Netinfo Security

Research and Thinking on Promoting the Application of Cryptography Fusion

HUO Wei

2020, 20 (10): 1-5. doi: 10.3969/j.issn.1671-1122.2020.10.001

Abstract ( 430 )

HTML ( 32 )

PDF (6157KB) ( 224 )

Cryptography is the cornerstone of network security. Combined with the cryptography law of the people's republic of china, this paper proposes the development idea of the deep integration of cryptography and network space technology architecture, introduces the highlights of the integration of cryptography and new technology, new application and new mode, and points out the research direction for the deep integration of cryptography and information technology.

References | Related Articles | Metrics

A Blockchain-based Efficient Certificateless Aggregate Signature Scheme for Wireless Medical Sensor Networks

GUO Rui, CHEN Yushuang, ZHENG Dong

2020, 20 (10): 6-18. doi: 10.3969/j.issn.1671-1122.2020.10.002

Abstract ( 491 )

HTML ( 29 )

PDF (15271KB) ( 262 )

Wireless medical sensor network(WMSN) provids intelligent medical services with deploying IoT devices. There were inherent challenges with secure storage and sharing of data and user privacy in communication. Unfortunately, the limited storage resources weaken the further application of the blockchain in WMSN. To solve the limitations, this paper proposes a paring-free certificateless aggregate signature scheme with the blockchain technique. The design efficiently aggregates the resources and improves the storage scalability of the blockchain. The scheme reduces the computational complexity and computational overhead of data transmission. The security analysis demonstrates the protocol is unforgeable against adaptive chosen message attacks. Finally, the performance simulation with the PBC library shows that this scheme has higher computational efficiency, while requiring lower communication cost in data aggregation.

Figures and Tables | References | Related Articles | Metrics

Research on k-anonymity Algorithm for Personalized Quasi-identifier Attributes

HE Jingsha, DU Jinhui, ZHU Nafei

2020, 20 (10): 19-26. doi: 10.3969/j.issn.1671-1122.2020.10.003

Abstract ( 406 )

HTML ( 12 )

PDF (8647KB) ( 110 )

k-anonymity can solve the problem of link attack in the field of privacy protection to a great extent, but the existing k-anonymity model does not attach importance to personal privacy autonomy. The existing improved k-anonymity model can not meet the needs of different people for different types of data. After the data table is published, the whole table still has only one k value, that is, all tuples are unified and generalized, which can not reflect the user's personalized privacy requirements, resulting in great information loss. Based on k-anonymity model, combined with the generalization idea based on clustering, this paper proposes a k-anonymity algorithm for personalized quasi-identifier attributes(KAUP). The algorithm can effectively present different k values on the same data table according to the privacy requirements of users, so as to meet the personalized k-anonymity. This paper designs comparative experiments of runtime, information loss and scalability on dataset Adult. Experiments show that personalized anonymity on the same data table is feasible, and the information loss in the anonymity process is small, which is conducive to the personalized anonymity research of quasi-identifier attributes.

Figures and Tables | References | Related Articles | Metrics

A Shared Protection Algorithm for Data Center Network Nodes

LIU Yi, LI Jianhua, CHEN Yu, QI Zisen

2020, 20 (10): 27-33. doi: 10.3969/j.issn.1671-1122.2020.10.004

Abstract ( 283 )

HTML ( 10 )

PDF (7858KB) ( 121 )

Aiming at the problem of the data center network survivability, this paper proposes a shared protection algorithm for important network nodes in data center. The algorithm firstly searches for nodes that are prone to failure to be protected. Then, protection routes are established according to the shortest path principle and the shared protection principle, and the nodes to be protected that are included in the current protection route are detected to avoid repeated protection and improve the utilization of network resources. Finally, according to the principle of capacity equivalence, the data transmission capacity relationship between the current protection route and the working route is judged. By adding links to ensure that the protection route capacity is not less than the working route capacity, ensure that data can be transmitted normally and effectively when the network fails, and improve the real-time response capability of the data center network. The simulation results show that the number and length of the protection routes established by the algorithm are less. On the basis of ensuring that the data center is not affected by faulty nodes and data is transmitted normally and effectively, the resource consumption of the protection route is reduced, and the survivability of the data center network is improved.

