Please wait a minute...

����Ŀ¼

    15 February 2021, Volume 7 Issue 1
    Previous Issue    Next Issue
    Comprehensive Review
    Survey of artificial intelligence data security and privacy protection
    Kui REN, Quanrun MENG, Shoukun YAN, Zhan QIN
    2021, 7(1):  1-10.  doi:10.11959/j.issn.2096-109x.2021001
    Asbtract ( 1990 )   HTML ( 334)   PDF (780KB) ( 2507 )   Knowledge map   
    References | Related Articles | Metrics

    Artificial intelligence and deep learning algorithms are developing rapidly.These emerging techniques have been widely used in audio and video recognition, natural language processing and other fields.However, in recent years, researchers have found that there are many security risks in the current mainstream artificial intelligence model, and these problems will limit the development of AI.Therefore, the data security and privacy protection was studied in AI.For data and privacy leakage, the model output based and model update based problem of data leakage were studied.In the model output based problem of data leakage, the principles and research status of model extraction attack, model inversion attack and membership inference attack were discussed.In the model update based problem of data leakage, how attackers steal private data in the process of distributed training was discussed.For data and privacy protection, three kinds of defense methods, namely model structure defense, information confusion defense and query control defense were studied.In summarize, the theoretical foundations, classic algorithms of data inference attack techniques were introduced.A few research efforts on the defense techniques were described in order to provoke further research efforts in this critical area.

    Topic Ⅰ: Security Architecture Applications of Novel Network
    Research on bionic mechanism based endogenous security defense system
    Aiqun HU, Lanting FANG, Tao LI
    2021, 7(1):  11-19.  doi:10.11959/j.issn.2096-109x.2021002
    Asbtract ( 606 )   HTML ( 101)   PDF (818KB) ( 545 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Shell-based security defense technologies such as firewall, intrusion detection and anti-virus cannot be updated in a timely fashion upon identification of attacks.The security defense mechanism is not associated with the security status of network devices, resulting in low security performance.To solve the above problems, an endogenous security defense system based on the bionic security mechanism was proposed.Firstly, imitating the security defense mechanism of the organism, the endogenous security system integrated the security component with each other at the construction process.Secondly, the endogenous security associates all security components through network interconnection, and proposed a defense in depth and comprehensive approach to increase the security of a system.Finally, through the self-learning, endogenous security's ability of threat detection was continuous enhanced.By integrating the security system and information system, an endogenous security defense system was constructed.The endogenous security defense system can handle the challenges such as low defensive efficiency ratio, high-speed data processing, and unknown threats detection.The endogenous security system is an efficient security defense system of “innate growth and independent growth”.It meets the development needs of information systems with “high availability, security and high efficiency”.

    Research on cross-domain access control technology
    Tianyi ZHU, Fenghua LI, Lin CHENG, Yunchuan GUO
    2021, 7(1):  20-27.  doi:10.11959/j.issn.2096-109x.2021003
    Asbtract ( 514 )   HTML ( 96)   PDF (680KB) ( 491 )   Knowledge map   
    References | Related Articles | Metrics

    Based on the latest research at home and abroad, the access control technology in cross-domain data flow were summarized and prospected.Firstly, combined with access control in complex application environments, the development of access control models and data security modelswere summarized.The advantages and disadvantages of access control policy management were analyzed.Secondly, the research on access control policy management from the aspects of data marking, policy matching and policy conflict detection were discussed respectively.Finally, the research status of data marking technology and authorization and extension control technology in unified authorization management were summarized.

    Research on security scenarios and security models for 6G networking
    Chenglei ZHANG, Yulong FU, Hui LI, Jin CAO
    2021, 7(1):  28-45.  doi:10.11959/j.issn.2096-109x.2021004
    Asbtract ( 837 )   HTML ( 150)   PDF (11444KB) ( 720 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The concept of 6G has been proposed and has attracted the wide attention of academe.Generally speaking, the 6G network will optimize the performance of 5G, and expand the network scenarios which are difficult to achieve within 5G.However, the introduction of new scenarios and technologies will also bring new security threats to cyber security.The research progress on the key technologies and implementation methods of the 6G were conducted.To summarize a vision of core technologies of 6G, the research work of major 5G/6G research institutions, companies and enterprises were focused on .On this basis, the possible security problems and security challenges in 6G network were put forward.Finally, according to the existing network techniques, the possible solutions and proposed a general security model for 6G networks were discussed.

