Loading...
Netinfo Security

Table of Content

    10 January 2020, Volume 20 Issue 1 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    An Improved McEliece Cryptosystem Based on Polar Code
    HAN Yiliang, LI Zhe, LI Yu
    2020, 20 (1):  1-8.  doi: 10.3969/j.issn.1671-1122.2020.01.001
    Abstract ( 399 )   HTML ( 9 )   PDF (8253KB) ( 183 )  

    With the improvement of computing power of quantum computers, classical cryptography schemes such as RSA and elliptic curve cryptography are no longer secure in the era of quantum computers. The code-based cryptography has the advantage of resisting quantum computing and has a good application prospect in future. This paper studies the polarization properties of Polar codes, improves the key storage method, and proposes McEliece system based on Polar codes. The improved encoding encryption scheme no longer stores the whole matrix, but stores the matrix corresponding to frozen bits. The key size is about 63.36% smaller than that of the original cryptographic scheme. The SC decoding algorithm adopted in this paper has a low decoding complexity, and it is proved that the proposed cryptography scheme reaches the security level of 140 bits and can resist various attacks that are known to exist at present. Finally, the future development direction of Polar code-based cryptography scheme is further elaborated, and the application of Polar code in coding cryptography scheme is broadened.

    Figures and Tables | References | Related Articles | Metrics
    Protocol of Privacy-preserving Set Intersection Computation
    TANG Chunming, LIN Xuhui
    2020, 20 (1):  9-15.  doi: 10.3969/j.issn.1671-1122.2020.01.002
    Abstract ( 1220 )   HTML ( 23 )   PDF (7418KB) ( 242 )  

    Privacy-preserving set intersection computation is a special application problem in the field of secure multi-party computation, which has important research value and a wide range of application. In the era of rapid development of information, the study on this problem meets the needs of people for privacy protection while people enjoy various conveniences in daily life. This paper considers the privacy-preserving set intersection of two participants. First, the problem of solving the intersection of two sets is transformed into the problem of solving the greatest common factor of two polynomials by expressing sets as polynomials. Then, according to the mathematical properties of polynomials and Pailliar homomorphic encryption algorithm, a protocol of privacy-preserving two-party set intersection computation is designed, and the correctness and the security analyses of the protocol are given. Finally, through the comparison and analysis with the related literature, it is concluded that the computational complexity and communication complexity of the proposed protocol are relatively low, and the number of elements in the participant set can be well protected.

    Figures and Tables | References | Related Articles | Metrics
    Research on a P2P Network Communication Behavior Analytical Method for Status Migration Attribute-oriented
    JING Tao, WAN Wei
    2020, 20 (1):  16-25.  doi: 10.3969/j.issn.1671-1122.2020.01.003
    Abstract ( 572 )   HTML ( 7 )   PDF (11743KB) ( 320 )  

    For the network property status changes characteristic behaviors of which had greater network bandwidth and more frequent communication, we proposed a network communication behavior analytical method for status migration attribute-oriented. According to the discussing by phased migration status for attribute parameter, we gave the corresponding attributes and characteristics of the different stages for port. And then, we researched the behavior of P2P recognition model. Through the experiments we validated performance and reliability of this method for identifying P2P application.

    Figures and Tables | References | Related Articles | Metrics
    Quantum-resistant Efficient Identity-based Signature Scheme with Message Recovery over Primitive Lattices
    ZHANG Jianhang, CAO Zeyang, SONG Xiaofeng, XU Qingzheng
    2020, 20 (1):  26-32.  doi: 10.3969/j.issn.1671-1122.2020.01.004
    Abstract ( 550 )   HTML ( 2 )   PDF (8899KB) ( 108 )  

