Please wait a minute...


    15 April 2017, Volume 3 Issue 4
    Comprehensive Review
    Overview of the detection and prevention study of hardware Trojans
    Qiang XU,Xing-hao JIANG,Li-hong YAO,Zhi-qiang ZHANG,Cheng ZHANG
    2017, 3(4):  1-13.  doi:10.11959/j.issn.2096-109x.2017.00160
    Asbtract ( 1660 )   HTML ( 6)   PDF (705KB) ( 4065 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The design and manufacture of integrated circuit chips are now a key component of the electronic industry.The increasing popularity of third-party technology services may lead to the implantation of hardware chips in the manufacturing process,which brings great challenge to the security of electronic devices.After introducing the concept of hardware Trojans,the characteristics and its forms were briefly analyzed.Then the detection technologies,and the prevention strategies of the hardware Trojans were discussed.At last,the development trend of the hardware Trojans was summarized.

    Tag dynamic ownership transfer protocol for multi-owner with weights
    Yong GAN,Zong-qin YANG,Lei HE,Chao DU,Si-cong LIU
    2017, 3(4):  14-19.  doi:10.11959/j.issn.2096-109x.2017.00120
    Asbtract ( 955 )   HTML ( 0)   PDF (430KB) ( 1810 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    A dynamic ownership transfer protocol of RFID tag based on Lagrange algorithm was proposed to achieve the transfer for multi-owner with different weights.When the ownership of a tag changed,the agreement could recover the original secret key to verify the legitimacy of the owners,and use secret sharing algorithm to redistribute sub-key according to the new weights of the owners to make the security and flexibility of the ownership transfer improved.The simulation is carried out to show that it adapts to a low-cost RFID tag because the calculation and time consuming are low in the protocol.

    Blur detection of digital forgery using mathematical morphology
    Hui-fen HUANG,Zhi-hong WANG,Yu-hong CHANG
    2017, 3(4):  20-25.  doi:10.11959/j.issn.2096-109x.2017.00152
    Asbtract ( 831 )   HTML ( 1)   PDF (1267KB) ( 1517 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the fuzzy operation commonly used in image tampering,a new fuzzy detection scheme using smooth filter preserving edges and mathematical morphological methods was studied.By using the sharpening function and denoising function of both methods,tampering and location of tampering position can be pointed out without embedding information such as watermarking technique.The method can not only determine whether an image has been virtualized,but also detect the extent of the image blur.Experimental results confirm the effectiveness of the scheme.

    Key management scheme with private key self-healing ability in DTN
    De-quan LI,Xi-yong ZHANG,Ting-ting ZHANG,Guan-jun GUO
    2017, 3(4):  26-31.  doi:10.11959/j.issn.2096-109x.2017.00156
    Asbtract ( 1081 )   HTML ( 1)   PDF (785KB) ( 1757 )   Knowledge map   
    References | Related Articles | Metrics

    Because of the large delay of DTN network,node cannot receive broadcast updating private key messages in a timely manner,thus unable to update the private key for a certain time period.Aiming at this problem,an allowing private key self-healing clustering key was management scheme.The scheme can not only accomplish the distribution of the private keys of node and update,but also can self-heal the old time private keys.Security and efficiency analysis show that the scheme is particularly suitable for large network latency,intermittent connection DTN network.

    Identity authentication scheme of Android client based on identifiers
    Ya-wei WANG,Chang-gen PENG,Hong-fa DING,Kai ZHOU
    2017, 3(4):  32-38.  doi:10.11959/j.issn.2096-109x.2017.00140
    Asbtract ( 1557 )   HTML ( 4)   PDF (473KB) ( 2390 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The Android mobile terminal’s own identifier information was used,which was credibly ensured by the Android system,then combining the Hash function and operation such as xor or connection,an algorithm of authentication information generation for the Android client was created.The traditional mobile client’s process of register and login were analyzed,putting the identity information generation and authentication on the sever.A novel authentication scheme was constructed,which made the users free from the cumbersome authentication process and privacy divulges.Finally,the security and efficiency of the scheme were analyzed.The results show that the new scheme has strong security and high convenience.

    Trusted graphs of the scientific collaboration network based on social computing
    Xin-xin XU,Feng HU,Ming ZHONG,Chao WANG
    2017, 3(4):  39-50.  doi:10.11959/j.issn.2096-109x.2017.00142
    Asbtract ( 1247 )   HTML ( 0)   PDF (1020KB) ( 2301 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Based on SWTrust architecture,using complex weighted network to establish research cooperation network model,the researchers who has co-authored papers in the chinese science citation database were studied,the scale,law and other characteristics of the complex network research were analyzed,to further validate the "small world" features and weak connection theory between the scientific collaboration.At the same time,for the first time in combination with the advantages of Gephi visualization,a trust graph was built and the shortest trust path between the scientific research was got.

    Machine learning algorithm for intelligent detection of WebShell
    Hua DAI,Jing LI,Xin-dai LU,Xin SUN
    2017, 3(4):  51-57.  doi:10.11959/j.issn.2096-109x.2017.00126
    Asbtract ( 2494 )   HTML ( 24)   PDF (671KB) ( 7464 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    WebShell is a common tool for network intrusions,which has the characteristics of great harm and good concealment.The current detection method is relatively simple,and easy to be bypassed,so it is difficult to deal with complex and flexible WebShell.To solve these problems,a supervised machine learning algorithm was put forward to detect WebShell intelligently.By learning the features of existing WebShell and non-existing WebShell pages,the algorithm can make prediction of the unknown pages,and the flexibility and adaptability were both very good.Compared with the traditional WebShell detection methods,the experiment proves that the algorithm has higher detection efficiency and accuracy,and at the same time there is a certain probability to detect new types of WebShell.

    Research on attack scenario reconstruction method based on causal knowledge discovery
    Di FAN,Jing LIU,Jun-xi ZHUANG,Ying-xu LAI
    2017, 3(4):  58-68.  doi:10.11959/j.issn.2096-109x.2017.00148
    Asbtract ( 988 )   HTML ( 3)   PDF (793KB) ( 3663 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to discover the attack pattern from the distributed alert data and construct the attack scene,a method of finding the attack scene from the alert data generated by intrusion detection system was studied.Current research suffer from the problem that causal knowledge is complex and difficult to understand and it is difficult to automatically acquire the problem.An attack scenario reconstruction method based on causal knowledge discovery was proposed.According to the process of KDD,the sequence set of attack scenes was constructed by the correlation degree of IP attributes among alert data.Time series modeling was adopted to eliminate the false positives to reduce the attack scene sequence.Finally,causal relationship between the alert data was found by using probability statistics.Experiments on the DARPA2000 intrusion scenario specific data sets show that the method can effectively identify the multi-step attack mode.

    Two improved content extraction signature schemes
    Min WANG,Jin-hua MA,Jiang-hua LIU,Wei WU
    2017, 3(4):  69-77.  doi:10.11959/j.issn.2096-109x.2017.00162
    Asbtract ( 844 )   HTML ( 1)   PDF (1461KB) ( 1616 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Motivated by the idea of batch signatures,two variants of content extraction signature schemes based on commit vector and RSA respectively were presented.In the proposed schemes,the efficiency of signing and verification were improved by unifying certain message.The analysis show that the proposed schemes are existentially unforgeable under chosen message attacks in the random oracle model.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: