Loading...
Netinfo Security

Table of Content

    10 March 2023, Volume 23 Issue 3 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    An Outsourceable and Policy-Hidden Attribute-Based Encryption Scheme in the IIoT System
    GUO Rui, WEI Xin, CHEN Li
    2023, 23 (3):  1-12.  doi: 10.3969/j.issn.1671-1122.2023.03.001
    Abstract ( 360 )   HTML ( 39 )   PDF (13320KB) ( 191 )  

    The data access control scheme in the IIoT environment has some prominent problems, such as the heavy computing burden of the decryption device, failure to protect the private information of the decryption device, and failure to track illegal device. To solve the above problems, an outsourced policy-hidden attribute-based encryption scheme in the IIoT environment was proposed. In the scheme, with the help of edge computing technology, most of the decryption operations of massive industrial data were outsourced to edge computing nodes, thus significantly reducing the computational burden of decryption devices. The access structure in ABE was divided into two parts in the scheme, thus introducing the technology of policy hiding, which protected the privacy information of decryption devices while achieving the confidentiality of the industrial data. In addition, blockchain technology was used to achieve the supervision and audit of equipment in the system. Through formal analysis, it is proven to be secure in a selectively chosen-plaintext attack(CPA). By using the PBC cryptographic library and Hyperledger Fabric blockchain platform, simulations of this scheme with existing schemes are performed. The experiment results show that this scheme has high computational efficiency and is suitable for IIoT environments.

    Figures and Tables | References | Related Articles | Metrics
    A Certificate-Based Digital Signature Scheme
    AN Haoyang, HE Debiao, BAO Zijian, PENG Cong
    2023, 23 (3):  13-21.  doi: 10.3969/j.issn.1671-1122.2023.03.002
    Abstract ( 422 )   HTML ( 48 )   PDF (11521KB) ( 241 )  

    Digital signature is an important tool to realize digital authentication. It has the characteristics of identity authentication, anti-repudiation, and anti-forgery. Therefore, it is widely used in current network communication, e-commerce and other scenarios. Certificate-based signature is a special signature algorithm that can solve both the certificate verification problem in traditional signature algorithms and the key escrow problem in identity-based signature algorithms. This paper proposed a certificate-based digital signature scheme. The certificate authority did not need to provide certificate status information to the entire system, but only needed to contact the certificate holder for revocation and renewal. The scheme proposed in this paper consisted of system initialization algorithm, user key generation algorithm, certificate authorization algorithm, signature algorithm and verification algorithm, and it was proved in the random oracle model that the scheme can resist both Type I and Type II adversaries. The existence of unforgeability under adaptive chosen message attack was satisfied. Compared with other certificate-based signature schemes, the scheme proposed in this paper has obvious advantages in communication overhead and is more suitable for application scenarios with limited communication resources.

    Figures and Tables | References | Related Articles | Metrics
    Enabling Privacy-Preserving Range Queries in Blockchain-Based Collaborative Databases with Bilinear Pairings
    LI Chunxiao, WANG Yaofei, XU Enliang, ZHAO Yu
    2023, 23 (3):  22-34.  doi: 10.3969/j.issn.1671-1122.2023.03.003
    Abstract ( 308 )   HTML ( 25 )   PDF (15548KB) ( 193 )  

    Database sharing is a data aggregation scheme that provides convenience for users to search all databases. Blockchain-based collaborative databases are widely adopted because they are more flexible, transparent, and can eliminate trust servers in the traditional centralized data-sharing model. However, due to wide attacking surfaces in a blockchain network, this decentralized data-sharing paradigm is subject to malicious data breaches. Untrusted blockchain nodes can directly obtain sensitive information from the blockchain. Therefore, failure to address these inherent security issues properly will hinder the wide adoption of secure decentralized applications. This paper devise a novel bit-block encryption scheme to support encrypted range queries via block-based pattern matching.The proposed scheme couldan simultaneously enables a dramatic query speed up and preserves semantic security guarantee. This paper complete the prototype implementation on Enthereum. Experiment results on real-world datasets demonstrate the feasibility and practicability of the proposed scheme.