    Network function heterogeneous redundancy deployment method based on immune algorithm
    Qingqing ZHANG, Hongbo TANG, Wei YOU, Yingle LI
    2021, 7(1):  46-56.  doi:10.11959/j.issn.2096-109x.2021005
    Asbtract ( 225 )   HTML ( 37)   PDF (1319KB) ( 291 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the problem that the existing security defense methods cannot resist many unknown vulnerabilities and backdoors in the network function virtualization platform, a mimic defense architecture for network function virtualization using mimic defense ideas was proposed, a heterogeneous redundant deployment method based on an immune algorithm for the construction of heterogeneous pools was proposed.Firstly, the degree of heterogeneity between heterogeneous entities was quantitatively evaluated in combination with the entropy value method, then the network function heterogeneous redundant deployment problem was constructed into a minimax problem with the optimization goal of maximizing the degree of heterogeneity between heterogeneous entities, and finally the immune algorithm was used to quickly solve the optimal deployment solution of network functions.Simulation results show that the proposed method can quickly converge to an optimal deployment scheme and ensure that the overall distribution of heterogeneity between heterogeneous bodies is at a high level, effectively increasing the diversity between heterogeneous bodies and improving the attacker's difficulty.

    Topic Ⅱ: Blockchain Security
    Rapid responsive and efficient multi-valued Byzantine consensus scheme
    Wang ZHOU, Honggang HU, Nenghai YU
    2021, 7(1):  57-64.  doi:10.11959/j.issn.2096-109x.2021006
    Asbtract ( 373 )   HTML ( 43)   PDF (895KB) ( 450 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Due to the increase of network equipments and the uncertainty of the transmission environment, the message delay is also uncertain, and the asynchronous consensus protocol possesses more advantages.Miller et al proposed the first asynchronous consensus protocol HoneyBadgerBFT in 2016, but its transmission efficiency can be optimized furthermore while achieving high throughput.The broadcast protocol in HoneyBadgerBFT was improved by reducing the message complexity in the broadcast process, and adding optional message request process to achieve rapid response and efficient transmission.

    Embedding of national cryptographic algorithm in Hyperledger Fabric
    Qi CAO, Shuhua RUAN, Xingshu CHEN, Xiao LAN, Hongxia ZHANG, Hongjian JIN
    2021, 7(1):  65-75.  doi:10.11959/j.issn.2096-109x.2021007
    Asbtract ( 570 )   HTML ( 68)   PDF (2809KB) ( 731 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Hyperledger Fabric is an extensible alliance blockchain platform and provides support for enterprise-level commercial blockchain projects.The cryptographic algorithm is the core technologies of the platform, ensuring the security and non-tampering of the data on the chain.But the original Fabric platform lacks the national cryptographic algorithm support.The embedding and support of the national cryptographic algorithm of the Fabric platform was designed and implemented.Firstly, the interaction logic of between components and the invocation scenario of each type of cryptographic algorithm in the Fabric platform were analyzed, an idea of embedding national cryptographic algorithm support for the platform was proposed.Secondly, the modules and interfaces for SM2, SM3 and SM4 were added to BCCSP of the Fabric platform based on the open source code of national cryptographic algorithm implementation.Thirdly, the interface of cryptographic algorithm invoked by the upper layer of each component is associated to the interface of corresponding national cryptographic algorithms, which realized the invocation support of national cryptographic algorithm for the upper layer applications.Finally, the correctness and effectiveness of the embedded national cryptographic algorithm were verified by creating a fabric-gm test instance.And compared with the performances of the test instance built by the mirror of the native Fabric platform.The experimental results show that the embedded national cryptographic algorithm interfaces are corrected and the generated national cryptographic certificates are effective.Moreover, compared with the native Fabric platform, the network start up time increases by about 3%.In the millisecond unit, the transaction time cost increases by about one time, the dynamic certificate generation time increases by about 9%, and all the performance are within the acceptable range.

    Compression of bitcoin blockchain
    Xiaojiao CHEN, Xianzheng LIN, Nenghai YU
    2021, 7(1):  76-83.  doi:10.11959/j.issn.2096-109x.2021008
    Asbtract ( 671 )   HTML ( 82)   PDF (1550KB) ( 367 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The blockchain provides an immutable, transparent, and decentralized method for data storage.However, as the volume of data gradually increases, the public blockchain system requires significant storage space.The bitcoin block's structure was analyzed.A method was introduced to compress the size of transactions in the bitcoin blockchain by encoding specific fields.Experiment shows that the proposed method can reduce the storage space of the bitcoin blockchain by 18.13%.

    Bitcoin blockchain based information convert transmission
    Tao ZHANG, Qianhong WU, Zongxun TANG
    2021, 7(1):  84-92.  doi:10.11959/j.issn.2096-109x.2021009
    Asbtract ( 582 )   HTML ( 94)   PDF (801KB) ( 573 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To meet efficient, safe, covert and stable transmission of confidential information, the transaction data structures, location and capacity of potential convert channels were analyzed.Then a formal security model of covert transmission in the bitcoin blockchain environment was proposed, which would not break the transaction structures, add special transaction content, can overcome shortcomings of traditional convert channels and protect the anonymity of both sender and receiver.The proposed security model opens a promising avenue of covert transmission, which is of great significance to promote the secure transmission technologies for the national special applications.

    Papers
    Privacy protection key distribution protocol for edge computing
    Jian SHEN, Tianqi ZHOU, Chen WANG, Huijie YANG
    2021, 7(1):  93-100.  doi:10.11959/j.issn.2096-109x.2021010
    Asbtract ( 395 )   HTML ( 48)   PDF (1815KB) ( 461 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the privacy protection problem in the multi-application scenarios of edge computing, two policy-based key distribution protocols were proposed.The proposed protocols are based on the concept of constrained pseudo-random functions to achieve efficient and flexible policy selection.Specifically, based on the GGM pseudo-random number generator, the key distribution protocol with a prefix-predicate is constructed, which can effectively support lightweight and efficient key distribution.Moreover, based on the multilinear pairing, the key distribution protocol with a bit fixing predicate is constructed.This protocol can support flexible and fine-grained strategy selection and is suitable for dynamic and flexible multi-device scenarios in heterogeneous networks.Finally, the security proof of the proposed protocols is presented.

    Mimic cloud service architecture for cloud applications
    Liming PU, Hongquan WEI, Xing LI, Yiming JIANG
    2021, 7(1):  101-112.  doi:10.11959/j.issn.2096-109x.2021011
    Asbtract ( 303 )   HTML ( 39)   PDF (1894KB) ( 485 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to solve the problem of the lack of heterogeneity and dynamics of cloud application services with a single executor, and the difficulty of dealing with the security threats of unknown vulnerabilities and backdoors, a mimic cloud service architecture was proposed.In this architecture, the application services provided by the cloud platform were constructed into a service package based on mimic defense technology, so that the application services had the endogenous security features and robustness brought by mimic structure.At the same time, two key mimic cloud services operating mechanism,policy scheduling and adjudication mechanism were discussed.The experimental results and analysis show that the mimic cloud service obtains better security and its response time delay can be reduced by reducing the performance difference of the executor.

    Moving target defense against adversarial attacks
    Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG
    2021, 7(1):  113-120.  doi:10.11959/j.issn.2096-109x.2021012
    Asbtract ( 294 )   HTML ( 38)   PDF (1315KB) ( 527 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Deep neural network has been successfully applied to image classification, but recent research work shows that deep neural network is vulnerable to adversarial attacks.A moving target defense method was proposed by means of dynamic switching model with a Bayes-Stackelberg game strategy, which could prevent an attacker from continuously obtaining consistent information and thus blocked its construction of adversarial examples.To improve the defense effect of the proposed method, the gradient consistency among the member models was taken as a measure to construct a new loss function in training for improving the difference among the member models.Experimental results show that the proposed method can improve the moving target defense performance of the image classification system and significantly reduce the attack success rate against the adversarial examples.

    Secure data collection method of WSN based on mobile Sink
    Chunyu MIAO, Yuan FAN, Hui LI, Kaiqiang GE, Xiaomeng ZHANG
    2021, 7(1):  121-129.  doi:10.11959/j.issn.2096-109x.2021013
    Asbtract ( 202 )   HTML ( 27)   PDF (1235KB) ( 331 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    At present, WSN data collection method based on mobile Sink has some problems, such as low detection rate of network attack and large memory cost, which makes the network vulnerable to network attack and difficult to be applied in practice.To solve this problem, a secure data collection WSN method of WSN based on mobile Sink was proposed, which used convex hull algorithm of energy perception to identify data collection points, used elliptic encryption algorithm (ECC) to generate key for all nodes in the network, used ElGamal algorithm to realize node identity and message authentication, and used support vector machine (SVM) to identify network attack types.The simulation results show that the proposed secure data collection method has good performance in attack detection rate, memory overhead and packet delivery rate.

    Research on security defense of mobile edge computing
    Lu CHEN, Hongbo TANG, Wei YOU, Yi BAI
    2021, 7(1):  130-142.  doi:10.11959/j.issn.2096-109x.2021014
    Asbtract ( 517 )   HTML ( 83)   PDF (2031KB) ( 663 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Mobile Edge Computing can solve the problem of heavy backhaul link overloaded and long delay effectively by further extending the telecommunication cellular network to other wireless access networks.However, the MEC nodes are exposed to the edge of the network whose computing resource, storage capacity and energy resource are limited, they are more vulnerable to the illegal attacks by attackers.Based on the briefly analysis of the security threats faced by mobile edge computing, some key problems and challenges of mobile edge computing for four different security subjects, device security, node security, network resources and tasks, and migration security are summed up and expounded, and the existing security solutions were summarized.Finally, the open research and future development trend of mobile edge computing security defense on three aspects that limited resource defense model in the dynamic scene, resource deployment based on comprehensive trust and user-centered service reliability assurance are discussed.

    Two-layer threat analysis model integrating macro and micro
    Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG
    2021, 7(1):  143-156.  doi:10.11959/j.issn.2096-109x.2021015
    Asbtract ( 182 )   HTML ( 19)   PDF (2462KB) ( 170 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The existing threat analysis models failed to comprehensively analyze the propagation of advanced security threats integrating the threat development trend and propagation path.In order to solve the problem, a two-layer threat analysis model named TL-TAM was established.The upper layer of the model depicted the threat development trend.The lower layer depicted the threat propagation path considering social engineering and networks can.Based on the model, prediction algorithm of threat development was proposed.The experimental result shows that the model can comprehensively analyze the threat propagation at multiple levels, overcome the defect that the threat analysis model based on attack graph is limited to technical vulnerability attack, and is more suitable for dynamic tracking analysis of advanced security threats.

    Dynamic privacy measurement model and evaluation system for mobile edge crowdsensing
    Mingfeng ZHAO, Chen LEI, Yang ZHONG, Jinbo XIONG
    2021, 7(1):  157-166.  doi:10.11959/j.issn.2096-109x.2021016
    Asbtract ( 304 )   HTML ( 36)   PDF (17060KB) ( 228 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To tackle the problems of users not having intuitive cognition of the dynamic privacy changes contained in their sensing data in mobile edge crowdsensing (MECS) and lack of personalized privacy risk warning values in the data uploading stage, a dynamic privacy measurement (DPM) model was proposed.A structured representation of data obtained by a user participating in a sensing task was introduced and was transformed it into a numerical matrix.Then privacy attribute preference and timeliness were presented to quantify the dynamic privacy changes of data.With this, personalized privacy thresholds of users based on the numerical matrix were reasonably calculated.Finally, differential privacy processing was performed on the numerical matrix, and a model evaluation system was designed for the proposed model.The simulation results show that the DPM model was effective and practical.According to the given example, a data utility of approximately 0.7 can be achieved, and the degree of privacy protection can be significantly improved as the noise level increases, adapting to the MECS of IoT.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:Xing Jianchun
Address:F2, Beiyang Chenguang Building, Shunbatiao No.1 Courtyard, Fengtai District, Beijing, China
Tel:010-53879136/53879138/53879139
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
Links
More...
visited
Total visitors:
Visitors of today:
Now online:
Copyright of website: Editorial Office of Chinese Journal of Network and Information Security