Netinfo Security

Eff icient Implementation Scheme of Batch Verif ication Based on SM2 Signatures

LI Li, BAI Lu, TU Hang, ZHANG Biao

2022, 22 (5): 1-10. doi: 10.3969/j.issn.1671-1122.2022.05.001

Abstract ( 455 )

HTML ( 48 )

PDF (1181KB) ( 406 )

Multiple signatures need to be verified in digital currency transactions, and batch verification can shorten the calculation time and reduce calculation load. This paper proposed an efficient SM2 batch verification scheme, which used semi-scalar multiplication to calculate the result of point multiplication on the elliptic curve corresponding to the first signature value, and used congruence polynomials and the resultant to verify the correctness of batch signatures. This scheme optimized the design of the point multiplication algorithm, the seminumeric point multiplication algorithm, the multi-parameter inversion algorithm and the resultant calculation, and was implemented on the NXP secure smart card controller N7121 platform. Experimental results show that when the system clock frequency is 96 MHz, the CPU clock frequency and the cryptoclock coprocessor frequency are 48 MHz and 96 MHz respectively, and the memory space that the crypto coprocessor can access is 4 kB, modular multiplications of 7 SM2 signatures at once is less than 13000. The running time is 128.17 ms. Compared with verifying individual signatures one by one, the calculation speed of the proposed scheme can be increased by 2.1 time.

Figures and Tables | References | Related Articles | Metrics

Survey of Formal Specification Methods in Theorem Proving of Ethereum Smart Contract

HUA Jingyu, HUANG Daming

2022, 22 (5): 11-20. doi: 10.3969/j.issn.1671-1122.2022.05.002

Abstract ( 331 )

HTML ( 11 )

PDF (1016KB) ( 225 )

Formal verification of Ethereum smart contract is getting more and more attention. Among all the formal verification technologies, theorem proving can process big state spaces while keeping less false positives. Theorem proving requires powerful formal specification methods and logic systems. This paper presents a survey of formal specification methods in theorem proving of Ethereum smart contract. Different formal specification methods are discussed and compared from view of semantic model of programming language and blockchain, security properties and functional properties of smart contract and the choice of automated prover or interactive proof assistant. Finally, the difficulties of current research and future directions are indicated.

Figures and Tables | References | Related Articles | Metrics

A Cyber Threat Intelligence Sharing Scheme Based on Cross-Chain Interaction

FENG Jingyu, ZHANG Qi, HUANG Wenhua, HAN Gang

2022, 22 (5): 21-29. doi: 10.3969/j.issn.1671-1122.2022.05.003

Abstract ( 353 )

HTML ( 24 )

PDF (1256KB) ( 353 )

With the deepening of digital transformation in various industries, the network boundary is gradually fading, and cyber threat intelligence sharing has become a necessary means to protect the security of information infrastructure. Aiming at the query and transaction performance bottleneck of single chain threat intelligence sharing, this paper proposed a threat intelligence sharing scheme based on cross-chain interaction. By designing a multi-chain model involving intelligence chain, supervision chain and integral chain, the scheme could prevent malicious utilization of information by internal members, and effectively improve the sharing willingness and efficiency of information sharing by participants. In order to ensure the consistency of cross-chain interaction, a cross-chain mechanism based on Hash locking was adopted to construct smart contract to protect the security of information exchange among multiple chains. Considering that threat information had the characteristics of mass data, pluralism and heterogeneity, an intelligence processing mechanism was designed to unify the description and transformation of threat information. The experimental analysis is performed on WeCross, a domestic open source cross-chain platform, to demonstrate the effectiveness of the proposed scheme.

