Utility analysis and evaluation method study of side channel information

In order to improve the efficiency and success rate of the side channel attack, the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation. Based on the study of side-channel attack techniques, a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy Signal-to-Noise Ratio （SNR） are introduced. On this basis, the side channel information （power and electromagnetic） of a side channel attack experiment board is analyzed and evaluated, and the Data Encryption Standard （DES） cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method. The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.     

Modeling the Sojourn Time of Items for In-Networ Cache Based on LRU Policy

To reduce network redundancy, in- network caching is considered in many future Internet architectures, such as Information Centric Networking. In in-network caching system, the item sojourn time of LRU （Least Recently Used） replacement policy is an important issue for two reasons： firstly, LRU is one of the most common used cache policy; secondly, item sojourn time is positively correlated to the hit probability, so this metric parameter could be useful to design the caching system. However, to the best of our knowledge, the sojourn time hasn＇t been studied theoretically so far. In this paper, we first model the LRU cache policy by Markov chain. Then an approximate closed- form expression of the item expectation sojourn time is provided through the theory of stochastic service system, which is a function of the item request rates and cache size. Finally, extensive simulation results are illustrated to show that the expression is a good approximation of the item sojourn time.     

Game Theory Based False Negative Probability of Embedded Watermark Under Unintentional and Steganalysis Attacks

Steganalysis attack is to statistically estimate the embedded watermark in the watermarked multimedia,and the estimated watermark may be destroyed by the attacker.The existing methods of false negative probability,however,do not consider the influence of steganalysis attack.This paper proposed the game theory based false negative probability to estimate the impacts of steganalysis attack,as well as unintentional attack.Specifically,game theory was used to model the collision between the embedment and steganalysis attack,and derive the optimal building embedding/attacking strategy.Such optimal playing strategies devote to calculating the attacker destructed watermark,used for calculation of the game theory based false negative probability.The experimental results show that watermark detection reliability measured using our proposed method,in comparison,can better reflect the real scenario in which the embedded watermark undergoes unintentional attack and the attacker using steganalysis attack.This paper provides a foundation for investigating countermeasures of digital watermarking community against steganalysis attack.     

MULTI—ITEM FAIR EXCHANGE SCHEME

As more ubsiness is conduced over the Internet,the fair exchange problem assumes increasing importance,However,the problem of multi-party fair exchange has not been studied as widely as the more fundamental problem of 2-party fair exchange,Recently,Franklin and Tsudik proposed two protocols for n-parth multi-item exchange on FC‘98,SUCEX-1 and SUCES-2,This paper first gives an attack on the proposed protocol SUCEX-1,then presents two protocols for multi-item exchange,one is an improoved protocol of SUCEX-1,another is the extension of protocol SUCEX-2.     

An Effective Differential Fault Analysis on the Serpent Cryptosystem in the Internet of Things

Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network （SPN） cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.     

Pre-judgment and Incomplete Allocation Approach for Query Result Cache

Query result caching is a crucial technique employed in search engines,reducing the response time and load of the search engines.As search engines continuously update their indexes,the query results in long-lived cache entries may become stale.It is important to provide the refresh mechanism to enhance the degree of freshness of cached results.We present a prejudgment approach to improve the freshness of the result cache and design an incomplete allocation algorithm.We introduce the queryTime-to-live (TTL) and term-TTL structure to prejudge the result cache.The query-TTL is used to pre-check the likelihood of a cache hit and term-TTL is applied to maintain all terms of the latest posting list.For the cache structure,we design a Queue-Hash structure and develop the corresponding incomplete allocation algorithm.The preliminary results demonstrate that our approaches can improve the freshness of cached results and decrease processing overhead compared with no prejudgment approaches.     

A SECURE THRESHOLD GROUP SIGNATURE SCHEME

The threshold group signature is an important kind of signature. So far, many threshold group signature schemes have been proposed, but most of them suffer from conspiracy attack and are insecure. In this paper, a secure threshold group signature scheme is proposed.It can not only satisfy the properties of the threshold group signature, but also withstand the conspiracy attack.     

Packet track and traceback mechanism against denial of service attacks

The denial of service attack is a main type of threat on the Internet today. On the basis of path identification （Pi） and Internet control message protocol （ICMP） traceback （iTrace） methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi＇s limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.     

BC-AKA: Blockchain Based Asymmetric Authentication and Key Agreement Protocol for Distributed 5G Core Network

Secure authentication between user equipment and 5G core network is a critical issue for 5G system. However, the traditional authentication protocol 5 G-AKA and the centralized key database are at risk of several security problems, e.g. key leakage,impersonation attack, Mit M attack and single point of failure. In this paper, a blockchain based asymmetric authentication and key agreement protocol(BC-AKA)is proposed for distributed 5G core network. In particular, the key used in the authenticatio...     

An improved bit shuffling pixels-based image scrambling method

Compared with the Arnold transform,the image scrambling method based on bit shuffling pixels is much more secure,and has higher efficiency and speed.However,the key space of this bit shuffling pixels based method is too small to resist exhaustive search attack.Therefore,an improved method based on chaos is proposed in this paper.The security of the improved scheme is enhanced by increasing the number of the keys.Theoretical analysis and experimental results show that the proposed method is effective and has higher security.     

DNS攻击检测与安全防护研究综述

随着传统互联网逐渐向“互联网+”演变,域名系统（domain namesystem,DNS）从基础的地址解析向全面感知、可靠传输等新模式不断扩展。新场景下的DNS由于功能的多样性和覆盖领域的广泛性,一旦受到攻击会造成严重的后果,因此DNS攻击检测与安全防护方面的研究持续进行并越来越受到重视。首先介绍了几种常见的DNS攻击,包括DNS欺骗攻击、DNS隐蔽信道攻击、DNS DDoS(distributed denial of service)攻击、DNS反射放大攻击、恶意DGA域名;然后,从机器学习的角度出发对这些攻击的检测技术进行了系统性的分析和总结;接着,从DNS去中心化、DNS加密认证、DNS解析限制3个方面详细介绍了DNS的安全防护技术;最后,对未来的研究方向进行了展望。     

大规模灾难性DNS安全事件智能防护系统设计研究

随着互联网业务的快速发展,基于域名解析的应用问题层出不穷,DNS作为互联网最重要的基础服务,其安全隐患也日益突出,本文设计了一种大规模灾难性DNS安全事件智能防护系统,通过建立大型容灾数据库,实现单个及大规模域名解析故障时,及时恢复业务,同时通过数据库中海量数据的分析,建立疑似攻击源自动发现和处置机制,系统可实现大幅提升DNS解析正确率、安全性及投诉处理效率.     

基于有限状态机的DNS隐蔽通信模型

DNS(domain name system)作为互联网基础设施的重要组成部分,其数据一般不会被防火墙等网络安全防御设备拦截。以DNS协议为载体的隐蔽信道具有较强的穿透性和隐蔽性,已然成为攻击者惯用的命令控制和数据回传手段。现有研究中缺乏对真实APT(advanced persistent threat)攻击中DNS隐蔽信道的检测技术或方法,且提取的特征不够全面。为深入分析攻击流量和行为特征,基于有限状态机对真实APT攻击中DNS隐蔽通信建模,剖析了APT攻击场景下DNS隐蔽信道的构建机理,详细阐述了其数据交互过程,通过总结和分析DNS隐蔽通信机制,基于有限状态机建立通信模型,提出通信过程中存在关闭、连接、命令查询、命令传输等7种状态,控制消息和数据消息等不同类型消息的传输将触发状态迁移。利用泄露的Glimpse工具模拟真实APT攻击下DNS隐蔽通信,结合Helminth等恶意样本实验验证了模型的适用性和合理性,为人工提取特征提供了充分的依据。     

Box counting–based multifractal analysis of network to detect Domain Name Server attack

Domain Name Server (DNS) is a type of server used to maintain and process the IP addresses of all the domains in the Internet. It works by responding with corresponding IP addresses when a client requests with a domain name. The DNS can be attacked by redirecting all the incoming traffic to a fake server by returning fake IP address when requested by a client. In this work, a novel work has been employed to detect DNS attack using box‐counting method (BCM)–based multifractal analysis. A set of network features are selected and rules are created using CISCO's Flowspec model, and those features are analysed using BCM technique to find the attack in the network traffic. To the best of our knowledge, this is the first work that implements Flowspec‐based monitoring of DNS attack using fractal analysis.     

基于DNS日志的高级持续性威胁智能监测方法及应用

近年来,复杂环境下的高级持续性威胁(APT)防御逐渐成为网络安全关注的重点。APT攻击隐蔽性强,早期发现则危害性较小。文中提出的方法基于DNS日志深度挖掘,通过DGA域名智能检测,APT隧道智能检测等功能维度入手,从DNS日志角度提出APT防御的新思路,实现检测,监控,溯源等一体化功能。论文提出了基于Transformer神经网络和GRU融合算法检测恶意DGA域名和采用统计机器学习算法检测APT攻击通讯的DNS隧道,将早期网络安全防护预警扩展到DNS层面,弥补了网络安全措施对算法生成域名关注度的不足和DNS易被APT潜伏利用的漏洞。通过在实验环境中的深度测试,结果表明论文方法能够较好的应对日益严峻的互联网APT安全威胁。     

DNS隐私保护安全性分析

DNS服务已经深入互联网的各个角落。最初,DNS数据包被设计成未加密的形式传输于互联网上,然而这种设计并不安全,攻击者可以截获并分析DNS数据包来损害互联网用户的安全和隐私。在解决这些问题的同时,Google和CloudFlare等大型供应商采取了将DNS查找进行加密的方案,如DNS over Https(DoH)和DNS over TLS(DoT)。因此,研究在利用DNS over Https(DoH)加密技术后,供应商能否保护用户免受基于流量分析的监控和审查。首先利用LSTM技术和DoH流量的数据包大小创建分类器,其次在开放环境和封闭环境下分别测试分类器,最后通过分析DoH业务讨论如何选择性地阻止DoH攻击。     

IPv6对域名系统的需求及其解决方法的研究

IPV6协议是取代IPV4的下一代网络协议，它具有许多新的特性与功能。域名系统（DNS）是Internet的基础架构，IPV6的新特性也需要DNS的支持，因此，DNS势必要升级以满足IPV6的需求，文章从IPV6的地址空间，IPV6地址自动配置和即插即用，IPV6的移动性，IPV4到IPV6的过渡等几方面对IPV6对DNS的需求及其解决方法进行了分析和研究。     

基于DNS攻击的安全分析及其防范

DNS服务是一项基础网络的服务，它的主要作用是完成IP地址和域名的转换。它的安全性至关重要。本文分析了DNS的脆弱性，并提出了其防范DNS攻击的策略。     

关于Cache在移动互联网的应用与分析

Cache是一种互联网高速缓存系统,是目前移动运营商提升数据业务下载速率最有效的手段之一。它通过分析和研究互联网业务的请求链接URL,采用被动缓存技术,对热点业务的资源内容进行缓存和重定向转发,将外网资源迁移至网内进行本地化缓存,达到缩短终端用户下载目标资源的路径长度的目的。对P2P文件传输、HTTP文件下载、Web页面浏览以及在线视频播放等各种应用实现网内缓存加速,能提升30%左右的下载速率。同时Cache系统中的重定向功能,也可对移动数据业务访问成功率带来2.2%的提升。     

针对AES和CLEFIA的改进Cache踪迹驱动攻击

通过分析"Cache失效"踪迹信息和S盒在Cache中不对齐分布特性,提出了一种改进的AES和CLEFIA踪迹驱动攻击方法。现有攻击大都假定S盒在Cache中对齐分布,针对AES和CLEFIA的第1轮踪迹驱动攻击均不能在有限搜索复杂度内获取第1轮扩展密钥。研究表明,在大多数情况下,S盒在Cache中的分布是不对齐的,通过采集加密中的"Cache失效"踪迹信息,200和50个样本分别经AES第1轮和最后1轮分析可将128bit AES主密钥搜索空间降低到216和1,80个样本经CLEFIA第1轮分析可将128bit CLEFIA第1轮扩展密钥搜索空间降低到216,220个样本经前3轮分析可将128bit CLEFIA主密钥搜索空间降低到216,耗时不超过1s。