基于个性化隐私需求的查询隐私保护算法研究

现有大多数基于位置服务（location based service,LBS）的隐私保护算法都将对用户位置隐私的保护等同于对整个LBS查询服务隐私的保护. 但是,在用户位置信息已知的前提下,这些算法有可能面临推断攻击. 在考虑用户个性化隐私需求的情况下,基于四分树结构提出了能够避免此类推断攻击的隐私保护算法;为了有效的减小隐惹区域的大小基于半象限的定义对该算法进行了进一步优化. 最后,通过仿真实验验证了算法抵御推理攻击的有效性.     

基于代理重加密的云数据共享机制的研究与实现

为了使得云端数据能灵活安全地进行共享,该文对基于代理重加密的共享机制进行了研究。该文利用代理重加密实现代理授权,设计了一种云端数据授权共享方案。代理重加密算法使用了双线性对,其安全性基于判定双线性Diffie-Hellman(Decisional bilinear Diffie-Hellman,DBDH)假设。在该方案基础上,实现了一个基于Hadoop云存储平台的云端数据共享原型系统,对其进行了测试和分析。该系统的数据共享具有高效性和安全性。该文工作对代理重加密在云端数据共享中的应用具有借鉴价值。     

一种基于安全索引的位置隐私保护方法

基于位置的服务(location based services, LBS)为人们日常生活带来极大便利的同时也严重地威胁到用户的隐私.为了在保护用户位置隐私的同时降低用户的查询代价,提出了一种基于安全索引的位置隐私保护方法(location privacy protection method based on secure index, LPPMSI).LPPMSI不需要用户搜集数据信息,数据拥有者为虚假位置信息建立安全索引.用户能够安全、快速地检索到虚假位置信息,服务器再执行基于虚假位置的LBS.并且还提出了基于滑动窗口的候选位置选择算法,有效减少候选位置选择时间.实验结果表明,LPPMSI在不改变隐私保护能力的前提下,不需要用户花费大量时间搜集数据分布及查询概率信息.     

基于车载自组织网络的数据和能量协同路由算法

针对车载自组织网络中路边单元具有较高碳足迹和部署成本的问题, 提出一种车载自组织网络中数据与能量协同的路由算法, 通过路边单元间的能量合作及路边单元与下行车辆能量传输的方法, 实现网络生命周期最大化. 其中路边单元节点可从自然界和车辆中收集能量, 并通过能量协作将路边单元节点获得的部分能量传输给邻居路边单元节点. 通过分析数据速率、 传输功率和能量传输, 解决了能量和数据路由中最大网络生命周期的问题, 确定了能量和数据路由联合优化策略的必要条件, 并基于分布式Lagrange-Newton迭 代算法更新数据流、 能量流和功率控制, 使算法能更快地收敛到最优操作点. 实验结果表明, 在车载自组织网络中的能量合作框架可有效改善网络生命周期.     

基于车载自组织网络的数据和能量协同路由算法

针对车载自组织网络中路边单元具有较高碳足迹和部署成本的问题, 提出一种车载自组织网络中数据与能量协同的路由算法, 通过路边单元间的能量合作及路边单元与下行车辆能量传输的方法, 实现网络生命周期最大化. 其中路边单元节点可从自然界和车辆中收集能量, 并通过能量协作将路边单元节点获得的部分能量传输给邻居路边单元节点. 通过分析数据速率、 传输功率和能量传输, 解决了能量和数据路由中最大网络生命周期的问题, 确定了能量和数据路由联合优化策略的必要条件, 并基于分布式Lagrange-Newton迭 代算法更新数据流、 能量流和功率控制, 使算法能更快地收敛到最优操作点. 实验结果表明, 在车载自组织网络中的能量合作框架可有效改善网络生命周期.     

一种路-车通信中的喷泉协作节能传输机制

为了减少路车间通信(road to vehicle communications,RVC)中路边设施的能量消耗,提出一种将由一个路边设施的覆盖区域改为由多个较小功率的路边设施来覆盖,而在路边设施之间通过协作来共同完成向车辆的数据传输.路边设施间的协作传输通过对数据进行喷泉编码、利用喷泉编码的信息累积特性来实现.理论分析和仿真结果表明,采用喷泉协作传输机制,在保证QoS的情况下,路边设施的发送功率有较大的下降.     

协作代理增量查询的LBS隐私保护方法

针对基于位置服务(LBS)应用中现有隐私保护方法受系统体系结构局限,提出了一种协作代理增量查询的LBS隐私保护方法:移动用户通过Chord协议自组织为P2P网络,同时采用簇节点状态维护机制,以及负载均衡机制来保证系统稳定,用户消费服务时,通过模糊自身真实位置,并在网络内选择协作意愿度高的代理用户,由其完成代理增量近邻查询.从理论上对P2P网络性能及算法效率进行了实验,结果表明:该方法在不牺牲服务质量的同时具有较高的计算效率,实现了隐私保护度与服务质量的平衡.     

考虑道路形状约束的车辆轨迹聚类方法

随着车联网技术的不断发展,产生了海量车辆轨迹数据。这些车辆轨迹数据可以通过聚类分析方法挖掘出车辆行驶的潜在规律,从而实现指导车辆出行的目的。提出一种基于密度的车辆轨迹聚类方法,对基于道路形状关键点位置选取的车辆轨迹信息进行重构,并考虑车辆在路网中移动的空间约束,分析聚类结果得到城市道路的交通状况,以此指导车辆出行以避免或减轻车辆拥堵。基于福州市真实的车辆数据对提出的车辆轨迹聚类算法进行验证,并对最后的聚类结果进行了详细的分析。实验结果表明,针对车辆轨迹聚类并结合道路网络的方法能够更加真实反映车辆的行为特征。     

基于脆弱水印的轨迹数据篡改检测方法

轨迹数据是导航与位置服务系统的核心,是一种重要的数据资源。为验证轨迹数据的完整性,检验轨迹数据是否被篡改,提出一种基于脆弱水印的轨迹数据篡改检测方法。该方法包括水印嵌入算法和水印检测算法,其中水印嵌入算法和水印检测算法分别由组水印和轨迹点水印算法组成。嵌入水印时,首先将轨迹数据按照分组时间分为若干个组,然后将由组标识生成的组水印和由轨迹点坐标生成的轨迹点水印分别嵌入到轨迹点坐标的最低有效位与次最低有效位。水印检测时,首先分别对轨迹数据进行组水印和轨迹点水印检测,然后通过水印验证向量的结果来判定轨迹数据的完整性,最后统计篡改检测率并评估算法的脆弱性。结果表明,当轨迹数据以不同的分组和篡改幅度篡改时,其修改检测率均大于99%,而且该算法可以定位数据篡改并识别篡改类型,最后通过实验验证了这一点。该方法可为同类轨迹数据篡改检测算法的设计提供参考。     

5G环境下移动用户位置隐私保护方法研究

为解决5G环境下高频次位置服务（location based service,LBS）带来的位置隐私暴露问题,分析了5G环境下移动用户位置隐私泄露风险,梳理了已有隐私保护技术,并对3类常见方法进行分析对比,针对5G环境下位置隐私保护面临的新挑战,提出了一种适合5G环境的隐私保护方法,即融合定位隐私保护方法.该方法通过降维初步处理、融合隐私算法及传输加密方法,在不提升复杂度的情况下,处理了从定位维度选择、定位中间过程乃至传输全链路的风险.仿真分析结果表明,该方法能在混合场景下实现高效的隐私保护,适用于5G超密集高频次位置服务.      

Efficient Conditional Privacy-Preserving and Authentication Scheme for Secure Service Provision in VANET

Vehicle Ad hoc NETworks(VANET) can enhance traffic safety and improve traffic efficiency through cooperative communication among vehicles, roadside infrastructure, and traffic management centers. To guarantee secure service provision in VANET, message authentication is important. Moreover, a vehicle user's private information can also be leaked during service provision. A protection mechanism is needed to prevent such leakage. Therefore, we propose a conditional privacy-preserving and authentication scheme for secure service provision in VANETs. The proposed scheme not only satisfies the security requirements of VANETs, but also optimizes the calculation process of signature generation and verification. We carry out a detailed comparative analysis. The result shows that the proposed scheme is more efficient than existing schemes in terms of communication overhead and computational cost. Therefore, our scheme is suitable for secure service provision in VANETs.     

一种大数据平台敏感数据安全共享的框架

 大数据平台存储了海量的用户敏感数据,这些敏感数据的共享有助于企业降低为用户提供个性化服务的成本,实现数据增值,而数据的安全共享是一个亟待解决的问题.通过分析敏感数据安全现状,提出了一个大数据平台敏感数据安全共享系统框架,包括数据平台上敏感数据的安全提交、存储、使用和销毁;研究了基于密文异构转化的代理重加密算法和基于虚拟机监控器的用户进程保护方法等关键技术,为系统功能的实现提供了支撑.该框架能够保护用户敏感数据的安全性,有效实现这些数据的安全共享,同时使数据拥有者完全掌握自身数据的控制权,从而有利于营造现代互联网信息安全的良好环境.     

Secure Sensitive Data Sharing on a Big Data Platform

Users store vast amounts of sensitive data on a big data platform. Sharing sensitive data will help enterprises reduce the cost of providing users with personalized services and provide value-added data services.However, secure data sharing is problematic. This paper proposes a framework for secure sensitive data sharing on a big data platform, including secure data delivery, storage, usage, and destruction on a semi-trusted big data sharing platform. We present a proxy re-encryption algorithm based on heterogeneous ciphertext transformation and a user process protection method based on a virtual machine monitor, which provides support for the realization of system functions. The framework protects the security of users' sensitive data effectively and shares these data safely. At the same time, data owners retain complete control of their own data in a sound environment for modern Internet information security.     

