Table of Content

    20 January 2018
    Volume 53 Issue 1
    Survey of security analysis of security protocol implementations
    MENG Bo, LU Jin-tian, WANG De-jun, HE Xu-dong
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  1-18.  doi:10.6040/j.issn.1671-9352.2.2017.067
    Abstract ( 430 )   PDF (1057KB) ( 313 )   Save
    References | Related Articles | Metrics
    Security protocols are not only the important part of cyberspace security, but also are the key technology of providing cyberspace security. Security protocol implementations are the final objective of developing security protocols and people have paid a special attention to its security analysis. Around the hot issue, first, it briefly introduced the significance of security protocol implementations. Then, based on three assumptions respectively, 1)with security protocol client implementations and server implementations, 2)with security protocol client implementations, 3)without security protocol client implementations and server implementations, and the approaches used, for examples, program verification, model extraction, net-trace and dynamic taint analysis, the related research results are categorized, compared, analyzed and discussed. Finally, the conclusions are presented and the several future works of security analysis of security protocol implementations are introduced.
    Enhancing privacy for geographic information based on video analysis
    KANG Hai-yan, HUANG Yu-xuan, CHEN Chu-qiao
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  19-29.  doi:10.6040/j.issn.1671-9352.2.2017.077
    Abstract ( 492 )   PDF (5726KB) ( 253 )   Save
    References | Related Articles | Metrics
    Video resources in social networks contain abundant geography information, which always cause severe security challenge to individual privacy. A method of enhancing privacy for geographic information based on video analysis(EP-VGI)is proposed with the analytical principle of sun shadow positioning and local image artifacts. To extract geographic information, we set up a model of sun shadow by observe the changing shadow in the video. We selected the natural projection shadow area by processing the video image sequence. By using the methods of adaptive mesh, we achieved our purpose to protect the geographic information and privacy protection. Experiments show the method can be successful to mislead the hacker by hiding geographic information, and ensure the videos availability at the same time by actual testing.
    Performance measurement and analysis of cloud computing network based on OpenStack
    WANG Xiao-yan, CHEN Xing-shu, WANG Yi-tong, GE Long
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  30-37.  doi:10.6040/j.issn.1671-9352.2.2017.303
    Abstract ( 390 )   PDF (1415KB) ( 264 )   Save
    References | Related Articles | Metrics
    Virtual network service is a core service of cloud computing. With the development of cloud computing, various methods and techniques of virtual network are implemented. It is a hotspot for the cloud service providers to build a high available cloud computing platform. The different methods and techniques for virtual routing service, virtual switch and tenant virtual network mode in cloud computing virtual network which based on the OpenStack cloud platform are analyzed and measured by using replay traffic to generate background traffic. A detailed comparison of various methods and techniques and the applicable scenarios are given, it provides the reference and guidance for cloud service provider to build network service cloud platform.
    Software defined APT attack moving target defense network architecture
    TAN Ren, YIN Xiao-chuan, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  38-45.  doi:10.6040/j.issn.1671-9352.2.2017.196
    Abstract ( 678 )   PDF (1022KB) ( 317 )   Save
    References | Related Articles | Metrics
    Aiming at the problem that the advanced persistent threat(APT)attack was difficult to effectively defend due to the certainty, statics and isomorphism of traditional network architecture, a software defined APT attack moving target defense network architecture SDMTDA was proposed. The behavior and the characteristics of APT attack were modelized. A three-tier network architecture of the physical layer, control layer, application layer was established considered with software definition security. The algorithm of network structure and vulnerability information change were given, and three categories of moving target defense realized in SDMTDA were analyzed. The experimental results show that the architecture has the advantages of software definability, rapid variability and strong expansibility.
    New reversible data hiding algorithm based on interpolation images
    SUN Ze-rui, WANG Ji-jun, LI Guo-xiang, XIA Guo-en
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  46-52.  doi:10.6040/j.issn.1671-9352.2.2017.377
    Abstract ( 608 )   PDF (5250KB) ( 226 )   Save
    References | Related Articles | Metrics
    In order to improve the capacity of reversible data hiding algorithm, a new reversible data hiding algorithm based on interpolation images was proposed. The original image is enlarged with the nearest neighbor interpolation algorithm, and then the interpolation image is used as the cover image to embed the secret bits. The difference between the interpolated pixels and the original pixels are calculated and the number of the secret information is determined by the difference. The stego-image is obtained with the secret bits embedded into the interpolated pixels. After the secret information is extracted, the cover image can be recovered by down sampling the stego-image, and the reversible data hiding can be realized. Experiments result show that the proposed algorithm can achieve higher capacity and has good visual effects with the same payload than the other algorithms.
