Table of Content

05 December 2021, Volume 7 Issue 12

Previous Issue   

Research on Data Security Composite Governance

2021, 7(12):  1110. 

Asbtract ( )   PDF (2258KB) ( )  

References | Related Articles | Metrics

With the formal implementation of the “Data Security Law of the People’s Republic of China”, the significance of data security governance has received more and more recognition. Firstly, this article performs a thorough study on the current status and challenges of data security governance. Based on the outputs, this article presents a new data security governance framework, i.e., the Data Security Composite Governance, which can be accurately quantified and sustainably improved along with its implementation. Brief illustrations of the fundamental framework and core concept of data security composite governance are presented, focusing on its basic components, i.e., data security strategy, data security operational management and data security governance technology. Certain instructions on how to build up the data security composite governance from scratch are also provided, which aim to bring inspiring ideas and thoughts for implementing data security governance inside an organization.

Application of National Secret Algorithm in Active Security Network Architecture

2021, 7(12):  1121. 

Asbtract ( )   PDF (1114KB) ( )  

References | Related Articles | Metrics

This is the fifth article in a series of articles on active security network architecture. It outlines the core position of cryptography in network security and the important role of national secret algorithms for network security protection. It clarifies the use and promotion of national secret algorithms for network security protection. At the same time, the analysis pointed out that the Identity Public Key technology based on the Internet of Things has a variety of characteristics and autonomous controllability that the previous key technology does not not have, and its many features can solve the security problems that the previous key technology cannot. The Identity Public Key technology is very suitable for the security protection requirements of the active security network architecture. In the supporting protocol family of the active security network architecture, the Identity Public Key technology can be fully used to construct the protocol, and the national secret algorithm can be used to support the safe operation of various business functions of the active security network architecture, and then realizes the independent control of the network security gene, the safe and reliable operation of the security network architecture and fundamentally improves the security protection capabilities of the network.





Research of the Identity Access Management Platform Based on Zero Trust Architecture

2021, 7(12):  1127. 

Asbtract ( )   PDF (2663KB) ( )  

References | Related Articles | Metrics

This article focuses on the method of construct the enterprise identity access management platform based on the zero-trust architecture, effectively solves the problem of “enterprise security information architecture that evolves from traditional and convenient security models to access permission control”, and makes full use of technologies such as identity recognition, behavior analysis, and continuous authentication, combined with the actual needs of large-scale group enterprises are to establish reliable multi-dimensional, cross-organizational encrypted transmission and sharing of information such as organizations, users, and permissions. On top of the defense model based on traditional boundary thinking, define a multi-layer zero trust model to achieve multi-network environment System access, remote office, and identity authentication management for specific Internet applications provide a convenient and reliable security environment and services for the development of business systems, and upgrade the traditional single "black and white" defense to "black plus white". Effectively guarantees the safe and reliable of large-scale group enterprises’ digital transformation.

Research and Practice of In-Depth Network Security Monitoring Technology for e-Government Cloud 

2021, 7(12):  1135. 

Asbtract ( )   PDF (4716KB) ( )  

References | Related Articles | Metrics

The wide application of cloud computing technologies poses new challenges to VPC security monitoring on the cloud platform. VPC monitoring is difficult because of the following factors: large internal traffic, difficult identification of encrypted traffic, insufficient visualization of VPC monitoring, and difficult threat evidence collection. This document describes VPC monitoring. Based on technologies such as AI and SOAR, this document innovatively proposes a layered monitoring and in-depth cloud-network synergy monitoring system, and builds a cloud security monitoring center to implement two-level closed-loop monitoring within and between VPCs, resolving the key points and difficulties of VPC monitoring, build a secure and reliable cloud computing environment. This solution has been verified in practice and meets security compliance requirements. It can detect threats in the VPC in seconds and automatically collect evidence in minutes. It does not affect the normal running of tenant services. It is recommended that this solution be promoted to the entire cloud computing industry.

A Privacy Trajectory Obfuscation Strategy Based on Pause and Mapping

2021, 7(12):  1143. 

Asbtract ( )   PDF (2464KB) ( )  

References | Related Articles | Metrics

In view of the existing trajectory privacy protection strategies such as K-anonymization that require active requests to be sent, but in real use scenarios, only passively waiting for interface calls, a trajectory privacy confusion strategy based on delayed use, pause processing, and fixed-point mapping is proposed. Generate a dummy-based trajectory to ensure the use of LBS as much as possible based on protecting user privacy. This strategy is used by delay: that is, the center of the current confusion area is set to the user's real position some time ago. The processing of pause: that is, considering the pause phenomenon in the real trajectory, when the user pauses for a short time, the dummy trajectory will also pause. Fixed-point mapping: In some locations that need to be exposed or fixed-mapped, the point mapping method is used to map the real location to the dummy location. Experiments show that this strategy can not only protect user positioning privacy, but also maximize the use of LBS





Personal Data Space Security Technology Based on Data Security Label

2021, 7(12):  1150. 

