基于密文策略属性加密的广电监管数据共享系统

本文设计了一种基于密文策略属性加密（CP-ABE,Ciphertext-Policy Attribute-Based Encryption）的云存储数据共享系统，用于对广电监测监管数据进行加密存储和有条件访问，有效解决了云端数据安全共享和细粒度访问控制的问题，满足防止非法访问及信息泄露的安全需求。     

基于区块链的图书馆科学数据安全共享机制研究

为解决科学数据共享时容易产生数据泄露和不可用的问题,文章设计了基于区块链的图书馆科学数据安全共享机制。首先,在数据安全共享模型方面,设计了科学数据安全共享体系架构,包括数据源、从区块链、主区块链、数据存储平台、认证服务5个模块,对主从区块链、数据存储平台的关键技术进行了详细设计,从技术层面保障了科学数据的安全性和不可篡改性;其次,在数据的安全共享机制方面,设计了安全便捷的数据共享机制,包括科研人员注册、科学数据存储、本图书馆科学数据共享、跨图书馆科学数据共享4个流程;最后,从数据使用方面对机制的性能进行了分析,验证了该机制具有较高的安全性和便捷性。     

基于磁光电混合存储技术的新型数据中心建设探讨

磁光电混合存储技术实现了光存储、磁存储和电存储三种技术优势互补,成为目前综合性能最好的存储技术.结合新基建政策对数据中心建设迫切需求,构建基于磁光电全介质混合存储的"海量、绿色、安全、生态"数据湖,为政府、企业及个人在大数据时代实现海量数据存储和计算提供了可能,有效解决数据中心面临能耗太高、数据安全风险、数据共享及开发...     

数据共享与安全推进策略分析

本文在深入了解行业政策的基础上,对企业数据共享和安全进行了分析和研究,基于企业的现状和基本情况,从建立健全数据管理组织体系、数据分级分类体系、数据安全共享的原则等方面,介绍了企业数据共享与安全管理的推进策略,并以具体案例作为解释说明,以期为同行提供参考。     

区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案。该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题。该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性。最后,通过性能评估,验证了该方案的有效性。     

区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案.该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题.该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性.最后,通过性能评估,验证了该方案的有效性.     

广播电视网络中的SAN存储架构的研究与分析

本文以应用在广电的SAN网络存储技术为主要研究对象,介绍了目前流行的存储网络技术,SAN网络存储的技术特点,在此基础上,针对两种常见的存储网络技术：FC SAN和IP SAN技术,给出基本的存储网络结构,并基于IPSAN网络存储结构对SAN网络存储系统的可靠性进行分析和研究。     

浅析基于IP的SAN存储技术

存储区域网络（Storage Area Network，SAN）是一个连接服务器和存储设备的网络，是存储区域中最流行的技术。本文分析了存储体系结构中DAS、NAS、SAN三种存储技术的发展及特点；详细阐述和分析了基于iSCSI协议的IPSAN环境；然后讨论了SAN的另一种实现方式——IPSAN与InfiniBand服务器结构的整合，最后预测了SAN存储技术的未来发展。     

Intransa安全备份架构防御数据的天灾人祸

继IBM、HP、EMC推出iSCSI磁盘阵列,iSCSI已经成为非常成熟的存储应用了。IPSAN作为SAN存储的新力量,带来了iSCSI技术的最新理念和产品。iSCSI不再是一半SCSI/FC,一半iSCSI的“半成品”,而是磁盘、存储控制器、主机全部采用高速以太网交换机连接的全交换IPSAN,实现了IPSAN性能和功能的飞跃。在备份应用中,IntransaIPSAN丰富的存储功能和强大的性能得到了充分的展示。Intransa融合存储、备份和容灾技术,共同在Intransa体系中构成了一个全新的安全备份存储平台。它具备以下两个特点。安全备份架构(D2D2D)。运用基于I…     

计算机网络存储技术的应用研究

网络存储技术是基于数据存储的一种通用网络术语。网络存储结构大致分为三种:直连式存储、网络存储设备和存储网络。本文对当今主流的海量存储体系DAS、NAS、SAN的特点进行了阐述与分析,对RAID6存储安全技术进行了介绍探讨了数据安全问题,最后列举了某高校图书馆存储系统建设案例供读者研究参考。     

ACDAS: Authenticated controlled data access and sharing scheme for cloud storage

Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes.     

云存储环境下的密文安全共享机制

With the convenient of storing and sharing data in cloud storage environment,the concerns about data security arised as well.To achieve data security on untrusted servers,user usually stored the encrypted data on the cloud storage environment.How to build a cipertext-based access control scheme became a pot issue.For the access control problems of ciphertext in cloud storage environment,a CP-ABE based data sharing scheme was proposed.Novel key generation and distribution strategies were proposed to reduce the reliance on a trusted third party.Personal information was added in decryption key to resistant conclusion attacks at the same time.Moreover,key revocation scheme was proposed to provide the data backward secrecy.The security and implement analysis proves that proposed scheme is suit for the real application environment.     

基于区块链的电子政务数据共享设计研究

区块链技术提供了链上数据不可篡改、共享可查的链上记录等能力,提供了多方信任和数据共享机制。因此,区块链技术可以实现各个政府部门之间的数据共享访问验证。为此,针对“一网通办”电子政务数据共享的需求,深入的对区块链技术进行研究,将电子政务数据存储在区块链上,采用主链和子链的分层架构来增强了权限管理、安全控制等机制,基于Hyperledger Fabric1.4来设计的,并对智能合约和区块链的存储的核心模块的开发进行阐述。     

面向敏感数据共享环境下的融合访问控制机制

为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。     

Data sharing scheme supporting secure outsourced computation in wireless body area network

How to effectively protect the security of data sharing in WBAN was a key problem to be solved urgently.The traditional CP-ABE mechanism had a 〝one to many〝 data security communication function which was suitable for access control in WBAN,but it had high computational complexity and did not support attribute revocation.Fully considering of limitations on computation and storage of sensor nodes and dynamic user attribute in WBAN,a CP-ABE scheme was proposed which was provably secure against CPA under the standard model and supported attributes revocation,outsourced encryption and decryption.Compared with the proposed schemes,the computation burden on senor nodes is greatly reduced and the user's attribution can be revoked immediately and fine grained while meeting the demand of its security in the proposed scheme.     

电子病历存储云系统访问控制研究

随着医疗信息化的快速发展,现行EMR系统在信息共享和安全性方面无法很好地满足医疗和患者的需要。文中基于云计算技术提出一种EMR存储云系统,为患者和医院提供统一的电子病历注册和使用服务,并重点对电子病历的访问控制策略进行了讨论,采用一般角色访问控制和用户个性化逐级授权相结合的策略,有效解决了动态授权和用户个性化需求问题,满足了患者对于信息安全性和隐私保护方面的需求。     

Enhanced security‐aware technique and ontology data access control in cloud computing

Nowadays, security and data access control are some of the major concerns in the cloud storage unit, especially in the medical field. Therefore, a security‐aware mechanism and ontology‐based data access control (SA‐ODAC) has been developed to improve security and access control in cloud computing. The model proposed in this research work is based on two operational methods, namely, secure awareness technique (SAT) and ontology‐based data access control (ODAC), to improve security and data access control in cloud computing. The SAT technique is developed to provide security for medical data in cloud computing, based on encryption, splitting and adding files, and decryption. The ODAC ontology is launched to control unauthorized persons accessing data from storage and create owner and administrator rules to allow access to data and is proposed to improve security and restrict access to data. To manage the key of the SAT technique, the secret sharing scheme is introduced in the proposed framework. The implementation of the algorithm is performed by MATLAB, and its performance is verified in terms of delay, encryption time, encryption time, and ontology processing time and is compared with role‐based access control (RBAC), context‐aware RBAC and context‐aware task RBAC, and security analysis of advanced encryption standard and data encryption standard. Ultimately, the proposed data access control and security scheme in SA‐ODAC have achieved better performance and outperform the conventional technique.     

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes.     

Secure group key management for storage area networks

Storage area networks offer high availability, reliability, and scalability, and are a promising solution for large-scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for SANs is to provide secure storage, which implies data integrity and data confidentiality. In this article we propose a solution that addresses these core security requirements. In particular, we focus on mechanisms that enable efficient key management for SAN entities and allow scalable data sharing. We use strong cryptographic techniques to achieve data security and integrity. Further, we delegate the bulk of the cryptographic processing to the SAN entities, thereby removing bottlenecks at disks and causing minimal inconvenience to hosts. By recognizing the peer nature of the group of SAN entities, we propose a novel security architecture for SAN that uses a secure group communication protocol to provide efficient group keying without involving any centralized servers. This fosters both scalability and fault tolerance.