����Ŀ¼

15 January 2017, Volume 3 Issue 1

Previous Issue    Next Issue

Overview

Survey on user authentication protocol in wireless sensor network

Wei-dong FANG,Wu-xiong ZHANG,Lian-hai SHAN,Wei HE,Wei CHEN

2017, 3(1):  1-12.  doi:10.11959/j.issn.2096-109x.2017.00129

Asbtract ( 162 )   HTML ( 8)   PDF (887KB) ( 123 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In wireless sensor network (WSN), the user authentication technology is an effective approach, which can guarantee the user's validity, avoid WSN's information disclosure. Meanwhile, the users also need to verify the WSN's validity, avoid obtaining incorrect or false information. However, since the sensor nodes have limited energy, communications and computing capacity, and they are usually deployed in hostile or unattended environment, the traditional user authentication protocol (UAP) is not entirely suitable for WSN. The security attacks were introduced for the UAP in WSN, its secure requirements and the theoretical foundation were given, and then the UAP's design processes were summarized. For the analysis of its security, the attack model was described, and the automated vali-dation of internet Security protocols and applications (AVISPA) and the high level protocols specification language (HLPSL) were overviewed in detail. Then, the current UAPs were reviewed in WSN, the future research directions were proposed. These researches will contribute to the design, analysis and optimization for the UAP in WSN.

Academic paper

Data privacy preservation for the search of Internet of things based on fine-grained authorization

Jia-hui WANG,Chuan-yi LIU,Bin-xing FANG

2017, 3(1):  13-22.  doi:10.11959/j.issn.2096-109x.2017.00127

Asbtract ( 204 )   HTML ( 17)   PDF (704KB) ( 158 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

With the rapid development of the Internet of things (IoT) technology and cloud computing technology, the search engine for Internet of things become a hot research topic. However, because of the openness of the search of IoT, the privacy in traditional Internet search area becomes more prominent and faces more challenges. Firstly, the research background and challenges of data privacy preservation for search of IoT were described. Secondly, the scheme of data privacy preservation for the search of Internet of things based on fine-grained authorization was pro-posed, which combined the encrypted search algorithm with the attribute based access control algorithm. Thirdly, the security analysis and performance analysis of the scheme were also carried out. Finally, the future research work was summarized and pointed out.

Steganalysis based on transfer learning

Deng-pan YE,Fang-fang MA,Yuan MEI

2017, 3(1):  23-30.  doi:10.11959/j.issn.2096-109x.2017.00116

Asbtract ( 245 )   HTML ( 11)   PDF (433KB) ( 209 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In practice, when the training set and testing set are mismatched, performance of steganalysis can not be guaranteed. The transfer learning aims at using the knowledge learned from one domain to help complete the learn-ing task in the new domain, and does not require the same distribution assumption. A more comprehensive review of mismatched steganography research status was made and the mismatch factors were analyzed. Methods on in-stance-based transfer learning were presented to solve the test mismatch problem during the steganography detections.

Method to generate the pseudo random sequence based on the statistical properties

Sen BAI,Long-fu ZHOU,Hui GUO,Bing YAN

2017, 3(1):  31-38.  doi:10.11 959/j.issn.2096-109x.2017.00125

Asbtract ( 196 )   HTML ( 3)   PDF (727KB) ( 70 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

There are some problems existing in pseudo-random sequence generating methods, such as the weaker proportionality, bad run length characteristic, etc. Hence, based on the SimiHam algorithm in Knight's tour problem, a pseudo-random sequences generating method was proposed according to the statistical properties of random se-quence. First, set runs value 0 and 1 in different length for the grids in chessboard, and then scan the chessboard with Hamilton cycles which are generated by SemiHam algorithm in Knight's tour problem, At last extract run length values of 0 and 1 and get the pseudo-random sequences. Experimental results show that the pseudo-random se-quence generated by the proposed algorithm satisfies the statistical properties of a random sequence and has better randomness.

