Table of Content

25 October 2022, Volume 8 Issue 10

Previous Issue   

Research on Smart Contract Method in the Framework of  Secure Multi-party Computation

2022, 8(10):  956. 

Asbtract ( )   PDF (2594KB) ( )  

References | Related Articles | Metrics

Data is a new foundational and strategic resource of our country. It has attracted great attention from the whole society to construct an emerging data capitalization market, but the ensuing data privacy leakage problems, data abuse and other issues have also been paid attention to.  Privacypreserving computation has solved the problem by “using data without seeing data”, but there is still a lack of effective regulatory technology and means for data usage. The risk of dataabuse still exists. To build a healthy and orderly data capitalization market, it is necessary to construct a solid trust foundation and a series of intelligent supervision measures. Guided by the technical idea of decentralized and multiparty mutual supervision as well as combined with secure multiparty computing technology in computing, this paper studies and designs a new smart contract named computation contract. The content of the computational contract is mutually confirmed by multiple parties and can be executed automatically. The algorithm is open and verifiable, and the whole process of execution is traceable and supervisable, which realizes the secure control of data circulation and use. The designed smart contract has been applied to the Beijing Big Data Exchange to provide support for a bank to calculate the loan amount by integrating data from multiple parties, demonstrating the execution process of the whole life cycle of the computation contract and the related process is traceable and supervisable. The research results have good demonstration effect and can provide strong support for the development of digital economy.

Efficient Distributed Anonymous Heterogeneous Cross-domain  Authentication Scheme for Industrial Internet of Things

2022, 8(10):  964. 

Asbtract ( )   PDF (1918KB) ( )  

References | Related Articles | Metrics

The Industrial Internet of Things (IIoT) is considered by governments and businesses as the main battlefield for competition by the government and enterprises in the second half of the information age. As the IIoT becomes more powerful and complex, devices in IIoT not only need to build a connection or exchange information in the security domain where they are located but also need to cooperate with the devices in other domains to improve production efficiency. Crossdomain collaboration faces the problem of data security, secure identity authentication technologies are the guarantee of data security and the basis of privacy computing. However, the traditional crossdomain authentication has many limitations, such as the need to rely on trusted third parties, poor universality, centralized management, high cost, low efficiency, lack of privacy preserving, etc. In this paper, a distributed anonymous heterogeneous crossdomain authentication scheme based on certificateless linkable ring signature is proposed to address the aforementioned issues. For one thing, the linkable ring signature algorithm is innovatively applied to crossdomain authentication, which not only realizes heterogeneous crossdomain authentication but also implements anonymity authentication and identity protection; for another, the blockchain is used to build a crossdomain distributed storage network. The efficiency of blockchain data storage and the query is improved through IPFS (Inter Planetary File System) technology. Finally, security analysis, schemes comparison, and simulation experiments based on Ethereum are given to prove the security and effectiveness of our proposed scheme.

Design and Analysis of a Forward Security Blindcoin Protocol

2022, 8(10):  974. 

Asbtract ( )   PDF (1824KB) ( )  

References | Related Articles | Metrics

To prevent attackers from discovering the relationship between Bitcoin addresses and virtual user identity information, many anonymization and currency mixing techniques have been developed for cryptographic protocols. At present, the common centralized currency mixing protocols include the Mixcoin protocol and the Blindcoin protocol, but these protocols have problems such as long time delay, large number of confusing requesters, and vulnerability to denial of service attacks and adaptive attacks. To address these issues, we design a Blindcoin protocol that is efficient, storageinefficient, and resistant to adaptive attacks. This scheme not only uses blind signature technology to provide internal privacy for centralized currency mixing, but also achieves forward security through signature key update, which can prevent adaptive attacks. In addition, through the security analysis and performance evaluation, the safety and effectiveness of the scheme are illustrated.

Research on User Privacy Threat Behavior Management and Control  Technology of Brokerage APP Based on Security Container

2022, 8(10):  984. 

Asbtract ( )   PDF (1922KB) ( )  

References | Related Articles | Metrics

In order to solve the problem that thirdparty SDKs in brokerage APPs may violate user privacy, this paper proposes a mobile terminal security sandbox technology based on the research of Android security sandbox technology. By combining the security sandbox management and control strategy, it runs on the APP user side. In this state, it realizes comprehensive monitoring and blocking capabilities for three types of APP privacy threat behaviors, such as privacy collection, communication outbound, and component hot update, so as to realize the management and control of privacy threat behaviors generated by thirdparty SDKs that exceed the APP privacy policy, and improve the overall privacy threat management capability and personal information protection level of the brokerage APP.

An Anonymous E-voting System for Large Scale Scenarios

2022, 8(10):  990. 

Asbtract ( )   PDF (2334KB) ( )  

References | Related Articles | Metrics

In recent few decades, with the development of cryptography and Internet, the evoting has caught more and more eyes of society. However, traditional evoting has the problem of privacy leakage, which seriously threatens the fairness of voting. Electronic voting is a comprehensive system based on cryptography, and the cryptographic technologies it relies on are roughly classified into the following four categories: hybrid network, blind signature, homomorphic encryption and secret sharing. Among them, secret sharing technology has higher security and better data processing efficiency. However, the composition of evoting based on secret sharing is complex, and there is the high communication complexity among multiple parties of system, which stops the further development and application of evoting based on secret sharing. In addition, how to verify the validity of the ballots without disclosing the information of the ballots is also a challenge. To solve the above problem, we propose a noninteractively verifiable secure evoting system based on secret sharing. The system uses a noninteractive zeroknowledge verification method, which reduces the communication costs meanwhile meets the basic requirements of secure evoting. And the system can anonymous as long as there is one honest server at least. Moreover, this system is resistant to collusion attacks and distributed denialofservice(DDoS) attacks. These improvements make the system suitable for large anonymous voting scenarios.

Data Security Sharing Service Platform Based on Micro-services and Privacy Computing Technology

2022, 8(10):  1000. 

Asbtract ( )   PDF (1484KB) ( )  

References | Related Articles | Metrics

According to the requirements of multisource data fusion and sharing applications, this paper applies privacy computing technology, based on trusted and controlled storage, combined with dense computing and collaborative computing, provides inter agency fusion data sharing service mode, and constructs a compliant data security sharing platform application platform, which provides service registration, publishing, subscription, call, log off and other data service management in the whole life cycle supported by microservice architecture and API gateway technology. In addition, according to the needs of multisource data fusion and sharing applications, the data security sharing architecture based on microservices is adopted to realize the cross domain security sharing of internal and external data through access control strategy management, sensitive data flow monitoring, abnormal behavior monitoring and control and other technologies. Build a massive multidimensional data fusion and sharing service platform, realize multiparty data security calculation across platforms, entities and departments, and solve the problem of collaborative application of nontradable data.





Research on Dynamic Access Control Model Based on Zero Trust

2022, 8(10):  1008. 

Asbtract ( )   PDF (2191KB) ( )  

References | Related Articles | Metrics

The traditional access control system can not meet the security requirements of mobile office in ubiquitous access scenarios. This paper firstly proposes an access control model ZTBAC based on the concept of zero trust. This model realizes the dynamic allocation of access rights by continuously evaluating the attributes and behavior information of access subjects, and its trust measurement system considers the dynamic adjustment of permission threshold. The mobile office architecture and simulation experiments based on this model show that ZTBAC model can meet the requirements of access control in mobile office. At the same time, compared with the traditional trustbased access control model, ZTBAC model has significant advantages in authority management and resisting trust attacks.

Key Storage Scheme for Cloud Computing Based on Key Matrix Derivation

2022, 8(10):  1018. 

Asbtract ( )   PDF (2980KB) ( )  

References | Related Articles | Metrics

Through the research and analysis of the existing key storage schemes and key update schemes, aiming at solving the problem of mass key storage and dynamic update in the cloud environment, a key storage management scheme derived from key matrix is designed. Among them, the key matrix derivation process, scalable key exchange protocol and key update scheme based on Chinese remainder theorem are mainly considered. In the scheme, the file encryption and decryption calculations are implemented on a private cloud, and the public cloud is responsible for providing the service of storing and querying ciphertext data. Through the matrix derivation method, the file encryption key is directly derived from the root key. Tenant only need to store and manage the key matrix configuration and the root key to dynamically generate the file encryption key. Finally, compared with the key storage scheme in relevant literature, as well as security analysis and performance analysis, the simulation experiment proved that this scheme could effectively reduce the overhead of key storage and computing and save the cost of key update in cloud environment.

Research on SGX-based Cloud Outsourcing Computing Trust Problem Solution

2022, 8(10):  1028. 

Asbtract ( )   PDF (1147KB) ( )  

References | Related Articles | Metrics

General users and small and mediumsized enterprises mostly use the distributed big data computing environment provided by cloud service providers. The consequence is that users lose some control over code and data and are vulnerable to internal cloud attacks. Therefore, a cloud outsourcing computing security solution based on Intel SGX (software guard extensions) is proposed with the participation of a trusted third party. The trusted third party formulates a unified computing environment security standard and creates a trusted execution environment in the cloud through SGX technology. It performs authentication and maintenance to ensure that user code data is calculated in a secure computing environment configured by a trusted third party to solve data security and user trust issues in cloud outsourcing computing. The application and simulation experiment of the security scheme is carried out under the Hadoop architecture. The experimental results show that the security scheme can ensure data security in the cloud computing process, and at the same time, the user’s trust in the cloud computing environment can be solved through the authentication and management of the trusted environment by a trusted third party, and compared with the standard MapReduce computing Performance loss is small.

A Privacy-Preserving Federated Learning Method for Traffic Flow Prediction

2022, 8(10):  1035. 

Asbtract ( )   PDF (2301KB) ( )  

Related Articles | Metrics

Urban traffic flow prediction is becoming more and more important in traffic management. However, these data often belong to different institutions and cannot be interconnected, and these data involve the privacy of the traveling public, so there are risks in centralized storage. Some researchers have used federated learning model to predict traffic, but federated learning itself also has privacy risks. This paper proposes a federated learning method for privacy protection of traffic flow prediction, which uses the federated learning algorithm based on flow prediction algorithm GRU with privacy protection ability to predict traffic flow. The specific approach is to introduce differential privacy into the local GRU algorithm, make the DPGRU algorithm on the client meet the requirement of (ε,δ)differential privacy by adding Gaussian noise to the gradient and make model parameters random. This paper analyzes the privacy of DPGRU algorithm on the client, and makes comparative experiments on the actual traffic flow data set. Experiments show that the method obtains better prediction results on the premise of ensuring privacy.

Key Information Hiding Algorithm of Image Based on  Scrambling Transformation 

2022, 8(10):  1043. 

Asbtract ( )   PDF (4679KB) ( )  

References | Related Articles | Metrics

When the conventional algorithm decomposes the key information of the image, there is coding redundancy in the pixels, which leads to poor confidentiality after the information is hidden. This paper proposes an image key information hiding algorithm based on scrambling transformation, which removes image pixel redundancy through onedimensional linear prediction, obtains the prediction error, removes psychovisual redundancy through data set mapping, and converts layered images into binary images to eliminate image coding redundancy. The algorithm uses the Doppler effect to decompose the key information in the compressed image, and uses the wavelet transform to calculate the probability distribution density of the image, so as to realize the encryption of the key information of the image. The algorithm uses the scrambling transformation technology to transform the pixel position of the key information, so that they can be inserted into pixel pair and hidden in the phase component of pixel pair, so as to realize macroscopic scrambling and microscopic scrambling of image information. The experimental results show that, compared with the conventional algorithm, the fixed point ratio and the diagonal correlation coefficient of the encrypted image after hiding the key information are reduced, the difficulty of attacking the key information is improved, and the confidentiality of the key information is fully guaranteed.