Loading...
Netinfo Security

Table of Content

    10 March 2020, Volume 20 Issue 3 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on the Quantitative Calculation Method Resulting from the Conclusions in the Assessment of Classified Protection of Cybersecurity
    MA Li
    2020, 20 (3):  1-8.  doi: 10.3969/j.issn.1671-1122.2020.03.001
    Abstract ( 587 )   HTML ( 12 )   PDF (7080KB) ( 201 )  

    The change of the structure and content of the national classified protection of cybersecurity standard, especially the standard change related to the assessment of classified protection of cybersecurity, brought about the change of the conclusion of the assessment of classified protection of cybersecurity, and how to accurately reflect the security protection status and the security protection ability of the level protection object by quantitative calculation method. It has always been the direction of exploration in the assessment of classified protection of cybersecurity, This paper studies and analyzes the principle of the production of the evaluation conclusionsinclassified protection assessment, and puts forward the quantitative analysis methodbasedon the assessment requirements and the assessment objects respectively, and shows through the example that the weight assignment of the assessment requirements and theassessment objects directly affects the final result of quantitative analysis. In order to obtain more accurate and persuasive evaluation conclusions, it is necessary to explore the reasonable weighting method of the assessment requirements and the assessment objects in the quantitative calculation method.

    Figures and Tables | References | Related Articles | Metrics
    Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis
    SONG Yubo, FAN Ming, YANG Junjie, HU Aiqun
    2020, 20 (3):  9-17.  doi: 10.3969/j.issn.1671-1122.2020.03.002
    Abstract ( 760 )   HTML ( 14 )   PDF (8848KB) ( 195 )  

    Current researches mainly block traffic on monitoring points after abnormal detection. However, this scheme can only reduce the attack traffic of the path where it is located, but cannot reduce the load of the entire network. This paper proposes a method of multipath solution and blocking method of network attack traffic based on topology analysis. This method first obtains the network topology based on multiple discovery strategies. This method achieves multipath solution based on K shortest path. At the same time, the source of network attacks is traced based on host behavior characteristics, and a filtering scheme based on flow table is adopted to block. Experiments show that the solution has the characteristics of small system overhead, good robustness, high blocking efficiency, and strong practical value.

    Figures and Tables | References | Related Articles | Metrics
    Token-based UTM Architecture for Mobile Internet
    LI Ning, LI Bochao
    2020, 20 (3):  18-28.  doi: 10.3969/j.issn.1671-1122.2020.03.003
    Abstract ( 537 )   HTML ( 10 )   PDF (13062KB) ( 127 )  

    More and more malware attacks on smart phones,the security of smart phones is one of the most important problems in mobile Internet. Smart phones are limited in computing power, power supply and other aspects, so it is difficult to run complex security software to ensure their own security, and the existing deployment methods on security devices, such as unified threat management (UTM), are not suitable for mobile Internet. This paper puts forward that taking mobile terminal security as a kind of customizable basic services of network, and designs token-based UTM architecture and its corresponding token-based UTM protocol (UTP). In this architecture, the security policy is no longer bound to the network location, but to the user ID, so that users can get on-demand and differentiated security services when they move anywhere. Performance analysis and experiments show that the architecture has good scalability and takes little change on the existing network. The communication cost on smart phones is small, the network traffic is more balanced, and the overall network throughput is improved.

    Figures and Tables | References | Related Articles | Metrics
    Fault - tolerant and Verifiable Public Key Searchable Encryption Scheme Based on FBDH Algorithm
    ZHOU Quan, YANG Ningbin, XU Shumei
    2020, 20 (3):  29-35.  doi: 10.3969/j.issn.1671-1122.2020.03.004
    Abstract ( 661 )   HTML ( 1 )   PDF (7085KB) ( 107 )  

    In the cloud storage service, in order to protect the privacy of user’s retrieved data, researchers propose searchable encryption schemes, among which the public key searchable encryption scheme is an effective ciphertext retrieval scheme. This paper proposes a public key searchable encryption scheme based on FBDH algorithm and ElGamal encryption and signature algorithm. Firstly, FBDH algorithm is used to encrypt data plaintext, which makes the decryption process of data ciphertext fault-tolerant and efficient. Secondly, ElGamal encryption and signature algorithm is used to encrypt the identity of the data owner and the keywords signature, so that the ciphertext returned after the cloud server successfully verifies the validity of the keywords can be verified by the data user. This paper gives the proof that the scheme satisfies the accuracy of calculation, and proves that the scheme can resist the guessing attack of off-line keywords by using the challenge response game.

