ISSN 1000-1239 CN 11-1777/TP


    Default Latest Most Read
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Journal of Computer Research and Development    2018, 55 (10): 2095-2098.  
    Abstract1115)   HTML267)    PDF (614KB)(1071)       Save
    Related Articles | Metrics
    Research on Scalability of Blockchain Technology: Problems and Methods
    Pan Chen, Liu Zhiqiang, Liu Zhen, Long Yu
    Journal of Computer Research and Development    2018, 55 (10): 2099-2110.   DOI: 10.7544/issn1000-1239.2018.20180440
    Abstract3648)   HTML100)    PDF (2158KB)(2337)       Save
    As one of the key technologies of distributed ledgers, blockchain solves the trust problem in open network without relying on any trusted third party. Its decentralized feature makes it potential for a wide range of application scenarios. However, it still faces scalability problems. The bottleneck of blockchain scalability is mainly in two aspects: low efficiency and difficulty in functional extension. For instance, Bitcoin can only deal with 7 transactions per second averagely. Obviously, it cannot meet the requirement of current digital payment scenarios, nor can it be carried in other applications such as distributed storage and credit investigation service. On the other hand, the data or assets within different blockchains are difficult to interact with each other. This restricts the functional extension of blockchain system. In reality, there are a variety of blockchain systems which are specially devised for various functionalities or applications. Therefore, it is crucial to establish interaction channels among different blockchains to make them form the Internet of value. So far the research of blockchain scalability has attracted much attention from both academia and industry due to its importance. This paper introduces and analyzes the blockchain scalability related technologies from the aspects of improving efficiency and extending functionality of blockchain system, respectively. Firstly, we introduce three major schemes for performance enhancement of blockchain, including off-chain payment network, Bitcoin-NG and sharding mechanism; and four typical cross-chain approaches for blockchain functionality extension. Then we analyze the merits and demerits of each technology, based on which we give the challenges and suggestions for further research in blockchain scalability.
    Related Articles | Metrics
    Survey of Smart Home Security
    Wang Jice, Li Yilian, Jia Yan, Zhou Wei, Wang Yucheng, Wang He, Zhang Yuqing
    Journal of Computer Research and Development    2018, 55 (10): 2111-2124.   DOI: 10.7544/issn1000-1239.2018.20180585
    Abstract2714)   HTML85)    PDF (2535KB)(1516)       Save
    With the development of the Internet of things technology, smart home industry has become increasingly prosperous, and its security issues have attracted the attention of more and more researchers. Currently, the related research on smart home security is still in initial stage. This paper first reviews the development history and current status of smart home, and summarizes the architecture of current smart home system. In terms of security, we analyze and summarize the domestic and foreign literatures in recent years, and divide security issues into three aspects: platform security, device security and communication security. Platform security research mainly focuses on designing secure authentication and access control scheme, as well as discovering security issues in new scenarios such as smart home trigger-action and smart speakers; device security research mainly includes device firmware vulnerability discovery and side channel analysis; communication security research mainly includes protocol vulnerability discovery and network traffic analysis. Through in-depth analysis of the shortcomings of existing research work, the challenges and opportunities faced by smart home security are summarized. Finally, based on the current research status of smart home security, we point out four future research directions.
    Related Articles | Metrics
    An Efficient and Secure Three-Party Wildcard Pattern Matching Protocol
    Wei Xiaochao, Zheng Zhihua, Wang Hao
    Journal of Computer Research and Development    2018, 55 (10): 2125-2133.   DOI: 10.7544/issn1000-1239.2018.20180418
    Abstract1278)   HTML13)    PDF (1309KB)(345)       Save
    Secure multiparty computation is an important technique used to achieve distributed security, which mainly considers the cooperative computing between many distinct participants meanwhile guaranteeing the privacy of the input information. Pattern matching has wide application in information retrieval, bioengineering and facial recognition. How to protect the privacy of the retrieval pattern and result when achieving the matching function has attracted more and more attention of the researchers. As a variant of pattern matching, wildcard pattern matching enables the existence of wildcard in the retrieval pattern, such that batch retrieval can be achieved for information with same characteristics. Traditional secure wildcard pattern matching involves only two parties, which are database and user. However, in view of the development of data sharing technique, the above model cannot describe many new application scenarios. In this paper, we firstly research secure three-party wildcard pattern matching for some specific applications. At first, we propose a formal description of a concrete secure three-party wildcard pattern matching functionality and analyze its function. Then, we construct a protocol using secret sharing and outsourced oblivious transfer (OOT) in semi-honest model. Using oblivious transfer extension technique, our protocol requires only 3 rounds, and the computation and communication complexity is respectively O(k) and O(nm), where n and m are the lengths of the data providers, and k is the basic number of OT extension which is much less than nm.
    Related Articles | Metrics
    Verifiable Secure Data Deduplication Based on User-Defined Security Requirements
    Liu Hongyan, Xian Hequn, Lu Xiuqing, Hou Ruitao, Gao Yuan
    Journal of Computer Research and Development    2018, 55 (10): 2134-2148.   DOI: 10.7544/issn1000-1239.2018.20180441
    Abstract1081)   HTML2)    PDF (4384KB)(420)       Save
    With the increasing of cloud storage users, data deduplication technology is widely applied in cloud computing environment. One of the key issues in cloud computing security is to effectively protect data privacy while implementing efficient deduplication and achieving secure multi-party computation among the clients. Cloud users’ control over the deduplication process is considered for the first time. By introducing the user attribute-based security requirement mechanism, a novel data deduplication scheme in cloud storage is proposed, which doesn’t require any online trusted third party. It achieves users’ control over data sharing and fully protects data privacy. Based on bilinear mapping, data tags are constructed to keep track of the data without leaking any exploitable information. The combination of file-level and block-level deduplication is applied to obtain better efficiency with fine data granularity. The ownership proving method is designed based on multi-party computation principles and bloom filter, which ensures only authorized users can access the data. It can prevent malicious users from conducting eavesdropping attack. The data encryption key is protected via broadcast encryption, which secures the data deduplication process. The correctness and security of the proposed scheme are analyzed and proved. Simulation results show that the scheme is secure and effective.
    Related Articles | Metrics
    Multiple-Keyword Encrypted Search with Relevance Ranking on Dual-Server Model
    Li Yuxi, Zhou Fucai, Xu Jian, Xu Zifeng
    Journal of Computer Research and Development    2018, 55 (10): 2149-2163.   DOI: 10.7544/issn1000-1239.2018.20180433
    Abstract928)   HTML8)    PDF (2920KB)(439)       Save
    Focusing on the problem of confidentiality and availability of user data in cloud storage environment, we study the encrypted search method with multi-keyword. Aiming at the practical demand, we propose a multi-keyword encrypted search scheme with relevance ranking (MES-RR) in dual-server model, which can not only achieve secure multi-keyword encrypted search, but also ensure efficient search result sorting. We construct a relevance-based keyword index with the tools of TF-IDF weighting scheme and Paillier homomorphic cryptosystems, which not only obtains optimize computational complexity but also reduces storage complexity. We design a dual-server model architecture to perform the collaborated mechanism. Based on that, we design a secure sorting protocol between the two collaborated servers to sort the encrypted search results, which outputs private ranking result to user. In terms of security, we design the security model of MES-RR under honest but curious threat scenario, and give formal security analysis. The result shows that MES-RR can resist adaptive chosen keyword attacks under the random oracle model (IND-CKA2). The performance analysis shows that compared with the previous multi-keyword encrypted search scheme that supports result sorting, MES-RR reduces the storage cost and interactions, and is applicable to the cloud storage environment in the real world.
    Related Articles | Metrics
    Identity-Based Threshold Decryption Scheme from Lattices under the Standard Model
    Wu Liqiang, Yang Xiaoyuan, Zhang Minqing
    Journal of Computer Research and Development    2018, 55 (10): 2164-2173.   DOI: 10.7544/issn1000-1239.2018.20180446
    Abstract814)   HTML4)    PDF (1162KB)(330)       Save
    The identity-based threshold decryption (IBTD) system combines the secret sharing method with the identity-based encryption mechanism. In a (t, N) IBTD system, N decryption servers share the private key corresponding to a user’s identity. When to decrypt, at least t servers are required to participate in and calculate their corresponding decryption shares. However, less than t or fewer servers are unable to obtain any information about the plaintext. At present, the existing IBTD schemes from lattices are constructed under the random model, and the main method is to divide the private key statistically close to a Gauss distribution directly. This paper constructs a non-interactive IBTD scheme. A public vector is split using the Lagrange secret partition method, and each decryption server obtains its respective characteristic vector. Each private key share is obtained by sampling the pre-image of the characteristic vectors through the private trapdoor function for each decryption server. The user’s complete private key is effectively hidden and the security of the scheme is improved. The difficulty of the discrete logarithm problem is used to realize the verifiability of decryption share. The correctness of the decryption share is guaranteed by the homomorphism of the operations between the common vector and the private key shares. The IND-sID-CPA security for the proposed scheme is proved based on the decisional learning with errors (LWE) hardness assumption under the standard model.
    Related Articles | Metrics
    Ciphertext-Only Fault Analysis of the LBlock Lightweight Cipher
    Li Wei, Wu Yixin, Gu Dawu, Cao Shan, Liao Linfeng, Sun Li, Liu Ya, Liu Zhiqiang
    Journal of Computer Research and Development    2018, 55 (10): 2174-2184.   DOI: 10.7544/issn1000-1239.2018.20180437
    Abstract1128)   HTML5)    PDF (2495KB)(368)       Save
    The lightweight cipher LBlock was proposed at ANCS in 2011. It has the structure of Feistel and is widely applied in the security of Internet of things (IoT). In this paper, a cipher-text fault analysis for LBlock cipher by injecting faults is proposed, and it is analyzed by 6 distinguishers in the last but 3 rounds. On the basis of original distinguishers as SEI, GF, GF-SEI, MLE, we propose GF-MLE and MLE-SEI distinguishers as new distinguishers. The simulation experiments show that the secret key can be recovered with over 99% success probability in a short period of time, and these two new distinguishers can not only improve the attacking efficiency, but also decrease the number of faults. This shows that the ciphertext-only fault analysis poses a great threat to the security of LBlock cipher.
    Related Articles | Metrics
    Full Anonymous Blockchain Based on Aggregate Signature and Confidential Transaction
    Wang Ziyu, Liu Jianwei, Zhang Zongyang, Yu Hui
    Journal of Computer Research and Development    2018, 55 (10): 2185-2198.   DOI: 10.7544/issn1000-1239.2018.20180430
    Abstract2029)   HTML36)    PDF (3342KB)(1038)       Save
    The public ledger of Bitcoin blockchain system offers ownership proof for distributed users by revealing all transaction details from coinbase transaction to unspent transaction output. However, an adversary could deanonymize user identities by transaction graph analysis and obtain transaction amount which reveals users’ privacy. This paper resolves this problem and uses both mixing and confidential transaction technique to achieve a full anonymous blockchain system by a one-way aggregate signature scheme and a homomorphic encryption scheme. It protects user identities and transaction amount to achieve full anonymity. The one-way aggregate signature scheme compresses all individual signatures to an aggregated one without additional storage space, which could neutralize the storage overhead caused by confidential transaction to a certain extent. The homomorphic encryption scheme encrypts the plaintext transaction amount to the Pedersen-style ciphertext, which is validated without decryption. In addition, miners in our system would become entities for verifying, mixing and packing all transactions in blocks. Four-step validation mechanism is also designed to prevent transaction makers from cheating. Finally, we evaluate our system with related work from the aspect of privacy protection, in which our storage overhead is acceptable with full anonymity.
    Related Articles | Metrics
    Blockchain-Based Verification Scheme for Deletion Operation in Cloud
    Liu Yining, Zhou Yuanjian, Lan Rushi, Tang Chunming
    Journal of Computer Research and Development    2018, 55 (10): 2199-2207.   DOI: 10.7544/issn1000-1239.2018.20180436
    Abstract1515)   HTML23)    PDF (1811KB)(801)       Save
    Nowadays, more and more users upload their data to the cloud server, since the cloud can provide the service for users any time and at any place. Therefore, the cloud service facilitates the data usability and reduces the cost. However, the information leakage accidents have been reported frequently over the world, that is to say the cloud server is not fully trusted, and the security issue in cloud service must be paid enough attention. For example, illegal user may want to access the cloud server, and perhaps the cloud server does not delete the data according the user’s requirement. In order to address these concerns, a verification scheme for deletion operation in cloud is presented using block-chain technology, which can make the deletion operation more transparent. In our scheme, the user calls the smart contract to prove his identity to the cloud server, and creates the request transaction for data deletion; then the cloud server deletes the data and generates a block chain with the evidence (evidence chain). Even if the cloud server is dishonest, the user can still verify the data deletion result. Moreover, the proposed scheme is analyzed to really achieve the public verification of data without the third-party trusted organization, the impersonation attacks resistance, and the eavesdropping attacks resistance, etc.
    Related Articles | Metrics
    Improvement of the PoS Consensus Mechanism in Blockchain Based on Shapley Value
    Liu Yiran, Ke Junming, Jiang Han, Song Xiangfu
    Journal of Computer Research and Development    2018, 55 (10): 2208-2218.   DOI: 10.7544/issn1000-1239.2018.20180439
    Abstract1588)   HTML28)    PDF (1804KB)(873)       Save
    Blockchain has attracted much attention for its decentralization, tamper-proof, easy to verify and other notable advantages. But for the blockchain, its most fundamental attribute is decentralization. This requires a good consensus mechanism to be established. At present, the common consensus mechanisms include the proof-of-work (PoW) consensus mechanism, the proof-of-stake (PoS) consensus mechanism, the proof-of-activity (PoA) consensus mechanism, and so on. However, these consensus mechanisms didn’t give a specific scheme for the reward distribution of participating nodes. Based on the principle of calculating Shapley value in Game Theory, this paper improves the distribution of reward in the mechanism of the PoS consensus mechanism, makes the reward distribution of the nodes participated in the generated block in the PoS mechanism more fair and reasonable, and it can also reverse the social stratification in the blockchain, thus greatly improving the possibility of the new small node gaining the benefit. In addtion, we apply the same ideas in the Ouroboros protocol to improve its revenue distribution algorithm so that it satisfies survivability and durability.
    Related Articles | Metrics
    A Regulatable Digital Currency Model Based on Blockchain
    Zhang Jianyi, Wang Zhiqiang, Xu Zhili, Ouyang Yafei, Yang Tao
    Journal of Computer Research and Development    2018, 55 (10): 2219-2232.   DOI: 10.7544/issn1000-1239.2018.20180426
    Abstract2311)   HTML41)    PDF (3824KB)(972)       Save
    The digital currency, represented by Bitcoin, was designed to be a decentralized system. And this property makes the regulation more difficult. However, the research of designing a regulatable digital currency is very limited. In this paper, we introduce a new digital currency model based on two chains scheme, public blockchain and consortium blockchain. As the core participant, the consortium blockchain collects and confirms every transaction, determines the status of the system, and stores the complete transaction records. The users’ private information is guaranteed by the secret sharing in the consortium blockchain and also can be decrypted by the voting committee. Based on the characteristics and requirements of the consortium blockchain, we also introduce an agreement protocol based on the Credit Practical Byzantine Fault Tolerance and use the simplified agreement protocol to offer high throughput for our model and flexibility of the system. With the view-change and checkpoint protocol, we can dynamically adjust the nodes’ status and authority. Extensive analysis and experimental results indicate that our proposed method is both efficient and secure. We believe that this is the first work that has the capacity of the tamper-resistant, traceability, decentralize and regulation.
    Related Articles | Metrics
    Privacy-Preserving Scheme of Electronic Health Records Based on Blockchain and Homomorphic Encryption
    Xu Wenyu, Wu Lei, Yan Yunxue
    Journal of Computer Research and Development    2018, 55 (10): 2233-2243.   DOI: 10.7544/issn1000-1239.2018.20180438
    Abstract2489)   HTML97)    PDF (1970KB)(1591)       Save
    The privacy protection of electronic health records (EHR) has become an issue which attracts more and more attention in public. Blockchain is a technology that has emerged with the spread of digital cryptocurrency such as Bitcoin and has features of “decentralization” and “unmodifiable”. Existing electronic health record management systems ignore the security problems of patients’ interaction with other roles while focusing on protecting the user’s privacy data, especially there is no such an appropriate solution to problem nowadays that insurance can view patients’ sensitive data and invade privacy. This paper proposes a scheme based on blockchain for solving the above three problems. In combination with homomorphic encryption and smart contract technology based on Ethereum, we implement the feature that the insurance company can judge whether to handle the claim requests, although it has no way to obtain the plaintext of EHR and the ID. So there is no sensitive data of the patient which will be leaked to unauthorized users during interaction, thus the privacy protection of users’ data is strengthened. This thesis focuses on analyzing the interaction process of different roles under different application requirements based on the premise of patients’ privacy and carries out security analysis and performance evaluation.
    Related Articles | Metrics
    Regional Cooperative Authentication Protocol for LEO Satellite Networks Based on Consensus Mechanism
    Wei Songjie, Li Shuai, Mo Bing, Wang Jiahe
    Journal of Computer Research and Development    2018, 55 (10): 2244-2255.   DOI: 10.7544/issn1000-1239.2018.20180431
    Abstract1061)   HTML16)    PDF (4667KB)(427)       Save
    Authentication is an important point of satellite network security. On the premise of security, it is one of the research hot spots that how to design efficient authentication scheme according to the ability of satellite network. Nowadays, researches about authentication scheme of LEO satellite network mainly focus on reducing the calculation consumption with low cost computation, like Hash operation, while ignoring the features of LEO satellite network like dynamic topology and frequent link switch etc. On the other hand, the consensus mechanism of blockchain is drawing more and more attention. Through the consensus mechanism, internal nodes of network reach a consensus and confirm the synchronization of transactions among the whole network. Based on these, a regional cooperative authentication protocol is proposed, which makes LEO network dynamic topology abstract with regional division and implements efficient handover authentication by consensus among satellites. Additionally, the proposed protocol reaches the fast switch by combining the method of distributed Hash table and Hash lock, which are light in computation and can avoid the defect that each authentication with normal authentication way is a brand new authentication phase. For the security and performance, a contrastive analysis to relevant researches in these years is made. At last, the protocol is simulated with a LEO network scenario similar to Iridium system upon OPNET network stimulation platform. And the results of simulation show that the performance of the protocol is obviously superior to existing authentication protocols in satellite network.
    Related Articles | Metrics
    Formal Modeling and Factor Analysis for Vulnerability Propagation Oriented to SDN
    Wang Jian, Zhao Guosheng, Zhao Zhongnan, Li Ke
    Journal of Computer Research and Development    2018, 55 (10): 2256-2268.   DOI: 10.7544/issn1000-1239.2018.20180447
    Abstract935)   HTML3)    PDF (5033KB)(276)       Save
    Software defined network (SDN) is one of the most popular network technologies nowadays. SDN decouples the traditional control plane from the forwarding plane, resulting in many new security and management issues while performing centralized control. Meanwhile, the types of vulnerabilities are diverse in each layer and north-south trending interfaces of SDN, and the spread trend is quite different. Aiming at the effect of vulnerability propagation in/between layers of SDN as well as its suppression strategy, a formal model of vulnerability propagation for SDN based on Bio-PEPA is proposed in this paper. First of all, the basic syntax of Bio-PEPA is discussed, and its applicability to SDN with obvious hierarchical structure and the vulnerability propagation process with dynamic characteristic is illustrated. Then, the vulnerabilities existing in each layer of SDN are explored and modeled in terms of layers. Besides, by constructing a formal model for the process of vulnerability propagation in/between layers of SDN, the mechanism of vulnerability propagation is analyzed in two levels, horizontal (in layers) and vertical (between layers). In this way, the vulnerability propagation of SDN can be better suppressed. Finally, the simulation results show that the vulnerability propagation of SDN can be effectively retained by reducing the connection conversion rate, improving the detection conversion rate and repairing conversion rate. Our works provide a reference for the law of vulnerability propagation of SDN, so as to improve the security of SDN.
    Related Articles | Metrics
    Reverse-Analysis of S-Box for GIFT-Like Algorithms Based on Independent Component Analysis Technology
    Ma Xiangliang, Li Bing, Xi Wei, Chen Hua, Chen Caisen
    Journal of Computer Research and Development    2018, 55 (10): 2269-2277.   DOI: 10.7544/issn1000-1239.2018.20180427
    Abstract853)   HTML3)    PDF (3337KB)(298)       Save
    In the security evaluation of practical crypto system or module, the reverse analysis of unknown cryptographic algorithm is an important evaluation content. At present, the reverse analysis methods of cryptographic algorithms mainly contain mathematical analysis and physical bypass analysis, among which the latter is more popular due to its low cost and high universality. The side-channel analysis technology based on independent component analysis technology recovers the intermediate state value directly, bypassing the limitation of the “guess-and-determine” attack idea in the traditional side-channel analysis. This paper studies the safety of GIFT-like algorithm under the reverse analysis. We successfully recovered the content of the S-box by independent component analysis (ICA) technology, taking advantage of the characteristics of GIFT algorithm structure and taking the inputs of P permutation as observation conditions. The result of this paper is one of the reverse analysis results of the GIFT-like algorithm, and the method is also of reference significance to the reverse analysis of other unknown algorithms.
    Related Articles | Metrics
    A Memory Forensic Method Based on Hidden Event Trigger Mechanism
    Cui Chaoyuan, Li Yonggang, Wu Yun, Wang Licheng
    Journal of Computer Research and Development    2018, 55 (10): 2278-2290.   DOI: 10.7544/issn1000-1239.2018.20180405
    Abstract912)   HTML4)    PDF (6101KB)(355)       Save
    As an important branch of computer forensics, memory forensics can extract and alalyze digital evidence of OS running status, and has become a powerful weapon against cybercrimes. Most of the existed memory forensics approaches obtain memory data completely, and thus contain a large amount of redundant information, which brings inconvenience to subsequent memory analysis. In addition, there is blindness in the selection of forensic time points, especially for malware with hidden characteristics, so it cannot accurately perform real-time forensics when an attack occurs. Because of the volatile and unrecoverable nature of memory, the mismatch between the forensic time point and the attack process will make the forensic content unable to characterize the attack behavior, resulting in invalid forensic data. This study proposes ForenHD, a memory forensics approach based on hidden event trigger mechanism. ForenHD monitors the kernel objects in the target virtual machine in real time by leveraging virtualization technology. It firstly determines hidden objects by analyzing the logical connection and running status of kernel objects, and then uses the discovered hidden objects as the triggering event of memory forensics. Finally ForenHD extracts the code segment information of the hidden object through memory mapping. As a result, real-time and partial memory forensics can be achieved. Experiments on multiple hidden object forensics show ForenHDs feasibility and effectiveness.
    Related Articles | Metrics