Loading...
Netinfo Security

Table of Content

    10 September 2024, Volume 24 Issue 9 Previous Issue    Next Issue
    For Selected: Toggle Thumbnails
    Efficient Dynamic Searchable Encryption Scheme Based on Bitslicing
    ZHOU Jiancong, ZHU Xiaojie, CHEN Chi
    2024, 24 (9):  1309-1316.  doi: 10.3969/j.issn.1671-1122.2024.09.001
    Abstract ( 47 )   HTML ( 16 )   PDF (8974KB) ( 11 )  

    Searchable encryption, as a crucial technology for enhancing data security in cloud storage, attracts continuous attention both from both academia and industry. Dynamic searchable encryption schemes refer to those schemes that enable updating datasets while maintaining searchability. However, the inefficiency of updates remains a critical bottleneck that prevents the technology from practical application, particularly in large dataset scenarios, due to the expensive data re-encryption and index reconstruction overhead. Therefore, based on bitslicing, the paper proposed an efficient dynamic searchable encryption scheme called BSSE (BitSlicing-based Dynamic Searchable Encryption Scheme). The core idea of BSSE is to grouping entries into equal-sized blocks, converting such blocks from words into bits representation and encrypting them in parallel. By eliminating shift operations during the encryption process and simplifying S-box into boolean logic circuit, BSSE significantly improves update efficiency. The experimental result demonstrates that the BSSE scheme exhibits 59 times faster than existing schemes and show great potential in practical applications for updating large datasets.

    Figures and Tables | References | Related Articles | Metrics
    Identity-Based Verifiable Timed Signature Scheme on Lattices
    CHEN Huiyan, WANG Qingnan, TAN Shuncong, XIE Huiqin, YAO Yunfei
    2024, 24 (9):  1317-1327.  doi: 10.3969/j.issn.1671-1122.2024.09.002
    Abstract ( 65 )   HTML ( 17 )   PDF (12797KB) ( 631 )  

    Addressing the limitations of existing verifiable timed signature schemes, which are vulnerable to quantum attacks and incapable of batch processing time-lock puzzles, this paper proposed an identity-based verifiable timed lattices signature scheme based on the Ring-SIS (Short Integer Solution) problem. The scheme combined several quantum-resistant components, including non-interactive threshold secret sharing, batch processing of time-lock puzzles, and succinct non-interactive zero-knowledge proofs. This scheme achieved existential unforgeability and privacy under chosen identity attacks, while avoiding the cumbersome certificate issuance process of traditional digital signatures. It also offered post-quantum security and resistance to rogue puzzle attacks. Furthermore, this paper designed an electronic auction protocol based on the scheme, proposing a new on-chain privacy-preserving penalty mechanism, thereby extending the scheme’s practical applicability. Finally, the paper demonstrated the actual performance of the scheme through functional analysis and simulation experiments.

    Figures and Tables | References | Related Articles | Metrics
    Research Current Status and Challenges of Fully Homomorphic Cryptography Based on Learning with Errors
    WEN Jinming, LIU Qing, CHEN Jie, WU Yongdong
    2024, 24 (9):  1328-1351.  doi: 10.3969/j.issn.1671-1122.2024.09.003
    Abstract ( 38 )   HTML ( 12 )   PDF (56995KB) ( 46 )  

    Fully homomorphic encryption scheme is an encryption scheme with data confidentiality and security, and it is also able to perform computational operations on the ciphertext. In the era of cloud computing, full homomorphic encryption scheme can meet the needs of private information retrieval, multi-party secure computing and other applications. The combination of the Learning With Errors (LWE) problem and fully homomorphic encryption has rapidly promoted the development of fully homomorphic encryption schemes, and has led to a variety of technological tools, such as key exchange and mode exchange, as well as many technology with theoretical and practical applications. Since the LWE-based fully homomorphic encryption scheme was proposed in 2011, the LWE-type based scheme has become the mainstream method of fully homomorphic encryption scheme, and has gradually moved from theory to practical application. This paper first introduced the basics and applications of full homomorphic encryption, and provided a detailed analysis of the mathematical theory used to construct the scheme; then systematically combed through the development of each generation of homomorphic encryption schemes, and gave the typical construction methods of each generation of schemes; finally, it discussed the problems of the current LWE-based full homomorphic encryption schemes as well as the development trends in the future. This paper analysed and researched the development of LWE-based fully homomorphic encryption in recent years, and provided some references for subsequent researchers.