    Figures and Tables | References | Related Articles | Metrics
    A Privacy-Preserving Analysis Model of Human-to-Human Transmission of Infectious Diseases
    LI Xiaohua, WANG Suhang, LI Kai, XU Jian
    2023, 23 (3):  35-44.  doi: 10.3969/j.issn.1671-1122.2023.03.004
    Abstract ( 261 )   HTML ( 15 )   PDF (12323KB) ( 104 )  

    With the advent of the Internet of Everything and the era of big data, tracking the close contacts of patients through offline interactive data, and using health data to continuously detect the health status of close contacts bring new research perspectives for the analysis of human-to-human transmission of infectious diseases and provid a new way of blocking the spread of infectious diseases. However, such methods also have serious privacy leakage problems. Therefore, an Analysis Model of Human-to-Human Transmission of Infectious Diseases based on Offline Interaction and Health Data (AMHHTID-OIHD) was designed based on offline interaction and health data. The model consisted of six entities: trusted institutions, health cloud servers, interactive cloud servers, Centers for Disease Control (CDC), hospitals, and users. Finally, CDC found close contacts of the patient and classifies their health status in privacy-preserving way. Based on KNN classification and Gaussian Naive Bayes classification, combined with homomorphic encryption technology, the ciphertext conversion algorithm, privacy protection close contact search algorithm, and privacy protection health state classification algorithm of AMHHTID-OIHD were designed. The correctness and safety of the above algorithms were also analyzed and tested. The test results show that our model can complete the expected task objectives with a low overhead and privacy protection.

    Figures and Tables | References | Related Articles | Metrics
    Secure Scheduling Algorithm for Heterogeneous Executors for Mimic Clouds
    WANG Ruimin, XING Yongxu, SONG Wei, ZHANG Jianhui
    2023, 23 (3):  45-55.  doi: 10.3969/j.issn.1671-1122.2023.03.005
    Abstract ( 265 )   HTML ( 13 )   PDF (21806KB) ( 95 )  

    As cloud services become more widely used, attacks based on unknown vulnerabilities or backdoors become their most significant security threat. Mimic cloud services based on mimic defense are established to secure them by reducing the probability of continuous exposure to vulnerabilities. However, the mimic scheduling algorithm proposed by current research lacks the consideration of executors’ own security and cannot take into account dynamicity and heterogeneity. This paper proposed a priority scheduling algorithm based on heterogeneity and security degree by introducing the definition of heterogeneity and security degree of execution pool, and introduced a dynamic scheduling strategy combining time slices to solve the above problems. The experimental results show that the proposed algorithm has better dynamicity and can obtain better scheduling effect, achieving the balance between dynamicity, heterogeneity and security, and also has the advantages of low time complexity.

    Figures and Tables | References | Related Articles | Metrics
    Privacy Protection Scheme of Consortium Blockchain Based on Group Signature and Homomorphic Encryption
    ZHANG Xuewang, ZHANG Hao, YAO Yaning, FU Jiali
    2023, 23 (3):  56-61.  doi: 10.3969/j.issn.1671-1122.2023.03.006
    Abstract ( 379 )   HTML ( 42 )   PDF (7582KB) ( 165 )  

    In order to solve the problem of user’s identity privacy exposure in the consortium blockchain application, this paper proposed a consortium blockchain privacy protection scheme based on group signature and homomorphic encryption, which improved the single group administrator mechanism in the group signature based on the secret sharing algorithm and set multiple group administrators to keep the group private key together. Based on the homomorphic encryption algorithm, multiple group administrators worked together to generate member private keys that were known only to group members. Through comparison and analysis with existing schemes, this scheme has strong anonymity, anti-forgery, and can effectively resist the active trapping attack of group administrators. Finally, simulation experiments show that the time overhead of this scheme is within the acceptable range.

    Figures and Tables | References | Related Articles | Metrics
    Location Privacy Protection Scheme for Group Signature with Backward Unlinkability
    ZHOU Quan, ZENG Zhikang, WANG Kemeng, CHEN Menglong
    2023, 23 (3):  62-72.  doi: 10.3969/j.issn.1671-1122.2023.03.007
    Abstract ( 278 )   HTML ( 19 )   PDF (13110KB) ( 132 )  

    User’s location privacy often contains sensitive data information. For some existing location privacy protection schemes, because they do not fully consider the reliability of anonymous data and the backward unlinkability of revocation of group members, they cannot protect user's location privacy very well. Therefore, a group signature location privacy protection scheme with backward irrelevance is proposed. The scheme constructed an anonymous set by requesting and responding to requests from users and collaborating users, which avoided the privacy disclosure of requesting users due to the cracking of anonymous servers. The signature private key string was generated by requesting the user's registration time, enabling the scheme to support backward unrelated revocation of the anomalous user. The security analysis and performance analysis show that the scheme has higher security and lower calculation cost.