Attribute-based re-encryption scheme in the standard model

In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext under another set of attributes on the same message, but not vice versa, furthermore, its security was proved in the standard model based on decisional bilinear Diffie-Hellman assumption. This scheme can be used to realize fine-grained selectively sharing of encrypted data, but the general proxy rencryption scheme severely can not do it, so the proposed schemecan be thought as an improvement of general traditional proxy re-encryption scheme.     

Fine-grained and heterogeneous proxy re-encryption for secure cloud storage

Cloud is an emerging computing paradigm. It has drawn extensive attention from both academia and industry. But its security issues have been considered as a critical obstacle in its rapid development. When data owners store their data as plaintext in cloud, they lose the security of their cloud data due to the arbitrary accessibility, specially accessed by the un-trusted cloud. In order to protect the confidentiality of data owners＇ cloud data, a promising idea is to encrypt data by data owners before storing them in cloud. However, the straightforward employment of the traditional encryption algorithms can not solve the problem well, since it is hard for data owners to manage their private keys, if they want to securely share their cloud data with others in a fine-grained manner. In this paper, we propose a fine-grained and heterogeneous proxy re-encryption （FH- PRE） system to protect the confidentiality of data owners＇ cloud data. By applying the FH-PRE system in cloud, data owners＇ cloud data can be securely stored in cloud and shared in a fine-grained manner. Moreover, the heteroge- neity support makes our FH-PRE system more efficient than the previous work. Additionally, it provides the secure data sharing between two heterogeneous cloud systems, which are equipped with different cryptographic primitives.     

Public Auditing for Encrypted Data with Client-Side Deduplication in Cloud Storage

Storage auditing and client-side deduplication techniques have been proposed to assure data integrity and improve storage efficiency, respectively. Recently, a few schemes start to consider these two different aspects together. However, these schemes either only support plaintext data file or have been proved insecure. In this paper, we propose a public auditing scheme for cloud storage systems, in which deduplication of encrypted data and data integrity checking can be achieved within the same framework. The cloud server can correctly check the ownership for new owners and the auditor can correctly check the integrity of deduplicated data. Our scheme supports deduplication of encrypted data by using the method of proxy re-encryption and also achieves deduplication of data tags by aggregating the tags from different owners. The analysis and experiment results show that our scheme is provably secure and efficient.     

An Efficient and Practical Public Key Cryptosystem with CCA-Security on Standard Model

Chosen Ciphertext Attack （CCA） security on the standard model is widely accepted as the standard security notion for the public key cryptosystem. The existing CCA-secure public key cryptosystems on the standard model are expensive in terms of efficiency and practicality. In this paper, an efficient and practical public key cryptosystem is presented over the group of signed quadratic residues. It is provably secure against CCA on the standard model. Furthermore, public verifiability for this scheme is also realized in the way that projects the verification privacy key into public key on trapdoor pretending. It will be useful to devise efficient CCA-secure threshold and proxy re-encryption schemes on the standard model.     

强前向安全的提名多代理签名方案

针对前向安全技术存在攻击者在得到第i周期的私钥后,可以伪造本阶段和以后阶段签名的缺陷,将强前向安全技术、提名思想与多代理签名理论结合,利用Hash函数叠加,提出一个强前向安全的提名多代理签名方案.对其正确性和安全性的分析结果表明,该方案不仅具有强前向安全性,还具有多人分享代理权和提名验证人验证签名的特性.     

基于跟踪轨迹的车辆异常行为检测

为提高ITS(Intelligent Traffic System)交通事件管理的智能性, 提出基于跟踪轨迹的车辆异常行为检测,分为目标检测跟踪、轨迹分析处理和车辆行为分析3 个步骤。首先利用三帧差法对目标进行初始定位, 采用基于Kalman 预测器的改进跟踪算法对车辆进行跟踪; 然后提出采用最小二乘法自适应分段直线拟合算法对目标跟踪获得的运动轨迹进行快速拟合; 最后结合运动方向变化率和速度变化率两个参数建立车辆异常行为检测模型。实验结果表明, 在道路监控视频中, 该算法能快速准确检测急刹车、急转弯和急转弯刹车等车辆异常行为。     

基于反馈方式的车辆间合作下载方法研究

车联网中基于商业数据内容服务的下载越来越受到重视,如车载办公（office-on-wheels）和车载娱乐（entertainment-on-wheels）.由于路边接入点AP（access point）在道路上分布稀疏相互间隔较远（一般间隔几公里以上）,通过V2I（vehicle-to-infrastructure）车辆到路边接入点的通信下载一直处于一种断断续续的情况.考虑到地理位置相近的车辆可以形成“车辆簇”,文中提出了一种基于反馈方法的簇内车辆合作进行文件下载的机制,分析推导了该方法下载完整个文件所需循环次数的概率分布和均值.最后仿真验证了理论推导分析的正确性,与基于随机方式的车辆合作下载对比大大缩短了单个车辆下载文件的时间.