    With the development of quantum algorithms and quantum computers, all kinds of digital signature schemes based on the traditional number theory are seriously threatened. The signature scheme with message recovery using lattice-based theory is an important quantum-resistant method of network information security authentication. However, the two existing identity-based signature schemes with message recovery over lattices have a common drawback that these schemes are inefficient using the preimage sampleable algorithm in the private key extraction phase. To solve this problem, this paper proposes an efficient identity-based signature scheme with message recovery over the primitive lattices. In the new scheme, the private key is extracted by using a new sampling algorithm over the primitive lattices. The scheme describes a specific choice of linear transformations and matrix decompositions that simplifies the sampling process, and uses a random sampling technology without trapdoors in the identity signature stage. The scheme achieves existential unforgeability against adaptive chosen identity and message under the small integer solution assumption in the random oracle model. Compared with the prior two schemes from the lattice assumptions, the scheme has higher efficiency on the time complexity and space complexity of the sampling process in the private key extraction phase. So the scheme has the advantage of the high efficiency in the all running phase.

    Figures and Tables | References | Related Articles | Metrics
    Attribute-based Encryption Scheme Traced Under Multi-authority
    XU Shengwei, WANG Feijie
    2020, 20 (1):  33-39.  doi: 10.3969/j.issn.1671-1122.2020.01.005
    Abstract ( 569 )   HTML ( 7 )   PDF (7822KB) ( 125 )  

    In the attribute-based encryption scheme of single-agent authorization, the authorization center is too concentrated and the load is too heavy. However, existing attribute-based encryption schemes fail to combine key tracking, access policy hiding and multi-agency licensing. Therefore, a policy-based encryption scheme with multi-agent authorization that can hide the key can be hidden. The access policy is completely hidden in the ciphertext. The malicious person cannot obtain the user’s privacy through the access structure. The key tracking is implemented under the authorization of multiple organizations. Prevent user collusion and single authority key spam. Moreover, after being tracked under multi-authorization, communication overhead and computational overhead are not significantly increased. Finally, based on the DBDH hypothesis, it is proved that the plaintext attack is safe under the standard model.

    Figures and Tables | References | Related Articles | Metrics
    Anti-eavesdropping Attack Model Based on Power Control and Relay Cooperation
    LI Ruixing, XU Li, FANG He
    2020, 20 (1):  40-45.  doi: 10.3969/j.issn.1671-1122.2020.01.006
    Abstract ( 574 )   HTML ( 7 )   PDF (7984KB) ( 98 )  

    In cognitive radio networks, it is easy to cause malicious links eavesdropping because of the broadcast characteristics. Firstly, this paper analyzes the relationship between eavesdropping probability and transmit power in the primary user (license user) network. Then this paper proposes an anti-eavesdropping attack model based on power control and relay cooperation, and calculates the optimal transmission powers in two different cases. One case is that the eavesdropper can only eavesdrop the signals of the relay nodes, another one is that the eavesdropper can eavesdrop the information from the source node and the relay nodes at the same time. Finally, this paper gives the selection criteria of the best relay nodes by analyzing the security capacity. The simulation results show that the model can reduce the eavesdropping probability by increasing the number of relay nodes. In addition, compared with other models, the model can achieve better results in resisting eavesdropping attacks.

    Figures and Tables | References | Related Articles | Metrics
    Research on Log Audit Analysis Model of Cyberspace Security Classified Protection Driven by Knowledge Map
    TAO Yuan, HUANG Tao, LI Moyan, HU Wei
    2020, 20 (1):  46-51.  doi: 10.3969/j.issn.1671-1122.2020.01.007
    Abstract ( 871 )   HTML ( 29 )   PDF (6629KB) ( 372 )  

    In order to audit and analyze security events from massive log data and trace the origin of events, this paper proposes the log audit analysis model of cyberspace security classified protection driven by knowledge map, which integrates security, operation and maintenance, data analysis and evaluation data of classified protection and gains log data. The servers, network devices and security devices are nodes of ontology, the business data flow are the relationships between the two nodes, and the direction of business data flow are the relationship direction. The knowledge map of cyberspace security classified protection log is constructed from four aspects: security management center, secure computing environment, secure area boundary and secure communication network. The efficient association and deep mining analysis of cyberspace log are realized, and the efficiency of audit analysis for cyberspace security abnormal events is improved. So that the data can be analyzed and processed directly without precise modeling. It is suitable for big data analysis of network security log and provides an effective method for solving large scale complex log audit analysis.

    Figures and Tables | References | Related Articles | Metrics
    Research on Analysis of Attacks on Smart Grid Network Based on Complex Network
    DONG Wei, LI Yonggang
    2020, 20 (1):  52-60.  doi: 10.3969/j.issn.1671-1122.2020.01.008
    Abstract ( 756 )   HTML ( 9 )   PDF (9266KB) ( 250 )  

    Based on the complex network theory, this paper abstracts the smart grid into the topological network structure composed of nodes and edges, and establishes the simulation process of smart grid network attack based on the complex network theory from the two aspects of simulation network construction and network attack simulation. Firstly, the simulation network is constructed and the distribution of the node degree and the cumulative probability distribution of the node degree are analyzed. It is concluded that the network is a scale-free network. Secondly, perform network attack simulation and set up two attack cases, namely, random attacks against all network nodes in the smart grid (case 1) and attacks against nodes with a degree greater than 80% of the maximum degree in the smart grid network (case 2). By comparing and analyzing the changing characteristics of the network clustering coefficient, average degree, and average path length in the two attack cases. It is found that the effect of case 1 is smaller than the effect of case 2 in reducing the network clustering coefficient. In terms of the average degree change and the average path length of the network, the impact of case 1 is higher than case 2.

    Figures and Tables | References | Related Articles | Metrics
    A Physical Layer Security Authentication Method Based on PUF
    HU Die, MA Dongtang, GONG Ming, MA Zhao
    2020, 20 (1):  61-66.  doi: 10.3969/j.issn.1671-1122.2020.01.009
    Abstract ( 696 )   HTML ( 12 )   PDF (7061KB) ( 109 )  

    The authentication method of traditional wireless communication mainly depends on the upper layer encryption mechanism, which cannot guarantee the real-time processing of the system and the security of the physical layer. This paper presents a physical layer security authentication method based on physical unclonable function(PUF), generating authentication labels in real time by using the uniqueness of challenge-response pairs (CRP), which is the intrinsic hardware feature, and the randomness of information. In the receiving end, the received signal and the transmitter are identified by comparing the received and generated tags, which provides effective protection for the information security of the physical layer. This method does not need complex cryptographic algorithm and reduces the calculation in the communication process. Simulation results show that this method has high use value.

    Figures and Tables | References | Related Articles | Metrics
    Multi-feature Android Malware Detection Method
    HOU Liuyang, LUO Senlin, PAN Limin, ZHANG Ji
    2020, 20 (1):  67-74.  doi: 10.3969/j.issn.1671-1122.2020.01.010
    Abstract ( 577 )   HTML ( 19 )   PDF (9796KB) ( 216 )  

    Aiming at the current problem that the feature construction of Android malware detection method based on machine learning has a single dimension and it is difficult to comprehensively characterize the behavior characteristics of Android malware, this paper proposes a malicious software detection method that integrates the behavior characteristics of software, the structural characteristics of AndroidManifest.xml file and the characteristics of Android malware analysis experience. This method extracts the N-gram semantic information, system sensitive API, system Intent, system Category, sensitive authority and relevant experience characteristics of the Dalvik operand code of Android application, characterizes the behavior of Android malware in multiple directions, and constructs the feature vector. Then, the integrated learning algorithm based on XGBoost is used to construct the classification model, so as to realize the accurate classification of malware. Experiments were conducted on DREBIN and AMD in the open data set, and the experimental results showed that this method could achieve a detection accuracy of over 97%, which effectively improved the detection effect of Android malware.