    Figures and Tables | References | Related Articles | Metrics
    Efficient Searchable Attribute-Based Encryption Scheme for Cloud-Assisted Industrial IoT
    ZHANG Xuewang, CHEN Siyu, LUO Xinyue, LEI Zhitao, XIE Haofei
    2024, 24 (9):  1352-1363.  doi: 10.3969/j.issn.1671-1122.2024.09.004
    Abstract ( 57 )   HTML ( 10 )   PDF (13958KB) ( 22 )  

    Cloud storage can effectively store and manage the massive data generated by the industrial Internet of things, but it lacks a flexible and secure access control mechanism, and the uploaded encrypted data is difficult to retrieve efficiently. To solve these problems, this paper proposed an efficient and secure searchable attribute-based encryption scheme for the Industrial Internet of Things, which had the functions of privacy protection, multi-keyword search and data verification. The scheme used symmetric encryption and attribute-based encryption to encrypt plaintext in an online/offline encryption manner, and used XOR filters and random secret values to hide some access policies, further improving the security of industrial data. On the other hand, based on polynomial equations, multi-keyword efficient search supporting subset queries was implemented. In addition, the integrity of data in cloud storage was verified by signature encryption. The security proof proves that the proposed scheme can resist chosen plaintext attacks under the assumption of DBDH difficulty problem. Theoretical analysis and simulation experimental results show that the scheme has higher efficiency and more comprehensive functions than the comparative scheme in encryption, trapdoor generation and search stages.

    Figures and Tables | References | Related Articles | Metrics
    Quantum Identity Authentication Protocol without Entanglement in d-Dimensional Quantum System
    DUAN Haozhe, LI Zhihui, WEI Xingjia, HU Kexin
    2024, 24 (9):  1364-1374.  doi: 10.3969/j.issn.1671-1122.2024.09.005
    Abstract ( 25 )   HTML ( 10 )   PDF (12254KB) ( 4 )  

    The single photon quantum identity authentication protocol does not require any source of entangled photons, which saves quantum resources to some extent. Existing studies have demonstrated the security of single-photon quantum identity authentication protocols in 2-dimensional quantum systems under CNOT attack. In this paper, based on the CNOT gate of the odd-prime dimensional computational basis and its phase kickback, we proved that the output result of the d-dimension CNOT gate, that is, when we choose the vector in the first group of mutually unbiased basis as the target bit, the control bit changes, and when we choose any vector in the remaining d-1 group of mutually unbiased basis as the target bit, an entangled state is generated. Based on this output, the article proposed a quantum identity authentication protocol in odd prime dimensional quantum system, which can verify the identity of the two parties without revealing the pre-shared key authenticated by the communicating parties and can detect the presence of the adversary using a randomly generated key. In d-dimensional protocol, the higher the number of qubits chose by communicating parties, the higher the success probability of protocol. Security analysis indicates that the protocol can resist impersonation attack, interception measure-resend attack, entanglement measurement attack, and CNOT attack.

    Figures and Tables | References | Related Articles | Metrics
    Privacy Protection Scheme of Feedforward Neural Network Based on Homomorphic Encryption
    LIN Zhanhang, XIANG Guangli, LI Zhenpeng, XU Ziyi
    2024, 24 (9):  1375-1385.  doi: 10.3969/j.issn.1671-1122.2024.09.006
    Abstract ( 53 )   HTML ( 11 )   PDF (13920KB) ( 21 )  

    The current privacy-preserving machine learning (PPML) method has made certain progress in ensuring data privacy, but it still faces challenges in terms of computing efficiency and server resource utilization. In order to make full use of server resources and for feedforward neural network, this paper proposed a privacy protection scheme for homomorphic encryption feedforward neural network based on a master-slave server architecture. This scheme used secret sharing technology to distribute data and model parameters to two non-colluding servers, and used homomorphic encryption technology to encrypt interactive information between servers. In terms of computational efficiency, the running time of the scheme was reduced by avoiding running ciphertext management and plaintext matrix multiplication. In terms of security, adding noise to secret sharing by introducing random noise prevents the server from obtaining original data information. The experimental results show that the proposed scheme has improved both in computational complexity and communication overhead.

    Figures and Tables | References | Related Articles | Metrics
    Optimization Gradient Perception Adversarial Attack for Skeleton-Based Action Recognition
    CHEN Xiaojing, TAO Yang, WU Baiqi, DIAO Yunfeng
    2024, 24 (9):  1386-1395.  doi: 10.3969/j.issn.1671-1122.2024.09.007
    Abstract ( 33 )   HTML ( 10 )   PDF (11285KB) ( 6 )  

    Skeleton-based action recognition models are widely used in the fields of autonomous driving, behavior monitoring and action analysis. Some studies have shown that these models are vulnerable to adversarial attacks, raising security and privacy concerns. Although existing attack methods can achieve high attack success rates under white-box setting, these methods require the attacker to obtain the full-knowledge of the model, which is difficult to achieve in real-world scenarios, and has weak transferability under black-box attacks. In order to solve this problem, the article proposed an optimization gradient perception adversarial attack for skeleton-based action recognition named NAG-PA. This method prioritized estimating the gradient in the next iteration in each iteration of gradient calculation, and accumulated gradients at the updated position. At the same time, the current position was corrected to avoid getting stuck in local optima, thereby improving the transferability of adversarial samples. More importantly, the method proposed in the article used perceptual loss to ensure that transferable attacks were imperceptible. Results on common used datasets and state-of-the-art skeletal action recognition models show that the method proposed in the article can significantly improve the transferability against adversarial attacks.

    Figures and Tables | References | Related Articles | Metrics
    A Prompt-Focused Privacy Evaluation and Obfuscation Method for Large Language Model
    JIAO Shiqin, ZHANG Guiyang, LI Guoqi
    2024, 24 (9):  1396-1408.  doi: 10.3969/j.issn.1671-1122.2024.09.008
    Abstract ( 49 )   HTML ( 11 )   PDF (25426KB) ( 38 )  

    Although the impressive performance of large language model (LLM) in semantic understanding, frequent user interactions introduce many privacy risks. This paper evaluated the privacy evaluation of existing LLM through partial recall attacks and simulated inference games. The findings indicate that common LLM still face two challenging privacy risks: data anonymization can degrade the quality of model responses, and potential privacy information can still be inferred through reasoning. To address these challenges, this paper proposed a prompt-focused privacy evaluation and obfuscation method for large language model. The method unfolded through a structured process, including initial description decomposition, generation of fabricated descriptions, and description obfuscation. The experimental results show that the proposed method effectively enhances privacy protection, as evidenced by the reduction in normalized Levenshtein distance, Jaccard similarity, and cosine similarity between pre-processed and post-processed model responses compared to existing methods. Additionally, this approach significantly limits the inference capabilities of LLM, with accuracy dropping from 97.14% in unprocessed models to 34.29%. This study not only deepens the understanding of privacy risks in LLM interactions but also introduces a comprehensive approach to enhance user privacy security, effectively addressing the aforementioned challenging privacy risk scenarios.

    Figures and Tables | References | Related Articles | Metrics
    Lightweight Malicious Code Detection Architecture Based on Vision Transformer
    HUANG Baohua, YANG Chanjuan, XIONG Yu, PANG Si
    2024, 24 (9):  1409-1421.  doi: 10.3969/j.issn.1671-1122.2024.09.009
    Abstract ( 44 )   HTML ( 13 )   PDF (14768KB) ( 14 )  

    With the rapid development of the information society, the number of malware variants is increasing, posing challenges to existing detection methods. To improve the accuracy and efficiency of detecting malware variants, this paper proposed a new hybrid architecture called FasterMalViT. This architecture enhanced the Vision Transformer (ViT) by integrating partial convolutional structures, significantly improving its performance in malware detection. To address the issue of increased parameter count due to the introduction of convolutional operations, the paper employed a separable self-attention mechanism instead of traditional multi-head attention, effectively reducing the number of parameters and computational cost. To tackle the problem of imbalanced sample distribution in malware datasets, the paper introduced a class-balanced focal loss function, guiding the model to pay more attention to categories with fewer samples during training, thus improving performance on hard-to-classify categories. Experimental results on the Microsoft BIG, Malimg, and MalwareBazaar datasets demonstrate that FasterMalViT exhibits good detection performance and generalization ability.

    Figures and Tables | References | Related Articles | Metrics
    CBAM-CNN Network-Based Intrusion Detection Method Using Image Convex Hull Features
    LIU Lianhai, LI Huiye, MAO Donghui
    2024, 24 (9):  1422-1431.  doi: 10.3969/j.issn.1671-1122.2024.09.010
    Abstract ( 44 )   HTML ( 14 )   PDF (12375KB) ( 12 )  

    To address the issues of low multi-class classification accuracy and lengthy model training time in the field of intrusion detection, this paper proposed a novel and effective preprocessing method based on the characteristics of the existing benchmark dataset NSL-KDD. Firstly, the dataset was numerically encoded and normalized based on character features, and then transformed into an RGB image dataset. Secondly, the Canny edge detection algorithm was employed to extract edge features of various attack types in the image dataset. Based on the edge features of the images, convex hulls were constructed using the convex hull algorithm, and the average convex hull area, average convex hull perimeter, and average number of vertices for each attack class were calculated. These three metrics were used as the RGB’s three channels to generate convex hull feature maps for various attack types. Thirdly, the laplacian pyramid image feature fusion algorithm was used to fuse the original image dataset with convex hull feature maps, creating an image dataset containing convex hull features. Majority class samples in the training set were randomly under-sampled, while minority class samples were subjected to affine transformations to generate a balanced training set. Finally, multi-class experiments were conducted based on the CBAM-CNN model. The accuracy and F1 score of this model on the NSL-KDD dataset reach 96.20% and 86.71%, respectively, outperforming traditional network intrusion detection methods and exhibiting better performance than other deep learning models.

