Please wait a minute...


    01 June 2020, Volume 6 Issue 3
    Comprehensive Review
    Survey of smart contract security
    Bo MENG,Jiabing LIU,Qin LIU,Xiaoxiao WANG,Xurui ZHENG,Dejun WANG
    2020, 6(3):  1-13.  doi:10.11959/j.issn.2096-109x.2020030
    Asbtract ( 131 )   HTML ( 36)   PDF (1228KB) ( 139 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Blockchain provides a new technology for building transmission and trust mechanism of social ralue.The rapid development of blockchain has promoted the deep integration of smart contract with artificial Intelligence,big data and internet of things,so its security has attracted attention.In recent years,researches on security of blockchain and smart contract have made great progress.Thus,based on smart contract on the blockchain,the related works on security of operating mechanism,on-chain smart contract security and off-chain security were classified,analyzed,compared,summarized and discussed.The hot issues of smart contract security in the future were forecasted.

    Special Column: New Technology Exploration on Privacy Protection
    Multi-party summation query method based on differential privacy
    Xianmang HE
    2020, 6(3):  14-18.  doi:10.11959/j.issn.2096-109x.2020032
    Asbtract ( 46 )   HTML ( 16)   PDF (704KB) ( 70 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Differential privacy is considered to be a very reliable protection mechanism because it does not require the a prior knowledge for the attacker.However,differential privacy is rarely used in a multi-party environment.In view of this,the differential privacy is applied to the data summation query in multi-party environment.This method was described in detail and proved the security of the method.

    Privacy protection mechanism of on-demand disclosure on blockchain
    Shaozhuo LI,Na WANG,Xuehui DU
    2020, 6(3):  19-29.  doi:10.11959/j.issn.2096-109x.2020033
    Asbtract ( 77 )   HTML ( 16)   PDF (1427KB) ( 78 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Privacy protection has become the key problem that blockchain technology must solve from theory to practice.There is a privacy protection requirement of on-demand disclosure in practical applications.Inspired by multicast secure communication mechanism,a privacy protection mechanism of on-demand disclosure on blockchain was proposed.This mechanism improves the RSA based anonymous multi receiver encryption scheme to realize the disclosure of the private data on the blockchain only to the permitted informed,the anonymity protection of the informed and the traceability of the privacy disclosure.The Quorum blockchain privacy protection mechanism is adopted to realize the safe and efficient distribution of the key between the owner of the private information and the informed.Finally,it is proved that PPM-ODB mechanism can guarantee the privacy of privacy data and its superiority in time and storage cost,and it is suggested that the number of informed people should be less than 100 to obtain a good user experience.

    Elliptic curve ElGamal encryption based location privacy-preserving scheme
    Huibin LAI,Li XU,Yali ZENG,Rui ZHU
    2020, 6(3):  30-38.  doi:10.11959/j.issn.2096-109x.2020031
    Asbtract ( 47 )   HTML ( 7)   PDF (1163KB) ( 46 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    An elliptic curve ElGamal encryption based location privacy-preserving scheme was proposed to address the location privacy problem of secondary users in collaborative spectrum sensing.Firstly,secondary users encrypted the original sensing reports using the ElGamal public key techniques on the elliptic curve and sent them to the trusted property authority.Secondly,the trusted property authority partially decrypted and randomized sensing reports and then sent the randomized sensing reports to the fusion center.Thirdly,the fusion center finally decrypted and got the original sensing reports.Finally,security of the scheme was analyzed.According to the scheme,the encryption method of sensing reports was based on public key cryptography on elliptic curve.And the trusted property authority randomized encrypted sensing reports.Thus the location privacy of secondary users can be protected.Meanwhile,this scheme effectively reduces communication and storage cost,compared with other schemes.In addition,this scheme also has fault tolerant and dynamic mechanism,which increases the practicability and feasibility.

