Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computat...Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computation and electronic commerce. But up to now, study of signature based on general vector space secret sharing is very weak. Aiming at this drawback, the authors did some research on vector space secret sharing against cheaters, and proposed an efficient but secure vector space secret sharing based multi-signature scheme, which is implemented in two channels. In this scheme, the group signature can be easily produced if an authorized subset of participants pool their secret shadows and it is impossible for them to generate a group signature if an unauthorized subset of participants pool their secret shadows. The validity of the group signature can be verified by means of verification equations. A group signature of authorized subset of participants cannot be impersonated by any other set of partici- pants. Moreover, the suspected forgery can be traced, and the malicious participants can be detected in the scheme. None of several possible attacks can successfully break this scheme.展开更多
With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system securit...With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.展开更多
With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of netwo...With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of network information security, discusses the connotation of network information security, and analyzes the main threat to the security of the network information. And we separately detailed description of the data monitoring platform architecture from the data layer, network layer and presentation layer three levels, focuses on the functional structure of intelligent database platform, and puts forward to measures that ensure the safety of the platform and the internal data security. Through the design of the platform to improve the information security system has certain significance.展开更多
This paper presents a novel privacy principle, ε-inclusion, for re-publishing sensitive dynamic datasets. ε-inclusion releases all the quasi-identifier values directly and uses permutation-based method and substitut...This paper presents a novel privacy principle, ε-inclusion, for re-publishing sensitive dynamic datasets. ε-inclusion releases all the quasi-identifier values directly and uses permutation-based method and substitution to anonymize the microdata. Combined with generalization-based methods, ε-inclusion protects privacy and captures a large amount of correlation in the microdata. We develop an effective algorithm for computing anonymized tables that obey the ε-inclusion privacy requirement. Extensive experiments confirm that our solution allows significantly more effective data analysis than generalization-based methods.展开更多
The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper...The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper considers, implemented by the authors within the project of advanced digital control system for NPP with the reactor VVER-1000, a system of unauthorized access protection, partially built up on the technology of AA (active audit) and expert system. The AA technology is based on response of the system on deviation of current signature of the automated process control system from stable state rather than on a certain signature of attack and relies on the estimation of the behavioral models of the particular digital control system. The advent of active audit reflects the current situation in the digital control systems where complex distributed platforms are used to construct automated process control system. The active audit allows one to make the digital control system functionally closed, provided that it is determinate. The methodology of the active audit does not give u external (barrier) and traditional (password, antivirus) methods of unauthorized access protection. These methods can be used when it is appropriate to achieve a required protection level.展开更多
Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only w...Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only when both parties are quantum.In this paper,we construct a three-step semiquantum secure direct communication(SQSDC)protocol based on single photon sources in which the sender Alice is classical.In a semiquantum protocol,a person is termed classical if he(she)can measure,prepare and send quantum states only with the fixed orthogonal quantum basis{|0,|1}.The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption.Therefore,the proposed SQSDC protocol is also completely robust.Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol.In the proposed protocol,we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed.Moreover,the proposed SQSDC protocol can be implemented with the existing techniques.Compared with many quantum secure direct communication protocols,the proposed SQSDC protocol has two merits:firstly the sender only needs classical capabilities;secondly to check Eves disturbing after the transmission of quantum states,no additional classical information is needed.展开更多
After a composite service is deployed, user privacy requirements and trust levels of component services are subject to variation. When the changes occur, it is critical to preserve privacy information flow security. W...After a composite service is deployed, user privacy requirements and trust levels of component services are subject to variation. When the changes occur, it is critical to preserve privacy information flow security. We propose an approach to preserve privacy information flow security in composite service evolution. First, a privacy data item dependency analysis method based on a Petri net model is presented. Then the set of privacy data items collected by each component service is derived through a privacy data item dependency graph, and the security scope of each component service is calculated. Finally, the evolution operations that preserve privacy information flow security are defined. By applying these evolution operations, the re-verification process is avoided and the evolution efficiency is improved. To illustrate the effectiveness of our approach, a case study is presented. The experimental results indicate that our approach has high evolution efficiency and can greatly reduce the cost of evolution compared with re-verifying the entire composite service.展开更多
文摘Secret sharing and digital signature is an important research area in information security and has wide applications in such fields as safeguarding and legal use of confidential information, secure multiparty computation and electronic commerce. But up to now, study of signature based on general vector space secret sharing is very weak. Aiming at this drawback, the authors did some research on vector space secret sharing against cheaters, and proposed an efficient but secure vector space secret sharing based multi-signature scheme, which is implemented in two channels. In this scheme, the group signature can be easily produced if an authorized subset of participants pool their secret shadows and it is impossible for them to generate a group signature if an unauthorized subset of participants pool their secret shadows. The validity of the group signature can be verified by means of verification equations. A group signature of authorized subset of participants cannot be impersonated by any other set of partici- pants. Moreover, the suspected forgery can be traced, and the malicious participants can be detected in the scheme. None of several possible attacks can successfully break this scheme.
文摘With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.
文摘With the rapid development and wide application of network technology, information security issues are increasingly highlighted, received more and more attention. This article introduces the present situation of network information security, discusses the connotation of network information security, and analyzes the main threat to the security of the network information. And we separately detailed description of the data monitoring platform architecture from the data layer, network layer and presentation layer three levels, focuses on the functional structure of intelligent database platform, and puts forward to measures that ensure the safety of the platform and the internal data security. Through the design of the platform to improve the information security system has certain significance.
文摘This paper presents a novel privacy principle, ε-inclusion, for re-publishing sensitive dynamic datasets. ε-inclusion releases all the quasi-identifier values directly and uses permutation-based method and substitution to anonymize the microdata. Combined with generalization-based methods, ε-inclusion protects privacy and captures a large amount of correlation in the microdata. We develop an effective algorithm for computing anonymized tables that obey the ε-inclusion privacy requirement. Extensive experiments confirm that our solution allows significantly more effective data analysis than generalization-based methods.
文摘The NPP (nuclear power plant) being vital objects of an energy infrastructure must be protected against malicious actions affecting their safety, and cyber security plays a key part in attaining this goal. The paper considers, implemented by the authors within the project of advanced digital control system for NPP with the reactor VVER-1000, a system of unauthorized access protection, partially built up on the technology of AA (active audit) and expert system. The AA technology is based on response of the system on deviation of current signature of the automated process control system from stable state rather than on a certain signature of attack and relies on the estimation of the behavioral models of the particular digital control system. The advent of active audit reflects the current situation in the digital control systems where complex distributed platforms are used to construct automated process control system. The active audit allows one to make the digital control system functionally closed, provided that it is determinate. The methodology of the active audit does not give u external (barrier) and traditional (password, antivirus) methods of unauthorized access protection. These methods can be used when it is appropriate to achieve a required protection level.
基金supported by the National Natural Science Foundation of China(Grant Nos.61272058 and 61073054)the Natural Science Foundation of Guangdong Province of China(Grant Nos.10251027501000004 and S2012040007324)+1 种基金the Specialized Research Fund for the Doctoral Programof Higher Education of China(Grant No.20100171110042)the Science and Technology Project of Jiangmen City of China(Grant No.[2011]131)
文摘Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first.In the existing schemes,quantum secure direct communication is possible only when both parties are quantum.In this paper,we construct a three-step semiquantum secure direct communication(SQSDC)protocol based on single photon sources in which the sender Alice is classical.In a semiquantum protocol,a person is termed classical if he(she)can measure,prepare and send quantum states only with the fixed orthogonal quantum basis{|0,|1}.The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption.Therefore,the proposed SQSDC protocol is also completely robust.Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol.In the proposed protocol,we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed.Moreover,the proposed SQSDC protocol can be implemented with the existing techniques.Compared with many quantum secure direct communication protocols,the proposed SQSDC protocol has two merits:firstly the sender only needs classical capabilities;secondly to check Eves disturbing after the transmission of quantum states,no additional classical information is needed.
基金Project supported by the National Natural Science Foundation of China(Nos.61562087 and 61772270)the National High-Tech R&D Program(863)of China(No.2015AA015303)+2 种基金the Natural Science Foundation of Jiangsu Province,China(No.BK20130735)the Universities Natural Science Foundation of Jiangsu Province,China(No.13KJB520011)the Science Foundation of Nanjing Institute of Technology,China(No.YKJ201420)
文摘After a composite service is deployed, user privacy requirements and trust levels of component services are subject to variation. When the changes occur, it is critical to preserve privacy information flow security. We propose an approach to preserve privacy information flow security in composite service evolution. First, a privacy data item dependency analysis method based on a Petri net model is presented. Then the set of privacy data items collected by each component service is derived through a privacy data item dependency graph, and the security scope of each component service is calculated. Finally, the evolution operations that preserve privacy information flow security are defined. By applying these evolution operations, the re-verification process is avoided and the evolution efficiency is improved. To illustrate the effectiveness of our approach, a case study is presented. The experimental results indicate that our approach has high evolution efficiency and can greatly reduce the cost of evolution compared with re-verifying the entire composite service.
