ZHU Li , YU Huan , ZHAN Shi-Xiao , QIU Wei-Wei , LI Qi-Lei
2019, 30(6):1577-1593. DOI: 10.13328/j.cnki.jos.005737
Abstract:This study takes the "securities trading system" of the Shanghai Stock Exchange as a business scenario to study the optimization algorithm of the high-performance consortium blockchain. based on the research of the key technologies of the consortium blockchain and the business of the securities transaction system, this study proposes a design of the consortium blockchain architecture and conducts a detailed analysis of the key technologies that can improve the performance of the consortium blockchain, such as separation of business logic and consensus, optimization of storage, and optimization of digital signature verification (including merger verification and GPU acceleration). Finally, the study conducts a series of comparative experiments to verify the effectiveness of these optimization strategies.
ZHU Jian-Ming , DING Qing-Yang , GAO Sheng
2019, 30(6):1594-1613. DOI: 10.13328/j.cnki.jos.005738
Abstract:Cross-border financial communication is extremely important for the development of modern financial services. The society for worldwide interbank financial telecommunications (SWIFT) is the main provider of cross-border financial communications services. Now, telecommunications message transmission is the main business of SWIFT systems to ensure the transmission of messages. Security, accuracy, and efficiency are important goals of SWIFT system. However, the current SWIFT system based on the concept of central architecture has outstanding security risks, low transmission efficiency, and high cost. This study proposes a BCSWIFT system based on the permissioned blockchain distributed consensus mechanism, which can make SWIFT system be optimized. First, the transmission network of the SWIFT system is divided into the main network layer and the additional network layer. Second, a consensus algorithm based on the double-layer network structure is proposed. Third, the telecommunications message exchange and transmission of the BCSWIFT system are introduced. Fourth, for the sake of business confidentiality of financial business data, the mechanism of message data privacy protection for financial institutions. Fifth, the security of BCSWIFT system. This article takes the optimization of the SWIFT system's message transmission service as an example, explaining the basic mechanism of cross-border financial communications based on the permissioned blockchain, to provide new ideas for ensuring the safety, efficiency, accuracy and low-cost operation of cross-border paymen, and also provide an important reference for large-scale commercial application of blockchain technology.
QIAO Rui , CAO Yan , WANG Qing-Xian
2019, 30(6):1614-1631. DOI: 10.13328/j.cnki.jos.005739
Abstract:The focus of dynamic data security protection of IoT (Internet of things) is to reject tampering of unauthorized users, meanwhile, to realize the process in evidence and track tracing of the dynamic data operation of IoT. In order to solve the problems such as secure storage and sharing of dynamic data generated by a large number of IoT devices, firstly, a mathematical model for the security of dynamic data storage was established, as well as dual consortium chain structure is proposed to realize multidimensional authorization and dynamic data storage of operational entities. Then, a consensus algorithm based on VNL (verification nodes list) was proposed. After that, an optimization scheme of dynamic data traceability mechanism based on consortium block chain was put forward. Finally, through open experiments and performance analysis, it shows that when the eigenvalue of the operation entity authorization is 64 and the number of IoT operation entities is less than 106, the succeed probability of the attacker is almost 0. Meanwhile the proposed scheme can effectively avoid potential attacks on dynamic data, such as double output attacks, replay attacks and hidden attacks and so on. Thus it can effectively prevent the attackers from unauthorized manipulation of the IoT, such as tampering or counterfeiting under approved accession mode. The scheme has good application value while ensuring the dynamic data storage security.
2019, 30(6):1632-1648. DOI: 10.13328/j.cnki.jos.005740
Abstract:With the development of the Internet of things, the privacy protection of the IoT has attracted people's attention, and access control technology is one of the important methods of privacy protection. The IoT access control model is based on the concept of a central trusted entity. The decentralized blockchain technology solves the security risks brought by the centralized model. This study proposes three issues that must be resolved according to the characteristics of the IoT environment. These three issues are:(1) IoT terminal device lightweight; (2) IoT has a large number of terminal nodes; and (3) dynamic issues under the IoT. Then, using these three issues as the core, it is analyzed and summarized that how the mainstream access control model in the existing IoT and blockchain-based access control model solves these problems. Finally, two types of blockchain access control models and the advantages of using blockchain for IoT access control are summarized, as well as the problems that need to be solved in the future for blockchain and IoT access control.
LI Fang , LI Zhuo-Ran , ZHAO He
2019, 30(6):1649-1660. DOI: 10.13328/j.cnki.jos.005741
Abstract:With the development of blockchain technology, various blockchains with different characteristics and applications such as Bitcoin, Ethereum, other public chains, as well as private and consortium chains coexist in large numbers. Due to the independence of blockchains, the data communication and value transfer between existing blockchains are still facing challenges, and the problem of value isolation gradually emerges. The cross-chain technology is an important technical means for blockchains to realize interoperability and enhance scalability. This article systematically summarizes the achievements in the cross-chain technology field. Firstly, the requirements of cross-chain technologies and the technical difficulties they face are analyzed. Secondly, the cross-chain technologies those are under development are summarized and the mechanisms and implementations of 24 mainstream cross-chain technologies are introduced. Then, the security risks of cross-chain technology are analyzed, and 12 major issues are listed. Finally, the trend of future development of cross-chain technology is summarized and discussed.
WANG Xiu-Li , JIANG Xiao-Zhou , LI Yang
2019, 30(6):1661-1669. DOI: 10.13328/j.cnki.jos.005742
Abstract:Data has become an important asset for an enterprise. How to effectively control access to data within an enterprise and securely share data between enterprises have been a challenge. Distributed ledger in blockchain can solve these problems in some ways. However, the asymmetric encryption mechanism applied by blockchain can only be transmitted peer to peer securely; it does not meet the complex access control requirements within the enterprise. This paper presents a model for data access control and sharing using block chain, and uses attribute based encryption to control and share enterprise data, so as to achieve the purpose of fine-grained access control and secure sharing. Through comparative analysis, the model can solve difficulties ofaccess control withinthe enterprise and sharing data between enterprises in security and performance.
LI Chun-Xiao , CHEN Sheng , ZHENG Long-Shuai , ZUO Chun , JIANG Bu-Yun , LIANG Geng
2019, 30(6):1670-1680. DOI: 10.13328/j.cnki.jos.005743
Abstract:The core value of the blockchain system is to establish multi-party trust. In enterprise application scenarios, it is necessary to enhance the security, real time performance, and user friendliness. To meet the needs of the domestic independent control and technical development, open source and win-win cooperation should be advocated. This paper proposes a permissioned blockchain toolkit implemented by reactive programming named RepChain (reactive permissioned chain), which is the first open source reactive permissioned blockchain toolkit in China. It highlights responsive, loosely coupled, lightweight, collaborative consensus, hierarchical contract deployment and visualization of real-time status through a novel system architecture design. A secure channel is established based on access control, and a synergistic consensus is used to replace the competitive consensus of the public blockchain, therefore, the transaction real-time performance and throughput are improved. Experiments show that the reactive permissioned blockchain can significantly increase transaction throughput, real-time performance and resilience.
XU Mi-Xue , YUAN Chao , WANG Yong-Juan , FU Jin-Hua , LI Bin
2019, 30(6):1681-1691. DOI: 10.13328/j.cnki.jos.005744
Abstract:Blockchain, originated from Bitcoin, for whose core is decentralized, detrusted, tamper-resistant, unforgeable, and traceable, can be used in management, storage, and circulation of high value data. Blockchain has been applied in a variety of scenarios, but the security problems of blockchain have always existed and have great influence on users' rights and interests. Mimetic defense is a new network defense technology proposed by Chinese research team, which plays an important role in network defense of a new class of system. This paper first introduces the security threats faced by the blockchain and the existing solutions. Then the core ideas of mimetic defense, the typical dynamic heterogeneous redundance (DHR) architecture are introduced. Second, in view of the potential security problems of blockchain, combining the definition of security and parameter selection, dynamic heterogeneous consensus mechanism and DHR signature mechanism are put forward from the ideas of DHR architecture and cryptographic sortition to construct a security solution for blockchain which is called the mimic blockchain in this paper. Finally, the security and property of the mimic blockchain is further analyzed, the result shows that the dynamic heterogeneous blockchain can provide increased security over the typical blockchain in many aspects.
YANG Ya-Tao , CAI Ju-Liang , ZHANG Xiao-Wei , YUAN Zheng
2019, 30(6):1692-1704. DOI: 10.13328/j.cnki.jos.005745
Abstract:In order to solve the problem of privacy leakage in the transaction process of block chain, by improving the SM9 identification cryptography algorithm, a multi KGC group signature scheme based on SM9 algorithm was proposed for the first time. Based on the alliance chain, a privacy preserving scheme in block chain with provably secure was designed based on SM9 algorithm. By analyzing the security and efficiency about this scheme, it is proved that the proposed scheme has many advantages, such as signature unforgery, the node anonymity, forward security, and so on. By analyzing the efficiency, the proposed scheme decreases twice bilinear pairing operations compared with the certificateless signature scheme proposed by Al-Riyami S Ss', and the efficiency of signature verifying is increased by about 40%. Moreover, the proposed scheme cuts down four times and twice exponent operations compared with schemes of Tseng Y Ms' and Chen Ys', the overall calculation efficiency is improved. The user identity of two parties can be protected by the cryptographic operation, and the privacy preserving of the nodes is achieved.
WANG Zhen , FAN Jia , CHENG Lin , AN Hong-Zhang , ZHENG Hai-Bin , NIU Jun-Xiang
2019, 30(6):1705-1720. DOI: 10.13328/j.cnki.jos.005746
Abstract:With the development of the privacy protection technology of the Internet, identity authentication has been a guardian of data andcomputer system. However, there exists some weaknesses in traditional identity authentication technology asit does notmeet requirements of the new information technology, i.e., the rise of the blockchain has raised higher requirements for identity authentication and it not only needs to identify different users but also has the necessary to protect the privacy of the users. Anonymous authentication technology is a method to protect users' privacy hiding, but most existing schemes do not supporta proper supervision mechanism. Once a user is dishonest, it is difficult to trackits real identity. Therefore, it is necessary to establish a regulatory mechanism in the process of anonymous authentication. In this study, a supervised anonymous authentication scheme is proposed to solve above problems. On the one hand, access rights are provided for users by anonymous credentials, and users can selectively exposetheir attributes when they need to present their credentials. In this way, it can assure that users' information is under protection. On the other hand, a regulatory mechanism is introduced in anonymous authentication, which can track the real identity when cheating occurs.The supervised anonymous authentication scheme is constructed by secure cryptographic schemes and it is proved to be semantic secure. The proposed scheme is efficient and can be applied toconsortium blockchain and other supervised anonymous authentication systems.
SITU Ling-Yun , WANG Lin-Zhang , LI Xuan-Dong , LIU Yang
2019, 30(6):1721-1741. DOI: 10.13328/j.cnki.jos.005491
Abstract:Buffer overflow vulnerability is one of the most widely exploited and dangerous security vulnerabilities, it is extremely difficult to eliminate buffer overflow vulnerability completely. A lot of buffer overflow detection techniques and tools have been proposed in the academy and industrial. In the face of numerous tools, itis a specific and practical issue that how could users choose these tools effectively and applied them to the application aspects such as detection and repair, prevention and protection, measurement and assessment. It is necessary to establish a clear map among different user requirements and multiple buffer overflow detection techniques and tools for sake of solving the problem. On the basis of an overview of the types and characteristics of buffer overflow vulnerabilities, buffer overflow detection techniques ant tools are analyzed and elaborated from three application perspectives, i.e. software life cycle based detection and repair, buffer overflow attack stages based prevention and protection, knowledge and understanding based measurement and assessment, which created a map of user requirement and techniques and tools to a certain degree.
ZHANG Peng-Cheng , WANG Li-Yan , JI Shun-Hui , LI Wen-Rui
2019, 30(6):1742-1758. DOI: 10.13328/j.cnki.jos.005425
Abstract:In order to accurately forecast quality of service (QoS) of different Web services with multi-step, and help users to choose the most suitable Web service at hand, this study proposes a novel QoS forecasting approach called MulA-LMRBF (multiple-step forecasting with advertisement by levenberg-marquardt improved radial basis function network) based on multivariate time series. Considering the correlation among different QoS attributes series, phase-space reconstruction is used to map historical multivariate QoS data into a dynamic system, where the multi-dimensional nonlinear relations of QoS attributes are completely restored. Average dimension (AD) is used to estimate the embedding dimension and delay time of reconstructed phase space. The short-term QoS advertisement data of service provider is also added to form a more comprehensive data set. Then, RBF (radial basis function) neural network improved by the Levenberg-Marquardt (LM) algorithm is used to update the weight of the neural network dynamically, which improves the forecasting accuracy and realizes the dynamic multiple-step forecasting. Experiments are conducted based on several public network data sets and self-collected data set. The experimental results demonstrate that MulA-LMRBF is better than previous approaches with high precise and is more suitable for multi-step forecasting.