Figures and Tables | References | Related Articles | Metrics

Research on Formal Analysis Based on Event of Group Key Agreement Protocol

SHEN Yan, YAO Mengmeng

2022, 22 (5): 30-36. doi: 10.3969/j.issn.1671-1122.2022.05.004

Abstract ( 211 )

HTML ( 13 )

PDF (1109KB) ( 138 )

Group key agreement protocol is a research hotspot in the fields of Internet of things, wireless, blockchain, video conference and so on. The group key agreement protocol contains many exchange messages, and the cryptographic algorithms used for message authentication and encryption are also complex, which brings certain difficulties to the formal description and security analysis of cryptographic protocols. Based on strand space theory, this paper proposed related concepts and event-based formal analysis methods. The method was intuitive, concise and effective, which was easy to formally describe complex cryptographic protocols, and could simplify the security analysis process of cryptographic protocols. In this paper, the event-based formal analysis method was used to formally describe and analyzed the group key agreement protocol. The analysis of the protocol also proved the validity and correctness of the formal analysis method proposed in this paper.

Figures and Tables | References | Related Articles | Metrics

Simulated Annealing and Particle Swarm Enhanced Relational Database Watermark

KONG Jiaqi, WANG Liming, GE Xiaoxue

2022, 22 (5): 37-45. doi: 10.3969/j.issn.1671-1122.2022.05.005

Abstract ( 235 )

HTML ( 8 )

PDF (1119KB) ( 194 )

In recent years, with the improvement of data openness, database watermark has become increasingly important in database security. Database watermark can carry out copyright authentication and traceability of leaked data to ensure data security. However, existing watermark models have low watermark capacity and weak anti-attack robustness. This paper proposes a new database watermark method PADEW. PADEW used an improved particle swarm algorithm based on simulated annealing to avoid falling into the local optimal solution. This enhancement found better watermark embedding positions, thereby increased the watermark capacity and reducing distortion. In addition, this research proposed to use a weighted loss function based on attribute importance to improve the robustness against attribute dimension attacks. The experiments employed watermark capacity, average distortion, and watermark detection rate against multiple attacks to evaluate the performance of PADEW. Experiment results show that PADEW can reduce the distortion caused by watermark embedding while providing more watermark capacity. In addition, PADEW has stronger robustness against various attacks, including tuple deletion attacks, tuple addition attacks, bit flip attacks, and attribute deletion attacks. Especially in the face of 50% attribute deletion attacks, the watermark detection rate is still as high as 81%.

Figures and Tables | References | Related Articles | Metrics

An Intrusion Detection Method of Train Control System Based on Ensemble Learning

WANG Haoyang, LI Wei, PENG Siwei, QIN Yuanqing

2022, 22 (5): 46-53. doi: 10.3969/j.issn.1671-1122.2022.05.006

Abstract ( 272 )

HTML ( 25 )

PDF (1177KB) ( 225 )

This paper proposes an intrusion detection method based on ensemble learning. The random forest classifier is used to integrate the spatial feature extraction model of one-dimensional multi-scale convolution network and the temporal feature extraction model of adaptive time convolution network, so as to reduce the network generalization error and improve the accuracy of intrusion detection. Based on the intrusion detection data set simulated by the hardware-in-the-loop simulation platform of train control system, this paper conducts experimental evaluation and comparative tests on the proposed intrusion detection method, and the results prove the advantages of the method.

Figures and Tables | References | Related Articles | Metrics

Research on the Restricted Sharing Technology of Private Credit Data Based on Blockchain

LIU Jiawei, MA Zhaofeng, WANG Shushuang, LUO Shoushan

2022, 22 (5): 54-63. doi: 10.3969/j.issn.1671-1122.2022.05.007

Abstract ( 308 )

HTML ( 15 )

PDF (1800KB) ( 150 )

With the development of credit system, the digitization of credit data is an inevitable choice to promote the construction of social credit. At present, user credit data is mainly stored in clear text in centralized credit institutions, which has the problems of difficult sharing and poor security. Thanks to the traceability and non tamperability of blockchain, it provides a new distributed storage solution for the credit field. Combined with blockchain, homomorphic encryption algorithm, access control algorithm and asymmetric algorithm, this paper proposed a blockchain model of limited data sharing and privacy protection. In the model, the credit data was encrypted by calling ECC asymmetric algorithm and sent to the cloud server. CKKS algorithm in seal database was introduced into the cloud for homomorphic encryption, which solved the pain point of high overhead in ciphertext calculation. Took the blockchain certificate issuing center as the trusted third party to complete the initialization, key generation and distribution of the improved access control algorithm CP-ABE. Finally, deposit the credit data on the blockchain. The system implemented by this model can ensure fine-grained access control and privacy protection of user rights. The function and performance evaluation shows that the method proposed in this paper has good reference significance and application value in the field of privacy protection, credit deposit and access control in the field of digital credit. The application system throughput and blockchain TPS can meet the needs of practical application performance.

