ISSN 1000-1239 CN 11-1777/TP

Table of Content

01 October 2016, Volume 53 Issue 10
Research Advances on Big Data Security and Privacy Preserving
Cao Zhenfu, Dong Xiaolei, Zhou Jun, Shen Jiachen, Ning Jianting, Gong Junqing
2016, 53(10):  2137-2151.  doi:10.7544/issn1000-1239.2016.20160684
Asbtract ( 3589 )   HTML ( 52)   PDF (2684KB) ( 3047 )  
Related Articles | Metrics
Nowadays, data security and privacy preserving have been definitely becoming one of the most crucial issues in the big data setting, where data encryption plays the most important role to achieve these goals. Therefore, to explore new data encryption techniques and new modes of big data processing has emerged as one of the most popular research topics all over the world. During the whole life cycle of data, the problems of computation, access control and data aggregation in the ciphertext domain (ciphertext computation, ciphertext access control and ciphertext data aggregation) are three critical issues in this research field. In this paper, we firstly review the state-of-the-art in the field of ciphertext computation, ciphertext access control and ciphertext data aggregation by identifying their inappropriateness. Based on it, a series of recent results in this research field are presented. In the aspect of ciphertext computation, a new method of designing efficient privacy preserving outsourced computation by reducing the usage times of public key encryption is proposed, with the implementation of a concrete construction which is realized by one time offline computation of any one-way trapdoor permutation without exploiting the technique of public key (fully) homomorphic encryption. In the aspect of ciphertext access control, a short ciphertext size traceable and revocable attribute-based encryption supporting flexible attributes is proposed. In the aspect of ciphertext data aggregation, an efficient privacy preserving data aggregation protocol with both input privacy and output privacy is devised without exploiting public key additive homomorphic encryption. Finally, we also suggest several interesting open research issues and the trend in the future.
Secure Multiparty Computation in Cloud Computing
Jiang Han, Xu Qiuliang
2016, 53(10):  2152-2162.  doi:10.7544/issn1000-1239.2016.20160685
Asbtract ( 2519 )   HTML ( 24)   PDF (1569KB) ( 2177 )  
Related Articles | Metrics
The emergence and rapid development of cloud computing structurally change the computation models of secure multi-party computation. In cloud environment, the computation task, the participants and the external environment of secure multi-party computation are becoming diversified and complicated. Using huge cloud resources to design and implement the secure multi-party computation protocol becomes a new research area. Cloud computing provides the resources to implement secure multi-party computation protocols, meanwhile, it also brings new challenge. In this paper, a survey for generalmulti-party computation in cloud setting, as well as some specific cloud-based secure multi-party computation protocols are given. Also, our opinions of the problem in the current researches and the directions for future works on multi-party computation in cloud setting are proposed.
Survey of HTML5 New Features Security
Zhang Yuqing, Jia Yan, Lei Kenan, Lü Shaoqing, Yue Hongzhou
2016, 53(10):  2163-2172.  doi:10.7544/issn1000-1239.2016.20160686
Asbtract ( 2189 )   HTML ( 9)   PDF (1395KB) ( 1101 )  
Related Articles | Metrics
HTML5 is the latest standard of building Web applications. It introduces many new features to browsers, but also brings new security issues. The security of new features is the essence of HTML5 security. According to the differences in function, we analyze and summarize the security of new features including new label and form, communication, offline and storage, multimedia, performance, device access. The security problems and possible prevention methods are pointed out. Then we summarize existing researches, and classify HTML5 security problems into three categories: extending traditional threats, malicious use and improper use, to provide a new thought for the further study of HTML5 security. At last, four directions of the future work are pointed out: the security of new features, detection of malicious use, cross platform security and new security applications.
Advances in Password Security
Wang Ping, Wang Ding, Huang Xinyi
2016, 53(10):  2173-2188.  doi:10.7544/issn1000-1239.2016.20160483
Asbtract ( 3228 )   HTML ( 43)   PDF (4111KB) ( 2416 )  
Related Articles | Metrics
Identity authentication is the first line of defense for information systems, and passwords are the most widely used authentication method. Though there are a number of issues in passwords regarding security and usability, and various alternative authentication methods have also been successively proposed, password-based authentication will remain the dominant method in the foreseeable future due to its simplicity, low cost and easiness to change. Thus, this topic has attracted extensive interests from worldwide researchers, and many important results have been revealed. This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics, distribution and reuse rate. Next we summarize the primary cracking algorithms that have appeared in the past 30 years, and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker. Then, we revisit the various statistical-based evaluation metrics for measuring the strength of password distributions. Further, we compare the state-of-the-art password strength meters. Finally, we summarize our results and outline some future research trends.
Study of Botnets Trends
Li Ke, Fang Binxing, Cui Xiang, Liu Qixu
2016, 53(10):  2189-2206.  doi:10.7544/issn1000-1239.2016.20160419
Asbtract ( 2395 )   HTML ( 24)   PDF (4302KB) ( 1518 )  
Related Articles | Metrics
Botnets, as one of the most effective platforms to launch cyber-attacks, pose great threats to the security of today’s cyber-space. Despite the fact that remarkable progress had been made in the researches of botnets’ both attack and defense technologies in recent years, the forms and command and control mechanisms of botnets, however, as Internet applications are put into a wider variety of uses and communication technologies upgraded more rapidly than ever, are also undergoing constant changes, bringing new challenges to defenders. For this reason, an in-depth investigation of botnets’ working mechanisms and development is of great significance to deal with the threats posed by botnets. This paper, with the attack technologies of botnets as its main focus, gives an comprehensive introduction of the working mechanisms of botnets in terms of its definition, transmission, lifecycle, malicious behaviors and command and control channels, and divides the botnets’ development into two stages, namely, attacks to traditional PC and extensive attacks, with the technological features, behavioral characteristics, case studies and evolutionary patterns of each stage elaborated in a detailed manner. After a summary of existing work on the defense of botnets with the limitations of each approach discussed, possible future attempts are presented.
Decentralized Attribute-Based Encryption Scheme with Constant-Size Ciphertexts
Xiao Siyu, Ge Aijun, Ma Chuangui
2016, 53(10):  2207-2215.  doi:10.7544/issn1000-1239.2016.20160459
Asbtract ( 1458 )   HTML ( 2)   PDF (1360KB) ( 686 )  
Related Articles | Metrics
Based on prime-order bilinear groups, we propose a decentralized multi-authority attribute-based encryption scheme which is proven to be secure in the standard model. Firstly, we construct an attribute-based encryption system with a central authority (CA) and multiple attribute authorities (AAs), where CA is responsible for generating a random value associated with each user’s unique global identifier (GID), and does not participate in any operation related to users’ attributes. Different users will get different random values, thus they cannot obtain any information beyond authority even through collusion. Every attribute authority is responsible for different attributes domain and they are independent of each other. It’s even not necessary to know the existence of each other in the system. In particular, there is no authority that can decrypt a ciphertext alone. Secondly, this scheme can be extended to a decentralized attribute-based encryption with multiple CAs setting, where every CA is also independent of each other, and each user can issue his private key from only one CA. Bringing it into practice under the Charm infrastructure, the results show that the decentralized attribute based encryption schemes are very efficient, whose ciphertexts are of constant size, i.e., regardless of the number of underlying attributes of access control policy or users.
A Multi-Bit Fully Homomorphic Encryption with Better Key Size from LWE
Chen Zhigang, Song Xinxia, Zhao Xiufeng
2016, 53(10):  2216-2223.  doi:10.7544/issn1000-1239.2016.20160431
Asbtract ( 1276 )   HTML ( 4)   PDF (862KB) ( 533 )  
Related Articles | Metrics
The efficiency of fully homomorphic encryption is a big question at present. To improve the efficiency of fully homomorphic encryption, we use the technique of packed ciphertexts to construct a multi-bit fully homomorphic encryption based on learning with errors (LWE) problem. Our scheme has a short public key. Since our fully homomorphic encryption scheme builds on the basic encryption scheme that chooses learning with errors samples from Gaussian distribution and add Gaussian error to it, which results in that the number of learning with errors samples decrease from 2n log q to n+1. We prove that our fully homomorphic encryption scheme is feasible and its security relies on the hardness of learning with errors problem. In addition, we adapt the optimization for the process of key switching from BGH13 and formal this new process of key switching for multi-bit fully homomorphic encryption. At last, we analyze the concert parameters and compare these parameters between our scheme and BGH13 scheme. The data show that our scheme has smaller public key by a factor of about log q than the one in BGH13 scheme.
Multi-Point Joint Power Analysis Attack Against SM4
Du Zhibo, Wu Zhen, Wang Min, Rao Jintao
2016, 53(10):  2224-2229.  doi:10.7544/issn1000-1239.2016.20160420
Asbtract ( 1115 )   HTML ( 2)   PDF (1825KB) ( 465 )  
Related Articles | Metrics
The current power analysis attack of SM4 belongs to the single point power analysis attack. The single point power analysis attack does not use all the information related with the key in the algorithm and the single power trace. There are two limitations with the single point power analysis attack: it needs more power traces when SM4 is attacked, and the information utilization rate of the attack is low. To solve the questions of the attack, a novel method of multi-point joint power analysis attack of SM4 is proposed in this paper. Multiple information leakage points related with the key are selected at the same time. Multi-point joint power leakage function is constructed by the intermediate variable of the information leakage points and the power leakage model. The key of SM4 is attacked out by the proposing attack. The experiments demonstrate the effectiveness of the proposed attack method, and comparing with the single point power analysis attack method, the proposed attack method can improve the attack success rate, reduce the number of the attack traces, and improve the energy efficiency of the attack. According to the characteristics of the proposed method, it can also be applied to the power analysis attacks of the other cryptographic algorithms.
Verifier-Based Three-Party Password Authenticated Key Exchange Protocol
Yang Xiaoyan, Hou Mengbo, Wei Xiaochao
2016, 53(10):  2230-2238.  doi:10.7544/issn1000-1239.2016.20160463
Asbtract ( 1273 )   HTML ( 2)   PDF (1389KB) ( 466 )  
Related Articles | Metrics
Three-party password authenticated key exchange (3PAKE) protocols enable two parties to establish a common session key where each party only shares one password with a trusted server. In the situation of large-scale peer-to-peer communication, a user in two-party PAKE protocols has to remember n passwords if the user has n communication parties. The main advantage of 3PAKE protocols is that each user needs only to store a single password when he wants to communicate any party in the peer-to-peer circumstance. However, the security of the existing 3PAKE protocols is generally provided in the random oracle model, and in these protocols, passwords are stored in cleartext on the server. Only a few of protocols are proven secure in the standard model and do not require a server’s public key. We generally assumed that servers are secure. But once the password file in the server is compromised, the damage will be huge. In this paper, we propose a verifier-based three-party password authenticated key exchange protocol constructed by smooth projective Hash functions(SPHFs). The protocol is proven secure in the standard model. Our protocol satisfies the secure properties such as resilient to server corruption, undetectable on-line dictionary attack and key privacy.
An Efficient and Expressive Attribute-Based Encryption Scheme with Chosen Ciphertext Security
Zhang Kai, Wei Lifei, Li Xiangxue, Chen Jie, Qian Haifeng
2016, 53(10):  2239-2247.  doi:10.7544/issn1000-1239.2016.20160430
Asbtract ( 1233 )   HTML ( 1)   PDF (1093KB) ( 492 )  
Related Articles | Metrics
Attribute-based encryption (ABE) is a promising version of public key encryption, since it enables fine-grained access control on the encrypted data. In a key-policy ABE (KP-ABE) scheme, every ciphertext is related to attributes set and each secret key is associated with an access structure. Therefore, the decryption overhead is usually proportional to the number of attributes used in decryption process in most existing KP-ABE schemes. Inspired by Hohenberger and Waters’ KP-ABE scheme with fast decryption, we propose a large universe KP-ABE with fast decryption supporting non-monotonic access structure, which is proven selective chosen attribute set secure and chosen plaintext secure in the random oracle model. Moreover, observing Lai et.al expressive KP-ABE with fast decryption and applying with Chameleon Hash technique used to give a direct chosen ciphertext secure KP-ABE construction, we also give a direct chosen plaintext secure KP-ABE construction in the random oracle model, which still achieves the following features: non-monotonic access structure, large-universe and fast decryption. Compared with the related work, both two expressive large universe KP-ABE schemes enjoy comparable time efficiency in decryption process.
Security Analysis and Evaluation for the Usage of Settings Mechanism in Android
Lu Yemian, Ying Lingyun, Su Purui, Feng Dengguo, Jing Erxia, Gu Yacong
2016, 53(10):  2248-2261.  doi:10.7544/issn1000-1239.2016.20160449
Asbtract ( 1332 )   HTML ( 8)   PDF (2268KB) ( 708 )  
Related Articles | Metrics
Offered by Android system, Settings is a mechanism used by applications to read and write some global settings of the device. Data stored in Settings can be read by all the applications on the same device. Some Android applications and third-party libraries carelessly put privacy data and important configuration information into Settings, which leads to serious security risks such as privacy leakage and configuration data leakage. In this paper, we make a comprehensive study of the issues mentioned above. By analyzing a large number of applications, we find the privacy data and configuration information leaked to Settings including IMEI, BSSID and location info, etc. We also successfully undertake some data hijacking attacks and DoS attacks for Android applications and third-party libraries, which confirms that the inappropriate use of Settings can really lead to serious security problems. Based on the above research, we propose SettingsHunter, a static detection tool for Settings issues. SettingsHunter detects privacy data and important configuration information put in Settings using taint analysis technology. In order to improve the efficiency, SettingsHunter separates the analysis of third-party libraries from the one of host applications. This separation also improves the analysis ability for third-party libraries. We use SettingsHunter to analysis 3477 applications and the result shows that 23.5% of the analyzed applications put privacy data or key configuration information into Settings, of which 90.7% is due to the using of third-party libraries. These applications and third-party libraries may suffer from privacy data leakage or configuration data pollution attacks.
SQL Injection Prevention Based on Sensitive Characters
Zhang Huilin, Ding Yu, Zhang Lihua, Duan Lei, Zhang Chao, Wei Tao, Li Guancheng, Han Xinhui
2016, 53(10):  2262-2276.  doi:10.7544/issn1000-1239.2016.20160443
Asbtract ( 1738 )   HTML ( 14)   PDF (2784KB) ( 798 )  
Related Articles | Metrics
SQL injection attacks are prevalent Web threats. Researchers have proposed many taint analysis solutions to defeat this type of attacks, but few are efficient and practical to deploy. In this paper, we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF-8 encodings. Unlike typical positive taint analysis solutions that taint all characters in hard-coded strings written by the developer, we only taint the trusted sensitive characters in these hard-coded strings. Furthermore, rather than modifying Web application interpreter to track taint information in extra memories, we encode the taint metadata into the bytes of trusted sensitive characters, by utilizing the characteristics of UTF-8 encoding. Lastly, we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks, without parsing the SQL statements. A prototype called PHPGate is implemented as an extension on the PHP Zend engine. The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1.6%).
A Code Reuse Attack Protection Technique Based on Code Anti-Leakage
Wang Ye, Li Qingbao, Zeng Guangyu, Chen Zhifeng
2016, 53(10):  2277-2287.  doi:10.7544/issn1000-1239.2016.20160423
Asbtract ( 1271 )   HTML ( 0)   PDF (2405KB) ( 637 )  
Related Articles | Metrics
As the address space layout randomization (ASLR) is widely deployed on operating systems, traditional code reuse attacks are suppressed. New code reuse attacks analyze program memory layout through information leak to bypass ASLR, which causes a serious threat to the safety of programs. By analyzing the nature of traditional code reuse attacks and new code reuse attacks, we propose a code reuse attack protection technique VXnR based on code anti-leakage. In this method, we set Execute-no-Read (XnR) permission for the code pages of the target process so that code can be properly executed by the processor, but a read operation is controlled according to the content in the physical page to be accessed, which can prevent attackers from maliciously reading code pages of process to search gadgets by using the information disclosure vulnerability, and defense both traditional code reuse attacks and new code reuse attacks. We have developed a prototype of VXnR and implemented it in a virtual machine monitor Bitvisor. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The experimental results show that VXnR can effectively prevent attackers from exploiting executable code of the target process to launch code reuse attacks with less than 52.1% overhead.
VDNS: An Algorithm for Cross-Platform Vulnerability Searching in Binary Firmware
Chang Qing, Liu Zhongjin, Wang Mengtao, Chen Yu, Shi Zhiqiang, Sun Limin
2016, 53(10):  2288-2298.  doi:10.7544/issn1000-1239.2016.20160442
Asbtract ( 1697 )   HTML ( 12)   PDF (2720KB) ( 757 )  
Related Articles | Metrics
Nowadays, most IOT vendors use the similar code to compile firmware for devices based on various CPU architectures. However, the prior vulnerability searching methods are limited to the same platform, which can’t be directly extended to the cross-platform case, and the cross-platform studies have just started. In this paper, we propose an algorithm to search vulnerabilities of firmware in a cross-platform model based on neural network and local calling structure matching. Firstly we extract the selected compared features from the call graphs, the basic attributes and the control flow graphs of the two compared functions as the input of the neural network, and gain the calculated results. Then we match the call sub-graphs of the compared functions with the results of the previous step as weight to improve the accuracy. The experimental results on the open source code OpenSSL demonstrate our method has better performance than the prior cross-platform vulnerability searching method with the Top1 increasing from 32.1% to 76.49% in the searching pattern from ARM to MIPS. The searching ranks of the common five vulnerabilities in OpenSSL are all No.1 rank. Moreover, we search the common four vulnerabilities in the firmware of the 372 types of D-Link routers and the results show good performance too.
Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions
Chen Tieming, Yang Yimin, Chen Bo
2016, 53(10):  2299-2306.  doi:10.7544/issn1000-1239.2016.20160348
Asbtract ( 1449 )   HTML ( 8)   PDF (1400KB) ( 700 )  
Related Articles | Metrics
A novel static Android malware detection system Maldetect is proposed in this paper. At first, the Dalvik instructions decompiled from Android DEX files are simplified and abstracted into simpler symbolic sequences. N-Gram is then employed to extract the features from the simplified Dalvik instruction sequences, and the detection and classification model is finally built using machine learning algorithms. By comparing different classification algorithms and N-Gram sequences, 3-Gram sequences with the random forest algorithm is identified as an optimal solution for the malware detection and classification. The performance of our method is compared against the professional anti-virus tools using 4000 malware samples, and the results show that Maldetect is more effective for Android malware detection with high detection accuracy.
A Novel Multiple Bits Reversible Data Hiding in Encrypted Domain Based on R-LWE
Ke Yan, Zhang Minqing, Su Tingting
2016, 53(10):  2307-2322.  doi:10.7544/issn1000-1239.2016.20160444
Asbtract ( 1488 )   HTML ( 7)   PDF (7580KB) ( 650 )  
Related Articles | Metrics
Reversible data hiding in encrypted domain is one kind of information hiding techniques which can both extract secret messages and decrypt the embedded ciphertext to restore the original cover vehicle losslessly, possessing privacy protection and data hiding dual function. It is a potential technique in signal processing and data management of the encrypted domain fields. This paper proposes a novel scheme of multiple bits reversible data hiding in encrypted domain based on R-LWE (ring-learning with errors). Multi-band data can be embedded by quantifying the encrypted domain and recoding in the redundancy of cipher text without degrading the hardness of R-LWE algorithm; the embedding recoding method is based on the data distribution during encryption, which maintains the robustness of R-LWE algorithm; By dividing the integer domain into the sub-regions and introducing different quantifying rules, the processes of extraction and decryption can be separated. By deducing the error probability of the scheme, parameters in the scheme which is directly related to the correctness of the scheme is mainly discussed, and reasonable ranges of the parameters are obtained by experiments. When analyzing the security, the probability distribution function of the embedded cipher text is deduced and the statistic features of cipher data are analyzed, which both prove the embedded data isn’t detective. Experimental results have demonstrated that the proposed scheme can not only keep fully reversibility of vehicle recovering and lossless extraction of secret message, but realize that one bit original data can load multiple-bit additional data in encrypted domain, achieving an embedding capacity of 0.2353 bit per every bit of the encrypted data.
