| ID | 原文 | 译文 |
| 5114 | 在现有的解决方案中,基于时间的方案难以实现即时撤销,基于第三方的方案往往需要重加密运算,计算量大,不适用于海量密文数据。 | In the existing solutions, the time-based scheme is difficult to achieve immediate revocation, and thethird-party-based scheme often requires re-encryption, which needs large amount of calculation and doesn't apply to mas-sive data. |
| 5115 | 针对该问题,提出了一种高效的支持用户和属性级别的即时撤销方案,所提方案基于经典的 LSSS 型访问结构的 CP-ABE,引入了 RSA 密钥管理机制和属性认证思想,借助半可信第三方,在解密之前对用户进行属性认证。 | To solve the problem, an efficient and immediate CP-ABE scheme was proposed to support user and attribute le-vels revocation. The scheme was based on the classic LSSS access structure, introducing RSA key management mechanism and attribute authentication. By means of a semi-trusted third party, the user could be authenticated before decryption. |
| 5116 | 与现有的撤销方案对比,所提方案只需半可信第三方更新 RSA 属性认证密钥,不需要用户更新密钥且不需要重加密密文,极大地减少了撤销带来的计算量和通信量,同时保证了抗串谋攻击和前后向安全性。 | Com-pared with the existing revocation schemes, The proposed scheme didn't need the user to update the key or re-encrypt theciphertext. The semi-trusted third party wasn't required to update the RSA attribute authentication key. The scheme greatly reduced the amount of computation and traffic caused by revocation, while ensuring anti-collusion attacks and forward andbackward security. |
| 5117 | 安全性分析和实验仿真证明,所提方案具有更高的撤销效率。 | Finally, the security analysis and experimental simulation show that the scheme has higher revocation ef-ficiency. |
| 5118 | OAuth2.0 授权协议在简化用户登录第三方应用的同时,也存在泄露用户隐私数据的风险,甚至引发用户账号被攻击劫持。 | OAuth2.0 protocol has been widely adopted to simplify user login to third-party applications, at the same time,existing risk of leaking user privacy data, what even worse, causing user accounts to be hijacked. |
| 5119 | 通过分析 OAuth2.0 协议的脆弱点,构建了围绕授权码的账号劫持攻击模型,提出了基于差异流量分析的脆弱性应用程序编程接口(API)识别方法和基于授权认证网络流量监测的账号劫持攻击验证方法,设计并实现了面向 OAuth2.0 授权服务 API 的账号劫持攻击威胁检测框架 OScan。 | An account hijacking attackmodel around authorization code was built by analyzing the vulnerabilities of the OAuth2.0 protocol. A vulnerable API iden-tification method based on differential traffic analysis and an account hijacking verification method based on authorized au-thentication traffic monitoring was proposed. An account hijacking attack threat detection framework OScan for OAuth2.0authorization API was designed and implemented. |
| 5120 | 通过对 Alexa 排名前 10 000 的网站中真实部署的 3 853 个授权服务 API 进行大规模测试,发现 360 个存在脆弱性的 API。 | Through a large-scale detection of the 3 853 authorization APIs deployedon the Alexa top 10 000 websites, 360 vulnerable APIs were discovered. |
| 5121 | 经过进一步验证,发现了 80 个网站存在账号劫持攻击威胁。 | The further verification showed that 80 websiteswere found to have threat of account hijacking attack. |
| 5122 | 相较类似工具,OScan 在覆盖身份提供方(IdP)全面性、检测依赖方(RP)数量和威胁检测完整性等方面均具有明显的优势。 | Compared with similar tools, OScan has significant advantages incovering the number of identity provider, the number of detected relying party, as well as the integrity of risk detection. |
| 5123 | 随着“网络黑产”事件频繁发生,攻击者以“趋利”的思想来策略地发动针对性的攻击。 | With the frequent occurrence of “network black production” incidents, attackers strategically launch target at-tacks with the idea of “profit-seeking”. |