    Non-equal-width histogram publishing method based on differential privacy
    Lei YANG,Xiao ZHENG,Wei ZHAO
    2020, 6(3):  39-49.  doi:10.11959/j.issn.2096-109x.2020035
    Asbtract ( 47 )   HTML ( 7)   PDF (1443KB) ( 43 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Existing histogram publishing technology based on differential privacy may show phenomenon of"retracting" and "zero bucket" when histogram is used to reflect the real distribution characteristics of data,and "too gentle" in the case of large data volume.In addition,the existing technology of the original histogram difference of privacy protection when not considering the amount of information of each group is different.In view of the above problems,a kind of non-equal-width histogram publishing method based on differential privacy was proposed.First of all,a non-isometric histogram based on the sparseness of the data should bereasonably constructed by empirical distribution function.Secondly,differential privacy protection technology should be applied to non-equal-width histogram to protect the privacy of the original non-equal-width histogram.Finally,the privacy budget should be set for each group according to the class widths of the non-equal-width histogram to improve the privacy of each group of data.The experimental results show that the sparseness of the data distribution is fully taken into account when using the proposed method to perform histogram publishing under differential privacy,effectively avoid the phenomenon of histogram with “retracting” and “zero barrels”,and the accuracy of the published histogram for reflecting the characteristics of the data distribution is guaranteed.Also,when adding noise in line with Laplace mechanism to each group,setting a reasonable privacy budget for each group according to the class widths to some extent increases the privacy of different data segments.

    Blockchain-based hierarchical and multi-level smart service transaction supervision framework for crowdsourcing logistics
    Chuntang YU,Zhigeng HAN,Zhiyuan LI,Liangmin WANG
    2020, 6(3):  50-58.  doi:10.11959/j.issn.2096-109x.2020017
    Asbtract ( 63 )   HTML ( 13)   PDF (2167KB) ( 55 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In view of the security threats such as forgery,deception,privacy disclosure and non-traceability caused by the lack of transaction supervision for crowdsourcing logistics in the modern service industry,a blockchain-based hierarchical and multi-level smart service transaction supervision framework for crowdsourcing logistics was proposed.Firstly,the framework adopted the two-stage supervision system:one was the National Authorized Certification Center for the supervision of logistics service platform,the other was the logistics service platform for the supervision of crowdsourcing logistics participation.Later,under the framework of the supervision system,the functions of crowd contract,legal and anonymous identity authentication,intelligent transaction matching,anomaly data analysis and detection,privacy protection and traceability were realized.Then,through the security analysis and transaction supervision component software,the security controllability and operational efficiency of the transaction supervision architecture were verified.Finally,the software component was run on the real crowdsourcing logistics enterprise platform for the actual measurement.The measurement results show that the proposed hierarchical and multi-level smart service transaction supervision framework is safe and controllable.The framework can protect the privacy of users and data,prevent forgery and deception,and realize the auditability and traceability of behaviors and data of users.

    Digital steganography model and its formal description
    Haitao SONG,Guangming TANG,Yifeng SUN,Yang WANG
    2020, 6(3):  59-65.  doi:10.11959/j.issn.2096-109x.2020036
    Asbtract ( 41 )   HTML ( 9)   PDF (921KB) ( 35 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to make the research of digital steganography model develop synchronously with steganography research,three digital steganography models from general to specific are proposed,and each model was formalized.Through study on digital model,the essential principles of steganography algorithm were summarized to guide the further development of steganography.Firstly,aiming at the problem that the existing model cannot describe the emerging steganography algorithms,a general digital steganography model was proposed to describe nearly all steganography algorithms.Secondly,in view of the important position of the cover modification steganography algorithm in the research of steganography,a cover-modification digital steganography model was proposed.Then,for the current mainstream image adaptive steganography algorithm,a digital image adaptive steganography model with minimal distortion was proposed.Four typical steganography algorithm were selected as examples which were described by the proposed steganography model to validate the effectiveness of the proposed model.

    Survey of encrypted malicious traffic detection based on deep learning
    Mingfang ZHAI,Xingming ZHANG,Bo ZHAO
    2020, 6(3):  66-77.  doi:10.11959/j.issn.2096-109x.2020034
    Asbtract ( 255 )   HTML ( 44)   PDF (1093KB) ( 207 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the increasing awareness of network security,encrypted communication dominates and encrypted traffic grows rapidly.Traffic encryption,while protecting privacy,also masks illegal attempts and changes the form of threats.As one of the most important branch of machine learning,deep learning performs well in traffic classification.For several years,research on deep-learning based intrusion detection has been deepened and achieved good results.The steps of encrypted malicious traffic detection were introduced to be a general detection framework model named “six-step method”.Then,discussion and induction of data processing and detection algorithms were carried out combined with this model.Both advantages and disadvantages of various algorithm models were given as well.Finally,future research directions were pointed out with a view to providing assistance for further research.

