Loading...
Netinfo Security

Table of Content

    20 January 2019, Volume 19 Issue 1 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    A Vulnerability Detection Method Based on Random Detection Algorithm and Information Aggregation
    Weiping WEN, Jingwei LI, Yingnan JIAO, Hailin LI
    2019, 19 (1):  1-7.  doi: 10.3969/j.issn.1671-1122.2019.01.001
    Abstract ( 593 )   HTML ( 9 )   PDF (7969KB) ( 224 )  

    As the complexity of computer software continues to grow, the security of software architectures continues to decline. Due to the high coupling of software modules, the number of software vulnerabilities has increased dramatically. The detection and protection technologies of security vulnerabilities have gradually become key research directions in the field of network security. However, the existing vulnerability detection methods have many shortcomings. Fuzzy testing technology consumes a lot of time, and there is no fast vulnerability scanning method for large-scale binary programs in the industry. Based on machine learning method, this paper uses a random detection algorithm to extract lightweight static features of decompiled programs, and aggregates parameters in the process of extracting dynamic features. Text-CNN, Logistic and random forest algorithms are used to train dynamic and static features respectively. Experiments show that this method can effectively detect vulnerabilities in binary programs.

    Figures and Tables | References | Related Articles | Metrics
    Research on Ciphertext Full-text Retrieval of Cloud Storage Based on Improved DGHV Algorithm
    Zhongyuan QIN, Yin HAN, Xuejin ZHU
    2019, 19 (1):  8-8.  doi: 10.3969/j.issn.1671-1122.2019.01.002
    Abstract ( 678 )   HTML ( 1 )   PDF (8401KB) ( 140 )  

    In order to solve the confidentiality problem of user data in cloud storage effectively, this paper presents a ciphertext full-text retrieval method of cloud storage based on homomorphic encryption. This paper first introduces homomorphic encryption and studies the ciphertext retrieval scheme based on DGHV algorithm. A scheme based on improved DGHV algorithm is then proposed in this paper for ciphertext full-text retrieval of cloud storage. The scheme uses two keys to perform homomorphic encryption on the plaintext keywords. One is a user key that only the user knows, and the other is a retrieval key shared by the user and the cloud server. When a user retrieves a file, the cloud server can perform a full-text retrieval operation on the files only by using the retrieval key, while the user key is always retained only on the user’s side, and the cloud server cannot obtain it to decrypt the ciphertext data of the user. The scheme can realize efficient retrieval under the third-party server untrusted cloud storage scenario, and ensure the confidentiality of user data.

    Figures and Tables | References | Related Articles | Metrics
    Analysis of Three Pairing-free Authenticated Key Agreement Protocols
    Qingfeng CHENG, Zhanjing RUAN, Ruijie ZHANG
    2019, 19 (1):  16-26.  doi: 10.3969/j.issn.1671-1122.2019.01.003
    Abstract ( 639 )   HTML ( 2 )   PDF (11739KB) ( 113 )  

    The pairing-free key authenticated agreement protocol over elliptic curves is widely used in the information security field for its good security and execution efficiency. The paper analyzes the security of three pairing-free authenticated key agreement protocolsover elliptic curves. It points out its flaws in the nature of securityand provides private key replacement attack, ephemeral key leakage attack, partial secret information leakage attack and other attack methods to these three protocols respectively, and one of group key agreement protocol is improved based on the elliptic curve discrete logarithm problem.In addition, through protocol comparison, the improved protocol is more secure and more efficient than other group key agreement protocols with bilinear pairing.

    Figures and Tables | References | Related Articles | Metrics
    An Improved Formal Analysis Method Based on Authentication Tests
    Mengmeng YAO, Zhengchao ZHU, Mingda LIU
    2019, 19 (1):  27-33.  doi: 10.3969/j.issn.1671-1122.2019.01.004
    Abstract ( 605 )   HTML ( 1 )   PDF (7693KB) ( 121 )  

    In recent years, authentication tests has been improved and applied to the analysis of various security protocols. However, these improvement theorems also have certain defects in terms of application scope and accuracy. In response to these defects, in this paper, improved incoming test theorem and encryption test theorem are proposed, and proof of the improvement theorem is given. This paper points out the defects of the authentication test in use by analyzing the judgment of the normal nodes in the authentication test, the errors in the proof process, and the inaccuracies and errors in the process of parameter consistency verification. Based on these defects, an improved formal analysis method recursion test is proposed. This method is used to prove BAN-Yahalom protocol, the result proves this method has expanded the scope of the use of authentication tests, and can analyze the security protocol effectively, accurately.

