Key-dependent side-channel cube attack on CRAFT

CRAFT is a tweakable block cipher introduced in 2019 that aims to provide strong protection against differential fault analysis. In this paper, we show that CRAFT is vulnerable to side-channel cube attacks. We apply side-channel cube attacks to CRAFT with the Hamming weight leakage assumption. We found that the first half of the secret key can be recovered from the Hamming weight leakage after the first round. Next, using the recovered key bits, we continue our attack to recover the second half of the secret key. We show that the set of equations that are solvable varies depending on the value of the key bits. Our result shows that 99.90% of the key space can be fully recovered within a practical time.     

Securing keystroke dynamics from replay attacks

Keystroke dynamics is a viable behavioral biometric technique for identity verification based on users’ keyboard interaction traits. Keystroke dynamics can help prevent credentials from being abused in case of theft or leakage. But what happens if the keystroke events are eavesdropped and being replayed? Attackers that intercept keystroke dynamics authentication sessions of benign users can easily replay them from other sources unchanged or with minor changes and gain illegitimate privileges. Hence, even with its major security advantages, keystroke dynamics can still expose authentication mechanisms to replay attacks. Although replay attack is one of the oldest techniques to manipulate authentication systems, keystroke dynamics does not help preventing it. We suggest a new protocol for dynamics exchange based on choosing a subset of real and fake information snippets shared between the client and service providers to lure potential attackers. We evaluated our method on four state-of-the-art keystroke dynamics algorithms and three publicly available datasets and showed that we can dramatically reduce the possibility of replay attacks while preserving highly accurate user verification.     

一种标准模型下无证书签名方案的安全性分析与改进

无证书签名具有基于身份密码体制和传统公钥密码体制的优点，可解决复杂的公钥证书管理和密钥托管问题.Wu和Jing提出了一种强不可伪造的无证书签名方案，其安全性不依赖于理想的随机预言机.针对该方案的安全性，提出了两类伪造攻击.分析结果表明，该方案无法实现强不可伪造性，并在"malicious-but-passive"的密钥生成中心攻击下也是不安全的.为了提升该方案的安全性，设计了一个改进的无证书签名方案.在标准模型中证明了改进的方案对于适应性选择消息攻击是强不可伪造的，还能抵抗恶意的密钥生成中心攻击.此外，改进的方案具有较低的计算开销和较短的私钥长度，可应用于区块链、车联网、无线体域网等领域.     

基于k-shell的复杂网络最短路径近似算法

复杂网络最短路径经典算法的处理效率较低，不适用于大规模复杂网络，而现有近似算法通用性有限，且计算准确率不理想，不能满足规模日益扩大的复杂网络中的最短路径计算需求。针对于此，提出基于[k]-shell的复杂网络最短路径近似算法。算法利用节点的[k]-shell值进行网络划分并引导搜索路径，利用超点聚合处理[k]-shell子网来降低路径搜索中节点和连边的规模，通过在路径搜索过程使用双向搜索树方法提高算法的计算效率和准确率。实验结果表明，算法通用性较好，在现实与仿真大规模复杂网络中均具有较高的计算效率和准确率。     

基于概要数据结构的全网络持续流检测方法

持续流是隐蔽的网络攻击过程中显现的一种重要特征，它不产生大量流量且在较长周期内有规律地发生，给传统的检测方法带来极大挑战。针对网络攻击的隐蔽性、单监测点的重负荷和信息有限的问题，提出全网络持续流检测方法。首先，设计一种概要数据结构，并将其部署在每个监测点；其次，当网络流到达监测点时，提取流的概要信息并更新概要数据结构的一位；然后，在测量周期结束时，主监测点将来自其他监测点的概要信息进行综合；最后，提出流持续性的近似估计，通过一些简单计算为每个流构建一个位向量，利用概率统计方法估计流持续性，使用修正后的持续性估计检测持续流。通过真实的网络流量进行实验，结果表明，与长持续时间流检测算法（TLF）相比，所提方法的准确性提高了50%，误报率和漏报率分别降低了22%和20%，说明全网络持续流检测方法能够有效监测高速网络流量。     

A New NTRU-Type Public-Key Cryptosystem over the Binary Field

As the development of cloud computing and the convenience of wireless sensor netowrks, smart devices are widely used in daily life, but the security issues of the smart devices have not been well resolved. In this paper, we present a new NTRU-type public-key cryptosystem over the binary field. Specifically, the security of our scheme relies on the computational intractability of an unbalanced sparse polynomial ratio problem (DUSPR). Through theoretical analysis, we prove the correctness of our proposed cryptosystem. Furthermore, we implement our scheme using the NTL library, and conduct a group of experiments to evaluate the capabilities and consuming time of encryption and decryption. Our experiments result demonstrates that the NTRU-type public-key cryptosystem over the binary field is relatively practical and effective.     

A gradient boosting decision tree approach for insider trading identification: An empirical model evaluation of China stock market

Insider trading is a kind of criminal behavior in stock market by using nonpublic information. In recent years, it has become the major illegal activity in China’s stock market. In this study, a combination approach of GBDT (Gradient Boosting Decision Tree) and DE (Differential Evolution) is proposed to identify insider trading activities by using data of relevant indicators. First, insider trading samples occurred from year 2007 to 2017 and corresponding non-insider trading samples are collected. Next, the proposed method is trained by the GBDT, and initial parameters of the GBDT are optimized by the DE. Finally, out-of-samples are classified by the trained GBDT–DE model and its performances are evaluated. The experiment results show that our proposed method performed the best for insider trading identification under time window length of ninety days, indicating the relevant indicators under 90-days time window length are relatively more useful. Additionally, under all three time window lengths, relative importance result shows that several indicators are consistently crucial for insider trading identification. Furthermore, the proposed approach significantly outperforms other benchmark methods, demonstrating that it could be applied as an intelligent system to improve identification accuracy and efficiency for insider trading regulation in China stock market.     

2.5 GHz城市环境电磁态势的计算与补偿

复杂城市空间的电磁态势分布可以通过电磁场数值计算的方法进行预测。文章使用矩量法(MOM)结合一致性几何绕射理论(UTD)的方法对2.5 GHz频率下某小区环境中的电磁态势进行了仿真计算以及实际测量。场景中的树木结构在此频率下显示出比较强烈的波动性,对电磁仿真计算结果产生了不可忽略的影响,文中将其对仿真计算结果的影响进行了单独建模仿真,给出其产生影响的经验值,对仿真结果进行修正。修正结果与测量结果对比证明该经验值在该频率下可以有效补偿计算结果的缺失。     

Design structure matrix (DSM) method application to issue of modeling and analyzing the fault tree of a wind energy asset

The perpetual energy production of a wind farm could be accomplished (under proper weather conditions) if no failures occurred. But even the best possible design, manufacturing, and maintenance of a system cannot eliminate the failure possibility. In order to understand and minimize the system failures, the most crucial components of the wind turbines, which are prone to failures, should be identified. Moreover, it is essential to determine and classify the criticality of the system failures according to the impact of these failure events on wind turbine safety. The present study is processing the failure data from a wind farm and uses the Fault Tree Analysis as a baseline for applying the Design Structure Matrix technique to reveal the failure and risk interactions between wind turbine subsystems. Based on the analysis performed and by introducing new importance measures, the “readiness to fail” of a subsystem in conjunction with the “failure riskiness” can determine the “failure criticality.” The value of the failure criticality can define the frame within which interventions could be done. The arising interventions could be applied either to the whole system or could be focused in specified pairs of wind turbine subsystems. In conclusion, the method analyzed in the present research can be effectively applied by the wind turbine manufacturers and the wind farm operators as an operation framework, which can lead to a limited (as possible) design‐out maintenance cost, failures' minimization, and safety maximization for the whole wind turbine system.