Verifiable Auditing Protocol with Proxy Re-Encryption for Outsourced Databases in Cloud

As a new computing paradigm, outsourcing computing provides inexpensive, on-demand, convenient storage and computing services for cloud clients. For the security of outsourcing databases to the cloud, it is important to allow the user to verify the query results returned by the cloud server. So far, tremendous efforts have been carried out to study secure outsourcing computing. The existing scheme supports that the user can detect the correctness and completeness of the query results even if the cloud server returns an empty set. However, since the data owner performs the database encryption operations and uploads the encrypted database to the cloud server, they require the user to request the data owner to decrypt the query results. In this paper, we propose a new scheme, which can accurately verify the search results. Meanwhile, the users can decrypt the query results independently. Furthermore, the proposed scheme supports a large number of data owners to upload their encrypted database to the cloud server, and it can efficiently verify the query results. Besides, we can prove that our proposed solution can achieve the desired security properties.     

Privacy Preserving Query over Encrypted Multidimensional Massive Data in Cloud Storage

Cloud storage is widely used in massive data outsourcing, but how to efficiently query encrypted multidimensional data stored in an untrusted cloud environment remains a research challenge. We propose a high performance and privacy-preserving query (pLSH-PPQ) scheme over encrypted multidimensional data to address this challenge. In our scheme, for a given query, the proxy server will return K top similar data object identifiers. An enhanced Ciphertext-Policy Attribute-Based Encryption (CP-ABE) policy is used to control access to the search results. Therefore, only the requester with the permission attribute can obtain correct secret keys to decrypt the data. Security analysis proves that the pLSH-PPQ scheme achieves data confidentiality and reserves the data owner’s privacy in a semi-trusted cloud. In addition, evaluations demonstrate that the pLSH-PPQ scheme can significantly reduce response time and provide high search efficiency without compromising on search quality.     

Public Auditing for Encrypted Data with Client-Side Deduplication in Cloud Storage

Storage auditing and client-side deduplication techniques have been proposed to assure data integrity and improve storage efficiency, respectively. Recently, a few schemes start to consider these two different aspects together. However, these schemes either only support plaintext data file or have been proved insecure. In this paper, we propose a public auditing scheme for cloud storage systems, in which deduplication of encrypted data and data integrity checking can be achieved within the same framework. The cloud server can correctly check the ownership for new owners and the auditor can correctly check the integrity of deduplicated data. Our scheme supports deduplication of encrypted data by using the method of proxy re-encryption and also achieves deduplication of data tags by aggregating the tags from different owners. The analysis and experiment results show that our scheme is provably secure and efficient.     

基于区块链的电子病历共享与可验证方案

为解决传统电子病历存储方案共享难、数据易篡改和隐私泄露问题,为此构建一种基于区块链的电子病历可搜索加密存储、高效共享与可验证方案。通过使用简洁非交互零知识证明(zero-knowledge succinct non-interactive arguments of knowledge, zk-SNARKs)构建用户身份认证系统,提高用户身份的隐私性,匿名性。通过提出基于改进Merkle树的格可搜索加密方案,实现电子病历的可搜索加密与验证方案;并在此基础上通过智能合约构造搜索方案的双重验证。通过将相应的加密数据外包到星际文件系统(interplanetary file system, IPFS)以降低存储成本。通过实验对加密算法性能、智能合约时间和花费开销、链下存储性能进行仿真测试。验证了该系统能够满足电子病历系统应用需求,并提高了数据完整性、搜索效率性和身份保密性。     

基于COM组件的医疗图像混合编程

介绍了如何利用matlab的强大科学计算能力对医疗领域X光片进行处理,构建了一个很方便医疗工作者使用的方案,即通过终端设备与服务器的交互,实现实时反馈,满足特殊条件下的医疗应急处置要求。     

A novel fuzzy keyword retrieval scheme over encrypted cloud data

In this paper, we focus on the fuzzy keyword search problem over the encrypted cloud data in the cloud computing and propose a novel Two-Step-Bloom-Secure-Filter (TSBSF) scheme based on Bloom filter to realize the efficiency and flexibility of data use. The proposed scheme not only reduces the space complexity significantly but also supports the data update with low time complexity and guarantees the search accuracy. Experimental results on real world data have certified the validity and practicality of this novel method.     

