Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like Chi...Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant qua...The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.展开更多
The security of classical cryptography based on computational complexity assumptions has been severely challenged with the rapid development of quantum computers and quantum algorithms. Quantum cryptography, which off...The security of classical cryptography based on computational complexity assumptions has been severely challenged with the rapid development of quantum computers and quantum algorithms. Quantum cryptography, which offers unconditional security based on some principles of quantum mechanics, has become a significant branch and hotspot in the field of modern cryptography research. In this paper, we review the research and development of several important and well-studied branches of quantum cryptography in terms of theory and experiment, including quantum key distribution, quantum secret sharing, quantum secure direct communication, quantum signature, and quantum private query. We also briefly review the research and development of some other branches which are currently in the stage of theoretical research but receive widespread concern from academia, including quantum private comparison, quantum anonymous voting, quantum secure multi-party summation, quantum sealed-bid auction, quantum public key cryptosystem, quantum key agreement, quantum dialogue, and quantum identity authentication. In addition, we discuss some open issues and future research directions for the branches referred to above.展开更多
Orthomorphism on F2^n is a kind of elementary pemmtation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Sirrmlated Annealing (SA) for finding ort...Orthomorphism on F2^n is a kind of elementary pemmtation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Sirrmlated Annealing (SA) for finding orthomorphisrm with good cryptographic properties. By experiment based on this strategy, we get some orthorrorphisrm on F2^n = 5, 6, 7, 9, 10) with good cryptographic properties in the open document for the first time, and the optirml orthorrrphism on F found in this paper also does better than the one proposed by Feng Dengguo et al. in stream cipher Loiss in difference uniformity, algebraic degree, algebraic irrarnity and corresponding pernmtation polynomial degree. The PSOSA hybrid strategy for optimizing orthomerphism in this paper makes design of orthorrorphisrm with good cryptographic properties automated, efficient and convenient, which proposes a new approach to design orthornorphisrm.展开更多
Deep neural networks(DNNs)are poten-tially susceptible to adversarial examples that are ma-liciously manipulated by adding imperceptible pertur-bations to legitimate inputs,leading to abnormal be-havior of models.Plen...Deep neural networks(DNNs)are poten-tially susceptible to adversarial examples that are ma-liciously manipulated by adding imperceptible pertur-bations to legitimate inputs,leading to abnormal be-havior of models.Plenty of methods have been pro-posed to defend against adversarial examples.How-ever,the majority of them are suffering the follow-ing weaknesses:1)lack of generalization and prac-ticality.2)fail to deal with unknown attacks.To ad-dress the above issues,we design the adversarial na-ture eraser(ANE)and feature map detector(FMD)to detect fragile and high-intensity adversarial examples,respectively.Then,we apply the ensemble learning method to compose our detector,dealing with adver-sarial examples with diverse magnitudes in a divide-and-conquer manner.Experimental results show that our approach achieves 99.30%and 99.62%Area un-der Curve(AUC)scores on average when tested with various Lp norm-based attacks on CIFAR-10 and Im-ageNet,respectively.Furthermore,our approach also shows its potential in detecting unknown attacks.展开更多
Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and ...Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and malicious detection,lacking the malicious Power Shell families classification and behavior analysis.Moreover,the state-of-the-art methods fail to capture fine-grained features and semantic relationships,resulting in low robustness and accuracy.To this end,we propose Power Detector,a novel malicious Power Shell script detector based on multimodal semantic fusion and deep learning.Specifically,we design four feature extraction methods to extract key features from character,token,abstract syntax tree(AST),and semantic knowledge graph.Then,we intelligently design four embeddings(i.e.,Char2Vec,Token2Vec,AST2Vec,and Rela2Vec) and construct a multi-modal fusion algorithm to concatenate feature vectors from different views.Finally,we propose a combined model based on transformer and CNN-Bi LSTM to implement Power Shell family detection.Our experiments with five types of Power Shell attacks show that PowerDetector can accurately detect various obfuscated and stealth PowerShell scripts,with a 0.9402 precision,a 0.9358 recall,and a 0.9374 F1-score.Furthermore,through singlemodal and multi-modal comparison experiments,we demonstrate that PowerDetector’s multi-modal embedding and deep learning model can achieve better accuracy and even identify more unknown attacks.展开更多
Advances in quantum computers pose potential threats to the currently used public-key cryptographic algorithms such as RSA and ECC.As a promising candidate against attackers equipped with quantum computational power,M...Advances in quantum computers pose potential threats to the currently used public-key cryptographic algorithms such as RSA and ECC.As a promising candidate against attackers equipped with quantum computational power,Multivariate Public-Key Cryptosystems(MPKCs)has attracted increasing attention in recently years.Unfortunately,the existing MPKCs can only be used as multivariate signature schemes,and the way to construct an efficient MPKC enabling secure encryption remains unknown.By employing the basic MQ-trapdoors,this paper proposes a novel multivariate encryption scheme by combining MPKCs and code-based public-key encryption schemes.Our new construction gives a positive response to the challenges in multivariate public key cryptography.Thorough analysis shows that our scheme is secure and efficient,and its private key size is about 10 times smaller than that of McEliece-type cryptosystems.展开更多
Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certai...Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.展开更多
The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, pr...The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, preventing users from colluding with each other to create fake location proofs and protecting user's location privacy at the same time, are the main technical challenges to bring this kind of LBS into practical. Existing solutions tackle these challenges with low collusion-detecting efficiency and defected collusion-detecting method. We proposed two novel location proof generating schemes, which inversely utilized a secure secret-sharing scheme and a pseudonym scheme to settle these shortcomings. Our proposed solution resists and detects user collusion attacks in a more efficient and correct way. Meanwhile, we achieve a higher level of location privacy than that of previous work. The correctness and efficiency of our proposed solution is testified by intensive security analysis, performance analysis, as well as experiments and simulation results.展开更多
A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryp...A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.展开更多
The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing....The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing. In this paper, we firstly proposed a new variant of tensor decomposition problem, then two one-way functions are proposed based on the hard problem. Secondly we propose a key exchange protocol based on the one-way functions, then the security analysis, efficiency, recommended parameters and etc. are also given. The analyses show that our scheme has the following characteristics: easy to implement in software and hardware, security can be reduced to hard problems, and it has the potential to resist quantum computing.Besides the new key exchange can be as an alternative comparing with other classical key protocols.展开更多
Data sharing is a main application of cloud computing. Some existing solutions are proposed to provide flexible access control for outsourced data in the cloud. However, few attentions have been paid to group-oriented...Data sharing is a main application of cloud computing. Some existing solutions are proposed to provide flexible access control for outsourced data in the cloud. However, few attentions have been paid to group-oriented data sharing when multiple data owners want to share their private data for cooperative purposes. In this paper, we put forward a new paradigm, referred to as secure, scalable and efficient multi-owner(SSEM) data sharing in clouds. The SSEM integrates identity-based encryption and asymmetric group key agreement to enable group-oriented access control for data owners in a many-to-many sharing pattern. Moreover, with SSEM, users can join in or leave from the group conveniently with the privacy of both group data and user data.We proposed the key-ciphertext homomorphism technique to construct an SSEM scheme with short ciphertexts. The security analysis shows that our SSEM scheme achieves data security against unauthorized accesses and collusion attacks. Both theoretical and experimental results confirm that our proposed scheme takes users little costs to share and access outsourced data in a group manner.展开更多
Elliptic curve cryptography is one of the most important public-key cryptography.The Koblitz Curve is a special kind of elliptic curve in ECC and its security mainly depends on the base field.Based on Evolutionary Cry...Elliptic curve cryptography is one of the most important public-key cryptography.The Koblitz Curve is a special kind of elliptic curve in ECC and its security mainly depends on the base field.Based on Evolutionary Cryptography theory,which becomes a principal concept for cryptography design and cryptanalysis,we propose a new algorithm for secure EC generation based on Ant Colony Optimization(ACO)to accelerate the search process of safe base field.We preliminarily deal with secure Koblitz curve selecting over the field F(2800).Experiments show that the base field and base point of secure curves generated by ant colony algorithm have gone beyond the parameter range of Koblitz curves recommended by NIST.We can present many new secure Koblitz curves,including base field and base point,which are not recommended by NIST.The maximum size of our secure Koblitz curve has gone beyond 700bit.The algorithm in this paper follows the same cryptography criteria recommended by the ANSI.So,it can resist current attacks.Theoretical analysis and experimental results prove that the new algorithm is effective and successful,and it is the first successful practice of Evolutionary Cryptography theory in public cryptography research.展开更多
Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are ...Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.展开更多
Technological advancements in data analysis and data releasing have put forward higher security requirements, such as privacy guarantee and strictly provable security, this new area of research is called differential ...Technological advancements in data analysis and data releasing have put forward higher security requirements, such as privacy guarantee and strictly provable security, this new area of research is called differential privacy. As for geospatial point data, the exiting methods use the tree structure to split the data space to enhance the data utility and usually adopt uniform budgeting method. Different from this, we propose a novel non-uniform allocation scheme for privacy budget which is a parameter to specify the degree of privacy guarantee. Firstly, the spatial data is indexed by quadtree, then, different privacy budget is allocated to each layer of quadtree using Fibonacci series features, and we designate this budgeting method as Fibonacci allocation. Experimental results show that Fibonacci allocation is significantly more accurate in data queries than the state-of-the-art methods under the same privacy guarantee level and fits for arbitrary range queries. Furthermore, data utility can be improved by post-processing and threshold determination.展开更多
Chaotic systems perform well as a new rich source of cryptography and pseudo-random coding. Unfortunately their digital dynamical properties would degrade due to the finite computing precision. Proposed in this paper ...Chaotic systems perform well as a new rich source of cryptography and pseudo-random coding. Unfortunately their digital dynamical properties would degrade due to the finite computing precision. Proposed in this paper is a modified digital chaotic sequence generator based on chaotic logistic systems with a coupling structure where one chaotic subsystem generates perturbation signals to disturb the control parameter of the other one. The numerical simulations show that the length of chaotic orbits, the output distribution of chaotic system, and the security of chaotic sequences have been greatly improved. Moreover the chaotic sequence period can be extended at least by one order of magnitude longer than that of the uncoupled logistic system and the difficulty in decrypting increases 2^128*2^128 times indicating that the dynamical degradation of digital chaos is effectively improved. A field programmable gate array (FPGA) implementation of an algorithm is given and the corresponding experiment shows that the output speed of the generated chaotic sequences can reach 571.4 Mbps indicating that the designed generator can he applied to the real-time video image encryption.展开更多
Air-gapped computers are isolated both logically and physically from all kinds of existing common communication channel, such as USB ports, wireless and wired net- works. Although the feasibility of infiltrating an ai...Air-gapped computers are isolated both logically and physically from all kinds of existing common communication channel, such as USB ports, wireless and wired net- works. Although the feasibility of infiltrating an air-gapped computer has been proved in recent years, data exfiltration from such sys- tems is still considered to be a challenging task. In this paper we present Powermittcr, a novel approach that can exfiltrate data through an air-gapped computer via its power adapter. Our method utilizes the switched-mode pow- er supply, which exists in all of the laptops, desktop computers and servers nowadays. We demonstrate that a malware can indirectly con- trol the electromagnetic emission frequency of the power supply by leveraging the CPU utili- zation. Furthermore, we show that the emitted signals can be received and demodulated by a dedicated device. We present the proof of con- cept design of the power covert channel and implement a prototype of Powermitter consist- ing of a transmitter and a receiver. The trans- mitter leaks out data by using a variant binary frequency shift keying modulation, and the emitted signal can be captured and decoded by software based virtual oscilloscope through such covert channel. We tested Powermitter on three different computers. The experiment re-suits show the feasibility of this power covert channel. We show that our method can also be used to leak data from different types of embedded systems which use switching power supply.展开更多
Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits d...Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks. It is therefore highly meaningful to research cryptanalysis in the quantum computing environment. Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n =pq, which is exponentially faster than the best known classical algorithm. The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition: to factor n, it suffices to find the order r; once such an r is found, one can compute gcd( a^(r/2) ±1, n)=p or q. For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2) is not generally an integer). That is, the order r must be even. This restriction can be removed, however, by working from another angle. Based on the quantum inverse Fourier transform and phase estimation, this paper presents a new polynomial-time quantum algorithm for breaking RSA, without explicitly factoring the modulus n. The probability of success of the new algorithm is greater than 4φ( r)/π~2 r, exceeding that of the existing quantum algorithm forattacking RSA based on factorization. In constrast to the existing quantum algorithm for attacking RSA, the order r of the fixed point C for RSA does not need to be even. It changed the practices that cryptanalysts try to recover the private-key, directly from recovering the plaintext M to start, a ciphertext-only attack attacking RSA is proposed.展开更多
Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile d...Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.展开更多
基金supported by the National Natural Science Foundation of China (Grant NO.61332019, NO.61402342, NO.61202387)the National Basic Research Program of China ("973" Program) (Grant No.2014CB340600)the National High–Tech Research and Development Program of China ("863" Program) (Grant No.2015AA016002)
文摘Trusted computing,which can effectively increase the credibility of information system,has made great achievements and is in continuous development. For country who is going to strengthen network construction like China,it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing,such as various trusted platform modules(TPM、TCM、TPCM),TCG Software Stack(TSS),trusted cloud server and Trusted Execution Environment(TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
基金the National Natural Science Foundation of China,the State Key Program of National Natural Science of China,the Major Research Plan of the National Natural Science Foundation of China,Major State Basic Research Development Program of China (973 Program),the Hubei Natural Science Foundation of China
文摘The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.
基金supported by the State Key Program of National Natural Science of China No. 61332019the Major State Basic Research Development Program of China (973 Program) No. 2014CB340601+2 种基金the National Science Foundation of China No. 61202386, 61402339the National Cryptography Development Fund No. MMJJ201701304the Science and Technology Research Project of Hebei higher education No. QN2017020
文摘The security of classical cryptography based on computational complexity assumptions has been severely challenged with the rapid development of quantum computers and quantum algorithms. Quantum cryptography, which offers unconditional security based on some principles of quantum mechanics, has become a significant branch and hotspot in the field of modern cryptography research. In this paper, we review the research and development of several important and well-studied branches of quantum cryptography in terms of theory and experiment, including quantum key distribution, quantum secret sharing, quantum secure direct communication, quantum signature, and quantum private query. We also briefly review the research and development of some other branches which are currently in the stage of theoretical research but receive widespread concern from academia, including quantum private comparison, quantum anonymous voting, quantum secure multi-party summation, quantum sealed-bid auction, quantum public key cryptosystem, quantum key agreement, quantum dialogue, and quantum identity authentication. In addition, we discuss some open issues and future research directions for the branches referred to above.
基金supported by the National Natural Science Foundation of China under Grants No.60673071,No.60970115,No.60970116,No.61003267partially supported by the National Hi-Tech Research and Department Program of China under Grants No.2006AA01Z442,No.2007AA01Z411
文摘Orthomorphism on F2^n is a kind of elementary pemmtation with good cryptographic properties. This paper proposes a hybrid strategy of Particle Swarm Optimization (PSO) and Sirrmlated Annealing (SA) for finding orthomorphisrm with good cryptographic properties. By experiment based on this strategy, we get some orthorrorphisrm on F2^n = 5, 6, 7, 9, 10) with good cryptographic properties in the open document for the first time, and the optirml orthorrrphism on F found in this paper also does better than the one proposed by Feng Dengguo et al. in stream cipher Loiss in difference uniformity, algebraic degree, algebraic irrarnity and corresponding pernmtation polynomial degree. The PSOSA hybrid strategy for optimizing orthomerphism in this paper makes design of orthorrorphisrm with good cryptographic properties automated, efficient and convenient, which proposes a new approach to design orthornorphisrm.
基金This work was partly supported by the National Natural Science Foundation of China under No.62372334,61876134,and U1836112.
文摘Deep neural networks(DNNs)are poten-tially susceptible to adversarial examples that are ma-liciously manipulated by adding imperceptible pertur-bations to legitimate inputs,leading to abnormal be-havior of models.Plenty of methods have been pro-posed to defend against adversarial examples.How-ever,the majority of them are suffering the follow-ing weaknesses:1)lack of generalization and prac-ticality.2)fail to deal with unknown attacks.To ad-dress the above issues,we design the adversarial na-ture eraser(ANE)and feature map detector(FMD)to detect fragile and high-intensity adversarial examples,respectively.Then,we apply the ensemble learning method to compose our detector,dealing with adver-sarial examples with diverse magnitudes in a divide-and-conquer manner.Experimental results show that our approach achieves 99.30%and 99.62%Area un-der Curve(AUC)scores on average when tested with various Lp norm-based attacks on CIFAR-10 and Im-ageNet,respectively.Furthermore,our approach also shows its potential in detecting unknown attacks.
基金This work was supported by National Natural Science Foundation of China(No.62172308,No.U1626107,No.61972297,No.62172144,and No.62062019).
文摘Power Shell has been widely deployed in fileless malware and advanced persistent threat(APT)attacks due to its high stealthiness and live-off-theland technique.However,existing works mainly focus on deobfuscation and malicious detection,lacking the malicious Power Shell families classification and behavior analysis.Moreover,the state-of-the-art methods fail to capture fine-grained features and semantic relationships,resulting in low robustness and accuracy.To this end,we propose Power Detector,a novel malicious Power Shell script detector based on multimodal semantic fusion and deep learning.Specifically,we design four feature extraction methods to extract key features from character,token,abstract syntax tree(AST),and semantic knowledge graph.Then,we intelligently design four embeddings(i.e.,Char2Vec,Token2Vec,AST2Vec,and Rela2Vec) and construct a multi-modal fusion algorithm to concatenate feature vectors from different views.Finally,we propose a combined model based on transformer and CNN-Bi LSTM to implement Power Shell family detection.Our experiments with five types of Power Shell attacks show that PowerDetector can accurately detect various obfuscated and stealth PowerShell scripts,with a 0.9402 precision,a 0.9358 recall,and a 0.9374 F1-score.Furthermore,through singlemodal and multi-modal comparison experiments,we demonstrate that PowerDetector’s multi-modal embedding and deep learning model can achieve better accuracy and even identify more unknown attacks.
基金National Natural Science Foundation of China under Grant No. 60970115,60970116,61003267, 61003268,61003214the Major Research Plan of the National Natural Science Foundation of China under Grant No. 91018008
文摘Advances in quantum computers pose potential threats to the currently used public-key cryptographic algorithms such as RSA and ECC.As a promising candidate against attackers equipped with quantum computational power,Multivariate Public-Key Cryptosystems(MPKCs)has attracted increasing attention in recently years.Unfortunately,the existing MPKCs can only be used as multivariate signature schemes,and the way to construct an efficient MPKC enabling secure encryption remains unknown.By employing the basic MQ-trapdoors,this paper proposes a novel multivariate encryption scheme by combining MPKCs and code-based public-key encryption schemes.Our new construction gives a positive response to the challenges in multivariate public key cryptography.Thorough analysis shows that our scheme is secure and efficient,and its private key size is about 10 times smaller than that of McEliece-type cryptosystems.
