Please wait a minute...


    15 November 2018, Volume 4 Issue 11
    Comprehensive Reviews
    Survey of software-defined networking data plane security
    Zhongfu GUO, Xingming ZHANG, Bo ZHAO, Sunan WANG
    2018, 4(11):  1-12.  doi:10.11959/j.issn.2096-109x.2018087
    Asbtract ( 1063 )   HTML ( 13)   PDF (648KB) ( 1200 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The software-defined network decouples the data plane from the control plane,aiming to introduce network innovation faster and fundamentally automate the management of large networks.Architecture innovation brings challenges and opportunities.Security issues limit the widespread adoption of software-defined networks.Attacks on the data plane may damage the entire software-defined network.The data plane structure and development trends were introduced,data plane security risks were analyzed,vulnerabilities were pointed out,and potential attack scenarios were identified.It also presents two specific solutions,discusses the significance and limitations,and looks forward to future security research directions.

    Survey on public key encryption with equality test
    Yuanhao WANG,Hongbo LI,Yuzhao CUI,Qingwen GUO,Qiong HUANG
    2018, 4(11):  13-22.  doi:10.11959/j.issn.2096-109x.2018094
    Asbtract ( 897 )   HTML ( 19)   PDF (752KB) ( 1160 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    As one of the important methods of solving the problem of computation over encrypted data under multiple public keys in cloud environment,public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under (possibly) different public keys contain the same message without decrypting the ciphertexts.Definitions,security models and six types of authorization modes of PKEET are introduced and summarized.Besides,the relationship between PKEET and public key encryption with keyword search (PKES) is discussed.Several typical public-key,identity-based and attribute-based encryption with equality test schemes proposed recently are analyzed and compared.Furthermore,some application scenarios and research directions are discussed.

    Lightweight authentication protocol for security vehicle network of railway freight train
    Congdong LYU,Yucai LI
    2018, 4(11):  23-31.  doi:10.11959/j.issn.2096-109x.2018089
    Asbtract ( 858 )   HTML ( 3)   PDF (771KB) ( 375 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the development of railway transportation,it has put forward higher requirements for the safety of freight train.The present ground vehicle safety monitoring system,due to technical limitations,can’t meet the security requirement for real time information report of the train.Vehicular sensor can collect real-time vehicle information,to guarantee the safety of the train.Vehicle network is the basic of the communications between vehicular sensors.The basic of the security vehicle network for the railway freight train is authentication.Lightweight authentication protocol for the security vehicle network was proposed.The protocol can authenticate the network nodes without CA.

    Security analysis in heterogeneous fault-tolerant control plane
    Qi WU,Hongchang CHEN,Fucai CHEN
    2018, 4(11):  32-39.  doi:10.11959/j.issn.2096-109x.2018095
    Asbtract ( 542 )   HTML ( 0)   PDF (633KB) ( 584 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the large-scale application of software-defined networks,the security of software-defined networks becomes more and more important.As an important defense idea,the fault-tolerant control plane based on heterogeneity has attracted more and more researchers' attention in recent years.However,the existing researches ignore the problem of common vulnerability in heterogeneous variants,which greatly reduces the security benefits of the fault-tolerant control architecture for software-defined networks.Addressing this problem,the common vulnerability was taken in heterogeneous variants into considerations.First,the tolerance capability of the fault-tolerant control plane was quantified.Then a control plane deployment method was constructed which was able to maximize the tolerance capability.The simulations show that the proposed method can effectively reduce the failure probability of the control plane.When the attackers attack the control plane constructed based on the proposed method,they pay more attack cost to compromise the control plane.

    Lightweight authentication method for network interconnection control protocols
    Bo LU,Yun LIU,Jie ZHANG,Yueming LU
    2018, 4(11):  40-48.  doi:10.11959/j.issn.2096-109x.2018090
    Asbtract ( 355 )   HTML ( 0)   PDF (657KB) ( 645 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    As network interconnection controls are required for the space-earth integrated network and the limited resources are not suitable for high computing complexity degree authentication methods,a lightweight authentication method for network interconnection control protocols is proposed.Through the calculation of limited resources,using the idea of random fill,It design and implement public key encryption and signature algorithm which is components of the networks interconnection control authentication protocol.Formal analysis tool Scyther is used to analyze the security of the protocol.Comparing with other secure communication protocols,the method can meet the requirements of resource-constrained networks and ensure the safety.

    Research on backup and remapping of network slice based on security classification
    Zhiyong SUN,Xinsheng JI,Wei YOU,Quan YUAN
    2018, 4(11):  49-57.  doi:10.11959/j.issn.2096-109x.2018088
    Asbtract ( 760 )   HTML ( 5)   PDF (626KB) ( 540 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In the future virtual environment of 5G core network,the general X86 servers make the attackers exploit vulnerabilities more easily,the substrate network is infected with and spreads the virus more easily,and the problem of single physical node failed will affect the service performance of the network slice seriously.Based on the existing node backup and remapping solutions,considering the impact of security constraints among nodes on network security performance,a security parameter evaluation model of virtual nodes and physical nodes were proposed in the network slicing,and the security constraint relationship was established between the virtual nodes and the physical nodes.Then backup virtual nodes were selected based on the security parameters evaluation model,and backup mapping methods were designed.Finally,the node remapping mechanism was designed with satisfying the requirement of network delay.Experiments show that the proposed method can significantly improve network intrusion tolerance with satisfying the requirements of network slicing service performance.

    Intrusion detection model based on non-symmetric convolution auto-encode and support vector machine
    Jialin WANG, Jiqiang LIU, Di ZHAO, Yingdi WANG, Yingxiao XIANG, Tong CHEN, Endong TONG, Wenjia NIU
    2018, 4(11):  57-68.  doi:10.11959/j.issn.2096-109x.2018086
    Asbtract ( 1490 )   HTML ( 17)   PDF (787KB) ( 1733 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Network intrusion detection system plays an important role in protecting network security.With the continuous development of science and technology,the current intrusion technology cannot cope with the modern complex and volatile network abnormal traffic,without taking into account the scalability,sustainability and training time of the detection technology.Aiming at these problems,a new deep learning method was proposed,which used unsupervised non-symmetric convolutional auto-encoder to learn the characteristics of the data.In addition,a new method based on the combination of non-symmetric convolutional auto-encoder and multi-class support vector machine was proposed.Experiments on the data set of KDD99 show that the method achieves good results,significantly reduces training time compared with other methods,and further improves the network intrusion detection technology.

    Rule-defect oriented browser XSS filter test method
    Zhijie GUI,Hui SHU
    2018, 4(11):  69-77.  doi:10.11959/j.issn.2096-109x.2018093
    Asbtract ( 929 )   HTML ( 12)   PDF (681KB) ( 704 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: