可验证的大规模矩阵满秩分解的安全外包

针对矩阵满秩分解的外包算法没有对原始矩阵中零元素的个数进行保护且没有对云返回结果的正确性进行验证的问题,提出了一个可验证的矩阵满秩分解的安全外包方案。首先,在加密阶段,结合Sherman-Morrison公式构造出一个稠密的可逆矩阵来进行加密。其次,在云计算阶段,一方面,要求云计算加密矩阵的满秩分解;另一方面,在得到满秩分解的结果（一个列满秩矩阵和一个行满秩矩阵）后,要求分别云计算列满秩矩阵的左逆和行满秩矩阵的右逆。接下来,在验证阶段,用户不仅要分别验证返回的两个矩阵是否满足行满秩和列满秩,还要验证这两个矩阵相乘是否等于加密矩阵。最后,如果验证通过,则用户可以利用私钥进行解密。在协议分析中,证明了所提方案满足正确性、安全性、高效性和可验证性。同时,当选择的原始矩阵的维度是512×512时,无论怎样改变矩阵中非零元素的密度,所提方案计算得到的加密矩阵的熵恒等于18,说明方案确实可以有效保护零元素的个数。实验结果表明所提方案具有较高的效率。     

安全高效的大矩阵行列式计算云外包协议

云计算的应用,在给大家带来便利的同时,也带来一些新的安全问题：如客户端输入/输出的私密性以及云端运算的高效性等。针对此类问题,构建了一个适用于大矩阵行列式计算的云外包协议：在客户端将原始矩阵加密后再传送到云服务器端求解,在保证云服务器端运算高效性的同时,将其返回的结果解密后得到原始矩阵的行列式值。经理论分析和实验评估证明,协议满足正确性、输入/输出私密性和高效性。     

可验证的安全矩阵行列式计算云外包协议

云计算外包越来越流行的同时也带来了新的安全问题和挑战：输入/输出数据的隐私性和结果的可验证性。本文围绕云计算环境下的安全矩阵行列式计算外包展开研究,构建一个适用于大矩阵行列式计算的可验证的安全云外包协议,在客户端将原始矩阵盲化加密后传送到云服务器端执行计算,云服务器将计算结果和验证值返回给客户端进行解密和验证。理论分析表明,在恶意云的安全模型下协议满足正确性、输入/输出私密性、高效性和结果可验证性。     

基于大规模矩阵Jordan分解的外包计算

目前,外包计算已成为减轻用户庞大计算量的重要策略之一。针对大规模矩阵的Jordan分解需要用户付出大量的计算资源问题。文章设计了一个安全、结果可验证、高效的外包协议,达到了节省用户计算资源的目的。通过线性变换、元素的重排列对原始矩阵进行加密,保护了用户隐私信息,并运用高效的验证算法对云端返回的结果进行了高效验证。文章通过计算复杂度分析,验证了该协议的高效性。     

一种基于高维矩阵变换的混沌图像加密

提出了一种基于Henon混沌系统和高维准对角矩阵变换的图像加密算法.由初始密钥控制二维Henon混沌映射生成两个置换矩阵和多个环上二阶可逆矩阵.利用获得的置换矩阵结合两类平移变换置乱原始图像;进一步,以二价可逆矩阵为子矩阵构造高维准对角矩阵,再对置乱密文进行高维矩阵变换(模运算)实现灰度值替代二次加密.仿真实验结果表明,该算法易于实现,加密效果理想,对密钥和明文具有敏感依赖性,安全性高。     

Schur分解的快速零水印算法

为解决奇异值分解水印算法中所产生高虚警、鲁棒性不强以及安全性不高的问题,提出一种基于矩阵Schur分解的双重加密快速鲁棒零水印算法。该算法先将原始图像低频块进行矩阵Schur分解得到稳定值;提取Schur分解的块上三角矩阵对角线元素中含有最大能量元素的绝对值,并将其构造过渡矩阵;将该矩阵的平均值与每一个元素值进行比较生成感知哈希二值序列,构造特征矩阵;再将经过混沌映射加密的特征矩阵与斐波那契(Fibonacci)变换加密后的水印信息进行逻辑运算得到零水印;最后在第三方版权认证中心(intellectual property rights,IPR)完成注册。实验表明,在随机载体图像中所提取的水印NC值均在0.5以下,有效地解决高虚警问题;与基于整数小波变换的鲁棒零水印相比,抵抗噪声攻击的性能提高了2.43%;与时域水印算法相比,抵抗JPEG压缩攻击的性能提高了4.88%。     

面向混合云的可并行多关键词Top-k密文检索技术

随着云计算技术的迅猛发展,越来越多的企业和个人青睐使用私有云和公有云相结合的混合云环境,用于外包存储和管理其私有数据。为了保护外包数据的私密性,数据加密是一种常用的隐私保护手段,但这同时也使得针对加密数据的搜索成为一个具有挑战性的问题。文中提出了面向混合云的可并行的多关键词Top-k密文检索方案。该方案通过对文档、关键词分组进行向量化处理,并引入对称加密和同态矩阵加密机制,保护外包数据的私密性,同时支持多关键词密文检索;通过引入MapReduce计算模式,使得公有云和私有云合作完成的密文检索过程能够按照并行化方式执行,从而能够支持针对大规模加密数据的并行化检索。安全分析和实验结果表明,提出的检索方案能够保护外包数据的隐私,且其检索效率优于现有的同类方案。     

模幂运算安全外包算法的新设计

由于模幂运算的计算成本较高,资源有限的本地客户端可以将模幂运算外包给计算能力强大的云服务器。该算法主要研究形如ua(modN)的模幂运算的外包算法,其中N是两个大素数的乘积。其利用欧拉定理设计了一个基于双服务器模型的模幂运算安全外包方案。在运算外包过程中,保证底数u、指数a,以及运算结果对两个服务器的隐私保护。通过安全、效率分析和实验仿真表明,相较于现有方案,新方案具有更好的执行效率和可验证性,在用户端的效率更高,且新方案的可验证概率为1.     

自动寻找使多重串行循环并行化的幺模变换

对于已知n维距离向量矩阵的多重串行循环,过去的并行化编译研究还缺乏寻找使循环外层并行化的幺模矩阵的可行算法.文章介绍了多重串行循环并行化的幺模变换方法,不仅从理论上证明满足外层并行化要求的合法幺模矩阵是存在的,而且通过构造性证明给出一个计算外层并行化幺模变换矩阵的可行算法,并探讨了扩大其适用范围于非完全嵌套和非常数相关距离循环的有效途径.     

基于AES和模运算的密文索引方案

为密文添加安全索引是解决密文外包后检索困难问题的一种有效方法。针对安全密文索引建立问题,基于AES加密和模运算,提出了一种循环分区索引方案。该方案的索引由客户端对属性值进行AES加密和模运算得到,具有部分保序的性质。在有效支持范围查询的同时,该方案明显降低了等值查询时客户端的无效解密负载,且满足基本隐私保护需求。方案存储开销和安全性分析结果表明,其存储量在合理范围内。     

方阵幂安全外包云计算

为解决计算能力有限的对象(用户)所面临的大维数方阵的高次幂计算问题,利用云计算平台(云端),提出一个安全可验证的方阵幂云计算外包协议。协议中,用户首先构造一个随机置换,再结合克罗内克函数,生成一个非奇异方阵,并求得其逆矩阵,这两个方阵即为密钥;用户用此密钥完成对原方阵的加密,然后将加密所得方阵和原有的幂数发送给云端;云端完成加密所得方阵的求幂运算,并将计算所得方阵返回给用户;用户使用持有的密钥解密云端返回方阵,并随机选取若干解密所得方阵中的元素与相应的正确值进行对比,以验证解密所得方阵是否正确。经过理论分析可知,此协议满足外包协议的四个基本要求,即正确性、安全性、可验证性和高效性。基于此协议模型,在仿真实验中,将方阵幂问题分为方阵维数固定幂数变化和幂数固定方阵维数变化两种情形分别进行仿真。实验结果表明,这两种情形下,与用户自身完成原计算任务相比,外包计算均能大幅减少用户的计算耗时,获得较好的外包性能,且随着方阵维数和幂数的增加,外包效果更加明显。     

Secure outsourcing of large matrix determinant computation

Cloud computing provides the capability to connect resource-constrained clients with a centralized and shared pool of resources, such as computational power and storage on demand. Large matrix determinant computation is almost ubiquitous in computer science and requires largescale data computation. Currently, techniques for securely outsourcing matrix determinant computations to untrusted servers are of utmost importance, and they have practical value as well as theoretical significance for the scientific community. In this study, we propose a secure outsourcing method for large matrix determinant computation. We employ some transformations for privacy protection based on the original matrix, including permutation and mix-row/mixcolumn operations, before sending the target matrix to the cloud. The results returned from the cloud need to be decrypted and verified to obtain the correct determinant. In comparison with previously proposed algorithms, our new algorithm achieves a higher security levelwith greater cloud efficiency. The experimental results demonstrate the efficiency and effectiveness of our algorithm.     

