ISSN 0253-2778

CN 34-1054/N

2011 Vol. 41, No. 7

Display Method:
Security issues and solutions on social networks
LIU Jianwei, LI Weiyu, SUN Yu
2011, 41(7): 565-575. doi: 10.3969/j.issn.0253-2778.2011.07.001
Social networks (SN) have the characteristics of immensity of data, huge clientele, openness in information sharing, difficult customer relationship management, etc. Security issues, such as privacy protection, identity authentication and data access control have increased enormously on such networks. The basic concept, present development and main technology of SN were introduced. And specific security risks according to its characteristics were also summarized from the aspects of data mining, traditional threats and identity theft on SN. Furthermore, several existing security solutions of SN were described, and their working principles were analyzed and compared. Finally, some hot security research topics were given and the future research directions were discussed.
A lossless data coding and hiding scheme for fingerprint templates
HU Xiaocheng, ZHANG Weiming, YU Nenghai
2011, 41(7): 576-581. doi: 10.3969/j.issn.0253-2778.2011.07.002
By merging several kinds of user authentication information such as fingerprints, faces, passwords etc., multi-modal authentication can improve the security of traditional identify authentication systems. Furthermore, via data hiding technology, specific user identities can be imbedded into their biologic templates to ensure safe storage. A multi-modal authentication scheme was introduced, which uses fingerprint templates as the cover. The key problem of this technology is to ensure the quality of the template picture after embedding, which is important for the matching precision afterwards. Both theoretical analysis and experimental results demonstrate that by adopting a coding method which increases the sparseness of the original binary data before embedding, modification of the fingerprint template is lowers effectively, thus ensuring the image quality and matching precision. The method embeds fragile watermarks for the integrity authentication of the fingerprint template.
Hybrid group key management scheme based on STR unbalanced tree structure
MA Changsha, XUE Kaiping, HONG Peilin, DING Rong
2011, 41(7): 582-588. doi: 10.3969/j.issn.0253-2778.2011.07.003
STR group key management protocol can simplify key updating for its unbalanced binary-tree structure and decrease communication cost by increasing computing cost in group key management. A hybrid group key management scheme based on STR unbalanced tree was presented. It significantly decreases computation cost, and increases key updating efficiency, while maintaining the low-communication cost feature of STR protocol at the same time.
A password-authenticated key agreement scheme with perfect forward secrecy
HAO Zhuo, YU Nenghai
2011, 41(7): 589-593. doi: 10.3969/j.issn.0253-2778.2011.07.004
In a distributed network environment, password-authenticated key agreement schemes are fundamental security mechanisms. A security analysis of Chen et al.s scheme [Chen T H, Hsiang H C, Shih W K. Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Generation Computer Systems, 2011, 27(4): 337-380] was presented. It was found that Chen et al.s scheme cannot resist offline password guessing attacks, and does not have perfect forward secrecy. A security enhanced password-authenticated key agreement scheme was thus proposed. The proposed scheme maintains the good properties of Chen et al.s scheme, is resistant to offline password guessing attack and provides perfect forward secrecy. A security analysis of the proposed scheme demonstrated that it is capable of strong security. It is suitable for providing mutual authentication and key agreement between the user and the server in a distributed environment.
RFID cryptographic protocol based on two-dimensional region Hash chain
XIONG Wanxing, XUE Kaiping, HONG Peilin, MA Changsha
2011, 41(7): 594-598. doi: 10.3969/j.issn.0253-2778.2011.07.005
Due to the limitation of relevant devices, a lot of security problems exist in a radio frequency identification (RFID) system, one of the core technologies of the future internet of things (IOT). A new protocol based on the two-dimensional region (TDR) Hash chains was proposed after the core ideas of several typical RFID cryptographic protocols were analyzed. TDR could significantly improve the efficiency of database retrieval by identifying each Hash chain with region division. Moreover, a random number was introduced to further enhance the security of RFID systems.
A tamper-proof software watermark using code-based encryption
TANG Zhanyong, FANG Dingyi, SU Lin
2011, 41(7): 599-606. doi: 10.3969/j.issn.0253-2778.2011.07.006
Utilizing a modified PPCT structure, a tamper-proof software watermark solution with code-based encryption was proposed. The general Chinese remainder theorem was exploited to split the watermark which was represented as a big number into pieces to enhance stealthiness. Changes to the source and object code were made to embed the watermark, and according to certain policies some parts of the object code was encrypted with an en/decryption key that was highly coupled with the object code to increase robustness and tamper-proof capability.
Adaptive adjustment weighted text classification
LAI Yingxu, XU Xin, YANG Zhen
2011, 41(7): 607-614. doi: 10.3969/j.issn.0253-2778.2011.07.007
To improve the performance of the naive Bayes classifier, a method is proposed which regulates text categories by adding adjustment values to the output of the naive Bayes classifier. The classification pattern was learned in an incremental and adaptive way, and the interval during which the output of the naive Bayes classifier should be adjusted was built according to the classification performance evaluated by historical outputs. Then the adjustment value was adaptively added to the output of the naive Bayes classifier distributed in the interval to regulate its category. The experiment results on Trec05,Trec06,Trec07,CEAS08 datasets show that the proposed method outperforms the naive Bayes classifier and the bagging naive Bayes classifier in terms of accuracy, Macro F1, in addition to its simplicity and practicality.
Multivariate group signature scheme withstanding conspiracy attacks
TAO Yu, YANG Yatao, LI Zichen, ZHENG Xin
2011, 41(7): 615-618. doi: 10.3969/j.issn.0253-2778.2011.07.008
Multivariate public key encryption scheme which can resist attacks by quantum computer is believed to be an alternative security cryptography scheme in the post-quantum age. A multivariate group signature scheme was proposed. After an analysis of the scheme, a conspiracy attack scheme which could offer forgery attacks to the signature system was proposed. Then, a new matrix multiplication definition and prime matrix concept were given, and a conspiracy attack immune group signature scheme was proposed. Analysis shows that the scheme can not only fundamentally withstand conspiracy and forgery attacks, but trace the identity of signature members anonymously. Meanwhile, it can realize the unknown ability of group signature secret keys by constructing a secure distributed key generation protocol, thus greatly enhancing group signature security.
Multiple-authority-key KP-ABE scheme with adaptive security
YANG Xiaoyuan, WANG Zhiqiang, CAI Weiyi
2011, 41(7): 619-625. doi: 10.3969/j.issn.0253-2778.2011.07.009
Functional encryption provides a good way for sharing encrypted data in the network environment, which is sufficient for new emerging applications. Several recent works only focused on the systems that supported single-authority-key functionality. In order to solve the open problem of the construction of multiple authority keys functional encryption, an adaptive security model of multiple-authority-key key-policy attribute-based encryption (M-KP-ABE) was presented, which allows for functionalities that take in multiple authority keys. In this system, an encryptor can specify a policy and a capability describing what the decryptor can learn from the ciphertext. A new M-KP-ABE scheme was proposed for any attribute access structure that could be expressed by a linear multi-secret sharing scheme (LMSSS). This scheme is proven to be adaptively secure in the standard model by using the dual system encryption methodology recently introduced. The key generation centre (KGC) with multiple authority keys can combine users capabilities in a specified manner and users can decrypt many kinds of ciphertexts. It is easy to apply this methodology to other subclasses of functional encryption with equal security and efficiency, which makes it more appropriate for applications.
Intrusion detection approach towards software behavior trustworthiness
WANG Xinzhi, SUN Lechang, LU Yuliang, ZHANG Min
2011, 41(7): 626-635. doi: 10.3969/j.issn.0253-2778.2011.07.010
According to the problems of current intrusion detection methods, a new static detection approach towards software behavior trustworthiness was presented. Firstly, software behavior trustworthiness was discussed and defined formally, and was then described with instruction sequences. Secondly, a detection approach and its process were presented. Malicious behavior knowledge obtained through data mining on malware was organized as trustworthiness policy and used to detect and judge unknown software. Thirdly, the approach was implemented and verified by some behavior patterns on chosen samples. The experimental results show that the approach can detect malicious behavior in unknown software with a high success rate.
A new family of p-ary low correlation sequences with large family size
XIA Yongbo
2011, 41(7): 636-641. doi: 10.3969/j.issn.0253-2778.2011.07.011
Let p be an odd prime and n≥3, and k be positive integers with gcd(k,n)=1. Utilizing a class of quadratic forms over Fpn, a new family of p-ary sequences with period pn-1 was proposed. The proposed family has family size p2n and maximum correlation pn/2+1+1. The correlation distribution of the family was completely determined. Compared with the known sequence families, the proposed family has larger family size, while still maintaining low correlation.
An audio digital watermarking algorithm in DCT domain for air-channel transmitting
2011, 41(7): 642-650. doi: 10.3969/j.issn.0253-2778.2011.07.012
An audio sonic watermarking algorithm was proposed based on double DCT transform. The low-frequency coefficients after the first DCT transform were chosen for the second DCT transform. Using the method of modifying the coefficients in the double DCT domain, watermarking was embedded and in large quantities. Experimental results indicate that the proposed algorithm has a good hidden effect, and it has very good robustness, especially to 30% resample and MP3 compression attacks. Moreover, it can be applied to transmitting situation via air channel, with bit error ranging from 12% to 65%.
A seamless switching method based on reverse route redirection
ZHANG Jianwei, HAN Feng, LIU Si, LI Chaoyang, CAI Zengyu
2011, 41(7): 651-658. doi: 10.3969/j.issn.0253-2778.2011.07.013
Based on the characteristics and requirements of mobility support under the network environment of identifier mapping separation, aiming at the problem of excessive handoff delay in the existing network mobile switching technologies, a seamless switching method based on reverse route redirection was proposed. The method consists of the mobility detection, mapping information update and flow deflection. Compared with FHMIPv6 on the delay, the method can meet the real-time application requirements in the identifier separation network environment. And in the switching process much less mobile nodes are involved, which can save large amounts of wireless access system resources. Simulation results show that the values of handoff delay parameters of this method are consistent with the analysis, thus meeting a variety of real-time application requirements.