Loading...
Netinfo Security

Table of Content

    10 May 2021, Volume 21 Issue 5 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    RFID Security Authentication Protocol Based on Blockchain Technology
    LI Peng, ZHENG Tiantian, XU He, ZHU Feng
    2021, 21 (5):  1-11.  doi: 10.3969/j.issn.1671-1122.2021.05.001
    Abstract ( 394 )   HTML ( 19 )   PDF (1156KB) ( 133 )  

    The security authentication protocol in the traditional RFID application field is mainly based on a centralized database, while the protocol based on the centralized database has problems such as data loss and tampering. As a distributed technology, blockchain has the characteristics of decentralization, higher reliability and transparency, and can effectively solve the data security problems that may be caused by the traditional RFID security authentication protocol central server. In this regard, the blockchain and RFID are combined to propose a RFID security authentication protocol based on blockchain technology, which uses exclusive OR, bit rotation and other operations to encrypt data, and transfers verification calculations to readers and block chain nodes. The identification of malicious readers is added to the protocol to reduce the cost of invalid calculation. In addition, the feasibility of the protocol is verified through smart contracts and truffle simulation of the protocol data exchange process, and the security of the protocol is verified through theoretical analysis and GNY proof, to ensure that the protocol effectively prevents various attacks such as eavesdropping, replay and decentralization.

    Figures and Tables | References | Related Articles | Metrics
    Attribute Weight Snapshot Selection Strategy Based on Docker Container Fault Recovery
    ZHENG Jun, NIE Rong, WANG Shouxin, TAN Yu’an
    2021, 21 (5):  12-18.  doi: 10.3969/j.issn.1671-1122.2021.05.002
    Abstract ( 350 )   HTML ( 8 )   PDF (1138KB) ( 124 )  

    In recent years, as a new virtualization technology, Docker container technology has been widely concerned and used because of its advantages of good isolation, low cost, safe and convenient deployment. The reliability of Docker container has become the focus of current research. However, there are many tasks in Docker container that break down at any time during operation, which is almost unavoidable. Container snapshot technology is one of the main methods for fault recovery. At present, the main snapshot selection methods are minimum time difference from fault snapshot selection strategy and manual snapshot selection strategy, but none of these strategies has a comprehensive evaluation and rigorous decision-making process for the target container. This paper proposes an attribute weight snapshot selection strategy based on Docker container fault recovery. When recovering the target container, according to different requirements scenarios and function characteristics of the container in use, the attribute index weight allocation method and comprehensive scoring selection algorithm of the snapshot are combined to get the optimal snapshot suitable for the target container to recover from a fault. Through the evaluation of several container resource indicators, it is found that compared with the minimum time difference selection strategy, the strategy proposed in this paper can make the container in a better performance state after recovery.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain-based Fair Exchange Scheme
    ZHOU Yousheng, ZHONG Tianqi
    2021, 21 (5):  19-30.  doi: 10.3969/j.issn.1671-1122.2021.05.003
    Abstract ( 307 )   HTML ( 9 )   PDF (1625KB) ( 137 )  

    With the popularization of online services such as E-commerce and E-government, a large number of contract signing businesses have been derived. In the Internet environment, business parties often have no physical contact, and the two parties do not trust each other, which brings huge challenges to the fair exchange of contract signing. And in an open Internet environment, contract signing must not only satisfy the authentication function, but also ensure the confidentiality of data transmission in some applications. The fair exchange scheme based on blockchain in this paper to replace the trusted third party in traditional schemes to achieve the fairness of the scheme, while ensuring data confidentiality and authenticity.

    Figures and Tables | References | Related Articles | Metrics
    Research on Detection Method of User Abnormal Operation Based on Linux Shell Commands
    WU Chi, SHUAI Junlan, LONG Tao, YU Junqing
    2021, 21 (5):  31-38.  doi: 10.3969/j.issn.1671-1122.2021.05.004
    Abstract ( 546 )   HTML ( 43 )   PDF (1307KB) ( 229 )  

    Aiming at the security requirements of data center, this paper studies and designs two kinds of abnormal operation detection methods based on rule and command sequence, and realizes the abnormal operation detection system based on Linux Shell commands. In the rule-based abnormal operation detection method module, a rule base matching algorithm is designed to detect the Shell commands executed by the monitored users. In the module of abnormal operation detection method based on command sequence, the user behavior feature library is constructed with the legal user history command sequence as the training set, and the abnormal operation detection algorithm based on abnormal command sequence is used to determine whether the monitored user operation is abnormal. The experimental results show that in the university data center environment, the rule-based abnormal operation detection method has high detection efficiency, and the command sequence based abnormal operation detection method has high detection accuracy, which can meet the abnormal detection requirements of the data center for users to execute Shell commands.

    Figures and Tables | References | Related Articles | Metrics
    The Masking Method of Civil Aviation Passenger Data Based on Improved Format-preserving Encryption
    GU Zhaojun, CAI Chang, WANG Ming
    2021, 21 (5):  39-47.  doi: 10.3969/j.issn.1671-1122.2021.05.005
    Abstract ( 393 )   HTML ( 13 )   PDF (1184KB) ( 98 )  

    In order to quantify and test the correlation of desensitization data, this paper proposes the inverse test method and defect index. A sensitive sub-segment model is proposed to eliminate the data relevance based on format-preserving encryption. By calculating the relevance of each sub-segment and setting a threshold to eliminate the relevance, reasonable sub-segments of desensitization are screened. Theoretical analysis and experimental results show that the improved format-preserving encryption scheme reduces the defect degree of the desensitized data, reduces the risk of data leakage effectively, and maintains the availability of civil aviation passenger data.

    Figures and Tables | References | Related Articles | Metrics
    Signal Game Model and Migration Strategies for Multi-stage Platform Dynamic Defense
    WANG Gang, WANG Zhiyi, ZHANG Enning, MA Runnian
    2021, 21 (5):  48-57.  doi: 10.3969/j.issn.1671-1122.2021.05.006
    Abstract ( 336 )   HTML ( 9 )   PDF (1654KB) ( 182 )  

    In order to improve the signal recognition ability and defense effect of network platform in attack defense confrontation, the signal game model and migration strategy of multi-stage platform dynamic defense are proposed. Firstly, starting from the principle of platform dynamic defense, this paper analyzes the topology structure and game flow of platform dynamic defense, constructs the signal game model of multi-stage platform dynamic defense, gives the definition of attack and defense revenue parameters, introduces detection and detection factors, and analyzes the impact of information obtained by both sides on the next stage of the game. Secondly, according to the signal game process, the refined Bayesian equilibrium solution method of multi-stage equilibrium strategy is demonstrated, and then the optimal migration strategy selection algorithm of multi-stage platform dynamic defense is proposed. Finally, the effectiveness of the proposed model and strategy is verified by examples and simulations.

    Figures and Tables | References | Related Articles | Metrics
    Design and Implementation of Monitoring Platform for Medical Data Abuse Based on Blockchain
    LIU Zi’ang, HUANG Yuanyuan, MA Jiali, ZHOU Rui
    2021, 21 (5):  58-66.  doi: 10.3969/j.issn.1671-1122.2021.05.007
    Abstract ( 371 )   HTML ( 18 )   PDF (1178KB) ( 200 )  

    Medical data management systems store many patients’ medical privacy data with very high value, and these data become the targets of internal and external attackers. Therefore, this paper proposes a medical data operation recording system based on blockchain technology(RecordGuard). The system can record the use of medical data by medical staff or patients themselves and then store these data via blockchain technology. The system is designed to help regulatory authorities track medical data use, and meanwhile, in case of medical disputes, allow arbitration agencies to verify the evidence’s authenticity, which mainly alleviates the problem of mistrust between doctors and patients.

    Figures and Tables | References | Related Articles | Metrics
    Research on Trusted Server Startup Method Based on BMC
    XU Wanshan, ZHANG Jianbiao, YUAN Yilin, LI Zheng
    2021, 21 (5):  67-73.  doi: 10.3969/j.issn.1671-1122.2021.05.008
    Abstract ( 340 )   HTML ( 9 )   PDF (1109KB) ( 96 )  