Asbtract ( )   PDF (1380KB) ( )  

References | Related Articles | Metrics

With the rapid development of new-generation information technologies such as big data, cloud computing, and artificial intelligence, data has become a basic strategic resource and key production factor in the digital age. In addition to emphasizing the efficient use of data and maximizing the value of data in the National Fourteenth Five-Year Plan, it is also clear that the protection of data security must be strengthened. This article is based on the data security concept of "identifying data, dynamic protection, sorting out roles, clarifying processes, and precise management and control". It relies on data security label technology with data security level evaluation models and cryptography technology providing basic information support for the security protection of each link in the personal data life cycle. Combined with the object-centric integration, management, and sharing of personal data in the personal data space, this article provides solutions for the efficient use of personal data and security protection.

The System of FT2232H Program Writing Based on SHA-1 Authentication

2021, 7(12):  1155. 

Asbtract ( )   PDF (1245KB) ( )  

References | Related Articles | Metrics

The system identity authentication is based on the SHA-1 encryption algorithm, and an efficient and safe SOC FLASH program burning system is designed through the USB2.0 communication chip FT2232H. The SOC program programming system is divided into a host computer and a lower computer. The host computer uses the FT2232H asynchronous FIFO interface to connect to the TAP interface of the SOC, and the TAP interface is connected to the OCD module of the lower computer SOC to complete the mutual data transmission. The upper computer uses the SHA-1 encryption algorithm to generate the MAC value and the lower computer completes the identity confirmation, and calls the dynamic link library DLL provided by it, which can realize the rapid programming of various SOC FLASH programs. Experiments have proved that the FLASH programming system based on SHA-1 authentication can realize efficient and safe programming. 

Review of Multi-Party Secure Computing Research

2021, 7(12):  1161. 

Asbtract ( )   PDF (1190KB) ( )  

References | Related Articles | Metrics

With the rapid development of the Internet, data resources have become an important competitiveness of all industries. However, as the owners and users of data cannot beunified, problems such as data security and personal privacy become increasingly serious,resultingin the phenomenon of "data islands". Secure Multi-Party Computation (MPC)promises tosolve these problems by ensuring both privacy of data input and correctness of dataComputation, and by ensuring that data input from participating parties is not compromisedthrough protocols without third parties. Based on the definition and characteristics ofmulti-party secure computing, this paper introduces the research status, component model andapplication scenarios of multi-party secure computing.

Research on the protection of big data rights and interests with the protection of personal data rights and interests as the core

2021, 7(12):  1166. 

Asbtract ( )   PDF (1694KB) ( )  

References | Related Articles | Metrics

Abstract The era of big data has arrived, and big data is becoming a natural "rich ore" that countries all over the world are striving to tap. The launch of a big data development strategy at the national level is of great strategic significance for the development of the information industry and even national security in the future. Data rights have both data rights and data benefits. From the perspective of big data law, big data is a large amount of unspecified subject's digital information that is mined and processed for a certain purpose. There are many system gaps in terms of legal nature, content of rights, and ownership of rights. Different data rights subjects have different practical and urgent needs for data protection legal systems. From the perspective of value, the value of data is reflected in the privacy and reusability of personal data, especially the operability of big data derivative analysis, and the technology of processing big data can create added value and find a way for big data and big data application technologies. The legal protection mechanism is particularly important. From the perspective of the national governance system, the digital economy has become an important driving force for economic and social development. Providing high-quality public services, improving social governance, strengthening social supervision, and enhancing government governance capabilities play an important role that cannot be ignored. Personal data is the cornerstone and prerequisite of big data. It is necessary to build a big data protection model with the protection of personal data rights and interests as the core and standardize the order of data utilization. It is necessary to achieve legal protection of big data by having different paths for different types of data rights and at different stages. Is also feasible.





5G supply chain security risk analysis and countermeasure research 

2021, 7(12):  1178. 

Asbtract ( )   PDF (1576KB) ( )  

References | Related Articles | Metrics

The construction of new infrastructure represented by 5g technology has been accelerated, covering important industries such as communication, finance, energy and transportation, and infiltrating all aspects of social life. In the process of accelerating the construction of 5g network, the security problem of 5g supply chain has become increasingly prominent. It is analyzed carefully that the characteristics of 5g supply chain security and 5g supply chain security risk in this paper, the 5g supply chain security asset identification, threat identification and vulnerability identification is compared with the general ICT supply chain security risk, and the Countermeasures of 5g supply chain security risk in China is put forward, so as to further promote the development of 5g in China and Strengthen 5g suppliers and demanders to provide reference for strengthening their own supply chain security capacity-building.





The Single Sign on E-government Identity Management System Based on Blockchain

2021, 7(12):  1184. 

Asbtract ( )   PDF (4554KB) ( )  

References | Related Articles | Metrics

At present, the users of "Internet plus government services" in China are becoming more and more. In order to realize smart government services, reduce government management costs and enhance people's sense of happiness, this paper constructs a single sign on E-government identity management system based on blockchain, which selects China's intellectual property right cryptosystem, and forms a digital identity technology system and management operation system combining centralized authentication management and decentralized service. The system can continuously improve the user experience, provide convenient and efficient services for users, and enhance the public's sense of acquisition and satisfaction.





Design and Implementation of Data Disaster Recovery System Based on "Natural Resource Cloud"

2021, 7(12):  1192. 

Asbtract ( )   PDF (2297KB) ( )  

References | Related Articles | Metrics

taking the data disaster recovery construction project of a provincial department of natural resources as the background, starting with the analysis of the current data situation, this paper studies and realizes the data disaster recovery and real-time data recovery of three nodes in different places at the provincial and municipal levels, adopts the technical methods of local dual active storage technology, data backup technology and remote replication, and puts forward the design and technical implementation scheme of three nodes in both places, based on this scheme, the construction of data disaster recovery system of two places and three centers of natural resources in a province is carried out. after the successful implementation of the system and disaster recovery drill, it has achieved the rapid recovery of local and remote data, realized the security of data and rapid application of the system in a province, met the requirements of network security level protection and information security risk assessment, and the application effect is good. this paper puts forward the application innovation of key technologies such as dual live technology based on storage system, asynchronous remote replication technology based on storage system and rapid recovery of business system based on disaster recovery software, which provides valuable experience and reference for the construction of similar systems. 





Practical Research of IAST Technology under DevOps Development Model

（国网湖南省电力有限公司信息通信分公司 长沙 ）

2021, 7(12):  1198. 

Asbtract ( )   PDF (2735KB) ( )  

References | Related Articles | Metrics

In the modern DevOps (development operations) development model, IAST (interactive application security testing) technology has a significant security effect in the practice of how to embed the security into the R & D test process and how to ensure the security of software R & D in the case of lack of security personnel resources. At the same time, IAST has excellent performance in the vulnerability detection rate and vulnerability false positive rate. IAST can not only solve the general security risks and open source software risks in the process of software R & D, but also find the sensitive and private data leakage problems in Web applications through sensitive data tracking technology. This paper discusses that IAST is a new generation of security testing technology more in line with the concept of DevOps system.





Information security evaluation model of business hall based on customer group characteristics

2021, 7(12):  1204. 

Asbtract ( )   PDF (1235KB) ( )  

References | Related Articles | Metrics

It is difficult to evaluate the information security of business halls due to the characteristics of customer groups. The existing business hall information security assessment method has a large error. In order to solve this problem, a business hall information security assessment model based on customer group characteristics is constructed. According to the work flow of the business hall, list the relevant data sources and collect the full data of users. Based on the topology of business hall operation network, the characteristic path length, aggregation coefficient and other indicators are calculated to characterize the characteristics of customer groups from multiple perspectives. According to the organization detection technology, the characteristic attributes are analyzed and the information security assessment algorithm is established. Using the whitening weight function of grey number, the information risk level is determined. The experimental results show that, compared with the methods in reference [3] and reference [4], the relative errors of the evaluation results of the designed model are reduced by 15.73% and 21.89%, respectively, indicating that the application effect of the constructed model is more ideal.





Multi-Encryption Method of Hospital Personnel Information Based on Fusion Fuzzy Clustering

2021, 7(12):  1211. 

Asbtract ( )   PDF (1873KB) ( )   PDF（mobile） (1789KB) ( 8 )  

References | Related Articles | Metrics

The encryption process of hospital personnel information is prone to nonlinear mutation, which leads to poor security of information storage. Therefore, this paper studies the multiple encryption method of hospital personnel information based on fusion fuzzy clustering to improve the effect of multiple encryption of information and enhance the security of information storage. The hospital personnel information was compressed by piecewise matching detection method, and the supernumerary information was collected and merged adaptively. The high-order spectral features in the collected and merged information were extracted, which were regarded as the search pheromone in the information clustering center. A segmented fusion fuzzy clustering method was designed to eliminate invalid information and cluster useful information. The chaotic mapping method is used to encrypt information multiple times and reduce the nonlinear mutation. The experimental results show that the normalized mutual information and the Reithner index of the proposed method are relatively high, and it has a better information clustering effect. After multiple encryption, the information exchange standard code is distributed evenly, which improves the randomness of information and the ability to resist attack, and enhances the security of information storage. The average confidence obtained by NIST test is 0.932, which shows that this method has a better encryption effect.