基于AES和ECC的混合加密系统的设计与实现

基于AES的加密算法具有速度快、强度高、便于实现等优点和ECC加密算法具有密钥分配与管理简单、安全强度高等优点,采用AES加密算法加密大数据块,而用ECC加密算法管理AES密钥,通过集成AES加密算法和ECC加密算法的优点,实现了加密速度快和安全方便管理密钥的优点,有效地解决了密码体制中速度和安全性不能兼顾的问题。     

面向社交网络的隐私保护方案

针对社交网络的隐私安全问题,提出了一种新的社交网络隐私保护方案。首先设计了带陷门的属性加密算法,由属性权威机构与数据属主协同完成用户私钥的生成与分发,有效降低了数据属主的密钥管理代价。然后,通过令牌树机制控制用户对属性陷门的获取,实现了高效的属性撤销。安全性分析表明,该方案能够避免社交网络服务提供商与系统内部非授权用户的合谋攻击,且不泄漏用户的任何属性信息。实验结果证实,该方案在计算代价、存储代价等方面比现有方案更有优越性。     

基于分离密钥的云存储加密解决方案

原有的云存储模式所存在的问题已经困扰行业多年,在静态数据加密存储的过程中,只有实现真正意义上的数据私有化才能保证数据的安全,保障数据拥有者的利益。针对云存储应用中用户数据安全存储需求的提高,以Amazon S3(simple storage service)为例分析当前云存储模式下静态数据安全存在的普遍问题,设计了一套新的云端静态数据加密存储方案——分离密钥存储服务(separated key S3)解决方案,设计了新的密钥管理方法,从技术上实现了云端静态数据的安全,最后对该方案的数据安全性进行了分析。     

数据库加密中的二级密钥设计

数据库安全的一项关键技术是数据库加密,目前多采用数据库敏感字段加密来有效保障数据库的安全,一个敏感字段对应一个密钥,但加密密钥的生成与安全存储至关重要。因此,可以采取一种新的二级密钥机制,利用数据加密标准加密算法（DES,Data Encryption Standard）对主密钥加密变换来生成一系列的应用密钥,并且只需要保管好主密钥即可,无需考虑应用密钥的安全存储与通讯。这种借助于加密算法本身的安全与复杂变换生成应用密钥的天然组合,为数据库加密中的密钥生成与管理提供了更为有效的保障。     

主密钥在组播密钥管理中的应用

本文在改进的RSA体制基础上给出主密钥的生成算法,并在主密钥的基础上提出了主密钥管理方案,该方案将参与组播的成员分成若干子组,每个子组的密钥生成、分发和更新由一个主密钥控制器完成。当成员变化时,设计的密钥更新策略同时满足前向安全和后向安全,这就解决了组通信中的密钥管理问题,实现了安全的组播。同时该方案使得每个用户只需存储和管理一个密钥,就能与组内或组外的用户进行安全通信,降低了用户的负载。因此主密钥管理方案能适用于大规模的、在网络中广泛分布的和动态的组。     

云计算中一种紧凑型的外包访问控制方案

密文策略的属性加密是实现云平台上安全的访问控制方案的最佳选择。然而,在大多数密文策略的属性加密方案中,用户密钥长度与属性的个数之间成线性关系;用户的解密时间与访问结构的复杂度成正比关系。为了减少用户密钥的存储和解密计算开销,本文提出一种面向云计算平台的紧凑型的外包访问控制方案。方案中的访问结构可以支持“与”、“或”以及“门限”三种策略。它仅采用简单的哈希和异或运算就可以验证用户外包解密返回的数据是否正确。在随机预言机模型中,基于aMSE-DDH难题,证明了方案是选择密文攻击安全的。分析表明,本文方案能够安全的实现云计算环境下的访问控制,尤其当用户终端设备受限时实现的访问控制。      

基于ECC的智能家居密钥管理机制的实现

目前智能家居系统的数据加密技术多采用对称加密方式,但是这种方式存在密钥管理的问题,为实现密钥的安全,智能家居系统采用非对称加密技术,在此基础上设计了基于椭圆曲线密码体制(ECC)的密钥管理机制来达到保障密钥安全的目的.本密钥管理机制包括基于ECC的数据加密密钥管理机制和基于ECC的数字签名密钥管理机制,它们可以使得无线网络节点在身份认证,密钥的产生、分发、存储、更新等环节中密钥的安全性得到保障,其中密钥的存储环节利用了芯片内部闪存的读保护机制,实现了硬件级别的安全存储.最后对本机制的安全性、耗时和可扩展性进行了分析,结果表明该机制具有较强的安全性和可扩展性,在耗时方面优于E-G密钥管理方案.     

一种基于点集拓扑群分形变幻的云计算加密方法

为了加强云计算系统安全,采用点集拓扑分形变幻运算进行随机密钥生成,并运用椭圆加密算法进行数据加密.首先,对云计算安全防护体系结构进行了分析,主要有基础架构安全、用户数据安全和运营管理安全;接着从点击拓扑群论对象模型和分形变幻环运算详细分析了随机密钥生成;最后运用椭圆加密算法完成数据加密.采用指纹特征作为数据源,运用随机性高的点集拓扑分形变幻环运算和安全性高且速度快的椭圆加密算法,在很大程度上保证了用户端与云端数据交互的安全性,具有一定的研究价值.     

具有隐私保护的云存储访问控制方案

针对传统的访问控制方案无法在云计算环境下保护用户的属性隐私,提出了具有隐私保护的云存储访问控制方案。采用混合加密体制实现了数据的机密性,即利用对称密钥加密明文数据,再利用公钥密码体制对对称密钥进行加密。在新的访问控制方案中,公钥加密采用了匿名的密文策略下基于属性的加密技术。安全性分析表明,新方案在保护用户属性隐私的同时,达到了选择明文安全性,可抵抗恶意用户及云存储服务器的合谋攻击。     

嵌入时戳的10G EPON高效加密方案研究

为了保护10G EPON中下行数据的安全,基于10G EPON的测距原理,在加密算法中嵌入时戳信息。改进的安全方案的密钥和密文可随时间变化,同时OLT和ONU可利用时戳在动态测距过程中安全交换密钥,实现密钥的更新同步。实验结果证明了该方案的有效性。     

SecureDL: A privacy preserving deep learning model for image recognition over cloud

The key benefits of cloud services such as low cost, access flexibility, and mobility have attracted worldwide users to utilize deep learning algorithms for computer vision. These cloud servers are maintained by third parties, where users are always concerned about sharing their confidential data with them. In this paper, we addressed these concerns for by developing SecureDL, a privacy-preserving image recognition model for encrypted data over cloud. The proposed block-based image encryption scheme is well designed to protect image’s visual information. The scheme constitutes an order-preserving permutation ordered binary number system and pseudo-random matrices. The proposed method is proved to be secure in a probabilistic viewpoint, and using various cryptographic attacks. Experiments are conducted over several image recognition datasets, and the trade-off analytics between the achieved recognition accuracy and data encryption is well described. SecureDL overcomes the storage and computational overheads that occur with fully-homomorphic and multi-party computation based secure recognition schemes.     

云计算平台下基于属性加密的动态版权使用控制方案（英文）

In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.     

Hybrid cloud approach for block-level deduplication and searchable encryption in large universe

Ciphertext-policy attribute-based searchable encryption (CP-ABSE) can achieve fine-grained access control for data sharing and retrieval, and secure deduplication can save storage space by eliminating duplicate copies. However, there are seldom schemes supporting both searchable encryption and secure deduplication. In this paper, a large universe CP-ABSE scheme supporting secure block-level deduplication are proposed under a hybrid cloud mechanism. In the proposed scheme, after the ciphertext is inserted into bloom filter tree (BFT), private cloud can perform fine-grained deduplication efficiently by matching tags, and public cloud can search efficiently using homomorphic searchable method and keywords matching. Finally, the proposed scheme can achieve privacy under chosen distribution attacks block-level (PRV-CDA-B) secure deduplication and match-concealing (MC) searchable security. Compared with existing schemes, the proposed scheme has the advantage in supporting fine-grained access control, block-level deduplication and efficient search, simultaneously.     

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes.     

云环境下基于属性加密体制算法加速方案

云计算为租户提供存储、计算和网络服务，数据安全保护和租户间的数据共享与访问控制是其必不可少的能力。基于属性的加密体制是一种一对多的加密体制，可以根据用户属性实现细粒度访问控制，适用于云计算环境多租户数据共享。但现有的基于属性加密体制的算法效率较低，难以在实际环境中应用。分析了基于属性的加密体制的两种类型及其应用场景，提出一个基于属性加密体制算法的加速方案。通过实验表明，提出的方案可提高基于属性加密体制的密钥生成算法、加密算法和解密算法的效率。     

可证安全的高效可托管公钥加密方案

可托管公钥加密方案中一个公钥对应于2个解密私钥,它可大大减少公钥基础设施PKI中公钥证书的数目,从而降低其公钥证书管理的负荷。同时对于用户端来说,它也能减小所需私钥存储空间,减轻用户的私钥管理负担。提出2个新的可托管公钥加密方案,其中第二个方案是文献中所有现存同类方案中最为高效的一个。它也是第一个可证安全的方案,其安全性基于标准的双线性Diffie-Hellman假设。     

ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) are usually operated among vehicles moving at high speeds, and thus their communication relations can be changed frequently. In such a highly dynamic environment, establishing trust among vehicles is difficult. To solve this problem, we propose a flexible, secure and decentralized attribute based secure key management framework for VANETs. Our solution is based on attribute based encryption (ABE) to construct an attribute based security policy enforcement (ASPE) framework. ASPE considers various road situations as attributes. These attributes are used as encryption keys to secure the transmitted data. ASPE is flexible in that it can dynamically change encryption keys depending on the VANET situations. At the same time, ASPE naturally incorporates data access control policies on the transmitted data. ASPE provides an integrated solution to involve data access control, key management, security policy enforcement, and secure group formation in highly dynamic vehicular communication environments. Our performance evaluations show that ASPE is efficient and it can handle large amount of data encryption/decryption flows in VANETs.     

RETRACTED ARTICLE: Medical Data Security for Healthcare Applications Using Hybrid Lightweight Encryption and Swarm Optimization Algorithm

In medical field, securing every patient’s record is main concern, ascribed to many fraudulent cases occurring in the health sector. The data of every individual must be engraved and sent into end-user without any issues. Mainly in the healthcare industry, where thoughts are often focused on saving someone’s life and rightly so, but securing access to interfaces and computer systems that store private data like medical records is also an essential factor to consider. Data security is a corresponding action between controlling access to information while allowing free and easy access to those who need that information. Still few problems are focused by the physician in the health sector. Patient’s data should be kept securely in medical provider servers so that physicians can provide proper treatments. To ensure secure storage and access management, we propose a novel hybrid lightweight encryption using swarm optimization algorithm (HLE–SO).The proposed HLE–SO technique merge Paillier encryption and KATAN algorithm, which provides the lightweight features. Generally, the lightweight encryption algorithms are affected by the key space. We introduce the swarm optimization algorithm to optimize the key space by changing the number of iteration round. Our main goal is to encrypt the medical data (EEG signal) and send to end user by utilizing proposed HLE–SO method. Finally, the implementation is done with MATLAB tool with different EEG signal data set. The simulation results of proposed HLE–SO technique is compared with the existing state-of-art techniques in terms of different performance metrics are MSE, PSNR, SSIM, PRD, encryption time and decryption time.

     

Partial encryption of compressed images and videos

The increased popularity of multimedia applications places a great demand on efficient data storage and transmission techniques. Network communication, especially over a wireless network, can easily be intercepted and must be protected from eavesdroppers. Unfortunately, encryption and decryption are slow, and it is often difficult, if not impossible, to carry out real-time secure image and video communication and processing. Methods have been proposed to combine compression and encryption together to reduce the overall processing time, but they are either insecure or too computationally intensive. We propose a novel solution called partial encryption, in which a secure encryption algorithm is used to encrypt only part of the compressed data. Partial encryption is applied to several image and video compression algorithms in this paper. Only 13-27% of the output from quadtree compression algorithms is encrypted for typical images, and less than 2% is encrypted for 512×512 images compressed by the set partitioning in hierarchical trees (SPIHT) algorithm. The results are similar for video compression, resulting in a significant reduction in encryption and decryption time. The proposed partial encryption schemes are fast, secure, and do not reduce the compression performance of the underlying compression algorithm     

Secure and Efficient Code Encryption Scheme Based on Indexed Table

Software is completely exposed to an attacker after it is distributed because reverse engineering is widely known. To protect software, techniques against reverse engineering are necessary. A code encryption scheme is one of the techniques. A code encryption scheme encrypts the binary executable code. Key management is the most important part of the code encryption scheme. However, previous schemes had problems with key management. In an effort to solve these problems in this paper, we survey the previous code encryption schemes and then propose a new code encryption scheme based on an indexed table. Our scheme provides secure and efficient key management for code encryption.