Most Download articles

    Published in last 1 year | In last 2 years| In last 3 years| All| Most Downloaded in Recent Month| Most Downloaded in Recent Year|
    Most Downloaded in Recent Month
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Building Cyber Security Defense by Trusted Computing 3.0
    Journal of Information Security Research    2017, 3 (4): 290-298.  
    Abstract414)      PDF (1075KB)(1973)       Save
    Related Articles | Metrics
    Journal of Information Security Reserach    2026, 12 (2): 98-.  
    Abstract59)      PDF (532KB)(62)       Save
    Related Articles | Metrics
    A Graphembedded Data Security Audit Scheme Based on Risk Elements
    Journal of Information Security Reserach    2026, 12 (2): 100-.  
    Abstract46)      PDF (2173KB)(40)       Save
    With the increasing complexity of data security risks in big data environments, existing data security audit technologies are limited by fragmented feature utilization and insufficient scalability, preventing comprehensive lifecycle risk coverage and thereby reducing risk detection efficiency. To address these challenges, a graphembedded data security audit scheme based on risk elements (REGDSA) has been proposed. The scheme first constructs a security risk elements space comprising data attributes (D), user characteristics (U), carrier environment (C), and actions (A), achieving structured mapping of risk features throughout the entire data lifecycle. It then employs graph embedding technology to map these security risk elements into lowdimensional semantic vectors, constructs a crossdimensional association model for integrated analysis, and achieves efficient risk detection. The feasibility of the scheme is validated through effectiveness and performance analysis.
    Reference | Related Articles | Metrics
    TOPSEC, Leading Brand of Independent Innovation, Supporting Cyberspace Power Strategy
    Journal of Information Security Research    2018, 4 (9): 774-782.  
    Abstract195)      PDF (1579KB)(914)       Save
    Related Articles | Metrics
    An Overview of Trusted Computing Applicaiton in Operating System
    Journal of Information Security Research    2018, 4 (1): 45-52.  
    Abstract264)      PDF (4733KB)(382)       Save
    The operating system (OS) is a system software that manages both the hardware and the software resources in a computer,thus its security is of significant importance. As a major component of the new generation security technology, trusted computing is applied to virtualization,cloud computing while merging into the OS development and forming a new trusted OS. This paper describes the application and trending of trusted computing,including trusted virtualization platform,trusted cloud,and solution scheme of industrial control system based on trusted computing. It specifically narrates the trusted OS,a hybrid of trusted computing nested into the OS,including its concept,architecture and key technologies related,the enhancement on the OS security,and the elevation of users’s experience.
    Reference | Related Articles | Metrics
    Remote Office Solution and Its Application Based on Secure Instant Messaging Technology
    Journal of Information Security Research    2020, 6 (4): 301-310.  
    Abstract196)      PDF (3086KB)(338)       Save
    Remote office is getting more and more favored by users for its characteristics of unconstrained time and space, high-efficiency and convenience, fragmentation time utilization and so on, but it also raised a lot of security problems. This article systematically introduces a security solution for remote office and its innovative applications. Based on the secure instant messaging architecture of interconnection and interworking, it realizes vertical security support and application aggregation, as well as horizontal data sharing and application collaboration through open aggregation interfaces. Therefore an remote office ecosystem is built. The solution has been widely used in sectors such as government, military, finance and energy, providing a security application solution to meet the requirements of relevant national standards for the high-security users’ remote office.
    Reference | Related Articles | Metrics
    Modulated Signal Information Security Risk Analysis in Wireless Communications
    Wei Dong1, Liu Bo2, Liang Lili1, and Li Min1
    Journal of Information Security Research   
    Reasearch on Online Public Opinion Governance in Chinas Western Minority Regions
    Journal of Information Security Research    2018, 4 (10): 954-958.  
    Abstract246)      PDF (1531KB)(409)       Save
    For the intertwine of ethnic, religious, historical and cultural problems, western minority regions is an essential part for public opinion safety in China. Therefore, the changing trend of online public opinion in these areas has been the focus of online public opinion researches. Influenced by the false and malicious information from abroad and infiltrated by the overseas religious extremists, the difficulty of governing the online public opinion in minority areas of west China has increased sharply. Therefore, it is particularly important for the governance of online public opinion in these areas. Based on the salient characteristics of the public opinion in minority areas of west China, such as regionalism, complexity, politicality, sensitivity and internationality, this article intends to clarify the potential problems existing in the online public opinion in minority areas of west China at present, and to further discuss the influencing factors of online public opinion in these areas, and finally to probe a sound and effective way to govern the online public opinion in minority areas of west China.
    Reference | Related Articles | Metrics
    Research on the Development Challenges and Governance Pathways of  Network Data Labeling and Tagging Technology
    Journal of Information Security Reserach    2026, 12 (2): 118-.  
    Abstract27)      PDF (689KB)(27)       Save
    Network data labeling and tagging technology serves as a critical enabler for ensuring the trusted circulation and secure controllability of data elements, offering significant application prospects and developmental potential. This paper reviews the global governance landscape of data labeling and tagging technologies, identifies three core challenges hindering their advancement and proposes targeted governance strategies. By addressing technical bottlenecks through institutional innovation, technological optimization, and collaborative supervision, this study provides theoretical guidance for building a secure, efficient, and modernized network data governance system in China.
    Reference | Related Articles | Metrics
    A Secure Data Sharing Scheme Supporting Finegrained Authorization
    Journal of Information Security Reserach    2023, 9 (7): 667-.  
    Abstract294)      PDF (1681KB)(248)       Save
    Considering the problems such as centralized data storage and difficulty in data sharing in cloud computing environments, based on the combination of multiconditional proxy reencryption and attributebased proxy reencryption, a multiconditional attributebased threshold proxy reencryption scheme which supports multiple authorization conditions is proposed. The scheme supports finegrained access to ciphertext data under multiple keyword authorization conditions, and can limit the authorization conditions and scope of ciphertext sharing. Only when the attribute set meets the access structure in the ciphertext and the keywords are consistent with the keywords set in the ciphertext, users can access the data. This solution achieves finegrained access to ciphertext data under multiple keyword authorization conditions, supports flexible user revocation, prevents unauthorized decryption of ciphertext by conspirators, and protects the sensitive information of data owners. Through the provable security analysis, it is shown that under the general group model, the scheme can resist chosen plaintext attack; compared with other conditional proxy reencryption schemes, the functions it supports are more diverse.

    Reference | Related Articles | Metrics
    Cyberspace Strategic Measures of U.S. DoD and the Enlightenments
    Wang Yongjun and Su Jinshu
    Journal of Information Security Research    2015, 1 (1): 81-85.  
    Abstract446)      PDF (4515KB)(750)       Save
    Taking the construction of cyberspace operations forces and the cyberspace operations capabilities of the U.S. army as the core, in order to achieve the freedom of action in cyberspace, the U.S. Department of Defense has taken a number of strategic measures from five different levels, which includes the national strategy, the military strategy, the organization of combat forces, the construction of key elements of combat forces, and the law environment to support cyberspace operations. These strategic measures have achieved very comprehensive and positive results and ensured that the U.S. army maintains the absolute superiority of cyberspace operations in the future information war. By analyzing and grasping the logical structure and development context of cyberspace strategy of the U.S. Department of Defense, the corresponding references and inspirations are provided for the construction and development of China's cyberspace capabilities, which will help China take the initiatives in the cyberspace games of the world.
    Related Articles | Metrics
    Research on Dynamic Risk Assessment and Security Supervision System of  Enterprise Outbound Data Transfer
    Journal of Information Security Reserach    2026, 12 (2): 124-.  
    Abstract30)      PDF (2161KB)(20)       Save
    The demand for crossborder data flow has grown significantly with the globalization of the digital economy, and the security risks related to data, such as national information, corporate secrets, and personal privacy, have gained much attention. To mitigate the risks of outbound data transfer, this article evaluates the risk factors from the regulatory perspective and further forms a risk assessment and security supervision system framework that combines monitoring and sampling mechanisms based on the outbound data flow model. The wholechain risk supervision approach, which includes risk preassessment based on multifactor merging analysis prior to the business, risk adjustment and response based on statistical monitoring and sampling mechanism during the business, and postbusiness disposal and supervision optimization of illegal behaviors, can be strengthened in order to regulate the data outbound behavior of crossborder enterprises. The study makes recommendations for enhancing the technical framework of outbound data transfer security supervision, which is crucial for fostering the future growth of the digital economy in a highcaliber and sound manner.
    Reference | Related Articles | Metrics
    Research on Phishing Email Detection Based on Large Language Model
    Journal of Information Security Reserach    2026, 12 (2): 151-.  
    Abstract39)      PDF (1835KB)(23)       Save
    With the rapid increase in phishing email volumes and the continuous evolution of adversarial techniques, traditional phishing detection methods have encountered significant challenges regarding efficiency and accuracy. To address issues such as low detection rates, high falsenegative rates, and poor humancomputer interaction in existing systems, the authors proposed a phishing email detection system based on large language model. Through comprehensive analysis of key phishing email characteristics—including header fields, body content, URLs, QR codes, attachments, and HTML pages—they constructed a highquality training dataset using feature insertion algorithms. Building upon the pretrained LLaMA model, the researchers implemented LoRA finetuning technology, achieving domain knowledge transfer by updating only 0.72% of model parameters (approximately 50MB). Experimental results demonstrate that compared to traditional methods, the LLMbased detection approach achieves 94.5% overall accuracy with enhanced robustness, effectively reduces falsepositive rates, improves classification and interpretation capabilities for phishing email features, and provides a more practical and reliable solution for phishing detection.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (E2): 8-.  
    Abstract129)      PDF (509KB)(67)       Save
    Reference | Related Articles | Metrics
    China’s Mirror and Insights for the Legitimate Interest Rule from  the EU Law Perspective
    Journal of Information Security Reserach    2026, 12 (2): 142-.  
    Abstract27)      PDF (1832KB)(21)       Save
    The rapid development of generative artificial intelligence (GAI) poses significant challenges to traditional informed consent rules. The European Union (EU) addresses this tension through the “legitimate interest rule” established under the General Data Protection Regulation. The EU effectively reconciles data protection with technological innovation by adopting an openstructured framework and dynamic balancing mechanisms. In contrast, China’s Personal Information Protection Law diverges from the EU counterpart in terms of the data processing lawfulness, rendering informed consent rules challenging to meet the demands of largescale data processing in the context of GAI. The EU’s approach is rooted in its governance doctrine that harmonizes rights protection with risk management, alongside an economic logic prioritizing a unified market. China adopts a riskbased regulatory strategy and has developed a “strong protection, weak circulation” regulatory model. To address the technical complexities of GAI, China should construct a localized legitimate interest rule which is confined to applications in commercial scenarios. This framework would incorporate a threetiered analysis—interest test, necessity test, and balance test—supported by risk mitigation measures and accountability mechanisms. Such institutional innovation would overcome the consent application dilemma while enabling adjudication to dynamically balance data subjects’ rights, commercial interests, and public values casebycase. This solution offers both a theoretical framework and practical feasibility for optimizing data governance in the AI era.
    Reference | Related Articles | Metrics
    A Method for IP Positioning and Mapping Based on Multisource Data  Fusion and Dynamic Clustering
    Journal of Information Security Reserach    2026, 12 (2): 164-.  
    Abstract20)      PDF (2035KB)(12)       Save
    With the growth of the global network scale, as a core technology for achieving refined network resource scheduling and attack tracing, the accuracy and realtime performance of IP positioning and mapping methods have become critical for ensuring highquality service in emerging scenarios such as 5G and the Internet of Things. Due to the insufficient static parameter settings and adaptability to dynamic topologies, traditional methods are difficult to meet the highprecision location requirements under multisource heterogeneous data. This paper proposed an IP positioning and mapping method that coordinates multisource data fusion and dynamic clustering. By integrating multisource heterogeneous data such as WiFi hotspots, BGP routing, and ZoomEye protocol fingerprints, a dynamic screening mechanism based on geographical location entropy was constructed, and the recall rate of reference points reached 92.3% (an increase of 15.2% compared with the comparative method). Then, a dynamic clustering optimization algorithm was designed to achieve differential clustering for enterprise dedicated lines and residential areas. Finally, combined with network topology mapping technology, the positioning offset was corrected through the analysis of common adjacent nodes, and the errors in the dynamic network were suppressed.
    Reference | Related Articles | Metrics
    Analysis on CFL Provable Security
    Journal of Information Security Research    2016, 2 (7): 589-599.  
    Abstract360)      PDF (7813KB)(397)       Save
    Proven security theory of public key cryptography algorithm clears the defination of the security of cryptography; Establish a basic definition, general cryptography research method based on the reduction to prove; Through strict proof,it combines the safety of the system and the known computational problem or cryptography. Proven security theory research pushs forward the standardization of the password system, a lot of standardization organization puts cryptosystem security certification as one of the password systems essential security properties, it requires new submission criteria of cryptography algorithm to be able to pass the security certificate, currently USES cryptography standards comply with this safety standards. It is proved that CFL is Provable Security with its private key being unrecoverable, and with EUFCMA under some conditions.
    Reference | Related Articles | Metrics
    Design and Analysis of Security Construction Scheme for City Rail AFC Systems
    Journal of Information Security Research    2018, 4 (1): 91-96.  
    Abstract219)      PDF (4299KB)(434)       Save
    City rail systems become more and more complex and intelligent, and information technology has become the management tool of AFC systems for city rails. This situation leads the information security protection to be part of the construction of AFC systems for city rails. This paper uses the security techniques for industrial control systems to design a construction scheme for city rail AFC systems. By considering the tools for border protection, intrusion detection, systematical detection, and function integration, a comprehensive security solution is formed. Analysis shows that the security construction scheme possesses high security.
    Reference | Related Articles | Metrics
    Blockchain Technology and Application
    Journal of Information Security Research    2018, 4 (6): 559-569.  
    Abstract185)      PDF (1884KB)(477)       Save
    A rush of digital cryptocurrency is being set off by bitcoin since it was introduced in 2008. As its underlying core technology, blockchain and blockchain technology have received extensive attention from many aspects. Blockchain technology is a combination of many technologies for data exchange, processing and storage based on cryptography, peer-to-peer communications, distributed coherency protocols and smart contracts. Blockchain is a decentralized, distributed public database based on the blockchain technology. The implementation of the blockchain's classification, five-tier architecture, smart contracts, scalability and security are introduced in detail in this article. We introduced the application of blockchain in current fields and related development of domestic blockchain. Finally, the advantages and disadvantages of the blockchain are outlined, which lays the foundation for futther research and application.
    Reference | Related Articles | Metrics
    Definition of Content Review Scope of Network Platform
    Journal of Information Security Research    2019, 5 (9): 834-842.  
    Abstract303)      PDF (583KB)(339)       Save
    At present, Chinas legislation on the scope of network platform content review is not clear and unreasonable. The network platform has great discretion in judging the illegality of users' published content, and their law enforcement behaviors of blocking or deleting users' published content are arbitrary, that poses a great threat to users basic rights such as freedom of speech. In order to achieve a good balance between the maintenance of public interests such as network security and the protection of basic rights such as freedom of speech, Chinas legislation should make a clear and reasonable definition of the scope of content censorship. At present, there are three defining standards in foreign countries. On the basis of comparative analysis of the above standards and combining with the legislative background of China, this paper proposes to define the content review scope of China's network platform as the illegal content that infringes the protection benefits of the public law.
    Reference | Related Articles | Metrics
    Research on Cybersecurity Certification System of Critical Information Infrastructure
    Journal of Information Security Research    2019, 5 (9): 847-850.  
    Abstract204)      PDF (683KB)(383)       Save
    Critical information infrastructure is related to national security, peoples livelihood, and public interests. It is an overall and strategic task to speed up the construction of critical information infrastructure security assurance system. The research and application of cyber security certification system in the field of critical information infrastructure can play a basic supporting role in the construction of cyber security system and promote the implementation of national information security certification system in the field of critical information infrastructure.
    Reference | Related Articles | Metrics
    Design of Adversarial Attack Scheme Based on YOLOv8 Object Detector
    Journal of Information Security Reserach    2025, 11 (3): 221-.  
    Abstract312)      PDF (3519KB)(76)       Save
    Currently, cameras equipped with AI object detection technology are widely used. However, AI object detection models in realworld applications are vulnerable to adversarial attacks. Existing adversarial attack methods, primarily designed for earlier models, are ineffective against the latest YOLOv8 object detector. To address this issue, we propose a novel adversarial patch attack method specifically for the YOLOv8 object detector. This method minimizes confidence output while incorporating an exponential moving average (EMA) attention mechanism to enhance feature extraction during patch generation, thereby improving the attack’s effectiveness. Experimental results demonstrate that our method achieves superior attack performance and transferability. Validation tests, in which the adversarial patches were printed on clothing, also demonstrated excellent attack results, indicating the strong practicality of our proposed method.
    Reference | Related Articles | Metrics
    The Transmission Technology of Covert Information Based on Acoustic Channel
    Ding Xuejie, Li Bin, Wei Di, Zhang Meng, Sun Degang
    Journal of Information Security Research   
    Webshell Detection Method Research Based on Web Log
    Journal of Information Security Research    2016, 2 (1): 66-73.  
    Abstract967)      PDF (5409KB)(1041)       Save
    In this paper, a new method of Webshell detection based on Web log is proposed, which is based on the analysis of the server log text file, and the Webshell is detected from three angles: text feature, statistical feature and correlation feature. In the text feature, it is mainly to match the file access path and the parameters that are submitted. The experimental results show that the normal Web documents and Webshell files have obvious differences in the characteristics of the file access path and the parameters. In the statistical characteristics, the first is the comparison of the frequency of access to the file, and the experiment proved that the frequency of the Web page file access, combined with the depth of the Web page file directory, the starting time and the number of individual visitors, can accurately identify abnormal file. Page correlation is found by calculating the access of Web documents, the experiment shows that the Webshell is usually a solitary file, and the normal Web documents are clearly distinguished.
    Reference | Related Articles | Metrics
    The Reflection of Legal Position and Content of Critical Infrastructure Protection Legislation in China
    Zhang Min
    Journal of Information Security Research    2015, 1 (2): 163-169.  
    Abstract377)      PDF (7008KB)(640)       Save
    Critical infrastructure information security is the precondition of national security andthe normal operation of society. It also ensure the civic right to live and development .The paper proposed the concept of critical infrastructure, the identified standard, and tried to elucidate the relationship between the legislation of critical infrastructure legislation and National Security Law, Network Security Law (Draft) and Hierarchical protection system, then proposed the legal position of critical infrastructure protection legislation—security safeguard law.Chinas critical infrastructure protection legislation should focus on information security safeguarding, the contents of the legislation not only incloud the information security risk prevention and control, but also the promotion of the technical, organizations and law enforcements safeguard abilities and international cooperation on critical infrastructure protection.
    Reference | Related Articles | Metrics
    Cryptographic Service Platform Based on Trusted Computing Technology
    Journal of Information Security Research    2017, 3 (4): 305-309.  
    Abstract277)      PDF (3854KB)(485)       Save
    Trusted computing is an active defense and immune security system. In this paper, from practical demands in financial industry and electronic government, we propose a cryptographic service platform based on trusted computing, which supports domesticallymade standard SM1, SM2, SM3, SM4 cryptographic algorithms and uses trusted computing technology to protect cryptographic deices and systems. This platform provides uniform cryptographic computing service, key management and cryptographic devices management etc, and it has excellent reliability, security, efficiency, parallel processing and load balancing. This platform can be applied to financial industry, electronic government and electronic commerce.
    Reference | Related Articles | Metrics
    Review and Research for Consensus Mechanism of Block Chain
    Journal of Information Security Research    2018, 4 (4): 369-379.  
    Abstract505)      PDF (2321KB)(829)       Save
    Blockchain is the core supporting technology of the digital cryptocurrency system represented by Bitcoin, which can bring profound changes to finance, economy, science and technology and even politics. It integrates distributed systems, cryptography, game theory and other disciplines have established a new type of trust model. As the core of the blockchain technology, the consensus mechanism plays an important role in maintaining the stable operation of the blockchain system and mutual trust between nodes. In recent years, with the hot of block chain technology, consensus algorithm has made considerable progress. This article first analyzes the application of the consensus mechanism and the problems to be solved by analyzing the core technology of the blockchain.Then we introduce consensus mechanism current representative and thoroughly analyzed it. We hope to provide ideas and lessons for the study of consensus mechanisms.
    Reference | Related Articles | Metrics
    Research on Malicious Location Attack Detection of VANET Based on  Federated Learning
    Journal of Information Security Reserach    2023, 9 (8): 754-.  
    Abstract413)      PDF (2613KB)(219)       Save
    Malicious behavior detection is an important part of the security needs of the Internet of vehicles. In the Internet of vehicles, malicious vehicles can achieve malicious location attack by forging false basic security information (BSM) information. At present, the traditional solution to the malicious location attack on the Internet of vehicles is to detect the malicious behavior of vehicles through machine learning or deep learning. These methods require data collecting, causing privacy problems. In order to solve this problems, this paper proposed a detection scheme of malicious location attacks on the Internet of vehicles based on Federated learning. The scheme does not need to collect user data, and the detection model uses local data and simulated data for local training, which ensures the privacy of vehicle users, reduces data transmission and saves bandwidth. The malicious location attack detection model based on Federated learning was trained and tested using the public VeReMi data set, and the performance of the data centric malicious location attack detection scheme was compared. Through comparison, the performance of malicious location attack detection based on Federated learning is similar to that of traditional data centric malicious location attack detection scheme, but the malicious location attack detection scheme based on Federated learning is better in data transmission and privacy protection.
    Reference | Related Articles | Metrics
    Research on Trusted Data Collection Metrics Mechanism for IoT in Smart Cities
    Journal of Information Security Reserach    2026, 12 (2): 109-.  
    Abstract33)      PDF (1939KB)(21)       Save
    The diversity, heterogeneity, and wide distribution characteristics of IoT devices expose their operational processes to risks such as data source forgery or tampering in sensing devices. However, current trust evaluation models in multidomain IoT scenarios for smart cities exhibit limited dynamic adaptability and lack comprehensive capabilities in addressing security threats. To address these issues, this study proposes a framework from the macrooperational perspective of IoT, integrating trusted computing technologies. We construct static attribute metrics and dynamic attribute metrics mechanisms for IoT device nodes, categorize trust levels by employing clustering algorithms, and establish a comprehensive trusted metrics mechanism tailored for multisource heterogeneous IoT devices. Subsequently, through simulation experiments based on a multidomain distributed IoT architecture, we validate that the proposed trusted metrics scheme effectively detects initial malicious propagation by malicious nodes, confines malicious propagation within a limited scope, and robustly addresses security challenges under varying proportions of malicious nodes.
    Reference | Related Articles | Metrics
    Research on ECDSA Key Recovery Attacks Based on the Extended  Hidden Number Problem
    Journal of Information Security Reserach    2026, 12 (2): 174-.  
    Abstract23)      PDF (797KB)(22)       Save
    Elliptic curve digital signature algorithm (ECDSA) is one of the most widely used digital signature algorithms. During the signing process, it requires computing scalar multiplication on elliptic curves, which is typically the most timeconsuming component of the signature. In many present cryptographic libraries, the windowed nonadjacent form representation is commonly used to represent the ephemeral key in order to reduce time consumption. This exposes sidechannel vulnerability to malicious attackers, allowing them to extract partial information about the ephemeral key from sidechannel traces and subsequently recover the signing key. Leveraging the extended hidden number problem to extract information from sidechannel traces and applying latticebased attacks to recover keys constitutes one of the mainstream attack frameworks against ECDSA. Based on above, we propose three optimization methods. First, we introduce a neighboring dynamic constraint merge strategy. By dynamically adjusting the merging parameters, we reduce the dimension of the lattice and control the amount of known information lost during the attack, ensuring high success rates for key recovery across all signatures. Second, we analyze and optimize the embedding number in the lattice, reducing the Euclidean norm of the target vector by approximately 8%, thereby improving the success rate and reducing time consumption. Finally, we propose a linear predicate method which significantly reduces the time overhead of the lattice sieving. In this work, we achieve a success rate of 0.99 in recovering the private key using only two signatures.
    Reference | Related Articles | Metrics
    Research on the Regulation of Crossborder Data Flow in China from  the Perspective of Dynamic Systems Theory
    Journal of Information Security Reserach    2026, 12 (2): 181-.  
    Abstract19)      PDF (1153KB)(11)       Save
    Given the significant role data plays in the current world, this paper aims to clarify and analyze the dynamic changes in China’s crossborder data flow regulation measures and their driving forces. A dynamic systems theory is actively introduced as a new methodological approach to interpret the legitimacy and rationality of the effectiveness of China’s crossborder data flow regulation, and to clarify the legislative path for future developments. Subsequently, in legislation, it is essential to define the various elements that should be considered in regulating data flow in China: protection of national security and public interests, protection of personal privacy rights, ensuring the free flow of crossborder data, compliance with international agreement terms, the necessity of restricting data flow, and the mechanism for balancing and evaluating various elements in the judicial context, in order to achieve a flexible legal effect in data flow regulation.
    Reference | Related Articles | Metrics
    The Improvement and Instance Analysis of the Formal Verification Tool Scyther
    Xu Han
    Journal of Information Security Research    2016, 2 (3): 272-279.  
    Abstract666)      PDF (6016KB)(757)       Save
    As formal verification tools for security protocols develop rapidly, picking a suitable tool, according to the target protocols and the security models, can improve not only the reliability and accuracy of protocol analysis, but also the efficiency of it. With these considerations, we compare the properties of 9 kinds of the formal verification tools in detail and we find that the Scyther tool can be an optimal choice in terms of interface interactivity, analysis efficiency and security model validity. In an attempt to facilitate using and researching of the tool for analysts in China, we study and analyze the underlying algorithm of Scyther and translate the interface into Chinese; we also update Scyther by adding a timer that can count and output the analysis time. Finally, we use the updated Scyther to make a formal analysis of the network security protocol TLS within the DelovYao model and strong security model. The current study is of theoretical and practical value for it helping researchers to select and use formal analysis tools more accurately and effectively.
