Loading...
Netinfo Security

Table of Content

    10 August 2019, Volume 19 Issue 8 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Password Guessing Model Based on Theme PCFG
    Hongjun BI, Ru TAN, Jianjun ZHAO, Yufu LI
    2019, 19 (8):  1-7.  doi: 10.3969/j.issn.1671-1122.2019.08.001
    Abstract ( 772 )   HTML ( 19 )   PDF (7585KB) ( 268 )  

    Password is an important method of identity authentication. In order to be able to remember passwords conveniently, users often add some related information about people to passwords. Traditional password security assessment based on probabilistic context free grammar(PCFG) does not pay attention to user-related subject factors such as user hobbies and cultural backgrounds. Based on the traditional PCFG algorithm, this paper focuses on the analysis of the password letter field. By comparing the collected database letter fields, the relationship between the user password and the subject is extracted, and then the password guessing model based on the theme PCFG is proposed T-PCFG model. The article carried out experiments on the 33 million passwords collected from the seven databases. The results show that when the subject is a hobby, the success rate of password guessing is 2.37~8.2 percentage points higher than the normal one.

    Figures and Tables | References | Related Articles | Metrics
    Data Deposit Management System Based on Blockchain Technology
    Yihua ZHOU, Zhuqing LV, Yuguang YANG, Weimin SHI
    2019, 19 (8):  8-14.  doi: 10.3969/j.issn.1671-1122.2019.08.002
    Abstract ( 813 )   HTML ( 34 )   PDF (8182KB) ( 287 )  

    Digital assets are the products of modern high technology, which need to be stored and tampered-proof, and to be easily shared and verified. Traditional data depositing systems mostly cooperate with third-party platforms, depend on centralized management and lack security and reliability. Using blockchain technology, this paper designs a complete data depositing management system based on blockchain technology to ensure data security encryption and user verification. The system uses alliance chain architecture to classify and store different data types. The system adopts ID-based threshold ring signature scheme without trusted center, which meets the security requirements of unforgeability and unconditional anonymity. The system provides the functions of registration, upload, download and query, and provides a friendly interactive interface for users and underlying data, which effectively guarantees the authenticity, validity and security of data in data depositing system.

    Figures and Tables | References | Related Articles | Metrics
    Power Dispatch Software Security Situation Assessment Method
    Yuling LIU, Yunshan TANG, Qi ZHANG, Feng LI
    2019, 19 (8):  15-21.  doi: 10.3969/j.issn.1671-1122.2019.08.003
    Abstract ( 558 )   HTML ( 3 )   PDF (8001KB) ( 155 )  

    In view of the problem that security situational factors in power dispatch environment were heterogeneous, thispaperproposeda security situation awareness model, which combined security situation elements form software security, network environment security and software supply chain security. Grey theory was applied to deal with the hybrid states existence of exact value, estimated value, qualitative value and quantitative value. This paper also used uncertainty reasoning model to assess security influence factors between situation elements. It is proofed that the practicality and effectiveness of our model and method.

    Figures and Tables | References | Related Articles | Metrics
    Research on Traffic Data Sampling Technology in Network Attack Detection
    Liangchen CHEN, Baoxu LIU, Shu GAO
    2019, 19 (8):  22-28.  doi: 10.3969/j.issn.1671-1122.2019.08.004
    Abstract ( 708 )   HTML ( 5 )   PDF (9144KB) ( 242 )  

    The key to network attack detection is to quickly identify unknown network attack behaviors by analyzing network traffic. In the big data environment, how to reduce the network traffic data to be processed by data sampling technology without affecting the anomaly detection effect, and filter out the subsets of fine-grained anomaly detection to provide reliable data support for network attack detection is an important issue in the research of network intrusion detection system. It is also the focus of current research on network behavior analysis, network measurement analysis, network anomaly detection and network traffic model. This paper summarizes the basic concepts, research progress and existing problems of network traffic data sampling technology in attack detection, and summarizes and forecasts the challenges and development trend of network traffic data sampling technology. This paper can provide reference for further exploring new methods and technologies in the field of network attack detection.

    Figures and Tables | References | Related Articles | Metrics
    New Models to Design Multi-party Quantum Private Comparison Protocols
    Kejia ZHANG, Fan ZHANG, Chunguang MA, Long ZHANG
    2019, 19 (8):  29-35.  doi: 10.3969/j.issn.1671-1122.2019.08.005
    Abstract ( 559 )   HTML ( 6 )   PDF (7310KB) ( 122 )  

    Recently, multi-party quantum private comparison(MQPC) has attracted more and more attentions and has made considerable theoretical progress. Its main purpose is how to let the n participants judge whether their secrets are equal or not under the guarantee of the basic principles of quantum mechanics. In the research of MQPC, two basic designing models named Circle-model and Tree-model are presented in this paper. Two specific MQPC protocols with n-level single photon and n-dimensional n-particle GHZ states are proposed. From our analysis, it can be seen that the above protocols could be implemented by the existing single particle measurement technology and resist against outside attack and participant attack(the semi-honest third party attack). It can be concluded that correctness, fairness, security and higher efficiency can be guaranteed in proposed protocols.

    Figures and Tables | References | Related Articles | Metrics
    Anti-quantum Cryptography Scheme Based on Multivariate and LRPC Codes
    YiLiang HAN, Zhong WANG
    2019, 19 (8):  36-43.  doi: 10.3969/j.issn.1671-1122.2019.08.006
    Abstract ( 517 )   HTML ( 4 )   PDF (8815KB) ( 122 )  

    Multivariable publickey cryptography and coding cryptography have the ability to resist quantum computation attacks and high efficiency of use, both of which are therefore reliable candidates for anti-quantum cryptography. In the multivariable public key cryptography, the construction of the central mapping is very important. Because the coding cryptography has similar matrix operations with multivariate cryptography and the ability of data compression, it is a hot direction to combine coding cryptography with multivariate cryptography. This paper combines the LRPC code in the coding with the Simple Matrix improvement scheme in multivariate cryptography to construct a new scheme. Compared to the Cubic Simple Matrix scheme, the ciphertext expansion rate is reduced by 50%, and the advantages of the coded password are combined. Since the new scheme is constructed on the basis of the improved version of Simple Matrix, it is more flexible when selecting LRPC codes than the previous signcryption schemes based on LRPC and multivariate cryptosystem. In addition, under the random oracle model, the new scheme was proved to satisfy IND-CPA security.

    Figures and Tables | References | Related Articles | Metrics
    An Effective Quantum Sealed-bid Auction Protocol
    Runhua SHI, Fengyu LIANG, Qing WANG, Shun ZHANG
    2019, 19 (8):  44-50.  doi: 10.3969/j.issn.1671-1122.2019.08.007
    Abstract ( 373 )   HTML ( 4 )   PDF (7633KB) ( 89 )  

    To reduce the complexity of post-confirmation mechanism, achieve mutual identity authentication and improve the security of the protocol, a new effective and secure quantum sealed-bid auction protocol is proposed. The protocol introduces the bulletin board mechanism to replace the post-confirmation mechanism. It can ensure the fairness of the protocol by each bidder publishing classical committed information, instead of sending the secret bid to other bidders. Furthermore, it can verify correctness of the protocol, i.e., the cheater can be found if the auction is unfair. In addition, this protocol takes use of the principle of entanglement swapping based on Bell states to complete bidirectional identity authentication and bidding. Compared with other related protocols, this protocol reduces the communication complexity of the post-confirmation mechanism and provides the identity authentication of both the sender and the receiver. Therefore, the efficiency and the security of this protocol are improved.

    Figures and Tables | References | Related Articles | Metrics
    Research on Access Control for Privacy Protection of Mobile Terminals
    A-yong YE, Junlin JIN, Lingyu MENG, Ziwen ZHAO
    2019, 19 (8):  51-60.  doi: 10.3969/j.issn.1671-1122.2019.08.008
    Abstract ( 485 )   HTML ( 4 )   PDF (10974KB) ( 149 )  

    With the in-depth development of computer technology, various Internet of Things applications are becoming more popular in people's lives. However, the privacy and security issues are becoming more prominent. One of the serious hidden issues is that the permissions over-request and the data over-collection in mobile terminals in the current Internet of Things environment. To address the above problems, this paper proposes an access control model for privacy protection of mobile terminals. By storing all sensitive data in the cloud, the cloud provides the encryption, decryption and access control services to ensure that the sensitive data is used reasonably and in controlled. In view of the disadvantages of current access control, this paper introduces security risk and operational needs assessment based on XACML (eXtendable Access Control Markup Language) to improve the flexibility and adaptability of access control. The simulation results show that the proposed method can implement access control accurately and dynamically, greatly improve the security of mobile terminals, and can effectively reduce the storage space and battery power consumption of mobile terminals.

    Figures and Tables | References | Related Articles | Metrics
    Blind Signature Scheme Based on SM9 Algorithm
    Xuefeng ZHANG, Hua PENG
    2019, 19 (8):  61-67.  doi: 10.3969/j.issn.1671-1122.2019.08.009
    Abstract ( 604 )   HTML ( 6 )   PDF (7398KB) ( 214 )  

    Blind signature is a very useful tool in crypto and internet security. A blind signature is the concept with a salient feature that the signer cannot make a linkage between the blind signature and the identity of the requester. SM9 identity-based cryptographic algorithmwas recently released in 2016, it is an identification cryptographic algorithm that is different from the traditional public key algorithm. It uses the effective identification of the entity as the public key for encryption and has became an international standard algorithm. Based on blind signature and SM9 algorithm, a blind signature scheme based on SM9 cryptographic algorithm is proposed. Uses SM3 hash algorithm to calculate the user’s own identification information to generate a blind factor, the blind factor is used to blind the message, then complete the signature by SM9 signature algorithm. Analysis results show that the algorithm can protect the security of messages, protect the privacy information from leaking out. Signing time is shorter than blind signature algorithm based on RSA.

    Figures and Tables | References | Related Articles | Metrics
    Comparative Study on Application of Chinese Cryptographic Algorithms and International Cryptographic Algorithms in Vehicle Microcotrollers
    Zhihong WU, Jianning ZHAO, Yuan ZHU, Ke LU
    2019, 19 (8):  68-75.  doi: 10.3969/j.issn.1671-1122.2019.08.010
    Abstract ( 789 )   HTML ( 14 )   PDF (8902KB) ( 218 )  

    This paper introduces the research status of in-vehicle cybersecurity and cryptography applications, and analyzes the differences between the Chinese cryptographic algorithms-SM4, SM3, SM2 and corresponding international cryptographic algorithms based on previous study. Experiments are carried out on the programmable hardware encryption module. The performance of the Chinese cryptographic algorithms and corresponding international cryptographic algorithms is compared in terms of software execution time and running memory occupation. There is a difference in software execution speed between any Chinese cryptographic algorithm and its corresponding international algorithm, but the speed difference is no more than 31%. This paper provides a basis for in-vehicle or Internet of vehicles secure communication based on Chinese cryptographic algorithms, and can also provide reference for developing hardware encryption module of Chinese cryptographic algorithms.

    Figures and Tables | References | Related Articles | Metrics
    Requested Domain Name-based DNS Covert Channel Detection
    Hang ZHANG, Rongfeng ZHENG, Hua PENG, Jiayong LIU
    2019, 19 (8):  76-82.  doi: 10.3969/j.issn.1671-1122.2019.08.011
    Abstract ( 568 )   HTML ( 6 )   PDF (8822KB) ( 148 )  

    In order to improve the accuracy of the machine hidden learning channel in real time, and improve the detection ability of the machine learning model to deal with the unknown type of DNS covert channel, this paper proposed a DNS covert channel detection method based on the requested domain name. Taking the DNS covert channel as the research object, through research and analysis of the request domain name in the DNS legal sample and the covert channel sample,this paper utilized relevant information in the request domain name to build features, including domain name length, character proportion, randomness feature, and semantic feature composition, then used the machine learning algorithm to detect the DNS covert channel. This paper first evaluated the proposed method using data collected from the three most commonly used DNS covert channel tools Iodine, Dns2tcp and DNSCat and trained a decision tree classifier, covering computer network, information hiding, anomaly detection, data mining, natural language processing and other research areas. Evaluation results showsthat the model’s precision, recall, accuracyand ability to identify untrained DNS covert channels have been improved.

    Figures and Tables | References | Related Articles | Metrics
    Research on Cross-chain Technology of Blockchain
    Aitong LU, Kuo ZHAO, Jingying YANG, Feng WANG
    2019, 19 (8):  83-90.  doi: 10.3969/j.issn.1671-1122.2019.08.012
    Abstract ( 869 )   HTML ( 17 )   PDF (9893KB) ( 249 )  

    With the continuous development and innovation of blockchain technology, a large number of blockchain networks with different characteristics and adapting to different scenarios have emerged in the fields of payment and settlement, product traceability and identity authentication, forming many value islands. Blockchain cross-chain technology is an important technical means to achieve inter-chain connectivity and value transfer. This paper systematically summarizes the current mainstream cross-chain technologies. Firstly, this paper analyzes the characteristics of cross-chain technology, and then summarizes the difficulties of cross-chain technology and its reference solutions. Furthermore, this paper introduces four main cross-chain techniques. Finally, this paper analyzes the challenges of cross-chain technology and forecasts its future prospect.

    Figures and Tables | References | Related Articles | Metrics