WANG Jin-Yong , ZHANG Ce , MI Xiao-Ping , GUO Xin-Feng , LI Ji-Hong
2019, 30(6):1759-1777. DOI: 10.13328/j.cnki.jos.005427
Abstract:Software debugging is a complex process and affected by many factors, such as debugging resources, debugging tools, debugging skills, etc. When detected faults were removed, new faults may be introduced. Therefore, it plays an important role to research an imperfect debugging phenomenon in the software debugging process. How to model fault introduction in building an imperfect debugging model is still an unresolved issue. So far, numerous software debugging models are developed by researchers, for example, assuming the fault content function is a linear, exponential distribution or proportional to the number of removed faults, etc. However, they can not entirely satisfy the realistic needs due to fault introduction complicated changes over time. In this study, an NHPP software reliability model is proposed based on Weibull distribution introduced faults and the fault content function following Weibull distribution is considered. The related experiment is carried out which validates the fitting and predictive power of the proposed model. The experimental results also show the proposed model has much better fitting and predictive performance than other models using two fault data sets, as well as better robustness.
PAN Yan , ZHU Yue-Fei , LIN Wei
2019, 30(6):1778-1792. DOI: 10.13328/j.cnki.jos.005429
Abstract:The program is a sequence of instructions in a certain order, and the permutation and combinations of instructions constitute the ever-changing program semantics. Although reordering instructions usually changes the program semantics, it is possible to swap adjacent instruction sequences without changing the program semantics via analyzing the relative independence of adjacent instruction sequences. Instructions swapping increases the distance of instructions and change characteristics of the program, which raises the cost of reverse analysis to a certain extent. Sufficient conditions of instructions swapping are proven by the improvement of the formal definition of the program, upon which the randomize method of instructions reordering based on simulated annealing is proposed in the study. Furthermore, a prototype of IS-VMP (virtual machine protection system based on instructions reordering) is implemented. In addition, the experiments are carried out with a set of encryption algorithms. Experiment results show that instruction reordering is effective and applicable for anti-reversing.
E Hai-Hong , ZHANG Wen-Jing , XIAO Si-Qi , CHENG Rui , HU Ying-Xi , ZHOU Xiao-Song , NIU Pei-Qing
2019, 30(6):1793-1818. DOI: 10.13328/j.cnki.jos.005817
Abstract:Entity relation extraction is a core task and an important part in the fields of information extraction, natural language understanding, and information retrieval. It can extract the semantic relationships between entity pairs from the texts. In recent years, the application of deep learning in the fields of joint learning, remote supervision has resulted in relatively abundant research results in relation extraction tasks. At present, entity relationship extraction technology based on deep learning has gradually exceeded the traditional methods which are based on features and kernel functions in terms of the depth of feature extraction and the accuracy. This paper focuses on the two fields of supervision and remote supervision. It systematically summarizes the research progress of Chinese and overseas scholars' deep relationship-based entity relationship extraction in recent years, and discusses and prospects future possible research directions as well.
LI Cong-Min , LI Jie , ZHANG Kang , TAO Wen-Yuan
2019, 30(6):1819-1834. DOI: 10.13328/j.cnki.jos.005824
Abstract:Check-in logs record how users access certain facilities. Discovering users' behavior patterns via logs has a wide range of applications, such as targeted advertising, criminal activity detection, etc. However, the discovery process is complex and challenging, due to the following reasons. (1) Log data is usually of long-term and contains noise, with sparse distribution of data in high-dimensional space. (2) Behavior patterns always relate to different time scales. (3) The variety of parameter selections and methods of data processing make traditional machine learning approaches difficult to obtain credible and understandable behavior analysis results. This study proposes an interactive approach to exploring behavior patterns from check-in logs. The process uses a dynamic subspace strategy which changes the time slices to analyze similar behavior patterns dynamically. The strategy reduces the effect of setting parameters artificially on the analytical results. The proposed approach integrates a visual analytical tool to support the process. Through visualization, analysts could understand the patterns found in each step-in real time, adjust the analysis process, comprehend and verify the results intuitively. The paper also presents a case study based on a real data set and a review of experts from different fields. The results confirm the effectiveness of the approach.
