Please wait a minute...


    01 February 2019, Volume 5 Issue 1
    Comprehensive Review
    Survey on static software vulnerability detection for source code
    Zhen LI, Deqing ZOU, Zeli WANG, Hai JIN
    2019, 5(1):  1-14.  doi:10.11959/j.issn.2096-109x.2019001
    Asbtract ( 1276 )   HTML ( 51)   PDF (1054KB) ( 3062 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Static software vulnerability detection is mainly divided into two types according to different analysis objects:vulnerability detection for binary code and vulnerability detection for source code.Because the source codecontains more semantic information,it is more favored by code auditors.The existing vulnerability detection research works for source code are summarized from four aspects:code similarity-based vulnerability detection,symbolic execution-based vulnerability detection,rule-based vulnerability detection,and machine learning-based vulnerability detection.The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.

    Special Column:Technology Research and Application Exploration on Attack and Defense of Cryptology
    Attribute-based encryption schema with group signatures
    Xinglan ZHANG,Yao CUI
    2019, 5(1):  15-21.  doi:10.11959/j.issn.2096-109x.2019002
    Asbtract ( 452 )   HTML ( 16)   PDF (689KB) ( 358 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Cipher text-policy attribute-based encryption schema(CP-ABE) is widely used in protection of sensitive data.In CP-ABE,When the users access the cipher text,the access structure and the cipher text were sent to the users.However,the access structure is also has private information which can lead to leak of the privacy.The group signatures were used in CP-ABE to realize protection of the privacy.What’s more,it can satisfy indistinguishable under the choice of plaintext attack.

    Fair secret sharing scheme using asymmetric bivariate polynomial
    Wenwei YANG,Yuqing XING
    2019, 5(1):  22-29.  doi:10.11959/j.issn.2096-109x.2019003
    Asbtract ( 402 )   HTML ( 4)   PDF (579KB) ( 421 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In Shamir's (t,n) secret sharing scheme,any m (m≥t) participants can reconstruct the secret,and any less than t participants can't get any information about the secret.However,if there are more than t participants in the secret reconstruction phase,Shamir's secret reconstruction phase can not prevent external attackers from knowing the secret,while internal attackers can release a fake share to deceive honest participants during the secret reconstruction process.A rational threshold secret sharing scheme using asymmetric bivariate polynomial with unknown rounds is proposed.Then it shows its fairness and security against non-cooperative attack with synchronization,non-cooperative attack with a synchronization,cooperative attack with synchronization and cooperative attack with a synchronization.

    Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem
    Fanyu KONG,Yong QIAO,Pengtao LIU,Xiaodong LIU,Dashui ZHOU
    2019, 5(1):  30-36.  doi:10.11959/j.issn.2096-109x.2019004
    Asbtract ( 468 )   HTML ( 23)   PDF (941KB) ( 644 )   Knowledge map   
    References | Related Articles | Metrics

    As a widely-applied public-key cryptosystem in TLS,SSL and IPSec protocols,the security of RSA cryptosystem is of great importance.At FDTC 2014,Rauzy and Guilley proposed several improved countermeasure algorithms of RSA implementation based on Chinese remainder theorem,which were used to defeat fault-injection attacks.New fault-injection attacks on two of their countermeasure algorithms are proposed.During the RSA computation process,a permanent fault is injected and then a faulty RSA signature result is induced.The RSA private key can be obtained by using the faulty RSA signature and the correct result.Therefore,Rauzy and Guilley’s two countermeasure algorithms cannot resist our fault-injection attack.

    Verifiable outsourced attribute-based encryption with access update
    Suqing LIN
    2019, 5(1):  37-49.  doi:10.11959/j.issn.2096-109x.2019005
    Asbtract ( 689 )   HTML ( 2)   PDF (956KB) ( 321 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to meet the secure and reliable access requirements for the encrypted data stored in the public cloud,a verifiable outsourced attribute-based encryption scheme with access update was proposed.Based on a standard KP-ABE scheme,verifiable outsourced decryption and verifiable access update for a ciphertext through novel constructions for the scheme were obtained.The verifiability of the outsourced computation ensures that the third-party service may perform algorithms honestly.The scheme has selective IND-CPA security for the original and updated ciphertexts,weak master private key security,and verification soundness in the standard model were proved,respectively.Compared with similar schemes from literatures,the proposed scheme can achieve tradeoff in the optimization of functionality,security and efficiency.

    Accelerating cryptographic computation with parallel computing mechanisms in Android platform
    Ning FANG,Weibing CAO,Donghe NI,Guandong DI
    2019, 5(1):  50-55.  doi:10.11959/j.issn.2096-109x.2019006
    Asbtract ( 1225 )   HTML ( 3)   PDF (606KB) ( 511 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming to accelerate cryptographic computation in Android platform,parallel computing method is adopted.Utilizing RenderScript framework in Android platform,big integer multiplication operation is implemented in parallel,which provides efficient and fast basic operations for cryptographic schemes such as elliptic curve.Storage structure and computing logic are designed and implemented for parallel computation of big integer multiplication.Integers are decomposed and handled as matrix elements,so that all additive and multiplicative operations can be performed simultaneously,which provides accelerated intermediate result for multiplication operations.Experiment results show that,compared to the original Java library for big integers in the Android platform,the proposed method has distinctive advantage in execution time.

    Modeling the interrupt transmission process of SR-IOV cryptographic device
    Lei SUN,Shuai LI,Songhui GUO
    2019, 5(1):  56-65.  doi:10.11959/j.issn.2096-109x.2019007
    Asbtract ( 514 )   HTML ( 3)   PDF (1103KB) ( 207 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The SR-IOV cryptographic device generates a large number of I/O interrupts when performing operations in a virtualized environment,causing the CPU to frequently switch between the Root mode and the Non-Root mode,which brings huge system performance overhead and affects the operational performance of SR-IOV cryptographic device.Aiming at this problem,the I/O interrupt of SR-IOV cryptographic device was analyzed,and a M/M/1 queuing model according to the cryptographic task first-come-first-served rules was constructed.What’s more,the key factors affecting system performance were analyzed,and the validity of the model via simulation and experiment was verified,and finally the system performance was tested.The results show that the model can quantitatively analyze the impact of the interrupt frequency on the interrupt response time and system queue length.

    Comparative study of anonymous network Tor and I2P
    Yun YANG, Lingyan LI, Qingzheng WEI
    2019, 5(1):  66-77.  doi:10.11959/j.issn.2096-109x.2019008
    Asbtract ( 1188 )   HTML ( 42)   PDF (1719KB) ( 1345 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Tor is the most deployed anonymous communication system,providing online anonymity and privacy protection,while the invisible Internet project allows applications to send messages to each other anonymously and securely by using garlic routing.The anonymous network Tor and I2P have been highly valued by the academic community and the industry,and are also welcomed by users.The key difference between the design concept between the Tor network and the I2P is that I2P attempts to transfer the existing Internet service to the I2P network,and service implementation is provided within the framework,while Thor allows anonymous access to implement and operate external Internet services separately.The anonymous networks Tor and I2P in terms of terminology,project development,anonymous services,key technologies,threat types,etc.were compared,revealing the inherent and essential differences between the two anonymous networks.

    Access control model for multi-source heterogeneous data in big data environment
    Qiuyue SU, Xingshu CHEN, Yonggang LUO
    2019, 5(1):  78-86.  doi:10.11959/j.issn.2096-109x.2019009
    Asbtract ( 1644 )   HTML ( 30)   PDF (688KB) ( 587 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    The big data platform is open and shared,but with the increasing amount of data and the complex and variable user access context,the RBAC model is difficult to meet the fine-grained and flexible access control in big data environment.To solve this problem,an access control model for multi-source heterogeneous data in big data platform is proposed.The model dynamically determines role permissions based on attributes and builds a hierarchical structure based on data groups to achieve simple management of data attributes.The model is formally defined,and the implementation and workflow in Hadoop platform are described.The experimental results show that the performance overhead of the proposed scheme is relatively small.

    Shoulder-surfing resistant PIN-entry method
    Shudi CHEN,Youwen ZHU
    2019, 5(1):  87-93.  doi:10.11959/j.issn.2096-109x.2019010
    Asbtract ( 1045 )   HTML ( 14)   PDF (1020KB) ( 601 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Aiming at the problem that the traditional PIN entry method is vulnerable to shoulder-surfing attack,a secure PIN entry method against shoulder-surfing attack was proposed.The method changes the traditional input interface on the mobile device and uses the vibration channel of the device as the auxiliary channel to transmit the hidden information to the user.The user simply selects items to input PIN.The analysis shows that the proposed method can effectively resist shoulder-surfing attack.

Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
ISSN 2096-109X
CN 10-1366/TP
Total visitors:
Visitors of today:
Now online: