Table of Content

    05 April 2021, Volume 7 Issue 4
    Summary of The Security Of Image Adversarial Samples
    2021, 7(4):  294-309. 
    Asbtract ( )   PDF (3078KB) ( )  
    References | Related Articles | Metrics
    The improvement of computer performance and the emergence of deep learning have made artificial intelligence technology widely used. More people are paying their attention to the security of deep learning models. The existence of adversarial samples is one of the main threats of deep learning models, which limits their application scenarios such as face recognition systems and self-driving that require high privacy security. Despite the high performance, deep learning models are also required to be sufficiently robust. However, one might be concerned with whether deep neural networks can be applied in real-world applications stably, reliably and effectively? If our understanding of deep neural networks is only a black box model and only requires it to produce a satisfying output given an input, then it would be difficult to safely apply it in reality. Research on adversarial examples is also a hot spot. In this paper, we explain why adversarial examples exist and summarize some algorithms for both adversarial attack and defense. Meanwhile, we conduct experimental verification of several representative methods on MNIST, CIFAR-10, and ImageNet. In the end, we discuss the outlook and trends of this field.
    Research and Design of Cloud Edge Collaboration Based on Blockchain
    2021, 7(4):  310-318. 
    Asbtract ( )   PDF (2283KB) ( )  
    References | Related Articles | Metrics
    Cloud Edge Collaboration can effectively solve the problems of rapid growth in the number of edge applications, wide data sources and huge data volume, but users currently face problems of credibility, reliability and fairness in using Cloud Edge Collaboration services, which to a certain extent restrict the development of Cloud Edge Collaboration. In this paper, we propose a blockchain-based Cloud Edge Collaboration business system, which uses a federation chain framework to design and introduce a reputation mechanism for processes such as authentication and authorization, scheduling and collection, and settlement supervision to provide a platform-based access scheduling and automated settlement solution for Cloud Edge Collaboration and solve the problems of trustworthiness, reliability, and fairness faced by users. Through the combination of Cloud Edge Collaboration and blockchain technology, users can put forward personalized application deployment requirements, and the system can carry out automated and tamper-evident application scheduling and settlement between users and different cloud service providers, and when cloud service providers cannot meet users' requirements or default occurs, users' applications can automatically switch between cloud service providers. This system effectively solves the problems of trustworthiness, reliability and fairness of the cloud-side collaboration platform, and blockchain embodies great application potential in cloud computing.
    Research on Acceleration Method of Searchable Encryption of Private Data Based on Trusted Hardware
    2021, 7(4):  319-327. 
    Asbtract ( )   PDF (1620KB) ( )  
    References | Related Articles | Metrics
    Searchable encryption (SE) is one of the key technologies for building encrypted databases. It allows the server to search for encrypted data without decrypting it. In order to solve the problem that the advanced SE solution reduces the efficiency of the SE and increases the communication cost between the client and the server, a hardware-assisted solution (also known as Intel SGX) is proposed to alleviate the above bottleneck. The key idea is to use SGX to take over The client tracks tasks such as keywords, adding data, and caching deleted data. Experimental results show that by introducing hardware-assisted solutions in the search process of encrypted data, the communication overhead between SGX and untrusted servers is effectively reduced, and the query performance of encrypted data is improved.
    Research on Browser Security and Trusted Architecture Under Xinchuang System
    2021, 7(4):  328-334. 
    Asbtract ( )   PDF (2293KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of global informatization, the whole world is rapidly merging into one. A large number of information systems have become the key infrastructure of the country and the government. Many enterprises, organizations, government departments and institutions are building and developing their own networks and connecting them to fully share and utilize the information and resources of the network. The whole country and society are more and more dependent on the network. The network has become a powerful driving force for social and economic development, and its status is becoming more and more important. However, when resource sharing is widely used in political, military, economic and scientific fields, there are also various problems, especially security issues. Therefore, it is of great strategic significance in the process of informatization. This paper focuses on the current development of browsers, the security threats faced by browsers, and the security capabilities that browsers should have under the Xinchuang system. As the interface between users and the network information world, this paper still discusses the security solution of browser under the information innovation system.
    The Research on Construction of Legal System about Data Governance in European Union 
    2021, 7(4):  335-341. 
    Asbtract ( )   PDF (884KB) ( )  
    References | Related Articles | Metrics
    With the development of artificial intelligence, blockchain, Internet of Things, 5G and other new technologies, data governance issues have attracted more attention. Therefore,how to protect data security, maintain personal privacy, and achieve scientific and systematic data governance is worthy of further study. The European Union has always been at the forefront of the world in the field of data governance. Based on the review and analysis of laws and documents in European Union related data governance,it is found that the construction of the European Union data governance legal system is mainly divided into the 1981 convention phase, the 1995 directive phase, the 2016 regulation phase, the 2018 regulation supporting laws phase, and the 2020 data strategy phase. Starting from General Data Protection Regulation, the European Union has created supporting laws around General Data Protection Regulation and proposed data strategy, forming a legal system about data governance. Based on the research and summary of European Union data governance laws, it is believed that China should continue to maintain its data security and sovereignty, while continuing to drive data to empower the digital economy.
    ACARS Data Protection Technology Based on National Secret Algorithm
    2021, 7(4):  342-350. 
