Wenjing LIU, Caifen WANG

2018, 18 (10): 62-69. doi: 10.3969/j.issn.1671-1122.2018.10.009

Abstract ( 455 )

HTML ( 4 )

PDF (9463KB) ( 95 )

In the rapid development of network information, the security of identity information has become particularly important and critical. Based on the certificate public key cryptosystem, this paper proposes a denial-authentication encryption scheme for certificates with privacy protection features, which effectively avoids the security problems of the voter identity in the electronic voting process and the sender's sending email. Under the random oracle model(ROM), based on the bilinear Diffie-Hellman(BDH) assumption and Computational Diffie-Hellman(CDH) assumption, the scheme is proved to satify the indistinguishability and the existential unforgeability.Meanwhile, the scheme satisfies the denial, not only protects the privacy of voters and senders, but also denies voting messages and sending messages to better solve privacy problems. Compared with the existing identity-based denied authentication encryption schemes, the efficiency of the scheme is equivalent to the above ones in the aspects of encryption and verification, however the key escrow problems of those schemes are eliminated.

Figures and Tables | References | Related Articles | Metrics

Research on Threat Modeling of Industrial Control Network Based on Attack Graph

Ruiying CHEN, Zemao CHEN, Hao WANG

2018, 18 (10): 70-77. doi: 10.3969/j.issn.1671-1122.2018.10.010

Abstract ( 757 )

HTML ( 20 )

PDF (8843KB) ( 169 )

Application of network and computer technology in industrial control network has been very common. The industrial control network security has been widely concerned followed by universal application of information technology. Security issues such as vulnerabilities have been exposed in industrial control network security incidents. In this paper, the attack graph based on the growth of attack level is used to model attack scenarios of the industrial control network. Firstly, the formal representation methods of the attack graph and attack graph generation procedure have been introduced. Next, the article describes the typical attack scenarios in the industrial control network as an example and build the attack graph based on the attack level growth for the attack scenarios. Furthermore, it uses the attack graph to analyze the security of the network, predict the attack path most likely to be taken by attackers, and to obtain the security requirements. The example shows that using the attack graph to analyze the network security of the warship platform network can provide scientific guidance for the constructing the industrial control network security architecture, and is practical in use.

Figures and Tables | References | Related Articles | Metrics

Research on an Anomalies Detection Method for Firewall Rules

Sisi CHEN, Jin YANG, Tao LI

2018, 18 (10): 78-84. doi: 10.3969/j.issn.1671-1122.2018.10.011

Abstract ( 710 )

HTML ( 11 )

PDF (8529KB) ( 163 )

Firewall is one of the core elements in network security. However, the firewall in the cloud environment, the processing for network traffic usually reaches 10 Gb. And the generation of 10 Gb firewall, the increasing of firewall rules and the anomalies of rules impair the firewall performance seriously. This paper presented a valid-rule-set based anomalies detection method for firewall rules, which improve the state-transition based anomalies discovery algorithm. According to producing valid-rule-set and altering the detection object from original-rule-set to valid-rule-set, optimize the process of detection and locate the range of the anomaly. The experiment results show that, in the presence of a certain degree of redundancy in original-rule-set, the method can enhance the effect of detection.

Figures and Tables | References | Related Articles | Metrics

Improved Auditing Schemes with Identity-preserving for the Integrity of Shared Data in the Cloud

Hong JIANG, Baoyuan KANG, Chunqing LI

2018, 18 (10): 85-91. doi: 10.3969/j.issn.1671-1122.2018.10.012

Abstract ( 503 )

HTML ( 2 )

PDF (8267KB) ( 109 )

With the development of Internet and information technology, cloud computing has become one of the hottest topic of the day, cloud service is getting into people’s life day by day, and provides data storage and computing service to data users. But, it is necessary for an auditor on users’ behalf to check the integrity of the outsourced data in the cloud. Also the cloud server must ensure the identities of the users and privacy of the data blocks. In this paper, based on the existing work, we use digital signature technology and the properties of the bilinear pairing and propose improved public auditing schemes with identity-preserving for the integrity checking of the shared data in the cloud and prove the security of one improved scheme under the assumption that the discrete logarithm problem is hard. Through comparison of computation and security, it is shown that the improved scheme proposed in this paper has more rigorous security and relatively smaller computation cost.

Figures and Tables | References | Related Articles | Metrics

Table of Content