期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

TrueCrypt加密容器快速检测技术 被引量:1

TrueCrypt Container Fast Detection Technology
下载PDF
导出
摘要 TrueCrypt作为目前较为流行的免费开源加密软件之一,在不同平台上得到了广泛的应用。取证过程中经常要对磁盘中的加密文件检测以便进行进一步的解密分析,但由于TrueCrypt加密容器在解密之前不具备任何的签名、结构等特征,因此TrueCrypt加密容器的检测成为了取证过程中的一个难点。目前,还没有精确的TrueCrypt加密容器的检测方法,现有的检测技术主要是通过签名排除结合文件大小信息进行检测。文章在现有检测技术的基础上结合了卡方检验以及信息熵的理论方法,提出了一种TrueCrypt加密容器快速检测技术。该技术不仅能够快速的检测加密容器,而且和现有的检测方法相比检测精确度更高。 TrueCrypt as one of the popular free open source encryption software has been widely applied on different platforms. Forensics process often to detected encrypted ifle for further decrypt and analysis, but TrueCrypt container has no signature and structure, so it is a dififcult to detect TrueCrypt container. In view of the TrueCrypt container ifle, there is no accurate detection method, the available technology is signature rule out combined ifle size limit to detect TrueCrypt container. In this paper, on the basis of the existing detection technology, combined with chi-square test and information entropy theory, we came up with a fast TrueCrypt container detection technology. This method not only can quickly detect TrueCrypt container, but higher precision compared with the existing detection methods.
作者 沈长达 尤俊生 钱镜洁
机构地区 厦门市美亚柏科信息股份有限公司
出处 《信息网络安全》 2014年第9期220-222,共3页 Netinfo Security
关键词 文件签名 扇区大小 卡方检验 显著水平 信息熵 ifle signature sector size chi-square signiifcance level information entropy
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

二级参考文献19

  • 1Yong WANG, Huadeng WANG. On Key Authentic Degree of Cryptosystem[C]. The 2nd International Conference on Information Management and Engineering, / 6-18 April 2010, IEEE Press, 301-304.
  • 2Yong WANG, Huadeng WANG. Cryptosystem of Misleading Function Based on Generalized Key[C]. International Journal of Research and Reviews in Computer Science, 2010.
  • 3张训才.军队信息化知识普及读本丛书[M].北京:军事科学出版社.2010.
  • 4刘建国,曾庆华,张建军.通信参谋业务技能[M].北京:解放军出版社.2009.
  • 5长野鹏.作战模拟基础[M].北京:高等教育出版社,2004.
  • 6TomArcher,AndrewWhitechapel著.Visualc++.NET宝典[M].北京:电子工业出版社,2003.
  • 7肖军模.网络信息安全与对抗[M].北京:解放军出版社,1999..
  • 8http://www.google.com.hk/ggblog/googlechinablog/2006/04/4_1731.html .
  • 9Shannon M M.Forensic relative strength scoring-ASCII andentropy scoring[]..
  • 10Shawn McCreight.Guidance software,cyber security lab-entropy[].Computer and Enterprise Investigations Conference.2010

共引文献27

同被引文献17

  • 1KAMP P H, WATSON R N M.Jails: Confining the omnipotent root[C]// Proceedhg oft-he 2nd International SANE Conference, 2000:116.
  • 2PRICE D, TUCKER A. Solaris Zones: Operating System Support for Consolidating Commercial Workloads[C]//LISA, 2004:241-254.
  • 3SOLTESZ S, POTZL H, FIUCZYNSKI M E, et al. Container- based Operating System Virtu-alization: A Scalable, High-performance Mternative to Hypervisors[J]. Proceedings of Eurosys, 2007, 41(3): 275-288.
  • 4HELSLEY M. LXC: Linux container tools[EB/OL], http://www.ibm. com/developerworks/library/1-1xc-containers/l-lxc-containers-pdf.pdf, 2015-04-12.
  • 5XAVIER M G, NEVES M V, ROSSI F D, et al. Perfomaance Evaluation of Container-Based Virtualization for High Performance Computing Environments[C]//16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008), IEEE, 2013: 233-240.
  • 6MEtLKEL D. Docker: lightweight linux containers for consistent development and dep-loyment[EB/OL], http://www.researchgate.net/ publication/261960832_Docker_lightweight_Linux_containers for consistentdevelopment_anddeployment, 2015 02-14,.
  • 7陈驰,于晶.云计算安全体系[M].北京:科学出版社,2014.
  • 8Shocker. Docker PoC VMM-container breakout[EB/OL], http:// stealth.operlwall.net/xSports/shocker.c, 2015-02-06.
  • 9GUMMARAJU J, I)ESIKAN T, TURNER Y. Over 30% of Official Images in Docker Hub C-ontain High Priority Security Vulnerabilities[EB/OL]. http://www.banyanops.com/blog/analyzing- docker-hub/, 2015-05-29.
  • 10岑义涛.从Docker容器漏洞谈Docker安全[EB/OL]http://weeklycnw.com.cn/weekly/htm2014/20140726-307718.shtml,2014-06-25.

引证文献1

二级引证文献10

信息网络安全
2014年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部