Loading...
Netinfo Security

Table of Content

    10 July 2024, Volume 24 Issue 7 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    CONTENTS
    2024, 24 (7):  0-0. 
    Abstract ( 67 )   PDF (1898KB) ( 70 )  
    Related Articles | Metrics
    A Certificateless Anonymous Authentication Key Agreement Protocol for VANET
    LIU Yidan, MA Yongliu, DU Yibin, CHENG Qingfeng
    2024, 24 (7):  983-992.  doi: 10.3969/j.issn.1671-1122.2024.07.001
    Abstract ( 170 )   HTML ( 26 )   PDF (11612KB) ( 101 )  

    In the vehicular ad-hoc network (VANET), nodes communicate on open wireless channels, making them vulnerable to malicious attacks. Ensuring the integrity of message and anonymity of identities during vehicle communication has become crucial. In response to the problem that existing WZQ protocol cannot resist ephemeral key leakage attack, this article proposed a certificateless anonymous authentication key agreement protocol for VANET named iWZQ. iWZQ used certificateless signature technology to solve complex key storage and key escrow problems, and separated identity authentication and traffic message verification to avoid the problem of frequent checking of message revocation list. In addition, the security of this protocol has been proven using provable theory and Scyther tool. Comparing the proposed protocol with other protocols, the performance analysis results show that iWZQ effectively reduces computational time and communication costs while improving security.

    Figures and Tables | References | Related Articles | Metrics
    A Heterogeneous Cross-Domain Conditional Privacy Protection Ring Signcryption Scheme for V2I Communication
    LUO Ming, ZHAN Qibang, QIU Minrong
    2024, 24 (7):  993-1005.  doi: 10.3969/j.issn.1671-1122.2024.07.002
    Abstract ( 67 )   HTML ( 11 )   PDF (15017KB) ( 35 )  

    The vehicles-to-infrastructure (V2I) communication is an important component of vehicle self-organizing networks. Ensuring secure transmission of messages in V2I has always been a focus of research, and various conditional privacy protection schemes suitable for V2I communication have been proposed in recent years. However, in most existing ring signcryption-based schemes, the common assumption is that both the sender and receiver must be within the same cryptographic system and use the same system parameters within the same domain. With the complexity of communication scenarios, this assumption has limitations, and most signcryption-based schemes fail to meet the known temporary session key security. To address these issues, we proposed a heterogeneous cross-domain conditional privacy protection ring signcryption scheme for V2I communication. Our scheme enabled cross-domain communication between vehicles in certificateless cryptography (CLC) and infrastructure in Public Key Infrastructure (PKI). In the Random Oracle Model (ROM), our scheme satisfied confidentiality and unforgeability through rigorous security proofs. Compared with four schemes that provide similar functions, our scheme has the lowest computing cost and tracking cost.

    Figures and Tables | References | Related Articles | Metrics
    Design of Reconfigurable Key Security Authentication Protocol for IoT Based on National Cryptography SM9
    HUANG Wangwang, ZHOU Hua, WANG Daiqiang, ZHAO Qi
    2024, 24 (7):  1006-1014.  doi: 10.3969/j.issn.1671-1122.2024.07.003
    Abstract ( 97 )   HTML ( 7 )   PDF (9267KB) ( 58 )  

    To enhance the security and reliability of communication protocols and improve user privacy, a secure authentication protocol for IoT was designed based on the national cryptographic SM9. This protocol aimed to ensure both data source security and data transmission security. Using only point doubling, point addition, and Hash operations, the protocol achieved the encapsulation and reconstruction of shared keys. Additionally, it integrated pseudo one-time-one-key and one-time-one-identity mechanisms to enhance the security and efficiency of key transmission. The protocol guaranteed the security of ciphertext data transmission and identity authentication. The proposed scheme has been formally verified through ProVerif to satisfy nine critical security properties. Compared to other protocols, it incurs lower computational and communication overheads, making it highly suitable for resource-constrained industrial IoT devices.

    Figures and Tables | References | Related Articles | Metrics
    Three-Factor Authentication and Key Agreement Protocol Based on Chaotic Map for Industrial Internet of Things Systems
    ZHANG Xiaojun, ZHANG Nan, HAO Yunpu, WANG Zhouyang, XUE Jingting
    2024, 24 (7):  1015-1026.  doi: 10.3969/j.issn.1671-1122.2024.07.004
    Abstract ( 112 )   HTML ( 20 )   PDF (14323KB) ( 34 )  

    Through various terminal sensor devices, Industrial Internet of Things (IIoT) system transmits the collected key industrial data to the industrial Internet of things platform in real time, to provide data intelligent analysis and decision-making. However, illegal access to industrial data will lead to information security issues, such as data or sensitive identity leakage, data tampering, which will affect the normal operation of IIoT system. To this end, for IIoT system, this paper built a distributed data anonymous transmission architecture under multi-user, multi-gateway and multi-industrial Internet of Things platform, and proposed a three-factor anonymous authentication and key agreement protocol based on chaotic map. The protocol realized the three-factor login authentication of smart card, password, and biometric information from the user to the mobile terminal device. Under the assistance of the gateway, the user utilized the mobile terminal device to realize two-way anonymous authentication from the user to the IIoT platform based on chaotic map technology and key credentials, and simultaneous achieved the session key agreement for subsequent secure communication. The application of the protocol was extended, including the update of each user’s password and biometric information, the revocation function of smart card, and the synchronous update of multi-gateway key based on Chinese remainder theorem. Security analysis and performance evaluation demonstrate that the proposed protocol can be securely and efficiently deployed in IIoT system.

    Figures and Tables | References | Related Articles | Metrics
    Blockchain Scaling Solutions: ZK-Rollup Review
    ZHANG Jiwei, WANG Wenjun, NIU Shaozhang, GUO Xiangkuo
    2024, 24 (7):  1027-1037.  doi: 10.3969/j.issn.1671-1122.2024.07.005
    Abstract ( 200 )   HTML ( 18 )   PDF (12763KB) ( 77 )  

    Blockchain application systems have achieved remarkable progress in the global market in recent years. With the proliferation of blockchain technology across various sectors such as finance, healthcare, energy, and the Internet of Things, the volume of transactions has surged, thereby exacerbating issues related to scalability and transaction costs. Addressing these challenges has turned Layer-1 and Layer-2 scaling technologies into focal points of research, with numerous methods proposed to mitigate these issues. This paper provided a concise overview of Layer-1 solutions and primarily delved into various Layer-2 solutions, comparing their respective advantages and limitations. This paper placed particular emphasis on the ZK-Rollup solution, delving into its underlying principles and examining its advantages in addressing scalability and reducing transaction fees. Furthermore, it identified potential challenges associated with ZK-Rollup technology, including security, privacy protection, and compatibility with other blockchain systems. In response to these challenges, the paper proposed possible improvements and optimizations, aiming to provide new insights and methodologies for enhancing blockchain scalability and transaction efficiency.

    Figures and Tables | References | Related Articles | Metrics
    A Cross-Contract Fuzzing Scheme Based on Function Dependencies
    ZHANG Liqiang, LU Mengjun, YAN Fei
    2024, 24 (7):  1038-1049.  doi: 10.3969/j.issn.1671-1122.2024.07.006
    Abstract ( 51 )   HTML ( 7 )   PDF (15624KB) ( 20 )  

    With the rapid development of blockchain applications and the widespread use of smart contracts, the security incidents caused by smart contract have increased dramatically and have caused huge losses to digital assets. Although there are some tools to detect smart contract security vulnerabilities, these tools mainly target single smart contract and do not take into account cross-contract interdependencies, resulting in more false positives. In order to address the above-mentioned problems of high false positives and high performance consumption of smart contract vulnerability detection tools in cross-contract scenarios, this paper proposed FIFuzz, a cross-contract fuzzing scheme based on function dependencies, the enhanced ContractRank algorithm was used to model inter-contract dependencies and the concept of function importance was proposed to characterize the importance of functions in inter-contract interactions. After the pre-processing was completed, the fuzzy test was performed, and the search space for cross-contract vulnerability detection was reduced by using the function importance-based transaction sequence generation strategy and the address type data generation strategy based on the contract address mapping relationship to improve the detection efficiency. In addition, the contract call simulation was used to reduce the false positives of vulnerability detection. Through comparison experiments with relevant tools, FIFuzz detects vulnerabilities in 80% shorter time compared to other tools, detects twice as many vulnerabilities as other tools, and the accuracy of FIFuzz in detecting cross-contract vulnerabilities is significantly better than other tools. The experimental results show that the solution proposed in this paper can effectively improve the detection accuracy of cross-contract vulnerabilities, reduce the false alarm rate, and shorten the time overhead.

    Figures and Tables | References | Related Articles | Metrics
    High-Quality Full-Size Image Steganography Method Based on Improved U-Net and Hybrid Attention Mechanism
    DONG Yunyun, ZHU Yuling, YAO Shaowen
    2024, 24 (7):  1050-1061.  doi: 10.3969/j.issn.1671-1122.2024.07.007
    Abstract ( 42 )   HTML ( 5 )   PDF (16864KB) ( 24 )  

    Image steganography is a technique for hiding secret information within images to prevent detection. Current image steganography models face issues, such as poor image generation quality and weak resistance to steganalysis. The hybrid attention mechanism can suppress meaningless channel information to avoid artifacts in the stego image and assign different weights based on the importance of different positions in the cover image, thereby finding more suitable hiding areas for the secret information. Based on these features, this paper proposed a high-quality, full-size image steganography method based on U-Net and hybrid attention mechanisms. The model comprised three subnetworks: an encoder, an extractor, and a discriminator. The encoder was designed using an improved U-Net structure and a hybrid attention mechanism module; the extractor was designed using convolutional neural networks and a hybrid attention mechanism module; the discriminator enhanced the model’s security. Experimental results show that this method can completely hide a 256×256 color secret image within a cover image of the same size, achieving high-quality image steganography without reducing the steganographic capacity. This method demonstrates good visual quality and hiding capacity on the ImageNet, COCO, and DIV2K datasets. On the ImageNet dataset, the PSNR values can reach up to 40.143 dB (cover image and stego image) and 42.082 dB (secret image and reconstructed secret image), while also improving the model’s resistance to steganalysis.

    Figures and Tables | References | Related Articles | Metrics
    Context-Based Abnormal Root Cause Algorithm
    ZHOU Shucheng, LI Yang, LI Chuanrong, GUO Lulu, JIA Xinhong, YANG Xinghua
    2024, 24 (7):  1062-1075.  doi: 10.3969/j.issn.1671-1122.2024.07.008
    Abstract ( 58 )   HTML ( 10 )   PDF (19836KB) ( 22 )  

    In the current era of large-scale industrial digital transformation, the integration of cloud-native architecture with microservices technology has become the core competitive advantage of transformation. This development model improves the integrity and flexibility of the software development, deployment, and testing processes. However, with the development of the Internet, the complexity of Trace data and timing issues in a microservices architecture have led to lower accuracy in anomaly detection and slower root cause localization. In response to these challenges, this paper initially proposed a time-based, multi-dimensional metric anomaly detection algorithm. This algorithm combined multi-dimensional metrics with time series anomaly detection to significantly increase the accuracy of anomaly detection. By improving the Service Trace Metric Vector, it addressed the lower accuracy issues in anomaly detection when physical resources were sufficient and overcomes the limitations of traditional anomaly detection methods through time series detection. Additionally, this paper proposed a root cause localization algorithm based on a “link-operation” graph combined with context. This algorithm effectively improved the accuracy of root cause localization by deeply analyzing the dependency relationships between services in historical Trace data. The algorithm merged structurally similar Trace graphs, not only saving a considerable amount of time in graph construction but also enhancing the efficiency and precision of root cause localization. Experiments results indicate that the methods proposed in this paper can identify and localize the root causes of anomalies more quickly and accurately compared to traditional methods.

    Figures and Tables | References | Related Articles | Metrics
    Research on TTP Extraction Method Based on Pre-Trained Language Model and Chinese-English Threat Intelligence
    REN Changyu, ZHANG Ling, JI Hangyuan, YANG Liqun
    2024, 24 (7):  1076-1087.  doi: 10.3969/j.issn.1671-1122.2024.07.009
    Abstract ( 81 )   HTML ( 6 )   PDF (13607KB) ( 38 )  

    The tactics, techniques, and procedures (TTP) intelligence primarily resides in unstructured threat reports and serves as a valuable source of cyber threat intelligence. However, the existing open-source TTP classification label datasets are predominantly focused on the English domain, with limited coverage of source materials and TTP types, particularly lacking relevant data in the Chinese domain. To address this issue, this paper constructed a bilingual TTP intelligence dataset, bilingual threat intelligence classifying dataset (BTICD), which included 17700 samples and 236 corresponding TTPs. BTICD was the first to utilize publicly available Chinese threat report as corpora for TTP annotation and also annotated a portion of white-box samples that cannot be mapped to any TTP. This paper introduced and fine-tuned pre-trained models on the bilingual dataset to obtain a bilingual TTP identification model SecBiBERT. Experimental results show that SecBiBERT achieves a Micro F1 score of 86.49% on the 50 common TTP classification tasks and a Micro F1 score of 73.09% on the full set of 236 TTP classification tasks, which outperforms existing similar models.

    Figures and Tables | References | Related Articles | Metrics
    A Fingerprint Identification Method of Multi-Page and Multi-Tag Targeting Tor Website
    CAI Manchun, XI Rongkang, ZHU Yi, ZHAO Zhongbin
    2024, 24 (7):  1088-1097.  doi: 10.3969/j.issn.1671-1122.2024.07.010
    Abstract ( 64 )   HTML ( 8 )   PDF (10963KB) ( 28 )  

    Tor anonymous communication system is often used by criminals to engage in darknet criminal activities. Tor webpage fingerprint identification technology provide technical means for darknet supervision. Aiming at the problem of poor practicality of single label tor website recognition technology in the process of network supervision, this paper proposed a multi-page and multi-tag tor fingerprint identification method. Firstly, standard particle swarm optimization and K nearest neighbor (KNN) were optimized and combined, and KNN based on adaptive PSO (APSO-KNN) model was proposed for successive multi-tag website segmentation. Then, 1D CNN combined with self-attention mechanism (SA-1DCNN) model was used to classify content of website fragments. Finally, APSO-KNN memory scoring mechanism was used to select suboptimal segmentation point of website that failed to be identified. Experimental results show APSO-KNN uses particle search mechanism instead of exhaustive traversal mechanism to find the split point. It can achieve 96.3% segmentation accuracy, and efficiency is significantly improved compared with the traditional KNN algorithm. Deep learning model SA-1DCNN is better than machine learning model in terms of resist website segmentation error and can achieve 96.1% identification accuracy.

    Figures and Tables | References | Related Articles | Metrics
    Large Language Model-Generated Text Detection Based on Linguistic Feature Ensemble Learning
    XIANG Hui, XUE Yunhao, HAO Lingxin
    2024, 24 (7):  1098-1109.  doi: 10.3969/j.issn.1671-1122.2024.07.011
    Abstract ( 66 )   HTML ( 9 )   PDF (13240KB) ( 39 )  

    The rapid development of large language model (LLM) has provided great convenience for daily life and work, but has also brought challenges for individuals and society. Therefore, there is an urgent need for detectors that can detect text generated by large language models. For good detection performance and generalization ability, this paper proposed a large language model-generated text detection method based on linguistic feature learning—EBF detection. EBF detection combined the fine-tuned pre-trained language model and higher-order natural language statistical features, and used the decision mechanism to realize the LLM-generated text detection. Experimental results show that EBF Detection not only achieves an average detection accuracy of 98.72% on in-domain data, but also achieves an average detection accuracy of 96.79% on out-of-domain data.

    Figures and Tables | References | Related Articles | Metrics
    Optimization of Cost of Edge-Cloud Collaborative Computing Offloading Considering Security
    SHEN Xiuyu, JI Weifeng
    2024, 24 (7):  1110-1121.  doi: 10.3969/j.issn.1671-1122.2024.07.012
    Abstract ( 36 )   HTML ( 5 )   PDF (13327KB) ( 20 )  

    To meet the requirements for secure and efficient computing offloading in edge computing, the computing offloading scheme should not only consider the cost optimization of normal computation task offloading, but also take into account the security costs arising from defending against DDoS attacks. In a multi-user, multi-task edge computing system, we proposed an edge-cloud collaborative computing offloading considering security (E-CCOCS). First, the computing offloading process was modeled, and a security model was used to detect malicious offloading traffic and generated trust values for all terminal devices based on the detection results. The joint offloading cost optimization problem of time delay, energy consumption, and security cost was formulated as a mixed-integer nonlinear programming problem. Second, for the cooperative offloading scenario of terminal devices-edge and edge-cloud, a double-layer improved particle swarm optimization algorithm (DLI-PSO) was proposed to solve the offloading cost optimization problem. Simulation results show that the convergence of the DLI-PSO algorithm is superior to the compared algorithms, and the cost of the E-CCOCS secure offloading scheme is lower than the cost of the compared schemes, effectively addressing DDoS attacks.

    Figures and Tables | References | Related Articles | Metrics
    Research on APT Attack Defense System Based on Threat Discovery
    ZHAO Xinqiang, FAN Bo, ZHANG Dongju
    2024, 24 (7):  1122-1128.  doi: 10.3969/j.issn.1671-1122.2024.07.013
    Abstract ( 99 )   HTML ( 18 )   PDF (7146KB) ( 61 )  

    The unknown and uncertainty of APT attacks make it difficult for traditional defense systems to quickly detect and defend, and their continuous evolution ability also makes traditional defense methods based on feature detection technology inadequate. This paper presented an APT attack and defense model based on the concept of red-blue confrontation, and summarized the steps and techniques of common network attacks based on the classification of kill chains. It also proposed a defense concept model with the core of APT threat discovery and a comprehensive security technology framework of “cloud, management, end, and ground” collaboration based on the practical experience of APT attack and defense.

    Figures and Tables | References | Related Articles | Metrics
    Research and Scheme Design of Cyber Threat Intelligence Sharing under Privacy Protection System
    WEN Wen, LIU Qinju, KUANG Lin, REN Xuejing
    2024, 24 (7):  1129-1137.  doi: 10.3969/j.issn.1671-1122.2024.07.014
    Abstract ( 76 )   HTML ( 9 )   PDF (9915KB) ( 82 )  

    Cyber threat intelligence sharing is beneficial for achieving cyber security situational awareness to deal with cyber threats. However, the cyber threat intelligence is highly sensitive, improper handling can easily lead to damage interests of sharers or expose the weakness of security protection. Therefore, the premise of cyber threat intelligence sharing is to ensure data security and user privacy. This paper focused on the analysis and research of cyber threat intelligence sharing under the privacy protection system. First of all, we summarized and analyzed the cyber threat intelligence, cyber threat intelligence sharing and privacy computing technology. Then, starting from the security and privacy issues faced by cyber threat intelligence sharing, we carefully combed and deeply analyzed the technical path and research status of cyber threat intelligence sharing in recent years. Finally, based on the privacy computing, we designed the framework of cyber threat intelligence sharing scheme.

    Figures and Tables | References | Related Articles | Metrics