Loading...
Netinfo Security

Table of Content

    10 April 2021, Volume 21 Issue 4 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm
    ZHANG Yu, SUN Guangmin, LI Yu
    2021, 21 (4):  1-9.  doi: 10.3969/j.issn.1671-1122.2021.04.001
    Abstract ( 559 )   HTML ( 68 )   PDF (955KB) ( 294 )  

    The traditional authentication scheme in the single-server environment of the mobile internet has security problems, such as users needing to memorize different passwords corresponding to different servers, password leakage in traditional authentication methods, and so on. In order to solve the problems described above, this paper proposes a single-server environment authentication scheme based on SM9 algorithm for mobile internet. For different application systems, users that only needed to memorize a unified identification and password could pass through authentication in different application systems and obtained application services and resources. The proposed scheme combined the SM9 algorithm and password hiding to realize ciphertext transmission and mutual authentication, achieved higher security and robustness with one-time key. At the same time, the proposed scheme could reduce the user’s memory burden and offer a better application experience. Through security analysis, the proposed scheme can provide resistance to replay attacks, counterfeiting attacks, smartphone loss attacks and other common attacks. Through performance comparison, the proposed scheme has stronger robustness, higher security, better convenience and less computation cost than other similar schemes, and has high application value in high security scenario, such as mobile payment and contactless access control.

    Figures and Tables | References | Related Articles | Metrics
    Secret Image Transmission and Tamper Recovery Based on Compressed Sensing for Fog Computing
    ZHENG Hongying, LI Lin, XIAO Di
    2021, 21 (4):  10-20.  doi: 10.3969/j.issn.1671-1122.2021.04.002
    Abstract ( 390 )   HTML ( 18 )   PDF (1219KB) ( 92 )  

    In the three-layer data transmission framework of fog computing, the image data privacy leakage is still one of the most serious problems. In particular, most of the encryption methods are not suitable for the situation of limited physical terminal resources. Therefore, for these scenarios, we need to design an appropriate method to protect data privacy. Compressed sensing(CS) is promising to solve this problem because of its lightweight and confidentiality. In this paper, a three-layer transmission scheme of image data based on CS encryption algorithm is proposed: it can not only realize the secure transmission of data, but also realize the tamper location and recovery by combining with Reed-solomon code(RS) to deal with tamper attacks. In the aspect of confidentiality, the block CS is used to achieve lightweight encryption on the terminal, then the measured value is locally normalized in the fog server due to that the measured values may leak the plaintext energy, and then the generated energy values is encrypted with high intensity so that the transmission process can achieve perfect confidentiality. In the aspect of integrity, the robustness of CS and the redundancy of RS coding are used to achieve the location and recovery of tampered data. Simulation results and analyses verify the performance of the proposed scheme.

    Figures and Tables | References | Related Articles | Metrics
    Privacy-preserving Attribute-based Dynamic Broadcast Encryption Mechanism in Multi-user Communication System
    YOU Wenting, ZHANG Leyou, YE Yadi, LI Hui
    2021, 21 (4):  21-30.  doi: 10.3969/j.issn.1671-1122.2021.04.003
    Abstract ( 392 )   HTML ( 11 )   PDF (1963KB) ( 212 )  

    Multi-user information sharing mechanism has been paid more and more attention with the rapid development of cloud computing and the Internet of things. However, when users upload personal data to the cloud server to share with different users, unauthorized users and untrusted third-party cloud service providers will snoop on these private data, which will pose a serious threat to data security and user privacy. In addition, there are still some challenges in the multiple-user sharing mechanism, such as inflexible access control, user revocation and dynamic management, etc. To address these problems, this paper proposes a dynamic broadcast encryption mechanism. It combines attribute-based encryption with broadcast encryption techniques. The scheme uses the oblivious transmission protocol to realize the receiver anonymity and protect the user privacy while ensuring the data security. Additionally, the scheme supports new users to join the system dynamically at any time without affecting the decryption ability of previous users in the system, and achieves user revocation and fast decryption. Performance analysis shows that the scheme has obvious advantages in security and efficiency compared with existing schemes.

    Figures and Tables | References | Related Articles | Metrics
    A Covert Channel Communication Method Based on Pixel Offset Encoding and Decoding Technique
    SONG Yubo, MA Wenhao, HU Aiqun, WANG Junbo
    2021, 21 (4):  31-38.  doi: 10.3969/j.issn.1671-1122.2021.04.004
    Abstract ( 231 )   HTML ( 15 )   PDF (1226KB) ( 69 )  

    Using screen-camera covert channel, covert communication can be realized by shooting the screen. The current implementation of screen-camera covert channel requires a strictlylimited shooting angle for the camera. Given this situation, this paper introduces a screen-camera covert channel method based on pixel offset coding technique. In this method, pixel values of the display frame are offset and embed QR code into the frame.Using the poor ability of the human eye for distinguishing images with similar contrast and brightness, the frames can be sent to the camera secretly. In the decoding process, the offset is extracted, and the perspective restoration method is used to neutralize the interference caused by shooting angles and the QR codeisrestored. QR code is used as the information coding scheme, and pixel value offset coding is used as the transmission coding scheme. This combination combines the high error correction ability of QR code and the strong anti-interference ability of offset coding to realize robust transmission. In this paper, the feasibility of the method is verified by experiments, Experimental results show that this method is suitable for image extraction and restoration in the presence of shooting angle, and the average module error rate is less than 3%.

    Figures and Tables | References | Related Articles | Metrics
    ARF-based Tor Website Fingerprint Recognition Technology
    CAI Manchun, WANG Tengfei, YUE Ting, LU Tianliang
    2021, 21 (4):  39-48.  doi: 10.3969/j.issn.1671-1122.2021.04.005
    Abstract ( 398 )   HTML ( 16 )   PDF (2062KB) ( 140 )  

    Criminals use Tor and other anonymous communication systems to construct dark Webs to conceal their illegal activities, which brings severe challenges to network supervision. Website fingerprint recognition technology can infer the sites that users visit based on encrypted traffic, which is an effective monitoring method. Existing Website fingerprint recognition technologies mostly use batch-based static models, which cannot effectively solve the problem of concept drift. Aiming at Tor Website fingerprints, a dynamic Website fingerprint recognition model based on adaptive random forest algorithm is proposed. The model uses an adaptive random forest algorithm as the classifier, supports two input of manual features and automatic features, and can dynamically update the classifier model according to the feature stream to realize online classification and recognition of Website fingerprints. The experimental results show that the dynamic Website fingerprint recognition model based on ARF is better than the existing multiple Website fingerprint recognition methods, and can effectively solve the problem of concept drift in existing models.

    Figures and Tables | References | Related Articles | Metrics
    An Authentication Scheme for Conditional Privacy Preserving Based on Pseudonym in Intelligent Transportation
    WANG Jian, ZHAO Manli, CHEN Zhihao, SHI Bo
    2021, 21 (4):  49-61.  doi: 10.3969/j.issn.1671-1122.2021.04.006
    Abstract ( 326 )   HTML ( 10 )   PDF (1450KB) ( 106 )  

    In scenarios such as intelligent transportation and driverless driving, vehicles exchange data with road side units to realize vehicle-road coordination, which helps to improve traffic safety as well as alleviate traffic congestion. However, there are still many security problems when exchanging data, among which privacy disclosure is the main security problem it is suffering now. Most existing privacy preserving schemes, requiring computations of high complexity or tamper-proof devices of high-cost, are inefficient and cannot meet the real-time requirements of intelligent transportation applications such as driverless driving. An authentication protocol for conditional privacy preservation based on pseudonym has been proposed, including identity authentication based on chameleon Hash function and message authentication based on elliptic curve. It has been proved that the proposed scheme realizes anonymity and traceability for vehicles in the process of data exchange, and is able to resist various security attacks. The performance analysis shows that this scheme is more feasible under intelligent transportation than compared ones in performance of computing, communication and storage overhead.

    Figures and Tables | References | Related Articles | Metrics
    Network Attack Path Analysis Method Based on Vulnerability Dynamic Availability
    ZHANG Kai, LIU Jingju
    2021, 21 (4):  62-72.  doi: 10.3969/j.issn.1671-1122.2021.04.007
    Abstract ( 391 )   HTML ( 28 )   PDF (2101KB) ( 164 )  

    The existing network attack path analysis methods do not consider the dynamic characteristics of vulnerabilities, and do not consider the problem of vulnerability exploitation failure when describing the state transition caused by vulnerability exploitation. By modeling the change of vulnerability availability over time, this paper proposes an absorbing Markov chain model using an improved state transition probability calculation method. This method combines the actual situation of network attack and defense, fully considers the situation of vulnerability exploitation failure, and reasonably calculates the state transition probability. Firstly, the attack graph is generated for the target network, and the absorbing Markov chain is constructed based on calculating the vulnerability dynamic availability probability. Then, by using the properties of state transition probability matrix, the node threat ranking, the expected length of attack path and the path success probability are calculated and analyzed in time dimension. Experimental results show that the proposed method is more accurate in node threat ranking than the existing methods, and the calculation of the expected length of attack path and the path success probability is more consistent with the actual situation of network attack and defense.

    Figures and Tables | References | Related Articles | Metrics
    Research on Technology of Reversible Data Hiding in Encrypted Domain Based on Homomorphic Encryption
    LIN Wenbing, ZHANG Minqing, ZHOU Neng, KONG Yongjun
    2021, 21 (4):  73-80.  doi: 10.3969/j.issn.1671-1122.2021.04.008
    Abstract ( 376 )   HTML ( 10 )   PDF (1438KB) ( 144 )  

    In order to improve the embedding capacity and realize the separability of decryption and information extraction, the algorithm applies the characteristics of Hilbert curve and homomorphic encryption to reversible data hiding in the encrypted domain. First, the image owner preprocesses the original image and constructs the ciphertext mirror point (CMP) after encryption. Then, the data hider embeds the secret information on the target pixel through homomorphic addition. Finally, the receiver can not only extract the secret information, but also restore the original image lossless. Experiments have proved that this scheme can not only realize the separability of decryption and extraction of information, but also the maximum embedding capacity can reach 69120 bits under the guarantee of image quality.

    Figures and Tables | References | Related Articles | Metrics
    A Novel Fraud Prevention Strategy Based on Bargaining Bayesian Game Model
    REN Hang, CHENG Xiangguo, ZHANG Rui, XIA Hui
    2021, 21 (4):  81-88.  doi: 10.3969/j.issn.1671-1122.2021.04.009
    Abstract ( 318 )   HTML ( 10 )   PDF (1822KB) ( 117 )  

    The multimedia information is vulnerable to attacks by attackers. For example, malicious applications offer false quotes to fraud users who have not taken protective measures, resulting in great threats to users’ property or privacy. To solve the above problem, this paper proposed a novel fraud prevention strategy based on bargaining Bayesian game model to protect user privacy. To suppress the malicious application of false offer through bargaining, this scheme firstly used four rounds of bargaining to determine the income matrix, and introduced the detection rate adjustment of user to adjust it. To avoid personal privacy disclosure, this paper determined the optimal defense strategy by Bayesian Nash equilibrium analysis to prevent users from being deceived by malicious attackers. The simulation experiment results show that this strategy is able to increase the revenue of transactions between users and applications and reduce the probability of malicious applications adopting malicious deception strategies, thereby enhancing the security of user’s privacy.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight Dynamic Binary Instrumentation Algorithm for Embedded Software
    LIANG Xiaobing, KONG Lingda, LIU Yan, YE Xin
    2021, 21 (4):  89-95.  doi: 10.3969/j.issn.1671-1122.2021.04.010
    Abstract ( 431 )   HTML ( 17 )   PDF (1055KB) ( 256 )  

    Binary instrumentation is a key technology in the fields of software performance analysis, vulnerability mining, and quality evaluation. When working on the embedded environment, traditional dynamic instrumentation algorithms are facing limitations like lacking operating system, complex CPU architecture, and tight memory resources. Those limitations make binary instrumentation on embedding software extremely difficult. Therefore, this paper studies the lightweight binary dynamic instrumentation technology, and realizes the acquisition of software runtime information through static feature analysis and dynamic tracking algorithms. Graph-based algorithms and embedded-oriented remote debugging protocol are introduced as well. Compared with the traditional solution, the solution in this article solves the dependence on source code, operating system or CPU architecture, while significantly reducing the occupancy rate of memory and computing resources. Therefore dynamic binary instrumentation work can be effectively solved.

    Figures and Tables | References | Related Articles | Metrics