Figures and Tables | References | Related Articles | Metrics

Network Security Defense Decision-Making Method Based on Time Differential Game

SUN Pengyu, TAN Jinglei, LI Chenwei, ZHANG Hengwei

2022, 22 (5): 64-74. doi: 10.3969/j.issn.1671-1122.2022.05.008

Abstract ( 361 )

HTML ( 21 )

PDF (2070KB) ( 213 )

Most of the existing network defense decision-making methods aim at defense intensity, neglecting network attack and defense timing influence and reducing security defense efficacy. Related research on timing decision in network security area is considerably limited, while most methods merely model on time dimension to analyze attack and defense behavior and lack intensity consideration. This paper studied both defense intensity and defense timing decision, and proposed a timing and differential game combined defense decision method. First, characteristics of network defense actions and timing were analyzed, and actions and timing strategies were defined. Second, refering to propagation dynamics model, network security status differential functions were elaborated. This paper analyzed evolution process of network node security status, and presented a network attack-defense timing differential game model. Third, this paper solved saddle point equilibrium of game, and proposed optimal defense decision-making method on that. Experiment results indicate effectiveness of the model and algorithm, and network defense efficacy enhanced on intensity and time aspects compared with existing papers.

Figures and Tables | References | Related Articles | Metrics

False Data Injection Attack Detection Method against PMU Measurements

ZHOU Jingyi, LI Hongjiao

2022, 22 (5): 75-83. doi: 10.3969/j.issn.1671-1122.2022.05.009

Abstract ( 335 )

HTML ( 6 )

PDF (1147KB) ( 138 )

A novel unsupervised online learning detection method was proposed for false data injection attack detection of PMU measurements, which was called corrected robust random cut forest (CRRCF). Firstly, RRCF was an unsupervised online-learning algorithm, which could quickly adapt to the PMU measurement after the topology change and generate abnormal scores to reflect the abnormal degree of samples. Secondly, according to the abnormal scores of RRCF, CRRCF used Gaussian Q function and sliding window to calculatethe abnormal probability. Thirdly, the abnormal probability modified the judgment of abnormal degree from RRCF and adapted to changes of attack number and attack magnitude. The simulation results show that compared with the static learning method, the online learning method can solve the problem of concept drift caused by topology changes, while compared with other online learning methods, CRRCF can always maintain higher detection accuracy and F1 score when the attack number and the attack magnitude change.

Figures and Tables | References | Related Articles | Metrics

Research on the Security Model of Multi-Authority for Attribute Encryption Based on Blockchain

CUI Haoyu, MA Limin, WANG Jiahui, ZHANG Wei

2022, 22 (5): 84-93. doi: 10.3969/j.issn.1671-1122.2022.05.010

Abstract ( 376 )

HTML ( 17 )

PDF (1792KB) ( 186 )

In the cloud environment, attribute encryption algorithms can effectively implement fine-grained access control of data cloud storage. Attribute encryption algorithms based on a single authority may have problems such as single point of failure and difficulty in key distribution, while attribute encryption algorithms based on multi-authority institutions have problems such as high communication overhead and untrustworthy authority. In view of the above problems, this paper proposed a blockchain-based attribute encryption multi-authority security access control model. Firstly, multiple authorized agencies jointly participate in the generation and secure transmission of attribute keys, which avoids the leakage of key information. Secondly, through the consensus mechanism and the sliding window mechanism, the authorized nodes are dynamically elected, the single point of failure is solved, the number of authorized nodes is dynamically adjusted, and the load balance is realized. Theoretical analysis and experimental data show that the scheme proposed in this paper can effectively ensure data security and improve the credibility, reliability and auditability of authorized institutions.

Figures and Tables | References | Related Articles | Metrics

Table of Content