Please wait a minute...
[an error occurred while processing this directive]

当期目录

    2016年 第14卷 第S0期    刊出日期:2016-06-01
    Recent Development on Security and Privacy in Modern Communication Environments
    ZHOU Wanlei, MIN Geyong
    2016, 14(S0):  1-1. 
    摘要 ( )   PDF (250KB) ( )  
    相关文章 | 多维度评价
    Attacks and Countermeasures in Social Network Data Publishing
    YANG Mengmeng, ZHU Tianqing, ZHOU Wanlei, XIANG Yang
    2016, 14(S0):  2-9.  doi:10.3969/j.issn.1673-5188.2016.S0.001
    摘要 ( )   PDF (430KB) ( )  
    相关文章 | 多维度评价
    With the increasing prevalence of social networks, more and more social network data are published for many applications, such as social network analysis and data mining. However, this brings privacy problems. For example, adversaries can get sensitive information of some individuals easily with little background knowledge. How to publish social network data for analysis purpose while preserving the privacy of individuals has raised many concerns. Many algorithms have been proposed to address this issue. In this paper, we discuss this privacy problem from two aspects: attack models and countermeasures. We analyse privacy concerns, model the background knowledge that adversary may utilize and review the recently developed attack models. We then survey the state-of-the-art privacy preserving methods in two categories: anonymization methods and differential privacy methods. We also provide research directions in this area.
    Verification of Substring Searches on the Untrusted Cloud
    Faizal Riaz-ud-Din, Robin Doss
    2016, 14(S0):  10-20.  doi:10.3969/j.issn.1673-5188.2016.S0.002
    摘要 ( )   PDF (1354KB) ( )  
    相关文章 | 多维度评价
    Ensuring the correctness of answers to substring queries has not been a concern for consumers working within the traditional confines of their own organisational infrastructure. This is due to the fact that organisations generally trust their handling of their own data hosted on their own servers and networks. With cloud computing however, where both data and processing are delegated to unknown servers, guarantees of the correctness of queries need to be available. The verification of the results of substring searches has not been given much focus to date within the wider scope of data and query verification. We present a verification scheme for existential substring searches on text files, which is the first of its kind to satisfy the desired properties of authenticity, completeness, and freshness. The scheme is based on suffix arrays, Merkle hash trees and cryptographic hashes to provide strong guarantees of correctness for the consumer, even in fully untrusted environments. We provide a description of our scheme, along with the results of experiments conducted on a fully-working prototype.
    A Secure Key Management Scheme for Heterogeneous Secure Vehicular Communication Systems
    LEI Ao, Chibueze Ogah, Philip Asuquo, Haitham Cruickshank, SUN Zhili
    2016, 14(S0):  21-31.  doi:10.3969/j.issn.1673-5188.2016.S0.004
    摘要 ( )   PDF (1094KB) ( )  
    相关文章 | 多维度评价
    Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The security managers (SMs) play a key role in the framework by retrieving the vehicle departure information, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more efficient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and efficiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduces rekeying cost compared to the benchmark scheme, while the blockchain decreases the time cost of key transmission over heterogeneous networks.
    Password Pattern and Vulnerability Analysis for Web and Mobile Applications
    LI Shancang, Imed Romdhani, William Buchanan
    2016, 14(S0):  32-36.  doi:10.3969/j.issn.1673-5188.2016.S0.006
    摘要 ( )   PDF (320KB) ( )  
    相关文章 | 多维度评价
    Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.
    Design and Implementation of Privacy Impact Assessment for Android Mobile Devices
    CHEN Kuan-Lin, YANG Chung-Huang
    2016, 14(S0):  37-43.  doi:10.3969/j.issn.1673-5188.2016.S0.003
    摘要 ( )   PDF (2963KB) ( )  
    相关文章 | 多维度评价
    There are a lot of personal information stored in our smartphones, for instance, contacts, messages, photos, banking credentials and social network access. Therefore, ensuring personal data safety is a critical research and practical issue. The objective of this paper is to evaluate the influence of personal data security and decrease the privacy risks in the Android system. We apply the concept of privacy impact assessment (PIA) to design a system, which identifies permission requirements of apps, detects the potential activities from the logger and analyses the configuration settings. The system provides a user-friendly interface for users to get in-depth knowledge of the impact of privacy risk, and it could run on Android devices without USB teleport and network connection to avoid other problems. Our research finds that many apps announce numerous unnecessary permissions, and the application installing confirmation dialog does not show all requirement permissions when apps are installed first time.
    SeSoa: Security Enhancement System with Online Authentication for Android APK
    DONG Zhenjiang, WANG Wei, LI Hui, ZHANG Yateng, ZHANG Hongrui, ZHAO Hanyu
    2016, 14(S0):  44-50.  doi:10.3969/j.issn.1673-5188.2016.S0.005
    摘要 ( )   PDF (476KB) ( )  
    相关文章 | 多维度评价
    Android OS provides such security mechanisms as application signature, privilege limit and sandbox to protect the security of operational system. However, these methods are unable to protect the applications of Android against anti-reverse engineering and the codes of such applications face the risk of being obtained or modified, which are always the first step for further attacks. In this paper, a security enhancement system with online authentication (SeSoa) for Android APK is proposed, in which the code of Android application package (APK) can be automatically encrypted. The encrypted code is loaded and run in the Android system after being successfully decrypted. Compared with the exiting software protecting systems, SeSoa uses online authentication mechanism to ensure the improvementof the APK security and good balance between security and usability.
    Screen Content Coding in HEVC and Beyond
    LIN Tao, ZHAO Liping, ZHOU Kailun
    2016, 14(S0):  51-58.  doi:10.3969/j.issn.1673-5188.2016.S0.007
    摘要 ( )   PDF (1334KB) ( )  
    相关文章 | 多维度评价
    Screen content is video or picture captured from a computer screen typically by reading frame buffers or recording digital display output signals of a computer graphics device. Screen content is an extremely comprehensive and diverse class of content and includes traditional photosensor captured pictures as a small subset. Furthermore, screen content has many unique characteristics not seen in traditional content. By exploring these unique characteristics, new coding techniques can significantly improve coding performance of screen content. Today, more than ever, screen content coding (SCC) is becoming increasingly important due to the rapid growth of a variety of networked computers, clients, and devices based applications such as cloud computing and Wi-Fi display. SCC is the ultimate and most efficient way to solve the data transferring bottleneck problem in these applications. The solution is to transfer screen pixel data between these computers, clients, and devices. This paper provides an overview of the background, application areas, requirements, technical features, performance, and standardization work of SCC.
    Human Motion Recognition Based on Incremental Learning and Smartphone Sensors
    LIU Chengxuan, DONG Zhenjiang, XIE Siyuan, PEI Ling
    2016, 14(S0):  59-66.  doi:10.3969/j.issn.1673-5188.2016.S0.008
    摘要 ( )   PDF (1331KB) ( )  
    相关文章 | 多维度评价
    Batch processing mode is widely used in the training process of human motion recognition. After training, the motion classifier usually remains invariable. However, if the classifier is to be expanded, all historical data must be gathered for retraining. This consumes a huge amount of storage space, and the new training process will be more complicated. In this paper, we use an incremental learning method to model the motion classifier. A weighted decision tree is proposed to help illustrate the process, and the probability sampling method is also used. The results show that with continuous learning, the motion classifier is more precise. The average classification precision for the weighted decision tree was 88.43% in a typical test. Incremental learning consumes much less time than the batch processing mode when the input training data comes continuously.
    The whole issue of ZTE Communications June 2016, Vol. 14 No. S0
    2016, 14(S0):  0. 
    摘要 ( )   PDF (2329KB) ( )  
    相关文章 | 多维度评价