ISSN 1000-1239 CN 11-1777/TP

Table of Content

01 October 2015, Volume 52 Issue 10
Survey of Android Vulnerability Detection
Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang
2015, 52(10):  2167-2177.  doi:10.7544/issn1000-1239.2015.20150572
Asbtract ( 2515 )   HTML ( 19)   PDF (1658KB) ( 1944 )  
Related Articles | Metrics
Vulnerability plays a critical role in Android security. Therefore it is very meaningful to do research on vulnerability detection techniques, which can enhance Android security and protect user’s privacy. In this paper, we firstly summary the number trends and categories of Android vulnerabilities from 2008 to 2015. Then we analyze the research progress of Android security from 2012 to 2014 and propose an overview of Android vulnerability detection techniques. After that, we detail the techniques frequently using in current researches, such as taint analysis, reachable path discovery, symbolic execution and fuzzing test. In addition, we also focus on the techniques combining static analysis and dynamic test such as concolic testing and directed fuzzing. At last, we conclude the status quo and open source tools in Android vulnerability detection, and propose valuable issues which are worth further studying.
A Cloud Model Based Trust Evaluation Model for Defense Agent
Yu Yang, Xia Chunhe, Wang Xinghe
2015, 52(10):  2178-2191.  doi:10.7544/issn1000-1239.2015.20150417
Asbtract ( 918 )   HTML ( 0)   PDF (4031KB) ( 596 )  
Related Articles | Metrics
All defense agents (DAs) are trustworthy and controllable by default during the implementation of defense scheme in the computer network collaborative defense (CNCD) system. But this unreasonable assumption does not hold in the open network environment. Malicious agent will be led into the deployment of CNCD defense scheme and the fail rate of defense schemes will be raised under this assumption, which will decrease the security of the whole system. To address this issue, trust evaluation should be conducted. In the present research work, a trust evaluation model of CNCD is proposed. The model can describe trust from the aspects of randomness and fuzziness, and conduct trust updating. The trust evaluation model includes two key parts: task execution evaluation and defense agent trust updating. Evaluation functions of DAs’ feedback, including functions of finish time (FT) and defense quality (DQ), are studied in detail. Two properties of trust, including time decay and asymmetry, are adopted in the evaluation functions of DAs’ feedback. A sliding time window-based dual weight direct trust cloud model (STBCM) is likewise proposed for trust updating. The contrast experiments show that the proposed algorithm has lower fail rate of defense scheme, and can provide support for the trust deployment of the CNCD scheme.
An Auditing Protocol for Data Storage in Cloud Computing with Data Dynamics
Qin Zhiguang, Wang Shiyu, Zhao Yang, Xiong Hu, Wu Songyang
2015, 52(10):  2192-2199.  doi:10.7544/issn1000-1239.2015.20150509
Asbtract ( 1011 )   HTML ( 3)   PDF (1758KB) ( 914 )  
Related Articles | Metrics
Data integrity checking for cloud storage services has attracted widespread attention from academia and industry recently. However, some issues should be addressed in case the dynamic operations are considered, because the dynamic auditing schemes are vulnerable to replay attacks mounted by the malicious cloud servers, and also cannot support the multi-granular dynamic operations well. This paper proposes a hierarchical auditing protocol for data storage in cloud computing with data dynamics by incorporating the idea of Merkle Hash tree (MHT) and bilinear pairings technology. In this paper, the basic block has been divided into a number of smaller blocks by utilizing the hierarchical index structures, and every leaf of the Merkle Hash Tree is associated with multiple blocks, so our scheme can reduce the length of the Merkle Hash Tree effectively. The proposed scheme can not only meet the security demands of cloud storage services for data integrity, but also support the user to perform multi-granular dynamic operations. In addition, the communication costs of the dynamic operations derived from the user and the auditing operations derived from the auditor have been greatly reduced. Finally, security analysis and performance analysis show that our proposed scheme is secure and efficient.
SPFPA: A Format Parsing Approach for Unknown Security Protocols
Zhu Yuna, Han Jihong, Yuan Lin, Chen Hantuo, Fan Yudan
2015, 52(10):  2200-2211.  doi:10.7544/issn1000-1239.2015.20150568
Asbtract ( 973 )   HTML ( 1)   PDF (3827KB) ( 614 )  
Related Articles | Metrics
Format parsing for unknown security protocols is a critical problem that needs to be solved in the information security field. However, previous network-trace-based format parsing methods have only considered the plaintext format of payload data, and have not been suitable for security protocols which include a large number of ciphertext data. In this paper, to infer the message format of unknown security protocols from a large mount of network traces, we propose a novel format parsing approach-named SPFPA (security protocols format parsing approach). SPFPA presents a hierarchical method to extract the protocol keywords sequences using sequential pattern mining for the first time, which provides a new idea for plaintext format parsing. On this basis, SPFPA introduces a set of heuristics to search the possible ciphertext length fields, and then identifies ciphertext length fields and the corresponding ciphertext fields by using the randomness feature of ciphertext data. Finally we evaluate SPFPA on four classical security protocols, i.e. SSL protocol, SSH protocol, Needham-Schroeder (NS) public key protocol and sof protocol. Our experimental results show that without using dynamic binary analysis, SPFPA can parse true protocol format effectively, i.e. invariant fields, variable fields, ciphertext length fields and ciphertext fields, purely from network traces, and the inferred formats are highly accurate in identifying the protocols.
pTrace: A Counter Technology of DDoS Attack Source for Controllable Cloud Computing
Li Baohui, Xu Kefu, Zhang Peng, Guo Li
2015, 52(10):  2212-2223.  doi:10.7544/issn1000-1239.2015.20150577
Asbtract ( 905 )   HTML ( 2)   PDF (2829KB) ( 730 )  
Related Articles | Metrics
Currently, a growing number of attack sources of distributed denial of service (DDoS) are migrating to cloud computing and bringing a greater security challenge to the whole cyberspace. However, the research on effectively suppressing these attack sources is still deficient. So, this paper proposes a method pTrace to defeat the DDoS attack sources in cloud, which comprising the packet filter module inFilter and the malicious process retroactive module mpTrace. inFilter mainly filters packets with forged source address. And, mpTrace firstly identifies attack streams and their corresponding source addresses, then trace malicious processes based on the obtained source addresses. We have implemented a prototype system under Openstack and Xen environment. Experimental results and analysis show that inFilter can prevent large-scale DDoS attack frombeing launched in cloud center with lower time consumption, and mpTrace can identify a attack flow correctly when its flow rate is about 2.5 times the normal traffic, tracing malicious processes in ms time level. At last, this method reduces the impact both on puppet cloud tenant and the victim outside cloud.
A Trustzone-Based Trusted Code Execution with Strong Security Requirements
Zhang Yingjun, Feng Dengguo, Qin Yu, Yang Bo
2015, 52(10):  2224-2238.  doi:10.7544/issn1000-1239.2015.20150582
Asbtract ( 1270 )   HTML ( 1)   PDF (3579KB) ( 885 )  
Related Articles | Metrics
We propose a secure scheme for trusted code execution on mobile embedded devices based on the idea of program whitelist, which is focus on the application scenarios with strong security requirements and fixed calculation functions, such as industrial 4.0 and “bring your own device”. We leverage the trusted execution environment provided by ARM Trustzone and the virtual memory protection mechanism of ARM to build an enclave in the OS kernels address space, which cannot be tampered by the untrusted OS kernel itself. Some monitor functions are placed in the enclave to provide integrity protection for executable files, runtime code and runtime control flow of trusted processes, ensuring that only authorized code complying with the whitelist strategy can be executed on target devices. The sheme also enhances the security for communications between the target devices and the center control server by building secure shared memory areas between communication client processes and Trustzone secure world, and by building a trusted timer interrupt source in Trustzone secure world. Secure protocols for whitelist update and platform status attestation are proposed based on these security enhancements. We implement the prototype system on real Trustzone-enable hardware devices. The experimental results show that our scheme achieves ideal usability, security and efficiency.
Multi-Criteria Mathematical Programming Based Method on Network Intrusion Detection
Wang Bo, Nie Xiaowei
2015, 52(10):  2239-2246.  doi:10.7544/issn1000-1239.2015.20150587
Asbtract ( 957 )   HTML ( 3)   PDF (968KB) ( 625 )  
Related Articles | Metrics
Multi-class classification models are often applied in real applications with multiple classes involved, such as credit card client analysis and disease diagnosis prediction. In fact, a network can be attacked by multiple hackers, which is also a typical multiple classes problem. Instead of building a firewall to prevent the network system, which is called a passive protection, one should find out the different attacking behaviors of the hackers for a positive defense. This paper promotes multi-criteria mathematical programming (MCMP) model for dealing with various kinds of attacks in network security. Without directly solving a convex mathematical programming problem, the proposed method only performs matrix computation for its optimal solution, which is easy to be realized. In addition, the concept of e-support vector is employed to facilitate the computation of large-scale applications. For nonlinear case, kernel technique is also applied. Using a newly well-known network intrusion dataset, called NSL-KDD, the paper demonstrates that the proposed method can achieve both high classification accuracies and low false alarm rates for multi-class network intrusion classification.
Advances in Key Techniques of Practical Secure Multi-Party Computation
Jiang Han, Xu Qiuliang
2015, 52(10):  2247-2257.  doi:10.7544/issn1000-1239.2015.20150763
Asbtract ( 2114 )   HTML ( 7)   PDF (1937KB) ( 1966 )  
Related Articles | Metrics
In the setting of secure multi-party computation, two or more parties with private inputs wish to compute some joint function of their inputs and achieve the security requirements of privacy, correctness, independence of inputs and more. Secure multi-party computation is not only the general basic research of secure protocol, but also applied in many applications such as coin-tossing, electronic voting and private information retrieval schemes. The research of secure multi-party computation provides a central tool in many area of cryptography. In recent years,secure multi-party computation has been advancing in leaps and bounds, especially in the practical techniques; the practical technology becomes a new attractive field in secure multi-party computation. In this paper, we introduce the main advances and results of practical secure multi-party computation, and focus on three major supporting techniques, which include garbled circuits optimization, cut-and-choose technique and oblivious transfer extension.These techniques significantly improve the efficiency of secure multi-party computation in different aspects.
A Strongly Secure Lattice-Based Key Exchange Protocol
Wen Weiqiang, Wang Libin
2015, 52(10):  2258-2269.  doi:10.7544/issn1000-1239.2015.20150518
Asbtract ( 964 )   HTML ( 1)   PDF (1679KB) ( 780 )  
Related Articles | Metrics
A strongly secure concrete authenticated key exchange protocol is proposed based on lattice problems. Firstly, a passively secure lattice-based key exchange protocol is presented, which is different from previous generic construction based on encryption, and achieves better efficiency; secondly, following the design idea of the efficient HMQV protocol, we design a concrete lattice-based “challenge-response” signature; finally, we propose a PACK secure authenticated key exchange protocol by combining the lattice-based passively secure key exchange protocol and the lattice-based “challenge-response” signature, and specify the computing devices of all computation processes based on better balance between security and efficiency. The proposed protocol is provably secure based on the learning with error problem (LWE) and inhomogeneously short integer solution problem, and the hardness of these two problems can be based on the hardness of lattice problem assumption, thus its security is also based on the lattice problem assumptions. In addition, the proposed protocol has many superior properties, e.g., it is concrete and does not rely on any chosen ciphertext secure primitives, at the same time, it achieves implicit authentication, which provides better privacy.