    Cooperative trajectory prediction system for intelligent and automated connected convoy based on blockchain
    Rensheng WANG,Tianhao WU,Lin ZHANG,Konglin ZHU
    2020, 6(3):  78-87.  doi:10.11959/j.issn.2096-109x.2020015
    Asbtract ( 66 )   HTML ( 20)   PDF (1552KB) ( 53 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Autonomous vehicles have been extensively researched and developed rapidly in recent years.However,these vehicles may be not able to avoid collision with vehicles that appear suddenly.To solve this problem,a cooperative trajectory prediction system for intelligent and automated connected convoy based on blockchain was proposed.In the proposed system,each node in the intelligent and automated connected convoy and roadside infrastructure predict the trajectory of vehicles around them with the LSTM model,and they share the information they get.Using blockchain,the intelligent and automated connected convoy and roadside infrastructure rate the received messages.The summarized rating will be stored as a block in the blockchain that stores the trust values.Vehicles in the intelligent and automated connected convoy are able to judge whether the other nodes in the Conroy are credible according to their trust value,and messages from the low trust value sender will be ignored,thus achieving cooperative driving.Experiment shows that the proposed system plays a significant role in improving driving safety of the intelligent connected platoon.

    Blockchain data access control scheme based on CP-ABE algorithm
    Yunxiang QIU,Hongxia ZHANG,Qi CAO,Jiancong ZHANG,Xingshu CHEN,Hongjian JIN
    2020, 6(3):  88-98.  doi:10.11959/j.issn.2096-109x.2020037
    Asbtract ( 90 )   HTML ( 22)   PDF (1601KB) ( 89 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Different from the public chain,the consortium blockchain Hyperledger Fabric integrates the additional member management service(MSP) mechanism to provide channel-based data isolation protection.However,the data isolation protection mechanism still synchronizes the plaintext data within a channel,so there is a risk of data leakage.Besides,the channel-based data access control mechanism does not apply to some fine-grained privacy protection scenarios.To solve the problems of data privacy and security involved in the consortium chain Hyperledger mentioned above,a blockchain data access control scheme based on the CP-ABE algorithm was proposed.Based on the original existing Fabric-CA module in the Hyperledger,our scheme can realize the secure distribution of user attribute keys in the CP-ABE scheme while implementing the fine-grained security access control of blockchain data at the user level.The security analysis shows that the scheme achieves the security goals of ABE user attribute private key security distribution and data privacy protection.The performance analysis also shows that the proposed scheme has good usability.

    One-time password authentication for one-way communication without re-registration
    Qianqian LU,Youwen ZHU,Yan JIANG
    2020, 6(3):  99-107.  doi:10.11959/j.issn.2096-109x.2020038
    Asbtract ( 25 )   HTML ( 10)   PDF (2178KB) ( 64 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    One-time password is a password that is valid for only one session on a system or device.The existing one-time password scheme without re-registration which is not limited by the number of authentication only supports online authentication,but can not support offline authentication.To solve the above problems,a one-time password authentication scheme for one-way communication without re-registration was proposed.The scheme combined the time-based one-time password scheme with the way of no re-registration.It can realize the offline authentication while satisfying the infinite authentication times and the password time-effective.Finally,the security of the scheme is proved.

    Forgery attacks on several certificateless signature schemes
    Jing WANG,Zumeng LI
    2020, 6(3):  108-112.  doi:10.11959/j.issn.2096-109x.2020039
    Asbtract ( 29 )   HTML ( 7)   PDF (603KB) ( 40 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Since Al-Riyami and Paterson proposed the novel concept of certificateless cryptography and the first certificateless signature scheme in 2003,a lot of certificateless signature schemes were proposed one after another.Recently,Tang et al proposed nine certificateless signature schemes without bilinear pairing.Although they demonstrated that their schemes were unforgeable under the assumption of elliptic curve discrete logarithmic problem,it can be found that five of their schemes could not resist the public key substitution attack,the attacker could use the user's original public key to forge a valid signature for three of these schemes.The attack methods are to demonstrate that prove five certificateless signature schemes are insecure.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: