Loading...
Netinfo Security

Table of Content

    10 November 2020, Volume 20 Issue 11 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Technology System for Security Protection of Critical Information Infrastructures
    GUO Qiquan, ZHANG Haixia
    2020, 20 (11):  1-9.  doi: 10.3969/j.issn.1671-1122.2020.11.001
    Abstract ( 738 )   HTML ( 46 )   PDF (2567KB) ( 442 )  

    Security assurance of critical information infrastructure is the core work of cyber security. This paper describes the guiding ideology of security assurance of critical information infrastructure. Afterwards, it proposes the technical architecture including the collection and aggregation layer, data governance layer, intelligent brain layer and business application layer. Technologies such as big data analysis, artificial intelligence and knowledge map are applied to construct cyber security geographic map, realize intelligent datamining, perform accurate portrait of critical targets, conduct behavior reasoning, provide threat early-warning, and finally support the construction of practical, systematic and normalized security abilities. This paper aims to provide the basis for the national cyber security regulatory authorities and important industries to carry out the security assurance work of critical information infrastructures.

    Figures and Tables | References | Related Articles | Metrics
    Research on Dynamic Security System of Distribution IoT Based on Classified Protection of Cybersecurity 2.0
    FAN Bo, GONG Gangjun, SUN Shuxian
    2020, 20 (11):  10-14.  doi: 10.3969/j.issn.1671-1122.2020.11.002
    Abstract ( 435 )   HTML ( 24 )   PDF (2246KB) ( 400 )  

    Regional energy internet is a comprehensive organism of "active distribution network + distribution Internet of Things", but the flexible and diverse access environment and methods of the Internet of Things, and a large number of terminals cause higher security risks for the distribution network. Based on the requirements of the classified protection of cybersecurity 2.0 standard, this paper maps the distribution network and the Internet of Things structure correspondingly, proposes an architecture model of the distribution Internet of Things under the classified protection of cybersecurity 2.0 standard, and analyzes the security model and safety monitoring model of the distribution Internet of Things under the technical safety requirements combined with classified protection of cybersecurity 2.0 standard, which is helpful to promote the application of the classified protection of cybersecurity 2.0 standard in the power system.

    Figures and Tables | References | Related Articles | Metrics
    Design and Practice of Simulation Environment for Cyber Security Classified Protection Evaluation
    ZHENG Guogang, YIN Xiangpei, WANG Kui, HE Kunpeng
    2020, 20 (11):  15-21.  doi: 10.3969/j.issn.1671-1122.2020.11.003
    Abstract ( 483 )   HTML ( 29 )   PDF (1840KB) ( 437 )  

    This paper introduces in detail a simulation environment and a practical activity of classified protection evaluation in the area of security level 2 and level 3 with OA system as the prototype.In the simulation environment, there are office automation application scenarios and various security protection scenarios. The security protection measures adopted are designed and deployed according to the "Baseline for Classified Protection of Cybersecurity" issued in 2019. Security policies can be configured according to the needs of practical activities.Through simulation environment for classified evaluation practice activity, the main work process and security analysis method of the technical assessment of the classified evaluation site can be understood, the effect of security protection measures can be compared, and the importance of security protection policy configuration can be verified. At the same time, through the simulation environment, the related security design scheme can be further studied and optimized, and the effectiveness of security equipment deployment and security policy configuration can be verified.

    Figures and Tables | References | Related Articles | Metrics
    Research on Personal Information Protection Method Based on Smart Contract
    JIANG Nan, WANG Weiqi, WANG Jian
    2020, 20 (11):  22-31.  doi: 10.3969/j.issn.1671-1122.2020.11.004
    Abstract ( 504 )   HTML ( 20 )   PDF (1285KB) ( 331 )  

    This paper proposes a personal information management method based on smart contracts. Using blockchain technology, it can store personal information transaction records between users and service providers on the blockchain without a trusted center. It can provide reliable legal evidence for the existence of the transaction, to prevent third parties from using the user's difficulty of obtaining evidence to commit criminal acts of personal information theft. The specific content of personal information is not stored on the blockchain, only the transaction records are encrypted and stored on the blockchain, and only the transaction-related parties can decrypt and view, which effectively protects the privacy of users. At the same time, this paper designs three smart contracts for personal information transaction creation, transaction invalidation, and transaction modification. The invalidation and modification of the transaction does not cause the previous transaction information to be lost, and the personal information transaction record can be permanently used as a reliable proof of the existence of the transaction once it is uploaded to the blockchain. Finally, the NS-3 network simulator is used to conduct simulation experiments, the experimental results prove that the method is feasible.

    Figures and Tables | References | Related Articles | Metrics
    Malicious Code Forensics Method Based on Hidden Behavior Characteristics of Rootkit on Linux
    WEN Weiping, CHEN Xiarun, YANG Fachang
    2020, 20 (11):  32-42.  doi: 10.3969/j.issn.1671-1122.2020.11.005
    Abstract ( 557 )   HTML ( 26 )   PDF (1833KB) ( 869 )  

    In recent years, with the continuous development of the Internet, network security problems emerge endlessly. When fighting against network security threats, forensics has always been a big problem. Especially for Linux platform, most mainstream Linux open source forensics tools are currently lagging behind, inefficient and unable to obtain evidence from the hidden Trojans. In the research of Linux forensics, because the Rootkit Trojan has the characteristics of strong concealment and great harm, traditional detection methods are difficult to carry out effective detection. In order to solve the above problems, starting from the behavior and implementation technology of Rootkit, this paper studies and analyzes its startup mechanism and memory resident mechanism, extracts malicious code behaviors as detection features, and proposes a Linux malicious code forensics method based on Rootkit hidden behavior characteristics. The experimental results show that the forensics method proposed in this paper has a good detection effect and forensics effect for various types of Linux malicious code, and has obvious advantages in detection effect compared with traditional forensics methods.

    Figures and Tables | References | Related Articles | Metrics
    A Secure Data Deduplication Scheme Based on Secret Sharing Algorithm
    LANG Weimin, WANG Xueli, ZHANG Han, PEI Yunxiang
    2020, 20 (11):  43-50.  doi: 10.3969/j.issn.1671-1122.2020.11.006
    Abstract ( 386 )   HTML ( 10 )   PDF (1101KB) ( 264 )  

    As one of the key technologies to optimize storage space, improve network bandwidth and reduce overall overhead, data deduplication has been an indispensable part of cloud service provider (CSP) solutions on outsourced data management, but it also faces many security issues, such as data confidentiality, integrity and privacy. This paper proposes a secure data deduplication scheme which integrates fault tolerance, confidentiality and efficient key management. The scheme adopts a secret sharing algorithm based on a permutation ordered binary (POB) number system to decompose the data block into multiple random shares, and enhances data security by introducing the proof of ownership (PoW) concept. Moreover, The scheme applies a secret sharing algorithm based on the Chinese Remainder Theorem (CRT) to divide the key into multiple random blocks and sends them to the corresponding key management server (KMS) to minimize the key overhead. Experimental results show that the scheme overwhelms the other schemes in terms of function and efficiency and can effectively resist two types of attackers (i.e. dishonest servers and external attackers) and two types of attack modes (i.e. duplicate faking attacks and erasure attacks).

    Figures and Tables | References | Related Articles | Metrics
    Research on Mobile Malicious Adversarial Sample Generation Based on WGAN
    LI Hongjiao, CHEN Hongyan
    2020, 20 (11):  51-58.  doi: 10.3969/j.issn.1671-1122.2020.11.007
    Abstract ( 351 )   HTML ( 9 )   PDF (1179KB) ( 554 )  

    In recent years, using machine learning algorithm to detect mobile terminal malware has become a research hotspot. In order to make the malware evade detection, malware producers use various methods to make malicious adversarial samples. This paper proposes an algorithm MalWGAN based on Wasserstein GAN (WGAN) to generate mobile terminal malicious adversarial samples, which can bypass the black box model detector based on machine learning algorithms to evade detection. Different from the existing adversarial samples generated by static gradient methods, the MalWGAN model combines API calls and static features to generate adversarial samples. Since adversarial samples are dynamically generated by the feedback of the black box model detector, the probability of escaping from the detection of the black box model detector is higher.