XU Li-Feng , HUANG Zu-Sheng , YANG Zhong-Zhu , DING Wei-Long
2019, 30(6):1835-1852. DOI: 10.13328/j.cnki.jos.005600
Abstract:To avoid the locally optimum which is frequently be the result of a calculation of particle swarm optimization (PSO) algorithm, it is proposed in this study a new mixed PSO algorithm with multistage disturbance (MPSO). MPSO combined features from two former classic improved PSO algorithms, which are standard particle swarm optimization (SPSO) and standard particle swarm optimization with a constriction factor (PSOCF). Furthermore, a strategy with multistage disturbances was also introduced into the algorithm:The first-level disturbance was used to enhance the ability of the particles to traverse the solution space when renewing the positions, while the second-level disturbance would be introduced when locally optimal solution was received to continue the optimization process. Six test functions, namely the Sphere, Ackley, Rastrigin, Styblinski-Tang, Duadric, and Rosenbrock functions, were used to simulate the optimization calculation, and the results from proposed algorithm MPSO were compared with those from SPSO and PSOCF. The results show that for the test functions, MPSO can get the optimal value much more quickly and easily than the other two algorithms, and the convergence precision of MPSO was significantly higher than the others. It can be concluded that MPSO can get over the problem of locally optimal solution when dealing with multimodal functions.
DAI Mian , CHENG Guang , ZHOU Yu-Yang
2019, 30(6):1853-1874. DOI: 10.13328/j.cnki.jos.005832
Abstract:Measurement technology plays an important role in the field of network researching as it is the foundation of researching on network monitoring, network management, and network security. Compared with the legacy network, software-defined network brings new research opportunities due to its advantages of standardization, openness, and transparency. The separation of measurement data plane and measurement control plane motivates the design and realization of more general and flexible measurement frameworks. Standardized API enables quick development and deployment of measurement tasks. Logically centralized controller enables the network to optimize the hardware configuration and forwarding strategy in real time by analyzing the measurement results pulled from SDN switches. The forwarding mechanism based on flow table enables data plane to provide more fine-grained measurement data of network traffic. However, challenges are also brought due to the contradiction between extra network overhead and the limited computing, memory, bandwidth resources in network. The centralized control plane may also suffer from performance bottlenecks. This paper reviews current researches on measurement methods of software defined networking from two aspects:framework and object, and then concludes the main research tasks and challenges. In the end, the argument about future research trend is elaborated based on existing research experiences.
YIN Rong-Rong , YIN Xue-Liang , CUI Meng-Di , XU Ying-Han
2019, 30(6):1875-1885. DOI: 10.13328/j.cnki.jos.005422
Abstract:In order to evaluate the importance of nodes in scale-free networks, by analyzing the number of neighboring nodes and the topology of its neighbors, the index of the structural holes importance of the node is obtained. At the same time, by combining the K core importance index of adjacent nodes, the importance contribution between adjacent nodes is obtained. It characterizes the local information of adjacent nodes. On this basis, combining with the K core importance of the node itself that characterizes the global location information of the node, this study proposes a method to evaluate the importance of nodes in scale-free networks based on the relationship of the importance contribution between nodes. This method takes into account the structural holes characteristics of nodes and the K core central feature to determine the importance contribution between adjacent nodes, and takes into account the local and global importance of the networks. The theoretical analysis shows that the time complexity of this method is only o(n2). Compared with other algorithms, the results show that the method is feasible and effective. It has an ideal computing capability, and is suitable for scale-free networks.
BIAN Wei-Xin , DING Shi-Fei , ZHANG Nan , ZHANG Jian , ZHAO Xing-Yu
2019, 30(6):1886-1900. DOI: 10.13328/j.cnki.jos.005421
Abstract:The enhancement of fingerprint plays an important role in automatic fingerprint identification system. In order to make up for the shortcomings of the traditional fingerprint enhancement, this study proposes a novel algorithm by using orientation Gaussian bandpass filter (OGBPF) to enhance the fingerprint firstly, and then the deep Boltzmann machine (DBM) with orientation selection is employed to reconstruct these regions that are enhanced incorrectly in the first phase. The fingerprint is enhanced based on the quality grading scheme and the composite window strategy. In the proposed method, the traditional enhancement method and deep learning method complement one another perfectly. To validate the performance, the proposed method has been applied to fingerprint enhancement on the FVC2004 databases. Experiments show that, compared with the state-of-the-art enhancement methods, the proposed method is more accurate and more robust against noise, and can achieve better results.