NTRU-type fully homomorphic encryption scheme without key switching

Xin-xia SONG,Zhi-gang CHEN,Guo-min ZHOU

2017, 3(1):  39-45.  doi:10.11959/j.issn.2096-109x.2017.00117

Asbtract ( 306 )   HTML ( 12)   PDF (654KB) ( 367 )   Knowledge map   

References | Related Articles | Metrics

In order to construct a fully homomorphic encryption scheme based on NTRU cryptosystem from ring learning with errors, noise growth and homomorphic property in the NTRU cryptosystem were analyzed. The con-cept of zero homomorphic encryption was introdced and that the NTRU cryptosystem was zero homomorphic en-cryption was shown. A BGN homomorphic encryption scheme and a fully homomorphic encryption scheme were proposed based on the NTRU cryptosystem. In the proposed NTRU-type fully homomorphic encryption scheme, the secret key doesn't change in homomorphic multiplications. Thus a fully homomorphic encryption scheme can be obtained without key switching that was used in the previous fully homomorphic encryption schemes. Moreover, the ciphertext is a vector in the proposed NTRU-type fully homomorphic encryption scheme which has the advantage of storage and transmission compared to GSW fully homomorphic encryption scheme where the ciphertext is a matrix.

Analysis and defense of the BlackEnergy malware in the Ukrainian electric power system

Yong WANG,Yu-ming WANG,Lin ZHANG,Lin-peng ZHANG

2017, 3(1):  46-53.  doi:10.11959/j.issn.2096-109x.2017.00139

Asbtract ( 519 )   HTML ( 30)   PDF (2081KB) ( 1000 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Ukrainian electric power system suffered BlackEnergy virus attacks in December 2015, resulting in blackout accident occurred simultaneously at multiple areas in Ivano-Frankovsk region, the malware also pose a threat to the electric power system security in China. Based on different versions of samples of BlackEnergy acquired, the attack mode was analyzed and the prevention of the virus was provided under the proper analysis environment.

Homomorphic encryption location privacy-preserving scheme based on Markov model

Kai ZHOU,Chang-gen PENG,Yi-jie ZHU,Jian-qiong HE

2017, 3(1):  54-60.  doi:10.11959/j.issn.2096-109x.2017.00137

Asbtract ( 209 )   HTML ( 9)   PDF (995KB) ( 172 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Homomorphic encryption location privacy-preserving scheme based on Markov mode was proposed to solve the problem of location privacy and query privacy protection in location-based service systems. Firstly, the anonymous user's identity were permuted randomly and the Markov state transition matrix combining with the user's historical query content was constructed. Secondly, system previously queries the user's high frequency con-tent and the prediction content under Markov chain, then store the corresponding result sets. Finally, the security of the scheme's double prediction system was analyzed. The scheme makes the LBS receives k+1 query contents which let malicious server or attacker can't determine the corresponding relation between queried user's real identity and queried content. So the user's location privacy and query privacy can be protected. Meanwhile, the computability and confidentiality of homomorphic encryption ciphertext were used to realize the statistical analysis of cipher-text-oriented data and the secure storage of private data.

Constant-round fair rational secret sharing scheme

Meng-hui LI,You-liang TIAN,Jin-ming FENG

2017, 3(1):  61-67.  doi:10.11959/j.issn.2096-109x.2017.00136

Asbtract ( 139 )   HTML ( 1)   PDF (1033KB) ( 88 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In the rational secret sharing scheme, fairness is the goal that all participants expect. Based on the princi-ple of uniform grouping, the scheme was verified by combining bilinear pair knowledge and bivariate one-way function to verify the deception problem of the distributor and the participant.The number of sub-secret shares dis-tributed by the distributor to each group of participants is at most one, effectively restricting the deviation behavior of the participant. In the end, participants can implement fair reconstruction secret in four rounds according to the protocol, which reduces the communication complexity of fair and rational secret sharing scheme to a certain extent, and has certain application value.

Code security of mobile backup modules on the Android platform

Jiao LIANG,Wu LIU,Wei-li HAN,Xiao-yang WANG,Si-yu GAN,Shuo SHEN

2017, 3(1):  68-78.  doi:10.11959/j.issn.2096-109x.2017.00132

Asbtract ( 151 )   HTML ( 2)   PDF (1504KB) ( 299 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Since more and more third-party Android applications integrate backup services, the security issues of mobile backup modules are critical. By studying how widely these backup services were being used in the Android applications, the differences of code security about four mainstream Android backup SDK were investigated. After analyzing and comparing the usages, protocols and API functions of these SDK. Based on the above findings and three reported security issues of mobile backup services, the countermeasures for third-party application developers were suggested to securely call the SDK of mobile backup services.