Please wait a minute...


    15 January 2017, Volume 3 Issue 1
    Survey on user authentication protocol in wireless sensor network
    Wei-dong FANG,Wu-xiong ZHANG,Lian-hai SHAN,Wei HE,Wei CHEN
    2017, 3(1):  1-12.  doi:10.11959/j.issn.2096-109x.2017.00129
    Asbtract ( 32 )   HTML ( 2)   PDF (887KB) ( 17 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In wireless sensor network (WSN), the user authentication technology is an effective approach, which can guarantee the user's validity, avoid WSN's information disclosure. Meanwhile, the users also need to verify the WSN's validity, avoid obtaining incorrect or false information. However, since the sensor nodes have limited energy, communications and computing capacity, and they are usually deployed in hostile or unattended environment, the traditional user authentication protocol (UAP) is not entirely suitable for WSN. The security attacks were introduced for the UAP in WSN, its secure requirements and the theoretical foundation were given, and then the UAP's design processes were summarized. For the analysis of its security, the attack model was described, and the automated vali-dation of internet Security protocols and applications (AVISPA) and the high level protocols specification language (HLPSL) were overviewed in detail. Then, the current UAPs were reviewed in WSN, the future research directions were proposed. These researches will contribute to the design, analysis and optimization for the UAP in WSN.

    Academic paper
    Data privacy preservation for the search of Internet of things based on fine-grained authorization
    Jia-hui WANG,Chuan-yi LIU,Bin-xing FANG
    2017, 3(1):  13-22.  doi:10.11959/j.issn.2096-109x.2017.00127
    Asbtract ( 54 )   HTML ( 7)   PDF (704KB) ( 29 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the rapid development of the Internet of things (IoT) technology and cloud computing technology, the search engine for Internet of things become a hot research topic. However, because of the openness of the search of IoT, the privacy in traditional Internet search area becomes more prominent and faces more challenges. Firstly, the research background and challenges of data privacy preservation for search of IoT were described. Secondly, the scheme of data privacy preservation for the search of Internet of things based on fine-grained authorization was pro-posed, which combined the encrypted search algorithm with the attribute based access control algorithm. Thirdly, the security analysis and performance analysis of the scheme were also carried out. Finally, the future research work was summarized and pointed out.

    Steganalysis based on transfer learning
    Deng-pan YE,Fang-fang MA,Yuan MEI
    2017, 3(1):  23-30.  doi:10.11959/j.issn.2096-109x.2017.00116
    Asbtract ( 55 )   HTML ( 0)   PDF (433KB) ( 30 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In practice, when the training set and testing set are mismatched, performance of steganalysis can not be guaranteed. The transfer learning aims at using the knowledge learned from one domain to help complete the learn-ing task in the new domain, and does not require the same distribution assumption. A more comprehensive review of mismatched steganography research status was made and the mismatch factors were analyzed. Methods on in-stance-based transfer learning were presented to solve the test mismatch problem during the steganography detections.

    Method to generate the pseudo random sequence based on the statistical properties
    Sen BAI,Long-fu ZHOU,Hui GUO,Bing YAN
    2017, 3(1):  31-38.  doi:10.11 959/j.issn.2096-109x.2017.00125
    Asbtract ( 49 )   HTML ( 0)   PDF (727KB) ( 13 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    There are some problems existing in pseudo-random sequence generating methods, such as the weaker proportionality, bad run length characteristic, etc. Hence, based on the SimiHam algorithm in Knight's tour problem, a pseudo-random sequences generating method was proposed according to the statistical properties of random se-quence. First, set runs value 0 and 1 in different length for the grids in chessboard, and then scan the chessboard with Hamilton cycles which are generated by SemiHam algorithm in Knight's tour problem, At last extract run length values of 0 and 1 and get the pseudo-random sequences. Experimental results show that the pseudo-random se-quence generated by the proposed algorithm satisfies the statistical properties of a random sequence and has better randomness.

