Loading...
Netinfo Security

Table of Content

    10 July 2019, Volume 19 Issue 7 Previous Issue    Next Issue
    Orginal Article
    For Selected: Toggle Thumbnails
    Orginal Article
    Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity(GB/T 28448-2019) Standard Interpretation
    Guangyong CHEN, Guobang ZHU, Chunling FAN
    2019, 19 (7):  1-8.  doi: 10.3969/j.issn.1671-1122.2019.07.001
    Abstract ( 18389 )   HTML ( 905 )   PDF (7610KB) ( 7944 )  

    Evaluation requirements for classified protection of cybersecurity(GB/T 28448-2019) will be formally implemented soon. This paper introduces the revision background and process of this standard, the main changes in comparison with GB/T 28448-2012, the main contents of security general requirements and security special requirements, etc., so that to the main contents can be understood better.

    Figures and Tables | References | Related Articles | Metrics
    Survey on Consensus Algorithms of Blockchain
    Min ZHENG, Hong WANG, Hong LIU, Chong TAN
    2019, 19 (7):  8-24.  doi: 10.3969/j.issn.1671-1122.2019.07.002
    Abstract ( 1164 )   HTML ( 44 )   PDF (19818KB) ( 620 )  

    Consensus algorithm is the key to the development of blockchain technology and hasa significant impact on the capability, scalability and security of blockchain. It is also a hotspot of distributed system research in recent years. This paper reviewed the state-of-the-art research progress of the blockchain consensus algorithm, outlined the blockchain framework and clarified the important conclusions of the distributed system and consensus algorithmsinrecent 30 years. We provided a detailed summary and comparison of mainstreamblockchain consensus algorithms, then proposed a general model and classification method of consensus algorithms. In the end, we systematically reviewed new blockchain consensus algorithms and provided an outlook of the research direction in thefuture.

    Figures and Tables | References | Related Articles | Metrics
    A Privacy Protection Scheme for Smart Grid Based on Attribute-based Group Signature
    Quan ZHOU, Shumei XU, Ningbin YANG
    2019, 19 (7):  25-30.  doi: 10.3969/j.issn.1671-1122.2019.07.003
    Abstract ( 621 )   HTML ( 3 )   PDF (6176KB) ( 187 )  

    Smart grid has attracted wide attention in promoting the development of intelligent and distributed power transmission system, but in smart grid, there is a serious risk of privacy information leakage in smart devices. To solve this problem, this paper proposes a privacy protection mechanism, which uses attribute-based group signature (ABGS) to achieve securely authentication between users and access terminals. ABGS allows users and access terminals to authenticate each other, and ensures the anonymity of users, and the control center can trace the user when the user violates the law. This paper formally proves the identity authentication, privacy protection, anti-repetitive attack and traceability of the scheme.

    Figures and Tables | References | Related Articles | Metrics
    Research on Software Security Model of Cloud Computing Based on Program Slicing Technology
    Yanpeng CUI, Luming FENG, Zheng YAN, Huaqing LIN
    2019, 19 (7):  31-41.  doi: 10.3969/j.issn.1671-1122.2019.07.004
    Abstract ( 521 )   HTML ( 1 )   PDF (12470KB) ( 133 )  

    Cloud computing is an important part of the new generation of information technology industry. It is the third information technology wave after personal computer and Internet. Although people from all walks of life agree that cloud computing has a huge growth space, it still faces many problems in promotion, such as low user recognition, insufficient operation experience and imperfect industrial chain. Among all the disadvantages, the security of cloud computing has been ranked the first, and cloud security has gradually become the bottleneck restricting the development of cloud computing. In the cloud computing application scenarios, cloud computing is faced with not only general security problems, but also security risks brought by its inherent characteristics due to its super-large scale, high dynamics, high openness and other characteristics. In general, it includes security problems caused by service mode, security problems caused by virtualization technology, security problems of cloud-related management software, etc. And program slicing technology can assist security testers to analyze cloud computing software. Therefore, a software security analysis model of cloud computing based on program slicing technology is proposed. It is used to discover the key information leakage vulnerabilities and the spread of such vulnerabilities in cloud computing software, so as to improve the protection of key information.

    Figures and Tables | References | Related Articles | Metrics
    Certificateless Aggregation Signcryption Scheme Based on Discrete Logarithm
    Ronglei HU, Wenjing LI, Hua JIANG, Xinran ZHANG
    2019, 19 (7):  42-49.  doi: 10.3969/j.issn.1671-1122.2019.07.005
    Abstract ( 507 )   HTML ( 7 )   PDF (8467KB) ( 150 )  

    Most of the existing certificateless aggregate signcryption schemes require complex bilinear pairing operations, so the operation rate is not ideal. In this paper, a certificateless aggregate signcryption scheme based on discrete logarithm is proposed. Because bilinear pairings are not needed, the computing speed is greatly improved. Compared with the fastest aggregate signcryption scheme at present, the operation efficiency of this scheme is improved by five times. It has been proved that the scheme satisfies confidentiality and unforgeability. At the same time, when both sides question the authenticity of the data, any trusted third party can verify the authenticity of the data. Because the scheme meets both security and efficiency, it can be applied to the internet of things, vehicle network and other network environments.

    Figures and Tables | References | Related Articles | Metrics
    Secure Attribute Based Encryption Enabled Cloud Storage System with Ciphertext Search
    Jianhua LIU, Xiaokun ZHENG, Dong ZHENG, Zhangheng AO
    2019, 19 (7):  50-58.  doi: 10.3969/j.issn.1671-1122.2019.07.006
    Abstract ( 515 )   HTML ( 7 )   PDF (9914KB) ( 177 )  

    As a new kind of network storage technologies, cloud storage gets most people's attentions. However, the privacy and security issues have seriously hindered the application and development of cloud storage service. We present a secure attribute-based encryption enabled cloud storage system with ciphertext search. The basic idea is that users first outsource encrypted private data to cloud servers, then cloud services distribute an attribute key to an authorized user. The user generates a trapdoor based on his attribute keys. Only the attributes of authorized users satisfy the access tree integrated in the ciphertext, and the authorized users are allowed to search on cloud encrypted data by the trapdoor. In order to effectively manage authorized users in the system, the idea of re-encryption is adopted to achieve the revocation and addition of the authorized user. Security analysis shows that the system can effectively protect the user's privacy, and performance analysis indicate that the system has desirable performance.

    Figures and Tables | References | Related Articles | Metrics
    Covert Channel Construction Method in Network Address Translation Environment
    Yu SUN, Tian SONG
    2019, 19 (7):  59-66.  doi: 10.3969/j.issn.1671-1122.2019.07.007
    Abstract ( 546 )   HTML ( 3 )   PDF (9009KB) ( 144 )  

    Covert channel is a kind of communication technology that uses open channel to transmit secret information, and it is also an important part of security communication. This paper proposes a covert channel construction method that can penetrate the network address translation environment(NAT). This method uses NAT’s relationship between address and port mapping, controls the source port number of data packets, coding communication data by using coding technology. Then build a covert channel. In this paper, the real experimental environment of NAT is constructed, the data transmission rate and packet loss rate of the channel are measured under different parameter conditions and different application scenarios, and its security is analyzed. Select the appropriate channel parameters, in the public network scenario, the covert channel data transmission rate can reach 24.7 KB/s; up to 101.1 KB/s in the LAN scenario.

    Figures and Tables | References | Related Articles | Metrics
    Distributed Dynamic Provable Data Possession Model Based on Flexible Length-based Authenticated Skip List
    Lin HOU, Mingjie LI, Jian XU, Fucai ZHOU
    2019, 19 (7):  67-74.  doi: 10.3969/j.issn.1671-1122.2019.07.008
    Abstract ( 500 )   HTML ( 1 )   PDF (9455KB) ( 102 )  

    Dynamic provable data possession (DPDP) is an important method of data integrity verification in cloud storage. However, DPDP still has some problems when applied in distributed environment, such as high cost, opacity to client and so on. Therefore, this paper uses flexible length-based authenticated skip list (FlexList) which has the advantage of DPDP dynamic updating to construct a distributed dynamic provable data possession model (D-DPDP-FlexList). This model includes three entities which are center control server, storage server and user. Center control server and some storage servers form the server-side. The internal structure of the server-side is transparent to the user and services are provided to users only through the central control server. Users don’t need to preprocess their data according to the structure of the server-side. The adoption of distributed FlexList and multiple-replica storage improves server response time and data availability. This paper also gives the formal description, interaction protocols among the entities and security analysis. Relevant tests verify the availability of the model in distributed environment.

    Figures and Tables | References | Related Articles | Metrics
    RSAR-based Random Forest Network Security Situation Factor Extraction
    Yongcheng DUAN, Yuqing WANG, Xin LI, Le YANG
    2019, 19 (7):  75-81.  doi: 10.3969/j.issn.1671-1122.2019.07.009
    Abstract ( 692 )   HTML ( 3 )   PDF (7844KB) ( 178 )  

    The extraction of network security situational elements is a prerequisite for developing network security situational awareness, and it is also one of the key tasks that directly affect the performance of network security situational awareness system. Aiming at the problem that it is difficult to extract network security situation elements in complex heterogeneous network environment, this paper proposes a method based on RSAR (Rough Set Attribute Reduction) for random forest network security situation factor extraction. In this extraction method, firstly, the importance of attributes is determined by rough set theory, and attributes with low importance are reduced and redundant attributes are deleted. Secondly, the processed data is classified using the random forest classifier. In order to verify the efficiency of the algorithm, the improved method is tested by the intrusion detection data set. Compared with the traditional method, the experimental results show that the algorithm effectively improves the accuracy and achieves efficient extraction of network security situation elements.

    Figures and Tables | References | Related Articles | Metrics
    Verifiable Keywords Ranked Search Scheme over Encrypted Cloud Data
    Xinrui GE, Wei CUI, Rong HAO, Jia YU
    2019, 19 (7):  82-89.  doi: 10.3969/j.issn.1671-1122.2019.07.010
    Abstract ( 644 )   HTML ( 2 )   PDF (9589KB) ( 135 )  

    With the increasing popularity of cloud computing, more and more users upload their data into the cloud server, thus reducing the cost of local data storage and management. In order to protect privacy, sensitive data need to be encrypted before uploaded to the cloud server, which will inevitably reduce the utilization of data and make data search difficult. When performing the search operation, the files with high relevance scores are returned according to the relevance score between the query keyword and the file. In addition, the data user should be able to check the correctness of search results to prevent cloud server from returning the invalid results. In view of the above problems, this paper proposes a verifiable keywords ranked search scheme. This scheme constructs the index vector and query vector based on vector space model and TFIDF model. Using tree-based index structure, this paper uses depth first search algorithm and pruning strategy to achieve keywords ranked search. This scheme verifies whether the search result is valid based on MAC mechanism. Security analysis and performance analysis show that this scheme is secure and efficient.

    Figures and Tables | References | Related Articles | Metrics