    Related Articles | Metrics
    Research on Cryptographic Access Control and Its Applications
    Journal of Information Security Research    2016, 2 (8): 721-728.  
    Abstract552)      PDF (7726KB)(422)       Save
    Cryptographic access control is a hot topic in recent years and has wide promising applications. This paper firstly analysed new threats and challenges for traditional access control methods in cloud computing. The cryptographic access control was categorized into symmetrickey cryptography based and public key cryptography based mechanisms, and main schemes of the two types were discussed later. Its application in encrypted file systems and securing cloud storage was introduced as well. Finally, this paper analysed main problems, challenges and further research directions for future discussion about cryptographic access control.
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2022, 8 (E2): 43-.  
    Abstract164)      PDF (2414KB)(87)       Save
    Reference | Related Articles | Metrics
    Journal of Information Security Reserach    2025, 11 (E2): 229-.  
    Abstract14)      PDF (768KB)(17)       Save
    Reference | Related Articles | Metrics
    A New Fault Attack on Grain-128
    Journal of Information Security Research    2016, 2 (3): 230-237.  
    Abstract296)      PDF (5483KB)(667)       Save
    By analyzing the weakness in design of the stream cipher Grain128, a fault attack by targeting NFSR is presented. Firstly, by setting a large random number of key and IV, and using the difference of faultfree and faulty output, we obtain the fault location. By using the feedback equation of NFSR and output bit equation, and inducing 56 faults to NFSR, we can get the NFSR bit values. By using the output bit equation, and inducing 256 faults to NFSR, we can get the LFSR bit values. We can recover the key from the known full initial state by inverting internal states. The computational complexity of this attack is about O(221).
    Reference | Related Articles | Metrics
    New Trends of the Main Countries Cybersecurity Strategy in 2015
    Cui Chuanzhen
    Journal of Information Security Research   
    Research on the Audio Information Hiding Algorithms Based on Mean Quantization
    Journal of Information Security Research    2016, 2 (10): 909-912.  
    Abstract268)      PDF (3215KB)(426)       Save
    We presented a new blind digital audio information hiding algorithms based on DWT and mean quantization. In order to achieve the high imperceptibility, the modification of wavelet coefficients was reduced by piecewise adjustment the quantized area. The ability of resisting attack was also improved by adjustment the boundary value with poor resistance to attack. Experimental results demonstrate that the proposed method has a better Signal Noise Ratio (SNR) than the current mean quantization algorithm, and the Normalized Cross?Correlation (NC) has also a certain amount of improvement.
    Related Articles | Metrics
    A Key Management Method and System of Symmetric Key
    Journal of Information Security Research    2018, 4 (1): 80-83.  
    Abstract260)      PDF (3261KB)(363)       Save
    Cryptography is one of the core technology of information security, meanwhile, key management technology is the foundation of cryptography. key management typically consists of these steps: generation, storage, exchange, update, revocation, control and destroy. In our video surveillance system, the video transmission of each channel also need encryption using symmetric key. However, the traditional key management method is based on the fact that both entities hold the symmetric key jointly. It will be tedious and dangerous potentially in order to ensure exchange of keys is safe and reliable and to prevent password leakage. To solve the problem, a symmetric key management method and a TCP server system is provided. In our system, all symmetric keys are stored in the server. Users can send requests to the server for getting the valid key, Meanwhile, the connection of users and server is certified and encrypted, making the key management efficient, reasonable, and safe.
    Reference | Related Articles | Metrics
    Secboot’s AI Technology Pushes Identif cation Security to the Cusp of a New Era
    Journal of Information Security Research    2018, 4 (7): 582-587.  
    Abstract205)      PDF (1248KB)(599)       Save
    Related Articles | Metrics
Author Center
Review Center
京ICP备19004174号
Copyright © Journal of Information Security Reserach, All Rights Reserved.
Tel: 010-68558637 E-mail: ris@cei.cn
Powered by Beijing Magtech Co., Ltd.