Loading...
Netinfo Security

Table of Content

    10 May 2023, Volume 23 Issue 5 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Research on Anonymous Traffic Classification Method Based on Machine Learning
    ZHAO Xiaolin, WANG Qiyao, ZHAO Bin, XUE Jingfeng
    2023, 23 (5):  1-10.  doi: 10.3969/j.issn.1671-1122.2023.05.001
    Abstract ( 394 )   HTML ( 63 )   PDF (10333KB) ( 385 )  

    Anonymous communication tools not only protect users’ privacy, but also provide shelter for crimes, making it more difficult to purify and supervise the network environment. Classification of anonymous traffic generated during information exchange in anonymous networks can refine the scope of network supervision. Aiming at the problems of insufficient granularity of traffic classification and low accuracy of anonymous traffic classification in the application layer in the existing anonymous traffic classification field, this paper proposed an application layer multi classification method for anonymous traffic based on machine learning. It included the feature extraction model based on auto-encoder and random forest, and the anonymous traffic multi classification model based on convolutional neural networks and XGBoost. The classification effect is improved through feature reconstruction and model combination, and is verified on Anon17 public anonymous traffic dataset, proving the usability, effectiveness and accuracy of the designed model.

    Figures and Tables | References | Related Articles | Metrics
    Research of New Forms of Pseudorandom Random Function
    LI Zengpeng, WANG Mei, CHEN Mengjia
    2023, 23 (5):  11-21.  doi: 10.3969/j.issn.1671-1122.2023.05.002
    Abstract ( 268 )   HTML ( 23 )   PDF (12958KB) ( 130 )  

    The outsourcing of computing and data storage services has become a common practice with the rise in popularity of the cloud computing model, and concerns about data security and privacy protection are receiving more and more attention from business community and academic community. One of the current research topics in cryptography is new forms of Pseudorandom Function (PRF), a tool for retrieval and a solution to one of the problems with ciphertext security. Many cryptographic primitives are currently being investigated to target encrypted data secure computing, such as fully homomorphic encryption (FHE), lattice-based cryptography, threshold cryptography, secure multiparty computing and PRF. The study of new forms of PRF is now primarily focused on three aspects: 1) lattice-based private constrained PRF with verifiability; 2) lattice-based constrained PRF with adaptive security; and 3) lattice-based multi-point puncturable PRF with applicability. In a nutshell, this paper thoroughly analyzed the significant research findings in this area.

    Figures and Tables | References | Related Articles | Metrics
    Research on En-Route False Data Filtering Technology in Wireless Sensor Network
    FENG Guangsheng, ZHANG Yingxi, REN Yifei, GAO Sulin
    2023, 23 (5):  22-31.  doi: 10.3969/j.issn.1671-1122.2023.05.003
    Abstract ( 149 )   HTML ( 10 )   PDF (12935KB) ( 72 )  

    Because the actual environment of wireless sensor network application is relatively complex and the wireless network itself node channel is fragile, sensor nodes are vulnerable to false data injection attacks, resulting in waste of sensor energy and communication resources, and even system paralysis. En-route filtering technology on the way is one of the effective ways to solve the above problems. Firstly, this paper began with an introduction to the basic principles of en-route filtering technology. Secondly, specific technical research was carried out on the four steps of key distribution, event report generation, en-route filtering and sink verification in the en-route filtering technology. According to different principles, the key distribution process and the en-route filtering process were classified and studied, and some important filtering methods and their advantages and disadvantages were analyzed in detail.

    Figures and Tables | References | Related Articles | Metrics
    Multi-Keyword Searchable Encryption Scheme Based on Verifiable Secret Sharing
    QIN Baodong, CHEN Congzheng, HE Junjie, ZHENG Dong
    2023, 23 (5):  32-40.  doi: 10.3969/j.issn.1671-1122.2023.05.004
    Abstract ( 213 )   HTML ( 23 )   PDF (10917KB) ( 102 )  

    With the rapid development of cloud storage technology, searchable encryption technology has been widely used in the implementation of data security and personal information protection, and has been paid attention by many scholars at home and abroad as a research hotspot. The security of the encryption system depends on the confidentiality of the key. However, at present, most searchable encryption schemes require users to manage the key by themselves. There is a risk of key leakage and loss, which affects the security of the encryption scheme, and also limits users who need to use different devices. Aiming at the key management problem of searchable encryption, the paper proposed a key reconfigurable multi-keyword searchable encryption scheme based on verifiable secret sharing. Users only need to rely on their biometrics and password to complete data outsourcing and retrieval, and get rid of the problem of self-managed keys. The scheme meets the two security attributes of selecting keywords indistinguishable and identity authentication, and ensures that data outsourcing and retrieval can be completed only when the password is correct and the biometrics are close enough to the template. The correctness of user characteristics is calculated and verified by the server, and privacy information such as the user's original biometrics, keys and keywords cannot be obtained.

    Figures and Tables | References | Related Articles | Metrics
    Multiple Persistent Faults Analysis with Unknown Faults
    MAO Hongjing, CHENG Yukun, HU Honggang
    2023, 23 (5):  41-49.  doi: 10.3969/j.issn.1671-1122.2023.05.005
    Abstract ( 143 )   HTML ( 10 )   PDF (11438KB) ( 42 )  

    Persistent Fault Analysis (PFA) is a novel fault analysis technique proposed in 2018, which has attracted widespread attention from home and abroad. Although various analysis methods for different cryptographic systems have been proposed, research on the fault model with unknown fault values is still an open problem, which represents a more practical attack scenario. Particularly when dealing with multiple faults, it is more difficult to control the overlap of the original and faulty values. This paper proposed a multiple persistent fault analysis model under a relatively loose fault model. Attackers did not need to know any information about fault values, locations, or even number. By exploiting the property that persistent faults remained unchanged during all encryption processes, the range of fault values was narrowed down using the results of different bytes of ciphertext, eventually leading to key recovery. Both theoretical proof and simulation experiments were conducted to verify the effectiveness of the analysis model. Taking the AES-128 algorithm as an example, with only 150 ciphertexts under the condition of ciphertext-only, the number of candidate keys can be controlled within a small range. The success rate of the attack is above 99%, effectively reduce the required number of ciphertexts. By increasing the number of rounds, the key can be recovered even after frequent key-update, significantly reducing the difficulty of the attack.

    Figures and Tables | References | Related Articles | Metrics
    Research on the Supply Chain Security Risk Assessment Methods for Mixed Source Operating System
    ZHAO Jun, REN Yi, LI Bao, TAN Yusong
    2023, 23 (5):  50-61.  doi: 10.3969/j.issn.1671-1122.2023.05.006
    Abstract ( 129 )   HTML ( 14 )   PDF (14127KB) ( 68 )  

    At present, software supply chain security incidents occur frequently, and conducting security risk assessments can identify potential risks. This is an important method to manage security risks and prevent security incidents. As the core foundational software of information systems, the mixed source operating system (MSOS) is widely used in the government, power, finance, communication and other important fields, and its supply chain should be paid more attention to. Due to the diverse code sources, large code scale, and complex structure and component dependencies of MSOS, existing software supply chain security risk assessment methods are not fully applicable to MSOS in terms of ensuring goals and indicator systems. To address this issue, the article proposed traceability, availability and security assurance objectives for supply chain security. Based on these assurance objectives, risk factors affecting the supply chain security of MSOS was analyzed, and a measurable indicator system was designed to evaluate its security risk. The effectiveness of the indicator system was verified through examples, and some relevant technical means and tools that can be used to evaluate important indicators were summarized and elaborated.

    Figures and Tables | References | Related Articles | Metrics
    Identification Method of Malicious Software Hidden Function Based on Siamese Architecture
    CHEN Zitong, JIA Peng, LIU Jiayong
    2023, 23 (5):  62-75.  doi: 10.3969/j.issn.1671-1122.2023.05.007
    Abstract ( 183 )   HTML ( 25 )   PDF (20301KB) ( 141 )  

    At present, hiding technology has been widely used in malware to avoid the detection of anti-virus engines and reverse analysis by researchers. Therefore, effective identification of hidden functions in malware is of great significance for malware code detection and in-depth analysis. However, in this field, the existing methods have more or less problems, such as inability to obtain high accuracy, poor robustness to data sets with small sample size or unbalanced distribution of sample categories. In order to implement a practical detection method for malicious software hidden functions, a novel identification method based on Siamese architecture is proposed to detect the type of hidden functions. This method can effectively improve the accuracy of hidden function recognition, and the introduction of Siamese architecture improves the problem of poor robustness of small sample size data sets. For the dataset of 15 common types of hidden functions extracted from malicious software, the experimental results show that the embedded vector generated by this method has better quality than the nearest embedded neural network SAFE, and this method has higher detection accuracy than several common hidden function detection tools.

    Figures and Tables | References | Related Articles | Metrics
    Design of High Speed Reconfigurable Modulo Arithmetic Unit for Block Cipher
    ZHANG Xiaolei, DAI Zibin, LIU Yanjiang, QU Tongzhou
    2023, 23 (5):  76-84.  doi: 10.3969/j.issn.1671-1122.2023.05.008
    Abstract ( 211 )   HTML ( 10 )   PDF (10606KB) ( 86 )  

    Modulo arithmetic unit is the key component of coarse grain reconfigurable cryptographic array (CGRCA). It can cover more types of block ciphers by reconfiguring arithmetic cryptographic operators with different processing width and modulus. However, the high execution latency and low functional coverage of the existing modulo arithmetic units limit the overall performance improvement of CGRCA. By analyzing the characteristics of modulo arithmetic in block ciphers, this paper proposed reconfigurable modular arithmetic unit (RMAU), which unified the mathematical expression of the operators and designed a RMAU. The unit supported five modular multiplication operations, three modular addition operations, and three multiply-accumulate operations. At the same time, the critical path delay of the unit was optimized by discarding useless bits in the partial product, extending the Wallace tree to compress the summing process, and shortening the modular correction module’s execution path. The function and performance of RMAU were tested in CMOS 180 nm process. The experimental results show that while RMAU has high functional coverage, compared with modular multiplier RCE unit, extensible modular multiplier structure and RNS multiplier, the computation delay is reduced by 39%, 44% and 47%, respectively.

    Figures and Tables | References | Related Articles | Metrics
    An Access Control Scheme for Verifying the Correctness of Outsourcing Encrypted Data in EHR System
    ZHANG Xiaoxu, SHI Runhua
    2023, 23 (5):  85-94.  doi: 10.3969/j.issn.1671-1122.2023.05.009
    Abstract ( 138 )   HTML ( 14 )   PDF (10797KB) ( 41 )  

    To meet the growing demand for telemedicine services, electronic health record (EHR) systems have become popular in recent years. Data owners can upload EHRs to the cloud for data sharing via mobile devices. However, there can be privacy breaches in EHR systems. Attribute-based encryption (ABE) provided a good solution for the secure sharing of data. Usually, mobile devices have limited computing power and it is very difficult to implement the complex encryption operations of ABE. Therefore, this paper assigned heavy encryption operations to the edge server (ES). However, the ES could be subject to attacks. It was crucial to check whether the ES encrypts the correct plaintext. This paper proposed a double-outsourced lightweight verification scheme based on zero-knowledge proofs to check the correctness of the data in the ES. To prevent EHR information from being leaked to dishonest ESs, this paper combined blockchain with hybrid encryption for more secure data sharing. Experimental results show that the proposed scheme is effective.

    Figures and Tables | References | Related Articles | Metrics
    A Proactive Multi-Secret Sharing Scheme for Cloud Storage
    PEI Bei, ZHANG Shuihai, LYU Chunli
    2023, 23 (5):  95-104.  doi: 10.3969/j.issn.1671-1122.2023.05.010
    Abstract ( 156 )   HTML ( 8 )   PDF (12222KB) ( 68 )  

    The article proposed a multi-secret sharing method that can be used in cloud storage scenarios. The solution was based on gated cryptography and active security technology and was designed to ensure secure storage of data over long periods of time. In this scheme, the confidential data uploaded by the user was first split into multi secrets, and these secrets were shared secretly. Then, the shadow shares after sharing were selected separately for stored by different cloud service providers, thus satisfying the security of the (k,n) threshold scheme. In this process, the secret distributor was responsible for distributing and sharing the secrets and ensuring that each cloud service provider helds only a shadow share of a portion of the data. To ensure the security of the system, the scheme used a cyclic policy in share update and verification phase such that an attacker can only gain access to the original secret or any information about it if he compromised no less than k cloud service providers in one update cycle. Notably, the scheme avoid direct interaction between various cloud providers, thus reducing the cost of communication interactions between cloud storage providers. At the same time, the scheme used threshold cryptography and active security technology, which can ensure the security of the system and the long-time secure storage of data. The comparative analysis with other schemes proves that the scheme proposed in the paper is more efficient and more suitable for storing large-scale secret data.

    Figures and Tables | References | Related Articles | Metrics