ISSN 1000-1239 CN 11-1777/TP


    Default Latest Most Read
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Journal of Computer Research and Development    2018, 55 (7): 1357-1358.  
    Abstract936)   HTML16)    PDF (349KB)(439)       Save
    Related Articles | Metrics
    Privacy Protection Incentive Mechanism Based on User-Union Matching in Mobile Crowdsensing
    Xiong Jinbo, Ma Rong, Niu Ben, Guo Yunchuan, Lin Li
    Journal of Computer Research and Development    2018, 55 (7): 1359-1370.   DOI: 10.7544/issn1000-1239.2018.20180080
    Abstract1122)   HTML4)    PDF (3056KB)(567)       Save
    As a novel Internet of things (IoT) sensing mode, mobile crowdsensing provides a new way and means for ubiquitous social perception. A large number of sensing data containing sensitive and private information of sensing users is gathered in the mobile crowdsensing, and a great deal of valuable information can be mined, which greatly increases the risk of hacker attacks and private data leakage. While encouraging more sensing users to participate in sensing tasks and providing real data, how to better protect the privacy of sensing data and sensing platform has become a prominent and pressing key issue. In order to solve the above problems, this paper proposes a user-union matching scheme based on the Bloom filter. Before the sensing users upload the sensing data who can choose using the Bloom filter and the binary product of the confusion vector to estimate the similarity, and effectively protect personal privacy information. Meanwhile, aiming at the efficiency of the private set intersection of the sensing data, this study puts forward a light-weight private sensing data set intersection protocol, which can realize private sensing data intersection operation without leakage of any user’s real sensing data. Furthermore, we propose a reputation-aware incentive mechanism based on user-union matching, which can effectively control the budget expenditure on the basis of improving the processing efficiency of sensing tasks. Finally, the security analysis shows that the proposed user-union matching scheme is provably secure, and the proposed private sensing data set intersection protocol is secure, and the performance analysis and experimental results show that the proposed reputation-aware incentive mechanism is efficient and effective.
    Related Articles | Metrics
    A Defensive Method Against Android Physical Sensor-Based Side-Channel Attack Based on Differential Privacy
    Tang Benxiao, Wang Lina, Wang Run, Zhao Lei, Wang Danlei
    Journal of Computer Research and Development    2018, 55 (7): 1371-1392.   DOI: 10.7544/issn1000-1239.2018.20170982
    Abstract754)   HTML6)    PDF (5215KB)(471)       Save
    The defensive research against Android physical sensor-based side-channel attacks mainly aims at the privacy leak which leverage mobile sensors as medium. The current defensive methods are malicious activity detection, virtual keyboards randomization, etc. However, these traditional methods can hardly protect user’s privacy from sensor-based side-channel attacks fundamentally, for the unpredictable user decision and variety of novel attacks. In order to overcome the above problems, this paper presents a defensive method against physical sensor-based side-channel attacks based on differential privacy. This defensive method interferes the process of side-channel construction by injecting random noise coincident with the Laplace distribution which can obfuscate the original sensor data. The primary challenge of the proposal method is reducing the success rate of side-channel attacks as much as possible on the premise that ensuring normal operation of the sensor-based function and user experience. Taking the advantages of a sensor-based function extraction tool SensorTainter we designed, the sensor-based functions are analyzed detailedly and classified according to the types of based sensors and algorithms, thus we estimate the ranges of sensor data obfuscation for each category of sensor-based function. By analyzing 47 144 apps and 9 typical sensor-based side-channel attacks, the experiment proves that our defensive method can effectively defense against sensor-based attacks, which results in an accuracy decrease of 27 percent points at most in one attempt during key-event side-channel attacks and about 7 percent points in tracking side-channel attacks. Because of implementing in Android framework, this defensive method is completely user transparent and has great expansibility.
    Related Articles | Metrics
    A Secure Transmission Model Between the Nodes in Clusters of Wireless Service System for Internet of Things
    Zhou Weiwei, Yu Bin
    Journal of Computer Research and Development    2018, 55 (7): 1393-1408.   DOI: 10.7544/issn1000-1239.2018.20170920
    Abstract654)   HTML1)    PDF (4899KB)(420)       Save
    To overcome the problem that the security capabilities of the communication deteriorate significantly in the presence of eavesdropping, malicious behaviors and privacy disclosure of user platform in wireless service system of IoT, a secure transmission model among clusters is proposed based on the trusted third party. A model for trusted authentication and mechanism for the enquiry of cluster address are constructed based on the condition of discrete logarithm problem and the bilinear mapping. This model generates the temporary identity according to the Hash function and random number to achieve anonymity and only provides enquiry service to the trusted clusters authorized by control center. The suppression of Rudolph attack between user platform and coordinator is taken into consideration by setting the trusted third party in authentication mechanism. In accordance with the key agreement between source cluster and clusters in the link, certificate validation and data filling mechanism, the nested encryption and decryption and flow analysis defense are achieved to guarantee the transmission security among clusters. On this basis, the security proof of data transmission model is presented. The theoretical analysis and experimental results show that the developed model performs well in terms of eavesdropping suppression, flow analysis inhibition and anonymity protection.
    Related Articles | Metrics
    An Attribute-Based Broadcast Encryption Scheme Suitable for the Broadcasting Network
    Li Xuejun, Yuan Yawen, Jin Chunhua
    Journal of Computer Research and Development    2018, 55 (7): 1409-1420.   DOI: 10.7544/issn1000-1239.2018.20180085
    Abstract641)   HTML5)    PDF (2315KB)(265)       Save
    In the transitional period, broadcasting network will cooperate with ‘cloud channel device’ to implement a unified layout and a service cloud platform. However, the opening cloud made the information security protection be hard in the broadcasting network. Attribute-based broadcast encryption technology combines the advantages of broadcast encryption and the attribute-based encryption technologies. It can securely transmit messages to multiple users and achieve flexible ciphertext access control. It is applicable to the broadcasting network which has multi-user and multi-service. However, most of the attribute-based broadcast encryption schemes up to now are not efficient enough and have many shortcomings, such as the long length of ciphertext, the big number of user private keys, the complicated calculation of encryption and decryption, and without weighted-attributes considering. In order to overcome the flaws of the attribute-based broadcast encryption schemes, the contribution of this paper is an efficient attribute-based broadcast encryption scheme for broadcasting network environment. This scheme is based on a classical broadcast encryption scheme, and the sender can choose the receiver set freely, achieving efficient user revocation. Adopt a dynamic weighted threshold access structure and introduce a wildcard mechanism which fixes the length of the broadcast ciphertext and enhance the flexibility of the ciphertext access control. The weighted attributes make the scheme more in line with the actual application environment. We incorporate a mediated attribute-based encryption to achieve outsourced storage and outsourced decryption. By this technology, we can effectively reduce the storage of private keys and computational overhead. Finally, through the security analysis and experimental simulation, we prove our scheme achieves choose plaintext attack (CPA) security safety, and has high efficiency.
    Related Articles | Metrics
    Position Based Digital Signature Scheme in IoTs
    Que Mengfei, Zhang Junwei, Yang Chao, Yang Li, Ma Jianfeng, Cui Wenxuan
    Journal of Computer Research and Development    2018, 55 (7): 1421-1431.   DOI: 10.7544/issn1000-1239.2018.20180065
    Abstract974)   HTML8)    PDF (1379KB)(406)       Save
    Nowadays, lots of location and time critical data has been collected by Internet of things (IoTs), such as intelligent fire control, intelligent transportation, environmental monitoring and so on. It is well known that the location and time information of these data will play an important role on some applications in IoTs. For example, the time and location information is generated in the fire alarm system, vehicle system and UAV data acquisition system. However, how to guarantee the security of these spatio-temporal data has become a challenge. One hand, the property of the data integrity should be provided; the other hand, the location and time information of the data origin should be unforgeable. This study investigates position based signatures as one of the solutions to the security of the spatio-temporal data in IoTs. Firstly, the static position based digital signature without considering time and the dynamic position based digital signature with time constraint is proposed respectively. Then, a position based digital signature protocol based on the bounded retrieval model in 3-dimension is proposed which satisfies the security requirements of dynamic conditions. Furthermore, by analyzing the security of our protocol, we conclude that the proposed protocol can resist collusion attack of the adversaries and satisfy the provable security.
    Related Articles | Metrics
    Ultra-Lightweight RFID Electronic Ticket Authentication Scheme in IoT
    Wang Yue, Fan Kai
    Journal of Computer Research and Development    2018, 55 (7): 1432-1439.   DOI: 10.7544/issn1000-1239.2018.20180075
    Abstract856)   HTML14)    PDF (1784KB)(335)       Save
    With the increasing popularity of IoT application technologies, one of the key technologies, called the radio frequency identification (RFID) technology, has been applied to more and more application scenarios in various fields. The electronic tickets apply RFID technology to traditional tickets, which makes the traditional tickets have the characteristics of being storable and identifiable as well as verifiable, bringing a great deal of convenience and efficiency to people’s daily life. Although, RFID systems in the application of electronic tickets still face many potential security risks, such as privacy leakage. To solve the security problems in the application of electronic tickets, an ultra-lightweight RFID security authentication scheme is presented in this paper. Compared with some schemes that use complex cryptographic algorithms, this scheme adopts simple logic operation and timestamp synchronization upgrade mechanism, which can effectively resist asynchronous attack and replay attack, and besides it can effectively prevent information leakage. At the same time, the method that the time stamp matches the label information in the database in this scheme greatly improves the efficiency of information searching in database. Through the analysis of security and efficiency, and the performance comparison and simulation, the proposed scheme has higher security and efficiency than some existing schemes.
    Related Articles | Metrics
    Home Wireless Router Protection Method Based on Cyber Deception
    Liu Qixu, Xu Chenchen, Liu Jingqiang, Hu Enze, Jin Ze
    Journal of Computer Research and Development    2018, 55 (7): 1440-1450.   DOI: 10.7544/issn1000-1239.2018.20180087
    Abstract835)   HTML0)    PDF (3290KB)(423)       Save
    With the rapid development of technologies on smart mobile devices, Internet and Internet of things, wireless routers have become the first choice for home networking. However, there are so many security issues on home wireless routers that the routers and the smart devices accessing them face great security risks. On the basis of the analysis and conclusions on the hardware, firmware, configuration management and communication protocols of wireless routers, a defense method for home wireless routers based on cyber deception is proposed, which can solve part of the security problems of wireless routers. Attacks can be misleaded by adding cyber deception method into the router system. On detecting attacks over HTTP, the suspected attack traffic is directed to the shadow server, which in turn reduces the security risk of the wireless router and provides data support for further works on attack forensic analysis and attacker traceability. OWCD, the wireless router defense framework prototype system, is designed and implemented based on OpenWrt and is deployed in Phicomm K1 wireless router for testing. The experimental results show that OWCD can effectively combat attacks on wireless routers such as weak password, CSRF, command injection, etc., and thus is an effective and feasible protection method.
    Related Articles | Metrics
    CREBAD: Chip Radio Emission Based Anomaly Detection Scheme of IoT Devices
    Ni Mingtao, Zhao Bo, Wu Fusheng, Fan Peiru
    Journal of Computer Research and Development    2018, 55 (7): 1451-1461.   DOI: 10.7544/issn1000-1239.2018.20180067
    Abstract857)   HTML1)    PDF (3587KB)(380)       Save
    with the rapid development of the Internet of things (IoT), IoT security issues have received widespread attention. The hardware and software features of IoT devices make them extremely vulnerable to all types of attacks. Anomaly detection of IoT devices has become a hot spot in recent years. The traditional protection methods based on intrusion detection and traffic analysis can not adapt to the hardware and software environment of IoT devices. In order to solve this problem, an anomaly detection scheme based on chip radiation is proposed. By using the electromagnetic wave signals of IoT devices radiating outwards during operation as detection basis, the original signals are extracted and selected by genetic algorithm and approximate entropy. Finally, the signal of normal behavior radiation is trained using a one-class support vector machine algorithm. The program has non-invasive features, without the need for any transformation of the original system hardware and software, applying to the existing IoT devices. The final experimental results show that compared with other commonly used anomaly detection schemes, this scheme can detect the abnormal behavior of IoT devices more effectively, with higher accuracy and lower false alarm rate.
    Related Articles | Metrics
    Blockchain-Based Trust Management Framework for Distributed Internet of Things
    Ren Yanbing, Li Xinghua, Liu Hai, Cheng Qingfeng, Ma Jianfeng
    Journal of Computer Research and Development    2018, 55 (7): 1462-1478.   DOI: 10.7544/issn1000-1239.2018.20180073
    Abstract1520)   HTML26)    PDF (5613KB)(944)       Save
    With the development of the Internet of things (IoT) technology, a new scenario emerges among various IoT networks in which different IoT networks form a large-scale, heterogeneous and dynamic distributed IoT environment. There is a need for various cooperations among devices and IoT authorities, for which it is necessary to establish a trust mechanism to promote cooperation. However, the existing researches on trust mechanism are mostly separated from the IoT environment, and do not consider the resource limitations of IoT devices as well as great differences among them in computing and storage capabilities, which results in the study of abstract trust mechanisms can not be directly applied to IoT. On the other hand, the existing researches on the issues of IoT trust rely on additional trusted third-party or inter-domain trust assumption, which is hard to be achieved in practice. In order to solve the above problems, we propose a trust management method which is suitable for distributed IoT with the help of blockchain and risk theory. Specifically, we embody the abstract concept of trust as an examination of expected credit and risk, and enable effective sharing of trust data using blockchain. Experimental simulation and analysis show that our method can quantify the trust effectively, protect the data from being tampered and have lower storage cost.
    Related Articles | Metrics
    PRE-TUAN: Proxy Re-Encryption Based Trusted Update Scheme of Authorization for Nodes on IoT Cloud
    Su Mang, Cao Mengyuan, Xie Rongna, Fu Anmin
    Journal of Computer Research and Development    2018, 55 (7): 1479-1487.   DOI: 10.7544/issn1000-1239.2018.20180056
    Abstract961)   HTML6)    PDF (1546KB)(443)       Save
    In the Internet of things (IoT) cloud platform, the data is collected and used by the nodes of IoT, and the processing and storage of data is based on the cloud platform. The platform has increased the data processing and sharing abilities of IoT, meanwhile, it also has enriched the resource in cloud and improved integration of the Internet and human world. All of this offers advantage as well as new problems of information security. As the characteristic and limitation of the nodes of IoT, they are particularly vulnerable, thus it is a crucial and urgent issue that how to realize the trusted update of authorization for the hijacked nodes . In order to solve this problem, we propose a PRE based trusted update scheme of authorization for nodes on IoT cloud platform (PRE-TUAN). At first, we define the system model including the trusted IoT data server and permission management server, and the semi-trusted proxy re-encryption server in cloud. Secondly, describe the system processing and algorithms. Finally, analyze and prove the security of PRE-TUAN. PRE-TUAN is based on the proxy re-encryption (PRE), which will reach the full potential of cloud computing, and ensure the security and reliability of the data in IoT cloud.
    Related Articles | Metrics
    Efficient Detection of False Data Fusion in IoT
    Xu Zhiwei, Zhang Yujun
    Journal of Computer Research and Development    2018, 55 (7): 1488-1497.   DOI: 10.7544/issn1000-1239.2018.20180123
    Abstract823)   HTML5)    PDF (2727KB)(305)       Save
    Data fusion is the critical process for data transmission in the Internet of things (IoT). In data fusion process, the original sensing data is processed and aggregated in the network, and only the aggregated results of data fusion are sent to the application layer, which effectively reduces the resource consumption and alleviates the workload on the sink node. Since no network node caches the aggregated data in the data fusion process, it is impossible to detect and locate the false data injection attack against data fusion results. In order to mitigate this significant vulnerability, an efficient detection scheme of false data fusion is proposed in this paper. By modeling the data fusion process, we discover and model the relationship between the input data and the fusion results, and apply the obtained model to detect abnormal data fusion results. In this way, we can mitigate malicious data fusion and optimize the IoT transmission security. In detail, we first collect input data and the relevant data fusion results for each node, and a compressed feature representation mechanism is designed to improve the data collection efficiency and reduce the resource consumption. In addition, a data fusion model based on probabilistic graph model is proposed to depict the spatial and temporal relationship between the input data and the data fusion results. Ultimately, we take the model to detect the abnormal data fusion results in an efficient way. The experimental results demonstrate that the proposed detection scheme can detect malicious data fusion operations efficiently and accurately and thus guarantee IoT transmission security.
    Related Articles | Metrics
    A Large-Scale Cross-Platform Homologous Binary Retrieval Method
    Chen Yu, Liu Zhongjin, Zhao Weiwei, Ma Yuan, Shi Zhiqiang, Sun Limin
    Journal of Computer Research and Development    2018, 55 (7): 1498-1507.   DOI: 10.7544/issn1000-1239.2018.20180078
    Abstract893)   HTML7)    PDF (3007KB)(437)       Save
    Due to the extensive code reuse, homologous binaries are widely found in IoT firmwares. Once a vulnerability is found in one firmware, other firmwares sharing the similar piece of codes are at high risk. Thus, homologous binary search is of great significance to IoT firmware security analysis. However, there are still no scalable and efficient homologous binary search methods for IoT firmwares. The time complexity of the traditional method is O(N), so it is not scalable for large-scale IoT firmwares. In this paper, we design, implement, and evaluate a scalable and efficient homologous binary search scheme for IoT firmwares with time complexity O(lgN). The main idea of our methodology is encoding binary file’s readable strings by deep learning network and then generating a local sensitive Hash of the encoding vector for the fast retrieval. We compiled 893 open source components based on 16 different compile-time parameters, resulting in 71 129 pairs of labeled binary files for training and testing the network model. The results show that our method has better ROC characteristics than the traditional method. In addition, the study case shows that our method can complete one homologous binary file retrieval task for 22 594 firmware in less than 1 second.
    Related Articles | Metrics