Improved verifiability scheme for data storage in cloud computing

In Cloud computing,data and service requests are responded by remote processes calls on huge data server clusters that are not totally trusted.The new computing pattern may cause many potential security threats.This paper explores how to ensure the integrity and correctness of data storage in cloud computing with user’s key pair.In this paper,we aim mainly at constructing of a quick data chunk verifying scheme to maintain data in data center by implementing a balance strategy of cloud computing costs,removing the heavy computing load of clients,and applying an automatic data integrity maintenance method.In our scheme,third party auditor (TPA) is kept in the scheme,for the sake of the client,to periodically check the integrity of data blocks stored in data center.Our scheme supports quick public data integrity verification and chunk redundancy strategy.Compared with the existing scheme,it takes the advantage of ocean data support and high performance.     

基于蓝牙技术的医疗监护系统信息安全机制

针对基于蓝牙技术的医疗监护系统信息安全机制存在的问题,提出了隐藏设备地址、增加PIN码长度、采取强度更高的加密算法等解决方法。着重研究了加密算法设计,应用一种新的加密算法——Blowfish加密算法取代蓝牙标准的EO流加密算法。通过分析表明,此算法可有效地加强蓝牙传输的安全性能,能够满足现代医疗监护系统的安全要求。     

基于云-边协同技术的突发性滑坡灾害监测预警体系研究

作为自然灾害影响最为严重的国家之一,滑坡预警体系的建立和完善对于我国防灾减灾具有重要意义。目前成熟的滑坡预警体系以云端服务器为中心,完成数据集成、预警计算及信息发布等任务。然而,由于网络传输延迟、服务器运算时延的影响,从数据采集到客户端信息接收的过程中,存在较长的时耗过程,使预警体系存在一定程度的预警时延。同时,目前预警体系受制于数据传输条件,在灾后断电断网的场景下,现场监测网络无法与云端服务器建立连接,监测预警工作难以有效进行。为此,基于云-边协同技术,本文对滑坡灾害监测预警体系进行了深入研究,并开发了云端监测预警平台和边缘预警计算终端。通过真实滑坡监测数据模拟验证了云端与边缘预警计算终端协同工作时滑坡监测预警体系的有效性。该研究为对提高滑坡预警体系稳定性,尤其是极端网络条件下实现滑坡灾害有效预警具有积极作用。     

Key management for outsourced data security

This paper analyzes the efficiency and security of bilinear-map-based schemes and brings about an AAA based publicly auditable scheme for cloud computing,which is much more efficient.In this scheme,a trust model including four entities is designed to provide both integrity and confidentiality protection.The proposed scheme can be proved to achieve the security goals that no cheating cloud server can pass the auditing without storing users’data intact.The efficiency of the proposal is evaluated by analyzing the fulfillment of the design goals,including the computation cost,communication cost and storage cost of our scheme.This light weight publicly auditable Proof-of-storage scheme achieves security goals perfectly,and has an excellent efficiency performance superior to the current bilinear-map-based publicly auditable Proof-of-storage scheme.     

安全云环境中基于minhash函数的多关键字检索方案

为了降低硬件购置成本,许多机构倾向于使用稳健快速的云服务将他们的数据转包出去;然而,外包数据可能含有需要防护的敏感数据;而云提供商并不能可靠满足这一要求.因此,必须采取防护措施,以保护敏感数据不受到云服务器和其他未授权机构的破坏.提出了一种基于Minhash函数的高效加密云数据隐私保护多关键字检索方法;该方法根据数据所有者生成并外包给云服务器的加密可检索索引进行加密云检索.已知检索内容后,服务器采用tf-idf加权法将检索内容与可检索索引相比较,除了鉴于隐私因素可被泄露的信息外,不需其他信息即可返回结果.基于公开的Enron数据集的仿真实验结果表明,该方法可保证用户只会检索到最相关的条目,不会对用户造成不必要的通信和计算负担.另外,在检索精度方面,也要优于现有的方法.     

一种基于可信计算平台的数字签名方案

为了提高数字签名方案的安全性,提出了一种基于可信平台的签名方案,该方案采用双私钥设计,同时,利用可信平台,以及智能卡等安全设备增加了系统的安全性.为防止消息在公共信道篡改,消息和签名将被用户与签名者的一次一密密码系统加密处理.最后,给出方案的正确性证明、安全性分析.     

云计算环境中基于属性的多权威访问控制方法

在云计算环境中,如何实现在不可信及动态变化的云计算环境中对加密数据的访问控制是云计算走向实际应用亟待解决的问题之一.文中提出了一种基于属性的访问控制方法,该方法将密文长度及加解密过程的计算量限制为固定值,提高了系统的计算效率,并且引入了层次化的授权结构,降低了单一权威授权的负担,提高了安全性.文中分析了方法的安全性、可扩展性和计算复杂性等性能,实验结果证明了该方法在域权威授权、用户授权及加解密等过程中的计算量上的优越性.     

