Netinfo Security

A Scheme for Anonymous Authentication and Privacy Protection in the Internet of Things Environment

Na ZHAO, Hui LONG, Jinshu SU

2018, 18 (11): 1-7. doi: 10.3969/j.issn.1671-1122.2018.11.001

Abstract ( 583 )

HTML ( 4 )

PDF (5601KB) ( 333 )

Network security is a key issue in the research and application of Internet of Things, while authentication and privacy are primary issues in the network security research. To solve the anonymous authentication and privacy protection problems at the same time in the applications of Internet of Things with limited node resources, this paper proposes an anonymous authentication and privacy protection scheme for low bandwidth Internet of Things environment. The scheme uses ring signcryption to achieve the message encryption and anonymous authentication of signer’s identity on basis of existing message encryption and identity authentication research. This paper proves formally the correctness, anonymity, verifiability of the signer’s identity and unforgeability of the signature of the scheme in the random oracle model.

Figures and Tables | References | Related Articles | Metrics

Smart Contract in Blockchain

Chunguang MA, Jing AN, Wei BI, Qi YUAN

2018, 18 (11): 8-17. doi: 10.3969/j.issn.1671-1122.2018.11.002

Abstract ( 937 )

HTML ( 11 )

PDF (12316KB) ( 465 )

Smart contracts are executable code that is deployed on the blockchain and can be executed on behalf of the signatories automatically, independent of the central authority. Due to its enforceability, tamper resistance and verifiability, it can be applied to many scenarios. In the past few years, there have been many blockchain platforms where smart contracts can be deployed, some of which have actually been implemented and used. This paper first describes the definition and nature of smart contract, then analyzes the smart contract in each blockchain platform, and the intelligence in the most widely used blockchain systems of Bitcoin, Ethereum and Hyperledger. The contract was highlighted. Finally, the problems and solutions in the smart contract are pointed out.

Figures and Tables | References | Related Articles | Metrics

Research on Incremental Network Coding Method for Cloud Storage Based on Byte Level Optimization Update

Miaoli MA, Hongbo ZHANG, Weiying DING

2018, 18 (11): 18-26. doi: 10.3969/j.issn.1671-1122.2018.11.003

Abstract ( 443 )

HTML ( 2 )

PDF (10605KB) ( 93 )

Cloud storage system is a derivative concept of the cloud computing system, and it is a kind of cluster system including large amounts of the distributed storage resources, which provide safe and reliable network storage service. In order to improve the effectiveness of network coding for cloud storage system and improve the storage efficiency of data, an incremental network coding method for cloud storage based on byte level optimization is proposed. Firstly, a byte level optimization technique (Opt-DUM) is proposed for block differential update, which can improve the efficiency of cloud storage incremental coding by only sending updates related to the affected encoding bytes; Secondly, the problem of generating the update vector, reducing the increment matrix and the change of the file size in the process of updating is studied, and the design of the updating algorithm and communication protocol of all the participating modules in the cloud storage system is completed; Finally, the experimental results verify the performance advantages of the network update algorithm designed for file update in cloud storage system.

Figures and Tables | References | Related Articles | Metrics

A Security Model of Cloud Computing Based on IP Model

Congdong LV, Zhen HAN

2018, 18 (11): 27-32. doi: 10.3969/j.issn.1671-1122.2018.11.004

Abstract ( 655 )

HTML ( 1 )

PDF (7071KB) ( 145 )

Cloud computing is an open architecture that provides users with a variety of services over the internet. This approach poses a variety of threats to cloud computing, so security is the key to cloud computing’s ability to grow further. To achieve data and privacy security, encryption, access control and information flow control is the most effective way, encryption, access control cannot control the hidden information flow. In this paper, the security model of cloud computing architecture based on IP (SMCCIP) model can detect whether there is a hidden information flow in the cloud computing architecture so as to ensure the isolation between cloud computing users.

