- Kangwen Hu;Jingfeng Xue;Changzhen Hu;Rui Ma;Zhiqiang Li;
ID-based constant-round group key agreement protocols are efficient in both computation and communication,but previous protocols did not provide valid message authentication.An improvement based on attack analysis is proposed in this paper.The improved method takes full advantage of the data transmitted at various stages of the protocol.By guaranteeing the freshness of authentication messages,the authenticity of the generator of authentication messages,and the completeness of the authenticator,the improved protocol can resist various passive and active attacks.The forward secrecy of the improved protocol is proved under a Katz-Yung(KY)model.Compared with existing methods,the improved protocol is more effective and applicable.
2014年05期 v.19 421-428页 [查看摘要][在线阅读][下载 236K] [下载次数:32 ] |[网刊下载次数:0 ] |[引用频次:4 ] |[阅读次数:0 ] - Jinfu Chen;Huanhuan Wang;Dave Towey;Chengying Mao;Rubing Huang;Yongzhao Zhan;
The growing popularity and application of Web services have led to increased attention regarding the vulnerability of software based on these services.Vulnerability testing examines the trustworthiness and reduces the security risks of software systems.This paper proposes a worst-input mutation approach for testing Web service vulnerability based on Simple Object Access Protocol(SOAP)messages.Based on characteristics of SOAP messages,the proposed approach uses the farthest neighbor concept to guide generation of the test suite.The corresponding automatic test case generation algorithm,namely,the Test Case generation based on the Farthest Neighbor(TCFN),is also presented.The method involves partitioning the input domain into sub-domains according to the number and type of SOAP message parameters in the TCFN,selecting the candidate test case whose distance is the farthest from all executed test cases,and applying it to test the Web service.We also implement and describe a prototype Web service vulnerability testing tool.The tool was applied to the testing of Web services on the Internet.The experimental results show that the proposed approach can find more vulnerability faults than other related approaches.
2014年05期 v.19 429-441页 [查看摘要][在线阅读][下载 662K] [下载次数:42 ] |[网刊下载次数:0 ] |[引用频次:15 ] |[阅读次数:0 ] - Guoxiang Hu;Huanguo Zhang;Lijun Wang;Zhe Dong;
The weight hierarchy of a [n; kI q] linear code C over Fq is the sequence(d1,… dr,… dk), where dr is the smallest support weight of an r-dimensional subcode of C. In this paper, by using the finite projective geometry method, we research a class of weight hierarchy of linear codes with dimension 5. We first find some new preconditions of this class. Then we divide its weight hierarchies into six subclasses, and research one subclass to determine nearly all the weight hierarchies of this subclass of weight hierarchies of linear codes with dimension 5.
2014年05期 v.19 442-451页 [查看摘要][在线阅读][下载 318K] [下载次数:33 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Xuejun Zhang;Xiaolin Gui;Feng Tian;Si Yu;Jian An;
The widespread use of Location-Based Services(LBSs),which allows untrusted service providers to collect large quantities of information regarding users’locations,has raised serious privacy concerns.In response to these issues,a variety of LBS Privacy Protection Mechanisms(LPPMs)have been recently proposed.However,evaluating these LPPMs remains problematic because of the absence of a generic adversarial model for most existing privacy metrics.In particular,the relationships between these metrics have not been examined in depth under a common adversarial model,leading to a possible selection of the inappropriate metric,which runs the risk of wrongly evaluating LPPMs.In this paper,we address these issues by proposing a privacy quantification model,which is based on Bayes conditional privacy,to specify a general adversarial model.This model employs a general definition of conditional privacy regarding the adversary’s estimation error to compare the different LBS privacy metrics.Moreover,we present a theoretical analysis for specifying how to connect our metric with other popular LBS privacy metrics.We show that our privacy quantification model permits interpretation and comparison of various popular LBS privacy metrics under a common perspective.Our results contribute to a better understanding of how privacy properties can be measured,as well as to the better selection of the most appropriate metric for any given LBS application.
2014年05期 v.19 452-462页 [查看摘要][在线阅读][下载 396K] [下载次数:68 ] |[网刊下载次数:0 ] |[引用频次:18 ] |[阅读次数:0 ] - Jian Zhao;Haiying Gao;Junqi Zhang;
In the previous construction of attributed-based encryption for circuits on lattices,the secret key size was exponential to the number of AND gates of the circuit.Therefore,it was suitable for the shallow circuits whose depth is bounded.For decreasing the key size of previous scheme,combining the techniques of Two-to-One Recoding(TOR),and sampling on lattices,we propose a new Key-Policy Attribute-Based Encryption(KP-ABE)scheme for circuits of any arbitrary polynomial on lattices,and prove that the scheme is secure against chosen plaintext attack in the selective model under the Learning With Errors(LWE)assumptions.In our scheme,the key size is proportional to the number of gates or wires in the circuits.
2014年05期 v.19 463-469页 [查看摘要][在线阅读][下载 261K] [下载次数:44 ] |[网刊下载次数:0 ] |[引用频次:15 ] |[阅读次数:0 ] - Shuang Xiang;Bo Zhao;An Yang;Tao Wei;
Infrastructure as a Service(IaaS)has brought advantages to users because virtualization technology hides the details of the physical resources,but this leads to the problem of users being unable to perceive their security.This defect has obstructed cloud computing from wide-spread popularity and development.To solve this problem,a dynamic measurement protocol in IaaS is presented in this paper.The protocol makes it possible for the user to get the real-time security status of the resources,thereby solving the problem of guaranteeing dynamic credibility.This changes the cloud service security provider from the operator to the users themselves.This study has verified the security of the protocol by means of Burrow-Abadi-Needham(BAN)logic,and the result shows that it can satisfy requirements for innovation,privacy,and integrity.Finally,based on different IaaS platforms,this study has conducted a performance analysis to demonstrate that this protocol is reliable,secure,and efficient.
2014年05期 v.19 470-477页 [查看摘要][在线阅读][下载 487K] [下载次数:47 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Yatao Yang;Shuang Zhang;Junming Yang;Jia Li;Zichen Li;
Several public-key encryption schemes used to solve the problem of ciphertext data processing on the fly are discussed.A new targeted fully homomorphic encryption scheme based on the discrete logarithm problem is presented.Public-key encryption cryptosystems are classified to examine homomorphic encryption.Without employing techniques proposed by Gentry such as somewhat homomorphic and bootstrapping techniques,or relinearization technique proposed by Brakerski et al.,a new method called"Double Decryption Algorithm"is employed in our cryptography to satisfy a fully or targeted fully homomorphic property.Inspired by ElGamal and BGN cryptography,we obtain the desired fully homomorphic property by selecting a new group and adding an extra component to the ciphertext.Proof of semantic security is also demonstrated.
2014年05期 v.19 478-485页 [查看摘要][在线阅读][下载 254K] [下载次数:67 ] |[网刊下载次数:0 ] |[引用频次:13 ] |[阅读次数:0 ] - Zhen Liu;Xiaoyuan Yang;Weidong Zhong;Yiliang Han;
Chosen Ciphertext Attack(CCA)security on the standard model is widely accepted as the standard security notion for the public key cryptosystem.The existing CCA-secure public key cryptosystems on the standard model are expensive in terms of efficiency and practicality.In this paper,an efficient and practical public key cryptosystem is presented over the group of signed quadratic residues.It is provably secure against CCA on the standard model.Furthermore,public verifiability for this scheme is also realized in the way that projects the verification privacy key into public key on trapdoor pretending.It will be useful to devise efficient CCA-secure threshold and proxy re-encryption schemes on the standard model.
2014年05期 v.19 486-495页 [查看摘要][在线阅读][下载 295K] [下载次数:21 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ] - Lin Chen;Xingshu Chen;Junfang Jiang;Xueyuan Yin;Guolin Shao;
Network security requirements based on virtual network technologies in IaaS platforms and corresponding solutions were reviewed.A dynamic network security architecture was proposed,which was built on the technologies of software defined networking,Virtual Machine(VM)traffic redirection,network policy unified management,software defined isolation networks,vulnerability scanning,and software updates.The proposed architecture was able to obtain the capacity for detection and access control for VM traffic by redirecting it to configurable security appliances,and ensured the effectiveness of network policies in the total life cycle of the VM by configuring the policies to the right place at the appropriate time,according to the impacts of VM state transitions.The virtual isolation domains for tenants’VMs could be built flexibly based on VLAN policies or Netfilter/Iptables firewall appliances,and vulnerability scanning as a service and software update as a service were both provided as security supports.Through cooperation with IDS appliances and automatic alarm mechanisms,the proposed architecture could dynamically mitigate a wide range of network-based attacks.The experimental results demonstrate the effectiveness of the proposed architecture.
2014年05期 v.19 496-507页 [查看摘要][在线阅读][下载 1158K] [下载次数:120 ] |[网刊下载次数:0 ] |[引用频次:20 ] |[阅读次数:0 ] - Lansheng Han;Mengxiao Qian;Xingbo Xu;Cai Fu;Hamza Kwisaba;
Malicious applications can be introduced to attack users and services so as to gain financial rewards,individuals’sensitive information,company and government intellectual property,and to gain remote control of systems.However,traditional methods of malicious code detection,such as signature detection,behavior detection,virtual machine detection,and heuristic detection,have various weaknesses which make them unreliable.This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association.The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior;then a relation between behaviors is established according to data dependence.Next,a behavior association model is built up and a discrimination method is put forth using pushdown automation.Finally,the exact malicious code is taken as a sample to carry out an experiment on the behavior’s capture,association,and discrimination,thus proving that the theoretical model is viable.
2014年05期 v.19 508-515页 [查看摘要][在线阅读][下载 350K] [下载次数:48 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ]
<正>The publication of Tsinghua Science and Technology was started in 1996.Since then,it has been an international academic journal sponsored by Tsinghua University and published bimonthly.This journal aims at presenting the state-of-art scientific achievements in computer science and other IT fields.This special section is devoted to gather and present high level research and review papers that address the challenges in the broad areas of Microelectronics.Microelectronics has become a highly active research area because of the potential of providing diverse services to broad range of applications,not only on science and engineering,but
2014年05期 v.19 543页 [查看摘要][在线阅读][下载 51K] [下载次数:23 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ] -
<正>The publication of Tsinghua Science and Technology was started in 1996.Since then,it has been an international academic journal sponsored by Tsinghua University and published bimonthly.This journal aims at presenting the state-of-art scientific achievements in computer science and other IT fields.The Smart Grid System,or the intelligent electricity grid has attracted increasing attentions in recent years and become a global trend nowadays.As the revolution of the electric grid system,it facilitates a reliable and efficient delivery of electricity to consumers utilizing modern intelligent electricity generation,transmission and distribution by incorporating elements of traditional and advanced power engineering,sophisticated sensing and
2014年05期 v.19 544页 [查看摘要][在线阅读][下载 52K] [下载次数:16 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ] <正>Tsinghua Science and Technology(Tsinghua Sci Technol),an academic journal sponsored by Tsinghua University,is published bimonthly.This journal aims at presenting the up-to-date scientific achievements with high creativity and great significance in computer and electronic engineering.Contributions all over the world are welcome.Tsinghua Sci Technol is indexed by IEEE Xplore,Engineering index(Ei,USA),INSPEC,SA,Cambridge Abstract and other abstracting indexes.Manuscripts are selected for publication according to the editorial assessment of their suitability and evaluation from independent reviewers.Papers are usually sent to two or more reviewers including one reviewer out of China.
2014年05期 v.19 545页 [查看摘要][在线阅读][下载 27K] [下载次数:10 ] |[网刊下载次数:0 ] |[引用频次:0 ] |[阅读次数:0 ]