    Figures and Tables | References | Related Articles | Metrics
    Docker-based RBAC Task Management System
    BAI Jiameng, KOU Yingshuai, LIU Zeyi, ZHA Daren
    2020, 20 (1):  75-82.  doi: 10.3969/j.issn.1671-1122.2020.01.011
    Abstract ( 717 )   HTML ( 33 )   PDF (8616KB) ( 205 )  

    With the rapid development of the Internet , the quantity of web services has proliferated, which makes the deployment of operating systems and application services more and more challenging. The development of cloud computing and virtualization has led to improvements in these issues. Although virtual machine technology has good isolation, it usually faces problems such as large virtualization overhead, poor scalability and long deployment time. The container technology represented by Docker has improved these problems very well, which allows us to quickly build, deploy, operate and extend services. On the other hand, Rights management is an important part of almost all application systems. Its main purpose is to control and manage the rights of the system. Control of system permissions is very important and necessary. Otherwise, system information leakage, system vulnerabilities and unpredictable losses to users will be caused. We should try to avoid risk problems caused by lack of permission control or improper operation. To solve this problem, this paper proposes a method of applying the role-based rights management model to the system to flexibly manage the rights, and deploys the system on the cloud platform using PaaS idea, enabling development. The personnel can develop, deploy and operate the system efficiently and flexibly on the cloud platform, which greatly improves resource utilization and time efficiency.

    Figures and Tables | References | Related Articles | Metrics
    Certificateless Provable Data Possession with Data Uploading Control
    LI Xiaoran, HAO Rong, YU Jia
    2020, 20 (1):  83-88.  doi: 10.3969/j.issn.1671-1122.2020.01.012
    Abstract ( 506 )   HTML ( 11 )   PDF (6474KB) ( 122 )  

    With the development of big data technology, cloud storage has received more and more attention. While it brings a lot of convenience to users, it also creates new security challenges. Since users lose direct control over data after storing data on the cloud, how to safely and effectively detect the integrity of data stored on the cloud becomes an important security challenge. The technology of PDP has been a research hot spot in recent years, which can realize the integrity detection of cloud data without downloading all the data. However, most existing PDP schemes either have complex certificate management issues or have key escrow issues. In addition, these schemes do not consider the issue of control over data uploads. In view of the above problems, we propose a scheme of certificateless provable data possession with data uploading control. It first uses the technology of rights management and secret sharing to realize the control of the data uploading process, that is, only over threshold users can upload the data to the cloud, which avoids the user’s randomly uploading behavior. Secondly, the certificateless cryptographic technology is utilized, which avoids the key escrow problem and simplifies the operation of certificate management. At the same time, the security and performance of the solution are also analyzed.

    Figures and Tables | References | Related Articles | Metrics
    Intelligent Government System Based on Trusted Computing and UEBA
    WU Hongsheng
    2020, 20 (1):  89-93.  doi: 10.3969/j.issn.1671-1122.2020.01.013
    Abstract ( 626 )   HTML ( 6 )   PDF (5898KB) ( 185 )  

    At present, the intelligent government system integrates many advanced technologies, such as distributed storage, cloud computing, artificial intelligence and so on. It solves the problems of inconsistent data among various administrative agencies in the past, insufficient informationization of administrative examination and approval process, difficulty of linkage in collaborative work and so on. It not only improves the efficiency of administrative execution within government departments, but also simplifies the process of citizens handling business. Intelligent government system uses artificial intelligence and other technologies to analyze a large number of people’s livelihood and government data in depth, which provides reliable monitoring information and assistant decision-making for government management, and provides effective civil service for the lives of the masses. In order to ensure the safe and stable operation of the intelligent government system based on the Internet and to resist the high-risk hazards from outside and inside, this paper proposes a scheme of the intelligent government system based on trusted computing and UEBA. By introducing advanced UEBA technology and trusted computer mechanism into the security protection of the intelligent government system, we can clearly understand the current security state of the system and trace and restore the history of the attack events. At the same time, according to the current status, we can judge the level and status of the security of the intelligent government system and the existing risks.

    Figures and Tables | References | Related Articles | Metrics