Table of Content

    21 February 2024, Volume 10 Issue 2
    Promoting China’s Data Storage Eco System & Safeguarding  the Advancement of Digital China
    2024, 10(2):  98. 
    Asbtract ( )   PDF (590KB) ( )  
    Related Articles | Metrics
    Security Risks and Countermeasures to Artificial Intelligence#br#
    2024, 10(2):  101. 
    Asbtract ( )   PDF (469KB) ( )  
    Related Articles | Metrics
    Legislative Thinking of Artificial Intelligence Law in the Era of  Generative Artificial Intelligence
    2024, 10(2):  103. 
    Asbtract ( )   PDF (874KB) ( )  
    References | Related Articles | Metrics
    With the technological advancements and widespread adoption of Generative Artificial Intelligence (GAI), the structure of human society has undergone fundamental changes.The development of artificial intelligence technology has brought new risks and challenges. The “Interim Measures for the Management of Generative Artificial Intelligence Services” represents China’s latest exploration achievement in the field of GAI. It emphasizes the dual importance of development and security, advocates for innovation and governance in accordance with the law, and serves as a reference and inspiration for the ongoing legislative process of the Artificial Intelligence Law. Specifically, the Artificial Intelligence Law should consider the adoption of promoting legislative model, reduce the use of normative references in the legislative content, clarify the legislative approach of classification and grading, enhance  international exchanges and cooperation in artificial intelligence, and promote the positive use of science and technology by establishing a more scientific and reasonable toplevel design scheme.
    Research on the Security Architecture of Artificial Intelligence  Computing Infrastructure
    2024, 10(2):  109. 
    Asbtract ( )   PDF (1146KB) ( )  
    References | Related Articles | Metrics
    The artificial intelligence computing infrastructure is a crucial foundation for the development of artificial intelligence. However, due to its diverse attributes, complex nodes, large number of users, and vulnerability of artificial intelligence itself, the construction and operation of artificial intelligence computing infrastructure face severe security challenges. This article analyzes the connotation and security development background of artificial intelligence computing infrastructure, proposes a security architecture for artificial intelligence computing infrastructure from three aspects: strengthening its own security, ensuring operational security, and facilitating security compliance. It puts forward development suggestions aiming to provide methodological ideas for the security construction of artificial intelligence computing infrastructure, offer a basis for selection and use of safe artificial intelligence computing infrastructure, and provide decisionmaking reference for the healthy and sustainable development of the artificial intelligence industry.
    A Review of Algorithmic Risk and Its Governance in China#br#
    2024, 10(2):  114. 
    Asbtract ( )   PDF (1781KB) ( )  
    References | Related Articles | Metrics
    In the era of digital intelligence, algorithms pervade every corner of human society. While algorithms drive the transformation towards digitization and intelligence, they also give rise to a series of issues, necessitating effective governance of increasing algorithmic risks. Firstly, algorithmic risks are categorized into four fields: law and justice, politics and governance, information dissemination and business and economy. Then the formation mechanisms of algorithmic risk are analyzed, encompassing algorithm black box, algorithm discrimination and power alienation. Finally, a governance strategy framework is proposed, consisting of three paths: technology regulation, power and responsibility normative, and ecological optimization. The research systematically presents the progress and development trend of algorithmic risk and its governance in China, providing reference for advancing the theoretical research and system construction inalgorithmic risk governance.
    Generative Fake Speech Security Issue and Solution#br#
    2024, 10(2):  122. 
    Asbtract ( )   PDF (1170KB) ( )  
    References | Related Articles | Metrics
    The development of generative artificial intelligence algorithms has made the generation of fake speech increasingly natural and fluid, making it challening for human listeners  to distinguish the genuine and fake speech. This paper firstly analyzes a series of threats to society posed by the improper abuse of generative fake speech, including an increase in telecommunication fraud, a decline in the security of voiceoperated applications, judicial fairness of forensic identification, and deception to the public through the combination of falsified information across various domains. Subsequently, the paper summarizes and classifies the algorithms of fake speech generation and fake speech detection technology from the perspective of technology development. We explains the procedural aspects of the technologies and their key points, along with an analysis of the challenges encountered in the process of application. Finally, this paper outlines strategies to prevent and address these security issues from four aspects: technical application, institutional regulation, public education and international cooperation.
    Model Inversion of Voiceprint Recognition System Based on   DivideandConquer Method
    2024, 10(2):  130. 
    Asbtract ( )   PDF (4007KB) ( )  
    References | Related Articles | Metrics
    Model inversion (MI) has raised increasing concerns about privacy, which can reconstruct private data from a recognition or classification model, thus leading to more serious privacy information security problems. This paper is the first attempt at a new model inversion application for speech information security: extracting spectrogram features of speaker speech from voiceprint recognition systems. In order to reduce the complexity and error in the inversion process, this paper adopts the idea of divideandconquer method to invert layer by layer, and through the effective supervision of cycleconsistency, the inversion samples consistent with the speaker’s identity is successfully reconstructed; In addition, due to the particularity of speech, the model feature layer has contained rich speaker information, and after further weakening the similarity of semantic information, the improved method significantly improves the recognition accuracy of inversion samples, indicating that the inversion obtained spectrogram has contained information that effectively represents the identity of the speaker. The research shows that the MI of the recognition model is feasible on the spectrogram features, highlighting the risk of privacy information leakage resulting from the extraction of the speech feature information in the deep network model
    Private Information Extraction Algorithm Incorporating Prior  Structural Knowledge
    2024, 10(2):  139. 
    Asbtract ( )   PDF (2561KB) ( )  
    References | Related Articles | Metrics
    With the continuous advancement of data anonymization technology, accurately identifying private data has become a key challenge. Currently, privacy information extraction algorithms are primarily based on traditional natural language processing techniques, such as bidirectional recurrent neural networks and attention mechanismbased pretrained language models (like BERT and its variants). These models leverage their powerful ability to represent contextual features, overcoming the limitations of traditional methods in representing polysemous words. However, there is still room for improvement in their ability to accurately determine entity boundaries. This study proposes a novel privacy information extraction algorithm that integrates structural prior knowledge and a unique privacy data structural knowledge enhancement mechanism, enhancing the model’s understanding of sentence semantic structures, thereby improving the accuracy of privacy information boundary determination. Moreover, we have evaluated the model on multiple public datasets and provided a detailed analysis of the experimental results, demonstrating its effectiveness.
    Research on Identity Authentication Technology Based on Block Chain and PKI
    2024, 10(2):  148. 
    Asbtract ( )   PDF (1573KB) ( )  
    References | Related Articles | Metrics
    Public key infrastructure (PKI) is a secure system based on asymmetric cryptographic algorithm and digital certificate to realize identity authentication and encrypted communication, operating on the principle of  trust transmission based on trust anchor. However, this technology has the following problems: The CA center is unique and there is a single point of failure; The authentication process involves a large number of operations, such as certificate resolution, signature verification, and certificate chain verification. To solve the above problems, this paper builds an identity authentication model based on Changan Chain, and proposes an identity authentication scheme based on Changan Chain digital certificate and public key infrastructure. Theoretical analysis and experimental data demonstrate  that this scheme reduces certificate parsing, signature verification and other operations, simplifies the authentication process, and improves the authentication efficiency.
    Research on Locally Verifiable Aggregate Signature Algorithm Based on SM2
    2024, 10(2):  156. 
    Asbtract ( )   PDF (983KB) ( )  
    References | Related Articles | Metrics
    The SM2 algorithm is based on the elliptic curve cryptosystem, which was released by the State Cryptography Administration in 2010. At present, it is widely used in egovernment, medical care, finance and other fields. Among them, digital signature is the main application of SM2 algorithm, and the number of signature and verification operations generated in various security application scenarios has increased exponentially. Aiming at the problem that massive SM2 digital signatures occupy a large storage space and the efficiency of verifying signatures one by one is low. This paper proposes a partially verifiable aggregate signature scheme based on the national secret SM2 algorithm, which uses aggregate signatures to reduce storage overhead and improve verification efficiency. On the other hand, when the verifier only needs to verify the specified message and the aggregated signature, it must also obtain the plaintext of all the messages at the time of aggregation. Using partially verifiable signatures, the verifier only needs to specify the message, aggregate signature and short prompt to complete the verification. Analyze the correctness and security of this scheme. Through experimental data and theoretical analysis, compared with similar schemes, this scheme has higher performance.
    Malicious Client Detection and Defense Method for Federated Learning
    2024, 10(2):  163. 
    Asbtract ( )   PDF (806KB) ( )  
    Related Articles | Metrics
    Federated learning allows participating clients to collaborate in training machine learning models without sharing their private data. Since the central server cannot control the behavior of clients, malicious clients may corrupt the global model by sending manipulated local gradient updates, and there may also be unreliable clients with low data quality but some value. To address the above problems, this paper proposes FedMDD,a defense approach for malicious client detection and defense for federated learning, to process detected malicious and unreliable clients in different ways based on local gradient updates, while defending against symbol flipping, additive noise, single label flipping, multilabel flipping, and backdoor attacks. Four baseline algorithms are compared for two datasets, and the experimental results show that FedMDD can successfully defend against various types of attacks in a training environment containing 50% malicious clients and 10% unreliable clients, with better results in both improving model testing accuracy and reducing backdoor accuracy.
    Insight on the Overall Planning of Digital Certificate Authentication System for the Internet of Vehicles
    2024, 10(2):  170. 
    Asbtract ( )   PDF (1345KB) ( )  
    References | Related Articles | Metrics
    The Internet of Vehicles (IoV) represents an emerging industrial form by the deep integration of the newgeneration network communication technology and the fields of automobile, electronics, road transportation, etc. Through intelligent information exchange and sharing between vehicles, roads, people, and the cloud, it enables vehicles to possess advanced environmental perception capabilities, facilitating safe and efficient travel. At the same time, with the continuous improvement of vehicular networking and intelligence, the issue of information security within IoV becomes increasingly critical, which directly threatens the safety of individual life and property security, and even threatens public security. The construction of information security system is the basic guarantee for the development of the IoV, and the planning of the digital certificate authentication system for the IoV is the cornerstone to solve the problem of information security. This paper analyzes the status of development and existing problems of the digital certificate authentication system for the IoV, and proposes a root CA planning compatible with the Certificate Trusted List, which provides a reference for the security development of the IoV.
    Practical Dilemmas and Response Paths for Personal Information Protection Policy of APPs
    2024, 10(2):  177. 
    Asbtract ( )   PDF (983KB) ( )  
    References | Related Articles | Metrics
    In the digital age, mobile information technology is advancing rapidly and mobile applications have become an indispensable aspect of people’s professional and personal lives. In order to safeguard users’ personal information, the government mandates that mobile application companies should establish privacy policies. Nevertheless, due to various reasons, these policies have not fulfilled their intended functionality. This paper explores  the essence and characteristic of APP privacy policies, analyzing the challenges associated with acquiring user approval, processing the thirdparty SDK information collection, and anonymization technology. Additionally, by examining the practice of protecting personal information in Europe and America, we can pinpoint a course for combining public and private legal protection of personal information. To address the challenges present  in APP privacy policies, China ought to focus on cultivating corporate selfregulation, augmenting private remedies, and enhancing public law enforcement.
    Research on the Standard for Damages Assessment in Personal Information Infringement
    2024, 10(2):  184. 
    Asbtract ( )   PDF (880KB) ( )  
    References | Related Articles | Metrics
    With the development of digital technology and the acceleration of the process of big data, the dissemination channels and modes of personal information have become more and more complex, and infringement of personal information is frequent, which seriously affects the legitimate rights and interests of personal information subjects. An empirical analysis of the relevant case database in the past three years has revealed that, due to the nature of personal information, there are difficulties in determining the damage in personal information infringement cases, and difficulties in proving the infringed person’s case. The introduction of risk damage into the field of tort liability law, the adoption of dynamic standards for the determination of damage to personal information infringement, the lowering of the threshold for the determination of damage to personal information under certain standards, the improvement of the personal information infringement law protection system, the determination of a reasonable scope of compensable risk damage to personal information, so that the legitimate rights and interests of personal information of information subjects are duly protected.
    Exploration and Practice of Ideological and Political Education in Graduate Courses of Cyberspace Security
    2024, 10(2):  190. 
    Asbtract ( )   PDF (2069KB) ( )  
    References | Related Articles | Metrics