Current Issue

25 August 2013, Volume 34 Issue Z1

Previous Issue    Next Issue

Lightweight authentication protocol for RFID

2013, 34(Z1):  1-7. 

Asbtract ( 396 )   Knowledge map   

Related Articles | Metrics

Radio frequency identification (RFID) is a technique using radio frequency to object identification and access to relevant data in the open system enviroment with the limits of process, storage, power and so on. The traditional tag authentication protocols taking complicated algorithms into account can’t meet the demand. In view of the existing security and privacy problems of RFID , a lightweight authentication protocol for RFID named LAP was proposed. LAP is based on the generalized inverse matrix and only uses CRC checksum, some matrix and simple logic operations to satisfy the principles of balancing security, privacy and cost. The comparisons of security, privacy and performance with other authentication protocols show that LAP is feasible for RFID tags with requirements of low cost and resource-constrained.

Academic paper

Lightweight authentication protocol for RFID

Bing CHEN,Jia-qi ZHENG

2013, 34(Z1):  1-7.  doi:10.3969/j.issn.1000-436x.2013.z1.001

Asbtract ( 176 )   HTML ( 3)   PDF (1139KB) ( 317 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Radio frequency identification (RFID) is a technique using radio frequency to object identification and access to relevant data in the open system enviroment with the limits of process, storage, power and so on. The traditional tag authentication protocols taking complicated algorithms into account can't meet the demand. In view of the existing secu-rity and privacy problems of RFID , a lightweight authentication protocol for RFID named LAP was proposed. LAP is based on the generalized inverse matrix and only uses CRC checksum, some matrix and simple logic operations to satisfy the principles of balancing security, privacy and cost. The comparisons of security, privacy and performance with other authentication protocols show that LAP is feasible for RFID tags with requirements of low cost and resource-constrained.

Efficient fuzzy attribute-based signcryption scheme

2013, 34(Z1):  2-13. 

Asbtract ( 366 )   Knowledge map   

Related Articles | Metrics

Multi-user communication is the major model of present information exchange and to improve communication security and to solve the problem of communication efficiency is the key of present research. Attributed-based signcryption ensures the confidentiality and integrity of the information during communication and realizes the sending of information through one-step operation, thus improving the efficiency of signcryption. By using secret sharing model and bilinear pairs, an efficient fuzzy attribute-based signcryption scheme was presented, and based on DMBDH and CDH problem, the confidentiality and unforgeability of the scheme were proved. Meanwhile, it meets public verifiability and short ciphertext. Compared with other analysis, the amount of computation of signcryption and designcryption is only (n+3)e and ne+(n+4)p, far less than those of other similar schemes and this realizes the efficiency of computation.

Scheme of node identify authentication in distributed file interaction system

2013, 34(Z1):  3-20. 

Asbtract ( 379 )   Knowledge map   

Related Articles | Metrics

Under the mutual identity authentication, a scheme based on distributed cloud storage system was proposed, using symmetric encryption algorithm and hash function to realize bidirectional authentication process. Advantages of the novel project are to produce fair session key to both communications, and design the two different types of authentication: within the network and across a network authentication. Then the security of this scheme was analyzed. The scheme is more secure than the former ones and it can protect the privacy of users and non-repudiation, and has lower computational cost. Therefore, this scheme can meet the demand of cloud storage communication environments.

Model of runtime memory leak detection based on the virtual machine introspection

2013, 34(Z1):  4-30. 

Asbtract ( 449 )   Knowledge map   

Related Articles | Metrics

Virtualization technology has been widely used in the field of cloud computing and data center, and it is an important way to improve reliability of system under the virtual computing environment using runtime memory leak detecting to eliminate memory leaks. A model of runtime memory leak detection based on the virtual machine introspection and an approach to predication on memory leak were proposed. The prototype system of the model was designed and implemented. By analyzing and evaluating effectiveness and performance of the prototype system, the results show that these models and methods can effectively detect memory leaks, and have better performance.

Dynamic trust evaluation model based on evaluation credibility in cloud computing

2013, 34(Z1):  5-37. 

Asbtract ( 448 )   Knowledge map   

Related Articles | Metrics

Considering the problem that cloud users will select a trusted cloud service provider, a dynamic trust evaluation model based on evaluation credibility was proposed.This model divides the ability of cloud service provider and the one of the user’s requirments into many ranks, which can effectively solve the potential damage caused by the dynamic change in the ability of cloud service providers. A dynamic mechanism of trust changing about time-window was established. During the calculation of credibility, the user’s evaluation credibility was used as the trust weight. The calculating accuracy of the recommended behavior credibility was improved by introducing the evaluation credibility and evaluation similarity. Simulation results show that the model results are closer to the cloud service provider's actual trust value, and can resist the attack of malicious cloud users effectively.

Oblivious transfer based on physical unclonable function system

2013, 34(Z1):  6-43. 

Asbtract ( 412 )   Knowledge map   

Related Articles | Metrics

Oblivious transfer (OT) is a fundamental protocol in cryptography. According to the analysis of physical unclonable function, a physical unclonable function system framework was defined, and a novel oblivious transfer (POT, PUFS based OT) protocol was proposed based on this framework. Finally, a security analysis of this POT protocol in the universal composition framework was given in detail. Compared with the traditional public key encryption OT scheme, POT protocol does not use any computational assumptions but rather the secure property of PUFS, and thus this scheme needs less computation and communication cost.

Cooperative routing algorithm based on game theory

2013, 34(Z1):  7-57. 

Asbtract ( 379 )   Knowledge map   

Related Articles | Metrics

Cooperative virtual multiple-input multiple-output (VMIMO) transmission is an effective technique to improve the transmission performance of wireless network. By taking advantage of diversity gain of VMIMO, the cross-layer VMIMO routing design combining cooperative VMIMO technology of physical layer and routing scheme of network layer can reduce power consumption of wireless transmission significantly. A significant challenge is how to make the VMIMO routing protocol robust to selfish and cheating behavior of users while guaranteeing high delivery ratio and low energy consumption. In order to improve the routing performance of selfish wireless network, a VMIMO cooperative routing algorithm based on game theory was proposed. The network was divided into groups, and data was transmitted through VMIMO between groups. VMIMO routing among groups was modeled as a repeated routing game. To improve the data delivery ratio, a fit function was proposed to evaluate the nodes’ credit for participating in packet forwarding. Based on the fit function, a fit value based routing selection algorithm and a fit value based routing forward algorithm were proposed. The proposed repeated routing game can approach to pareto optimality. Simulation result shows that this algorithm is capable of promoting cooperation between selfish nodes, which results in high delivery ratio, low transmission delay and energy consumption.

Analysis and improvement for authentication protocols ofmobile ad hoc network with CSP approach

2013, 34(Z1):  8-66. 

Asbtract ( 383 )   Knowledge map   

Related Articles | Metrics

Authentication protocols are often adopted to reduce the security threats in mobile ad hoc network(MANET). However, a vulnerable protocol might bring more serious threats to MANET. As a result, formal verifications of security protocols become more important. An approach based on the communicating sequential process (CSP) and Model Checking tool FDR was proposed to model and verify a typical authentication protocol of MANET, callced TAM. First, the communication behaviors of all participants in TAM and its security (authentication and confidentiality) specifications were formally modeled using CSP. Second, based on these models, the participants’ behaviors were verified by FDR and the verification result indicates that the original TAM could not guarantee authentication and confidentiality. Finally, an improvement was proposed and the experiment result shows that the improved TAM satisfies security goals and increases an acceptable consumption in the case of a reasonable size of clusters compared with the original TAM.

Academic paper

Efficient fuzzy attribute-based signcryption scheme

Xiao-yuan YANG,Zhi-qiang LIN,Yi-liang HAN

2013, 34(Z1):  8-13.  doi:10.3969/j.issn.1000-436x.2013.z1.002

Asbtract ( 145 )   HTML ( 3)   PDF (1346KB) ( 354 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Multi-user communication is the major model of present information exchange and to improve communication security and to solve the problem of communication efficiency is the key of present research. Attributed-based signcryp-tion ensures the confidentiality and integrity of the information during communication and realizes the sending of infor-mation through one-step operation, thus improving the efficiency of signcryption. By using secret sharing model and bi-linear pairs, an efficient fuzzy attribute-based signcryption scheme was presented, and based on DMBDH and CDH prob-lem, the confidentiality and unforgeability of the scheme were proved. Meanwhile, it meets public verifiability and short ciphertext. Compared with other analysis, the amount of computation of signcryption and designcryption is only (n+3)e and ne+(n+4)p, far less than those of other similar schemes and this realizes the efficiency of computation.

Data distribution strategy based on the X-RDP array codes

2013, 34(Z1):  9-75. 

Asbtract ( 398 )   Knowledge map   

Related Articles | Metrics

A data distribution strategy based on the X-RDP code was presented for correcting triple storage failures, which is an extension of the double-erasure-correcting RDP code. A theoretical proof that the X-RDP code is an MDS code was given by using algebraic definition. The encoding and decoding procedures were described by geometrical line graphs, which were easily implemented by soft hardware. The theoretical analysis shows that the comprehensive properties of the X-RDP codeis better than other popular MDS codes in encoding and decoding efficiency, small writes and balance performance, thus the X-RDP code is practically meaningful for storage systems.

Power analysis-resistant based on NCL path balance

2013, 34(Z1):  10-83. 

Asbtract ( 304 )   Knowledge map   

Related Articles | Metrics

Because of the insufficient research on the essence and the design technique of the path balance structure, the experience of the designer is severely relied on, so it can’t be applied in kinds of automatization synthesis techniques. To solve this problem, the formal specification and the sufficient conditions of the implementation for the path balance structure were researched, and the proof was given. Based on the improvement of the binary decision diagram, a path balance extension technique of the null convention logic (NCL) asynchronous circuit was put forward, which could be applied in kinds of automatization synthesis techniques. By applying this technique, the path balance structure of the NCL asynchronous circuit could be implemented on the premise that the characteristics of the orientated circuit would be unchangeable, and the leakage of the side-channel information aroused by the differences of the parasitic capacitor and the load capacitor could also be resisted.

Microblog burst topic diffusion prediction algorithmbased on the users and node scale

2013, 34(Z1):  11-91. 

Asbtract ( 570 )   Knowledge map   

Related Articles | Metrics

The main purpose of burst topic diffusion modeling and prediction is to control the subsequent large-scale dissemination of emergency incidents with adverse effect. Currently microblog topic diffusion and prediction is still in its infancy. The viral infection model, the message propagation model and topic propagation model were deeply studied and a topic diffusion model was proposed based on fans relationship, user activity and influence. By partitioning microblog users into infected users, tangible user and immune user, the relationship between infected and tangible user was analyzed to predict the scale of users which were infected in next time window. Following "internal and external field strength" concept in topic diffusion model, the proportional relationship between them was studied. Based on the scale of the user, topic diffusion prediction algorithms were proposed based on user and node scale respectively. Experiments show that the former can predict diffusion more accurately but with bad time complexity, and the latter node is more suitable for processing large data sets.

Secure hidden keyword searchable encryption schemewith fine-grained and flexible access control

2013, 34(Z1):  12-100. 

Asbtract ( 434 )   Knowledge map   

Related Articles | Metrics

Existing searchable encryption schemes have difficulties in key management for multiple users and could not provide fine-grained access control mechanism. Aiming at solving these problems, a hidden keyword searchable encryption scheme with fine-grained access control was proposed utilizing CP-ABE (ciphertext-policy attribute based encryption) algorithm. Data owners allocate specific and flexible access policy on their data that is stored on a third-party data server. Only those users that has attributes satisfing the access policy are authorized to search encrypted data and decrypt returned results. Moreover, the suggested system has the function to add and revoke user. Security analysis shows that the scheme could not only prevent the leakage of private data but also hide the information of keywords. It deters a third-party storage provider from intercepting users’ sensitive information when a search function is provided. The efficiency analysis shows that the efficiency of retrieval keeps no more than tens of microsecond and this scheme is suitable for large scale system.

Blind signature scheme based on trusted platform computation module

2013, 34(Z1):  13-105. 

Asbtract ( 483 )   Knowledge map   

Related Articles | Metrics

For the key leak problem in identity-based blind signature, a blind signature scheme based on the trusted platform control module (TPCM) was presented. The message which will be signed is unknown to the signer, and the information of the signature cannot be tracked. In the blind signature scheme, the secret share distribution center and the TPCM cooperate to generate the user's signature key, and the user's private key is not alone to be produced. So it solves the key escrow problem, and can also be effective to prevent disclosure of the user's key and protect the user's anonymity and the no track of the signature. Finally random oracle was used to prove the security of the scheme. Compared with the traditional scheme, the proposed scheme has better computational efficiency.

Android malware detection method based onpermission sequential pattern mining algorithm

2013, 34(Z1):  14-115. 

Asbtract ( 514 )   Knowledge map   

Related Articles | Metrics

The permissions requested by Android applications reflect the behavior sequence of the application. While a generation of malicious behavior usually requires the cooperation of multiple permissions, so mining the association between permissions can effectively detect unknown malicious applications. Most researchers concerned the statistical properties of a single permission, and there was little researchers studying the statistical properties of the association between permissions. In order to detect unknown Android malwares, an Android malware detection method based on permission sequential pattern mining algorithm was proposed. The proposed method design a permission sequential pattern mining algorithm PApriori to dig out permissions association. PApriori algorithm could discover permission sequential pattern from 49 malware families and build the permissions association dataset to detect malware. The experiment results prove that it performs better than other related work in efficiency and accuracy.

Academic paper

Scheme of node identify authentication in distributed file interaction system

Wen-cai HE,Min DU,Zhi-wei CHEN,Pei-he LIU,Yan-yan HAN

2013, 34(Z1):  14-20.  doi:10.3969/j.issn.1000-436x.2013.z1.003

Asbtract ( 227 )   HTML ( 2)   PDF (1161KB) ( 652 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Under the mutual identity authentication, a scheme based on distributed cloud storage system was proposed, using symmetric encryption algorithm and hash function to realize bidirectional authentication process. Advantages of the novel project are to produce fair session key to both communications, and design the two different types of authentication:within the network and across a network authentication. Then the security of this scheme was analyzed. The scheme is more secure than the former ones and it can protect the privacy of users and non-repudiation, and has lower computa-tional cost. Therefore, this scheme can meet the demand of cloud storage communication environments.

SIM: a secure IP protocol for MANET

2013, 34(Z1):  15-125. 

Asbtract ( 312 )   Knowledge map   

Related Articles | Metrics

According to the core logic of IP Sec, a secure IP protocol was proposed for Mobile Ad Hoc network. Security deal to the packets in and out of the network protocol stack was done by adding a transparent secure layer between transport-layer and link-layer. By simplifying the complex security association to simple security association, SIM reduces the cost of initial IP protocol while keeping security. At last a prototype of the proposed protocol was also implemented.

Risk assessment model based on fuzzy Petri nets

2013, 34(Z1):  16-132. 

Asbtract ( 574 )   Knowledge map   

Related Articles | Metrics

Aiming at the complex in the process of network security risk assessment, the asset, vulnerability and threat were used as the major factors in security assessment to establish the hierarchical index system for security assessment. The concept of credibility was introduced, and the security risk assessment model and fuzzy reasoning algorithm based on fuzzy Petri net were also proposed, making use of fuzzy Petri nets method joined together with the AHP to analyze the question, and combining qualitative analysis and quantitative analysis together. The example analysis shows that the obtained results are more accurate and scientific compared with traditional assessment methods. Therefore, this method is an effective network system risk assessment method.

Enhanced-throughput multipath routing algorithmbased on network coding in IoVs

2013, 34(Z1):  17-141. 

Asbtract ( 482 )   Knowledge map   

Related Articles | Metrics

In Internet of Vehicles (IoVs), the frequent interruptions of wireless links between the vehicles cause data retransmission, which makes the whole vehicle network performance fall sharply. Hence, a multipath routing algorithm was proposed for enhancing throughput. The core of the algorithm is to make the vehicle clustering algorithm support network coding, which can achieve the purpose of recovery of disorder and lost packets. Firstly, a collaborative coding communication model was established to achieve mutual cooperative multi-path transmission between vehicle nodes in the same cluster. Secondly, network linear coding was adopted to encode the transmitted data of source vehicle nodes and intermediate vehicle nodes. Finally, destination nodes decode the received data. The performances of the scheme were evaluated by QualNet software. Simulation results show that the algorithm could effectively improve the throughput of multi-path routing in IoVs.