Adaptively Secure Outsourcing Ciphertext-Policy Attribute-Based Encryption
Wang Hao, Zheng Zhihua, Wu Lei, Wang Yilei
2015, 52(10):  2270-2280.  doi:10.7544/issn1000-1239.2015.20150497
Asbtract ( 899 )   HTML ( 0)   PDF (1156KB) ( 732 )  
Related Articles | Metrics
Attribute-based encryption (ABE) is a type of public key encryption that allows users to encrypt and decrypt messages based on users attributes. In such a system, the decryption of a ciphertext is possible only if the set of the attributes of the user key matches the access policy of the ciphertext. Given its expressiveness, ABE is currently being considered for many network applications, especially for cloud storage and cloud computing. However, one of the main drawbacks of ABE is that the running time of encryption and decryption grows with the complexity of the access formula or the number of attributes. In practice, this makes encryption and decryption be possible bottlenecks for a lot of applications. In this work, we introduce outsourcing ABE system to mitigate this problem. In the outsourcing ABE system, users can outsource a part of the storage and computing tasks to some semi-honest servers. It is significant for mobile devices to save storage and computational resources. Then, we propose a specific outsourcing ciphertext-policy ABE (CP-ABE) scheme using the composite order bilinear groups. In our scheme, the local computation of (online) encryption and decryption can reach constant level. Finally, we prove its adaptive security in the standard model using the methodology of dual system encryption.
A Privacy Preserving Attribute-Based Encryption Scheme with User Revocation
Li Jiguo, Shi Yuerong, Zhang Yichen
2015, 52(10):  2281-2292.  doi:10.7544/issn1000-1239.2015.20150580
Asbtract ( 866 )   HTML ( 4)   PDF (1296KB) ( 843 )  
Related Articles | Metrics
Since Sahai and Waters proposed the concept of attribute-based encryption, ciphertext-policy attribute-based encryption (CP-ABE) system has drawn more and more attentions due to its widespread use of scenes. The consumption of the battery is not economical for users who use attribute-based encryption on mobile devices because of the large number of bilinear pairing operations. Due to dynamic for user’s attributes and the openness of the access structure in the cloud environment, it may lead to the attribute failure and user privacy leakage. In order to solve above problems, we construct an attribute-based encryption scheme, which protects the privacy for the users by fully hidden access structure and supports flexible user revocation by key updating mechanisms. Meanwhile, we outsource the high computational cost of the bilinear pairing operations to the cloud storage providers, which reduces the computational expense of users for mobile devices. In order to curb cloud misconduct or malicious attacks on the cloud, we provide the verification function of the converted ciphertext which ensures the converted encrypted cipher text is not replaced illegally. The proposed scheme is more suitable for secure mobile cloud applications.
Accountable Attribute-Based Encryption Scheme Without Key Escrow
Zhang Xing, Wen Zilong, Shen Qingni, Fang Yuejian, Wu Zhonghai
2015, 52(10):  2293-2303.  doi:10.7544/issn1000-1239.2015.20150550
Asbtract ( 899 )   HTML ( 3)   PDF (1601KB) ( 811 )  
Related Articles | Metrics
To ensure the security of sensitive data on cloud storage, people need to store them in encrypted form. Attribute-based encryption (ABE) is widely applied to the fine-grained sharing of encrypted data stored in the third parties. However, there exist three types of data confidentiality issues in ABE schemes: 1) As secret key does not contain identity-specified information, a user can share his/her secret key without being identified; 2) Key generation center (KGC) can generate a user’s secret key with arbitrary access structure or attribute set; 3) KGC can decrypt ciphertext directly using its master key. As the existence of these three issues, the security of data in the ABE system faces great challenges. In this paper, we proposed an accountable key-policy attribute-based encryption scheme without key escrow (WoKE-AKP-ABE). In our construction, we have two authorities which are KGC and attribute authority (AA). KGC generates identity-related part in user’s secret key, and KGC and AA generate attribute-related part through cooperation. Our scheme has chosen plaintext security in the selective-set model under the decisional bilinear Diffie-Hellman assumption and can resist the attack from not only dishonest user or authority but also the collusion between user and single authority. Our scheme can trace decoder box in black-box model.