    Figures and Tables | References | Related Articles | Metrics
    Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment
    LIU Yuan, QIAO Wei
    2020, 20 (3):  36-44.  doi: 10.3969/j.issn.1671-1122.2020.03.005
    Abstract ( 647 )   HTML ( 18 )   PDF (9838KB) ( 162 )  

    The importance of lightweight cloud infrastructure for microservices is self-evident, and many container-based virtualization services have been proposed. On the network side, a container network interface technology is proposed to ensure that heterogeneous network services are connected between the virtual machine-based cloud and the container. In order to improve the network performance of the cloud system, the detailed design of the network configuration based on CNI technology is studied, and the Kubernetes cluster system based on Flannel is optimized. An adaptive overlay network and directrouting combined container network model is proposed, and a variety of CNI-based container networks are compared. In view of the lack of network strategy in cluster networks, Canal was introduced into the Flannel architecture to increase the network strategy function of the cluster system and improve network access security; set up a test cluster system and use the network performance test tool Iperf3 to perform common container networks Perform performance tests. The results show that compared with the original Flannel cluster network, the transmission rate of this solution is increased by about 25% on average, and it is also improved compared with other solutions. Overall, it is beneficial to the performance improvement of the actual environment cluster system; the network access control is realized, and the security is also increased.

    Figures and Tables | References | Related Articles | Metrics
    Intranet Log Anomaly Detection Model Based on Conformal Prediction
    GU Zhaojun, REN Yitong, LIU Chunbo, WANG Zhi
    2020, 20 (3):  45-50.  doi: 10.3969/j.issn.1671-1122.2020.03.006
    Abstract ( 618 )   HTML ( 15 )   PDF (7280KB) ( 180 )  

    Machine learning is the weakest link in cybersecurity threat detection systems. Evolving cybersecurity attacks exploit the conceptual drift of data to evade machine learning detection, causing detection models to degrade over time. In this paper, the statistical learning method of consistency metrics is used to alleviate the degradation problem of intranet security threat detection model based on log analysis. Compared with the static threshold-based detection method, the statistical learning method of consistency metric can dynamically adapt to the evolving security attack, perceive the conceptual drift of the underlying data, and alleviate the model degradation problem. This paper implements an internal network security detection model based on log analysis, effectively discovering the concept drift trend on the HDFS data set and alleviating the model degradation.

    Figures and Tables | References | Related Articles | Metrics
    Authenticated Multiparty Quantum Secret Sharing Protocol with d-level Single Particle
    LIU Xiaofen, CHEN Xiaofeng, LIAN Guiren, LIN Song
    2020, 20 (3):  51-55.  doi: 10.3969/j.issn.1671-1122.2020.03.007
    Abstract ( 543 )   HTML ( 2 )   PDF (5963KB) ( 186 )  

    Utilizing quantum Fourier transformation, this paper proposes an authenticated multiparty quantum secret sharing protocol. In the protocol, d-level single particle is transmitted as the information carrier between the secret owner and all agents. The agents encode their private messages on these traveled particles by two kinds of generalized Pauli operators, and the owner measures the particles and obtains his secret. In the process of reconstruction, the secret can be recovered if and only if all agents collaborate. This paper uses the classic Hash function to authenticate the agent’s identity, and combines the authentication process with the channel eavesdropping detection to improve the detection efficiency of the protocol. This paper discusses the security and authentication of the protocol in detail, which shows that the proposed protocol is safe in theory.

    References | Related Articles | Metrics
    Research on Blockchain Performance Scalability and Security
    MAO Zhilai, LIU Yanan, SUN Huiping, CHEN Zhong
    2020, 20 (3):  56-64.  doi: 10.3969/j.issn.1671-1122.2020.03.008
    Abstract ( 803 )   HTML ( 23 )   PDF (10411KB) ( 437 )  

    Blockchain is a distributed ledger that is jointly maintained by all members. Its main feature is that it is difficult to tamper. It can build trust in an open network that does not rely on third-party trusted organizations. Nowadays, more and more application scenarios are trying to use blockchain, but the obvious problems in actual use are that the performance is low and the scalability is poor, which is difficult to meet the needs of business development. Therefore, solving the performance scalability problem of blockchain and improving the performance of blockchain are important prerequisites for blockchain to exert its potential. The performance scalability problem of blockchain has attracted wide attention in academia and industry. Based on the transaction processing flow in blockchain, this paper describes the current status of blockchain performance problems, analyzes and models the performance problems from three aspects of transactions, blocks and consensus, summarizes the principles, characteristics and security of classic blockchain performance scalability mechanisms and some recently proposed blockchain performance scalability mechanisms, discusses the scenario of performance scalability and new distributed ledger technologies, and considers the problems to be solved in the next step of performance scalability research.

    Figures and Tables | References | Related Articles | Metrics
    A Browser Security Model for Preventing TLS Protocol Downgrade Attacks
    ZHANG Xinglong, LI Yuting, CHENG Qingfeng, GUO Lulu
    2020, 20 (3):  65-74.  doi: 10.3969/j.issn.1671-1122.2020.03.009
    Abstract ( 869 )   HTML ( 6 )   PDF (11103KB) ( 164 )  

    During a TLS handshake, an attacker who uses one or two parties to support an old version or a weak cipher suite for a series of attacks is called a downgrade attack. In recent years, TLS-related downgrade attacks have been extensively studied. In-depth study of these attacks reveals that they are not identical. The existing literature lacks a taxonomy to classify and compare them, which helps to study downgrade attacks from a global perspective. Based on this, the article proposes a classification method for downgrade attacks, focusing on fifteen kinds of downgraded attacks against the TLS protocol that have been publicly released. In addition, the article proposes a lightweight mechanism for fine-grained TLS security configuration in Web browsers. This mechanism allows the browser to enforce optimal TLS security configuration for connections entering sensitive domains while maintaining the default configuration of the remaining connections. This article mechanism can detect and prevent downgrade attacks and server misconfiguration.

    Figures and Tables | References | Related Articles | Metrics
    A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records
    ZHANG Yi, LIU Hongyan, XIAN Hequn, TIAN Chengliang
    2020, 20 (3):  75-82.  doi: 10.3969/j.issn.1671-1122.2020.03.010
    Abstract ( 502 )   HTML ( 5 )   PDF (8829KB) ( 133 )  

    Data deduplication can be used to remove redundant data in cloud storage system, which can improve storage efficiency and save network bandwidth. In order to protect data privacy, cloud users tend to upload data in the form of encrypted ciphertext. However, it makes the data deduplication more difficult. It is a hot issue in cloud computing security filed that how to achieve safe and efficient data deduplication under the premise of ensuring data privacy. This paper proposes a method for deduplication of encrypted data in cloud storage based on authorization records. Based on bilinear mapping, data tag scheme is adopted which is used for duplicate check, and designs an authorization record storage structure. According to the popularity of data, different encryption strategies are applied. We get converted keys by proxy re-encryption. Without any real-time online the third party to participate in, to ensure that the tag does not leak any exploitable information. By implementing the proof of ownership, the security of deduplication data can be ensured. The correctness and security of our scheme are analyzed and proved. The experimental results show the feasibility and efficiency of our scheme.

    Figures and Tables | References | Related Articles | Metrics
    IPv6 Network Attack Source Tracing Method Based on iTrace_v6
    WANG Tengfei, CAI Manchun, LU Tianliang, YUE Ting
    2020, 20 (3):  83-89.  doi: 10.3969/j.issn.1671-1122.2020.03.011
    Abstract ( 621 )   HTML ( 13 )   PDF (8062KB) ( 120 )  

    Network attack traceback technology, as an active security defense countermeasure technology, is an important technical means for emergency response in the information security technology system. Network attack traceability technology for IPv4 networks has a lot of research results, but due to the limited computing power of routers, some factors have a large negative impact on the link, and the log system is difficult to deploy. Some source tracing technologies can only stagnate in the experimental verification stage. Some established network attack retrospective systems also have shortcomings such as large storage overhead and requiring more manual intervention. In IPv6 networks, IP datagram formats, routing protocols, etc. have undergone major changes, and the emergence of new neighbor discovery protocols has made network attack methods more diverse. IPv6 networks urgently need efficient and stable methods for tracing the source of network attacks. Combining the characteristics of IPv6 networks, this paper proposes an IPv6 network attack traceability solution based on iTrace_v6, which improves the efficiency of generating traceability packets through a dual trigger mechanism. It can complete the restoration of the attack path while significantly reducing the dependence on attack duration. The use of thresholds to avoid the negative impact on the network link. The simulation of the network based on NS3 shows that iTrace_v6 has better performance than the existing algorithms.

    Figures and Tables | References | Related Articles | Metrics
    CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption
    LIU Peng, HE Qian, LIU Wangyang, CHENG Xu
    2020, 20 (3):  90-97.  doi: 10.3969/j.issn.1671-1122.2020.03.012
    Abstract ( 537 )   HTML ( 18 )   PDF (9175KB) ( 123 )  

    The attribute-based encryption mechanism provides a flexible access control scheme for data sharing and management in a cloud environment. However, the traditional attribute-based encryption scheme has the problems of high decryption complexity and difficulty in attribute revocation, which leads to limited application of the attribute-based encryption mechanism in practice. Aiming at the above problems, this paper proposes a ciphertext-policy attribute-based encryption scheme, which only needs to update the corresponding secret in the attribute revocation process. The text component effectively reduces the computational cost of the ciphertext update, and the attribute revocation process is transparent to the user. The user does not need to participate in the ciphertext and the key update, thereby reducing the impact of the attribute revocation on the user. At the same time, the decryption agent is introduced to outsource the part with large computational cost in the decryption process to the server, thereby reducing the decryption overhead of the client. Security analysis shows that this scheme can resist joint collusion and selective plaintext attacks. Finally, through comparative analysis, the scheme has certain advantages in the computational overhead of the ciphertext update and decryption process.

    Figures and Tables | References | Related Articles | Metrics