Please wait a minute...


    15 January 2016, Volume 2 Issue 1
    Analysis and enlightenment on the cybersecurity strategy of various countries in the world
    Yu-xiao LI,Yong-jiang XIE
    2016, 2(1):  1-5.  doi:10.11959/j.issn.2096-109x.2016.00017
    Asbtract ( 2241 )   HTML ( 38)   PDF (374KB) ( 8396 )   Knowledge map   
    References | Related Articles | Metrics

    National cybersecurity strategy is the top-level design and strategic framework of the country, which in-cludes the national security, risk management and the personal protection. Now the main developed countries in the world have made the national cybersecurity strategy. So the strategy of our country drawing lessons from the ex-perience of the developed countries should also be enacted. And the strategy should include the cybersecurity situa-tion assessment, strategic target, strategic actions, the system and mechanism of internet governance, and so on.

    Study on designation of cyber information assurance education in USA
    Ning ZHANG,Hui LI
    2016, 2(1):  6-11.  doi:10.11959/j.issn.2096-109x.2016.00018
    Asbtract ( 1400 )   HTML ( 15)   PDF (216KB) ( 2277 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    National centers of academic excellence-cyber defense and cyber operation programs sponsored by NSA and DHS in USA were introduced and analyzed. The basic criteria and procedure of national centers of academic excellence-cyber defense with three programs, 2 years/4 years education and research center were introduced, as well as the national centers of academic excellence-cyber operation with the basic criteria. The Curriculum i.e. knowledge units were analyzed in detail. The development and current situation of the designations were investi-gated. Hopefully the study would be helpful to improve the accretion of the discipline of cyber security in our country.

    Comprehensive Reviews
    Privacy-preserving image processing in cloud computing
    Kui REN
    2016, 2(1):  12-17.  doi:10.11959/j.issn.2096-109x.2016.00020
    Asbtract ( 2250 )   HTML ( 29)   PDF (2919KB) ( 4602 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Enjoying the rapid growth of image data and cloud computing platforms, various image processing ap-plications have emerged and flourished in recent years. Meanwhile, the privacy concerns over the abuse of sensitive information contained in outsourced data also arise in public. In fact, once uploaded to the cloud, the security of us-ers’ private information purely depends on the reliability of the cloud service providers (CSP). To solve this problem, the security requirements and technical challenges lain in privacy-preserving image processing based on different cloud computing architectures were studied, and several solutions to protect the security of outsourced data while enabling functionality of image processing applications were proposed. Several state-of-the-art techniques for secure image processing were introduced and analyzed, including homomorphic encryption (HE) scheme, secure multiparty computation (SMC) protocol, and differential privacy (DP).

    Progress of research on privacy protection for data publication and data mining
    Jiao WANG,Ke-feng FAN,Yong WANG
    2016, 2(1):  18-26.  doi:10.11959/j.issn.2096-109x.2016.00021
    Asbtract ( 1418 )   HTML ( 14)   PDF (965KB) ( 6449 )   Knowledge map   
    References | Related Articles | Metrics

    With the rapid development of the computer technology, there are more and more data in the society. In order to acquire knowledge from the large amounts of data, collecting and data mining is necessary. However, the privacy information will inevitably be disclosed during the process. So it is particularly important to improve the security of data and protect the useful data to avoid being disclosed. Several methods of data privacy preserving technology were analyzed when data was processed and briefly discussed the international standards which were made by JTC1 about privacy protection. According to its different application fields, the possible future research di-rections was proposed. Certain reference foundation could be provided for people who were in the field of informa-tion security.

    Supply chain dynamic multi-center coordination authentication model based on block chain
    Jian-ming ZHU,Yong-gui FU
    2016, 2(1):  27-33.  doi:10.11959/j.issn.2096-109x.2016.00019
    Asbtract ( 5769 )   HTML ( 96)   PDF (1052KB) ( 10744 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The value of block chain technology is proved by the success of Bitcoin. The characteristics, limitations and its chain structure Hash principle of block chain were analyzed, the applications of block chain technology were researched, the B2B+B2C supply chain each transaction subject transaction structure diagram and dynamic multi-center coordination authentication model based on block chain were proposed. Then the producing process of block chain in B2B+B2C supply chain electronic transaction with example was analyzed, and the facing problems that block chain spreading use in B2B+B2C supply chain enterprise were pointed out. The research results have proposed a new idea for the application of cryptography and block chain.

    Research on OLE object vulnerability analysis for RTF file
    De-guang LE,Liang ZHANG,Sheng-rong GONG,Li-xin ZHENG,Shao-gang WU
    2016, 2(1):  34-45.  doi:10.11959/j.issn.2096-109x.2016.00011
    Asbtract ( 2685 )   HTML ( 30)   PDF (1236KB) ( 4316 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to deal with the problem of OLE parsing vulnerability for RTF documents, a kind of vulnerability analysis method based on data block analysis and characterization data construction was proposed. The trigger con-ditions of OLE object vulnerability by reverse engineering technique were analyzed. The trigger point of vulnerabil-ity was located through data block analysis. The OLE object vulnerability was detected based on characterization data construction. Tests show that the proposed method not only detects the OLE object vulnerability correctly, but also locates the point of vulnerability accurately, which provides the effective support for the research on vulnerabil-ity patches. Besides, the detection effectiveness of the proposed method is higher than that of other methods, which can effectively defense the exploit attack of OLE object vulnerability for RTF documents.

    Risk access control model for Hadoop
    Jia-shuai LI,Chang-gen PENG,Yi-jie ZHU,Hai-feng MA
    2016, 2(1):  46-52.  doi:10.11959/j.issn.2096-109x.2016.00015
    Asbtract ( 1325 )   HTML ( 6)   PDF (339KB) ( 2184 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.

    Privacy-preserving mining of association rules based on paillier encryption algorithm
    Huan XING,Lin ZHANG
    2016, 2(1):  53-59.  doi:10.11959/j.issn.2096-109x.2016.00014
    Asbtract ( 1465 )   HTML ( 7)   PDF (633KB) ( 2360 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In privacy preserving association rule mining, the precision and security of mining are always a pair of contradictions. A method of privacy-preserving mining of association rules based on paillier encryption algorithm over distributed databases was proposed. The method separated calculation and decryption so it can solve the prob-lem of accuracy and security from mining of association rules perfectly. The method can reduce the time cost by Montgomery reduction. The experiment shows that the time cost on the basis of adding the process of encryption and decryption is acceptable.

    New forgery attack on the authenticated cipher SCREAM and iSCREAM
    Yu-dan TIAN,Yong-zhuang WEI
    2016, 2(1):  60-65.  doi:10.11959/j.issn.2096-109x.2016.00012
    Asbtract ( 1003 )   HTML ( 3)   PDF (667KB) ( 1590 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Authentication encryption algorithms have been widely used in networks security system since these al-gorithms can efficiently provide both privacy and integrity measurement for data transmission. Recently, authentica-tion encryption algorithms have received attentions extensively since the event of CAESAR cipher solicitation was developed. SCREAM had been selected as one of the second-round candidates in CAESAR competition because of its novel structure and design idea. Currently, the security issue of SCREAM becomes an interesting research topic. Based on the characteristic of SCREAM variable parameters, a new forgery attack was proposed by using the basic idea of the sum collision. In particular, this attack could also be used to iSCREAM algorithm. Different to the best known attacks, the new attack requires less time and data complexities. It is shown that this new attack is more flexible and effective. Furthermore, the success probability of the forgery will be one.

    Research based on the method of Android system active defense without Root permission
    Jing-qiang LIU,Bin LI,Li-zhang CHEN,Bin CHEN
    2016, 2(1):  65-73.  doi:10.11959/j.issn.2096-109x.2016.00013
    Asbtract ( 2537 )   HTML ( 9)   PDF (534KB) ( 4326 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to solve the problem that the system security is reduced through getting Root permission and that the security of Android smartphone is not effective without Root permission, the working principle of ART, the Java reflection mechanism and AOP principle were studied. The new mechanism was designed and implemented to avoid the security problem caused by the traditional protection application of Hooking system function in the kernel layer and the limitations with calling API in the application layer ineffectively. The interception of sensitive behavior and the protection of smartphone were both achieved.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: