- Yu Wang;Dingbang Xu;Fan Li;
Location privacy has been a serious concern for mobile users who use location-based services provided by third-party providers via mobile networks. Recently, there have been tremendous efforts on developing new anonymity or obfuscation techniques to protect location privacy of mobile users. Though effective in certain scenarios, these existing techniques usually assume that a user has a constant privacy requirement along spatial and/or temporal dimensions, which may be not true in real-life scenarios. In this paper, we introduce a new location privacy problem: Location-aware Location Privacy Protection(L2P2) problem, where users can define dynamic and diverse privacy requirements for different locations. The goal of the L2P2 problem is to find the smallest cloaking area for each location request so that diverse privacy requirements over spatial and/or temporal dimensions are satisfied for each user. In this paper, we formalize two versions of the L2P2 problem, and propose several efficient heuristics to provide such location-aware location privacy protection for mobile users. Through extensive simulations over large synthetic and real-life datasets, we confirm the effectiveness and efficiency of the proposed L2P2 algorithms.
2016年03期 v.21 243-259页 [查看摘要][在线阅读][下载 1638K] [下载次数:67 ] |[网刊下载次数:0 ] |[引用频次:23 ] |[阅读次数:0 ] - Jingjing Wang;Yiliang Han;Xiaoyuan Yang;
Traditional k-anonymity schemes cannot protect a user's privacy perfectly in big data and mobile network environments. In fact, existing k-anonymity schemes only protect location in datasets with small granularity. But in larger granularity datasets, a user's geographical region-location is always exposed in realizations of k-anonymity because of interaction with neighboring nodes. And if a user could not find enough adjacent access points, most existing schemes would be invalid. How to protect location information has become an important issue. But it has not attracted much attention. To solve this problem, two location-privacy protection models are proposed. Then a new generalized k-anonymity Location Privacy Protection Scheme based on the Chinese Remainder Theorem(LPSS-CRT) in Location-Based Services(LBSs) is proposed. We prove that it can guarantee that users can access LBSs without leaking their region-location information, which means the scheme can achieve perfect anonymity.Analysis shows that LPPS-CRT is more secure in protecting location privacy, including region information, and is more efficient, than similar schemes. It is suitable for dynamic environments for different users' privacy protection requests.
2016年03期 v.21 260-269页 [查看摘要][在线阅读][下载 649K] [下载次数:47 ] |[网刊下载次数:0 ] |[引用频次:5 ] |[阅读次数:0 ] - Bin Mu;Spiridon Bakiras;
Proximity detection is an emerging technology in Geo-Social Networks that notifies mobile users when they are in proximity. Nevertheless, users may be unwilling to participate in such applications if they are required to disclose their exact locations to a centralized server and/or their social friends. To this end, private proximity detection protocols allow any two parties to test for proximity while maintaining their locations secret. In particular,a private proximity detection query returns only a boolean result to the querier and, in addition, it guarantees that no party can derive any information regarding the other party's location. However, most of the existing protocols rely on simple grid decompositions of the space and assume that two users are in proximity when they are located inside the same grid cell. In this paper, we extend the notion of private proximity detection, and propose a novel approach that allows a mobile user to define an arbitrary convex polygon on the map and test whether his friends are located therein. Our solution employs a secure two-party computation protocol and is provably secure. We implemented our method on handheld devices and illustrate its efficiency in terms of both computational and communication costs.
2016年03期 v.21 270-280页 [查看摘要][在线阅读][下载 456K] [下载次数:12 ] |[网刊下载次数:0 ] |[引用频次:8 ] |[阅读次数:0 ] - Jinfu Chen;Saihua Cai;Lili Zhu;Yuchi Guo;Rubing Huang;Xiaolei Zhao;Yunqi Sheng;
Mass monitor logs are produced during the process of component security testing. In order to mine the explicit and implicit security exception information of the tested component, the log should be searched for keyword strings. However, existing string-searching algorithms are not very efficient or appropriate for the operation of searching monitor logs during component security testing. For mining abnormal information effectively in monitor logs, an improved string-searching algorithm is proposed. The main idea of this algorithm is to search for the first occurrence of a character in the main string. The character should be different and farther from the last character in the pattern string. With this algorithm, the backward moving distance of the pattern string will be increased and the matching time will be optimized. In the end, we conduct an experimental study based on our approach, the results of which show that the proposed algorithm finds strings in monitor logs 11.5% more efficiently than existing approaches.
2016年03期 v.21 281-294页 [查看摘要][在线阅读][下载 1374K] [下载次数:23 ] |[网刊下载次数:0 ] |[引用频次:6 ] |[阅读次数:0 ] - Longfei Liu;Xiaoyuan Yang;Xiaoni Du;Bin Wei;
Periodic sequences over finite fields, constructed by classical cyclotomic classes and generalized cyclotomic classes, have good pseudorandom properties. The linear complexity of a period sequence plays a fundamental role in the randomness of sequences. Let p, q, and r be distinct odd primes with gcd(p–1, q–1)=gcd(p–1, r –1)=gcd(q–1, r –1)=2. In this paper, a new class of generalized cyclotomic sequence with respect to pqr over GF(2) is constructed by finding a special characteristic set. In addition, we determine its linear complexity using cyclotomic theory. Our results show that these sequences have high linear complexity, which means they can resist linear attacks.
2016年03期 v.21 295-301页 [查看摘要][在线阅读][下载 222K] [下载次数:42 ] |[网刊下载次数:0 ] |[引用频次:6 ] |[阅读次数:0 ] - Houzhen Wang;Huanguo Zhang;Shaowu Mao;Wanqing Wu;Liqiang Zhang;
During the last two decades, there has been intensive and fast development in Multivariate Public Key Cryptography(MPKC), which is considered to be an important candidate for post-quantum cryptography. However,it is universally regarded as a difficult task, as in the Knapsack cryptosystems, to design a secure MPKC scheme(especially an encryption scheme) employing the existing trapdoor construction. In this paper, we propose a new key-exchange scheme and an MPKC scheme based on the Morphism of Polynomials(MP) problem. The security of the proposed schemes is provably reducible to the conjectured intractability of a new difficult problem,namely the Decisional Multivariate Diffie-Hellman(DMDH) problem derived from the MP problem. The proposed key agreement is one of several non-number-theory-based protocols, and is a candidate for use in the post-quantum era. More importantly, by slightly modifying the protocol, we offer an original approach to designing a secure MPKC scheme. Furthermore, the proposed encryption scheme achieves a good tradeoff between security and efficiency,and seems competitive with traditional MPKC schemes.
2016年03期 v.21 302-311页 [查看摘要][在线阅读][下载 293K] [下载次数:16 ] |[网刊下载次数:0 ] |[引用频次:2 ] |[阅读次数:0 ] - Donglai Fu;Xinguang Peng;
It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for missioncritical applications based on Wireless Sensor Networks(WSNs). However, it is a challenge to evaluate the trustworthiness without appropriate hardware support. Hence, we present a hardware-based remote attestation protocol to tackle the problem within WSNs. In our design, each sensor node is equipped with a Trusted Platform Module(TPM) which plays the role of a trusted anchor. We start with the formulation of remote attestation and its security. The complete protocol for both single-hop and multi-hop attestations is then demonstrated. Results show the new protocol is effective, efficient, and secure.
2016年03期 v.21 312-321页 [查看摘要][在线阅读][下载 300K] [下载次数:53 ] |[网刊下载次数:0 ] |[引用频次:13 ] |[阅读次数:0 ] - Xiaoming Ye;Xingshu Chen;Haizhou Wang;Xuemei Zeng;Guolin Shao;Xueyuan Yin;Chun Xu;
This paper proposes an anomalous behavior detection model based on cloud computing. Virtual Machines(VMs) are one of the key components of cloud Infrastructure as a Service(Iaa S). The security of such VMs is critical to Iaa S security. Many studies have been done on cloud computing security issues, but research into VM security issues, especially regarding VM network traffic anomalous behavior detection, remains inadequate.More and more studies show that communication among internal nodes exhibits complex patterns. Communication among VMs in cloud computing is invisible. Researchers find such issues challenging, and few solutions have been proposed—leaving cloud computing vulnerable to network attacks. This paper proposes a model that uses Software-Defined Networks(SDN) to implement traffic redirection. Our model can capture inter-VM traffic, detect known and unknown anomalous network behaviors, adopt hybrid techniques to analyze VM network behaviors, and control network systems. The experimental results indicate that the effectiveness of our approach is greater than 90%, and prove the feasibility of the model.
2016年03期 v.21 322-332页 [查看摘要][在线阅读][下载 827K] [下载次数:127 ] |[网刊下载次数:0 ] |[引用频次:14 ] |[阅读次数:0 ] - Qi Yuan;Chunguang Ma;Xiaorui Zhong;Gang Du;Jiansheng Yao;
This work develops an equilibrium model for finding the optimal distribution strategy to maximize performance of key predistribution protocols in terms of cost, resilience, connectivity, and lifetime. As an essential attribute of wireless sensor networks, heterogeneity and its impacts on random key predistribution protocols are first discussed. Using supernetworks theory, the optimal node deployment model is proposed and illustrated. In order to find the equilibrium performance of our model, all optimal performance functions are changed into variational inequalities so that this optimization problem can be solved. A small-scale example is presented to illustrate the applicability of our model.
2016年03期 v.21 333-343页 [查看摘要][在线阅读][下载 437K] [下载次数:26 ] |[网刊下载次数:0 ] |[引用频次:3 ] |[阅读次数:0 ] - Jinhui Liu;Aiwan Fan;Jianwei Jia;Huanguo Zhang;Houzhen Wang;Shaowu Mao;
Advances in quantum computers threaten to break public-key cryptosystems(e.g., RSA, ECC, and EIGamal), based on the hardness of factoring or taking a discrete logarithm. However, no quantum algorithms have yet been found for solving certain mathematical problems in non-commutative algebraic structures. Recently,two novel public-key encryption schemes, BKT-B cryptosystem and BKT-FO cryptosystem, based on factorization problems have been proposed at Security and Communication Networks in 2013. In this paper we show that these two schemes are vulnerable to structural attacks and linearization equations attacks, and that they only require polynomial time complexity to obtain messages from associated public keys. We conduct a detailed analysis of the two attack methods and show corresponding algorithmic descriptions and efficiency analyses. In addition, we provide some improvement suggestions for the two public-key encryption schemes.
2016年03期 v.21 344-351页 [查看摘要][在线阅读][下载 305K] [下载次数:19 ] |[网刊下载次数:0 ] |[引用频次:4 ] |[阅读次数:0 ] - Rui Ma;Daguang Wang;Changzhen Hu;Wendong Ji;Jingfeng Xue;
To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol.This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree,the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency.
2016年03期 v.21 352-360页 [查看摘要][在线阅读][下载 419K] [下载次数:68 ] |[网刊下载次数:0 ] |[引用频次:31 ] |[阅读次数:0 ]