Anonymous Mutual Authentication and Key Agreement Protocol in Multi-Server Architecture for VANETs
Xie Yong, Wu Libing, Zhang Yubo, Ye Luyao
2016, 53(10):  2323-2333.  doi:10.7544/issn1000-1239.2016.20160428
Asbtract ( 1345 )   HTML ( 6)   PDF (1985KB) ( 679 )  
Related Articles | Metrics
Vehicular ad hoc networks (VANETs) is a large network that runs according to a special communication protocol to achieve wireless communication and information exchange among vehicles and roadside infrastructures, pedestrian, Internet and so on. With the development of cloud computing, more and more cloud services for VANETs will emerge. However, the services are usually provided by different servers. Thus, vehicle users have to register different servers and remember a lot of usernames and passwords. Aimed to the goal that a user can do mutual authentication with all servers after hisher one-time registration, the multi-server architecture authentication protocols have been proposed and applied in many areas, but no one focuses on VANETs. The instantaneity of communication in VAENTs poses a new challenge on the multi-server architecture authentication protocol. The existing multi-server architecture authentication protocols use the complex bilinear pairing operations, which cannot meet the strict requirements of VANETs on authentication and communication costs. In this paper, a new efficient anonymous mutual authentication and key agreement protocol for the multi-server environment of VANETs is proposed. The proposed protocol decreases the complexity of protocol by using elliptic curve cryptosystem (ECC) to construct a simple authentication way, and provides the function of random anonymity to protect the privacy of vehicle. The security of the proposed protocol is proved in the random oracle model. Performance analysis shows that compared with the most recent mutual authentication protocols, our protocol decreases the computation and communication cost at least 61% and 62% in the mutual authentication and key agreement phase, and can better meet the computation and communication cost requirements of VANETs.
Privacy-Preserving Public Auditing for Dynamic Group Based on Hierarchical Tree
Huang Longxia, Zhang Gongxuan, Fu Anmin
2016, 53(10):  2334-2342.  doi:10.7544/issn1000-1239.2016.20160429
Asbtract ( 1325 )   HTML ( 3)   PDF (1733KB) ( 608 )  
Related Articles | Metrics
As the rapid development of cloud storage, it is important to protect the security of shared data in cloud. Therefore, it is necessary to protect users’ privacy and verify the integrity of data efficiently during the data sharing. As the existing schemes consider little about the management and secure distribution of key, based on hierarchy tree and proxy re-signature, a privacy-preserving public auditing scheme which supports dynamic group in cloud storage is supposed. The proposed scheme firstly uses logical hierarchy key tree to establish and distribute keys, and a key server is utilized to store keys. The revocation of user is independent from users’ obtaining new group secret key as each user only stores the leaf node key. When a user revokes, the valid user can obtain the new group secret key with their original keys. Therefore, the scheme is more efficient for dynamic group. The security analysis and performance analysis show that the scheme is secure and efficient.
Privacy Preserving Data Publishing via Weighted Bayesian Networks
Wang Liang, Wang Weiping, Meng Dan
2016, 53(10):  2343-2353.  doi:10.7544/issn1000-1239.2016.20160465
Asbtract ( 1479 )   HTML ( 11)   PDF (2014KB) ( 539 )  
Related Articles | Metrics
Privacy preserving in data publishing is a hot topic in the field of information security currently. How to effectively prevent the disclosure of sensitive information has become a major issue in enabling public access to the published dataset that contain personal information. As a newly developed notion of privacy preserving, differential privacy can provide strong security protection due to its greatest advantage of not making any specific assumptions on the attacker's background, and has been extensively studied. The existing approaches of differential privacy cannot fully and effectively solve the problem of releasing high-dimensional data. Although the PrivBayes can transform high-dimensional data to low-dimensional one, but cannot prevent attributes disclosure on certain conditions, and also has some limitations and shortcomings. In this paper, to solve these problems, we propose a new and powerful improved algorithm for data publishing called weighted PrivBayes. In this new algorithm, thorough both theoretical analysis and experiment evaluation, not only guarantee the security of the published dataset but also significantly improve the data accuracy and practical value than PrivBayes.
A Graph-Clustering Anonymity Method Implemented by Genetic Algorithm for Privacy-Preserving
Jiang Huowen, Zeng Guosun, Hu Kekun
2016, 53(10):  2354-2364.  doi:10.7544/issn1000-1239.2016.20160435
Asbtract ( 1293 )   HTML ( 17)   PDF (2169KB) ( 673 )  
Related Articles | Metrics
Clustering anonymity is a typical kind of privacy preservation scheme for social network data-publishing, which is based on graph-clustering. Graph-clustering is a kind of NP-hard combinatorial optimization problem and it’s appropriate to use search optimization algorithm. While, the existing graph-clustering anonymity methods are lack of heuristic search algorithm. Therefore, in this paper, a graph-clustering anonymity method implemented by genetic algorithm is proposed. Firstly, the population is initialized by pre-dividing the nodes based on greedy clustering strategy. Then the individual fitness function is defined based on the relation fitting theory. Next, the crossover operator of multi-point dislocation and the mutation operator of exchanging gene-bits are designed respectively, according to individual’s coding feature. The model we presented takes the information of both structure and attribute of nodes into consideration, and the global searching of genetic algorithm can guarantee good quality for graph-clustering. Therefore, the method can provide great privacy preservation. Experimental results also demonstrate that our method is effective in improving the clustering quality and reducing the loss of information.
Online/Offline Ciphertext-Policy Attribute-Based Searchable Encryption
Chen Dongdong, Cao Zhenfu, Dong Xiaolei
2016, 53(10):  2365-2375.  doi:10.7544/issn1000-1239.2016.20160416
Asbtract ( 1269 )   HTML ( 1)   PDF (1558KB) ( 738 )  
Related Articles | Metrics
It is quite common for data owners to share the data via mobile phones in cloud computing. But because the cloud is not fully trusted, a series of privacy concerns emerge from it, and various schemes based on the attribute-based encryption have been proposed to these problems. However, most work either cannot support the keyword search function for the encrypted data, or bring a large of online computational cost in encryption and decryption phase. The efficiency of the data sharing and information query as well as the fined-grained of the data sharing will be affected by the most attribute-based encryption mechanism. To deal with these challenging concerns, we propose a new cryptographic primitive named online/offline ciphertext-policy attribute-based searchable encryption scheme (OO-CP-ABSE). By using the online/offline attribute-based encryption and the outsourcing decryption technique, we construct our scheme with minimum online computational cost on the data owner side and least decrypted computational cost on the data user side. Furthermore, we give the description of the application of OO-CP-ABSE in cloud computing for mobile devices. At last, we also present the efficiency of our scheme in comparison to other schemes and the security in terms of data confidentiality, keyword privacy, controlled searching, trapdoor privacy.
TSNP: A Novel PCLSecure and Efficient Group Authentication Protocol in Space Information Network
Li Xuefeng, Zhang Junwei, Ma Jianfeng, Liu Hai
2016, 53(10):  2376-2392.  doi:10.7544/issn1000-1239.2016.20160453
Asbtract ( 1229 )   HTML ( 3)   PDF (2271KB) ( 640 )  
Related Articles | Metrics
In space information networks (SIN), to continuously collect information and enlarge the observation range, the group aircrafts need to fast access authenticate with the satellite. Unfortunately, the existing authentications schemes cannot be applied in SIN due to its particular characteristics, such as high dynamic topology, satellite computation and limited communication resources, etc. To this end, we propose a PCL (protocol composition logic) secure and efficient group authentication protocol named as TSNP through utilizing symmetric encryption and key hierarchy. With it, the authenticated node enables other users in this group to gain the session key and realize the secure group authentication and handover. Furthermore, we analyze its security properties in PCL mode and prove its composition security based on parallel and sequential rules. As a further contribution, the experimental results indicate that TSNP can reduce not only the dependence on group management center but also the satellite’s computation and communication overhead.