    NTRU-type fully homomorphic encryption scheme without key switching
    Xin-xia SONG,Zhi-gang CHEN,Guo-min ZHOU
    2017, 3(1):  39-45.  doi:10.11959/j.issn.2096-109x.2017.00117
    Asbtract ( 58 )   HTML ( 1)   PDF (654KB) ( 46 )   Knowledge map   
    References | Related Articles | Metrics

    In order to construct a fully homomorphic encryption scheme based on NTRU cryptosystem from ring learning with errors, noise growth and homomorphic property in the NTRU cryptosystem were analyzed. The con-cept of zero homomorphic encryption was introdced and that the NTRU cryptosystem was zero homomorphic en-cryption was shown. A BGN homomorphic encryption scheme and a fully homomorphic encryption scheme were proposed based on the NTRU cryptosystem. In the proposed NTRU-type fully homomorphic encryption scheme, the secret key doesn't change in homomorphic multiplications. Thus a fully homomorphic encryption scheme can be obtained without key switching that was used in the previous fully homomorphic encryption schemes. Moreover, the ciphertext is a vector in the proposed NTRU-type fully homomorphic encryption scheme which has the advantage of storage and transmission compared to GSW fully homomorphic encryption scheme where the ciphertext is a matrix.

    Analysis and defense of the BlackEnergy malware in the Ukrainian electric power system
    Yong WANG,Yu-ming WANG,Lin ZHANG,Lin-peng ZHANG
    2017, 3(1):  46-53.  doi:10.11959/j.issn.2096-109x.2017.00139
    Asbtract ( 52 )   HTML ( 0)   PDF (2081KB) ( 49 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Ukrainian electric power system suffered BlackEnergy virus attacks in December 2015, resulting in blackout accident occurred simultaneously at multiple areas in Ivano-Frankovsk region, the malware also pose a threat to the electric power system security in China. Based on different versions of samples of BlackEnergy acquired, the attack mode was analyzed and the prevention of the virus was provided under the proper analysis environment.

    Homomorphic encryption location privacy-preserving scheme based on Markov model
    Kai ZHOU,Chang-gen PENG,Yi-jie ZHU,Jian-qiong HE
    2017, 3(1):  54-60.  doi:10.11959/j.issn.2096-109x.2017.00137
    Asbtract ( 43 )   HTML ( 1)   PDF (995KB) ( 16 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Homomorphic encryption location privacy-preserving scheme based on Markov mode was proposed to solve the problem of location privacy and query privacy protection in location-based service systems. Firstly, the anonymous user's identity were permuted randomly and the Markov state transition matrix combining with the user's historical query content was constructed. Secondly, system previously queries the user's high frequency con-tent and the prediction content under Markov chain, then store the corresponding result sets. Finally, the security of the scheme's double prediction system was analyzed. The scheme makes the LBS receives k+1 query contents which let malicious server or attacker can't determine the corresponding relation between queried user's real identity and queried content. So the user's location privacy and query privacy can be protected. Meanwhile, the computability and confidentiality of homomorphic encryption ciphertext were used to realize the statistical analysis of cipher-text-oriented data and the secure storage of private data.

    Constant-round fair rational secret sharing scheme
    Meng-hui LI,You-liang TIAN,Jin-ming FENG
    2017, 3(1):  61-67.  doi:10.11959/j.issn.2096-109x.2017.00136
    Asbtract ( 24 )   HTML ( 0)   PDF (1033KB) ( 19 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In the rational secret sharing scheme, fairness is the goal that all participants expect. Based on the princi-ple of uniform grouping, the scheme was verified by combining bilinear pair knowledge and bivariate one-way function to verify the deception problem of the distributor and the participant.The number of sub-secret shares dis-tributed by the distributor to each group of participants is at most one, effectively restricting the deviation behavior of the participant. In the end, participants can implement fair reconstruction secret in four rounds according to the protocol, which reduces the communication complexity of fair and rational secret sharing scheme to a certain extent, and has certain application value.

    Code security of mobile backup modules on the Android platform
    Jiao LIANG,Wu LIU,Wei-li HAN,Xiao-yang WANG,Si-yu GAN,Shuo SHEN
    2017, 3(1):  68-78.  doi:10.11959/j.issn.2096-109x.2017.00132
    Asbtract ( 23 )   HTML ( 0)   PDF (1504KB) ( 18 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Since more and more third-party Android applications integrate backup services, the security issues of mobile backup modules are critical. By studying how widely these backup services were being used in the Android applications, the differences of code security about four mainstream Android backup SDK were investigated. After analyzing and comparing the usages, protocols and API functions of these SDK. Based on the above findings and three reported security issues of mobile backup services, the countermeasures for third-party application developers were suggested to securely call the SDK of mobile backup services.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: