Please wait a minute...


    15 March 2016, Volume 2 Issue 3
    angle of view
    Suggestions on cyber security talents cultivation
    Hong-li ZHANG,Hai-ning YU,Jian-hong ZHAI,Xiang-zhan YU
    2016, 2(3):  1-9.  doi:10.11959/j.issn.2909-109x.2016.00027
    Asbtract ( 1472 )   HTML ( 9)   PDF (420KB) ( 3355 )   Knowledge map   
    References | Related Articles | Metrics

    Talent competition is the core content of cyber security competition. Firstly, the definitions and characteristics of cyber security were introduced. Then, the development status of international cyber security talents cultivation were analyzed, and the main problems existing in cyber security talents cultivation were pointed out. Finally, based on national significant strategy, suggestions on cyber security talents cultivation to explore a sophisticated architecture were proposed, which refer to the national overall planning, academic education, vocational training and certification, genius discovery and cultivation.

    Legislative reflection on critical information infrastructure protection in China
    UANGDao-li HUANG,Ting FANG
    2016, 2(3):  10-16.  doi:10.11959/j.issn.2909-109x.2016.00033
    Asbtract ( 1083 )   HTML ( 8)   PDF (381KB) ( 3091 )   Knowledge map   
    References | Related Articles | Metrics

    The necessity of critical information infrastructure protection legislation is particularly prominent. Current legislations and practice show that critical information infrastructure protection is lack of a strong regulation at the national level, national and industry department lack of knowledge and ability to protect critical information infrastructure and their responsibilities are unclear with no effective coordination mechanisms, financial, technical and personnel support capabilities are also weak. To speed up the formulation and promulgation of critical information infrastructure protection legislation, the organization system and its working mechanism of critical information infrastructure protection should be clearly defined, and early warning and monitoring mechanism, emergency response and recovery mechanisms, security supervision system, accountability system and basic safeguard system should be built.

    Shaping the future of commercial quantum computer and the challenge for information security
    Chao WANG,Yun-jiang WANG,Feng HU
    2016, 2(3):  17-27.  doi:10.11959/j.issn.2096-109x.2016.00026
    Asbtract ( 1876 )   HTML ( 8)   PDF (904KB) ( 2722 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The progress on universal quantum computer devices is show, so that attacking the 1 024 bit RSA by Shor algorithm is impractical currently. The modern cryptography still has strong security. Take the quantum devices constraints into consideration was proposed for the first time, the storage of former registers in the Shor algorithm should be 100 or less Qubits theoretically decreased from 1 000 or more Qubits. Quantum artificial intelligence, as the rapid progress of special quantum computer, was regarded as the new generation computing idea which met the goal of national strategic computing initiative(NSCI). With the wide applications in the field of machine learning and artificial intelligence, importance to the influences of quantum artificial intelligence on the big data security on internet should be attached. Additionally, it was the first time to use the quantum computer for designing cryptography and it shed an interesting light on cryptography design based on the quantum artificial intelligence which had not been reported anywhere before.

    Research on privacy protection in the process of information exchange
    Jia-feng HUA,Feng-hua LI,Yun-chuan GUO,Kui GENG,Ben NIU
    2016, 2(3):  28-38.  doi:10.11959/j.issn.2096-109x.2016.00035
    Asbtract ( 1497 )   HTML ( 12)   PDF (1918KB) ( 2496 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The privacy preservation problems in the process of information exchange have been summarized, according to the latest study and review related. Firstly, the different kinds of information service modes in pervasive networks, induce the essence of the information dissemination were introduced, and the risks of privacy information leakage during the information exchange were analyzed. Then the current research status of the information privacy awareness, privacy metric, self-adaptive adjustment scheme, privacy splitting and authorization extension were concluded. Finally, four research directions including the privacy awareness in the multi-source environment, scenario-aware privacy measurement, scenario defined privacy protection scheme, privacy splitting and authorization extension were proposed.

    Survey on research of mini-drones security
    Wei LIU,Bing-wen FENG,Jian WENG
    2016, 2(3):  39-45.  doi:10.11959/j.issn.2909-109x.2016.00037
    Asbtract ( 2659 )   HTML ( 20)   PDF (546KB) ( 5624 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the decreasing of the manufacturing cost and the development of technology, mini-drones are spreading from military and high-end commercial areas to civilian and consumer areas, and they have attracted great interests in recent years. On the one hand, mini-drones bring convenient, and on the other hand, they face with serious security problems. The research status of mini-drones, including the security threats of mini drones, the security attacks from mini drones, the authentication and traceability of mini drones, etc were introduced and analyzed. Finally, the future development of security research in mini-drones was also prospected.

    academic paper
    Social financial information security risk analysis and prevention
    Jian-ming ZHU,Bo GAO
    2016, 2(3):  46-51.  doi:10.11959/j.issn.2909-109x.2016.00034
    Asbtract ( 1490 )   HTML ( 5)   PDF (304KB) ( 1469 )   Knowledge map   
    References | Related Articles | Metrics

    The finance is reforming deeply in the country now, and the internet finance develops quickly under the background of “internet+”. Especially with the rapid development of mobile internet and internet socialization, the social finance has become a trend. But at the same time, it faces information security risk brought by the social network and the mobile internet that are the bases of social finance. The social financial potential information security risks were introduced. By modeling a social finance security game, that the correct defense strategy and adopt effective defense measures should be developed was analyzed and pointed out to cope with the social finance information security risks, so as to promote the healthy and quick development of social finance in our country.

    Formal specification and security verification of usage control model based on PAT
    Cong-hua ZHOU,Wei-he CHEN,Zhi-feng LIU
    2016, 2(3):  52-67.  doi:10.11959/j.issn.2909-109x.2016.00038
    Asbtract ( 1411 )   HTML ( 6)   PDF (343KB) ( 1172 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Usage control (UCON) is an access control model to enforce digital resources protection in highly distributed, heterogeneous network computing environment. Firstly, each core model of UCON was specified formally with TCSP#, and a combination specification mechanism was proposed for general UCON. Secondly, as the basis of the security analysis, the concepts and calculation method of the reachable space were given. Various combination mechanisms of processes based on single-session was presented to achieve formal specifications of complex concurrent sessions, timings and nondeterminism. Then the reachable space of combined processes was the desired space. Finally, the security analysis method based on the reachable space and the conflict analysis of access control policies based on the equivalent checking in process algebras were proposed for UCON model. All the proposed work had been formal checked in PAT. The experiment result shows that the proposed approaches are feasible, and PAT is a really great tool for the systematic formal specification and security analysis of UCON.

    Rational exchange protocol model based on mixed strategy
    Hong DING,Chang-gen PENG,Qing-qing KUANG
    2016, 2(3):  68-79.  doi:10.11959/j.issn.2909-109x.2016.00016
    Asbtract ( 1265 )   HTML ( 3)   PDF (341KB) ( 1171 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In the exchange of micropayment protocol, the cost of ensuring fairness by TTP is higher than the value of protocol, in this case the rational exchange protocol is a appropriate choice. Exchange protocol was modeled by extensive mixed strategy game and the entropy function was introduced to discuss the fairness in the process of exchange. In addition, the rational fairness was formally defined by using the concept of mixed strategy Nash equilibrium under the principle of the fairness in the process, and on the basis of this model to construct a new rational exchange protolcol. The protocol’s accountability and rational fairness were proved, the results show that the proposed protocol can achieve mixed stratrgy Nash equilibrium. Without the participation of the trusted third party, the protocol can achieve rational fairness and optimize the penalty values, it is beautifully adapted to the real environment.

    Method of dynamic real-time authentication
    Chuan-wu MAO,Yang CHENG,Wen-ming YU
    2016, 2(3):  76-85.  doi:10.11959/j.issn.2909-109x.2016.00040
    Asbtract ( 1340 )   HTML ( 6)   PDF (904KB) ( 2714 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To solve the problem organization’s insider threats which was brought by internal staff through identity spoofing. A method of dynamic real-time authentication was presented. By faking exceptions of mouse to build dynamic authentication, when continuously consecutive authentication were abnormal, user was forced into fixed scene certification which was building of memory game. An identity verification experiment, in which 15 participants were involved, showed that the performance of proposed method was encouraging with FAR of 1.8% and FRR of 3.0% and authentication time of 8.12 s for authentication. The experiment shows that the method is not only real-time but also has a better user experience and accuracy.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: