Tsinghua Science and Technology

SPECIAL SECTIONON INFORMATION SECURITY

  • A TrustEnclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals

    Rui Chang;Liehui Jiang;Wenzhi Chen;Yaobin Xie;Zhongyong Lu;

    The run-time security guarantee is a hotspot in current cyberspace security research,especially on embedded terminals,such as smart hardware as well as wearable and mobile devices.Typically,these devices use universal hardware and software to connect with public networks via the Internet,and are probably open to security threats from Trojan viruses and other malware.As a result,the security of sensitive personal data is threatened and economic interests in the industry are compromised.To address the run-time security problems efficiently,first,a Trust Enclave-based secure architecture is proposed,and the trusted execution environment is constructed by hardware isolation technology.Then the prototype system is implemented on real Trust Zone-enabled hardware devices.Finally,both analytical and experimental evaluations are provided.The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

    2017年05期 v.22 447-457页 [查看摘要][在线阅读][下载 3656K]
    [下载次数:5 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:14 ]
  • Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol

    Rui Ma;Shuaimin Ren;Ke Ma;Changzhen Hu;Jingfeng Xue;

    Network protocols are divided into stateless and stateful.Stateful network protocols have complex communication interactions and state transitions.However,the existing network protocol fuzzing does not support state transitions very well.This paper focuses on this issue and proposes the Semi-valid Fuzzing for the Stateful Network Protocol(SFSNP).The SFSNP analyzes protocol interactions and builds an extended finite state machine with a path marker for the network protocol; then it obtains test sequences of the extended finite state machine,and further performs the mutation operation using the semi-valid algorithm for each state transition in the test sequences; finally,it obtains fuzzing sequences.Moreover,because different test sequences may have the same state transitions,the SFSNP uses the state transition marking algorithm to reduce redundant test cases.By using the stateful rule tree of the protocol,the SFSNP extracts the constraints in the protocol specifications to construct semi-valid fuzz testing cases within the sub-protocol domain,and finally forms fuzzing sequences.Experimental results indicate that the SFSNP is reasonably effective at reducing the quantity of generated test cases and improving the quality of fuzz testing cases.The SFSNP can reduce redundancy and shorten testing time.

    2017年05期 v.22 458-468页 [查看摘要][在线阅读][下载 1593K]
    [下载次数:3 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:6 ]
  • Trusted Attestation Architecture on an Infrastructure-as-a-Service

    Xin Jin;Xingshu Chen;Cheng Zhao;Dandan Zhao;

    Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing.How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service(IaaS) platform is a problem that must be solved.The IaaS platform provides the Virtual Machine(VM),and the Trusted VM,equipped with a virtual Trusted Platform Module(vTPM),is the foundation of the trusted IaaS platform.We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes,and manage the information centrally on a cloud management platform.The architecture verifies the IaaS's trusted attestation by apprising the VM,Hypervisor,and host Operating System's(OS) trusted status.The theory and the technology roadmap were introduced,and the key technologies were analyzed.The key technologies include dynamic measurement of the Hypervisor at the process level,the protection of vTPM instances,the reinforcement of Hypervisor security,and the verification of the IaaS trusted attestation.A prototype was deployed to verify the feasibility of the system.The advantages of the prototype system were compared with the Open CIT(Intel Cloud attestation solution).A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.

    2017年05期 v.22 469-477页 [查看摘要][在线阅读][下载 2395K]
    [下载次数:5 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:9 ]
  • Conflict Analysis and Detection Based on Model Checking for Spatial Access Control Policy

    Aijuan Zhang;Cheng Ji;Yu Bao;Xin Li;

    In this paper,we propose a Multi-granularity Spatial Access Control(MSAC) model,in which multigranularity spatial objects introduce more types of policy rule conflicts than single-granularity objects do.To analyze and detect these conflicts,we first analyze the conflict types with respect to the relationship among the policy rules,and then formalize the conflicts by template matrices.We designed a model-checking algorithm to detect potential conflicts by establishing formalized matrices of the policy set.Lastly,we conducted experiments to verify the performance of the algorithm using various spatial data sets and rule sets.The results show that the algorithm can detect all the formalized conflicts.Moreover,the algorithm's efficiency is more influenced by the spatial object granularity than the size of the rule set.

    2017年05期 v.22 478-488页 [查看摘要][在线阅读][下载 3699K]
    [下载次数:2 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:6 ]
  • A Novel Video Reversible Data Hiding Algorithm Using Motion Vector for H.264/AVC

    Ke Niu;Xiaoyuan Yang;Yingnan Zhang;

    A novel reversible data hiding algorithm for H.264/AVC videos is proposed.Histogram Shifting(HS) of motion vector values is used efficiently in reversible data hiding to embed data.By designating a specific decoded reference frame,the distortion accumulation effects due to modification of the motion vectors is overcome.All the extracted information can be recovered without loss of the original compressed video carrier.The experimental results show that the proposed algorithm is simple,has higher capacity and invisibility than other existing schemes,and can adjust the relationship between capacity and invisibility according to embedded load.

    2017年05期 v.22 489-498页 [查看摘要][在线阅读][下载 1298K]
    [下载次数:6 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:6 ]
  • Evolutionary Cryptography Theory-Based Generating Method for Secure ECs

    Chao Wang;Feng Hu;Huanguo Zhang;Jie Wu;

    Ant Colony Optimization(ACO) has the character of positive feedback,distributed searching,and greedy searching.It is applicable to optimization grouping problems.Traditional cryptographic research is mainly based on pure mathematical methods which have complicated theories and algorithm.It seems that there is no relationship between cryptography and ACO.Actually,some problems in cryptography are due to optimization grouping problems that could be improved using an evolutionary algorithm.Therefore,this paper presents a new method of solving secure curve selection problems using ACO.We improved Complex Multiplication(CM)by combining Evolutionary Cryptography Theory with Weber polynomial solutions.We found that ACO makes full use of valid information generated from factorization and allocates computing resource reasonably.It greatly increases the performance of Weber polynomial solutions.Compared with traditional CM,which can only search one root once time,our new method searches all roots of the polynomial once,and the average time needed to search for one root reduces rapidly.The more roots are searched,the more ECs are obtained.

    2017年05期 v.22 499-510页 [查看摘要][在线阅读][下载 1979K]
    [下载次数:4 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:7 ]
  • Simple Method for Realizing Weil Theorem in Secure ECC Generation

    Feng Hu;Chao Wang;Huanguo Zhang;Jie Wu;

    How to quickly compute the number of points on an Elliptic Curve(EC) has been a longstanding challenge.The computational complexity of the algorithm usually employed makes it highly inefficient.Unlike the general EC,a simple method called the Weil theorem can be used to compute the order of an EC characterized by a small prime number,such as the Kobltiz EC characterized by two.The fifteen secure ECs recommended by the National Institute of Standards and Technology(NIST) Digital Signature Standard contain five Koblitz ECs whose maximum base domain reaches 571 bits.Experimental results show that the computation speed decreases for base domains exceeding 600 bits.In this paper,we propose a simple method that combines the Weil theorem with Pascals triangle,which greatly reduces the computational complexity.We have validated the performance of this method for base fields ranging from 2~(100) to 2~(1000).Furthermore,this new method can be generalized to any ECs characterized by any small prime number.

    2017年05期 v.22 511-519页 [查看摘要][在线阅读][下载 1682K]
    [下载次数:2 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:5 ]

REGULAR ARTICLES

  • An Improved Space-Time Joint Anti-jamming Algorithm Based on Variable Step LMS

    Dengao Li;Jinqiang Liu;Jumin Zhao;Gang Wu;Xiaofang Zhao;

    In wireless communication,the space-time anti-jamming method is widely applied because it shows better performance than the pure airspace and pure temporal anti-jamming methods.However,its application is limited by its computational complexity,and it cannot suppress narrowband interference that is in the same direction as the navigation signal.To solve these problems,we propose improved frequency filter to filter the narrowband interference from the desired signal direction in advance,meanwhile,an improved variable step Least Mean Square(LMS) method is proposed to complete the space-time array weights with fast iteration,thereby reducing computational complexity.The simulation results show that,compared with conventional methods,the anti-jamming capability of the proposed algorithm is significantly enhanced; and its complexity is significantly reduced.

    2017年05期 v.22 520-528页 [查看摘要][在线阅读][下载 4884K]
    [下载次数:7 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:7 ]
  • Analysis of Specialized Production of Transaction Services Based on Essential Services Quantity

    Li Wang;Yueting Chai;Yi Liu;

    The specialized production of e-commerce transaction systems is an important research topic,which is of great significance for evaluating the development level and forecasting the development direction of e-commerce.However,there is a certain disparity between the current mainstream research model and reality,which leads to a deviated result.This paper puts forward a definition of "transaction efficiency" based on essential transaction services and establishes a model of the middleman's specialized production decision of transaction services.The research result shows that(1) transaction efficiency plays an important role in improving the middleman's specialized production level,(2) only when the transaction efficiency is higher than a certain threshold will the distribution middleman appear,and(3) the degree of economic specialization,price of commodities and transaction services,and other associated factors also affect the evolution of e-commerce transaction systems.

    2017年05期 v.22 529-538页 [查看摘要][在线阅读][下载 6756K]
    [下载次数:4 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:9 ]
  • Campus Bus Network Design and Evaluation Based on the Route Property

    Jishiyu Ding;Shuo Feng;Li Li;Yi Zhang;

    A campus bus network design and evaluation,taking Tsinghua University as an example,is investigated in this paper.To minimize the total cost for both passengers and operator,the campus bus system planning in a sequential approach is discussed,including the route network design,headway(i.e.,the inverse of service frequency) optimization,and system evaluation.The improved genetic algorithm is proposed to optimize the route network based on the route property,and the impacts of the fluctuation of passenger demand and average traveling time are analyzed.The identity proportion in the headway optimization is then introduced with full consideration of its impacts.Based on the actual variety of passenger demand,a non-fixed schedule demonstrates its efficiency.VISSIM is finally adopted to simulate the campus bus system and a comprehensive evaluation system for the campus bus is developed.Compared with the current bus network and the one without considering the route property,the evaluation of the proposed approach shows an improvement of 18.7% and 10.1%,respectively.Moreover,the sequential approach shows an efficiency improvement over the alternative method.It is of great significance for the development of public transit systems in large industrial parks to decrease the total cost for both passengers and operator.

    2017年05期 v.22 539-550页 [查看摘要][在线阅读][下载 5640K]
    [下载次数:4 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:7 ]

  • Information for Contributors

    <正>Tsinghua Science and Technology(Tsinghua Sci Technol),an academic journal sponsored by Tsinghua University,is published bimonthly.This journal aims at presenting the up-to-date scientific achievements with high creativity and great significance in computer and electronic engineering.Contributions all over the world are welcome.Tsinghua Sci Technol is indexed by SCI,Engineering index(Ei,USA),INSPEC,SA,Cambridge Abstract,and other abstracting indexes.Manuscripts are selected for publication according to the editorial assessment of their suitability and evaluation

    2017年05期 v.22 551页 [查看摘要][在线阅读][下载 790K]
    [下载次数:0 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:7 ]