基金supported in part by the National Natural Science Foundation of China(Grant Nos.61303212,61170080,61202386)the State Key Program of National Natural Science of China(Grant Nos.61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(Grant No.91018008)Major State Basic Research Development Program of China(973 Program)(No.2014CB340600)the Hubei Natural Science Foundation of China(Grant Nos.2011CDB453,2014CFB440)
文摘Advances in quantum computers threaten to break public key cryptosystems such as RSA, ECC, and EIGamal on the hardness of factoring or taking a discrete logarithm, while no quantum algorithms are found to solve certain mathematical problems on non-commutative algebraic structures until now. In this background, Majid Khan et al.proposed two novel public-key encryption schemes based on large abelian subgroup of general linear group over a residue ring. In this paper we show that the two schemes are not secure. We present that they are vulnerable to a structural attack and that, it only requires polynomial time complexity to retrieve the message from associated public keys respectively. Then we conduct a detailed analysis on attack methods and show corresponding algorithmic description and efficiency analysis respectively. After that, we propose an improvement assisted to enhance Majid Khan's scheme. In addition, we discuss possible lines of future work.
基金supported by the National Natural Science Foundation of China(Grant No.41371402)the National Basic Research Program of China("973"Program)(Grant No.2011CB302306)the Fundamental Research Funds for the Central University(Grant No.2015211020201 and No.211274230)
文摘The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, preventing users from colluding with each other to create fake location proofs and protecting user's location privacy at the same time, are the main technical challenges to bring this kind of LBS into practical. Existing solutions tackle these challenges with low collusion-detecting efficiency and defected collusion-detecting method. We proposed two novel location proof generating schemes, which inversely utilized a secure secret-sharing scheme and a pseudonym scheme to settle these shortcomings. Our proposed solution resists and detects user collusion attacks in a more efficient and correct way. Meanwhile, we achieve a higher level of location privacy than that of previous work. The correctness and efficiency of our proposed solution is testified by intensive security analysis, performance analysis, as well as experiments and simulation results.
基金supported by the State Key Program of National Natural Science of China(Grant Nos. 61332019)the National Natural Science Foundation of China (61572303)+7 种基金National Key Research and Development Program of China ( 2017YFB0802003 , 2017YFB0802004)National Cryptography Development Fund during the 13th Five-year Plan Period (MMJJ20170216)the Foundation of State Key Laboratory of Information Security (2017-MS-03)the Fundamental Research Funds for the Central Universities(GK201702004,GK201603084)Major State Basic Research Development Program of China (973 Program) (No.2014CB340600)National High-tech R&D Program of China(2015AA016002, 2015AA016004)Natural Science Foundation of He Bei Province (No. F2017201199)Science and technology research project of Hebei higher education (No. QN2017020)
文摘A cryptosystem with non-commutative platform groups based on conjugator search problem was recently introduced at Neural Computing and Applications 2016. Its versatility was illustrated by building a public-key encryption scheme. We propose an algebraic key-recovery attack in the polynomial computational complexity. Furthermore, we peel off the encryption and decryption process and propose attack methods for solving the conjugator search problem over the given non-abelian group. Finally, we provide corresponding practical attack examples to illustrate the attack methods in our cryptanalysis, and provide some improved suggestions.
基金supported by the National Natural Science Foundation of China(Grant Nos.61303212,61170080,61202386)the State Key Program of National Natural Science of China(Grant Nos.61332019,U1135004)+2 种基金the Major Research Plan of the National Natural Science Foundation of China(Grant No.91018008)Major State Basic Research Development Program of China(973 Program)(No.2014CB340600)the Hubei Natural Science Foundation of China(Grant No.2011CDB453,2014CFB440)
文摘The hardness of tensor decomposition problem has many achievements, but limited applications in cryptography, and the tensor decomposition problem has been considered to have the potential to resist quantum computing. In this paper, we firstly proposed a new variant of tensor decomposition problem, then two one-way functions are proposed based on the hard problem. Secondly we propose a key exchange protocol based on the one-way functions, then the security analysis, efficiency, recommended parameters and etc. are also given. The analyses show that our scheme has the following characteristics: easy to implement in software and hardware, security can be reduced to hard problems, and it has the potential to resist quantum computing.Besides the new key exchange can be as an alternative comparing with other classical key protocols.
基金supported in part by National High-Tech Research and Development Program of China(“863”Program)under Grant No.2015AA016004National Natural Science Foundation of China under Grants No.61173154,61272451,61572380
文摘Data sharing is a main application of cloud computing. Some existing solutions are proposed to provide flexible access control for outsourced data in the cloud. However, few attentions have been paid to group-oriented data sharing when multiple data owners want to share their private data for cooperative purposes. In this paper, we put forward a new paradigm, referred to as secure, scalable and efficient multi-owner(SSEM) data sharing in clouds. The SSEM integrates identity-based encryption and asymmetric group key agreement to enable group-oriented access control for data owners in a many-to-many sharing pattern. Moreover, with SSEM, users can join in or leave from the group conveniently with the privacy of both group data and user data.We proposed the key-ciphertext homomorphism technique to construct an SSEM scheme with short ciphertexts. The security analysis shows that our SSEM scheme achieves data security against unauthorized accesses and collusion attacks. Both theoretical and experimental results confirm that our proposed scheme takes users little costs to share and access outsourced data in a group manner.
基金National Natural Science Foundation of China under Grant No. 60970006, 60970115, 91018008Key Laboratory Open Fund of Sky Information Security and Trusted Computing under Grant No. AISTC2009 04Shanghai Key Subject and Committee of Science and Technology of Key Laboratory under Grant No. S30108,08DZ2231100
文摘Elliptic curve cryptography is one of the most important public-key cryptography.The Koblitz Curve is a special kind of elliptic curve in ECC and its security mainly depends on the base field.Based on Evolutionary Cryptography theory,which becomes a principal concept for cryptography design and cryptanalysis,we propose a new algorithm for secure EC generation based on Ant Colony Optimization(ACO)to accelerate the search process of safe base field.We preliminarily deal with secure Koblitz curve selecting over the field F(2800).Experiments show that the base field and base point of secure curves generated by ant colony algorithm have gone beyond the parameter range of Koblitz curves recommended by NIST.We can present many new secure Koblitz curves,including base field and base point,which are not recommended by NIST.The maximum size of our secure Koblitz curve has gone beyond 700bit.The algorithm in this paper follows the same cryptography criteria recommended by the ANSI.So,it can resist current attacks.Theoretical analysis and experimental results prove that the new algorithm is effective and successful,and it is the first successful practice of Evolutionary Cryptography theory in public cryptography research.
基金National Natural Science Foundation of China(No.62172308,U1626107,61972297,62172144)。
文摘Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.
基金supported by National Basic Research Program of China(973 Program)under Grant No.2011CB302306The National Natural Science Foundation of China under Grant No.41371402The Fundamental Research Funds for the Central Universities under Grant No.2015211020201
文摘Technological advancements in data analysis and data releasing have put forward higher security requirements, such as privacy guarantee and strictly provable security, this new area of research is called differential privacy. As for geospatial point data, the exiting methods use the tree structure to split the data space to enhance the data utility and usually adopt uniform budgeting method. Different from this, we propose a novel non-uniform allocation scheme for privacy budget which is a parameter to specify the degree of privacy guarantee. Firstly, the spatial data is indexed by quadtree, then, different privacy budget is allocated to each layer of quadtree using Fibonacci series features, and we designate this budgeting method as Fibonacci allocation. Experimental results show that Fibonacci allocation is significantly more accurate in data queries than the state-of-the-art methods under the same privacy guarantee level and fits for arbitrary range queries. Furthermore, data utility can be improved by post-processing and threshold determination.
基金Project supported by the National Basic Research Program of China (Grant No 2006CB303104)the National Natural Science Foundation of China (Grant No 40871200)
文摘Chaotic systems perform well as a new rich source of cryptography and pseudo-random coding. Unfortunately their digital dynamical properties would degrade due to the finite computing precision. Proposed in this paper is a modified digital chaotic sequence generator based on chaotic logistic systems with a coupling structure where one chaotic subsystem generates perturbation signals to disturb the control parameter of the other one. The numerical simulations show that the length of chaotic orbits, the output distribution of chaotic system, and the security of chaotic sequences have been greatly improved. Moreover the chaotic sequence period can be extended at least by one order of magnitude longer than that of the uncoupled logistic system and the difficulty in decrypting increases 2^128*2^128 times indicating that the dynamical degradation of digital chaos is effectively improved. A field programmable gate array (FPGA) implementation of an algorithm is given and the corresponding experiment shows that the output speed of the generated chaotic sequences can reach 571.4 Mbps indicating that the designed generator can he applied to the real-time video image encryption.
基金supported by the National High Technology Research and Development Program of China ("863" Program) (Grant No. 2015AA016002)the National Basic Research Program of China ("973" Program) (Grant No. 2014CB340600)
文摘Air-gapped computers are isolated both logically and physically from all kinds of existing common communication channel, such as USB ports, wireless and wired net- works. Although the feasibility of infiltrating an air-gapped computer has been proved in recent years, data exfiltration from such sys- tems is still considered to be a challenging task. In this paper we present Powermittcr, a novel approach that can exfiltrate data through an air-gapped computer via its power adapter. Our method utilizes the switched-mode pow- er supply, which exists in all of the laptops, desktop computers and servers nowadays. We demonstrate that a malware can indirectly con- trol the electromagnetic emission frequency of the power supply by leveraging the CPU utili- zation. Furthermore, we show that the emitted signals can be received and demodulated by a dedicated device. We present the proof of con- cept design of the power covert channel and implement a prototype of Powermitter consist- ing of a transmitter and a receiver. The trans- mitter leaks out data by using a variant binary frequency shift keying modulation, and the emitted signal can be captured and decoded by software based virtual oscilloscope through such covert channel. We tested Powermitter on three different computers. The experiment re-suits show the feasibility of this power covert channel. We show that our method can also be used to leak data from different types of embedded systems which use switching power supply.
基金partially supported by he State Key Program of National Natural Science of China No. 61332019Major State Basic Research Development Program of China (973 Program) No. 2014CB340601+1 种基金the National Science Foundation of China No. 61202386, 61402339the National Cryptography Development Fund No. MMJJ201701304
文摘Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography. In particular, the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks. It is therefore highly meaningful to research cryptanalysis in the quantum computing environment. Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n =pq, which is exponentially faster than the best known classical algorithm. The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition: to factor n, it suffices to find the order r; once such an r is found, one can compute gcd( a^(r/2) ±1, n)=p or q. For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2) is not generally an integer). That is, the order r must be even. This restriction can be removed, however, by working from another angle. Based on the quantum inverse Fourier transform and phase estimation, this paper presents a new polynomial-time quantum algorithm for breaking RSA, without explicitly factoring the modulus n. The probability of success of the new algorithm is greater than 4φ( r)/π~2 r, exceeding that of the existing quantum algorithm forattacking RSA based on factorization. In constrast to the existing quantum algorithm for attacking RSA, the order r of the fixed point C for RSA does not need to be even. It changed the practices that cryptanalysts try to recover the private-key, directly from recovering the plaintext M to start, a ciphertext-only attack attacking RSA is proposed.
基金supported in part by National High-Tech Research and Development Program of China(“863” Program)under Grant No.2015AA016004National Natural Science Foundation of China under Grants No.61173154,61272451,61572380
文摘Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.