    Figures and Tables | References | Related Articles | Metrics
    Performance Optimization of Blockchain-Assisted Unmanned Aerial Vehicle Mobile Edge Computing System
    YU Lisu, LI Biao, YAO Yuanzhi, WEN Jiajin, LI Zipeng, WANG Zhen
    2024, 24 (9):  1432-1443.  doi: 10.3969/j.issn.1671-1122.2024.09.011
    Abstract ( 26 )   HTML ( 9 )   PDF (11768KB) ( 17 )  

    In scenarios with high user density such as large-scale highly interconnected events, traditional ground base stations are difficult to meet the demands for network speed and stability. Therefore, the introduction of unmanned aerial vehicle (UAV) equipped with mobile edge computing (MEC) server base stations can not only alleviate the pressure on ground base stations but also reduce construction costs. However, the interaction of edge nodes and the broadcast nature of UAV networks pose threats to data security and privacy. To address this, the decentralization and security features of blockchain technology were integrated, and an improved delegated proof of stake (DPoS) consensus mechanism based on voting was proposed to ensure the security of UAV-assisted internet of things (IoT) system communications. Ultimately, the goal is to maximize the total computational capacity by jointly optimizing the allocation of user bandwidth, UAV flight trajectories, local computing, and task offloading time. This paper proposed to solve the optimization problem using the block coordinate descent (BCD) algorithm and the successive convex approximation (SCA) technique. Simulation results show that compared with the schemes of fixing unmanned aerial vehicles, bandwidth and trajectory respectively, the scheme proposed in this paper has increased the total computing capacity by 24.51%, 7.11% and 4.37% respectively in terms of maximization.

    Figures and Tables | References | Related Articles | Metrics
    Multi-Keyword Searchable Encryption Scheme Based on Cloud Storage
    XIE Xiaofeng, ZHANG Xintao, WANG Xin, LU Xiuqing
    2024, 24 (9):  1444-1457.  doi: 10.3969/j.issn.1671-1122.2024.09.012
    Abstract ( 34 )   HTML ( 14 )   PDF (28510KB) ( 25 )  

    Attribute-based searchable encryption(ABSE) enables secure and efficient controlled searches on encrypted data. However, existing multi-keyword ABSE schemes suffer from excessive computational overhead. Moreover, the prevalence of storing a substantial volume of data in cloud servers further exacerbates the problem of data redundancy. This paper proposed a cloud-based multi-keyword searchable encryption scheme to address the aforementioned issues. The scheme introduced a cloud-edge collaborative working model. Encrypted data was stored on cloud servers. Meanwhile, encrypted indexes were uploaded to the nearest node to perform keyword search and assisted decryption, reducing the system overhead. To further alleviate the client’s computational costs, the scheme employed a pre-encryption mechanism. Additionally, the scheme employed data tagging to achieve data deduplication and introduced verification algorithms to ensure the integrity and correctness of search results. Security analysis and performance evaluation demonstrate the effectiveness and practicality of the proposed scheme. The comparison with other schemes reveal that the proposed scheme outperforms in terms of performance and offers more comprehensive functionality.

    Figures and Tables | References | Related Articles | Metrics
    Anomaly Traffic Identification and Defense Model in Networks Based on the Multi-Gate Mixture of Experts
    GUO Yongjin, HUANG Hejun
    2024, 24 (9):  1458-1469.  doi: 10.3969/j.issn.1671-1122.2024.09.013
    Abstract ( 55 )   HTML ( 11 )   PDF (13377KB) ( 13 )  

    This paper proposed a big data network anomaly traffic identification and defense strategy generation model based on the multi-gate mixture of experts(MMoE) model. This model is particularly suitable for scenarios involving mixed attack traffic during peak business periods. First, the MMoE model conducted real-time monitoring and anomaly identification of network traffic, distinguishing between normal traffic peaks caused by business demands and genuine anomalous traffic, effectively reducing false alarms. When anomalous traffic was detected, the system used it as input to generate targeted defense strategies. Secondly, the MMoE model coordinated the expert models for anomaly detection and defense strategy generation, enhancing the precision of identification and the effectiveness of strategy generation. Experimental results on datasets obtained from real business scenarios show that the identification accuracy and defense effect of the model proposed in this study are better than mainstream machine learning models and can accurately identify abnormal attack traffic mixed during business peaks and generate appropriate defense strategies.

    Figures and Tables | References | Related Articles | Metrics