http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Hierarchical Identity-based Broadcast Encryption Scheme from LWE
Chunli Yang,Shihui Zheng,Licheng Wang,Xiuhua Lu,Yixian Yang 한국통신학회 2014 Journal of communications and networks Vol.16 No.3
A hierarchical identity-based broadcast encryption (HIBBE)scheme is an identity-based broadcast encryption (IBBE)scheme in a hierarchical environment. In order to obtain secure HIBBEschemes in the quantum era, we propose an H-IBBE schemebased on the learning with errors problemassumption.Our schemeachieves indistinguishability from random under adaptive chosenplaintextand chosen-identity attacks in the random oracle model.
Certificateless multi-signer universal designated multi-verifier signature from elliptic curve group
( Lunzhi Deng ),( Yixian Yang ),( Yuling Chen ) 한국인터넷정보학회 2017 KSII Transactions on Internet and Information Syst Vol.11 No.11
Certificateless public key cryptography resolves the certificate management problem in traditional public key cryptography and the key escrow problem in identity-based cryptography. In recent years, some good results have been achieved in speeding up the computation of bilinear pairing. However, the computation cost of the pairing is much higher than that of the scalar multiplication over the elliptic curve group. Therefore, it is still significant to design cryptosystem without pairing operations. A multi-signer universal designated multi-verifier signature scheme allows a set of signers to cooperatively generate a public verifiable signature, the signature holder then can propose a new signature such that only the designated set of verifiers can verify it. Multi-signer universal designated multi-verifier signatures are suitable in many different practical applications such as electronic tenders, electronic voting and electronic auctions. In this paper, we propose a certificateless multi-signer universal designated multi-verifier signature scheme and prove the security in the random oracle model. Our scheme does not use pairing operation. To the best of our knowledge, our scheme is the first certificateless multi-signer universal designated multi-verifier signature scheme.
Multiparty Access Control of Ciphertext Sharing in Cloud-Based Online Social Networks
Huang Qinlong,Ma Zhaofeng,Yang Yixian,Niu Xinxin 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.12
Although current online social networks (OSNs) schemes propose to encrypt data before sharing, the enforcement of access policies over encrypted data has become a challenging task, and the OSNs currently do not provide any mechanism to allow users to update access policies. In this paper, we propose a ciphertext sharing scheme in cloud-based OSNs, which allows the users to outsource encrypted data to the OSNs service provider for sharing. In order to meet the authorization requirement, we present a multiparty access control model based on ciphertext-policy attribute-based proxy re-encryption, which enables the access control of encrypted data associated with multiple users. On the basis of ciphertext-policy attribute-based encryption, the owners can customize the access policy of their own data. Based on proxy re-encryption, the disseminators such as friends and group members can further customize the access policy of the owners’ data upon existing access policy. Besides, we achieve immediate user revocation based on secret sharing without issuing new attribute secret keys to unrevoked users. The security and performance analysis show that our proposed scheme is secure, efficient and practical.
A Nature-inspired Multiple Kernel Extreme Learning Machine Model for Intrusion Detection
( Yanping Shen ),( Kangfeng Zheng ),( Chunhua Wu ),( Yixian Yang ) 한국인터넷정보학회 2020 KSII Transactions on Internet and Information Syst Vol.14 No.2
The application of machine learning (ML) in intrusion detection has attracted much attention with the rapid growth of information security threat. As an efficient multi-label classifier, kernel extreme learning machine (KELM) has been gradually used in intrusion detection system. However, the performance of KELM heavily relies on the kernel selection. In this paper, a novel multiple kernel extreme learning machine (MKELM) model combining the ReliefF with nature-inspired methods is proposed for intrusion detection. The MKELM is designed to estimate whether the attack is carried out and the ReliefF is used as a preprocessor of MKELM to select appropriate features. In addition, the nature-inspired methods whose fitness functions are defined based on the kernel alignment are employed to build the optimal composite kernel in the MKELM. The KDD99, NSL and Kyoto datasets are used to evaluate the performance of the model. The experimental results indicate that the optimal composite kernel function can be determined by using any heuristic optimization method, including PSO, GA, GWO, BA and DE. Since the filter-based feature selection method is combined with the multiple kernel learning approach independent of the classifier, the proposed model can have a good performance while saving a lot of training time.
Efficient Post-Quantum Secure Network Coding Signatures in the Standard Model
( Dong Xie ),( Haipeng Peng ),( Lixiang Li ),( Yixian Yang ) 한국인터넷정보학회 2016 KSII Transactions on Internet and Information Syst Vol.10 No.5
In contrast to traditional “store-and-forward” routing mechanisms, network coding offers an elegant solution for achieving maximum network throughput. The core idea is that intermediate network nodes linearly combine received data packets so that the destination nodes can decode original files from some authenticated packets. Although network coding has many advantages, especially in wireless sensor network and peer-to-peer network, the encoding mechanism of intermediate nodes also results in some additional security issues. For a powerful adversary who can control arbitrary number of malicious network nodes and can eavesdrop on the entire network, cryptographic signature schemes provide undeniable authentication mechanisms for network nodes. However, with the development of quantum technologies, some existing network coding signature schemes based on some traditional number-theoretic primitives vulnerable to quantum cryptanalysis. In this paper we first present an efficient network coding signature scheme in the standard model using lattice theory, which can be viewed as the most promising tool for designing post-quantum cryptographic protocols. In the security proof, we propose a new method for generating a random lattice and the corresponding trapdoor, which may be used in other cryptographic protocols. Our scheme has many advantages, such as supporting multi-source networks, low computational complexity and low communication overhead.
WORM-HUNTER: A Worm Guard System using Software-defined Networking
( Yixun Hu ),( Kangfeng Zheng ),( Xu Wang ),( Yixian Yang ) 한국인터넷정보학회 2017 KSII Transactions on Internet and Information Syst Vol.11 No.1
Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.
( Yanrong Lu ),( Lixiang Li ),( Haipeng Peng ),( Yixian Yang ) 한국인터넷정보학회 2016 KSII Transactions on Internet and Information Syst Vol.10 No.3
With the swift growth of wireless technologies, an increasing number of users rely on the mobile services which can exchange information in mobile networks. Security is of key issue when a user tries to access those services in this network environment. Many authentication schemes have been presented with the purpose of authenticating entities and wishing to communicate securely. Recently, Chou et al. and Farash-Attari presented two ID authentication schemes. They both claimed that their scheme could withstand various attacks. However, we find that the two authentication schemes are vulnerable to trace attack while having a problem of clock synchronization. Additionally, we show that Farash-Attari`s scheme is still susceptible to key-compromise impersonation attack. Therefore, we present an enhanced scheme to remedy the security weaknesses which are troubled in these schemes. We also demonstrate the completeness of the enhanced scheme through the Burrow-Abadi-Needham (BAN) logic. Security analysis shows that our scheme prevents the drawbacks found in the two authentication schemes while supporting better secure attributes. In addition, our scheme owns low computation overheads compared with other related schemes. As a result, our enhanced scheme seems to be more practical and suitable for resource-constrained mobile devices in mobile networks.