    Evaluation method for network security level based on cloud model and Bayesian feedback
    ZHU Dan, XIE Xiao-yao, XU Yang, XIA Meng-ting
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  53-62.  doi:10.6040/j.issn.1671-9352.2.2017.136
    Abstract ( 454 )   PDF (2511KB) ( 228 )   Save
    References | Related Articles | Metrics
    In view of the limitations of the evaluation staff on the content of the evaluation index and the fuzziness of judgment and the limitation of the judgment interval in quantitative evaluation of network security evaluation in information system level protection. The researchers combine the cloud model with the Bayesian feedback algorithm and adopt the cloud model theory to deal with the fuzziness and randomness of the evaluation results. Because the traditional one-dimensional reverse cloud algorithm appears hyper entropy is imaginary, therefore, researchers use the uncertainty of the reverse cloud algorithm to avoid the occurrence of negative entropy. Through the construction of Bayesian feedback cloud model, which is constructed to test and correct the evaluation results given by experts or reviewers which makes the final evaluation results more objective and accurate. According to the expectation and entropy of the overall correction cloud of network security and the reasonable security grade judgment interval is given as the basis of the grade evaluation in the actual evaluation. Verified by an example, the evaluation method proposed that can effectively correct the difference between the evaluation results of the evaluation personnel, realize the reasonable judgment division and give the objective and accurate grade evaluation result.
    Graph model based trustworthy resource scheduling algorithm in cloud environment
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  63-74.  doi:10.6040/j.issn.1671-9352.2.2017.247
    Abstract ( 341 )   PDF (2133KB) ( 175 )   Save
    References | Related Articles | Metrics
    The characteristics of the graph structure of parallel task and fat tree cloud system are analyzed. Then, by combining cloud tasks trust requirement for resource nodes together with the trust requirement for communication links, an execution-behavior based reliability measurement model is established. Then, we present a graph based trustworthy cloud resource scheduling model. It is easy to express taskstrust scheduling requirement and resource supply on a unified way, which can be transformed to a minimum cost maximum flow network construction and solution problem. Finally, in consideration of reducing computational complexity, algorithms are applied on the quotient network to approximately obtain the minimum cost flow of original network. The simulation experimental results show that the proposed algorithms can effectively improve the success rate of cloud tasks execution and significantly reduce runtime of flow network.
    Application of maximum distance separable codes in the error correction of the network coding
    ZHANG Guang-zhi, CAI Shao-bin, MA Chun-hua, ZHANG Dong-qiu
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  75-82.  doi:10.6040/j.issn.1671-9352.2.2017.325
    Abstract ( 413 )   PDF (578KB) ( 362 )   Save
    References | Related Articles | Metrics
    In network coding, for the intermediate nodes will combine the received messages, it is potential that a small number of errors will be spread over all the network. This will make the sinks fail to decode the original messages. Aiming at this problem, a simple scheme for network error-correction codes(NEC)is proposed. In the source, the generating matrix G of a known MDS(maximum distance separable)code is adopted to code k messages to n messages. The n messages will be transmitted through the network with network coding scheme. We can simply take a common network coding algorithm, which is determined or random, to construct this NEC. It is no need to consider the error spread issue. The coding finite field for all the nodes is Q, while the coefficients of local coding kernel in network coding are selected from the finite filed q. The simulation shows that, even if Q is not bigger than q, it is also a high probability that NEC will maintain its MDS characteristics.
    Method for threaten users mining based on traffic statistic characteristics
    LI Yang, CHENG Xiong, TONG Yan, CHEN Wei, QIN Tao, ZHANG Jian, XU Ming-di
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  83-88.  doi:10.6040/j.issn.1671-9352.2.2017.082
    Abstract ( 371 )   PDF (874KB) ( 179 )   Save
    References | Related Articles | Metrics
    With the rapid development and widely used of computer networks, potential threats mining become more and more important. To mine potential threats and solve the challenge posed by signature matching based methods, an abnormal behavior mining method based on statistical characteristics of network traffic was proposed. Firstly, 13 attributes were extracted to capture the traffic characterization exactly, including network flow size, packet size, packet duration, packet symmetry and so on. Secondly, the entropy was employed to select appropriate weight for different attributes. Finally, user behavior threaten degree are obtained and the users were divided into different groups based on the threaten degree. The experimental results based on the actual network traffic verify that the method proposed can achieve the goal of potential threat mining.
    Secure startup mechanism of server based on trusted BMC
    SUN Liang, CHEN Xiao-chun, ZHONG Yang, LIN Zhi-peng, REN Tong
    JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE). 2018, 53(1):  89-94.  doi:10.6040/j.issn.1671-9352.2.2017.346
    Abstract ( 940 )   PDF (1260KB) ( 473 )   Save
    References | Related Articles | Metrics
    The startup process of server involves CPLD, BMC, BIOS and other important components either of which is left without protection resulting in security risks. Trusted Computing is helpful for the server boot protection, such as key hardware replacement, software tampering and server attacks. The trusted chip on baseboard of the server verifies the boot loader of BMC. The trusted BMC measures the integrity of the BMC operating system and BIOS according to the established policies. BIOS measures the server key hardware and software so as to build a complete trusted chain. The mechanism has been verified based on Kunlun BMC.