    Asbtract ( )   PDF (3500KB) ( )  
    References | Related Articles | Metrics
    ACARS, namely Aircraft Communication Addressing and Reporting System, is a digital data link system that transmits short messages between aircraft and ground station by radio. ACARS message contains a lot of important internal data, but the current ACARS message is directly transmitted without any processing, which will bring a variety of problems affecting the security of the system. For example, people can easily use the corresponding radio transceiver to obtain, monitor and even process ACARS message information, so as to obtain internal data, leading to data leakage. In order to ensure the data security of ACARS, domestic password is used to realize encryption. Real ACARS data is used to test, and the results show that the encryption method in this paper can achieve the purpose of data security and privacy protection of ACARS data link[1]. In this experiment, two national secret algorithms SM2 and SM4 are used to realize the encryption and decryption of ACARS message, which ensures the further improvement of the security of ACARS.
    Application of Feature Extraction Method Based on Reinforcement Learning in Attack Recognition
    2021, 7(4):  351-358. 
    Asbtract ( )   PDF (1396KB) ( )  
    References | Related Articles | Metrics
     Aiming at the low accuracy and long time of training of industrial control datasets, this paper proposes a feature selection method based on reinforcement learning. Firstly, it builds a decision matrix by reinforcement learning. Then extract the features by decision matrix, and gain processed dataset. Process NSL-KDD, own created and Mississippi datasets with PCA and reinforcement learning, then put their original and processed datasets into SVM and neural network. The result shows that this method is appropriate on datasets whose features are not relative. Reinforcement learning can increase index such as accuracy and precision, and decrease training time.
    IoT Authentication Solution Based on FIDO Technology
    2021, 7(4):  358-366. 
    Asbtract ( )   PDF (3553KB) ( )  
    References | Related Articles | Metrics
    Traditional authentication methods can not satisfy the requirements of IoT system due to the features such as diversified devices, narrow bandwidth, low latency, heterogeneous environment and mass privacy information. FIDO specifications with a lightweight design decouple the authentication methods from authentication protocol, leveraging public-key cryptography to achieve the secure, convenient and privacy enhanced authentication. The complex scenarios of IoT authentication are analyzed, and the authentication solution based on FIDO technology is proposed through deploying the FIDO server on demand. This solution covers cloud, network, edge, and endpoint, fulfilling the crossing authentication among users, devices and services. The full lifecycle management of IoT devices and the relationship of the keys in devices are analyzed. The strengths and characteristics of the solution such as lightweight, decentralization and zero trust concept are summarized as the references for IoT authentication.
    Research on Transcoding Protection of IVI Application
    2021, 7(4):  367-373. 
    Asbtract ( )   PDF (1559KB) ( )  
    References | Related Articles | Metrics
    With the continuous development of the Internet of Vehicles business system, the role of vehicle control APP as a bridge between users and car companies is becoming more and more important. Then the pre-research on the safety of vehicle control APP is very important to the overall safety of Internet of Vehicles. Therefore, the article analyzes the assembly code structure of the vehicle control APP, and at the same time uses the virtual machine transcoding engine to transcode and protect the smali assembly code of the vehicle control APP to form Native C/C++ code. Finally, experiments show that this method can effectively resist reverse analysis. After transcoding, the smali assembly code will not have the ability to be restored, but also play a role in preventing secondary packaging and anti-theft version, so as to protect the vehicle IVI application code.
    Kerberos Security Enhancements Based on Intel SGX
    2021, 7(4):  374-383. 
    Asbtract ( )   PDF (1975KB) ( )  
    References | Related Articles | Metrics
    Kerberos is an identity authentication system widely used in cloud computing, Internet of Things and other scenarios. The database of its key distribution center stores the clear key information. In the distributed environment, there are storage management, memory leakage and other security risks, which affect the security of the identity authentication system. Therefore, a Kerberos security enhancement scheme based on Intel SGX is proposed. The key using module in the process of key initialization and identity authentication is moved to the Enclave, and the key is protected dynamically by the memory isolation mechanism supported by hardware. Seals storage to a database in a secure area based on a sealing mechanism. Experiments show that the scheme can guarantee the confidentiality and integrity of the dynamic and static keys and reduce the range of the trusted computing basis. The performance evaluation shows that the proposed scheme can guarantee the security of key operation and storage while the extra cost of performance is also acceptable.
    A method of cryptographic computing resource pool#br# based on multi-technology fusion#br#
    2021, 7(4):  384-388. 
    Asbtract ( )   PDF (1295KB) ( )  
    References | Related Articles | Metrics
    The CaaS ( cryptography as a service ) is a hotspot in cryptography research. Different form traditional solution, we must support implements cryptography in virtualization environment and cloud architecture with a virtualization boundary, we must implements the features such as  horizontal exptend, flexible computing,resource sharing and on-demand service. So,we usually design crypto computing resource pool to implements cryptographic functions, through pooled cryptographic computing,resource sharing,resource scheduling and key management,resource management,operation and maintenance provide cryptographic ability for cloud architecture business system,this is the essential about CaaS.In this paper,we analyze unikernel operation system technology,cpu secure enhance technology and para- virtualization technology in recently years,propose a new design about design large-scale cryptographic computing resource pool.It use cpu secure enhance technology and unikernel implements large-scale crypto-ablity supporting,use para-virtualization implements virtual-crypto-moudle, use unikernel implents crpto-ablity encapsulation、arrange and cascade in virtualization environment.