A CHRONOLOGICAL REVIEW ON TEMPEST ATTACKS IN DATA SECURITY
Year 2013,
Volume: 6 Issue: 2, 121 - 152, 06.05.2015
Hamdi Altıner
Hamdi Altıner
Ediz Şaykol
,
Ediz Şaykol
Abstract
As an inevitable part of our life, computers sometimes can be used like a nonfirearm unconsciously by ourselves or by malicious people. By disclosing
illegally obtained information, worldwide chaoses can be created, security of
countries can be endangered, vital services like health, electricity,
communication can be interrupted, companies can be undermined and
violating privacy of prive life and like a growing network all humanity
becomes vulnerable against this threats.
These threats continue in increasing speed and complexity, and will last as
long as information technology takes place in our life. The efforts for securing
information security must be up to date activity with long lasting and
continuous improvements. Therefore Information Security must be considered
as a never ending process.
In comparison with personnel information security, institutional information
security is much more complex and hard to manage process. Therefore it
requires higher costs and manpower. IT Security consist of many main and
sub topics but especially in security related institutions TEMPEST comes at
the head of main precautions. Nowadays on which Information Security's
value increased, importance of TEMPEST issue became more evident.
References
- JMcNamara, ''The Complete, Unofficial TEMPEST Information Page", at http://www.eskimo.com/~joelm/tempest.html.
- Major General RFH Nalder, 'History of the Royal Corps of Signals', published by the Royal Signals Institution (1958).
- USA National Security Agency (NSA), TEMPEST: A signal problem; Cryptologic Spectrum, 1972.
- Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Dergisi Cilt:2 Sayı:3 "TEMPEST, TEMPEST'in Keşfi ve Sinyal Analizi, Değerlendirme Kriterleri ve Ölçüm Sistemleri, Cihaz Tasarımı". Mayıs-Ağustos 2010.
- W Ware, ' Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security', Rand Report R609-1, The RAND Corporation, Santa Monica, CA (Feb 1970), available from http://csrc.nist.gov/publications/history/index.html.
- P Wright, 'Spycatcher-The Candid Autobiography of a Senior Intelligence Officer',William Heinemann Australia, 1987, ISBN 0-85561-098-0
- W Van Eck, ''Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? in Computers and Security v 4 (1985) pp 269-286.
- RJ Anderson, MG Kuhn, ' 'Tamper Resistance-a Cautionary Note", in Proceedings of the Second Usenix Workshop on Electronic Commerce (Nov 96) pp 1-11; http://www.cl.cam.ac.uk/users/rja14/tamper.html.
- P Kocher, ''Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems", in Advances in Cryptology-Crypto 96 Springer LNCS v 1109 pp 104-113, 1996
- MG Kuhn, RJ Anderson, ''Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations", in Proceedings of the Second International Workshop on Information Hiding (Portland, Apr 98), Springer LNCS v 1525 pp 126-143.
- P Kocher, ''Differential Power Analysis", in Advances in Cryptology-Crypto 99 Springer LNCS v 1666 pp 388-397; a brief version was presented at the rump session of Crypto 98.
- MG Kuhn, ''Optical Time-Domain Eavesdropping Risks of CRT Displays" in IEEE Symposium on Security and Privacy (2002)
- D Asonov, R Agrawal, ''Keyboard Acoustic Emanations", IBM Almaden Research Center, 2004.
- L Zhuang, F Zhou, JD Tygar, ''Keyboard Acoustic Emanations Revisited" in 12th ACM Conference on Computer and Communications Security (2005).
- SJ Murdoch, ''Hot or Not: Revealing Hidden Services by their Clock Skew", in 13th ACM Conference on Computer and Communications Security. 2006
- Ross Anderson "Security Engineering: A Guide to Building Dependable Distributed Systems" Second Edition, Chapter 17, Emission Security, Cambridge, January 2008.
- USA Air Force, Emissoin Security Countermeasures Reviews; USA Air Force Systems Security Security Memorandum 7011, 1998.
- R Gonggrijp, WJ Hengeveld, A Bogk, D Engling, H Mehnert, F Rieger, P Scheffers, B Wels, ''Nedap/Groenendaal ES3B voting computer-a security analysis", Oct 2006, at http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en
- L. Ordu, S. B. Ors, "Yan Kanal Analizi Saldirilarina Genel Bakis", Ulusal Elektronik Imza Sempozyumu Bildiriler Kitabi, sayfa: 242-249, 07-08 Aralık 2006.
- Anderson, R., Kuhn, M., Tamper resistance - a cautionary note, Proceedings of the 2nd USENIX Workshop on Electronic Commerce, 1-11, 1996.
- Kommerling, O. ve Kuhn, M.G., Design principles for tamper resistant smartcard processors, Workshop on Smartcard Technology 1999
- Boneh, D., DeMillo, R.A., Lipton R.J., On the importance of checking cryptographic protocols for faults, EUROCRYPT'97, vol 1233, 37-51, 1997
- Joye M., Lenstra A.K. and Quisquater J.-J, Chinese remaindering based cryptosystem in the presence of faults. Journal of Cryptology, 4(12), 241-245, 1999.
- Örs, S.B., Hardware Design Of Elliptic Curve Cryptosystems And Side-Channel Attacks. PhD thesis, Katholieke Universiteit Leuven, Faculteit Toegepaste Wetenschappen, Departement Elektrotechniek, Kasteelpark Arenberg 10, 3001 Leuven (Heverlee), Belgium, February 2005.
- D Brumley, D Boneh, ''Remote timing attacks are practical", in Computer Networks v 48 no 5 (Aug 2005) pp 701-716
- Dhem J.F., Design of an effcient public-key cryptographic library for RISC-based smart cards. PhD thesis, UCL Crypto Group, Laboratoire de microelectronique (DICE), May 1998.
- Walter C.D., Montgomery exponentiation needs no final subtraction. Electronic letters, 35(21) 1831-1832, October 1999.
- Walter C.D., MIST: An efficient, randomized exponentiation algorithm for resisting power analysis. vol 2271 of Lecture Notes in Computer Science, pages 53-66, San Jose, USA, February 2002.
- Hachez G. and Quisquater J.-J.. Montgomery exponentiation with no final subtractions: Improved results. In C. K. Koç and C. Paar, editors,Proceedings of 2nd International Workshop on Cryptographic Hardware and Embedded Systems (CHES), vol 1965 pages 293-301, Worcester, Massachusetts, USA, August 17-18 2000.
- TS Messergues, EA Dabish, RH Sloan, ''Investigations of Power Analysis Attacks on Smartcards", in Usenix Workshop on Smartcard Technology, pp 151-161
- R Meyer-Sommer, ''Smartly analyzing the simplicity and the power of simple power analysis on Smartcards", in Workshop on Cryptographic Hardware and Embedded Systems (2000); Springer LNCS v 1965 pp 78-92
- Kang S.-M., and Leblebici Y., CMOS Digital Integrated Circuits: Analysis and Design. McGraw Hill, 2002.
- Kocher, P., Jaffe, J. ve Jun, B., Differential power analysis, CRYPTO'99, vol. 1666, 388-397, 1999.
- Ordu L., AES Algoritmasının FPGA Üzerinde Gerçeklenmesi ve Yan-Kanal Analizi Saldırılarına Karşı Güçlendirilmesi. Yüksek Lisans Tezi, İTÜ Fen Bilimleri Enstitüsü, Haziran 2006.
- Oswald E., On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD Thesis. June 2003.
- J Quisquater, D Samyde, ''ElectroMagnetic Analysis EMA):Measures and Counter-Measures for Smart Cards" in nternational Conference on Research in Smart Cards, Springer LNCS v2140 pp 200-210.
- Messerges T.S., Power Analysis Attacks and Countermeasures on Cryptographic Algorithms. PhD thesis, University of Illinois, 2002.
- Borst J., Block Ciphers: Design, Analysis and Side-Channel Analysis. PhD thesis, K.U.Leuven, September 2001.
- Şadi Evren ŞEKER, DES (Veri Şifreleme Standardı, Data Encryption Standard), http://www.bilgisayarkavramlari.com/2008/03/13/des-veri-sifreleme-standardi-data-encryption-standard/ (25.07.2013 arihinde erişilmiştir.)
- Chari, S., Jutla C.S., Rao, J.R. ve Rohatgi, P., Towards sound approaches to counteract power-analysis attacks, CRYPTO'99, v1666, 398-412, 1999
- Goubin, L. ve Patari, J., DES and differential power analysis the "duolication" method, CHES-1999, vol. 1717, 158-172. 1999.
- Akkar, M.L. ve Giraud, C., An implementation of DES and AES, ecure against some attacks, CHES 2001, Third International Workshop., vol. 2162, 309-318, 2001
- Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V., A side-channel analysis resistant description of the AES S-Box, FSE 2005, vol. 3557, 2005
- MG Kuhn, ''Electromagnetic Eavesdropping Risks of Flat-Panel Displays", in PET 2004, at http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
- S Krempl, ''Lauschangriff am Geldautomaten", in Der Spiegel Jan 8 1999; at http://web.archive.org/web/20001031024042/http://www.spiegel.de/netzwelt/technologie/0,1518,13731,00.html.
- ER Koch, J Sperber, 'Die Datenmafia', Rohwolt Verlag (1995) ISBN 3-499-60247-4
- US Army, 'Electromagnetic Pulse (EMP) and Tempest Protection for Facilities', Corps of Engineers Publications Depot, Hyattsville (1990).
- Halil Tosunoğlu, Ortak Kriterler ve Bilgi Güvenliği, TÜBİTAK -BİLGEM -UEKAE 24 Haziran 2011, ANKARA https://www.bilgiguvenligi.gov.tr/dokuman-yukle/6.-kamu-kurumlari-bilgi-teknolojileri-guv.-konf./halil-tosunoglu-8haziranbilgiguvenligigunu/download.html, ( 14.08.2013 tarihinde erişilmiştir.)
- D Boneh, RA Demillo, RJ Lipton, ''On the Importance of Checking Cryptographic Protocols for Faults", in Advances in Cryptology-Eurocrypt 97, Springer LNCS v 1233 pp 37-51.
- E Biham, A Shamir, ''Differential Fault Analysis of Secret Key Cryptosystems", in Advances in Cryptology-Crypto 97 Springer LNCS v 1294 pp 513-525.
- J Loughry, DA Umphress, ''Information leakage from optical emanations", in ACM Transactions on Information and System Security v 5 no 3 (Aug 2002) pp 262-289
- DX Song, D Wagner, XQ Tian, ''Timing analysis of keystrokes and SSH timing attacks," in Proceedings of 10th USENIX Security Symposium (2001).
- SP Skorobogatov, ''Optically Enhanced Position-Locked Power Analysis", in CHES 2006 pp 61-75
- Wenhan Yang, Yinghua Lu, Jun Xu, "Video information recovery from EM leakage of computers based storage oscilloscope" Beijing 2010.
- Yang X N, Lou C Y, Xu J L. Theory and Application of Software Radio. Beijing: Publishing House of Electronics Industry, 2001 (in Chinese)
- Zhang H X, Lu Y H, He P F, Wang H X. Text recovery from EM leakage of computers. Journal of Southwest Jiaotong University, 2007, 42(6): 653-658 (in Chinese).
- Xiang C B, Zhang H Z, Song J Z, Qiao S. Automatic synchronous signal extraction and steady display of non standard video information. Journal of Data Acquisition & Processing, 2007, 22 (4): 486-490 (in Chinese).
VERİ GÜVENLİĞİNDE TEMPEST SALDIRI TÜRLERİ ÜZERİNE TARİHSEL BİR İNCELEME
Year 2013,
Volume: 6 Issue: 2, 121 - 152, 06.05.2015
Hamdi Altıner
Hamdi Altıner
Ediz Şaykol
,
Ediz Şaykol
Abstract
Hayatımızın bir vazgeçilmezi haline gelen bilgisayarlar, günümüzde bazen
farkında olmadan kendimiz bazen de kötü niyetli kişiler tarafından çok etkin
bir ateşsiz silah olarak kullanılabilmektedir. Gayri yasal yollarla elde edilen
bilgilerin ifşa edilmesi ile dünya çapında kaoslar oluşturulmakta, ülke
güvenlikleri tehlikeye atılmakta, sağlık, elektrik, haberleşme hizmetleri gibi
hayati faaliyetler durdurulmakta, şirketler zarara uğratılmakta ve özel hayatın
gizliliği ihlal edilerek, hızla büyüyen bir ağ gibi tüm insanlık bu tehditlere
karşı savunmasız hale gelmektedir.
Bu tehditler artan hız ve karmaşıklıkta devam etmekte olup bilişim
hayatımızın içerisinde yer aldığı sürece de devam edecektir. Bilişim
güvenliğinin sağlanmasına yönelik çabalar bitmeyen ve devamlı iyileştirmeler
ile güncel tutulması gereken bir faaliyet olmalıdır. Bu nedenle bilişim
güvenliği bir son durum değil, hiç bitmeyen, yaşayan bir süreç olarak
algılanmalıdır.
Kişisel bilişim güvenliğine kıyasla kurumsal bilişim güvenliği daha çok
bileşenli, önemli ve yönetimi zor bir süreçtir. Bu nedenle daha yüksek bir
maliyet ve iş gücü gerektirir. Bilişim güvenliği pek çok ana ve alt konulardan
meydana gelmektedir ancak özellikle gizli bilgilerin işlendiği kurumlarda
uyulması gereken güvenlik önlemlerinin başında TEMPEST gelmektedir.
Bilgi güvenliğinin değerini artırdığı günümüzde TEMPEST konusunun önemi
daha da belirginleşmiştir.
References
- JMcNamara, ''The Complete, Unofficial TEMPEST Information Page", at http://www.eskimo.com/~joelm/tempest.html.
- Major General RFH Nalder, 'History of the Royal Corps of Signals', published by the Royal Signals Institution (1958).
- USA National Security Agency (NSA), TEMPEST: A signal problem; Cryptologic Spectrum, 1972.
- Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Dergisi Cilt:2 Sayı:3 "TEMPEST, TEMPEST'in Keşfi ve Sinyal Analizi, Değerlendirme Kriterleri ve Ölçüm Sistemleri, Cihaz Tasarımı". Mayıs-Ağustos 2010.
- W Ware, ' Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security', Rand Report R609-1, The RAND Corporation, Santa Monica, CA (Feb 1970), available from http://csrc.nist.gov/publications/history/index.html.
- P Wright, 'Spycatcher-The Candid Autobiography of a Senior Intelligence Officer',William Heinemann Australia, 1987, ISBN 0-85561-098-0
- W Van Eck, ''Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? in Computers and Security v 4 (1985) pp 269-286.
- RJ Anderson, MG Kuhn, ' 'Tamper Resistance-a Cautionary Note", in Proceedings of the Second Usenix Workshop on Electronic Commerce (Nov 96) pp 1-11; http://www.cl.cam.ac.uk/users/rja14/tamper.html.
- P Kocher, ''Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems", in Advances in Cryptology-Crypto 96 Springer LNCS v 1109 pp 104-113, 1996
- MG Kuhn, RJ Anderson, ''Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations", in Proceedings of the Second International Workshop on Information Hiding (Portland, Apr 98), Springer LNCS v 1525 pp 126-143.
- P Kocher, ''Differential Power Analysis", in Advances in Cryptology-Crypto 99 Springer LNCS v 1666 pp 388-397; a brief version was presented at the rump session of Crypto 98.
- MG Kuhn, ''Optical Time-Domain Eavesdropping Risks of CRT Displays" in IEEE Symposium on Security and Privacy (2002)
- D Asonov, R Agrawal, ''Keyboard Acoustic Emanations", IBM Almaden Research Center, 2004.
- L Zhuang, F Zhou, JD Tygar, ''Keyboard Acoustic Emanations Revisited" in 12th ACM Conference on Computer and Communications Security (2005).
- SJ Murdoch, ''Hot or Not: Revealing Hidden Services by their Clock Skew", in 13th ACM Conference on Computer and Communications Security. 2006
- Ross Anderson "Security Engineering: A Guide to Building Dependable Distributed Systems" Second Edition, Chapter 17, Emission Security, Cambridge, January 2008.
- USA Air Force, Emissoin Security Countermeasures Reviews; USA Air Force Systems Security Security Memorandum 7011, 1998.
- R Gonggrijp, WJ Hengeveld, A Bogk, D Engling, H Mehnert, F Rieger, P Scheffers, B Wels, ''Nedap/Groenendaal ES3B voting computer-a security analysis", Oct 2006, at http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en
- L. Ordu, S. B. Ors, "Yan Kanal Analizi Saldirilarina Genel Bakis", Ulusal Elektronik Imza Sempozyumu Bildiriler Kitabi, sayfa: 242-249, 07-08 Aralık 2006.
- Anderson, R., Kuhn, M., Tamper resistance - a cautionary note, Proceedings of the 2nd USENIX Workshop on Electronic Commerce, 1-11, 1996.
- Kommerling, O. ve Kuhn, M.G., Design principles for tamper resistant smartcard processors, Workshop on Smartcard Technology 1999
- Boneh, D., DeMillo, R.A., Lipton R.J., On the importance of checking cryptographic protocols for faults, EUROCRYPT'97, vol 1233, 37-51, 1997
- Joye M., Lenstra A.K. and Quisquater J.-J, Chinese remaindering based cryptosystem in the presence of faults. Journal of Cryptology, 4(12), 241-245, 1999.
- Örs, S.B., Hardware Design Of Elliptic Curve Cryptosystems And Side-Channel Attacks. PhD thesis, Katholieke Universiteit Leuven, Faculteit Toegepaste Wetenschappen, Departement Elektrotechniek, Kasteelpark Arenberg 10, 3001 Leuven (Heverlee), Belgium, February 2005.
- D Brumley, D Boneh, ''Remote timing attacks are practical", in Computer Networks v 48 no 5 (Aug 2005) pp 701-716
- Dhem J.F., Design of an effcient public-key cryptographic library for RISC-based smart cards. PhD thesis, UCL Crypto Group, Laboratoire de microelectronique (DICE), May 1998.
- Walter C.D., Montgomery exponentiation needs no final subtraction. Electronic letters, 35(21) 1831-1832, October 1999.
- Walter C.D., MIST: An efficient, randomized exponentiation algorithm for resisting power analysis. vol 2271 of Lecture Notes in Computer Science, pages 53-66, San Jose, USA, February 2002.
- Hachez G. and Quisquater J.-J.. Montgomery exponentiation with no final subtractions: Improved results. In C. K. Koç and C. Paar, editors,Proceedings of 2nd International Workshop on Cryptographic Hardware and Embedded Systems (CHES), vol 1965 pages 293-301, Worcester, Massachusetts, USA, August 17-18 2000.
- TS Messergues, EA Dabish, RH Sloan, ''Investigations of Power Analysis Attacks on Smartcards", in Usenix Workshop on Smartcard Technology, pp 151-161
- R Meyer-Sommer, ''Smartly analyzing the simplicity and the power of simple power analysis on Smartcards", in Workshop on Cryptographic Hardware and Embedded Systems (2000); Springer LNCS v 1965 pp 78-92
- Kang S.-M., and Leblebici Y., CMOS Digital Integrated Circuits: Analysis and Design. McGraw Hill, 2002.
- Kocher, P., Jaffe, J. ve Jun, B., Differential power analysis, CRYPTO'99, vol. 1666, 388-397, 1999.
- Ordu L., AES Algoritmasının FPGA Üzerinde Gerçeklenmesi ve Yan-Kanal Analizi Saldırılarına Karşı Güçlendirilmesi. Yüksek Lisans Tezi, İTÜ Fen Bilimleri Enstitüsü, Haziran 2006.
- Oswald E., On Side-Channel Attacks and the Application of Algorithmic Countermeasures. PhD Thesis. June 2003.
