DHT系统的安全性优化方法研究

对分布式哈希表(DHT)系统的安全脆弱性问题进行了研究,提出了多种安全性优化策略,并给出了一个原型系统。进行了真实网络实验,实验数据表明,现有DHT网络易受索引毒害和路由污染攻击,产生的错误查询结果甚至会引发更大规模的网络安全事件。通过改进一个个DHT系统的节点ID生成机制、路由表更新机制和搜索路径选择机制,从系统运行的各个阶段提升其安全场,抵御攻击者共谋。基于上述方法设计的原型系统在保证平均查询跳数增加不到1跳的情况下,在共谋攻击节点占比60%的网络中,将系统查询成功率保持在65%以上,其方法适用于各种分布式哈希表结构,具有重要的实际应用前景。     

城市重大危险源区域风险评价研究

旨在以城市重大危险源为主体对象研究出一套科学有效的风险评价方法。通过拓展城市重大危险源的评价技术,提出安全等级“层级叠加”原理,将单独评价拓展为相关耦合评价。研究了城市区域性重大事故风险评价技术及量化方法,以城市地理和城市资源为平台,分析各类灾害发生的可能性,确定种类灾害相对于城市的安全等级,并将其以一定的比例相关系数进行叠加,得到城市安全的综合且近似于实际的安全“图谱”,并综合人口密度分布建立社会风险评价指标,从而对城市危险源进行综合安全规划,并以试点城市为例给出可视化的城市安全等级划分结果。研究工作成     

Self-embedding Image Watermarking based on Combined Decision Using Pre-offset and Post-offset Blocks

To detect and recover random tampering areas, a combined-decision-based self-embedding watermarking scheme is proposed herein. In this scheme, the image is first partitioned into 2×2 size blocks. Next, the high 5 bits of a block’s average value is embedded into its offset block. The tampering type of block is detected by comparing the watermarks of its pre-offset and post-offset blocks. The theoretical analysis and experiments demonstrate that the proposed scheme not only has a lower ratio of false detection but also better performance with regard to avoiding random tampering.     

A Blockchain-Based Authentication Protocol for WLAN Mesh Security Access

In order to deploy a secure WLAN mesh network, authentication of both users and APs is needed, and a secure authentication mechanism should be employed. However, some additional configurations of trusted third party agencies are still needed on-site to deploy a secure authentication system. This paper proposes a new block chain-based authentication protocol for WLAN mesh security access, to reduce the deployment costs and resolve the issues of requiring key delivery and central server during IEEE 802.11X authentication. This method takes the user’s authentication request as a transaction, considers all the authentication records in the mesh network as the public ledger and realizes the effective monitoring of the malicious attack. Finally, this paper analyzes the security of the protocol in detail, and proves that the new method can solve the dependence of the authentication node on PKI and CA.     

Efficient Secure Data Provenance Scheme in Multimedia Outsourcing and Sharing

To cope with privacy leakage caused by multimedia outsourcing and sharing, data provenance is used to analyze leaked multimedia and provide reactive accountability. Existing schemes of multimedia provenance are based on watermarking protocols. In an outsourcing scenario, existing schemes face two severe challenges: 1) when data leakage occurs, there exists a probability that data provenance results can be repudiated, in which case data provenance tracking fails; and 2) when outsourced data are shared, data encryption transfer causes key management burden outside the schemes, and privacy leakage threatens users. In this paper, we propose a novel data provenance scheme with an improved LUT-based fingerprinting protocol, which integrates an asymmetric watermarking protocol, robust watermark algorithm and homomorphic encryption and digital signatures to achieve full non-repudiation provenance. We build an in-scheme stream cipher to protect outsourced multimedia data from privacy leakage and complicated key management. Our scheme is also lightweight and easy to deploy. Extensive security and performance analysis compares our scheme with the state of the art. The results show that our scheme has not only better provenance security and data confidentiality but also higher efficiency for multimedia outsourcing, sharing and provenance.     

SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is time-consuming and error-prone to analyze the whole code in detail. Also, most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities. This paper proposes SMINER, a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors. SMINER first collects unit test cases for the target system from the official repository. Next, preprocess the collected code fragments. SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing. To demonstrate the effectiveness of SMINER, this paper evaluates SMINER against Robot Operating System (ROS), a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration (NASA). From the evaluation, we discovered two real-world vulnerabilities in ROS.     

区块链技术在智慧能源体系中的应用研究

区块链是目前打通物理实体、虚拟数据直至价值层面最合适的技术手段之一,其核心是依靠分布式共识机制实现价值的可靠重构和转移。区块链的技术原理和价值特性与智慧能源的内在诉求不谋而合,匹配智慧能源的多主体应用场景。基于区块链的技术特性,对其在智慧能源体系中的适用性进行分析,提出具体的技术选型和构架设计方案,促进能源区块链技术在智慧能源、能源互联网领域的发展。     

基于广义回归神经网络的工程公司风险评估

针对工程公司日常管理中由于缺乏风险评估工具,经常造成公司资源的浪费,甚至造成大量损失的现状,结合其行业特点,构建风险评价体系模型。在模型的基础上,提出一种基于广义回归神经网络(GRNN)的工程公司风险评估方法,通过矩阵实验室中的神经网络工具对其进行仿真计算,以某安防系统工程公司的实例证明了其有效性。该研究为同类型公司的风险评估提供了一种有效的管理工具。     

Stackelberg Game-Based Resource Allocation with Blockchain for Cold-Chain Logistics System

Cold-chain logistics system (CCLS) plays the role of collecting and managing the logistics data of frozen food. However, there always exist problems of information loss, data tampering, and privacy leakage in traditional centralized systems, which influence frozen food security and people’s health. The centralized management form impedes the development of the cold-chain logistics industry and weakens logistics data availability. This paper first introduces a distributed CCLS based on blockchain technology to solve the centralized management problem. This system aggregates the production base, storage, transport, detection, processing, and consumer to form a cold-chain logistics union. The blockchain ledger guarantees that the logistics data cannot be tampered with and establishes a traceability mechanism for food safety incidents. Meanwhile, to improve the value of logistics data, a Stackelberg game-based resource allocation model has been proposed between the logistics data resource provider and the consumer. The competition between resource price and volume balances the resource supplement and consumption. This model can help to achieve an optimal resource price when the Stackelberg game obtains Nash equilibrium. The two participants also can maximize their revenues with the optimal resource price and volume by utilizing the backward induction method. Then, the performance evaluations of transaction throughput and latency show that the proposed distributed CCLS is more secure and stable. The simulations about the variation trend of data price and amount, optimal benefits, and total benefits comparison of different forms show that the resource allocation model is more efficient and practical. Moreover, the blockchain-based CCLS and Stackelberg game-based resource allocation model also can promote the value of logistic data and improve social benefits.     

Blockchain-based ubiquitous manufacturing: a secure and reliable cyber-physical system

With product customisation and emerging business opportunities, small and medium manufacturing enterprises (SMEs) must find ways to collaborate and share competency in a trustable manner to survive a turbulent market. Therefore, service industry turns to the manufacturing industry and SMEs migrate to cloud manufacturing (CM) and ubiquitous manufacturing. However, existing platforms use centralised networking, which suffers from security, scalability and big-data problems. In this paper, we propose a blockchain-based platform as a trustable network to eradicate third-party problems, which can improve the scalability, security and big-data problems for SMEs. Our proposed platform is developed based on a consortium blockchain which provides a peer-to-peer communication network between the end user and the service provider. We improve existing consensus mechanism and communication protocol based on a cyber-physical system (CPS), via an autonomous agent. Firstly, we provide a review of cloud manufacturing, ubiquitous manufacturing and blockchain-based manufacturing approaches by highlighting the main problems. Then, the proposed platform, blockchain ubiquitous manufacturing (BCUM), is explained, based on its architecture, consensus algorithm and CPS, with the help of autonomous agent communication. The proposed platform has been developed for 3D printing companies which are geographically distributed and tested based on network performance and three practical scenarios.     

A New Model for Network Security Situation Assessment of the Industrial Internet

To address the problem of network security situation assessment in the Industrial Internet, this paper adopts the evidential reasoning (ER)algorithm and belief rule base (BRB) method to establish an assessment model. First, this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge. Second, the evaluation indicators are fused with expert knowledge and the ER algorithm. According to the fusion results, a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established, and the projection covariance matrix adaptive evolution strategy (P-CMA-ES) is used to optimize the model parameters. This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion. Moreover, it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data. Finally, a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method. The research results show that this method has strong applicability to the network security situation assessment of complex Industrial Internet systems. It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures, thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.     

Fine-Grained Binary Analysis Method for Privacy Leakage Detection on the Cloud Platform

Nowadays cloud architecture is widely applied on the internet. New malware aiming at the privacy data stealing or crypto currency mining is threatening the security of cloud platforms. In view of the problems with existing application behavior monitoring methods such as coarse-grained analysis, high performance overhead and lack of applicability, this paper proposes a new fine-grained binary program monitoring and analysis method based on multiple system level components, which is used to detect the possible privacy leakage of applications installed on cloud platforms. It can be used online in cloud platform environments for fine-grained automated analysis of target programs, ensuring the stability and continuity of program execution. We combine the external interception and internal instrumentation and design a variety of optimization schemes to further reduce the impact of fine-grained analysis on the performance of target programs, enabling it to be employed in actual environments. The experimental results show that the proposed method is feasible and can achieve the acceptable analysis performance while consuming a small amount of system resources. The optimization schemes can go beyond traditional dynamic instrumentation methods with better analytical performance and can be more applicable to online analysis on cloud platforms.     

Reliability assessment of small sample based on multiple source information fusion and fuzzy fault tree

Aiming at the problems that was difficult to describe the relationship between events by the Boolean logic of conventional fault tree analysis (FTA), and the insufficient of getting reliability data in the practical application, a new polymorphic system reliability assessment method using small sample based on multiple source information fusion method and T-S fuzzy faulty tree was proposed. Based on T-S fuzzy fault tree, correlation multiple source information fusion method was applied to the confirmation of the basic event reliability. Meanwhile, in order to avoid the influence of unusable data, t-test was proposed to check the compatibility between prior information and sample information, which solved the problem that the reliability of the bottom event was difficult to be determined in the small sample system, and the prediction accuracy was improved. The proposed method was validated by using main hoisting mechanism of ladle crane. The results demonstrate that the proposed method can be applied to hoisting mechanism reliability assessment of ladle crane commendably, and the technique provides support and reference to improve the reliability of hoisting mechanism.     

A Dynamic Reputation–based Consensus Mechanism for Blockchain

In recent years, Blockchain is gaining prominence as a hot topic in academic research. However, the consensus mechanism of blockchain has been criticized in terms of energy consumption and performance. Although Proof-of-Authority (PoA) consensus mechanism, as a lightweight consensus mechanism, is more efficient than traditional Proof-of-Work (PoW) and Proof-of-Stake (PoS), it suffers from the problem of centralization. To this end, on account of analyzing the shortcomings of existing consensus mechanisms, this paper proposes a dynamic reputation-based consensus mechanism for blockchain. This scheme allows nodes with reputation value higher than a threshold apply to become a monitoring node, which can monitor the behavior of validators in case that validators with excessive power cause harm to the blockchain network. At the same time, the reputation evaluation algorithm is also introduced to select nodes with high reputation to become validators in the network, thus increasing the cost of malicious behavior. In each consensus cycle, validators and monitoring nodes are dynamically updated according to the reputation value. Through security analysis, it is demonstrated that the scheme can resist the attacks of malicious nodes in the blockchain network. By simulation experiments and analysis of the scheme, the result verifies that the mechanism can effectively improve the fault tolerance of the consensus mechanism, reduce the time of consensus to guarantee the security of the system.     

Self-Certificating Root: A Root Zone Security Enhancement Mechanism for DNS

As a critical Internet infrastructure, domain name system (DNS) protects the authenticity and integrity of domain resource records with the introduction of security extensions (DNSSEC). DNSSEC builds a single-center and hierarchical resource authentication architecture, which brings management convenience but places the DNS at risk from a single point of failure. When the root key suffers a leak or misconfiguration, top level domain (TLD) authority cannot independently protect the authenticity of TLD data in the root zone. In this paper, we propose self-certificating root, a lightweight security enhancement mechanism of root zone compatible with DNS/DNSSEC protocol. By adding the TLD public key and signature of the glue records to the root zone, this mechanism enables the TLD authority to certify the self-submitted data in the root zone and protects the TLD authority from the risk of root key failure. This mechanism is implemented on an open-source software, namely, Berkeley Internet Name Domain (BIND), and evaluated in terms of performance, compatibility, and effectiveness. Evaluation results show that the proposed mechanism enables the resolver that only supports DNS/DNSSEC to authenticate the root zone TLD data effectively with minimal performance difference.     

Distributed Secure Storage Scheme Based on Sharding Blockchain

Distributed storage can store data in multiple devices or servers to improve data security. However, in today's explosive growth of network data, traditional distributed storage scheme is faced with some severe challenges such as insufficient performance, data tampering, and data lose. A distributed storage scheme based on blockchain has been proposed to improve security and efficiency of traditional distributed storage. Under this scheme, the following improvements have been made in this paper. This paper first analyzes the problems faced by distributed storage. Then proposed to build a new distributed storage blockchain scheme with sharding blockchain. The proposed scheme realizes the partitioning of the network and nodes by means of blockchain sharding technology, which can improve the efficiency of data verification between nodes. In addition, this paper uses polynomial commitment to construct a new verifiable secret share scheme called PolyVSS. This new scheme is one of the foundations for building our improved distributed storage blockchain scheme. Compared with the previous scheme, our new scheme does not require a trusted third party and has some new features such as homomorphic and batch opening. The security of VSS can be further improved. Experimental comparisons show that the proposed scheme significantly reduces storage and communication costs.     

Real-Time Violent Action Recognition Using Key Frames Extraction and Deep Learning

Violence recognition is crucial because of its applications in activities related to security and law enforcement. Existing semi-automated systems have issues such as tedious manual surveillances, which causes human errors and makes these systems less effective. Several approaches have been proposed using trajectory-based, non-object-centric, and deep-learning-based methods. Previous studies have shown that deep learning techniques attain higher accuracy and lower error rates than those of other methods. However, the their performance must be improved. This study explores the state-of-the-art deep learning architecture of convolutional neural networks (CNNs) and inception V4 to detect and recognize violence using video data. In the proposed framework, the keyframe extraction technique eliminates duplicate consecutive frames. This keyframing phase reduces the training data size and hence decreases the computational cost by avoiding duplicate frames. For feature selection and classification tasks, the applied sequential CNN uses one kernel size, whereas the inception v4 CNN uses multiple kernels for different layers of the architecture. For empirical analysis, four widely used standard datasets are used with diverse activities. The results confirm that the proposed approach attains 98% accuracy, reduces the computational cost, and outperforms the existing techniques of violence detection and recognition.     

基于装备损伤概率的舰艇动力系统安全性分析

考虑舰艇损害管制过程中人员因素对系统的影响，运用马尔科夫链对人员操作引起的舰艇动力系统损伤概率进行修正，根据修正后的毁伤概率，建立概率危险性评估模型，引入危险度指标，对动力系统在遭受武器攻击情况下的危险度进行了计算，并依据计算结果对系统安全度进行评定。     

Design of ECC based Secured Cloud Storage Mechanism for Transaction Rich Applications

Cloud computing is the highly demanded technology nowadays. Due to the service oriented architecture, seamless accessibility and other advantages of this advent technology, many transaction rich applications are making use of it. At the same time, it is vulnerable to hacks and threats. Hence securing this environment is of at most important and many research works are being reported focusing on it. This paper proposes a safe storage mechanism using Elliptic curve cryptography (ECC) for the Transaction Rich Applications (TRA). With ECC based security scheme, the security level of the protected system will be increased and it is more suitable to secure the delivered data in the portable devices. The proposed scheme shields the aligning of different kind of data elements to each provider using an ECC algorithm. Analysis, comparison and simulation prove that the proposed system is more effective and secure for the Transaction rich applications in Cloud.     

水下隧道盾构法施工安全风险评估探讨

随着地铁、公路等交通隧道的不断发展,隧道往往穿越江河湖泊等水体,大直径泥水平衡盾构广泛应用于水下隧道施工。大直径盾构施工风险高、控制难度大,加上水下施工不确定因素多,风险因素具有不断动态变化的特点,使得施工过程中存在较大的风险。风险评估越来越多的应用于水下隧道施工安全管理中。文章介绍了大直径泥水盾构的几个特点,并对这几个特点引起风险增大的机理进行了分析,针对风险评估常用的几中方法中存在的不足,提出了一种改进的指数法,给出了该方法的评估流程及基本计算模型,并将该方法初步应用于某水下隧道施工风险评估。该方法能够适应风险因素的变化,并且不拘泥于真实概率,通过进一步的细化和完善,能够更好地适用于水下隧道施工安全风险评估。