    Figures and Tables | References | Related Articles | Metrics
    A Multi-Dimensional Root Cause Localization Algorithm for Microservices
    SHI Yuan, LI Yang, ZHAN Mengqi
    2023, 23 (3):  73-83.  doi: 10.3969/j.issn.1671-1122.2023.03.008
    Abstract ( 306 )   HTML ( 11 )   PDF (13805KB) ( 147 )  

    With the gradual maturity of virtualized container technologies such as Docker, because of its scalability, flexibility and other characteristics that perfectly fit the microservice architecture, the industry gradually deploys microservice architecture applications in container-based cloud environments, and use container orchestration tools such as Kubernetes to manage the full life cycle of the application. Under such a complex microservice architecture, how to use artificial intelligence technology to efficiently find abnormalities and locate the root cause becomes the top priority. First, the article summarized the main challenges and existing key technologies for anomaly detection and root cause localization in the context of microservice systems. Then, aiming at the problem that the coverage of existing anomaly detection was not comprehensive, we proposed a multi-dimensional anomaly detection method based on unsupervised learning, it combined service and machine resource utilization data for comprehensive analysis on the basis of call chain Trace data to ensure that service response time anomalies can be detected, and service resource utilization anomalies and environmental anomalies can also be identified. Finally, in the case of known anomalies, in order to reduce the root cause localization time, expand the localization range and reduce the granularity, we proposed a lightweight anomaly propagation subgraph-based method. It unified the data of the two dimensions of service interface and machine node into the anomaly propagation subgraph for root cause localization. The experiments results show that proposed method has shorter localization time compared with the existing methods, and not only broadens the root cause localization scenario, but also has a significant improvement in accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain Transaction Data Privacy-Preserving Scheme Supporting National Cryptographic Algorithm
    WANG Jingyu, MA Zhaofeng, XU Danheng, DUAN Pengfei
    2023, 23 (3):  84-95.  doi: 10.3969/j.issn.1671-1122.2023.03.009
    Abstract ( 486 )   HTML ( 37 )   PDF (15939KB) ( 287 )  

    With the development of blockchain technology, the realization of data sharing on the chain has become an important application to promote the implementation of the blockchain industry. The transaction data of the current blockchain is open and transparent on the chain, with problems of restricted sharing. At the same time, considering that the Hyperledger Fabric platform is limited in domestic applications due to the lack of support of the national cryptographic algorithm, this paper transformed the Fabric platform by adopting the national cryptographic algorithm firstly. Secondly, a transaction data privacy-preserving scheme was proposed to complete the security and limited sharing of transaction data with national cryptographic algorithm. Finally, the modified Fabric platform and the proposed solution were tested for system implementation and performance. The experimental results show that this paper completes the national cryptographic algorithm transformation of the Fabric platform, which ensures the correctness of various operations. The implementation efficiency and system performance of the privacy protection scheme also meet the practical requirements.

    Figures and Tables | References | Related Articles | Metrics
    Educational Data Classification Based on Deep Learning
    TAN Liuyan, RUAN Shuhua, YANG Min, CHEN Xingshu
    2023, 23 (3):  96-102.  doi: 10.3969/j.issn.1671-1122.2023.03.010
    Abstract ( 339 )   HTML ( 27 )   PDF (8003KB) ( 169 )  

    The continuous development of big data technology and the frequent occurrence of data leakage incidents have created an urgent need to protect data security in the education industry. In the education industry, it contains precise information on personal education and growth, which is of great value. Therefore, protecting educational data security has become an urgent need. To solve this problem, an educational data classification method based on deep learning is proposed in this paper. First, according to the role of data subject, three categories of personal data, organizational data, and business data were defined. Then, a Bi-LSTM neural network model combining based on word mixed embedding was proposed and implemented for automation and intellectualization of educational data classification. Finally, this paper validated the proposed classification method through experiments on two universities’ datasets. The experiment results show that the accuracy of our model can reach 95%, and all performance metrics are optimal compared with baselines.

    Figures and Tables | References | Related Articles | Metrics