- J Quisquater, D Samyde, ''ElectroMagnetic Analysis EMA):Measures and Counter-Measures for Smart Cards" in nternational Conference on Research in Smart Cards, Springer LNCS v2140 pp 200-210.
- Messerges T.S., Power Analysis Attacks and Countermeasures on Cryptographic Algorithms. PhD thesis, University of Illinois, 2002.
- Borst J., Block Ciphers: Design, Analysis and Side-Channel Analysis. PhD thesis, K.U.Leuven, September 2001.
- Şadi Evren ŞEKER, DES (Veri Şifreleme Standardı, Data Encryption Standard), http://www.bilgisayarkavramlari.com/2008/03/13/des-veri-sifreleme-standardi-data-encryption-standard/ (25.07.2013 arihinde erişilmiştir.)
- Chari, S., Jutla C.S., Rao, J.R. ve Rohatgi, P., Towards sound approaches to counteract power-analysis attacks, CRYPTO'99, v1666, 398-412, 1999
- Goubin, L. ve Patari, J., DES and differential power analysis the "duolication" method, CHES-1999, vol. 1717, 158-172. 1999.
- Akkar, M.L. ve Giraud, C., An implementation of DES and AES, ecure against some attacks, CHES 2001, Third International Workshop., vol. 2162, 309-318, 2001
- Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V., A side-channel analysis resistant description of the AES S-Box, FSE 2005, vol. 3557, 2005
- MG Kuhn, ''Electromagnetic Eavesdropping Risks of Flat-Panel Displays", in PET 2004, at http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
- S Krempl, ''Lauschangriff am Geldautomaten", in Der Spiegel Jan 8 1999; at http://web.archive.org/web/20001031024042/http://www.spiegel.de/netzwelt/technologie/0,1518,13731,00.html.
- ER Koch, J Sperber, 'Die Datenmafia', Rohwolt Verlag (1995) ISBN 3-499-60247-4
- US Army, 'Electromagnetic Pulse (EMP) and Tempest Protection for Facilities', Corps of Engineers Publications Depot, Hyattsville (1990).
- Halil Tosunoğlu, Ortak Kriterler ve Bilgi Güvenliği, TÜBİTAK -BİLGEM -UEKAE 24 Haziran 2011, ANKARA https://www.bilgiguvenligi.gov.tr/dokuman-yukle/6.-kamu-kurumlari-bilgi-teknolojileri-guv.-konf./halil-tosunoglu-8haziranbilgiguvenligigunu/download.html, ( 14.08.2013 tarihinde erişilmiştir.)
- D Boneh, RA Demillo, RJ Lipton, ''On the Importance of Checking Cryptographic Protocols for Faults", in Advances in Cryptology-Eurocrypt 97, Springer LNCS v 1233 pp 37-51.
- E Biham, A Shamir, ''Differential Fault Analysis of Secret Key Cryptosystems", in Advances in Cryptology-Crypto 97 Springer LNCS v 1294 pp 513-525.
- J Loughry, DA Umphress, ''Information leakage from optical emanations", in ACM Transactions on Information and System Security v 5 no 3 (Aug 2002) pp 262-289
- DX Song, D Wagner, XQ Tian, ''Timing analysis of keystrokes and SSH timing attacks," in Proceedings of 10th USENIX Security Symposium (2001).
- SP Skorobogatov, ''Optically Enhanced Position-Locked Power Analysis", in CHES 2006 pp 61-75
- Wenhan Yang, Yinghua Lu, Jun Xu, "Video information recovery from EM leakage of computers based storage oscilloscope" Beijing 2010.
- Yang X N, Lou C Y, Xu J L. Theory and Application of Software Radio. Beijing: Publishing House of Electronics Industry, 2001 (in Chinese)
- Zhang H X, Lu Y H, He P F, Wang H X. Text recovery from EM leakage of computers. Journal of Southwest Jiaotong University, 2007, 42(6): 653-658 (in Chinese).
- Xiang C B, Zhang H Z, Song J Z, Qiao S. Automatic synchronous signal extraction and steady display of non standard video information. Journal of Data Acquisition & Processing, 2007, 22 (4): 486-490 (in Chinese).