Dynamic situation gateway based systemcooperation access gatel model

2013, 34(Z1):  18-147. 

Asbtract ( 372 )   Knowledge map   

Related Articles | Metrics

In order to adapt the centralized access control between the application system subject and object in the environment of network configurations, a dynamic situation based system cooperation access gatel model — DSGAC was proposed. To begin with, the constitution of dynamic situational factors of access controls in the application systems of network configurations was analyzed, defining the factor of situation from muti-perspective. Furthermore, the concept of dynamic situational finite state machine was provided and a system cooperation access gatel model supporting calculations and rules of the situation was presented under the constraint of dynamic situations. Finally, the real case application shows the feasibility and validation of the DSGAC model between the application systems. Additionally, the relative innovativeness between DSGAC model and existing access control models was summerized.

Attribute based sanitizable signature scheme

2013, 34(Z1):  19-155. 

Asbtract ( 434 )   Knowledge map   

Related Articles | Metrics

Sensitive information in the document needs to be hidden in cloud computing environment, and attribute based sanitizable signature (ABSS) scheme was proposed to solve this problem. The ABSS scheme brings the character of sanitizable into ABS in order to hide sensitive information, ensure signer’s anonymity and achieve fine-grained access control. Under the CDH assumption, the ABSS scheme constructed was proved to be unforged in the standard model. Compared with existing schemes, the proposed ABSS scheme is more appropriate for cloud computing environment.

Simple power analysis attack against cryptosystemsbased on Montgomery algorithm

2013, 34(Z1):  20-161. 

Asbtract ( 372 )   Knowledge map   

Related Articles | Metrics

The Montgomery algorithm is widely used to reduce the computational complexity of large integer modular exponentiation. The SPA (simple power analysis) attacks against public-key cryptosystems based on Montgomery algorithm implementation were presented by exploitation of the inherent security vulnerability which that sensitive information leakage could be used by side-channel attack. The chosen-message SPA attacks were focused on, which enhance the differences of operating wave-forms between multiplication and squaring correlated to the secret key by using the input of particular messages. In particular, a SPA attack against RSA cryptosystem was showed based on large integer modular exponentiation. The results show that the attack algorithm is correct and effective.

UWSP: sleeping algorithms for underwater sensor network

2013, 34(Z1):  21-169. 

Asbtract ( 364 )   Knowledge map   

Related Articles | Metrics

Sleeping scheme is one of the key means of saving energy for wireless sensor network. However, existing MAC protocols for underwater sensor network (UWSN) mainly focus on maximizing throughput but ignore sleeping schemes. Moreover, in existing sleeping schemes nodes wake up rapidly, which will loss the life of hardware, waste energy to open/close circuits, and increase collision probability. So, a tree topology based sleeping algorithm for UWSN was proposed, which utilizes the special characteristics of underwater acoustic channel. This algorithm could reduce wakeup frequency, prolong sleeping time and keep the end to end delay from being affected by sleeping time. This algorithm has no collision and no channel reservation and its usability and capability have been verified by simulation methods.

Academic paper

Model of runtime memory leak detection based on the virtual machine introspection

Ru-liang XIAO,Jun JIANG,You-cong NI,Xin DU,Guo-qing XIE,Sheng-zhen CAI

2013, 34(Z1):  21-30.  doi:10.3969/j.issn.1000-436x.2013.z1.004

Asbtract ( 202 )   HTML ( 1)   PDF (994KB) ( 512 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Virtualization technology has been widely used in the field of cloud computing and data center, and it is an important way to improve reliability of system under the virtual computing environment using runtime memory leak de-tecting to eliminate memory leaks. A model of runtime memory leak detection based on the virtual machine introspection and an approach to predication on memory leak were proposed. The prototype system of the model was designed and im-plemented. By analyzing and evaluating effectiveness and performance of the prototype system, the results show that these models and methods can effectively detect memory leaks, and have better performance.

Development of dependable embeddedcomputer systems

2013, 34(Z1):  22-175. 

Asbtract ( 366 )   Knowledge map   

Related Articles | Metrics

The technical features and implement methods of dependable embedded computers were concluded and analyzed, of which the evolution was systemically described. The development process was depicted by four phases, the basic reliability, the system availability, the system integrity and the system dependability. Based on the trend of dependable technology, the dependable computer architecture was proposed with three dimensions, integrity level, fault-tolerant scope and redundancy scope, in order to emphasize the key technologies in the safety critical domain.

Research on relay related handover security in LTE-A

2013, 34(Z1):  23-181. 

Asbtract ( 401 )   Knowledge map   

Related Articles | Metrics

As one of the key technologies in LTE-A, relay can both optimize coverage of the network and increase the system capacity. However, the introducing of relay also brings many security challenges to the system. The security issues in relay related handover processes were mainly analyzed, and then the corresponding solutions were proposed for security handling. With those solutions, mobile users in the network can communicate effectively after the handover process. The designed process was also analyzed by using Petri network model. Finally, the handover security of mobile relay was discussed.

Period dividing opportunistic networks mobility model based on human realistic scenarios

2013, 34(Z1):  24-189. 

Asbtract ( 609 )   Knowledge map   

Related Articles | Metrics

Existing mobility models are unable to effectively reflect the behavioral trait of nodes during movement, so the period dividing opportunistic network mobility model based on human realistic scenarios was proposed, by setting up a node daily mobility model and dividing node mobility submodels according to time segment. The features of node activities based on the realistic human scenario and the opportunistic network mobility model were analyzed, including the node average detention time, the number of nodes in a community during different time interval and the changing frequency of destinations etc. And a contrast has been made between the collected realistic mobility data and data from other mobility models in the way of simulation. The results of simulation show that with respect to node meeting time interval etc., the performances of the model are closer to the activity features in realistic scenarios than other node mobility models.

Privacy leakage in online social networks based on public information

2013, 34(Z1):  25-196. 

Asbtract ( 424 )   Knowledge map   

Related Articles | Metrics

An algorithm was proposed to predict privacy information in social network with public information. This algorithm detected communities in the friend relationship network and inferred privacy information using public information of some friends. The results show that users’ privacy information can be estimated with high accuracy when given only a little public information.

Active-probing based distributed malware master detection system

2013, 34(Z1):  26-206. 

Asbtract ( 540 )   Knowledge map   

Related Articles | Metrics

Nowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was proposed based on botnet controller’s communication protocol fingerprint. Botnet samples including client and server were analyzed and the command and control protocol of the botnet were collected. The communication protocol fingerprint was also extracted from controller’s response message and the host on the Internet was scanned with the communication protocol fingerprint. Active Spear active probing system was designed and implemented based on the approach. The system employs distributed architecture and IP used in the scanning is dynamic. The system supports to scan many botnets owning different types of protocols as their command and control protocols. The functional verification in the testing environment proves the effectiveness of the approach and the evaluation to scanning efficiency in the real network environment shows the ability that the system can finish task of scanning a large scale of IP section in an acceptable time.

On access to trusted virtual group under cloud computing

2013, 34(Z1):  27-215. 

Asbtract ( 397 )   Knowledge map   

Related Articles | Metrics

There is no appropriate internal isolation mechanism for important production information system based on cloud computing. Here the main access control technologies were compared thoroughly and then two-layer key management scheme was put forward. In terms of the first layer, access control polynomial based on one-way hash function was constructed to achieve the separation of information flow between subgroups, that is, the information isolation within any department of a company was accomplished. Based on the first layer, a hierarchical key management was presented for different subgroups so as to realize the access control between different departments of a company. Then the security and complexity were analyzed. Finally, through the example and simulation experiment, the access control model based on two-layer key management scheme was verified.

Research on intelligent optimization of cryptogram service scheduling for service composition

2013, 34(Z1):  28-222. 

Asbtract ( 335 )   Knowledge map   

Related Articles | Metrics

To improve the quality of cryptogram service, the cryptogram service architecture for service composition was proposed. And a hybrid discrete shuffled frog-leaping algorithm was proposed to solve cryptogram service scheduling problem. It uses the basic framework of the traditional frog-leaping algorithm and designs the encoding and decoding according. The corresponding individual vector updating method was re-designed. To improve search accuracy, the proposed algorithm was improved with six neighborhoods to optimize the best frog of the group and combined with variable neighborhood search algorithm. The proposed algorithm was tested on a set of standard instances and simulation experiments. The results show the effectiveness of the algorithms, and an optimal path to fulfill the users' request have been formed. It is suitable for the real life environment.

Fine-grained description model and implementation of hypermedia document

2013, 34(Z1):  29-229. 

Asbtract ( 438 )   Knowledge map   

Related Articles | Metrics

According to the tendency of development for digital media convergence and management of massive data, a fine-grained hypermedia document description model and its implementation were proposed, basing the analysis of the relationship between the related multidimensional digital media. The method for access control was given, as well as its XML description grammar system. The model could satisfy the demands of convenient and effective management.

Survey of the context-aware location privacy-preserving techniques

2013, 34(Z1):  30-234. 

Asbtract ( 448 )   Knowledge map   

Related Articles | Metrics

With the advances in wireless communication technology and smart mobile devices, location-based services (LBS) providing personalized services based on users’ location information, have been widely applied in many areas. However, direct publishing locations may present serious threats to individuals’ privacy. Firstly, the general concepts and essential features of context-aware location privacy-preserving techniques were briefly introduced. Secondly, a survey of existing work, including the degrees of privacy preservation, QoS (quality-of-service), system architecture and adaptability of context-awareness, mainly analyzes and summarizes the state-of-art location privacy preserving strategies and models. Finally, after reviewing the main progresses of context-aware privacy preserving techniques in recent years, the present problems and development trend of the area were discussed.

Provable security EPC information service communication scheme for EPC network

2013, 34(Z1):  31-239. 

Asbtract ( 336 )   Knowledge map   

Related Articles | Metrics

To resolve the security drawbacks of EPC information services, a provable security EPC information service communication scheme—ESCM was designed. By using some cryptographic mechanisms such as the digital signature and the message authentication code, the ESCM could implement mutual authentication and session key agreement between the EPC Information service servers and querying application belonging to a different trust domain. Security analysis shows that the session key agreement of ESCM is provably secure in the Canetti-Krawczyk model. Furthermore, the ESCM has efficient computation and communication cost.

Academic paper

Dynamic trust evaluation model based on evaluation credibility in cloud computing

Lin ZHANG,Kai-li RAO,Ru-chuan WANG

2013, 34(Z1):  31-37.  doi:10.3969/j.issn.1000-436x.2013.z1.005

Asbtract ( 246 )   HTML ( 9)   PDF (1528KB) ( 323 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Considering the problem that cloud users will select a trusted cloud service provider, a dynamic trust evalua-tion model based on evaluation credibility was proposed.This model divides the ability of cloud service provider and the one of the user's requirments into many ranks, which can effectively solve the potential damage caused by the dynamic change in the ability of cloud service providers. A dynamic mechanism of trust changing about time-window was estab-lished. During the calculation of credibility, the user's evaluation credibility was used as the trust weight. The calculating accuracy of the recommended behavior credibility was improved by introducing the evaluation credibility and evaluation similarity. Simulation results show that the model results are closer to the cloud service provider's actual trust value, and can resist the attack of malicious cloud users effectively.

Attack-defense game model of node traces privacy preserving for vehicle ad hoc networks

2013, 34(Z1):  32-245. 

Asbtract ( 401 )   Knowledge map   

Related Articles | Metrics

The vulnerability of published vehicle traces is a focus issue for vehicle ad hoc network. Aiming at the privacy of published traces with a game-theoretic model under the scene of the active attacks and defense actions were modeled, and the attack and defense games were analyzed. Also ability of an adversary and the goal that a defender wants to achieve by the information entropy were quantified. By the analysis of true traces, the Nash equilibrium point under the game of complete information and an optimal defense strategy providing the user with the best privacy level for each attack strategy were presented.

Secure resource metering and accounting with hash chain in cloud storage

2013, 34(Z1):  33-255. 

Asbtract ( 413 )   Knowledge map   

Related Articles | Metrics

Cloud storage is a pay-per-use service of which the billing plan is typically based on users’ resource consumption metered by server side. Therefore, the trustworthiness between payer and service provider becomes a key factor for the business, and triggers security concerns. On the one hand, service providers or insiders may inflate the amount of resource consumed to get more service charge. On the other hand, payers may deny the resource consumption to pay less. Thus, a resource metering and accounting scheme based on hash chain was proposed. It generated verifiable proof for different types of resources. For most resources, proof can be generated based on total amount of resource incurred. However, similar scheme cannot be applied to storage space usage, since it fluctuates and the billing relies on not only the utilized storage space but also the storage duration. The proposed storage usage metering scheme considers time factor together with storage space, and generates proof according to the diverse storage billing plans. It improves previous schemes, and achieves the goal of verifiable metering and accounting.

Microblog hot topic detection method based on meaningful string clustering

2013, 34(Z1):  34-262. 

Asbtract ( 471 )   Knowledge map   

Related Articles | Metrics

Aiming at the properties of sparse feature, content fragmentation for microblog data, a hot topic detection method was proposed based on meaningful string clustering. The multiple strategies including repeated string detection, context analysis and language rule filtering were combined to extract meaningful strings. Candidate topics were generated by clustering with distribution of meaningful strings in documents. The hot topics were detected according to hotness sorting for candidate topics. As is shown from the experiment results on microblog data, the method achieves good effect in solving the problem of data sparseness. It is effective and feasible to hot topic detection for microblog.

Fast access authentication scheme for mobile IPv6 hierarchical network

2013, 34(Z1):  35-267. 

Asbtract ( 376 )   Knowledge map   

Related Articles | Metrics

A fast access authentication scheme for mobile IPv6 hierarchical network was proposed, which improves the performance of access authentication of mobile IPv6 hierarchical network from two aspects, efficiency and security. Firstly, the scheme used the vector network address coding method to improve the home registration performance. Secondly, a hierarchical lattice-based signature scheme was designed to implement the two-way authentication and improve the security of the authentication process. The analysis of the scheme shows that it is strongly unforgeable, and meanwhile it can defend replay attacks and reduce the delay time of the entire authentication process.

Routing algorithm based on location optimization of sink node in hybrid wireless sensor networks

2013, 34(Z1):  36-275. 

Asbtract ( 428 )   Knowledge map   

Related Articles | Metrics

The data acquisition nodes in hybrid wireless sensor network usually suffer high energy consumption of data transmission and high ratio of packet loss. This issue is closely related to the position of data aggregation nodes (sink nodes) and can be improved by optimizing the location of these nodes. It was adopted in the routing algorithm based on location optimization of mobile sink nodes (MLOYIH). In MLOYIH, ant colony algorithm was used to divide the mobile nodes and static nodes into groups and then the suitable positions of the aggregation nodes were determined within each group. Then the suitable networking routing was established according to the power supply of sensor nodes. Simulation shows that MLOYIH algorithm has a lower energy consumption with a reduction of 64% compared with the traditional algorithms, and the ratio of packet loss is less than 3%.

Enhanced cloud storage access control scheme based on attribute

2013, 34(Z1):  37-284. 

Asbtract ( 442 )   Knowledge map   

Related Articles | Metrics

In order to ensure the security of data and privacy in cloud storage, an enhanced cloud storage access control solution based on attribute was proposed. By designing a common set of attributes, attribute-based encryption(ABE) was integrated into XACML (eXtensible access control markup language) framework and the goal to ensure the confidentiality of sensitive data and to provide fine-grained access control was achieved. Considering the efficiency of ABE is very low when it is used to a large amount of data, symmetric cryptography was used to ensure the confidentiality of the vast amounts of sensitive data while ABE was used to protect the small number of symmetric keys. Experiments show that the scheme can ensure the confidentiality of the data and privacy and its performance is superior to other similar systems.

SYN flood attack defense strategy for asymmetric routing

2013, 34(Z1):  38-291. 

Asbtract ( 436 )   Knowledge map   

Related Articles | Metrics

In order to resolve the problem that existing network security facilities can’t defend against large-scale SYN flood attack under asymmetric routing environment, attack detection technology and connection management strategy were researched, and a defense architecture combining a light-weight detection method with a hierarchical connection management strategy was presented. The detection method uses SYN packet rate and destination IP address entropy, and the hierarchical connection management strategy consists of a method based on SYN packet and a method based on data packet. The experimental results show that this proposed method can mitigate the influence brought by SYN flood attack.

Academic paper

Oblivious transfer based on physical unclonable function system

Yuan-bo GUO,Zi-nan ZHANG,Kui-wu YANG

2013, 34(Z1):  38-43.  doi:10.3969/j.issn.1000-436x.2013.z1.006

Asbtract ( 348 )   HTML ( 6)   PDF (917KB) ( 714 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Oblivious transfer (OT) is a fundamental protocol in cryptography. According to the analysis of physical un-clonable function, a physical unclonable function system framework was defined, and a novel oblivious transfer (POT, PUFS based OT) protocol was proposed based on this framework. Finally, a security analysis of this POT protocol in the universal composition framework was given in detail. Compared with the traditional public key encryption OT scheme, POT protocol does not use any computational assumptions but rather the secure property of PUFS, and thus this scheme needs less computation and communication cost.

RFID-sensor based multi-reader cooperation mechanism information collecting protocol in IOT

2013, 34(Z1):  39-302. 

Asbtract ( 419 )   Knowledge map   

Related Articles | Metrics

In order to collect the information of sensor nodes in multi-reader environment, the MRCIC information collection protocol was proposed. MRCIC information collection protocol uses the previous time slot position to assign the slot position where tags replied, and save the execution time of identifying the interrogated tags efficiently. Because of reader collisions problem, the intersecting regions tags couldn’t be detected. Hence, in order to detecting them, MRCIC adopts the method that readers which did not have intersecting regions transmit interrogation information simultaneously and other readers sleep, to collect the intersecting regions tags’ information. It improves the accuracy of information collection. Theoretical analysis and experimental results show that MRCIC gets shorter delay than AMDCU、ALOHA、BT and PIC, and it can reach the significantly accuracy rate.

Academic paper

Cooperative routing algorithm based on game theory

Kun XIE,Shen-lin DUAN,Ji-gang WEN,Shi-ming HE

2013, 34(Z1):  44-57.  doi:10.3969/j.issn.1000-436x.2013.z1.007

Asbtract ( 265 )   HTML ( 1)   PDF (1107KB) ( 372 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Cooperative virtual multiple-input multiple-output (VMIMO) transmission is an effective technique to im-prove the transmission performance of wireless network. By taking advantage of diversity gain of VMIMO, the cross-layer VMIMO routing design combining cooperative VMIMO technology of physical layer and routing scheme of network layer can reduce power consumption of wireless transmission significantly. A significant challenge is how to make the VMIMO routing protocol robust to selfish and cheating behavior of users while guaranteeing high delivery ratio and low energy consumption. In order to improve the routing performance of selfish wireless network, a VMIMO coop-erative routing algorithm based on game theory was proposed. The network was divided into groups, and data was trans-mitted through VMIMO between groups. VMIMO routing among groups was modeled as a repeated routing game. To improve the data delivery ratio, a fit function was proposed to evaluate the nodes' credit for participating in packet for-warding. Based on the fit function, a fit value based routing selection algorithm and a fit value based routing forward al-gorithm were proposed. The proposed repeated routing game can approach to pareto optimality. Simulation result shows that this algorithm is capable of promoting cooperation between selfish nodes, which results in high delivery ratio, low transmission delay and energy consumption.

Analysis and improvement for authentication protocols of mobile ad hoc network with CSP approach

Li-cai LIU,Li-hua YIN,Yun-chuan GUO,Yan SUN

2013, 34(Z1):  58-66.  doi:10.3969/j.issn.1000-436x.2013.z1.008

Asbtract ( 330 )   HTML ( 1)   PDF (1429KB) ( 380 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Authentication protocols are often adopted to reduce the security threats in mobile ad hoc network(MANET). However, a vulnerable protocol might bring more serious threats to MANET. As a result, formal verifications of security protocols become more important. An approach based on the communicating sequential process (CSP) and Model Checking tool FDR was proposed to model and verify a typical authentication protocol of MANET, callced TAM. First, the communication behaviors of all participants in TAM and its security (authentication and confidentiality) specifications were formally modeled using CSP. Second, based on these models, the participants' behaviors were verified by FDR and the verification result indicates that the original TAM could not guarantee authentication and confidentiality. Finally, an improvement was proposed and the experiment result shows that the improved TAM satisfies security goals and increases an acceptable consumption in the case of a reasonable size of clusters compared with the original TAM.

Data distribution strategy based on the X-RDP array codes

Wu-nan WAN,Wang SUO,Yun CHEN,Tuo WANG

2013, 34(Z1):  67-75.  doi:10.3969/j.issn.1000-436x.2013.z1.009

Asbtract ( 270 )   HTML ( 3)   PDF (1427KB) ( 618 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

A data distribution strategy based on the X-RDP code was presented for correcting triple storage failures, which is an extension of the double-erasure-correcting RDP code. A theoretical proof that the X-RDP code is an MDS code was given by using algebraic definition. The encoding and decoding procedures were described by geometrical line graphs, which were easily implemented by soft hardware. The theoretical analysis shows that the comprehensive proper-ties of the X-RDP codeis better than other popular MDS codes in encoding and decoding efficiency, small writes and bal-ance performance, thus the X-RDP code is practically meaningful for storage systems.

Power analysis-resistant based on NCL path balance

Fang LUO,Qing-yu OU,Xiao-ping WU

2013, 34(Z1):  76-83.  doi:10.3969/j.issn.1000-436x.2013.z1.010

Asbtract ( 238 )   HTML ( 0)   PDF (2143KB) ( 482 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Because of the insufficient research on the essence and the design technique of the path balance structure, the experience of the designer is severely relied on, so it can't be applied in kinds of automatization synthesis techniques. To solve this problem, the formal specification and the sufficient conditions of the implementation for the path balance structure were researched, and the proof was given. Based on the improvement of the binary decision diagram, a path balance extension technique of the null convention logic (NCL) asynchronous circuit was put forward, which could be applied in kinds of automatization synthesis techniques. By applying this technique, the path balance structure of the NCL asynchronous circuit could be implemented on the premise that the characteristics of the orientated circuit would be un-changeable, and the leakage of the side-channel information aroused by the differences of the parasitic capacitor and the load capacitor could also be resisted.

Microblog burst topic diffusion prediction algorithm based on the users and node scale

Wei WANG,Rui-guang LI,Yuan ZHOU,Wu YANG

2013, 34(Z1):  84-91.  doi:10.3969/j.issn.1000-436x.2013.z1.011

Asbtract ( 325 )   HTML ( 8)   PDF (660KB) ( 767 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The main purpose of burst topic diffusion modeling and prediction is to control the subsequent large-scale dis-semination of emergency incidents with adverse effect. Currently microblog topic diffusion and prediction is still in its infancy. The viral infection model, the message propagation model and topic propagation model were deeply studied and a topic diffusion model was proposed based on fans relationship, user activity and influence. By partitioning microblog users into infected users, tangible user and immune user, the relationship between infected and tangible user was analyzed to predict the scale of users which were infected in next time window. Following ＂internal and external field strength＂concept in topic diffusion model, the proportional relationship between them was studied. Based on the scale of the user, topic diffusion prediction algorithms were proposed based on user and node scale respectively. Experiments show that the former can predict diffusion more accurately but with bad time complexity, and the latter node is more suitable for proc-essing large data sets.

Secure hidden keyword searchable encryption schemewith fine-grained and flexible access control

Yang YANG,Bo-gang LIN,Mao-de MA

2013, 34(Z1):  92-100.  doi:10.3969/j.issn.1000-436x.2013.z1.012

Asbtract ( 396 )   HTML ( 15)   PDF (1679KB) ( 682 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Existing searchable encryption schemes have difficulties in key management for multiple users and could not provide fine-grained access control mechanism. Aiming at solving these problems, a hidden keyword searchable encryp-tion scheme with fine-grained access control was proposed utilizing CP-ABE (ciphertext-policy attribute based encryp-tion) algorithm. Data owners allocate specific and flexible access policy on their data that is stored on a third-party data server. Only those users that has attributes satisfing the access policy are authorized to search encrypted data and decrypt returned results. Moreover, the suggested system has the function to add and revoke user. Security analysis shows that the scheme could not only prevent the leakage of private data but also hide the information of keywords. It deters a third-party storage provider from intercepting users' sensitive information when a search function is provided. The effi-ciency analysis shows that the efficiency of retrieval keeps no more than tens of microsecond and this scheme is suitable for large scale system.

Blind signature scheme based on trusted platform computation module

Wen-ting HUANG,Ling-ling TONG,Yong-jian WANG

2013, 34(Z1):  101-105.  doi:10.3969/j.issn.1000-436x.2013.z1.013

Asbtract ( 320 )   HTML ( 2)   PDF (783KB) ( 423 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

For the key leak problem in identity-based blind signature, a blind signature scheme based on the trusted plat-form control module (TPCM) was presented. The message which will be signed is unknown to the signer, and the infor-mation of the signature cannot be tracked. In the blind signature scheme, the secret share distribution center and the TPCM cooperate to generate the user's signature key, and the user's private key is not alone to be produced. So it solves the key escrow problem, and can also be effective to prevent disclosure of the user's key and protect the user's anonymity and the no track of the signature. Finally random oracle was used to prove the security of the scheme. Compared with the traditional scheme, the proposed scheme has better computational efficiency.

Android malware detection method based on permission sequential pattern mining algorithm

Huan YANG,Yu-qing ZHANG,Yu-pu HU,Qi-xu LIU

2013, 34(Z1):  106-115.  doi:10.3969/j.issn.1000-436x.2013.z1.014

Asbtract ( 398 )   HTML ( 5)   PDF (590KB) ( 1106 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The permissions requested by Android applications reflect the behavior sequence of the application. While a generation of malicious behavior usually requires the cooperation of multiple permissions, so mining the association be-tween permissions can effectively detect unknown malicious applications. Most researchers concerned the statistical properties of a single permission, and there was little researchers studying the statistical properties of the association be-tween permissions. In order to detect unknown Android malwares, an Android malware detection method based on per-mission sequential pattern mining algorithm was proposed. The proposed method design a permission sequential pattern mining algorithm PApriori to dig out permissions association. PApriori algorithm could discover permission sequential pattern from 49 malware families and build the permissions association dataset to detect malware. The experiment results prove that it performs better than other related work in efficiency and accuracy.

SIM: a secure IP protocol for MANET

Rong-sen LI,Wen-hua DOU

2013, 34(Z1):  116-125.  doi:10.3969/j.issn.1000-436x.2013.z1.015

Asbtract ( 277 )   HTML ( 5)   PDF (1182KB) ( 399 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

According to the core logic of IP Sec, a secure IP protocol was proposed for Mobile Ad Hoc network. Security deal to the packets in and out of the network protocol stack was done by adding a transparent secure layer between trans-port-layer and link-layer. By simplifying the complex security association to simple security association, SIM reduces the cost of initial IP protocol while keeping security. At last a prototype of the proposed protocol was also implemented.

Risk assessment model based on fuzzy Petri nets

Xiang GAO,Yue-fei ZHU,Sheng-li LIU,Jin-long FEI,Long LIU

2013, 34(Z1):  126-132.  doi:10.3969/j.issn.1000-436x.2013.z1.016

Asbtract ( 465 )   HTML ( 15)   PDF (1005KB) ( 804 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Aiming at the complex in the process of network security risk assessment, the asset, vulnerability and threat were used as the major factors in security assessment to establish the hierarchical index system for security assessment. The concept of credibility was introduced, and the security risk assessment model and fuzzy reasoning algorithm based on fuzzy Petri net were also proposed, making use of fuzzy Petri nets method joined together with the AHP to analyze the question, and combining qualitative analysis and quantitative analysis together. The example analysis shows that the ob-tained results are more accurate and scientific compared with traditional assessment methods. Therefore, this method is an effective network system risk assessment method.

Enhanced-throughput multipath routing algorithm based on network coding in IoVs

Cun-qun FAN,Shang-guang WANG,Wen-zhe GU,Qi-bo SUN,Fang-chun YANG

2013, 34(Z1):  133-141.  doi:10.3969/j.issn.1000-436x.2013.z1.017

Asbtract ( 401 )   HTML ( 7)   PDF (1242KB) ( 621 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In Internet of Vehicles (IoVs), the frequent interruptions of wireless links between the vehicles cause data retrans-mission, which makes the whole vehicle network performance fall sharply. Hence, a multipath routing algorithm was pro-posed for enhancing throughput. The core of the algorithm is to make the vehicle clustering algorithm support network cod-ing, which can achieve the purpose of recovery of disorder and lost packets. Firstly, a collaborative coding communication model was established to achieve mutual cooperative multi-path transmission between vehicle nodes in the same cluster. Secondly, network linear coding was adopted to encode the transmitted data of source vehicle nodes and intermediate vehicle nodes. Finally, destination nodes decode the received data. The performances of the scheme were evaluated by QualNet software. Simulation results show that the algorithm could effectively improve the throughput of multi-path routing in IoVs.

Dynamic situation gateway based system cooperation access gatel model

Shu-hang GUO,Yu ZHANG

2013, 34(Z1):  142-147.  doi:10.3969/j.issn.1000-436x.2013.z1.018

Asbtract ( 249 )   HTML ( 0)   PDF (879KB) ( 485 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In order to adapt the centralized access control between the application system subject and object in the envi-ronment of network configurations, a dynamic situation based system cooperation access gatel model — DSGAC was proposed. To begin with, the constitution of dynamic situational factors of access controls in the application systems of network configurations was analyzed, defining the factor of situation from muti-perspective. Furthermore, the concept of dynamic situational finite state machine was provided and a system cooperation access gatel model supporting calcula-tions and rules of the situation was presented under the constraint of dynamic situations. Finally, the real case application shows the feasibility and validation of the DSGAC model between the application systems. Additionally, the relative in-novativeness between DSGAC model and existing access control models was summerized.

Attribute based sanitizable signature scheme

Xi-meng LIU,Jian-feng MA,Jin-bo XIONG,Jun MA,Qi LI

2013, 34(Z1):  148-155.  doi:10.3969/j.issn.1000-436x.2013.z1.019

Asbtract ( 277 )   HTML ( 5)   PDF (2405KB) ( 507 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Sensitive information in the document needs to be hidden in cloud computing environment, and attribute based sanitizable signature (ABSS) scheme was proposed to solve this problem. The ABSS scheme brings the character of sanitiz-able into ABS in order to hide sensitive information, ensure signer's anonymity and achieve fine-grained access control. Un-der the CDH assumption, the ABSS scheme constructed was proved to be unforged in the standard model. Compared with existing schemes, the proposed ABSS scheme is more appropriate for cloud computing environment.

Simple power analysis attack against cryptosystems based on Montgomery algorithm

Gang GAN,Min WANG,Zhi-bo DU,Zhen WU

2013, 34(Z1):  156-161.  doi:10.3969/j.issn.1000-436x.2013.z1.020

Asbtract ( 339 )   HTML ( 6)   PDF (1742KB) ( 888 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The Montgomery algorithm is widely used to reduce the computational complexity of large integer modular exponentiation. The SPA (simple power analysis) attacks against public-key cryptosystems based on Montgomery algo-rithm implementation were presented by exploitation of the inherent security vulnerability which that sensitive informa-tion leakage could be used by side-channel attack. The chosen-message SPA attacks were focused on, which enhance the differences of operating wave-forms between multiplication and squaring correlated to the secret key by using the input of particular messages. In particular, a SPA attack against RSA cryptosystem was showed based on large integer modular exponentiation. The results show that the attack algorithm is correct and effective.

UWSP: sleeping algorithms for underwater sensor network

Lu HONG,Feng HONG

2013, 34(Z1):  162-169.  doi:10.3969/j.issn.1000-436x.2013.z1.021

Asbtract ( 215 )   HTML ( 2)   PDF (1478KB) ( 573 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Sleeping scheme is one of the key means of saving energy for wireless sensor network. However, existing MAC protocols for underwater sensor network (UWSN) mainly focus on maximizing throughput but ignore sleeping schemes. Moreover, in existing sleeping schemes nodes wake up rapidly, which will loss the life of hardware, waste en-ergy to open/close circuits, and increase collision probability. So, a tree topology based sleeping algorithm for UWSN was proposed, which utilizes the special characteristics of underwater acoustic channel. This algorithm could reduce wakeup frequency, prolong sleeping time and keep the end to end delay from being affected by sleeping time. This algo-rithm has no collision and no channel reservation and its usability and capability have been verified by simulation meth-ods.

Development of dependable embedded computer systems

De-qi KONG,Ya-hui LI,Peng GUO

2013, 34(Z1):  170-175.  doi:10.3969/j.issn.1000-436x.2013.z1.022

Asbtract ( 251 )   HTML ( 4)   PDF (1015KB) ( 834 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The technical features and implement methods of dependable embedded computers were concluded and ana-lyzed, of which the evolution was systemically described. The development process was depicted by four phases, the ba-sic reliability, the system availability, the system integrity and the system dependability. Based on the trend of dependable technology, the dependable computer architecture was proposed with three dimensions, integrity level, fault-tolerant scope and redundancy scope, in order to emphasize the key technologies in the safety critical domain.

Technical Report

Research on relay related handover security in LTE-A

Hao WU,Tao WANG,Shao-bo WU

2013, 34(Z1):  176-181.  doi:10.3969/j.issn.1000-436x.2013.z1.023

Asbtract ( 254 )   HTML ( 0)   PDF (635KB) ( 534 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

As one of the key technologies in LTE-A, relay can both optimize coverage of the network and increase the system capacity. However, the introducing of relay also brings many security challenges to the system. The security is-sues in relay related handover processes were mainly analyzed, and then the corresponding solutions were proposed for security handling. With those solutions, mobile users in the network can communicate effectively after the handover proc-ess. The designed process was also analyzed by using Petri network model. Finally, the handover security of mobile relay was discussed.

Period dividing opportunistic networks mobility model based on human realistic scenarios

Gang CHENG,Yun-yong ZHANG,Yong ZHANG,Mei SONG

2013, 34(Z1):  182-189.  doi:10.3969/j.issn.1000-436x.2013.z1.024

Asbtract ( 244 )   HTML ( 0)   PDF (1014KB) ( 529 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Existing mobility models are unable to effectively reflect the behavioral trait of nodes during movement, so the period dividing opportunistic network mobility model based on human realistic scenarios was proposed, by setting up a node daily mobility model and dividing node mobility submodels according to time segment. The features of node activities based on the realistic human scenario and the opportunistic network mobility model were analyzed, in-cluding the node average detention time, the number of nodes in a community during different time interval and the changing frequency of destinations etc. And a contrast has been made between the collected realistic mobility data and data from other mobility models in the way of simulation. The results of simulation show that with respect to node meeting time interval etc., the performances of the model are closer to the activity features in realistic scenarios than other node mobility models.

Privacy leakage in online social networks based on public information

Shao-qing LV,Yu-qing ZHANG,Ping NI

2013, 34(Z1):  190-196.  doi:10.3969/j.issn.1000-436x.2013.z1.025

Asbtract ( 277 )   HTML ( 0)   PDF (646KB) ( 334 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

An algorithm was proposed to predict privacy information in social network with public information. This al-gorithm detected communities in the friend relationship network and inferred privacy information using public informa-tion of some friends. The results show that users' privacy information can be estimated with high accuracy when given only a little public information.

Active-probing based distributed malware master detection system

Cheng-xiang SI,Bo SUN,Wen-han YANG,Hui-lin ZHANG,Xiao-nan XUE

2013, 34(Z1):  197-206.  doi:10.3969/j.issn.1000-436x.2013.z1.026

Asbtract ( 359 )   HTML ( 7)   PDF (1025KB) ( 685 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Nowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was proposed based on botnet controller's communication pro-tocol fingerprint. Botnet samples including client and server were analyzed and the command and control protocol of the botnet were collected. The communication protocol fingerprint was also extracted from controller's response message and the host on the Internet was scanned with the communication protocol fingerprint. Active Spear active probing system was designed and implemented based on the approach. The system employs distributed architecture and IP used in the scanning is dynamic. The system supports to scan many botnets owning different types of protocols as their command and control protocols. The functional verification in the testing environment proves the effectiveness of the approach and the evaluation to scanning efficiency in the real network environment shows the ability that the system can finish task of scanning a large scale of IP section in an acceptable time.

On access to trusted virtual group under cloud computing

Peng LIANG,Chang-xiang SHEN,Zhen-hu NING

2013, 34(Z1):  207-215.  doi:10.3969/j.issn.1000-436x.2013.z1.027

Asbtract ( 208 )   HTML ( 0)   PDF (993KB) ( 345 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

There is no appropriate internal isolation mechanism for important production information system based on cloud computing. Here the main access control technologies were compared thoroughly and then two-layer key manage-ment scheme was put forward. In terms of the first layer, access control polynomial based on one-way hash function was constructed to achieve the separation of information flow between subgroups, that is, the information isolation within any department of a company was accomplished. Based on the first layer, a hierarchical key management was presented for different subgroups so as to realize the access control between different departments of a company. Then the security and complexity were analyzed. Finally, through the example and simulation experiment, the access control model based on two-layer key management scheme was verified.

Research on intelligent optimization of cryptogram service scheduling for service composition

Jian-jun LI,Bin YU,Wu-ping CHEN

2013, 34(Z1):  216-222.  doi:10.3969/j.issn.1000-436x.2013.z1.028

Asbtract ( 238 )   HTML ( 1)   PDF (915KB) ( 385 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

To improve the quality of cryptogram service, the cryptogram service architecture for service composition was proposed. And a hybrid discrete shuffled frog-leaping algorithm was proposed to solve cryptogram service scheduling problem. It uses the basic framework of the traditional frog-leaping algorithm and designs the encoding and decoding ac-cording. The corresponding individual vector updating method was re-designed. To improve search accuracy, the pro-posed algorithm was improved with six neighborhoods to optimize the best frog of the group and combined with variable neighborhood search algorithm. The proposed algorithm was tested on a set of standard instances and simulation experi-ments. The results show the effectiveness of the algorithms, and an optimal path to fulfill the users' request have been formed. It is suitable for the real life environment.

Fine-grained description model and implementation of hypermedia document

Mang SU,Guo-zhen SHI,Feng-hua LI,Ying SHEN,Qiong HUANG,Miao-miao WANG

2013, 34(Z1):  223-229.  doi:10.3969/j.issn.1000-436x.2013.z1.029

Asbtract ( 233 )   HTML ( 0)   PDF (867KB) ( 563 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

According to the tendency of development for digital media convergence and management of massive data, a fine-grained hypermedia document description model and its implementation were proposed, basing the analysis of the relationship between the related multidimensional digital media. The method for access control was given, as well as its XML description grammar system. The model could satisfy the demands of convenient and effective management.

Survey of the context-aware location privacy-preserving techniques

Dian-hui MAO,Jian CAO,Qiang CAI,Hai-sheng LI

2013, 34(Z1):  230-234.  doi:10.3969/j.issn.1000-436x.2013.z1.030

Asbtract ( 226 )   HTML ( 7)   PDF (357KB) ( 508 )   Knowledge map   

References | Related Articles | Metrics

With the advances in wireless communication technology and smart mobile devices, location-based services (LBS) providing personalized services based on users' location information, have been widely applied in many areas. However, direct publishing locations may present serious threats to individuals' privacy. Firstly, the general concepts and essential features of context-aware location privacy-preserving techniques were briefly introduced. Secondly, a survey of existing work, including the degrees of privacy preservation, QoS (quality-of-service), system architecture and adaptabil-ity of context-awareness, mainly analyzes and summarizes the state-of-art location privacy preserving strategies and models. Finally, after reviewing the main progresses of context-aware privacy preserving techniques in recent years, the present problems and development trend of the area were discussed.

