Table of Content

    03 December 2022, Volume 8 Issue 12
    A Survey of IoT Firmware Vulnerability Security Detection
    2022, 8(12):  1146. 
    Asbtract ( )   PDF (1780KB) ( )  
    References | Related Articles | Metrics
    With the advent of the Internet of everything, the security issues of the IoT have become more and more important, especially the economic losses caused by security risks and attacks caused by firmware vulnerabilities in the IoT. Efficient firmware vulnerability detection technology has increasingly become the key to ensuring the security of IoT devices. Therefore, studying the methods and technologies related to firmware vulnerability security detection in the IoT has essential theoretical significance and practical value. This paper analyzes the reasons for the frequent security problems of IoT firmware, summarizes the main security threats faced by IoT firmware, and targets the firmware. Based on the challenges faced by vulnerability analysis, the existing firmware vulnerability detection methods are reviewed. Through the analysis of the advantages and disadvantages of different methods, it provides guidance for further improving the intelligence, precision, automation, effectiveness, and scalability of the firmware security defect detection method. Finally, future research in IoT firmware vulnerability security detection is prospected.
    Research on PKI Technology of Internet of Things
    2022, 8(12):  1156. 
    Asbtract ( )   PDF (1041KB) ( )  
    References | Related Articles | Metrics
    With the development of information technology, the Internet of everything has become the mainstream development direction in the field of science and technology.With the increasing number of device nodes in the Internet of things (IoT), the security certification of the IoT has become increasingly prominent.In recent years, information security problems of the IoT occur frequently, and a large number of miniature devices of the IoT lack network authentication mechanism. Electronic authentication and key management services based on the traditional PKI mechanism require complex digital certificate management mechanism and consume a large amount of computing and network resources. Therefore, they are not suitable for IoT application scenarios.Compared with the traditional authentication scheme, the implicit certificate scheme is more suitable for the IoT devices with limited memory and computing resources in terms of memory consumption and computation.In this paper, we analyze the limitations of PKI technology in the IoT, study the implicit certificate mechanism suitable for the IoT and the implicit certificate mechanism based on the SM2 algorithm.Finally, we discuss some challenges and suggestions of PKI technology in the IoT.

    Survey of Network Intrusion Detection Based on Deep Learning
    2022, 8(12):  1163. 
    Asbtract ( )   PDF (2421KB) ( )  
    References | Related Articles | Metrics
    The rapid development of the Internet not only brings great convenience to users, but also causes many security incidents. With the increasing number of network attacks such as zeroday vulnerabilities and encryption attacks, the network security situation is becoming more and more serious. Intrusion detection is an important means of network attack detection. In recent years, with the continuous development of deep learning technology, intrusion detection system based on deep learning is gradually becoming a research hotspot in the field of network security. This paper introduces recent work on network intrusion detection using deep learning technology based on extensive investigation of literature. Firstly, it briefly summarizes the current network security situation and traditional intrusion detection technologies. Then, several deep learning models commonly used in network intrusion detection system are introduced. Then it summarizes the commonly used data preprocessing techniques, data sets and evaluation indicators in deep learning. Then from the perspective of practical application, it introduces the specific application of deep learning model in network intrusion detection system. Finally, the problems in the current research process are discussed, and the future development direction is put forward.
    NFC Secure Payment Protocol Based on Pseudonym
    2022, 8(12):  1178. 
    Asbtract ( )   PDF (1131KB) ( )  
    References | Related Articles | Metrics
    Near field communication (NFC) is a contactless communication technology based on ISOIEC 18092 with a working distance of less than 10 cm. Nowadays, NFC has attracted the attention of most smart phone manufacturers and industries due to its usability and ease of use, and has been widely used in the field of ecommerce. In order to ensure the security of their communications, in the past few years, many researchers have focused on solving the security threats existing in NFC environments. In this regard, these studies have led to the introduction of the NFC Security standard (NFCSEC), which, however, does not provide users with privacy protection. Recently, some researchers have successively proposed pseudonymitybased NFC authentication and key agreement protocols, claiming that the proposed solutions meet the security requirements. However, the previous protocol still had security flaws, such as an inability to defend against insider privilege attacks. Based on this, a security authentication protocol based on pseudonymity is proposed, and the security of the protocol is proved. In the proposed scheme, the user generates his own key, which is verified by a third party through a zeroknowledge proof scheme, and generates a pseudonym accordingly, through which the key negotiation is completed.
    A Cross-over Method for Counting Mutually Distinct Minimum  Episodes with Time Constraints
    2022, 8(12):  1187. 
    Asbtract ( )   PDF (1425KB) ( )  
    References | Related Articles | Metrics
    In the episode mining, it is usually difficult to segment long sequence data.Aiming at the problems that time constraints, cross occurrence of episodes, and repeated counting are not considered in the existing episode mining algorithms. We propose a crossover method for counting mutually distinct minimum episodes with time constraints which considers the time span of the occurrence of the episode, the heterogeneity of signal events and the cross ability of the episode. By using the ONCETDM episode counting algorithm, we can scan the sequence data in a single pass and complete the accurate counting of the occurrence of the episode.

    Research on Customers Information Detection and Security Analysis for ISP
    2022, 8(12):  1192. 
    Asbtract ( )   PDF (2286KB) ( )  
    References | Related Articles | Metrics
    Mobile Internet has been integrated into each aspects of our life. With the rapid development of digital economy, the value of researching ISP customers information is increasing and its importance is also increasing. Under the background of the official implementation of the Data Security Law of the People’s Republic of China and the Personal Information Protection Law of the People’s Republic of China, the security of ISP customers information has been increasingly concerned by the whole society. According to the relevant requirements of the security protection of ISP customers information, through the practice and analysis of the security detection combining dynamic detection and static detection, this paper proposes the innovative detection scheme of “one scene, one case” for the detection of ISP customers information. Aiming at the weak points of the security of customers information, the scheme proposes the idea of strengthening the detection intensity, frequency and supervision and rectification, so as to tighten the string of the customers information security of ISP and escort the accelerated development of enterprises.
    Research and Implementation of Scalable Web Vulnerability Scanning Tool in Smart Microgrid
    2022, 8(12):  1198. 
    Asbtract ( )   PDF (3415KB) ( )  
    References | Related Articles | Metrics
    As a new type of distributed power system, smart microgrid integrates traditional power transmission and distribution technology with intelligent integrated energy management system. As the control center, the microgrid energy management system (MGEMS) needs to use internet technology to collect and process a large amount of realtime data for dispatching decisionmaking and management control. Once there are vulnerabilities in the Web application, the attacker can attack the system server, steal power data and even disrupt the normal transmission and distribution of power. Aiming at the Web security involved in the smart microgrid system, this paper designs and implements a more comprehensive vulnerability detection framework. Users can freely select a scanning engine or perform automated vulnerability scanning to assist security personnel in vulnerability detection. The functions inside the framework are encapsulated as independent API interfaces for users to subsequently extend functions or write plugins. Considering the system overhead and resource occupancy, we use coroutine technology to avoid meaningless scheduling and improve detection performance. Finally, we conduct an attack test on an actual website. The experimental results show that the framework can realize functions such as password blasting and fuzzing, which can effectively detect vulnerabilities in the Web system.
    Feature Selection Method for Electromagnetic Radiation Leakage of  Crypto Chip
    2022, 8(12):  1214. 
    Asbtract ( )   PDF (2176KB) ( )  
    Related Articles | Metrics
    For the electromagnetic radiation leakage during the working of the cryptographic chip, we propose a feature selection method based on the Hamming weight model, which uses the fact that the electromagnetic radiation energy depends on the Hamming weight of the processed data. First, we construct different classifications for the different Hamming weights of the intermediate values of the encryption algorithm. Each classification uses its own selected plaintext to perform repeated encryption operations, and collects the electromagnetic signals radiated by the chip. Then, we calculate the mean value of the electromagnetic signal in each classification and the difference of the mean value of the electromagnetic signal between any two classifications to obtain a difference matrix. Finally, we define a set of variables to constrain the difference matrix, and the points that meet the constraints will be used as feature points. The experiment results show that the Hamming weight model not only can correctly select feature points, but also can significantly reduce the number of electromagnetic leakage traces required for template construction compared with the correlation coefficient feature selection method.
    Application of Blockchain Technology in Government Affairs
    2022, 8(12):  1223. 
    Asbtract ( )   PDF (3627KB) ( )  
    References | Related Articles | Metrics
    As one of the new generation information technologies, blockchain has great technical advantages in promoting data sharing and utilization, optimizing business process links, improving multiparty collaboration efficiency, reducing overall operating costs, establishing a trusted ecosystem, etc., which provides a new paradigm of capabilities for realizing trusted circulation and sharing of egovernment business data, security asset information protection, and cross departmental collaborative supervision. This paper has designed a new blockchain technology architecture system. By building a blockchain service center, a government application chain service platform and a government security chain service platform, multiple pilot applications have been enabled in the province to achieve the inventory, connection, and standardized management of business and multi chain data resources, forming a basic “data asset” management system.

    Exploring the Application Prospect of Voiceprint Recognition for e-CNY
    2022, 8(12):  1231. 
    Asbtract ( )   PDF (1353KB) ( )  
    References | Related Articles | Metrics
    Voiceprint recognition, as an emerging biometric technology, has gradually matured in recent years, and has not only been applied in many scenarios of financial institutions such as China Construction Bank, but also in corporated into the trusted identity technology system of the China’s eCNY pilot. Starting from the account security requirements of eCNY and the basic characteristics of voiceprint recognition technology, this paper discusses the security improvement of voiceprint technology on eCNY and the application scenarios of voiceprint payment.

    On the Exploration and Prospect of the Development Path of  Cyberspace Trusted Identity in China
    2022, 8(12):  1236. 
    Asbtract ( )   PDF (1941KB) ( )  
    References | Related Articles | Metrics