Multi-Authority CP-ABE with Policy Update in Cloud Storage
Wu Guangqiang
2016, 53(10):  2393-2399.  doi:10.7544/issn1000-1239.2016.20160432
Asbtract ( 1140 )   HTML ( 5)   PDF (1042KB) ( 776 )  
Related Articles | Metrics
Cloud storage, as a novel data storage architecture, has been widely used to provide services for data draw to store and share their data in cloud. However, the security concerns of cloud storage also draw much attention of the whole society. Since some cloud service providers are not trustworthy, the data stored in their cloud servers could be stolen or accessed by unauthorized users. Ciphertext-policy attribute based encryption (CP-ABE) can be used to solve such security problems in cloud, which can encrypt data under a specified access policy thus to maintain data confidentiality as well as access control. Unfortunately, traditional CP-ABE schemes suffer from key escrow problems and are lack of policy update. In this paper, we propose a new multi-authority CP-ABE scheme with policy update, which can efficiently cut down the computation cost and communication cost compared with other schemes in literature. We also prove the semantic security for our scheme, and also analyze its efficiency.
A New Password Authentication Method Based on Fingerprint and Mobile Phone Assistance
An Di, Yang Chao, Jiang Qi, Ma Jianfeng
2016, 53(10):  2400-2411.  doi:10.7544/issn1000-1239.2016.20160439
Asbtract ( 1050 )   HTML ( 0)   PDF (2527KB) ( 445 )  
Related Articles | Metrics
Mobile phones and Internet applications are widely used nowadays,which enables users to authenticate with the server with the help of mobile phones. However,existing schemes need to store the user’s secret or ciphertext on the mobile phone. Once the mobile phone is lost, opponents may get the secret information on the phone, which will bring irreparable loss to the user. Aiming at the above problems, we propose a kind of authentication scheme based on fingerprint and password which has no need to store a secret in the mobile phone. The core idea is to store the encrypted text on the server side. When the user logs in, he uses his mobile phone to generate the private key which is used to decrypt the ciphertext generated during the registration phase. The user needs to enter his password and fingerprint at the private key generation process.When the computer interacts with the mobile phone, the user’s password will be blind so that it can be protected from adversaries’ attacks. Theoretical analysis and experimental results show that our scheme reinforces the security of the user’s secret. Meanwhile,our scheme can resist dictionary attacks,replay attacks and phishing attacks while reducing the storage pressure of the mobile phone along with easy deployment.
Improved Endorsed E-Cash System with DAA-A
Liu Xin, Zhang Bo
2016, 53(10):  2412-2429.  doi:10.7544/issn1000-1239.2016.20160413
Asbtract ( 935 )   HTML ( 2)   PDF (1867KB) ( 374 )  
Related Articles | Metrics
At present, the existing endorsed e-cash system has a low communication efficiency, and its fair exchange protocol employs inefficient cut-and-choose proofs. In addition, the centralized TTP (trusted third party) is vulnerable to denial-of-service attacks. So far, several related fair payment systems have been proposed. Unfortunately, some of them use cut-and-choose proofs, and the others adopt verifiable encryption schemes with security flaw. Inspired by the idea of self-blindable attribute-based credentials, a concrete DAA-A (direct anonymous attestation with attributes) scheme is constructed. Based on the new DAA-A scheme, an improved endorsed e-cash system is proposed, which achieves a high level of exculpability. In order to improve users’ computational efficiency in the spending process, the set-membership proof by Arfaoui et al’s is adopted, and the efficiency of user’s signature of knowledge is also optimized with the technique of pre-computation. In order to bypass the expensive cut-and-choose proof, a new optimistic fair exchange sub-protocol supporting distributed TTPs is provided. Furthermore, if combined with the Golle-Mironov model, the new system also suits for the environment of outsourcing computing. Compared with the previous similar ones, the new system meets several desirable properties simultaneously, i.e., it supports multiple payments, and does not depend on cut-and-choose proofs and allows users to be stateless, etc. What’s more, the fair exchange protocol of the new system considers the risk of denial-of-service attacks.