Earticle

The study of security models for sensitive information systems has been taken on for years, but still lag far away behind the progress of information security practice. During this century, the thought of seeking the system security to the source of system development lifecycle received huge improvement in the system and software assurance domain. This paper firstly expounds the understanding of information security by illustrating information security study development progress since pre-computer age and presents a description of cyberspace and cyberization security by summarizing the status quo of cyberization. Then a security model called PDRL, which includes six core security attributes of sensitive information systems, is proposed to protect the security of sensitive information systems in the whole system life-cycle. At last, this paper probes into further discussion about controllability attribute and proposes a controllability model in sensitive sensor networks, followed by a probability computing formula and the example for computing the controllability of sensitive sensor networks. By dividing each single element of sensitive information and each element-related operation into a corresponding classification, this paper makes a reasonable description of the quantitative description about controllability.

Recent days, the systems based on mobile agents have attracted the attention of many researchers in different areas, because of the autonomic and pro-active aspects of the agent, as well as its adaptive and dynamic behaviors in solving complex problems. However, the mobility of these entities needs to be secured against multiple vulnerabilities that present a real obstacle to its wide expansion. When the mobile agent is migrating from one node to another over the network, it is difficult to guarantee that it will be executed safely and correctly on the hosting platform, neither that it will not encounter in its way malicious entities that try to harm it. In this paper, we try to address these security issues by introducing an approach based on cryptographic mechanisms. This approach involves an Identity-Based Key Agreement Protocol to get a session key and ensure authentication, an Advanced Standard Encryption (AES) for the confidentiality of data exchanged, as well as a Binary Serialization to get an easy and persistent portability of the agent across the network.

In recent years, with the rapid development of computer network, distributed computing system has a very vast application prospect and potential utility value, which opens up a wealth of opportunities for different applications. With the characteristics of dynamic, heterogeneity, distribution, openness, voluntariness, uncertainty and deception, how to obtain trustworthy computing resource becomes a key issue in large-scale distributed computing research. Therefore, with considering the complex characters of trust in distributed computing environment, firstly, we construct STE architecture to rank and observe trust, which includes STE Broker, Monitoring and STE Catalogue. Secondly, a more comprehensive dynamic trust evaluation model is constructed based on Bayesian network. Finally, we apply simulation platform to imitate trust evolution process and collect related data, and the proposed method has been serviced in complex simulation system, and the results have indicated that the model is unbiased and effective. The first part is the research status and related problems. The second part is the establishment of an evaluation model. The last part is the experimental analysis and conclusion.

With the rapid development of computer technology and information technology, information has been a new asset of the enterprise and played more and more important role. How to protect information security is the problem that all companies need to solve together. In this paper, we propose a novel method to evaluate the enterprise’s information security management under intuitionisitc fuzzy environment. The intuitionistic fuzzy set which considers not only membership and non-membership, but also hesitancy can express the decision maker’s preferences more precise. The extended TOPSIS approach with correlation coefficient instead of distance measure is introduced in the procedure of decision making. Finally, the application and comparison analysis are demonstrated to verify validity and reliability of the method.

Cryptography can be defined as the art of secret writing or protecting information by transforming it (encrypting it) into an unreadable format, called cipher text and then transmitting it across insecure networks, so that it cannot be read by anyone except the intended recipient. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted information can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. Various algorithms help achieve flawless encryption results which are mostly unbreakable. This paper is an attempt to improve one such algorithm, i.e. RC6 by adding on to its existing functionalities.

To protect the data confidentiality of Android device users, this paper proposed a user-level secure data sanitization method which can make sensitive data stored in flash memory unrecoverable. The proposed method using reversed-scanning algorithm to reduce time and it don’t need overwriting or erase the whole flash memory. After sensitive data pages are found, the program targetedly overwriting some blocks, erase them, and insert them into free block list waiting to be located again which means the blocks will be twice overwrited by new data.

With the incredible expansion of network-based services and responsive information on networks, network protection and security is getting more and more significance than ever. Intrusion poses a serious security risk in network surroundings. The ever rising new intrusion or attacks type poses severe difficulties for their detection. The human labeling of the accessible network audit information instances is generally tedious, expensive as well as time consuming. This paper focuses on study of existing intrusion detection task by using data mining techniques and discussing on various issues in existing intrusion detection system (IDS) based on data mining techniques.

This paper proposes a data security solution in mobile cloud, which solves the security issues in the mobile client and cloud. The proposed solution also relieves the performance limitation of mobile client when executing security technologies. The analysis about the security, feasibility, compatibility and expansibility and the experiment suggests the proposed solution is rational.

Mobile agents offer a new paradigm in the field of distributed computing. Mobile agent is a program which can migrate from one machine to another machine in order to fulfill the client’s needs. Since it moves from machine to machine on the demand of client, there is threat to the data it carries, from the malicious node or hacker who can steal or change the confidential data of the client. In this paper, we have proposed an integrated framework which is fault tolerant as well as secure from such malicious nodes or hackers. We have applied encryption algorithm for data security and fault tolerant mechanism to avoid any kind of fault using clone and check-pointing with location tracking mechanism. We have implemented the proposed approach and evaluated the time taken by the agent on the basis of various parameters with its fault tolerant and security feature.

To reduce the influence of the eyelid for the iris recognition rate, an eyelid detection algorithm for the iris recognition is proposed. The grayscale morphological operations are employed to remove the interference of the eyelash and the light spot to the eyelid region. The points of the minimum grayscale value of each column in the eyelid region are extracted as edge points. The least squares parabolic fitting eyelids is carried out for the edge points of the eyelid. The eyelid parabolic moving up and down in neighborhood region is used to localizing the eyelid precisely, when the grayscale mutation happens. The experimental results show that the eyelid localization algorithm can detect the eyelid effectively and quickly. Compared with the hough transform algorithm, the accurate rate is the same, but the speed is improved about 4 seconds.

The Android platform stores basic telephony data such as contacts, call logs, schedules, and SMS messages. These basic telephony data are managed by ContentProvider, which is one of the core components of Android applications along with Activities, Services, and BroadcastReceivers. If an Android application requires basic telephony data, it requests queries such as query, insert, update, and delete operations to ContentProvider. In the Android platform, every operation for which there is a possibility of misuse is protected by permissions. Generally, every application with proper permissions can request a protected operation from the Android platform. Database operations which access a database through ContentProvider are also protected by READ and WRITE permissions. However, this security policy has a critical flaw: it is impossible to differentiate the permissions of individual contacts in the Android Platform. If one application has READ permission for contacts, it can read every contact stored on an Android device. When the entities are not equal value, this flaw becomes a critical flaw. In the particular case of SMS, the problem is more serious because SMS messages can include financial information, authentication tokens, or privacy information. To address this security problem, we have designed and implemented a privacy-enhanced SMS provider. In this paper, we show how to hide sensitive SMS data from untrusted applications.

Trust evaluation is increasingly important for collaboration in the Internet today. We propose a multi-dimensional evidence-Based trust evaluation model named EBTrust model, which expands the types and sources of evidence. We put both transaction feedback and the network operating behavior information into this model. And we improve the D-S evidence theory and propose a new rule of evidence synthesis that based on the conflict intensity (G) and efficient conflict (Gh), so we call it G-Gh synthesis rule, which can not only solve the high confliction and complete conflict feature of multi-dimensional evidences but also the problem of uncertainty in the process of trust evaluation. The example analysis and experimental results show that the EBTrust model can resist conspiracy and malicious comment behavior.

The current encryption algorithm has some problems that key length is long, which is difficult to be memorized and kept so that a potential threat is caused to information security. The encryption key extracted from the biological feature is used for the encryption method, which has become a hotspot of the research. The Haar wavelet decomposition is carried out to the iris image, to extract the third-layer high frequency coefficient as the iris feature code. The random mapping function is used to generate a 128 - bit key. chi-square (χ2) test is used to analyze the key safety extracted. The results show that the key extracted from iris feature can meet requirements of the randomness and security of the encryption algorithm.

It is possible for virtualization of desktop to dramatically reduce maintenance costs and improve the security using various virtualization techniques rather than previous desktop environments. Also, with blocking beforehand the information leakage caused by data centralization, it is easy to manage the information security. This desktop virtualization provides creation and duplication of data and standardized desktop environments using easy and fast virtualization works. So, it is possible to improve efficiency, stability, and fusibility of virtualization. In this paper, with the desktop virtualization, the power saving effects are obtained from 65,750(kW) to 7,300(kW) , which is from 480(w) to 50 (w) for using one desktop for 8 hours per a day. In addition, the 62 desktops and 62 monitors are combined to one operational server with 62 thin clients. As a result of this, the security is improved greatly by data centralization, which the user can access the main server as a thin client with given space.

A firewall’s complexity is known to increase with the size of its rule set. Empirical studies show that as the rule set grows larger, the number of configuration errors on a firewall increases sharply, while the performance of the firewall degrades. When designing a security-sensitive network, it is critical to construct the network topology and its routing structure carefully in order to reduce the multi-firewall rule sets, which helps lower the chance of security loopholes and prevent performance bottleneck. This paper studies the problems of how to place the firewalls in a topology during network design and how to construct the routing Tables during operation such that the maximum firewall rule set can be minimized. We have two major contributions. First, we prove that the problems are NP-complete. Second, we propose a heuristic solution and demonstrate the effectiveness of the algorithm by simulations. The results show that the proposed algorithm reduces the maximum multi-firewall rule set when comparing with other algorithms.

As software exchanges data in the internet environment, it is always susceptible to the malicious attacks of hackers. Google Search enables individuals to randomly search servers with their preferred vulnerabilities using several search words. Using a sample of university homepages in Korea and the US, this paper investigates the security weakness of homepages by using SiteDigger that automatically searches the Googling, which is the most convenient way of collecting data, and examines the security weakness of homepages in Korea and the US. Based on the analyzed weakness, the researcher attempts to conduct future study that develops security diagnosis tool for webpage

The analysis of user behaviors has been an important subject in recommending research recently. This paper proposes a modified clustering technique, showing that users privacy disclosure may change when they are answering the information requests, and we argues that their attitudes, including risk, useful, appropriate, played an important role behind those changes. We presented the new data structure in our dataset that would be loaded to experiment, e.g. personal information requests, users’ answers to those requests, and most importantly, users cluster and attitude for later analysis. Our modified clustering technique would not only locate users privacy disclosure change by comparing the results from learning their past disclosure behaviors and from learning their current disclosures, but also exploit the relationship between the inconsistence in those two results and their attitudes. The data containing users’ answers to a questionnaire with personal information requests was integrated to analyze their disclosure behaviors and attitude with the proposed clustering technique. We indeed find some interesting connections between their privacy disclosure change and attitudes, and the exploration of this paper could benefit to any researchers and online community owners who focusing on user-centered strategies and personal-information-requesting issues.

Computing-as-a-service is gaining ground. Clients may use the service without purchasing the system supporting the service. Database-as-a-Service (DBaaS) is an important area of computing-as-a-service. DBaaS allows clients to use an expensive database management system without purchasing it. In a DBaaS environment, database Tables are stored on servers belonging to a service provider, and hence, they must be encrypted in order to ensure data confidentiality. However, the encryption introduces performance degradation in the execution of queries over encrypted data. The execution of range queries, in particular, undergoes severe performance degradation. Several encryption schemes to alleviate this problem have been proposed. However, most of these schemes leak other information in addition to order information. In this study, a new database encryption scheme for DBaaS is proposed. The proposed scheme enables the execution of range queries without severe performance degradation and without leakage of information other than order information.

The major impediments that mostly arise in matchmaking in mobile social networks are ensuring the privacy of users’ attributes, finding the intersection of attributes of the matched-pair without revealing any other information, and ensuring that the matched-pair get to know the intersection mutually. Also, in virtually all the existing protocols, the initiator of the matchmaking does not set a threshold number of common attributes an individual should have with him/her before qualifying as a pair. Hence, we propose a hybrid matchmaking cryptographic protocol that will overcome these impediments. In our proposed protocol, an initiator of matchmaking sets a threshold number of common attributes that an individual should have to qualify as a matching-pair. The protocol also ensures that no information about the intersection set is leaked to persons not in the protocol. To further enhance the security and privacy in the protocol, the attributes of the persons our protocol are authorized. The authorization of the attributes is intended to thwart malicious behavior by the persons in the protocol and hence, prevents semi-honest attacks. Furthermore, in this proposed protocol, persons in the protocol get to know the intersection of their attributes mutually.

2l century is the era of rapid development of information technology; electronic commerce is an important way to meet consumer demand, to improve the degree of organization. The e-commerce development of rural tourism will meet the need of market economy development, and enhance the competitiveness of tourism enterprises. In this paper, we analyze the cooperation performance between rural tourism and third-party network platform, the result shows that: (1) relationship quality has significant positive effect on direct performance, the coefficient is 0.824; (2) relationship quality has significant positive effect for indirect performance, and the coefficient is 1.012. So that, relationship quality is a key factor that affect the performance of bilateral cooperation. On this basis, we put forward the related suggestions to promote the e-commerce application in rural tourism.

To keep the pace with the development of internet technology, remote user authentication techniques become more and more important to protect user’s privacy. Recently, Kumari, et al., presented an improved remote user authentication scheme with key agreement based on dynamic-identity using smart card. This scheme allows legal users to change the password at his will without the need to connect the server. They claimed that their scheme could resist smart card stolen or loss attack, user impersonation and server masquerading attack, and provide user anonymity and untraceability and so on. However, our research indicates that their scheme is completely unsafe. Furthermore, the scheme can’t provide the proper mutual authentication. In this manuscript, we will propose a new scheme, which can withstand those attacks mentioned above and provide the perfect user anonymity and forward secrecy. Security analysis makes it clear that the improved scheme apparently is more secure and practical.

We propose a novel user authentication system using visual communication. The proposed system consists of two parts: a sender system, and a receiver system. The sender system converts a digital password into a color-coded image using a color displaying screen attached to a sender device. The receiver system detects these color-coded images using a camera, extracts the color values, and decodes them into the original digital password. We measured the data transfer accuracy of the visual communication system, and found that the average accuracy at the bit level was about 99.2% at the suggested experiment environment, to show that this system can work in real situations.

C2C e –commerce credit problems is the root of the problems, and its essence is that the mastering for user true information is not enough. It is proposed in this paper, two-way real-name authentication platform based on DNS, the platform for buyers and sellers make unified authentication to strengthen the management of the buyer, by the user number and identity information of the binding to defend the credibility of user number, at the same time, by user number realizing the trading online by single number integrates user’s credibility on different sites, guarantees the reliability of the user credit information. According to the various characteristics of the platform implementation technology, this paper puts forward a two-way authentication unified platform chosen the DNS system as the foundation, it can reduce the difficulty of the implementation technology, also decrease the demand for each site.

The servitization of the equipment manufacturing industry is an important way for equipment manufacturing industry to adapt to the new competitive environment, and achieve industrial upgrading based on service function strengthening on value added stages along value chain. In this paper, the necessity of the servitization of the equipment manufacturing industry are analyzed in detail, and quantitative measure are used to analyze the key factors affecting servitization of the equipment manufacturing industry from external and internal two aspects. According to the influence factor analyzing results, specific methods of servitization are put forward.

Biometric techniques for authentication using body parts such as a fingerprint, face, iris, voice, and finger-vein have become increasingly important in the personal security field, including door access control, finance security, and electronic passport. Finger-vein images can be captured under various conditions, such as different temperatures and illumination, and noise in the acquisition camera. Difficulties in recognizing finger-vein images include the use of a complex algorithm for noise reduction, image re-construction, and rotation invariance in the pattern-matching algorithm. In this paper, we use a compact CMOS camera with a penetrating infrared LED light source. In addition, we suggest a simple pattern matching method to reduce the calculation time for embedded environments. The experimental results show that our simple system has good results in terms of speed and accuracy for personal identification.

Due to the lack of condition monitoring and health analysis of the equipment in the daily operations, serious accident happened and it caused the incorrect results of fault diagnosis. We propose a method of condition monitoring and fault prediction based on extension theory. The method established a matter element mode to give the formal description of the state of the equipment. It used dependent function to do the qualitative and quantitative analysis of the equipment state. Through the method, we can change the model of maintenance which is always done after fault occurred. We use the method on the example of turbines to prove the feasibility and effectiveness of the method.