ISSN 1000-1239 CN 11-1777/TP

Table of Content

01 October 2017, Volume 54 Issue 10
Research Advances on Secure Searchable Encryption
Dong Xiaolei, Zhou Jun, Cao Zhenfu
2017, 54(10):  2107-2120.  doi:10.7544/issn1000-1239.2017.20170627
Asbtract ( 2880 )   HTML ( 46)   PDF (2525KB) ( 1418 )  
Related Articles | Metrics
With the development of big data and cloud computing, the issue of secure search via the technique of searchable encryption has increasingly been the focus of the researchers in cryptography and network security all over the world. In the light of the new theories, new solutions and new techniques of searchable encryption, this paper presents a survey mainly from the following four aspects: the modes, the security, the expressiveness and the efficiency of secure searchable encryption. It discusses the new theories which are essential to secure search for ubiquitous network, including searchable encryption, attribute-based encryption, and applying these cryptographic mechanisms to obtain the generalized solutions to the theoretical problems of secure search in types of new emerging network services. Based on the aforementioned theoretical results, this paper studies the new approaches to construct practical secure search for these network services, comprising the light-weight public-key cryptographic algorithms, reducing the times of applying the light-weight public-key cryptographic algorithms in secure search, and exploiting any public-key cryptographic algorithm only once to obtain new approaches for secure search in the environment of resource-constrained network applications. We also focus on studying how to apply the new theories and approaches to solve the problems associated to secure search in different kinds of networks, including body area network, wireless vehicular ad hoc network, smart grid and so on. It is traditionally required to apply inefficient public-key cryptographic algorithms a number of times to construct secure search protocols. How to manipulate the public-key cryptographic algorithms and make them suitable to be used in resource-constrained networks becomes the key issue. Light-weighting public-key cryptographic algorithms is certainly a convincing way to address it. On the other hand, minimizing the number (once would be ideal) of applying the light-weighted public-key cryptographic algorithms guarantees more efficient and practical solutions and thus is the key problem to address the issue. Finally, we suggest several interesting open research issues and the trend in the future.
Recent Advances in Lattice-Based Cryptography
Zhang Pingyuan, Jiang Han, Cai Jie, Wang Chenguang, Zheng Zhihua, Xu Qiuliang
2017, 54(10):  2121-2129.  doi:10.7544/issn1000-1239.2017.20170628
Asbtract ( 2743 )   HTML ( 31)   PDF (1107KB) ( 2554 )  
Related Articles | Metrics
Lattice theory was first introduced to cryptography as a cryptanalysis tool to analyze knapsack and RSA cryptosystem. In 1997, Ajtai and Dwork constructed the first lattice cryptography: Ajtai-Dwork; and then in 1998, NTRU is appeared. Since factorization and discrete logarithm based cryptography was the mainstream, lattice-based cryptography has not received enough attention. Until 2009, Gentry constructed the first fully homomorphic encryption, which led to a wide of development of lattice cryptography. In 2015, Peikert made a summary of the development of lattice cryptography in “A decade of lattice cryptography”. Also in 2015, NIST released “Report on post-quantum cryptography”. According to the report, due to the rapid development of quantum computation technology, the existing standard of public key cryptography in quantum computing will be no longer safe. At the same time, NIST has launched a worldwide collection of quantum cryptography algorithms. As a classic quantum-resistant cryptography, lattice-based cryptography is known as the most promising competitor. Therefore, lattice cryptography has attracted much attention in recent years, and a lot of excellent results have been appeared. In this paper, we summarize the main results of lattice cryptography for the past two years, which consist of zero-knowledge proofs, encryption, signature and key exchange; and at last, we outlook the development trend of lattice-based cryptography.
Survey of Internet of Things Security
Zhang Yuqing, Zhou Wei, Peng Anni
2017, 54(10):  2130-2143.  doi:10.7544/issn1000-1239.2017.20170470
Asbtract ( 5079 )   HTML ( 211)   PDF (1747KB) ( 4891 )  
Related Articles | Metrics
With the development of smart home, intelligent care and smart car, the application fields of IoT are becoming more and more widespread, and its security and privacy receive more attention by researchers. Currently, the related research on the security of the IoT is still in its initial stage, and most of the research results cannot solve the major security problem in the development of the IoT well. In this paper, we firstly introduce the three-layer logic architecture of the IoT, and outline the security problems and research priorities of each level. Then we discuss the security issues such as privacy preserving and intrusion detection, which need special attention in the IoT main application scenarios (smart home, intelligent healthcare, car networking, smart grid, and other industrial infrastructure). Though synthesizing and analyzing the deficiency of existing research and the causes of security problem, we point out five major technical challenges in IoT security. They are privacy protection in data sharing, the equipment security protection under limited resources, more effective intrusion detection and defense systems and method, access control of equipment automation operations and cross-domain authentication of motive device. We finally detail every technical challenge and point out the IoT security research hotspots in future.
Survey on Redactable Signatures
Ma Jinhua, Liu Jianghua, Wu Wei, Huang Xinyi
2017, 54(10):  2144-2152.  doi:10.7544/issn1000-1239.2017.20170646
Asbtract ( 2092 )   HTML ( 13)   PDF (1353KB) ( 1467 )  
Related Articles | Metrics
Data security issues have become a serious challenge to national economic, political, defence and cultural security. As a core technology in protecting data security, digital signatures have been widely used for the verification of data integrity and source authenticity. The security definition of conventional digital signatures is existentially unforgeable against adaptive chosen-message attacks. Although it meets the basic security requirement of data authentication, it hampers the reasonable operation of authenticated data which is desirable in many practical applications. As a type of malleable homomorphic signatures for editing, redactable signatures allow the signature holder (redactor) to delete sensitive portions of the signed data and generate a valid signature for the disclosed data without any help from the original signer. It has been a research hotspot in the field of cryptography since it was introduced in 2001. In recent years, many researchers have studied redactable signatures from the aspects of formal security definition, redaction control mechanism, computational cost and communication overhead, and there are lots of research results. However, the rapid development of network technology and its applications are putting forward new challenges to redactable signatures. This paper summarizes and analyses redactable signatures in terms of algorithm definition, security model and representative designs. Furthermore, some existing problems worthy of further study are also discussed.
Survey on Private Preserving Set Intersection Technology
Shen Liyan, Chen Xiaojun, Shi Jinqiao, Hu Lanlan
2017, 54(10):  2153-2169.  doi:10.7544/issn1000-1239.2017.20170461
Asbtract ( 3731 )   HTML ( 60)   PDF (2375KB) ( 1992 )  
Related Articles | Metrics
The private set intersection (PSI) is a specific application problem that belongs to the field of secure multi-party computation. It not only has important theoretical significance but also has many application scenarios. In the era of big data, the research on this problem is in accord with people’s increasing privacy preserving demands at the same time to enjoy a variety of services. This paper briefly introduces the basic theory of secure multi-party computation, and highlights the two categories of current mainstream research methods of PSI under the framework of secure multi-party computation: the traditional PSI protocols based on the public key encryption mechanism, garbled circuit, oblivious transfer and the outsourced PSI protocols based on the untrusted third party service provider. Besides, we have briefly summarized the characteristic, applicability and complexity of those protocols. At the same time, the application scenarios of privacy preserving set intersection problem are also explained in detail, which further reflects the practical research value of the problem. With the deep research on the PSI problem, researchers have designed a set of private protocols that can quickly complete set intersection of millions of elements in the semi-honest model.
Survey on Privacy Preserving Techniques for Blockchain Technology
Zhu Liehuang, Gao Feng, Shen Meng, Li Yandong, Zheng Baokun, Mao Hongliang, Wu Zhen
2017, 54(10):  2170-2186.  doi:10.7544/issn1000-1239.2017.20170471
Asbtract ( 9457 )   HTML ( 445)   PDF (3265KB) ( 5917 )  
Related Articles | Metrics
Core features of the blockchain technology are “de-centralization” and “de-trusting”. As a distributed ledger technology, smart contract infrastructure platform and novel distributed computing paradigm, it can effectively build programmable currency, programmable finance and programmable society, which will have a far-reaching impact on the financial and other fields, and drive a new round of technological change and application change. While blockchain technology can improve efficiency, reduce costs and enhance data security, it is still in the face of serious privacy issues which have been widely concerned by researchers. The survey first analyzes the technical characteristics of the blockchain, defines the concept of identity privacy and transaction privacy, points out the advantages and disadvantages of blockchain technology in privacy protection and introduces the attack methods in existing researches, such as transaction tracing technology and account clustering technology. And then we introduce a variety of privacy mechanisms, including malicious nodes detection and restricting access technology for the network layer, transaction mixing technology, encryption technology and limited release technology for the transaction layer, and some defense mechanisms for blockchain applications layer. In the end, we discuss the limitations of the existing technologies and envision future directions on this topic. In addition, the regulatory approach to malicious use of blockchain technology is discussed.
RAKA: New Authenticated Key Agreement Protocol Based on Ring-LWE
Yang Yatao, Zhang Yaze, Li Zichen, Zhang Fengjuan, Liu Boya
2017, 54(10):  2187-2192.  doi:10.7544/issn1000-1239.2017.20170477
Asbtract ( 1795 )   HTML ( 6)   PDF (834KB) ( 698 )  
Related Articles | Metrics
During the post quantum era, public key cryptosystem based on Lattice is considered to be the most promising cryptosystem to resist quantum computer attack. Comparing to the rapid development of public key encryption and digital signature schemes based on Lattice, the key agreement protocols rarely appeared in the research papers. Therefore, how to construct the secure key agreement protocol is one of the most challenging problems. To solve this problem above, a secure key agreement protocol RAKA based on reconciliation technique and ring learning with errors (Ring-LWE) is designed. The proposed scheme is provably secure under the Ring-LWE assumption and can provide authentication by using the Lattice-based trapdoor function. Compared with current key agreement schemes based on LWE, this scheme is more efficient and the shared key size is reduced to 2nlogq. Moreover, this scheme can resist quantum attack because of the hard assumption on Lattice.
Efficient Hierarchical Identity-Based Encryption Scheme from Learning with Errors
Ye Qing, Hu Mingxing, Tang Yongli, Liu Kun, Yan Xixi
2017, 54(10):  2193-2204.  doi:10.7544/issn1000-1239.2017.20170394
Asbtract ( 1103 )   HTML ( 8)   PDF (1342KB) ( 555 )  
Related Articles | Metrics
Hierarchical identity-based encryption (HIBE) in fixed dimension has drawn wide attention because its lattice dimension keeps unchanged upon delegation, but there is a common defect of high complexity in trapdoor delegation stage of these schemes. Aiming at this problem, we propose two improved HIBE schemes under random oracle model and standard model respectively. We first use the MP12 trapdoor function to construct an optimized Z\-q-invertible matrix sample algorithm. Based on this optimized algorithm, combined with trapdoor delegation algorithm in fixed dimension and MP12 trapdoor function, we design system setup and trapdoor delegation stages. And we complete the HIBE scheme under random oracle model in conjunction with Dual-Regev algorithm. And then, we remove the random oracle by employing binary tree encryption system. The security of both proposed schemes strictly reduce to the hardness of learning with errors (LWE) problem, in which the scheme under random oracle model satisfies the adaptive security while the scheme under standard model satisfies selective security. Comparative analysis shows that, under the same security level, the overhead of trapdoor delegation in our scheme under random oracle model is reduced significantly compared with the relevant schemes, while the overhead of our scheme under standard model is reduced nearly 6 times compared with the relevant optimal schemes. Furthermore, the parameters such as lattice dimension, trapdoor size and ciphertext expansion rate etc., all decrease in some degree, and the computational cost is reduced obviously.
Research on the LED Lightweight Cipher Against the Statistical Fault Analysis in Internet of Things
Li Wei, Ge Chenyu, Gu Dawu, Liao Linfeng, Gao Zhiyong, Guo Zheng, Liu Ya, Liu Zhiqiang, Shi Xiujin
2017, 54(10):  2205-2214.  doi:10.7544/issn1000-1239.2017.20170437
Asbtract ( 1603 )   HTML ( 4)   PDF (1728KB) ( 641 )  
Related Articles | Metrics
The typical lightweight cipher LED, proposed in CHES 2011, is applied in the Internet of things (IoT) to provide security for RFID tags and smart cards etc. Fault analysis has become an important method of cryptanalysis to evaluate the security of lightweight ciphers, depending on its fast speed, simple implementation, complex defense, etc. On the basis of the half byte-oriented fault model, we propose new statistical fault analysis on the LED cipher by inducing faults. Simulating experiment shows that our attack can recover its 64-bit and 128-bit secret keys with 99% probability using an SEI distinguisher, a GF distinguisher and a GF-SEI distinguisher, respectively. The attack can be implemented in the ciphertext-only attacking environment to improve the attacking efficiency and decrease the number of faults. It provides vital reference for security analysis of other lightweight ciphers in the Internet of things.
An Efficient Single Server-Aided k-out-of-n Oblivious Transfer Protocol
Zhao Shengnan, Jiang Han, Wei Xiaochao, Ke Junming, Zhao Minghao
2017, 54(10):  2215-2223.  doi:10.7544/issn1000-1239.2017.20170463
Asbtract ( 1401 )   HTML ( 8)   PDF (1315KB) ( 588 )  
Related Articles | Metrics
Oblivious transfer (OT) is a cryptographic primitive used for choice information hiding for the receiver. As a basic tool for high-level multi-party cryptographic protocol construction, it plays an important role in numerous specific applications. In the k-out-of-n OT(OT\+k\-n), the receiver acquires k selections among the n choice in an oblivious manner. Generally, the construction of the OT\+k\-n involves lots of group exponential operations, which brings a heavy burden for embedded devices with limited computational capabilities. With the proliferation of cloud computing, it is feasible to implement complex cryptographic primitives with the support of powerful computing recourse and high-speed dedicated network provided by the cloud service provider (CSP). In this paper, we propose a service-assisted k-out-of-n OT protocol in single server architecture, which outsources the vast majority of exponentiation operations to the cloud. This scheme is constructed with secret sharing and other fundamental public-key primitives, and it achieves provable security on none-collusion semi-honest model under the decisional Diffie-Hellamn (DDH) hard problem; meanwhile it ensures data privacy against the cloud server. Besides, a detailed description of scheme construction and security proof is presented in the context. As a basic cryptographic primitive in cloud environment, the single server-added oblivious transfer protocol will play an important role in designs of general cloud-assisted multi-party computation protocol as well as developments of secure and efficient cloud service software.
Security Analysis of Lightweight Block Cipher ESF
Yin Jun, Ma Chuyan, Song Jian, Zeng Guang, Ma Chuangui
2017, 54(10):  2224-2231.  doi:10.7544/issn1000-1239.2017.20170455
Asbtract ( 1712 )   HTML ( 6)   PDF (1089KB) ( 682 )  
Related Articles | Metrics
Automatic analysis is one of the important methods to evaluate the security of cryptographic algorithms. It is characterized by high efficiency and easily implement. In ASIACRYPT 2014, Sun et al. presented a MILP-based automatic search differential and linear trails method for bit-oriented block ciphers, which has attracted the attention of many cryptographers. At present, there are still a lack of research about solving the MILP model, such as how to reduce the number of variables and constraint inequalities. According to the differential propagation model of the XOR operation, in EUROCRYPT 2017, Sasaki et al. gave a set of new constraints without dummy variables. The new constraint inequalities can not only preserve the differential propagation for XOR operation, but also reduce the number of variables. At the same time, Sun et al. uses four constraints to describe the property when the input differential variable (the linear mask variable) of an S-box is non-zero and the S-box must be an active, but in this paper, we just use one constraint. Based on these refined constraints and the automatic method for finding high probability trails of block cipher, we establish the refined differential and linear MILP model under the single key assumption for the lightweight block cipher ESF. We have found that the minimum number of active S-boxes in 15-round differential trail of ESF is 19 and the number is 15 in 16-round linear trail. Moreover, we find so far the longest impossible differential and zero-correlation linear approximation distinguishers of ESF.
Dual Server Identity-Based Encryption with Equality Test for Cloud Computing
Wu Libing, Zhang Yubo, He Debiao
2017, 54(10):  2232-2243.  doi:10.7544/issn1000-1239.2017.20170446
Asbtract ( 1320 )   HTML ( 7)   PDF (1536KB) ( 789 )  
Related Articles | Metrics
With the rapid development of cloud storage and the increasing awareness of privacy, more and more private data are encrypted before outsourcing to the cloud. Thus, how to search in encrypted data has been a new research item in the scope of searchable encryption. One of the solutions is public key encryption with equality test (PKEET). It can check whether the plaintexts of two ciphertexts encrypted under different public keys are the same, without leakage any information about the plaintexts. Recently, many public key encryption schemes with equality test have been proposed. However, in these schemes, there were only one server be used to perform the equality test, which means that they could not withstand the inner keywords guessing attack. To solve this problem, we propose the first dual server identity-based encryption scheme with equality test (DS-IBEET). And we prove the security under random oracle model. In addition, performance evaluation shows that our scheme is suitable for resource-limited mobile devices.
Generic Tightly Secure Signature Schemes from Strong Chameleon Hash Functions
Li Fei, Gao Wei, Wang Guilin, Xie Dongqing, Tang Chunming
2017, 54(10):  2244-2254.  doi:10.7544/issn1000-1239.2017.20170422
Asbtract ( 1332 )   HTML ( 5)   PDF (1287KB) ( 626 )  
Related Articles | Metrics
Provable security has become one basic requirement for constructing and analyzing cryptographic schemes. This paper studies the classical issue in the field of provable security, namely how to construct provably secure digital signature schemes with tight security reduction from certain basic mathematical hard problems in the random oracle model. This paper first proposes a new cryptographic primitive called a strong chameleon Hash function. Based on a strong chameleon Hash function, we present a generic framework and its variant respectively for constructing a stateful and stateless digital signature scheme with tight security. We prove that these generic digital signature schemes are both secure under the assumption that the underlying chameleon Hash function is collision resistant in the random oracle model. By applying these generic construction methods to some concrete chameleon Hash functions under common mathematical assumptions such as RSA, CDH and IF (integer factorization), the corresponding digital signature schemes with tight security can be modularly obtained. The two existing classic paradigms to generically construct tightly secure signature schemes, i.e. Fiat-Shamir signatures and Full-Domain-Hash signatures, can be roughly unified by our generic frameworks. Furthermore, under our generic frameworks, a tightly secure signature scheme following the Fiat-Shamir methodology can be seen as the optimized variant of the corresponding tightly secure signature scheme following the Full-Domain-Hash framework.
An Intrusion Detection Scheme Based on Semi-Supervised Learning and Information Gain Ratio
Xu Mengfan, Li Xinghua, Liu Hai, Zhong Cheng, Ma Jianfeng
2017, 54(10):  2255-2267.  doi:10.7544/issn1000-1239.2017.20170456
Asbtract ( 1413 )   HTML ( 11)   PDF (5922KB) ( 1292 )  
Related Articles | Metrics
State-of-the-art intrusion detection schemes for unknown attacks employ machine learning techniques to identify anomaly features within network traffic data. However, due to the lack of enough training set, the difficulty of selecting features quantitatively and the dynamic change of unknown attacks, the existing schemes cannot detect unknown attacks effectually. To address this issue, an intrusion detection scheme based on semi-supervised learning and information gain ratio is proposed. In order to overcome the limited problem of training set in the training period, the semi-supervised learning algorithm is used to obtain large-scale training set with a small amount of labelled data. In the detection period, the information gain ratio is introduced to determine the impact of different features and weight voting to infer the final output label to identify unknown attacks adaptively and quantitatively, which can not only retain the information of features at utmost, but also adjust the weight of single decision tree adaptively against dynamic attacks. Extensive experiments indicate that the proposed scheme can quantitatively analyze the important network traffic features of unknown attacks and detect them by using a small amount of labelled data with no less than 91% accuracy and no more than 5% false negative rate, which have obvious advantages over existing schemes.
A TrustZone Based Application Protection Scheme in Highly Open Scenarios
Zhang Yingjun, Feng Dengguo, Qin Yu, Yang Bo
2017, 54(10):  2268-2283.  doi:10.7544/issn1000-1239.2017.20170387
Asbtract ( 1601 )   HTML ( 3)   PDF (3758KB) ( 544 )  
Related Articles | Metrics
We propose a protection scheme for security-sensitive applications on mobile embedded devices, which is focus on the scenarios with both strong security and high openness requirements, such as “bring your own device”, mobile cloud computing. To meet the security requirements, we leverage the trusted execution environment of ARM TrustZone to provide strong isolation guarantees for applications even in the presence of a malicious operating system. To meet the openness requirements, our scheme has two major advantages compared with previous TrustZone-based solutions. Firstly, it moves concrete sensitive applications from TrustZone secure world to the normal world, so that the trusted computing base keeps small and unchanged regardless of the amount of supported security applications. Secondly, it leverages a light-weight kernel monitor in the secure world to enforce the untrusted operating system to serve these security applications legally, so that they could securely use standard system calls, which could provide critical features for the openness requirements, such as dynamic application deployment. We also propose proactive attestation, a novel technique that greatly improves the system efficiency by enforcing the operating system to contribute to its own verification. We implement the prototype system on real TrustZone devices. The experiment results show that our scheme is practical with acceptable performance overhead.
A Method of Constructing the Model of Trusted Virtual Machine Migration
Shi Yuan, Zhang Huanguo, Wu Fusheng
2017, 54(10):  2284-2295.  doi:10.7544/issn1000-1239.2017.20170465
Asbtract ( 1280 )   HTML ( 4)   PDF (2950KB) ( 634 )  
Related Articles | Metrics
The security migration of virtual machines (VMs) is one of the important requirements to ensure the security of cloud environment. For trusted VMs that contain vTPM (virtual TPM), the security migration of vTPM is also need to consider. At present, there are some researches on the security migration of trusted VMs. However, due to the non-uniform model of trusted VMs, the solution of the migration model cannot be applied to all migration schemes, so there are some limitations that there are no uniform security model and test method for the migration of trusted VMs. Regarding the issues above and referring to the common security issues in virtual machine migration and the relevant specifications for trusted computing and cloud, we analysis the security requirements of trusted VMs. Based on the requirements analysis, we propose a migration framework of trusted VMs that abstracts the participation components of trusted migration and describes the key steps and states in the migration process. Then the labeled transition system (LTS) is used to model the behavior and security attributes of the trusted migration system, and we construct a dynamic state transition tree of migration system based on the model of migration components in the system. The migration model of the migration system is constructed based on the modeling of the process components. We prove that our model can be applied to the consistency test of trusted migration protocol, and the comparison with other related work shows that the model is more fully considering the security attributes in trusted migration.
A System for Scoring the Exploitability of Vulnerability Based Types
Lei Kenan, Zhang Yuqing, Wu Chensi, Ma Hua
2017, 54(10):  2296-2309.  doi:10.7544/issn1000-1239.2017.20170457
Asbtract ( 1516 )   HTML ( 11)   PDF (2455KB) ( 878 )  
Related Articles | Metrics
As is known to all, vulnerabilities play an extremely important role in network security now. Accurately quantizing the exploitability of a vulnerability is critical to the attack-graph based analysis of network information system security. Currently the most widely used assessment system for vulnerability exploitability is the common vulnerability scoring system (CVSS). Firstly, the exploitability scores of 54331 vulnerabilities are computed by using CVSS. Then, statistical analysis is performed on the computed exploitability scores, which indicates that CVSS lacks diversity, and more diverse results can help end-users prioritize vulnerabilities and fix those that pose the greatest risks at first. Statistical results show that the scores are too centralized as well. Finally, taking into account the disadvantages of CVSS, we study the influence factors of vulnerability exploitability, and demonstrate that the types of a vulnerability can influence its exploitability. Therefore, we consider vulnerability types as one of the influence factors of vulnerability exploitability, and use analytic hierarchy process to quantify it, and propose a more comprehensive quantitative evaluation system named exploitability of vulnerability scoring systems (EOVSS) based on CVSS. Experiments show that the diversity of scores computed by EOVSS is four times that computed by CVSS, and EOVSS can more accurately and effectively quantify the exploitability of a vulnerability in comparison with CVSS.
A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC
Liu Weijie, Wang Lina, Tan Cheng, Xu Lai
2017, 54(10):  2310-2320.  doi:10.7544/issn1000-1239.2017.20170452
Asbtract ( 1763 )   HTML ( 24)   PDF (3302KB) ( 1013 )  
Related Articles | Metrics
Virtualization technology as the basis of cloud computing has been widely used, while security issues of virtual machine have been attracted more and more attention. The virtual machine introspection, as an “out-of-the-box” method leveraged to monitoring virtual machine, provides a new perspective for solving the security problems. Aiming at this situation, a triggering mechanism based on VMFUNC is proposed. Taking the advantages of the CPU hardware features VM-Function and RDTSC emulation, the mechanism minimizes the overhead of VM exits. Based on the extended page table view switching through the VMFUNC, our mechanism avoids the system pause caused by VMI programs. By means of overloading VMFUNC and Xentrace, our method can trigger VMI programs actively, thus overcoming the VMI program resident consumption. In this paper, a VMI-as-a-service system is implemented and verified by experiments. The results show that the performance cost is no more than 2%, which makes VMI widely being used possible in practical cloud environment.
Design and Implementation of Mimic Network Operating System
Wang Zhenpeng, Hu Hongchao, Cheng Guozhen
2017, 54(10):  2321-2333.  doi:10.7544/issn1000-1239.2017.20170444
Asbtract ( 1652 )   HTML ( 9)   PDF (3664KB) ( 796 )  
Related Articles | Metrics
As a mission-critical network component in software defined networking (SDN), SDN control plane is suffering from the vulnerabilities exploited to launch malicious attacks, such as malicious applications attack, modifying flow rule attack, and so on. In this paper, we design and implement mimic network operating system (MNOS), an active defense architecture based on mimic security defense to deal with it. In addition to the SDN data plane and control plane, a mimic plane is introduced between them to manage and dynamically schedule heterogeneous SDN controllers. First, MNOS dynamically selects m controllers to be active to provide network service in parallel according to a certain scheduling strategy, and then judges whether controllers are in benign conditions via comparing the m responses from the controllers, and decides a most trusted response to send to switches so that the minority of malicious controllers will be tolerated. Theoretical analysis and experimental results demonstrate that MNOS can reduce the successful attack probability and significantly improve network security, and these benefits come at only modest cost: the latency is only about 9.47% lower. And simulation results prove that the scheduling strategy and decision fusion method proposed can increase system diversity and the accuracy of decisions respectively, which will enhance the security performance further.
Detection of Covert and Suspicious DNS Behavior in Advanced Persistent Threats
Wang Xiaoqi, Li Qiang, Yan Guanghua, Xuan Guangzhe, Guo Dong
2017, 54(10):  2334-2343.  doi:10.7544/issn1000-1239.2017.20170403
Asbtract ( 1394 )   HTML ( 8)   PDF (1538KB) ( 696 )  
Related Articles | Metrics
In recent years, advanced persistent threats (APT) jeopardize the safety of enterprises, organizations and even countries, leading to heavy economic losses. An important feature of APT is that it can persist in attacking and can lurk in the target network for a long time. Unfortunately, we cannot detect APT effectively by current security measures. Recent researches have found that analyzing DNS request of the target network will help detect APT attacks. We add a time feature in the DNS traffic which is combined with change vector analysis (CVA) and reputation score to detect covert and suspicious DNS behavior. In this paper, we propose a new framework called APDD to detect covert and suspicious DNS behavior in long-term APT by analyzing a mass of DNS request data. We execute the data reduction algorithm on DNS request data and then extract their features. By using the CVA and the sliding time window method, we analyze the similarity between the access records of the domains to be detected and those of the related domains of current APT. We build a reputation scoring system to grade the domain access records of high similarity. The APDD framework will output a list of suspicious domain access records so that security experts are able to analyze the top-k records in the list, which will surely improve the detection efficiency of APT attacks. Finally, we use 1584225274 pieces of DNS request records which come from a large campus network and then simulate the attack data to verify the effectiveness and correctness of APDD. Experiments show that the APDD framework can effectively detect covert and suspicious DNS behavior in APT.
Advanced Persistent Threats Detection Game with Expert System for Cloud
Hu Qing, Lü Shichao, Shi Zhiqiang, Sun Limin, Xiao Liang
2017, 54(10):  2344-2355.  doi:10.7544/issn1000-1239.2017.20170433
Asbtract ( 1354 )   HTML ( 9)   PDF (4180KB) ( 828 )  
Related Articles | Metrics
Cloud computing systems are under threaten of advanced persistent threats (APT). It is hard for an autonomous detector to discover APT attacks accurately. The expert system (ES)can help to reduce detection errors via double-checking suspicious behaviors. However, it takes an extended period of time for the ES to recheck, which may lead to a defense delay. Besides, the ES makes mistakes too. In this paper, we discuss the necessity of the ES to participate in APT detection and defense for a cloud computing system by game theory, based on the consideration of miss detection rates and false alarm rates of both the APT detector and the ES. The ES-based APT detection method is designed, and the ES-APT game between an APT attacker and a defender is formulated. We derive its Nash equilibrium and analyze how the ES enhances the security of the cloud computing system. Also, the dynamic game is studied, in case that the APT attack model is unknowable. We present a reinforcement learning scheme for the cloud computing system with ES to get the optimal strategy. Simulation results show that, with the knowledge of the ES, both the defenders utility and the cloud computing systems security are improved compared with benchmark schemes.
A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology
Wang Tao, Chen Hongchang, Cheng Guozhen
2017, 54(10):  2356-2368.  doi:10.7544/issn1000-1239.2017.20170389
Asbtract ( 1192 )   HTML ( 2)   PDF (4073KB) ( 685 )  
Related Articles | Metrics
Software defined networking (SDN) has quickly emerged as a new communication network management paradigm and greatly changed the traditional network architecture. It provides fine-grained network management service by decoupling the control plane from the data plane. However, due to the separation of control plane from data plane, controller is easy to be the attacking target of DoS. To address this problem, we make a comprehensive research on DoS attacks in SDN, and propose MinDoS, a lightweight and effective DoS mitigation method. MinDoS mainly contains two key techniques/modules: simplified DoS detection module and priority manager. MinDoS can divide flow requests into multiple buffer queues with different priorities according to the users’ trust values. For a better protection towards controller under DoS attacks, this method then uses the SDN controller to schedule processing these flow requests by a dual polling mechanism. In addition, the design of MinDoS is also combined with dynamic controller assignment strategy so as to minimize the average response time of the control plane and improve the quality of service. Finally, we evaluate the performance of MinDoS in the single controller experimental environment and multi-controller experimental environment respectively. The experimental results show that the defense effect of MinDoS works well and the designed system meets the design objective basically.
Attribute-Based Encryption with Keyword Search in Mobile Cloud Storage
Su Hang, Zhu Zhiqiang, Sun Lei
2017, 54(10):  2369-2377.  doi:10.7544/issn1000-1239.2017.20170431
Asbtract ( 1176 )   HTML ( 8)   PDF (1288KB) ( 651 )  
Related Articles | Metrics
In recent years, with the further improvement of mobile devices’ performance and the rapid development of mobile Internet, more and more mobile terminals participate in cloud data storage and data sharing. In order to support mobile devices with constrained resource effectively in terms of sharing data safely and efficiently in the cloud, a secure and efficient attribute-based encryption scheme with keyword search (ABKS) is proposed in this paper. The proposed scheme is based on the AND gate access structure with wildcards, which is proven to be IND-CKA (indistinguishable against chosen keyword attack) secure and achieves keyword security under the standard model. The scheme adopts the Viète’s formulas to make each attribute only be represented by one element, and the length of index is constant, the length of trapdoor and secret key and the computation complexity of trapdoor algorithm and search algorithm grow linearly with the maximum number of wildcards that can be used in the access structure, in addition, the scheme removes the secure channel, which reduces the communication overhead further during the transmission process of index and trapdoor. Efficiency analysis shows that compared with other schemes, the proposed scheme has less computation overhead and communication overhead, which is more suitable for mobile cloud storage environment.
A Secure Outsourced Fusion Denoising Scheme in Multiple Encrypted Remote Sensing Images
Huang Dongmei, Dai Liang, Wei Lifei, Wei Quanmiao, Wu Guojian
2017, 54(10):  2378-2389.  doi:10.7544/issn1000-1239.2017.20170427
Asbtract ( 1182 )   HTML ( 6)   PDF (4626KB) ( 675 )  
Related Articles | Metrics
Remote sensing image denoising is a hot research topic in the field of image processing. The improvement of remote sensing image acquisition equipment and technology has made it possible to collect multiple images from the same scene in a short period of time. However, the processing huge number of the remote sensing images on the ordinary computers has caused the low processing capability and poor concurrency. It is a trend to store and compute the big data outsourced to the cloud. To protect the security of outsourced remote sensing images, the article presents a secure outsourced fusion denoising scheme in multiple encrypted remote sensing images to implement the fusion denoising based on dynamic filtering parameters. In the schemes, the ciphertext from Johnson-Lindenstrauss transform is used to weight calculatation as well as the plaintext and the ciphertext from Paillier homomorphic encryption is used to fusion denoise by the linear calculation of ciphertext. The experiments use several 512×512 pixels remote sensing images based on the Spark alone-server environment to simulate the cloud platform. The experimental results show that the outsourcing schemes can effectively ensure the security of the remote sensing images and get better denoising quality with different sizes of noise than the existing schemes.
Research on Scaling Technology of Bitcoin Blockchain
Yu Hui, Zhang Zongyang, Liu Jianwei
2017, 54(10):  2390-2403.  doi:10.7544/issn1000-1239.2017.20170416
Asbtract ( 2638 )   HTML ( 40)   PDF (2634KB) ( 2813 )  
Related Articles | Metrics
Bitcoin is a crypto currency introduced by Satoshi Nakamoto in 2008. It has the features of decentralization, cross-border and fixed total amount and has become one of the most widely used crypto currencies. Due to some initial limitations set by the inventor and the following developers, the transaction throughput of the Bitcoin network is much limited. Recently, the transaction throughput has been close to the maximum limit, and the corresponding transaction confirmation time has been greatly increased. Not only this affects user experiences of Bitcoin and limits its usage, but also this puts forward higher requirements for Bitcoin protocol design. Focusing on the challenges of transaction processing performance, this paper aims to promote blockchain capacity and takes a deep research on Bitcoin protocol. Firstly, we do a research on the current network status of Bitcoin, and analyze the transaction delay according to Bitcoin transaction data. Secondly, we analyze the feasibility and effectiveness of on-chain scaling proposals. Thirdly, we analyze mechanics and effects of off-chain scaling proposals. Finally, we analyze the advantages and disadvantages of on-chain/off-chain scaling proposals, and propose a scaling roadmap which meets the community requirements. The recent progress on the Bitcoin scaling shows the correctness of our proposals.
Compliance Analysis of Authorization Constraints in Business Process
Bo Yang, Xia Chunhe
2017, 54(10):  2404-2418.  doi:10.7544/issn1000-1239.2017.20170397
Asbtract ( 1049 )   HTML ( 2)   PDF (3681KB) ( 429 )  
Related Articles | Metrics
A novel framework of business process compliance analysis is proposed in this paper, and the proposed framework can process 1)business process authorization and non-business process authorization; 2)delegation of task of business processes; 3)inheritance of roles; 4)separation of duty and binding of duty constraints; 5)statics constraints and dynamic constraints. Authorization graph is proposed to describe the framework, and construct and reduce methods of authorization graph are designed to maintain the graph, then compliance analysis algorithms of authorization graph are proposed. Based on the analysis results, conflict patterns are presented. A set of resolutions for each pattern are provided, and a prototype system is implemented. The framework of authorization constraint compliance analysis, independent of platform, can be widely applied to system security analyzing. The effectiveness of the proposed method is reported by a case study and experiments at the end of this paper.