A Trustee-Based and Efficient Divisible E-Cash Scheme
Yu Yulei, Dong Xiaolei, Cao Zhenfu
2015, 52(10):  2304-2312.  doi:10.7544/issn1000-1239.2015.20150596
Asbtract ( 836 )   HTML ( 2)   PDF (1385KB) ( 689 )  
Related Articles | Metrics
Divisible e-cash systems allow users to purchase a coin of value 2\+l and spend it part by part. This system not only need to ensure the anonymity of users, but also can detect double-spending behavior from malicious user. In 2015, Canard presented the first efficient divisible e-cash system in both random oracle model and standard model. In the system, for the coin of value 2\+l, the deposit protocol involves up to 2\+l pairing operations. When the value of coin is big, the divisible e-cash system will face challenges. If the value is 2\+{20}, the system will withstand huge computation pressure; if the value is 2\+{30}, it will be a state of collapse. For these potential shortcomings, independent of the work of Canard, we propose a more efficient divisible system based on a trusted third-party, as an improved version of Canard’s system. In the scheme, we make use of a trusted third-party, and reduce the number of public parameters and the number of zero-knowledge proof. Especially in the deposit operation, the complexity of deposit protocol is a linear correlation with l, which provides the possibility for solving the problem of large electronic cash.
A Discretionary Searchable Encryption Scheme in Multi-User Settings
Li Zhen, Jiang Han, Zhao Minghao
2015, 52(10):  2313-2322.  doi:10.7544/issn1000-1239.2015.20150504
Asbtract ( 995 )   HTML ( 1)   PDF (1106KB) ( 759 )  
Related Articles | Metrics
Searchable encryption (SE) allows a client to store a collection of encrypted documents on a server and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. Searchable encryption is an active area of research and a number of schemes with different efficiency and security characteristics have been proposed in the literature. In terms of the multi-user setting, most existing schemes involve a fully-trusted third-party to assign permission among users. In this paper, based on bilinear pairing, we propose a multi-user searchable encryption scheme without the trusted third-party. Specifically, we allow users to discretionarily authorize the documents which other users can access, by maintaining rights assignment matrix to the cloud service provider(CSP) which is honest but curious. Moreover in our scheme, in the searching phase the user can search the documents he wants meanwhile has access to, and accordingly reduce the search scopes of the cloud server. In addition, based on bilinear pairing, we solve the problem of symmetric key distribution, which is neglected in most existing schemes. Actually it implies security risks if the symmetric key is shared among the users. Lastly, we provide formal security proof of our scheme in random oracle model.
A Universally Composable Secure Group Ownership Transfer Protocol for RFID Tags
Yuan Bianqing, Liu Jiqiang
2015, 52(10):  2323-2331.  doi:10.7544/issn1000-1239.2015.20150555
Asbtract ( 861 )   HTML ( 0)   PDF (1387KB) ( 517 )  
Related Articles | Metrics
In some applications, it is often needed to simultaneously transfer the ownership of a group of RFID (radio frequency identification) tags in a session. However, most of the existing group ownership transfer schemes for RFID tags generally require the support of a trusted third party, and they often have many security and privacy protection issues. Based on the analysis of security requirements, a secure and efficient group ownership transfer protocol for RFID tags is designed. The new protocol supports simultaneous ownership transfer of a group of RFID tags without a trusted third party. Then, in the UC(universally composable) framework, an ideal functionality capturing the secure group ownership transfer for RFID tags is formally defined, and it is proved that the new protocol realizes the above defined ideal functionality. Compared with the existing group ownership transfer protocols for RFID tags, the new protocol provides the security and privacy properties such as anonymity, untraceability, mutual authentication, authorized access, resistance to de-synchronization attack, forward privacy protection and backward privacy protection. Meanwhile, it satisfies UC security. Furthermore, the new protocol has low computational complexity. In addition, the number of storage on the tag and the number of interaction among the entities are small.
Rational Secret Sharing Scheme Based on Reconstruction Order Adjustment Mechanism
Liu Hai, Li Xinghua, Ma Jianfeng
2015, 52(10):  2332-2340.  doi:10.7544/issn1000-1239.2015.20150511
Asbtract ( 626 )   HTML ( 0)   PDF (943KB) ( 610 )  
Related Articles | Metrics
Rational secret sharing aims to design the realistic secret sharing scheme and to guarantee its fairness by introducing selfish players. However, due to the requirement that the dealer knows all kinds of players payoffs accurately, the stability of the reconstruction game is not taken into account. It might cause that, during the execution of the existing rational secret sharing schemes, the players who deviate from the prescribed protocol obtain the secret, whereas the others who follow the prescribed protocol faithfully cannot. To prevent this unfair solution, combined with the incentive compatibility principle of mechanism design, this paper makes use of the method that the number of reconstruction rounds is randomly chosen by the dealer, and devises the reconstruction order adjustment mechanism to effectively restrict the selfishness of rational players. Then, a rational secret sharing scheme with unknown reconstruction rounds is proposed. The analysis shows that the proposed scheme can realize the subgame perfect equilibrium of the reconstruction game and ensure its stability. That is, the fairness of the proposed scheme is achieved. In addition, comparied with several typical schemes in communication type, the number of reconstruction rounds and additional assumption, the results illustrate that the presented scheme is not only fair, but also has better practicality.
Advances of Privacy Preservation in Internet of Things
Dong Xiaolei
2015, 52(10):  2341-2352.  doi:10.7544/issn1000-1239.2015.20150764
Asbtract ( 2091 )   HTML ( 8)   PDF (2292KB) ( 1827 )  
Related Articles | Metrics
Internet of things (IoT) has been increasingly applied to kinds of new network environments. In the ciphertext access control of IoT, it is required to achieve fine-grained access control policy on the authorized entities. Unfortunately, the traditional communication channel security cannot well satisfy the security and privacy requirements from the “one-to-many” and “many-to-many” scenarios such as resisting the secret key sharing attack. Privacy preserving outsourced computation in IoT can realize secure data aggregation and signal processing in the encrypted domain, protect the individual data privacy and the aggregation result privacy, and verify the correctness of computation. However, most of the existing work exploited (fully) homomorphic encryption directly on data themselves, incurring inefficiency and significantly deviating from the principle of hybrid encryption. To address the issues outlined above, in this paper, we introduce recent concrete solutions exploiting cryptographic techniques, especially presenting the following two results proposed by our research team: a new mechanism of traceable and revocable attribute-based encryption and a new method of lightweight privacy preserving aggregating n data by executing the public key encryption only once. On the meanwhile, we also give a survey on the privacy preserving techniques in popular network services such as smart grid, wireless body area network and wireless vehicular ad hoc network, and suggest the recent advances and results with respect to the challenging open problems in this research field all over the world.
Privacy-Preserving Public Auditing for Multiple Managers Shared Data in the Cloud
Fu Anmin, Qin Ningyuan, Song Jianye, Su Mang
2015, 52(10):  2353-2362.  doi:10.7544/issn1000-1239.2015.20150544
Asbtract ( 948 )   HTML ( 0)   PDF (1317KB) ( 697 )  
Related Articles | Metrics
With the wide use of the cloud storage service, user data is not only stored in the cloud, but also shared among multiple users. To ensure the integrity of the shared data in the cloud, the researchers have proposed many public auditing schemes for group shared cloud data. However, the existing schemes just consider that the group users only include a single group manager without considering that multiple group managers may exist in a group simultaneously and the problem of frameability when tracing the real identity of the group user is also not taken into account. The proposed scheme gives the first public auditing security model for a group shared data with multiple managers, and constructs homomorphic authenticable group signature with multiple group managers based on revocable group signature and (t,s) secret sharing scheme, and designs the first public auditing scheme for a group shared data with multiple managers. The proposed scheme not only can achieve multi-levels privacy-preserving abilities like identity privacy, traceability and non-frameability, but also can well support group user revocation and resuming. Moreover, the overhead of the auditing does not grow with the number of the group uses, which ensures the feasibility and the efficiency of the scheme.
A Community Detecting Method Based on the Node Intimacy and Degree in Social Network
Liu Yao, Kang Xiaohui, Gao Hong, Liu Qiao, Wu Zufeng, Qin Zhiguang
2015, 52(10):  2363-2372.  doi:10.7544/issn1000-1239.2015.20150407
Asbtract ( 1198 )   HTML ( 13)   PDF (2126KB) ( 1559 )  
Related Articles | Metrics
Social network is an extension of realistic society in cyberspace. The research on structural characteristics of social network has an important significance on network architecture discovery, network behavior forecast and network security protection. The community structure is one of the basic and important structural characteristics of social network. In recent years, a lot of algorithms for community detecting in social network have been proposed. But they always focuse on unweighted networks, and can’t handle the more and more complex connect relationships between nodes. In order to measure the connection strength in directed and weighted networks, a new definition of node intimacy is proposed. Then, a community detecting method based on node intimacy and degree (CDID) is designed. This method is verified through a series of experiments on synthetic datasets and real-world social network datasets. Compared with other state-of-the-art algorithms, this methed can obtain more accurate community division results under a reasonable run time. And it also provides a unification community detecting method for the four different type networks, such as undirected-unweighted, directed-unweighted, undirected-weighted and directed-weighted networks.
Towards Measuring Unobservability in Anonymous Communication Systems
Tan Qingfeng, Shi Jinqiao, Fang Binxing, Guo Li, Zhang Wentao, Wang Xuebin, Wei Bingjie
2015, 52(10):  2373-2381.  doi:10.7544/issn1000-1239.2015.20150562
Asbtract ( 10475 )   HTML ( 44)   PDF (6861KB) ( 4399 )  
Related Articles | Metrics
Anonymous communication technique is one of the main privacy-preserving techniques, which has been widely used to protect Internet users’ privacy. However, existing anonymous communication systems are particularly vulnerable to traffic analysis, and researchers have been improving unobservability of systems against Internet censorship and surveillance. However, how to quantify the degree of unobservability is a key challenge in anonymous communication systems. We model anonymous communication systems as an alternating turing machine, and analyze adversaries’ threat model. Based on this model, this paper proposes a relative entropy approach that allows to quantify the degree of unobservability for anonymous communication systems. The degree of unobservability is based on the probabilities of the observed flow patterns by attackers. We also apply this approach to measure the pluggable transports of TOR, and show how to calculate it for comparing the level of unobservability of these systems. The experimental results show that it is useful to evaluate the level of unobservability of anonymous communication systems. Finally, we present the conclusion and discuss future work on measuring unobservability in anonymous communication systems.
Study on Semi-Homogenous Algorithm Based on Ring Generalization
He Xianmang, Chen Yindong, Li Dong, Hao Yanni
2015, 52(10):  2382-2394.  doi:10.7544/issn1000-1239.2015.20150494
Asbtract ( 882 )   HTML ( 0)   PDF (2951KB) ( 523 )  
Related Articles | Metrics
Data privacy has been a hot research topic in the database theory and cryptography communities in the past few decades. To prevent the disclosure of privacy, it requires preserving the anonymity of sensitive attributes in data sharing. The attribute values on quasi-identifiers often have to be generalized before data sharing to avoid linking attack, and thus to achieve the anonymity in data sharing. However, without careful treatment, it’s of high risk of privacy leakage for data anonymity. Among these solutions , data generalization is an important technique for privacy preserving in data publication and attracts considerable attention in the literature, which increases the uncertainty of attribute values, and leads to the loss of information to some extent. The non-homogenous algorithm which is based on ring generalization, can reduce the information loss, and in the meanwhile, offering strong privacy preservation. This paper presents an algorithm to generate all the permutations, and studies the cardinality of the permutations based on the ring generalization. In addition, we prove that its cardinality is O(α\+n), α>1. Furthermore, we propose a semi-generalization algorithm which can meet the requirement of preserving anonymity of sensitive attributes in data sharing, and greatly reduce the amount of information loss resulting from data generalization for implementing data anonymization.
Privacy Requirement Modeling and Consistency Checking in Cloud Computing
Wang Jin, Huang Zhiqiu
2015, 52(10):  2395-2410.  doi:10.7544/issn1000-1239.2015.20150513
Asbtract ( 782 )   HTML ( 2)   PDF (3193KB) ( 546 )  
Related Articles | Metrics
As a scalable and hierarchical distributed collaboration paradigm, cloud computing is envisioned as a XaaS (X as a service) architecture, combined with the advantage of reducing cost by sharing computing and storage resources. Although there is a large push towards cloud computing, privacy issues are the major challenges which inhibit the cloud computing wide acceptance in practice. How to precisely describe the privacy requirement and guarantee the privacy requirement among different participants consistent with each other are two key issues in cloud computing privacy protection. Based on systematical analysis of the privacy requirement classification and design goals, a declarative privacy policy language, DPPL, is proposed with its formal semantics. This language not only considers the hierarchical structure of the privacy datum, role and purpose, but also presents a series of declarative event templates to support the temporal constraints. To verify the consistency of different privacy requirements, the single-event finite automaton model for DPPL and its generation algorithm are given. Furthermore, to mediate the space explosion dilemma in traditional formal verification, the requirement model reduction rules based on the relationship among privacy actions are stated. Finally, we evaluate our approach with the case study and prototype implementation, and certify the correctness and feasibility of our method.
Collaboration Supported Mandatory Access Control Model
Fan Yanfang, Cai Ying
2015, 52(10):  2411-2421.  doi:10.7544/issn1000-1239.2015.20150574
Asbtract ( 667 )   HTML ( 0)   PDF (2262KB) ( 492 )  
Related Articles | Metrics
According to the national classified protection of information system, information systems whose levels are above three must provide mandatory access control and label. Due to rigid access control rules, existing mandatory access control models are difficult to satisfy the new requirements of collaborative environment. In this paper, we firstly analyze the requirements of access control in collaborative environment. Then, we propose the access control policies according to a very popular scenario. And then, we propose a mandatory access control model with collaboration supported and prove the security of the model by noninterference theory. At last, we compare this models with other related models, and use an application example to show the application of this model. In general, this model integrates task-centric access control with the subject-object-centric access control. The flexibility of the model is greatly enhanced and this model can be considered as an active access control model which is more perfect to be used in collaborative environment. Through controlling the security label of subjects and objects, the bi-directional information flow which is compliant with security policies is solved.
Provable Data Possession by Partial Delegation
Zhong Ting, Han Xiao, Zhao Yulong
2015, 52(10):  2422-2430.  doi:10.7544/issn1000-1239.2015.20150515
Asbtract ( 854 )   HTML ( 2)   PDF (1046KB) ( 585 )  
Related Articles | Metrics
Provable data possession (PDP) is an important integrity checking technique in cloud storage. By using PDP, the client moves its data to cloud server and checks the possession of the data with constant computation. However, the client sometimes is not available to check its data possession. For example, the client wants to check its data which are stored in cloud server when he is in prison or at sea. In those cases, a convenient way to delegate the power of checking data possession to a proxy is necessary. In order to solve this problem, we propose a new provable data possession based on partial delegation (PDPPD). The PDPPD system model and security model are based on bilinear pairing and partial delegation. And the major feature of the proposed scheme is following: the client can delegate verification power to the proxy by sharing the converted secret key with the proxy, and the client can revoke or delete the proxy in an easy way at any time. Through our security analysis, the proposed scheme is provably secure. Compared with existing PDP schemes, the proposed scheme has less computation and communication overhead with the same level of security and also has wider application scenarios.