Figures and Tables | References | Related Articles | Metrics

New Heterogeneous Signcryption Scheme under 5G Network

Suzhen CAO, Xiaoli LANG, Xiangzhen LIU, Fei WANG

2018, 18 (11): 33-39. doi: 10.3969/j.issn.1671-1122.2018.11.005

Abstract ( 634 )

HTML ( 3 )

PDF (7900KB) ( 142 )

With the development of 5G networks, heterogeneous networks have become the research focus of 5G networks. The heterogeneous signcryption scheme can be used to guarantee the confidentiality and unforgeability in different cryptography. A security analysis for a signcryption scheme in certificateless cryptosystem was firstly provided, and the scheme does not satisfy the unforgeability of signatures, because a malicious KGC can forge a signature. Secondly, to enhance security, a new signcryption scheme was proposed, and extends the new scheme to the heterogeneous network environment under the traditional public key cryptosystem to the certificateless cryptosystem. The new schemes can overcome the security weakness of the original schemes, and can also ensures the security of data transmission between the traditional public key cryptographic and the certificateless cryptographic. In the end, in the random oracle model, based on the computational Diffie-Hellman problem, the unforgeability of the new scheme is proved, and the efficiency analysis shows that the proposed scheme has better communication efficiency and lower computational cost.

Figures and Tables | References | Related Articles | Metrics

A Kind of Secure Identity Authentication Method Based on Contact Signals for Internet of Things

Fulong CHEN, Ziyang ZHANG, Taochun WANG, Dong XIE

2018, 18 (11): 40-48. doi: 10.3969/j.issn.1671-1122.2018.11.006

Abstract ( 465 )

HTML ( 3 )

PDF (8706KB) ( 116 )

The identity authentication of nodes is the primary link of the security of the internet of things. However, the environment of the internet of things often involves identity authentication between multiple nodes, and the general internet of things identity authentication method is limited to two party identity authentication. A secure identity authentication method for internet of things based on contact signals is proposed in this paper. This method uses a secure multiparty calculation method for anonymity information anonymity and secret signal negotiation. It uses elliptic curve encryption algorithm to sign the information of the summary information and verify the signature for two-way identity authentication between multiple nodes and secure multi-party identity authentication. The results show that its cost of communication and computing is superior to the SMAOnEcc protocol and the NUASABEcc protocol.

Figures and Tables | References | Related Articles | Metrics

Full Homomorphic Encryption Scheme over Real Number Suitable for Cloud Service Environment

Rongbing WANG, Yanan LI, Hongyan XU, Yong FENG

2018, 18 (11): 49-56. doi: 10.3969/j.issn.1671-1122.2018.11.007

Abstract ( 438 )

HTML ( 4 )

PDF (8187KB) ( 133 )

User privacy security is the primary problem in the popularization and application of cloud services, while the fully homomorphic encryption scheme is the key technology to solve it. The integer fully homomorphic encryption scheme is the main method at present, and its operation is limited to addition and multiplication, which limited the application field of the scheme. At the same time, the low efficiency and poor security of encryption and decryption make integer fully homomorphic encryption scheme not suitable for the cloud service environment. In order to solve the problems above-mentioned, a full homomorphic encryption scheme over real number suitable for cloud service environment is proposed in this paper. Based on the mathematical theory basis of compound homomorphism, this scheme applies the fully homomorphic encryption technology to the real number range through the analog module operation, and adds subtraction and division on the operation, which not only enriches the kinds of operations, but also effectively extends the data encryption scope and the application field of fully homomorphic encryption. Finally, the proposed scheme is applied to the medical test data set used in the privacy protection field, and compared with the fully homomorphic encryption scheme applied to n bits and the faster fully homomorphic encryption scheme over integer in the encryption and decryption time and operation time. The experimental result shows that the scheme can extend the encryption scope more effectively, reduce the time of data encryption and decryption in cloud service environment and has high security. The real fully homomorphic encryption scheme is suitable for cloud service environment.

Figures and Tables | References | Related Articles | Metrics

Design of Data Integrity Verification Scheme under Cloud Platform

Yue ZHOU, Wei WANG, Hongbo SONG, Jingsha HE

2018, 18 (11): 57-65. doi: 10.3969/j.issn.1671-1122.2018.11.008

Abstract ( 753 )

HTML ( 4 )

PDF (8160KB) ( 120 )

Deploying the detection system on the cloud platform helps to improve the efficiency of the detection party and the detected party and reduce the detection cost. Because of the shortages of cloud platform and because the whole data interaction process needs to be transmitted through the network, it is impossible to ensure the security of data. The most common way to solve the security problem of application data on cloud platform is to verify the integrity of remote data. This paper designs a data integrity verification scheme on cloud platform by using the classical technology of verifying the integrity of remote data in cloud environment and combining the characteristics of data under cloud platform and the characteristics of data interaction. The scheme adopts a hybrid strategy to ensure that both the detection and the detected data can meet the requirements of integrity verification. Performance analysis shows that the computational and communication costs of the scheme are lower than those of the scheme using a single strategy.

Figures and Tables | References | Related Articles | Metrics

Secure Cloud Data Storage with Designated Auditors

Meng ZHAO, Yong DING, Yujue WANG

2018, 18 (11): 66-72. doi: 10.3969/j.issn.1671-1122.2018.11.009

Abstract ( 521 )

HTML ( 1 )

PDF (8410KB) ( 106 )

With the cloud computing technology, users do not need to deploy hardware and software facilities, which thus saves local storage costs for users. Once the data is outsourced to the cloud storage server, it is out of control from its owner. To protect the integrity of outsourced data, data owner is able to designate an auditor to perform integrity auditing. This paper presents a secure cloud storage scheme with designated auditor in bilinear groups, which requires the designated auditor to use his private key in verifying the response from the cloud storage server in the integrity auditing phase, in this way to determine the integrity of outsourced data. Moreover, the case of two designated auditors is considered, that is, the data owner designates two expected auditors in the data processing phase, such that each auditor does not need to interact with the other in performing integrity auditing. Security and performance analyses show that the proposed schemes are secure and efficient.

Figures and Tables | References | Related Articles | Metrics

Analysis of Data Hijacking in Instant Communication Network

Qingjun YUAN, Siqi LU, Zhongxing WEI, Jie GOU

2018, 18 (11): 73-80. doi: 10.3969/j.issn.1671-1122.2018.11.010

Abstract ( 579 )

HTML ( 3 )

PDF (9358KB) ( 111 )

Data hijacking is an important means to intercept and analyze packets in instant messaging network, which seriously threatens the security of instant messaging network. Aiming at the security theory and data protection mechanism in instant messaging network, this paper analyzes the encryption and decryption operation of communication data and its protection mechanism by combining static disassembly with dynamic debugging. The analysis results show that the protection mechanism of IM network is defective and easy to be hijacked by internal users. Internal users can analyze communication data, guess packet composition, communication mechanism and encryption mechanism, obtain key parameters, restore system key, intercept software to decrypt key code, write communication data decryption program, obtain secret information transmitted by other users in the communication network, then tamper with communication information, and destroy the confidentiality, availability and controllability of the communication network.

Figures and Tables | References | Related Articles | Metrics

Hazard Assessment of IoT Vulnerabilities Correlation Based on Risk Matrix

Xiaoxian REN, Jie CHEN, Chenyang LI, Yixian YANG

2018, 18 (11): 81-88. doi: 10.3969/j.issn.1671-1122.2018.11.011

Abstract ( 493 )

HTML ( 3 )

PDF (9099KB) ( 150 )

With the rapid development and popularization of the Internet of Things(IoTs), the proportion of attacks on Internet of Things is increasing year by year. In order to scientifically evaluate the vulnerabilities of IoT system, this paper proposes a vulnerability correlation hazard assessment method. Unlike the traditional method of evaluating a single vulnerability in isolation, this vulnerability correlation assessment method uses the CVSS v3 evaluation index, based on the vulnerability correlation graph and the risk matrix, and takes into account the relationship between pre-order vulnerability node and pose-order vulnerability node and vulnerability itself. Experiments show that the method has effective guides for protection of cyberspace security and can avoid the IoT devices that have high correlation hazard vulnerabilities controlled by attackers to launch DDoS attacks or to become a blockchain mining tools.

Figures and Tables | References | Related Articles | Metrics

Table of Content