    Based on hardware security, trusted computing technology can effectively realize the security of local and remote computing systems through trust chain, remote attestation and other technologies, and has been widely used in system security startup and measurement attestation. At present, the secure startup technology of terminal equipment has been relatively mature, but the research on trusted server startup technology is still less. Aiming at the problems of server BIOS firmware and operating system kernel image being tampered with, trust loss and low efficiency caused by long trust chain during server startup, this paper proposes a trusted server startup method based on BMC (baseboard manager controller). In this method, BMC is taken as the trusted root, and the star trust chain structure is used to construct the trust chain to realize the trusted start of the server. At the same time, combining with the information flow non-interference theoretical model, this paper gives a formal description of the trusted server startup. BMC is a common component on the server. The trusted startup method proposed in this paper takes BMC as the trusted root, which does not need additional hardware and has better versatility. At the same time, because of the star structure, this method reduces the trust transmission in the server startup process, and can effectively improve the security and efficiency of the server startup process.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Application of SM Algorithms of Implicit Certificate
    WANG Kaixuan, TENG Yajun, WANG Qiongxiao, WANG Wei
    2021, 21 (5):  74-81.  doi: 10.3969/j.issn.1671-1122.2021.05.009
    Abstract ( 698 )   HTML ( 28 )   PDF (1656KB) ( 230 )  

    With the development of 5G technology, Internet of Everything has become the mainstream development direction in today's science and technology field.With the increasing number of device nodes in Internet of Thing, the security authentication of the Internet of Things becomes more and more important.In recent years, there have been frequent security problems in the field of Internet of Things,a large number of micro IoT devices have no corresponding authentication mechanism. For IoT devices, compared with traditional authentication schemes, implicit certificate schemes are more suitable for memory resource-constrained application environments in terms of computation. Based on SM2 and SM3,this paper designs an implicit certificate scheme,and uses OpenSSL to implement the functions of issuing,signing and verifying the implicit certificate.At the same time, based on the implementation of traditional digital certificate scheme and SM algorithms implicit certificate scheme,this paper carries out performance test and analysis and comparison on the same platform, the results show that the proposed scheme is significantly better than the traditional scheme on the verification in terms of time consumption.

    Figures and Tables | References | Related Articles | Metrics
    An Improved Method of Backdoor Attack in DNN
    REN Shixuan, WANG Maoyu, ZHAO Hui
    2021, 21 (5):  82-89.  doi: 10.3969/j.issn.1671-1122.2021.05.010
    Abstract ( 428 )   HTML ( 19 )   PDF (1339KB) ( 174 )  

    Trigger generation network is the key algorithm of backdoor attack in deep neural network. The existing trigger generation networks have the two main problems: First, the candidate dataset of trigger uses static manual selection, and doesn’t consider the sensitivity of candidate dataset. Therefore, it has redundant data. Second, the trigger generation network only considers how to activate the target neuron, and does not consider the anti-detection problem of the generated triggers. Aiming at the problem of redundancy of candidate data sets, this paper uses sensitivity analysis methods to select data sets that are more sensitive to the target neuron to reduce redundant data. In the face of the existing trigger detection methods, the improved trigger generation network can ensure the accuracy of the attack, by designing the clustering result and randomization confusion as a comprehensive punishment method, the generated trigger can bypass the detection. Experimental results show that the trigger generated by this method can maintain a high attack accuracy rate. The results also show a low attack detection rate in the cluster detection method and a high attack rejection rate in the STRIP perturbation detection method.

    Figures and Tables | References | Related Articles | Metrics
    Cascading Failure Model for Inter-domain Routing System Based on Optimal Valid Path
    ZHANG Jun, WANG Yongjie, ZHANG Jingye, YANG Lin
    2021, 21 (5):  90-99.  doi: 10.3969/j.issn.1671-1122.2021.05.011
    Abstract ( 331 )   HTML ( 5 )   PDF (1613KB) ( 73 )  

    The cascading failure of the inter-domain routing system has a great impact on the security of inter-domain routing network, so it is necessary to conduct an in-depth study on cascading failure modeling. Based on the analysis of business relationship and routing strategy of inter-domain routing network, this paper proposes an optimal valid path discovery algorithm and VIRS betweenness in line with the actual situation, defines the initial load and capacity of links based on the VIRS betweenness, designs the load redistribution process based on the optimal valid path discovery algorithm, and then constructs a cascading failure model of inter-domain routing system. The model complements the shortcomings of existing studies by considering the failure causes of nodes and links separately and adding recovery mechanisms of nodes and links. The algorithm complexity analysis and experiment show the effectiveness and accuracy of the optimal valid path discovery algorithm. The model simulation experiment studies the influence of different parameters and recovery mechanisms on cascading failure. The research results are useful for analyzing the causes of cascade failure in inter-domain routing system and maintaining network security against cascade failure.

    Figures and Tables | References | Related Articles | Metrics