Figures and Tables | References | Related Articles | Metrics

K-means Clustering Algorithm Based on Differential Privacy with Distance and Sum of Square Error

HUANG Baohua, CHENG Qi, YUAN Hong, HUANG Pirong

2020, 20 (10): 34-40. doi: 10.3969/j.issn.1671-1122.2020.10.005

Abstract ( 489 )

HTML ( 8 )

PDF (7548KB) ( 126 )

K-means algorithm is simple, fast and easy to implement. It is widely used in the field of data mining, but it is easy to cause privacy leakage in the process of clustering. Differential privacy has a strict definition of privacy protection, and it can be used for quantitative analysis of privacy protection. In order to solve the problem that the K-means clustering algorithm based on differential privacy has blindness in the selection of the initial center points, which results in low clustering availability, a BDPK-means clustering algorithm is proposed. The algorithm uses the distance and the sum of squared errors within the cluster to select the reasonable initial center points for clustering. The theory proves that the algorithm satisfies the ε-differential privacy. Through simulation experiments, BDPK-means algorithm is compared with DPK-means algorithm under the same conditions, and the results show that BDPK-means algorithm can improve the availability of clustering.

Figures and Tables | References | Related Articles | Metrics

An Optimizing Scheme on Multi-domain Collaborative IOTA Blockchain Technology for the Internet of Things

LIU Kaifang, FU Shaojing, SU Jinshu, ZHANG Fucheng

2020, 20 (10): 41-48. doi: 10.3969/j.issn.1671-1122.2020.10.006

Abstract ( 490 )

HTML ( 8 )

PDF (8948KB) ( 126 )

As a blockchain 3.0 technology for the Internet of Things, IOTA has many advantages such as no transaction fee, high throughput, support for offline consensus of transactions, and strong privacy. However, the Internet of Things in the multi-domain scenario may cause network resources to be isolated when multiple heterogeneous sub-nets cannot connect with each other in a certain period of time. In order to solve the problems of the scalability and storage consumption of IOTA network in the multi-domain scenario, taking the IOTA network using DAG structure as the research object, this article proposes an optimizing scheme on multi-domain collaborative IOTA blockchain technology for the Internet of Things. In the multi-domain scenario, multiple regional networks are divided in the unified IOTA network environment. This scheme uses special nodes which have sub-net division views of the whole IOTA network to communication among sub-nets. The experimental results show that the scheme can improve the scalability of the IOTA network, save storage consumption and be of great significance for the IOTA network to adapt the multi-domain scenario of the Internet of Things.

Figures and Tables | References | Related Articles | Metrics

Research and Implementation of Digital Content Service and Security Supervision Technology Based on Blockchain

PENG Ruyue, MA Zhaofeng, LUO Shoushan

2020, 20 (10): 49-56. doi: 10.3969/j.issn.1671-1122.2020.10.007

Abstract ( 505 )

HTML ( 14 )

PDF (10718KB) ( 316 )

With the development of the current digital economy, data sharing and protection are inevitable choices to promote the development of the economy. However, data tampering, data misappropriation, difficult supervision and other problems are easy to occur in the process of data sharing. This paper proposes a blockchain-based digital content sharing and security supervision scheme. Blockchain has the characteristics of anti-tampering, traceability, and decentralization, which can effectively prevent data tampering and theft. In order to solve the problem of supervision in the digital content sharing system, this paper proposes a double-chain model of content chain and supervision chain, which increases the flexibility and security of data management. The supervision chain supervises the transactions in the system throughout the whole process, so as to build a responsible accountability system. IPFS provides a weakly redundant, high-performance storage method. The system uses IPFS as the digital content storage module, and the combination of IPFS and blockchain technology ensures the safe storage and access control of digital content. Finally, the experimental analysis and evaluation show that the scheme is feasible.

Figures and Tables | References | Related Articles | Metrics

Research on the Assessment Method of Side Channel Information Leakage Based on t-test

WANG Kai, GUO Pengfei, ZHOU Cong, YAN Yingjian

2020, 20 (10): 57-66. doi: 10.3969/j.issn.1671-1122.2020.10.008

Abstract ( 687 )

HTML ( 16 )

PDF (18775KB) ( 390 )

Side channel analysis/attack (SCA) is one of the major security threats of cryptographic equipment. The attacker analyzes the leaked information during the physical implementation of the cryptographic algorithm to recover the key information, which poses a serious threat to the security of cryptographic algorithms. The t-test is a hypothesis test method used in statistics to test the relationship between the mean values of two unknown variance normal populations. The side channel information leakage evaluation method based on t-test is a simple, fast, reliable method without the specific implementation details of cryptographic algorithms. This paper proposes a fast leak assessment method based on t-test. The t-test is performed on the set of side channel mean traces of the AES block cipher algorithm to measure whether it can resist first-order attacks. Experiments on the side channel leakage evaluation of the AES algorithm show that the mean trace set can be used to effectively evaluate the leakage. On the premise of ensuring the accuracy of the evaluation results, the calculation time is reduced by 60.5% compared to the Welch t-test. This method effectively improves the detection efficiency of side channel information leakage.

Figures and Tables | References | Related Articles | Metrics

Classification of Malicious Network Traffic Based on Improved Bilinear Convolutional Neural Network

GU Zhaojun, HAO Jintao, ZHOU Jingxian

2020, 20 (10): 67-74. doi: 10.3969/j.issn.1671-1122.2020.10.009

Abstract ( 592 )

HTML ( 15 )

PDF (9410KB) ( 143 )

In this paper, improved bilinear convolutional neural network(IBCNN) is proposed for malicious network traffic classification. Different from traditional unilinear network structure, the network adopts the design idea of cross-layer multi-feature fusion. Firstly, use two neural networks(network A, network B) based on VGG-Net for feature extraction, connect cross-layer multi-feature fusion modules for feature fusion to improve feature expression ability. Then, optimization through multiple iterations, train the network model to fit state. Finally, network model completed by training using test set, get classification results. The experimental verification and evaluation index calculation show that this algorithm has higher accuracy, precision and F value in the classification of malicious network traffic.

Figures and Tables | References | Related Articles | Metrics

Research on Anomaly Detection Method Based on Improved Negative Selection Algorithm

WANG Yudi, LIU Xiaojie, WANG Yunpeng

2020, 20 (10): 75-82. doi: 10.3969/j.issn.1671-1122.2020.10.010

Abstract ( 398 )

HTML ( 8 )

PDF (9242KB) ( 101 )

Artificial immune theory is currently widely used in intrusion detection systems to solve the problem of not being able to identify unknown anomalies. The most used one is the negative selection algorithm. The traditional real-valued negative selection algorithm generates candidate detectors in a random manner. The time complexity of mature detector generation increases exponentially with the rise of the number of self sets , leading to a long time-consuming in training phase. In order to solve the problem of excessive time consumption in the process of detector generation, this paper proposes a real-valued negative selection algorithm based on neighborhood searching. The algorithm aims at finding self objects that fall in the neighborhood of the candidate detector and using these objects to create a new self set, with a view to improving the generation efficiency of mature detectors. In this paper, a negative selection algorithm based on neighborhood searching is used as the core to construct an anomaly detection model NSRNSAADM. Experiments are carried out on this model to verify the performance of the neighborhood searching based negative selection algorithm. Experiments show that the method proposed in this paper can reduce the time required for the self-tolerance process while ensuring a certain detection rate and false alarm rate.

Figures and Tables | References | Related Articles | Metrics

A Zero Trust Network Research Based on Overlay Technology

LIU Yuan, SUN Chen, ZHANG Yanling

2020, 20 (10): 83-91. doi: 10.3969/j.issn.1671-1122.2020.10.011

Abstract ( 706 )

HTML ( 34 )

PDF (9640KB) ( 185 )

With the rapid development of cloud computing, mobile Internet, Internet of things, and 5G technology, enterprises have accelerated the digital transformation and the evolution of the IT environment. The traditional boundary network architecture and boundary security defense model are designed for the declining traditional business architecture, which can’t meet the dynamic security access requirements of digital services. Enterprises need to actively adjust the network security architecture to meet the security needs under the new network architecture. Based on the research goal of constructing the security defense model under the framework of borderless network and coupled with the combination of practical experience, this paper uses overlay network technology and zero trust security model and puts forward a method to build a new generation of information infrastructure in enterprises, which has universal reference significance.

Figures and Tables | References | Related Articles | Metrics

A Post Quantum Authenticated Key Exchange Protocol Based on LWE

LI Yu, HAN Yiliang, LI Zhe, ZHU Shuaishuai

2020, 20 (10): 92-99. doi: 10.3969/j.issn.1671-1122.2020.10.012

Abstract ( 448 )

HTML ( 11 )

PDF (8461KB) ( 145 )

Recently, the majority of key exchange protocols are based on ring-learning with errors. While the additional ring structure facilitates efficiency and storage, its actual security also needs to be further research. These protocols require a complex structure such as additional signatures to achieve authentication. In this paper, a post-quantum authenticated key exchange protocol based on LWE was proposed. The pre-computation is adopted to improve the efficiency of the protocol. It is verified that both parties of the protocol can correctly calculate the consistent session key. A series of security games are designed to prove the protocol proposed in this paper. The authentication is achieved by introducing the static public and secret keys in the extraction of shared bits and introducing a hash function in the calculation of the session key. The protocol can resist man-in-the-middle attacks and need no additional operations such as encryption or signature. There is currently no quantum algorithm that can distinguish between LWE distribution and uniform random distribution, so the proposed protocol can resist quantum computing attacks.

Figures and Tables | References | Related Articles | Metrics

Table of Content