Table of Content

    15 March 2020, Volume 5 Issue 3
    Rising Network Security Report and Trend Prospect in 2018
    2019, 5(3):  186-191. 
    Asbtract ( )   PDF (3677KB) ( )  
    Related Articles | Metrics
    The Security Research of Blockchain Smart Contract
    2019, 5(3):  192-206. 
    Asbtract ( )   PDF (4011KB) ( )  
    References | Related Articles | Metrics
    The blockchain is a distributed ledger maintained through decentralization and detrusting. Its development can be divided into three phases, blockchains 1.0, 2.0 and 3.0. Blockchain 1.0 is represented by Bitcoin and provides a nonturing complete scripting language. Blockchain 2.0 is represented by Ethereum and introduces the concept of smart contract on the basis of Bitcoin. It provides Turing complete programming language Solidity, it extends the application of blockchain from a purely monetary domain to other areas; blockchain 3.0 will be a programmable world, and all walks of life will operate in an autonomous manner. Smart contract, as the most significant feature of blockchain 2.0, plays an important role in building decentralized applications. However, in recent years, smart contract security incidents have occurred frequently, causing huge losses to project parties and investors. The security issue of smart contract have gradually attracted much attention. The article first introduces the basic concept of the blockchain, then expounds the knowledge of Ethereum, and then gives a comprehensive introduction to the smart contract, including the operating environment, composition, deployment process and working principle. The paper mainly classifies and summarizes existing known smart contract vulnerabilities, and provides solutions for each type of vulnerabilities.
    Research on Blockchain Application in Insurance Industry
    2019, 5(3):  207-216. 
    Asbtract ( )   PDF (4379KB) ( )  
    References | Related Articles | Metrics
    Blockchain technology will play an important role in digital transformation in insurance industry. This paper attempts to introduce CBGM (Consortium Blockchain Governance Model) which can help insurance institutions to leverage blockchain technology to build insurance digital ecosystem more efficiently. This paper leverages authors experience of applying blockchain technology in insurance industry recent years. Firstly, application scenarios of blockchain in insurance industry has been sorted out. Meanwhile, the challenges of using blockchain technology has been analyzed, whose one of the key challenges is how to manage consortium. Secondly, CBGM and 6 sub-modules have been developed and introduced which is targeted to provide common method to manage consortium. Finally, an example of using CBGM has been shared and proposal for insurance institution has been provided.
    An Improved Scheme for Elliptic Curve Digital Signature
    2019, 5(3):  217-222. 
    Asbtract ( )   PDF (1404KB) ( )  
    References | Related Articles | Metrics
    The existing problems of elliptic curve digital signature (ECDSA) are briefly described, the improved scheme for the existing problems of ECDSA is studied, although the scheme improves the computational efficiency of ECDSA, the forgery signature attack is not considered. Based on the security and computational efficiency of elliptic curve digital signature, an improved scheme for elliptic curve digital signature is proposed, the safety and efficiency of the proposed scheme are proved by theory and simulation experiments. The results show that the improved scheme improves the computational efficiency of digital signature and prevents forgery attacks by scalar multiplication twice and inversion once.
    Design and Implementation of CSRF Defense Module Based on MD5
    2019, 5(3):  223-229. 
    Asbtract ( )   PDF (2018KB) ( )  
    References | Related Articles | Metrics
    Since the 1990s, the Internet has been open to the public, and the number of people using the Internet has soared. Nowadays, the Internet is inseparable fromlife, work and study. Many Internet services and applications are available to users in the form of web pages. The security of web applications has become the most important thing.Among them, the security risk of CSRF (Cross-site request forgery) is high, which is called “the sleeping giant” because it's easy to be ignored. For the CSRF attack mode, This paper designs a CSRF defense module based on MD5 message digest algorithm to randomize the parameter names. Its mainly implemented by using a Java filter, and adding a random parameter generated by MD5 by parameter name in the uniform resource positioning symbol (URL) and the table form, which increase the difficulty of the attacker to request forgery, and achieve the purpose of CSRF defense to protect user’s security. The result of experiments demonstrates that the defend module is effective. It can effectively defend against CSRF attacks and increaseless impact of the defense module on the performance of the Web server within an acceptable range.
    Image Steganography Methods from Traditional to Deep Learning
    2019, 5(3):  230-235. 
    Asbtract ( )   PDF (1665KB) ( )  
    References | Related Articles | Metrics
    This paper summarizes the schemes of typical traditional embedded image steganography and new nonembedded image steganography algorithm based on deep learning, and points out that the traditional method is difficult to resist the current stateoftheart steganalysis based on machine learning in this field, and the embedding capacity of new method is not enough, the embedding process is more complicated. Then the design of steganography without embedding (SWE) based on the generative adversarial networks or deep convolutional generative adversarial networks is proposed. Combining traditional and new algorithms and compensating for each other, the image steganography gets further development.
    A Container Cloud Elastic Scaling Strategy Based on Load Characteristics Prediction
    2019, 5(3):  236-241. 
    Asbtract ( )   PDF (1649KB) ( )  
    References | Related Articles | Metrics
    Kubernetes, the current mainstream container cloud platform, has two problems when using the elastic scaling strategy based on threshold to provide elastic scaling services. First, it does not distinguish between application types, and it cannot accurately measure the load of composite applications with a single index. Second, when the application encounters temporary load increase or decrease, it is easy to cause scaling jitter, which leads to additional system consumption and resource waste. In view of the above problems, this paper proposes a container cloud elastic scaling strategy based on load feature prediction, which uses different load features to distinguish application types and adopts multiple indexes to measure the load of composite application types. In order to reduce unnecessary scaling jitter, the strategy uses both the predicted load value and the current load value to make scaling decisions. The experimental results show that compared with Kubernetes elastic scaling strategy based on threshold, this strategy can more accurately measure the CPUMEM composite application load and reduce unnecessary scaling jitter when the application is subject to temporary load increase or decrease.
    Data Security Protection Technology in Big Data Platform
    2019, 5(3):  242-247. 
    Asbtract ( )   PDF (1519KB) ( )  
    References | Related Articles | Metrics
    Big data technology is becoming more and more mature, and the application of big data has been springing up. The information security problems and information security events of big data are gradually emerging. The main content of this study is the security protection technology of the whole life cycle of data in the big data platforms, including data classification and classification, control of data access rights, data encryption protection for storage data, static data desensitization and dynamic data desensitization of data in the application process, and data access activities. Comprehensive log audit and data leak protection through sensitive data from business and terminal, provide data security protection in the whole life cycle process for data in big data platforms
    An Example Research of an Over-AuthorityVulnerability Attack Method
    2019, 5(3):  248-252. 
    Asbtract ( )   PDF (2496KB) ( )  
    References | Related Articles | Metrics
    Override vulnerability is a common type of vulnerability in web application system. It is evaluated as one of the Top 10 risks by OWASP. The vulnerability often lead to leakage of sensitive information or illegal tampering of data. An example of an attack method is given for a personal social security management system of a province and a city. The penetration test method is used. The attack process and the vulnerability exploitation results is introduced from four aspects: user fraudulent use, data interception, message modification and automated capture. The relationship with the other vulnerabilities and the risk is analized. Finally, the principle of vunerability is explained, and several vulnerability protection strategies are provided. The research shows that the ultraauthority vulnerability may cause serious consequences in the era of big data in the internet. And it also reflected the urgency and necessity for protecting the network security of the important information system as the network system operator.
    Research of Security Enhancement Identity Authentication Technology in Cloud Computing
    2019, 5(3):  253-256. 
    Asbtract ( )   PDF (1365KB) ( )  
    References | Related Articles | Metrics
    Comparing with traditional IT system, cloud computing presented the new characteristics of virtualization, multiuser, distributed and so on. Most existing authentication mode such as “userid+password” faced the risks such as fraudulent use and maninthemiddle attacks in the high security field. In view of this, this paper proposed a solution for implementing cloud identity authentication in a high security environment. The USBKey is used in the cloud terminal, and the twofactor strong identity authentication is realized by utilizing the “USBKey+PIN code”, and it is combined with the digital certificate technology to enhance the existing remote desktop protocol (RDP). The USBKey is safely mapped onto the virtual desktop to estabilsh a secure connection channel. and the strong identity authentication for the user to log into the cloud server is realized. This solution issuccessfully applied to our science and technology Big Data platform of our college, and achieved good results.
    Testing and Analysis on the Security of Public Resource Trading System
    2019, 5(3):  257-260. 
    Asbtract ( )   PDF (1096KB) ( )  
    References | Related Articles | Metrics
    In recent years, electronic bidding has flourished in China. Many public resource trading centers have established electronic platforms. However, due to the differences in the design requirements and development conditions in the early stage of the system, there are obvious differences in the quality of each system. The information security protection capability of the system is also an important requirement index to measure the quality of electronic bidding system, and may even affect the promotion and application of electronic bidding system. This paper focuses on sorting out the information security requirements of infrastructure and electronic system in the public resource trading platform, and combines the security requirements to provide the main security detection methods for electronic bidding systems.
    The Chanllenges of IPv6 Development and Network Security in China
    2019, 5(3):  261-272. 
    Asbtract ( )   PDF (4289KB) ( )  
    References | Related Articles | Metrics
    Due to the limitation of global IPv4 addressable resources, the future development of IPv4 has entered into a dead end. China's IPv6 network development lags far behind the developed countries in the world. On July 12, 2018, the Ministry of Industry and Information Technology announced that China's basic telecommunications operator 4G LTE network was upgrading to IPv6, and announced that China's Internet officially entered the IPv6 era. IPv6 has obvious advantages over IPv4, but the characteristics of IPv6 technology have its unique network security problems. China is still not well prepared for network security changes in IPv6 upgrades, and there may be many network security risks hidden. Therefore, building a secure and reliable IPv6 network is the key success fator for the evolution of China's IPv6.