    Figures and Tables | References | Related Articles | Metrics
    Identity-based Matrix Encryption Scheme Based on Lattices
    Mingxiang LI, Hongtao WANG
    2019, 19 (1):  34-41.  doi: 10.3969/j.issn.1671-1122.2019.01.005
    Abstract ( 770 )   HTML ( 11 )   PDF (9514KB) ( 170 )  

    The lattice-based cryptosystem is a public key cryptosystem that resists quantum computing attacks. Once the quantum computer is available, it will impact on the widely used public key cryptosystems, such as integer factorization-based cryptosystems and discrete logarithm-based cryptosystems. Hence, the lattice-based cryptosystem has become a research focus in the network security field in the recent years. Identity-based encryption scheme simplifies the management of the user’s public key, and can be applied to the resource-constrained situations. At present, many identity-based encryption schemes based on lattices have been proposed. But these schemes are all single-bit encryption schemes. Consequently, this paper designs a lattice-based matrix public key encryption scheme by using Peikert, Vaikuntanathan and Waters’ ciphertext packing technique. This paper proves that the proposed public key encryption scheme is IND-CPA secure based on the LWE hardness assumption. And then, based on the proposed public key encryption scheme, this paper constructs an identity-based matrix encryption scheme based on lattices in the light of the dual cryptosystem defined by Gentry, Peikert and Vaikuntanathan. This paper proves that the proposed identity-based encryption scheme satisfies the IND-sID-CPA security based on the LWE hardness assumption.

    References | Related Articles | Metrics
    Probably Secure and Efficient Certificateless Aggregate Signature Scheme
    Suzhen CAO, Xiaoli LANG, Xiangzhen LIU, Fei WANG
    2019, 19 (1):  42-50.  doi: 10.3969/j.issn.1671-1122.2019.01.006
    Abstract ( 702 )   HTML ( 3 )   PDF (9046KB) ( 131 )  

    The private key of all entities in the certificateless cryptosystem is generated by the key generation center (KGC) and the other part is generated by the user. This solves the problem of key escrow and reduces the burden of certificate management. The aggregate signature scheme improves the verification efficiency of signatures and also saves the length of signatures during communication. This paper first analyzes the security of an efficient certificateless aggregation signature scheme, and points out that the scheme does not satisfy the unforgeability. The malicious KGC can perform passive attacks, forge a valid aggregate signature and pass verification. In order to improve the security of the original scheme, this paper proposes a valid and efficient certificateless aggregation signature scheme. The new scheme does not require bilinear operation and overcomes the security problems of the original scheme. Based on the computational Diffie-Hellman problem, the improved new scheme is proved to be adaptive message attack unforgeable under the random oracle model. Compared with origin scheme, the proposal scheme is more secure and the total computational cost is greatly reduced.

    Figures and Tables | References | Related Articles | Metrics
    Community Distributed Power Security Transaction Scheme Based on Blockchain
    Xiuxia TIAN, Xi CHEN, Fuliang TIAN
    2019, 19 (1):  51-58.  doi: 10.3969/j.issn.1671-1122.2019.01.007
    Abstract ( 724 )   HTML ( 4 )   PDF (9019KB) ( 168 )  

    With the continuous development of blockchain technology, blockchain has become one of the most important technologies for building an energy internet. At present, with the deepening of energy transformation, users are both producers and consumers. How to establish a safe and reliable energy trading market is one of the research priorities. Aiming at the privacy leakage and security problems in the transaction process, this paper proposes a blockchain-based community distributed power security transaction scheme, which divides the energy transaction into public transactions and private transactions. Using private transactions and smart contract authority control to protect the privacy of transactions and ensure the security of transactions.

    Figures and Tables | References | Related Articles | Metrics
    A Trust-based Multicast Routing Protocol
    Benxia LI, Hui XIA, Sanshun ZHANG
    2019, 19 (1):  59-67.  doi: 10.3969/j.issn.1671-1122.2019.01.008
    Abstract ( 528 )   HTML ( 1 )   PDF (9563KB) ( 122 )  

    Ad-hoc network is a centerless peer-to-peer network. Nodes in the network have equal status. Nodes can join or leave the network at any time without centralized management. This makes the network vulnerable to various internal attacks, the most common of which is routing attack. At present, the effective way to deal with such attacks in academia is to propose a suitable trust model for nodes and apply it to various routing protocols. The common problem in existing trust models is that it is impossible to integrate reasonably all kinds of decision-making factors for calculating the trust values of nodes. This paper proposes a trust model, which synthesizes two factors by using the fuzzy logic theory, and obtains the trust values of nodes after de-fuzzification. This paper applies trust model to the routing establishment and maintenance of multicast routing protocol MAODV, and proposes a routing protocol MTAODV. The simulation results show that MTAODV can effectively improve the transmission rate of data packets in the network at the cost of end-to-end delay and slightly increased routing overhead.

    Figures and Tables | References | Related Articles | Metrics
    Research and Implementation of Application Program Protection Mechanism under Big Data Platform
    Tianxiong WU, Xingshu CHEN, Yonggang LUO
    2019, 19 (1):  68-75.  doi: 10.3969/j.issn.1671-1122.2019.01.009
    Abstract ( 813 )   HTML ( 7 )   PDF (8244KB) ( 193 )  

    In recent years, the big data industry has shown an explosive growth trend. People have realized the importance of data for production. At the same time, various platforms have been created to help analyze and mine big data, but due to the current popularity Data processing frameworks such as Hadoop and Spark are based on the Java bytecode mechanism, so that applications written by users can be completely decompiled, and the core ideas of applications are directly exposed. Based on this, this paper designs a complete solution for user application protection under the big data platform, which consists of a cryptographic module, a distributed decryption module, and a distributed filtering module. The application protection mechanism proposed in the article under the big data platform draws on the code protection mechanism under the single machine and combines the work flow and work characteristics of the big data platform computing engine. Through experimental testing and practical application, the solution proposed in this paper can achieve application protection under the big data platform, and the program will hardly affect the running performance of the application.

    Figures and Tables | References | Related Articles | Metrics
    Research on Anti-counterfeiting Technologyof Seal Based on Domestic Cryptography Algorithm
    Xiang ZOU, Bing CHEN
    2019, 19 (1):  76-82.  doi: 10.3969/j.issn.1671-1122.2019.01.010
    Abstract ( 739 )   HTML ( 5 )   PDF (8234KB) ( 221 )  

    At present, various types of illegal and criminal activities occur frequently with the use of false seals, it has caused huge economic losses and serious social harm, and how to effectively implement anti-counterfeiting of seal has become an important problem to be solved. Based on the analysis of the traditional anti-counterfeiting technology of seal and new anti-counterfeiting technology solution, this paper proposes an anti-counterfeiting method of seal based on domestic cryptography algorithm, and introduces the whole lifecycle management framework of seal based on domestic cryptography algorithm, key management system, chip seal issuance and verification process. It also analyzes the safety of its cryptography algorithm, business process and information. The method constructs an integrated security chain between the components of the system in chip seal issuance and verification process. It ensures the credibility of the participants and guarantees the security of the whole process of seal information storage, processing and transmission, which improves the efficiency of chip seal issuance and verification process. It can be widely applied to the large-scale issuance and mutual recognition of chip seals, realizing secure and convenient identification of chip seals.

    Figures and Tables | References | Related Articles | Metrics
    Research on Establishment of Network Security Service Ability System for A New Era
    Jie QU, Chunling FAN, Guangyong CHEN, Jintao ZHAO
    2019, 19 (1):  83-87.  doi: 10.3969/j.issn.1671-1122.2019.01.011
    Abstract ( 1503 )   HTML ( 45 )   PDF (6068KB) ( 692 )  

    Based on the supporting role of network security services in the development of network security and the characteristics of classified protection 2.0, focusing on the main objectives, service objects, service cycles and service contents of network security services, this paper discusses how to clarify the responsibilities of service providers and service demanders by establishing complete technical system, standard system and management system of network security services. This paper also discusses how to promote the continuous improvement of the level of network security service by establishing the supervision and evaluation system of the whole service process, thus injecting vitality into the development of network security.

    Figures and Tables | References | Related Articles | Metrics