雾计算中支持计算外包的微型属性加密方案

密文策略属性加密为基于云存储的物联网系统提供了一对多的访问控制,然而现有方案中存在开销大、粒度粗等问题.基于此,结合雾计算技术提出了一种支持计算外包的微型属性加密方案.该方案缩短了密钥与密文的长度,减少了客户端的存储开销;将部分计算转载到雾节点,提高了加解密效率;具有更加丰富的策略表达能力,并且可以快速验证外包解密的正...     

Verifiable Outsourcing of High-Degree Polynomials and Tts Application in Keyword Search

In big data era, people cannot afford more and more complex computation work due to the constrained computation resources. The high reliability, strong processing capacity, large storage space of cloud computing makes the resource-constrained clients remotely operate the heavy computation task with the help of cloud server. In this paper, a new algorithm for secure outsourcing of high degree polynomials is proposed. We introduce a camouflage technique, which the real polynomial will be disguised to the untrusted cloud server. In addition, the input and output will not be revealed in the computation process and the clients can easily verify the returned result. The application of the secure outsourcing algorithm in keyword search system is also studied. A verification technique for keyword search is generated based on the outsourcing algorithm. The client can easily verify whether the server faithfully implement the search work in the whole ciphertext space. If the server does not implement the search work and returns the client “null” to indicate there is no files with the query keyword, the client can easily verify whether there are some related files in the ciphertext database.     

Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing

With the increasing trend of outsourcing data to the cloud for efficient data storage, secure data collaboration service including data read and write in cloud computing is urgently required. However, it introduces many new challenges toward data security. The key issue is how to afford secure write operation on ciphertext collaboratively, and the other issues include difficulty in key management and heavy computation overhead on user since cooperative users may read and write data using any device. In this paper, we propose a secure and efficient data collaboration scheme, in which fine-grained access control of ciphertext and secure data writing operation can be afforded based on attribute-based encryption (ABE) and attribute-based signature (ABS) respectively. In order to relieve the attribute authority from heavy key management burden, our scheme employs a full delegation mechanism based on hierarchical attribute-based encryption (HABE). Further, we also propose a partial decryption and signing construction by delegating most of the computation overhead on user to cloud service provider. The security and performance analysis show that our scheme is secure and efficient.     

Garbled computation in cloud

With the wide adoption of cloud computing paradigm, it is important to develop appropriate techniques to protect client data privacy in the cloud. Encryption is one of the major techniques that could be used to achieve this gaol. However, data encryption at the rest along is insufficient for secure cloud computation environments. Further efficient techniques for carrying out computation over encrypted data are also required. Fully homomorphic encryption (FHE) and garbled circuits are naturally used to process encrypted data without leaking any information about the data. However, existing FHE schemes are inefficient for processing large amount of data in cloud and garbled circuits are one time programs and cannot be reused. Using modern technologies such as FHE, several authors have developed reusable garbled circuit techniques in recent years. But they are not efficient either and could not be deployed at a large scale. By relaxing the privacy definition from perfect forward secrecy to all-or-nothing privacy, we are able to design efficient reusable garbled circuits in this paper. These reusable garbled computation techniques could be used for processing encrypted cloud data efficiently.     

A survey on design and implementation of protected searchable data in the cloud

While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users.As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions—one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption.     

基于同态加密算法的欧氏距离外包计算协议

针对外包存储数据在密文状态下有关欧氏距离无法计算的问题,构建了欧氏距离外包计算协议,降低了用户的计算负担,保护了数据隐私。回顾了分布式双陷门公钥密码方案。基于同态加密算法设计了安全的乘法协议、单个密钥加密下的完全平方式协议和联合公钥加密下的完全平方式协议,基于这三个基础计算协议设计了欧氏距离的外包计算协议。安全性分析表明该协议足够安全,效率分析显示该协议较为高效,并较好地解决了有关欧氏距离的外包计算问题,对于图像处理的发展有一定的促进作用。