非连接C/S计算模式数据同步解决方案

非连接客户机 /服务器计算模式是一种较为常见的体系结构。其具体特点是系统中各客户机离线运行 ,只是在合适的时刻进行远程数据的同步。同步要求包括两个方面 ,一是工作站业务数据送入服务器外 ,二是借助于服务器将有关业务数据传送给其它客户机。本文以一个实际的非连接客户机 /服务器系统设计为依托 ,较为祥细地介绍了利用“电子通知对象”进行数据同步的一种解决方案。通过对国内相关资料的检索证实该方案属于技术创新 ,并且现实系统运行正常、良好 ,进而证明了该方案的正确性     

一种结合H.264/AVC CABAC熵编码器特征的视频选择性内容加密算法

为了对数字视频内容进行快速高效加密,提出了一种新的选择性内容加密算法.在H.264/AVC的场景自适应算术编码（CABAC）熵编码器的“二进制算术编码”阶段引入伪随机化.通过CABAC熵编码器的M编码器,自身完成视频数据单元的加密操作,无需额外的加密模块.实验表明：新算法不会降低CABAC熵编码器的压缩效率,加密后的视频码流有效地隐藏了源视频的可视信息.     

一种基于椭圆曲线的高效自证明密钥分配协议

为了解决现有密钥分配协议所存在的工作效率偏低和资源占用率偏高等问题,提出了一种基于椭圆曲线密码体制的高效安全密钥分配协议.该协议通过引入公钥自证明思想,将用户身份认证和密钥数据恢复有机结合在一起,无需繁琐的身份鉴别认证操作和时钟同步过程,也无需可信CA中心和时戳服务器,只需要一次数据发送过程即可直接完成密钥分配任务.分析表明,该协议结构简单,具有较高的工作效率、较低的资源占用率和较强的安全性,能有效抵抗目前已知的各种攻击.     

云计算支撑信息服务社会化、集约化和专业化

从图灵计算机到网格计算的发展,云计算要求云计算中心支持社会化、集约化和专业化的信息服务,从而达到“网络丰富,边缘简单、交互智能”。系统阐述了云计算的核心技术,提出了“虚拟集群”的概念,计算资源的虚拟化组织、分配和使用有利于资源合理配置并提高利用率,促进节能减排,实现绿色计算。指出高端服务器和虚拟集群将是云计算发展的重要方向,形成新的高端服务器产业链将成为计算中心、数据中心发展的趋势。     

混沌键控视频加密方案研究

针对流式加密阻碍加密系统并行化的实现,以及混沌序列随机特性不强等问题,提出基于混沌键控的视频加密方案.该方案选用三维洛伦兹系统、四维陈系统和四维细胞神经网络系统作为备选密钥源,由明文视频帧本身来决定密钥源系统及其初始条件,并对生成的混沌序列进行优化和映射,以提高其随机序列特性.最后遵循扩散和混淆的原则,对视频信息进行加密.每一个像素的加密值均与明文视频帧、加密密钥和前两个像素的加密值相关.该加密方案可采用多通道同时对视频信息进行加解密,平衡了密钥空间和加密效率的关系,可满足视频加密的实时性要求;密钥敏感性和明文敏感性强;统计特性完全被打破;具有良好的抗噪性.可有效地抵抗密码分析攻击,安全性高,实用性强.     

一种面向大规模计算机的监控管理系统

随着超级计算机系统性能的提升,系统规模越来越大,如何高效管理这些系统成为高性能计算机亟待解决的关键问题之一.本文提出了一种针对大规模计算机的监控管理系统——MMS(Monitoring and Management System).MMS采用分布式系统结构来提高监控管理系统的效率;监控信息的精细化处理降低了监控系统对计算网络的影响同时提高了基于web的客户端的反应速度;两级异步通信机制提高了MMS系统数据采集效率.理论分析与实验结果表明MMS运行效率高、可靠性好.     

WebSocket服务器推送技术的研究

采用传统的＂请求—应答＂模式,使用户从互联网中得到有用的数据信息非常困难,如果互联网可以主动将有用的信息发送到客户端,将会跟用户带来很大的帮助。笔者提出了一种服务器推送方案,该方案使用了基于WebSocket协议的服务器推送技术,还利用了复杂事件处理技术对数据进行快速处理。这种方案可以运用到即时通信系统、股票交易系统、即时订票系统、监控系统等多种实时系统中。