    Figures and Tables | References | Related Articles | Metrics
    A Multi-party Quantum Key Distribution Protocol with Quantum Identity Authentication
    LIU Lijuan, LI Zhihui, ZHI Danli
    2020, 20 (11):  59-66.  doi: 10.3969/j.issn.1671-1122.2020.11.008
    Abstract ( 508 )   HTML ( 11 )   PDF (1246KB) ( 355 )  

    Quantum key distribution is an important way of quantum communication. In order to improve the feasibility and security of quantum key distribution,a quantum key distribution protocol which can realize multi-party quantum identity authentication is proposed in this paper. At first, the modified circuit of GV95 is used to realize the mutual authentication between the distributor and the first participant. Then the participants conduct multi-party quantum identity authentication through unitary operation. In this process, the distributor will check whether there are forged users in the participants through random detection. Furthermore, the trusted design combiner ensures the correctness of the recovered secret key by using the homomorphism of Hash function. The security analysis shows that this protocol can resist not only external attacks which include identity forgery attack, intercept-resend attack and Trojan horse attack, but also internal attacks.

    Figures and Tables | References | Related Articles | Metrics
    Access Authentication Method for IoT Terminal Devices Based on Deep Learning
    CHENG Yang, LEI Min, LUO Qun
    2020, 20 (11):  67-74.  doi: 10.3969/j.issn.1671-1122.2020.11.009
    Abstract ( 477 )   HTML ( 13 )   PDF (1987KB) ( 489 )  

    At present, the fingerprint identification methods of passive devices based on data flow do not consider the time arrival order between packets, also can not extract its deep features. This paper proposes an access authentication method for Internet of things based on deep learning. This method extracts device features from the data packets generated in the configuration phase of device access to construct passive device fingerprints, uses Bi-LSTM to extract deep features from the device fingerprints. In order to improve the equipment recognition ability, this paper uses fixed window sliding mechanism and smote algorithm to enhance the data from feature extraction and vectorization processing, so as to solve the problem of data imbalance and remove the interference vector. The simulation results show that the method can effectively identify the device identity. Compared with the traditional machine learning and deep learning, the accuracy of the proposed method is improved by 6%.

    Figures and Tables | References | Related Articles | Metrics
    Research on Improvement of Bayesian Network Privacy Protection Algorithm Based on Differential Privacy
    XIAO Biao, YAN Hongqiang, LUO Haining, LI Jucheng
    2020, 20 (11):  75-86.  doi: 10.3969/j.issn.1671-1122.2020.11.010
    Abstract ( 736 )   HTML ( 24 )   PDF (1385KB) ( 634 )  

    In response to the urgent need for desensitization protection algorithms by the data companies and open government publishing data, under the strict differential privacy theory, an improved Bayesian network algorithm FCPrivBayes with an attribute segment preference mechanism and a clustering algorithm is proposed, which avoids the random selection of the attributes of the first attribute segment, and uses the clustering method to replace the equal-width method to discretize the data. Experimental data show that FCPrivBayes effectively improves data utility indicators while ensuring the data privacy protection effect. Which provides new technical options for data companies to protect data and for government to release data, and benefits the user privacy protection and the development of the big data industry.

    Figures and Tables | References | Related Articles | Metrics
    Analysis and Improvement of Public Key Reuse for A RLWE Key Exchange Protocol
    DUAN Xiaowei, HAN Yiliang, WANG Chao, LI Zhe
    2020, 20 (11):  87-94.  doi: 10.3969/j.issn.1671-1122.2020.11.011
    Abstract ( 499 )   HTML ( 7 )   PDF (1353KB) ( 143 )  

    Aiming at the long-term and unchanged characteristics of the public key in the 0-RTT mode under the secure transport layer protocol, the attacker can repeatedly use the public key to query a key exchange protocol based on error coordination, obtain the effective information and calculate the crack private key. Combining the feature that the modulus is even in the BCNS15 protocol and different error coordination functions, this article proposes an attack scheme that can crack the private key information. The solution infers the private key by analyzing the information leaked in the protocol and completes the attack. According to the different conditions given in the protocol, the article gives corresponding attack schemes, and reduces the number of queries. After an example test, this attack scheme can successfully recover private keys of the key exchange protocol.

    Figures and Tables | References | Related Articles | Metrics