Provable security EPC information service communication scheme for EPC network

Jing-feng LI,Heng PAN,Wei-feng GUO

2013, 34(Z1):  235-239.  doi:10.3969/j.issn.1000-436x.2013.z1.031

Asbtract ( 215 )   HTML ( 1)   PDF (1068KB) ( 334 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

To resolve the security drawbacks of EPC information services, a provable security EPC information service communication scheme—ESCM was designed. By using some cryptographic mechanisms such as the digital signature and the message authentication code, the ESCM could implement mutual authentication and session key agreement be-tween the EPC Information service servers and querying application belonging to a different trust domain. Security analysis shows that the session key agreement of ESCM is provably secure in the Canetti-Krawczyk model. Furthermore, the ESCM has efficient computation and communication cost.

Attack-defense game model of node traces privacy preserving for vehicle ad hoc networks

Wei-dong YANG,Yun-hua HE,Li-min SUN

2013, 34(Z1):  240-245.  doi:10.3969/j.issn.1000-436x.2013.z1.032

Asbtract ( 300 )   HTML ( 3)   PDF (571KB) ( 339 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The vulnerability of published vehicle traces is a focus issue for vehicle ad hoc network. Aiming at the privacy of published traces with a game-theoretic model under the scene of the active attacks and defense actions were modeled, and the attack and defense games were analyzed. Also ability of an adversary and the goal that a defender wants to achieve by the information entropy were quantified. By the analysis of true traces, the Nash equilibrium point under the game of complete information and an optimal defense strategy providing the user with the best privacy level for each at-tack strategy were presented.

Secure resource metering and accounting with hash chain in cloud storage

Mei LIU,Ge FU,Yi-xi LI,Hong ZHANG,Xin-ran LIU,Cui-lan DU

2013, 34(Z1):  246-255.  doi:10.3969/j.issn.1000-436x.2013.z1.033

Asbtract ( 194 )   HTML ( 0)   PDF (1716KB) ( 236 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Cloud storage is a pay-per-use service of which the billing plan is typically based on users' resource consump-tion metered by server side. Therefore, the trustworthiness between payer and service provider becomes a key factor for the business, and triggers security concerns. On the one hand, service providers or insiders may inflate the amount of re-source consumed to get more service charge. On the other hand, payers may deny the resource consumption to pay less. Thus, a resource metering and accounting scheme based on hash chain was proposed. It generated verifiable proof for different types of resources. For most resources, proof can be generated based on total amount of resource incurred. How-ever, similar scheme cannot be applied to storage space usage, since it fluctuates and the billing relies on not only the utilized storage space but also the storage duration. The proposed storage usage metering scheme considers time factor together with storage space, and generates proof according to the diverse storage billing plans. It improves previous schemes, and achieves the goal of verifiable metering and accounting.

Academic communication

Microblog hot topic detection method based on meaningful string clustering

Min HE,Li-hong WANG,Pan DU,Jin ZHANG,Xue-qi CHENG

2013, 34(Z1):  256-262.  doi:10.3969/j.issn.1000-436x.2013.z1.034

Asbtract ( 250 )   HTML ( 0)   PDF (728KB) ( 1416 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Aiming at the properties of sparse feature, content fragmentation for microblog data, a hot topic detection method was proposed based on meaningful string clustering. The multiple strategies including repeated string detection, context analysis and language rule filtering were combined to extract meaningful strings. Candidate topics were generated by clustering with distribution of meaningful strings in documents. The hot topics were detected according to hotness sorting for candidate topics. As is shown from the experiment results on microblog data, the method achieves good effect in solving the problem of data sparseness. It is effective and feasible to hot topic detection for microblog.

Fast access authentication scheme for mobile IPv6 hierarchical network

Shan-shan SONG,Tao SHANG,Jian-wei LIU

2013, 34(Z1):  263-267.  doi:10.3969/j.issn.1000-436x.2013.z1.035

Asbtract ( 231 )   HTML ( 1)   PDF (1007KB) ( 331 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

A fast access authentication scheme for mobile IPv6 hierarchical network was proposed, which improves the performance of access authentication of mobile IPv6 hierarchical network from two aspects, efficiency and security. Firstly, the scheme used the vector network address coding method to improve the home registration performance. Sec-ondly, a hierarchical lattice-based signature scheme was designed to implement the two-way authentication and improve the security of the authentication process. The analysis of the scheme shows that it is strongly unforgeable, and mean-while it can defend replay attacks and reduce the delay time of the entire authentication process.

Routing algorithm based on location optimization of sink node in hybrid wireless sensor networks

Sai ZOU,Wen-yong WANG,Yong TANG,Jun ZHANG

2013, 34(Z1):  268-275.  doi:10.3969/j.issn.1000-436x.2013.z1.036

Asbtract ( 250 )   HTML ( 2)   PDF (929KB) ( 523 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The data acquisition nodes in hybrid wireless sensor network usually suffer high energy consumption of data transmission and high ratio of packet loss. This issue is closely related to the position of data aggregation nodes (sink nodes) and can be improved by optimizing the location of these nodes. It was adopted in the routing algorithm based on location optimization of mobile sink nodes (MLOYIH). In MLOYIH, ant colony algorithm was used to divide the mobile nodes and static nodes into groups and then the suitable positions of the aggregation nodes were determined within each group. Then the suitable networking routing was established according to the power supply of sensor nodes. Simulation shows that MLOYIH algorithm has a lower energy consumption with a reduction of 64% compared with the traditional algorithms, and the ratio of packet loss is less than 3%.

Enhanced cloud storage access control scheme based on attribute

De-hua NIU,Jian-feng MA,Zhuo MA,Chen-nan LI,Lei WANG

2013, 34(Z1):  276-284.  doi:10.3969/j.issn.1000-436x.2013.z1.037

Asbtract ( 382 )   HTML ( 7)   PDF (1290KB) ( 1863 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In order to ensure the security of data and privacy in cloud storage, an enhanced cloud storage access control solution based on attribute was proposed. By designing a common set of attributes, attribute-based encryption(ABE) was integrated into XACML (eXtensible access control markup language) framework and the goal to ensure the confidential-ity of sensitive data and to provide fine-grained access control was achieved. Considering the efficiency of ABE is very low when it is used to a large amount of data, symmetric cryptography was used to ensure the confidentiality of the vast amounts of sensitive data while ABE was used to protect the small number of symmetric keys. Experiments show that the scheme can ensure the confidentiality of the data and privacy and its performance is superior to other similar systems.

SYN flood attack defense strategy for asymmetric routing

Jian-xi TAO,Li ZHOU,Zhou ZHOU,Wei YANG,Qing-yun LIU,Rong YANG

2013, 34(Z1):  285-291.  doi:10.3969/j.issn.1000-436x.2013.z1.038

Asbtract ( 239 )   HTML ( 3)   PDF (1216KB) ( 682 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In order to resolve the problem that existing network security facilities can't defend against large-scale SYN flood attack under asymmetric routing environment, attack detection technology and connection management strategy were researched, and a defense architecture combining a light-weight detection method with a hierarchical connection management strategy was presented. The detection method uses SYN packet rate and destination IP address entropy, and the hierarchical connection management strategy consists of a method based on SYN packet and a method based on data packet. The experimental results show that this proposed method can mitigate the influence brought by SYN flood attack.

RFID-sensor based multi-reader cooperation mechanism information collecting protocol in IOT

Wen-xiu LI,Ya-hong GUO,Jin-bao LI,Long-jiang GUO,Shao-bin ZHANG

2013, 34(Z1):  292-302.  doi:10.3969/j.issn.1000-436x.2013.z1.039

Asbtract ( 177 )   HTML ( 1)   PDF (877KB) ( 310 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In order to collect the information of sensor nodes in multi-reader environment, the MRCIC information col-lection protocol was proposed. MRCIC information collection protocol uses the previous time slot position to assign the slot position where tags replied, and save the execution time of identifying the interrogated tags efficiently. Because of reader collisions problem, the intersecting regions tags couldn't be detected. Hence, in order to detecting them, MRCIC adopts the method that readers which did not have intersecting regions transmit interrogation information simultaneously and other readers sleep, to collect the intersecting regions tags' information. It improves the accuracy of lection. Theoretical analysis and experimental results show that MRCIC gets shorter delay than AMDCU、ALOHAinformation、BTcol-and PIC, and it can reach the significantly accuracy rate.